diff mbox series

[v2,26/29] crypto/cnxk: add aes cmac

Message ID	1639676975-1316-27-git-send-email-anoobj@marvell.com (mailing list archive)
State	Superseded, archived
Headers	From: Anoob Joseph <anoobj@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com> CC: Anoob Joseph <anoobj@marvell.com>, Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org> Subject: [PATCH v2 26/29] crypto/cnxk: add aes cmac Date: Thu, 16 Dec 2021 23:19:32 +0530 Message-ID: <1639676975-1316-27-git-send-email-anoobj@marvell.com> In-Reply-To: <1639676975-1316-1-git-send-email-anoobj@marvell.com> References: <1638859858-734-1-git-send-email-anoobj@marvell.com> <1639676975-1316-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	New features and improvements in cnxk crypto PMD \| [v2,00/29] New features and improvements in cnxk crypto PMD [v2,01/29] common/cnxk: define minor opcodes for MISC opcode [v2,02/29] common/cnxk: add aes-xcbc key derive [v2,03/29] common/cnxk: add bit fields for params [v2,04/29] common/cnxk: fix reset of fields [v2,05/29] common/cnxk: verify input args [v2,06/29] common/cnxk: update completion code [v2,07/29] crypto/cnxk: only enable queues that are allocated [v2,08/29] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support [v2,09/29] crypto/cnxk: clear session data before populating [v2,10/29] crypto/cnxk: update max sec crypto caps [v2,11/29] crypto/cnxk: write CPT CTX through microcode op [v2,12/29] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 [v2,13/29] crypto/cnxk: account for CPT CTX updates and flush delays [v2,14/29] crypto/cnxk: use struct sizes for ctx writes [v2,15/29] crypto/cnxk: add security session stats get [v2,16/29] crypto/cnxk: add skip for unsupported cases [v2,17/29] crypto/cnxk: add context reload for IV [v2,18/29] crypto/cnxk: handle null chained ops [v2,19/29] crypto/cnxk: fix inflight cnt calculation [v2,20/29] crypto/cnxk: use atomics to access CPT res [v2,21/29] crypto/cnxk: add more info on command timeout [v2,22/29] crypto/cnxk: support lookaside IPsec AES-CTR [v2,23/29] crypto/cnxk: fix extend tail calculation [v2,24/29] crypto/cnxk: add aes xcbc and null cipher [v2,25/29] crypto/cnxk: add copy and set DF [v2,26/29] crypto/cnxk: add aes cmac [v2,27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode [v2,28/29] crypto/cnxk: enable copy dscp [v2,29/29] crypto/cnxk: update microcode completion handling

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Anoob Joseph Dec. 16, 2021, 5:49 p.m. UTC

  Add support for AES CMAC auth algorithm.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 doc/guides/cryptodevs/cnxk.rst                    |  1 +
 doc/guides/cryptodevs/features/cn10k.ini          | 37 +++++++-------
 doc/guides/cryptodevs/features/cn9k.ini           | 37 +++++++-------
 doc/guides/rel_notes/release_22_03.rst            |  1 +
 drivers/common/cnxk/roc_se.h                      |  8 +--
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20 ++++++++
 drivers/crypto/cnxk/cnxk_se.h                     | 60 ++++++++++++++---------
 7 files changed, 103 insertions(+), 61 deletions(-)

diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index 6e844f5..3c58517 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -61,6 +61,7 @@  Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
 * ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index ab21d9d..c8193c2 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -41,23 +41,26 @@  ZUC EEA3       = Y
 ; Supported authentication algorithms of 'cn10k' crypto driver.
 ;
 [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
 
 ;
 ; Supported AEAD algorithms of 'cn10k' crypto driver.
diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini
index d834659..f215ee0 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -40,23 +40,26 @@  ZUC EEA3       = Y
 ; Supported authentication algorithms of 'cn9k' crypto driver.
 ;
 [Auth]
-NULL         = Y
-AES GMAC     = Y
-KASUMI F9    = Y
-MD5          = Y
-MD5 HMAC     = Y
-SHA1         = Y
-SHA1 HMAC    = Y
-SHA224       = Y
-SHA224 HMAC  = Y
-SHA256       = Y
-SHA256 HMAC  = Y
-SHA384       = Y
-SHA384 HMAC  = Y
-SHA512       = Y
-SHA512 HMAC  = Y
-SNOW3G UIA2  = Y
-ZUC EIA3     = Y
+NULL            = Y
+AES GMAC        = Y
+KASUMI F9       = Y
+MD5             = Y
+MD5 HMAC        = Y
+SHA1            = Y
+SHA1 HMAC       = Y
+SHA224          = Y
+SHA224 HMAC     = Y
+SHA256          = Y
+SHA256 HMAC     = Y
+SHA384          = Y
+SHA384 HMAC     = Y
+SHA512          = Y
+SHA512 HMAC     = Y
+SNOW3G UIA2     = Y
+ZUC EIA3        = Y
+AES CMAC (128)  = Y
+AES CMAC (192)  = Y
+AES CMAC (256)  = Y
 
 ;
 ; Supported AEAD algorithms of 'cn9k' crypto driver.
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index e8fec00..72e758e 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -63,6 +63,7 @@  New Features
   * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
+  * Added AES-CMAC support in CN9K & CN10K.
 
 
 Removed Items
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 253575a..145a182 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -11,10 +11,10 @@ 
 #define ROC_SE_FC_MINOR_OP_DECRYPT    0x1
 #define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10
 
-#define ROC_SE_MAJOR_OP_HASH	   0x34
-#define ROC_SE_MAJOR_OP_HMAC	   0x35
-#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37
-#define ROC_SE_MAJOR_OP_KASUMI	   0x38
+#define ROC_SE_MAJOR_OP_HASH   0x34
+#define ROC_SE_MAJOR_OP_HMAC   0x35
+#define ROC_SE_MAJOR_OP_PDCP   0x37
+#define ROC_SE_MAJOR_OP_KASUMI 0x38
 
 #define ROC_SE_MAJOR_OP_MISC		 0x01
 #define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 69ee0d9..457e166 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -568,6 +568,26 @@  static const struct rte_cryptodev_capabilities caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 4,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
 };
 
 static const struct rte_cryptodev_capabilities caps_kasumi[] = {
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index a8cd2c5..e988d57 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -73,11 +73,15 @@  pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
 		for (j = 0; j < 4; j++)
 			iv_temp[j] = iv_s_temp[3 - j];
 		memcpy(iv_d, iv_temp, 16);
-	} else {
+	} else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) {
 		/* ZUC doesn't need a swap */
 		memcpy(iv_d, iv_s, 16);
 		if (pack_iv)
 			cpt_pack_iv(iv_s, iv_d);
+	} else {
+		/* AES-CMAC EIA2, microcode expects 16B zeroized IV */
+		for (j = 0; j < 4; j++)
+			iv_d[j] = 0;
 	}
 }
 
@@ -992,8 +996,8 @@  cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 }
 
 static __rte_always_inline int
-cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
-		    struct roc_se_fc_params *params, struct cpt_inst_s *inst)
+cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
+		  struct roc_se_fc_params *params, struct cpt_inst_s *inst)
 {
 	uint32_t size;
 	int32_t inputlen, outputlen;
@@ -1014,33 +1018,43 @@  cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 	mac_len = se_ctx->mac_len;
 	pdcp_alg_type = se_ctx->pdcp_alg_type;
 
-	cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_ZUC_SNOW3G;
-
+	cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;
 	cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;
 
 	if (flags == 0x1) {
 		iv_s = params->auth_iv_buf;
-		iv_len = params->auth_iv_len;
-
-		if (iv_len == 25) {
-			iv_len -= 2;
-			pack_iv = 1;
-		}
 
 		/*
 		 * Microcode expects offsets in bytes
 		 * TODO: Rounding off
 		 */
 		auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
-
-		/* EIA3 or UIA2 */
 		auth_offset = ROC_SE_AUTH_OFFSET(d_offs);
-		auth_offset = auth_offset / 8;
 
-		/* consider iv len */
-		auth_offset += iv_len;
+		if (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) {
+			iv_len = params->auth_iv_len;
+
+			if (iv_len == 25) {
+				iv_len -= 2;
+				pack_iv = 1;
+			}
+
+			auth_offset = auth_offset / 8;
+
+			/* consider iv len */
+			auth_offset += iv_len;
+
+			inputlen =
+				auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
+		} else {
+			iv_len = 16;
+
+			/* consider iv len */
+			auth_offset += iv_len;
+
+			inputlen = auth_offset + auth_data_len;
+		}
 
-		inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
 		outputlen = mac_len;
 
 		offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset);
@@ -1056,7 +1070,6 @@  cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 			pack_iv = 1;
 		}
 
-		/* EEA3 or UEA2 */
 		/*
 		 * Microcode expects offsets in bytes
 		 * TODO: Rounding off
@@ -1589,8 +1602,7 @@  cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 	if (likely(fc_type == ROC_SE_FC_GEN)) {
 		ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_PDCP) {
-		ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-					  inst);
+		ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_KASUMI) {
 		ret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst);
 	}
@@ -1618,8 +1630,7 @@  cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 	if (likely(fc_type == ROC_SE_FC_GEN)) {
 		ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_PDCP) {
-		ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
-					  inst);
+		ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
 	} else if (fc_type == ROC_SE_KASUMI) {
 		ret = cpt_kasumi_enc_prep(flags, d_offs, d_lens, fc_params,
 					  inst);
@@ -1883,8 +1894,11 @@  fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 		auth_type = 0;
 		is_null = 1;
 		break;
-	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
+		auth_type = ROC_SE_AES_CMAC_EIA2;
+		zsk_flag = ROC_SE_ZS_IA;
+		break;
+	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 		plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
 		return -1;