d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/aesni_mb: support ZUC-EEA3/EIA3

Browse Source 
Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb
job API, allowing the mix of these algorithms with others.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
Pablo de Lara 2020-10-09 11:29:52 +00:00 committed by Akhil Goyal
parent 7293bae19a
commit fd8df85487
6 changed files with 203 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
doc/guides/cryptodevs/aesni_mb.rst
View File

@ -35,23 +35,25 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_AES128_ECB
* RTE_CRYPTO_CIPHER_AES192_ECB
* RTE_CRYPTO_CIPHER_AES256_ECB
* RTE_CRYPTO_CIPHER_ZUC_EEA3
Hash algorithms:
* RTE_CRYPTO_HASH_MD5_HMAC
* RTE_CRYPTO_HASH_SHA1_HMAC
* RTE_CRYPTO_HASH_SHA224_HMAC
* RTE_CRYPTO_HASH_SHA256_HMAC
* RTE_CRYPTO_HASH_SHA384_HMAC
* RTE_CRYPTO_HASH_SHA512_HMAC
* RTE_CRYPTO_HASH_AES_XCBC_HMAC
* RTE_CRYPTO_HASH_AES_CMAC
* RTE_CRYPTO_HASH_AES_GMAC
* RTE_CRYPTO_HASH_SHA1
* RTE_CRYPTO_HASH_SHA224
* RTE_CRYPTO_HASH_SHA256
* RTE_CRYPTO_HASH_SHA384
* RTE_CRYPTO_HASH_SHA512
* RTE_CRYPTO_AUTH_MD5_HMAC
* RTE_CRYPTO_AUTH_SHA1_HMAC
* RTE_CRYPTO_AUTH_SHA224_HMAC
* RTE_CRYPTO_AUTH_SHA256_HMAC
* RTE_CRYPTO_AUTH_SHA384_HMAC
* RTE_CRYPTO_AUTH_SHA512_HMAC
* RTE_CRYPTO_AUTH_AES_XCBC_HMAC
* RTE_CRYPTO_AUTH_AES_CMAC
* RTE_CRYPTO_AUTH_AES_GMAC
* RTE_CRYPTO_AUTH_SHA1
* RTE_CRYPTO_AUTH_SHA224
* RTE_CRYPTO_AUTH_SHA256
* RTE_CRYPTO_AUTH_SHA384
* RTE_CRYPTO_AUTH_SHA512
* RTE_CRYPTO_AUTH_ZUC_EIA3
AEAD algorithms:

3
doc/guides/cryptodevs/features/aesni_mb.ini
View File

@ -15,6 +15,7 @@ CPU AESNI = Y
OOP LB In LB Out = Y
CPU crypto = Y
Symmetric sessionless = Y
Non-Byte aligned data = Y
;
; Supported crypto algorithms of the 'aesni_mb' crypto driver.
@ -33,6 +34,7 @@ DES DOCSIS BPI = Y
AES ECB (128) = Y
AES ECB (192) = Y
AES ECB (256) = Y
ZUC EEA3 = Y
;
; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@ -52,6 +54,7 @@ SHA512 HMAC = Y
AES XCBC MAC = Y
AES CMAC (128) = Y
AES GMAC = Y
ZUC EIA3 = Y
;
; Supported AEAD algorithms of the 'aesni_mb' crypto driver.

5
doc/guides/rel_notes/release_20_11.rst
View File

@ -152,9 +152,10 @@ New Features
``--portmask=N``
where N represents the hexadecimal bitmask of ports used.
* **Added support for AES-ECB in aesni_mb crypto PMD.**
* **Updated the aesni_mb crypto PMD.**
* Added support for AES-ECB 128, 192 and 256 in aesni_mb PMD.
* Added support for AES-ECB 128, 192 and 256.
* Added support for ZUC-EEA3/EIA3 algorithms.
* **Updated Marvell NITROX symmetric crypto PMD.**

127
drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
View File

@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver;
/* Maximum length for digest */
#define DIGEST_LENGTH_MAX 64
static const unsigned auth_blocksize[] = {
[NULL_HASH] = 0,
[MD5] = 64,
[SHA1] = 64,
[SHA_224] = 64,
[SHA_256] = 64,
[SHA_384] = 128,
[SHA_512] = 128,
[AES_XCBC] = 16,
[AES_CCM] = 16,
[AES_CMAC] = 16,
[AES_GMAC] = 16,
[PLAIN_SHA1] = 64,
[PLAIN_SHA_224] = 64,
[PLAIN_SHA_256] = 64,
[PLAIN_SHA_384] = 128,
[PLAIN_SHA_512] = 128
[NULL_HASH] = 0,
[MD5] = 64,
[SHA1] = 64,
[SHA_224] = 64,
[SHA_256] = 64,
[SHA_384] = 128,
[SHA_512] = 128,
[AES_XCBC] = 16,
[AES_CCM] = 16,
[AES_CMAC] = 16,
[AES_GMAC] = 16,
[PLAIN_SHA1] = 64,
[PLAIN_SHA_224] = 64,
[PLAIN_SHA_256] = 64,
[PLAIN_SHA_384] = 128,
[PLAIN_SHA_512] = 128,
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
[IMB_AUTH_ZUC_EIA3_BITLEN] = 16
#endif
};
/**
@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo)
}
static const unsigned auth_truncated_digest_byte_lengths[] = {
[MD5] = 12,
[SHA1] = 12,
[SHA_224] = 14,
[SHA_256] = 16,
[SHA_384] = 24,
[SHA_512] = 32,
[AES_XCBC] = 12,
[AES_CMAC] = 12,
[AES_CCM] = 8,
[NULL_HASH] = 0,
[AES_GMAC] = 16,
[PLAIN_SHA1] = 20,
[PLAIN_SHA_224] = 28,
[PLAIN_SHA_256] = 32,
[PLAIN_SHA_384] = 48,
[PLAIN_SHA_512] = 64
[MD5] = 12,
[SHA1] = 12,
[SHA_224] = 14,
[SHA_256] = 16,
[SHA_384] = 24,
[SHA_512] = 32,
[AES_XCBC] = 12,
[AES_CMAC] = 12,
[AES_CCM] = 8,
[NULL_HASH] = 0,
[AES_GMAC] = 16,
[PLAIN_SHA1] = 20,
[PLAIN_SHA_224] = 28,
[PLAIN_SHA_256] = 32,
[PLAIN_SHA_384] = 48,
[PLAIN_SHA_512] = 64,
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4
#endif
};
/**
@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo)
}
static const unsigned auth_digest_byte_lengths[] = {
[MD5] = 16,
[SHA1] = 20,
[SHA_224] = 28,
[SHA_256] = 32,
[SHA_384] = 48,
[SHA_512] = 64,
[AES_XCBC] = 16,
[AES_CMAC] = 16,
[AES_CCM] = 16,
[AES_GMAC] = 12,
[NULL_HASH] = 0,
[PLAIN_SHA1] = 20,
[PLAIN_SHA_224] = 28,
[PLAIN_SHA_256] = 32,
[PLAIN_SHA_384] = 48,
[PLAIN_SHA_512] = 64
[MD5] = 16,
[SHA1] = 20,
[SHA_224] = 28,
[SHA_256] = 32,
[SHA_384] = 48,
[SHA_512] = 64,
[AES_XCBC] = 16,
[AES_CMAC] = 16,
[AES_CCM] = 16,
[AES_GMAC] = 12,
[NULL_HASH] = 0,
[PLAIN_SHA1] = 20,
[PLAIN_SHA_224] = 28,
[PLAIN_SHA_256] = 32,
[PLAIN_SHA_384] = 48,
[PLAIN_SHA_512] = 64,
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
[IMB_AUTH_ZUC_EIA3_BITLEN] = 4
#endif
/**< Vector mode dependent pointer table of the multi-buffer APIs */
};
@ -189,6 +198,10 @@ struct aesni_mb_session {
uint16_t length;
uint16_t offset;
} iv;
struct {
uint16_t length;
uint16_t offset;
} auth_iv;
/**< IV parameters */
/** Cipher Parameters */const struct aesni_mb_op_fns *op_fns;
@ -209,19 +222,23 @@ struct aesni_mb_session {
uint32_t decode[60] __rte_aligned(16);
/**< decode key */
} expanded_aes_keys;
/**< Expanded AES keys - Allocating space to
* contain the maximum expanded key size which
* is 240 bytes for 256 bit AES, calculate by:
* ((key size (bytes)) *
* ((number of rounds) + 1))
*/
struct {
const void *ks_ptr[3];
uint64_t key[3][16];
} exp_3des_keys;
/**< Expanded 3DES keys */
struct gcm_key_data gcm_key;
/**< Expanded GCM key */
uint8_t zuc_cipher_key[16];
/**< ZUC cipher key */
};
/**< Expanded AES keys - Allocating space to
* contain the maximum expanded key size which
* is 240 bytes for 256 bit AES, calculate by:
* ((key size (bytes)) *
* ((number of rounds) + 1))
*/
} cipher;
/** Authentication Parameters */
@ -260,6 +277,8 @@ struct aesni_mb_session {
/**< k3. */
} cmac;
/**< Expanded XCBC authentication keys */
uint8_t zuc_auth_key[16];
/**< ZUC authentication key */
};
/** Generated digest size by the Multi-buffer library */
uint16_t gen_digest_len;

63
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
View File

@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
return -1;
}
/* Set IV parameters */
sess->auth_iv.offset = xform->auth.iv.offset;
sess->auth_iv.length = xform->auth.iv.length;
/* Set the request digest size */
sess->auth.req_digest_len = xform->auth.digest_length;
@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
return 0;
}
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
uint16_t zuc_eia3_digest_len =
get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN);
if (sess->auth.req_digest_len != zuc_eia3_digest_len) {
AESNI_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
sess->auth.gen_digest_len = sess->auth.req_digest_len;
memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
return 0;
}
#endif
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
sess->auth.algo = MD5;
@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
uint8_t is_aes = 0;
uint8_t is_3DES = 0;
uint8_t is_docsis = 0;
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
uint8_t is_zuc = 0;
#endif
if (xform == NULL) {
sess->cipher.mode = NULL_CIPHER;
@ -434,6 +457,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
sess->cipher.mode = ECB;
is_aes = 1;
break;
#endif
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
case RTE_CRYPTO_CIPHER_ZUC_EEA3:
sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
is_zuc = 1;
break;
#endif
default:
AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter");
@ -477,7 +506,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
break;
#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
case AES_256_BYTES:
sess->cipher.key_length_in_bytes = AES_256_BYTES;
IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
@ -533,6 +562,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
}
sess->cipher.key_length_in_bytes = 24;
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
} else if (is_zuc) {
if (xform->cipher.key.length != 16) {
AESNI_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
sess->cipher.key_length_in_bytes = 16;
memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
16);
#endif
} else {
if (xform->cipher.key.length != 8) {
AESNI_MB_LOG(ERR, "Invalid cipher key length");
@ -699,6 +738,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
/* Default IV length = 0 */
sess->iv.length = 0;
sess->auth_iv.length = 0;
ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform);
if (ret != 0) {
@ -1174,7 +1214,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
job->aes_enc_key_expanded = &session->cipher.gcm_key;
job->aes_dec_key_expanded = &session->cipher.gcm_key;
break;
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
case IMB_AUTH_ZUC_EIA3_BITLEN:
job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
break;
#endif
default:
job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer;
@ -1192,6 +1238,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
}
}
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
}
#endif
if (!op->sym->m_dst) {
/* in-place operation */
m_dst = m_src;
@ -1292,6 +1345,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
session->iv.offset);
}
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
job->msg_len_to_cipher_in_bytes >>= 3;
#endif
/* Set user data to be crypto operation data struct */
job->user_data = op;
@ -1915,6 +1973,7 @@ cryptodev_aesni_mb_create(const char *name,
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO |
RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA |
RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
#ifdef AESNI_MB_DOCSIS_SEC_ENABLED

47
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
View File

@ -514,6 +514,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
}, }
}, }
},
#endif
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
{ /* ZUC (EIA3) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
.block_size = 16,
.key_size = {
.min = 16,
.max = 16,
.increment = 0
},
.digest_size = {
.min = 4,
.max = 4,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{ /* ZUC (EEA3) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
.block_size = 16,
.key_size = {
.min = 16,
.max = 16,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
},
}, }
}, }
},
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};