diff --git a/doc/guides/cryptodevs/features/octeontx2.ini b/doc/guides/cryptodevs/features/octeontx2.ini index e9ce26cfe0..e865466b8c 100644 --- a/doc/guides/cryptodevs/features/octeontx2.ini +++ b/doc/guides/cryptodevs/features/octeontx2.ini @@ -60,9 +60,10 @@ ZUC EIA3 = Y ; Supported AEAD algorithms of 'octeontx2' crypto driver. ; [AEAD] -AES GCM (128) = Y -AES GCM (192) = Y -AES GCM (256) = Y +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y +CHACHA20-POLY1305 = Y ; ; Supported Asymmetric algorithms of the 'octeontx2' crypto driver. diff --git a/doc/guides/cryptodevs/octeontx2.rst b/doc/guides/cryptodevs/octeontx2.rst index 8bdb83f490..085d669e49 100644 --- a/doc/guides/cryptodevs/octeontx2.rst +++ b/doc/guides/cryptodevs/octeontx2.rst @@ -55,6 +55,7 @@ Hash algorithms: AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305`` Asymmetric Crypto Algorithms ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index ea87fe0471..d03d45b05d 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -131,6 +131,10 @@ New Features * Added support for lookaside protocol offload for DOCSIS through the ``rte_security`` API. +* **Updated the OCTEON TX2 crypto PMD.** + + Added Chacha20-Poly1305 AEAD algorithm support in OCTEON TX2 crypto PMD. + * **Added support for BPF_ABS/BPF_IND load instructions.** Added support for two BPF non-generic instructions: diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index 69d831b5cc..fd306ab812 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -106,7 +106,7 @@ typedef enum { SHA2_SHA384 = 5, SHA2_SHA512 = 6, GMAC_TYPE = 7, - XCBC_TYPE = 8, + POLY1305 = 8, SHA3_SHA224 = 10, SHA3_SHA256 = 11, SHA3_SHA384 = 12, @@ -136,6 +136,7 @@ typedef enum { AES_CTR = 0x6, AES_GCM = 0x7, AES_XTS = 0x8, + CHACHA20 = 0x9, /* These are only for software use */ ZUC_EEA3 = 0x90, @@ -241,6 +242,8 @@ struct cpt_sess_misc { uint16_t aes_gcm:1; /** Flag for AES CTR */ uint16_t aes_ctr:1; + /** Flag for CHACHA POLY */ + uint16_t chacha_poly:1; /** Flag for NULL cipher/auth */ uint16_t is_null:1; /** Flag for GMAC */ diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index ab595eb580..44067cf1b1 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -77,6 +77,9 @@ cpt_fc_ciph_set_type(cipher_type_t type, struct cpt_ctx *ctx, uint16_t key_len) return -1; fc_type = FC_GEN; break; + case CHACHA20: + fc_type = FC_GEN; + break; case AES_XTS: key_len = key_len / 2; if (unlikely(key_len == CPT_BYTE_24)) { @@ -229,6 +232,7 @@ cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, const uint8_t *key, case AES_ECB: case AES_CFB: case AES_CTR: + case CHACHA20: cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); break; case AES_GCM: @@ -2539,16 +2543,14 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, aead_form = &xform->aead; void *ctx = SESS_PRIV(sess); - if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT && - aead_form->algo == RTE_CRYPTO_AEAD_AES_GCM) { + if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) { sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT; sess->cpt_op |= CPT_OP_AUTH_GENERATE; - } else if (aead_form->op == RTE_CRYPTO_AEAD_OP_DECRYPT && - aead_form->algo == RTE_CRYPTO_AEAD_AES_GCM) { + } else if (aead_form->op == RTE_CRYPTO_AEAD_OP_DECRYPT) { sess->cpt_op |= CPT_OP_CIPHER_DECRYPT; sess->cpt_op |= CPT_OP_AUTH_VERIFY; } else { - CPT_LOG_DP_ERR("Unknown cipher operation\n"); + CPT_LOG_DP_ERR("Unknown aead operation\n"); return -1; } switch (aead_form->algo) { @@ -2561,6 +2563,12 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, CPT_LOG_DP_ERR("Crypto: Unsupported cipher algo %u", aead_form->algo); return -1; + case RTE_CRYPTO_AEAD_CHACHA20_POLY1305: + enc_type = CHACHA20; + auth_type = POLY1305; + cipher_key_len = 32; + sess->chacha_poly = 1; + break; default: CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified", aead_form->algo); @@ -3063,7 +3071,7 @@ fill_fc_params(struct rte_crypto_op *cop, m_src = sym_op->m_src; m_dst = sym_op->m_dst; - if (sess_misc->aes_gcm) { + if (sess_misc->aes_gcm || sess_misc->chacha_poly) { uint8_t *salt; uint8_t *aad_data; uint16_t aad_len; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c index 9e18c4eee0..f6f4dee6cf 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c @@ -328,6 +328,39 @@ static const struct rte_cryptodev_capabilities caps_sha1_sha2[] = { }, }; +static const struct rte_cryptodev_capabilities caps_chacha20[] = { + { /* Chacha20-Poly1305 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .block_size = 64, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 1024, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + }, + }, } + }, } + } +}; + static const struct rte_cryptodev_capabilities caps_zuc_snow3g[] = { { /* SNOW 3G (UEA2) */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, @@ -710,6 +743,7 @@ otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps) CPT_CAPS_ADD(hw_caps, mul); CPT_CAPS_ADD(hw_caps, sha1_sha2); + CPT_CAPS_ADD(hw_caps, chacha20); CPT_CAPS_ADD(hw_caps, zuc_snow3g); CPT_CAPS_ADD(hw_caps, aes); CPT_CAPS_ADD(hw_caps, kasumi); diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 62a3e7c5ab..a3703682a0 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -398,9 +398,10 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform, /* * IE engines support IPsec operations - * SE engines support IPsec operations and Air-Crypto operations + * SE engines support IPsec operations, Chacha-Poly and + * Air-Crypto operations */ - if (misc->zsk_flag) + if (misc->zsk_flag || misc->chacha_poly) misc->egrp = OTX2_CPT_EGRP_SE; else misc->egrp = OTX2_CPT_EGRP_SE_IE;