d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/cnxk: support lookaside IPsec AES-CBC-HMAC-SHA256

Browse Source 
Adding AES-CBC-HMAC-SHA256 support to lookaside IPsec PMD.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit is contained in:
Tejasree Kondoj 2021-12-17 14:49:50 +05:30 committed by Akhil Goyal
parent 2ff2a87d8a
commit 6dc3f45fd4
6 changed files with 75 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
doc/guides/cryptodevs/cnxk.rst
View File

@ -246,14 +246,27 @@ CN9XX Features supported
* IPv4 * IPv4
* IPv6 * IPv6
* ESP * ESP
* ESN
* Anti-replay
* Tunnel mode * Tunnel mode
* Transport mode(IPv4) * Transport mode(IPv4)
* UDP Encapsulation * UDP Encapsulation
AEAD algorithms
+++++++++++++++
* AES-128/192/256-GCM * AES-128/192/256-GCM
* AES-128/192/256-CBC-SHA1-HMAC
* AES-128/192/256-CBC-SHA256-128-HMAC Cipher algorithms
* ESN +++++++++++++++++
* Anti-replay
* AES-128/192/256-CBC
Auth algorithms
+++++++++++++++
* SHA1-HMAC
* SHA256-128-HMAC
CN10XX Features supported CN10XX Features supported
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~
@ -263,6 +276,20 @@ CN10XX Features supported
* Tunnel mode * Tunnel mode
* Transport mode * Transport mode
* UDP Encapsulation * UDP Encapsulation
AEAD algorithms
+++++++++++++++
* AES-128/192/256-GCM * AES-128/192/256-GCM
* AES-128/192/256-CBC-NULL
* AES-128/192/256-CBC-SHA1-HMAC Cipher algorithms
+++++++++++++++++
* AES-128/192/256-CBC
Auth algorithms
+++++++++++++++
* NULL
* SHA1-HMAC
* SHA256-128-HMAC

4
doc/guides/rel_notes/release_22_03.rst
View File

@ -55,6 +55,10 @@ New Features
Also, make sure to start the actual text at the margin. Also, make sure to start the actual text at the margin.
======================================================= =======================================================
* **Updated Marvell cnxk crypto PMD.**
* Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
* **Added an API to retrieve event port id of ethdev Rx adapter.** * **Added an API to retrieve event port id of ethdev Rx adapter.**
The new API ``rte_event_eth_rx_adapter_event_port_get()`` was added. The new API ``rte_event_eth_rx_adapter_event_port_get()`` was added.

14
drivers/common/cnxk/cnxk_security.c
View File

@ -32,6 +32,10 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,
roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]); roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
break; break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]);
break;
default: default:
break; break;
} }
@ -123,6 +127,16 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1; w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1;
ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
tmp_key = (uint64_t *)hmac_opad_ipad;
for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
sizeof(uint64_t));
i++)
tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256;
ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
tmp_key = (uint64_t *)hmac_opad_ipad; tmp_key = (uint64_t *)hmac_opad_ipad;
for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
sizeof(uint64_t)); sizeof(uint64_t));

3
drivers/crypto/cnxk/cn10k_ipsec.c
View File

@ -65,6 +65,9 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
sa->iv_offset = crypto_xfrm->aead.iv.offset; sa->iv_offset = crypto_xfrm->aead.iv.offset;
sa->iv_length = crypto_xfrm->aead.iv.length; sa->iv_length = crypto_xfrm->aead.iv.length;
} else {
sa->iv_offset = crypto_xfrm->cipher.iv.offset;
sa->iv_length = crypto_xfrm->cipher.iv.length;
} }
} }
#else #else

20
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
View File

@ -797,6 +797,26 @@ static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {
}, } }, }
}, } }, }
}, },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
.block_size = 64,
.key_size = {
.min = 1,
.max = 1024,
.increment = 1
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
}, }
}, }
},
}; };
static const struct rte_security_capability sec_caps_templ[] = { static const struct rte_security_capability sec_caps_templ[] = {

3
drivers/crypto/cnxk/cnxk_ipsec.h
View File

@ -46,8 +46,7 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
if (keylen >= 20 && keylen <= 64) if (keylen >= 20 && keylen <= 64)
return 0; return 0;
} else if (roc_model_is_cn9k() && } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) {
(crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
if (keylen >= 32 && keylen <= 64) if (keylen >= 32 && keylen <= 64)
return 0; return 0;
} }