From patchwork Fri Sep 11 11:37:59 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "De Lara Guarch,
 Pablo" <pablo.de.lara.guarch@intel.com>
X-Patchwork-Id: 77378
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AE0A6A04B5;
	Fri, 11 Sep 2020 13:38:11 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id B42201B75C;
	Fri, 11 Sep 2020 13:38:10 +0200 (CEST)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by dpdk.org (Postfix) with ESMTP id 2610EE07
 for <dev@dpdk.org>; Fri, 11 Sep 2020 13:38:07 +0200 (CEST)
IronPort-SDR: 
 /XFb9vACNLJHlBRIrnrEsuzR2kCOeenvHmKV1ou/lX4mU9IJdCo+RUN4hyb8wIPD7yMeMn0Rib
 dNvpdjdb9bow==
X-IronPort-AV: E=McAfee;i="6000,8403,9740"; a="138253798"
X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="138253798"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 11 Sep 2020 04:38:05 -0700
IronPort-SDR: 
 EVeUkd7C1MLle7NfCxHZC39TlshizT6pn4udgdgAxd+Lsl60DPyvrgr07V/KFagYq7FgeHIA92
 xemstsLmSaSQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="449959910"
Received: from silpixa00399593.ir.intel.com (HELO
 silpixa00399593.ger.corp.intel.com) ([10.237.223.27])
 by orsmga004.jf.intel.com with ESMTP; 11 Sep 2020 04:38:04 -0700
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: dev@dpdk.org
Cc: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Fri, 11 Sep 2020 11:37:59 +0000
Message-Id: <20200911113801.2664990-1-pablo.de.lara.guarch@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200911111901.2664106-1-pablo.de.lara.guarch@intel.com>
References: <20200911111901.2664106-1-pablo.de.lara.guarch@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2 1/3] crypto/aesni_mb: support ZUC-EEA3/EIA3
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb
job API, allowing the mix of these algorithms with others.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---

v2:
- Added commit description
- Fixed checkpatch issues

---
 doc/guides/cryptodevs/aesni_mb.rst            |  36 ++---
 doc/guides/cryptodevs/features/aesni_mb.ini   |   2 +
 doc/guides/rel_notes/release_20_11.rst        |   4 +
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    | 127 ++++++++++--------
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    |  62 ++++++++-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  47 +++++++
 6 files changed, 205 insertions(+), 73 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 15388d20a..0cb58bfe5 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -32,23 +32,25 @@ Cipher algorithms:
 * RTE_CRYPTO_CIPHER_DES_CBC
 * RTE_CRYPTO_CIPHER_3DES_CBC
 * RTE_CRYPTO_CIPHER_DES_DOCSISBPI
-
-Hash algorithms:
-
-* RTE_CRYPTO_HASH_MD5_HMAC
-* RTE_CRYPTO_HASH_SHA1_HMAC
-* RTE_CRYPTO_HASH_SHA224_HMAC
-* RTE_CRYPTO_HASH_SHA256_HMAC
-* RTE_CRYPTO_HASH_SHA384_HMAC
-* RTE_CRYPTO_HASH_SHA512_HMAC
-* RTE_CRYPTO_HASH_AES_XCBC_HMAC
-* RTE_CRYPTO_HASH_AES_CMAC
-* RTE_CRYPTO_HASH_AES_GMAC
-* RTE_CRYPTO_HASH_SHA1
-* RTE_CRYPTO_HASH_SHA224
-* RTE_CRYPTO_HASH_SHA256
-* RTE_CRYPTO_HASH_SHA384
-* RTE_CRYPTO_HASH_SHA512
+* RTE_CRYPTO_CIPHER_ZUC_EEA3
+
+Authentication algorithms:
+
+* RTE_CRYPTO_AUTH_MD5_HMAC
+* RTE_CRYPTO_AUTH_SHA1_HMAC
+* RTE_CRYPTO_AUTH_SHA224_HMAC
+* RTE_CRYPTO_AUTH_SHA256_HMAC
+* RTE_CRYPTO_AUTH_SHA384_HMAC
+* RTE_CRYPTO_AUTH_SHA512_HMAC
+* RTE_CRYPTO_AUTH_AES_XCBC_HMAC
+* RTE_CRYPTO_AUTH_AES_CMAC
+* RTE_CRYPTO_AUTH_AES_GMAC
+* RTE_CRYPTO_AUTH_SHA1
+* RTE_CRYPTO_AUTH_SHA224
+* RTE_CRYPTO_AUTH_SHA256
+* RTE_CRYPTO_AUTH_SHA384
+* RTE_CRYPTO_AUTH_SHA512
+* RTE_CRYPTO_AUTH_ZUC_EIA3
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 38d255aff..47210333c 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -30,6 +30,7 @@ AES DOCSIS BPI = Y
 DES CBC        = Y
 3DES CBC       = Y
 DES DOCSIS BPI = Y
+ZUC EEA3       = Y
 
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@@ -49,6 +50,7 @@ SHA512 HMAC  = Y
 AES XCBC MAC = Y
 AES CMAC (128)  = Y
 AES GMAC     = Y
+ZUC EIA3     = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index df227a177..1dc822cb7 100644
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -55,6 +55,10 @@ New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+* **Updated the AESNI MB crypto PMD.**
+
+  * Added support for ZUC-EEA3/EIA3 algorithms.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index e0c7b4f7c..601ab9a40 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -39,22 +39,25 @@ extern int aesni_mb_logtype_driver;
 /* Maximum length for digest */
 #define DIGEST_LENGTH_MAX 64
 static const unsigned auth_blocksize[] = {
-		[NULL_HASH]	= 0,
-		[MD5]		= 64,
-		[SHA1]		= 64,
-		[SHA_224]	= 64,
-		[SHA_256]	= 64,
-		[SHA_384]	= 128,
-		[SHA_512]	= 128,
-		[AES_XCBC]	= 16,
-		[AES_CCM]	= 16,
-		[AES_CMAC]	= 16,
-		[AES_GMAC]	= 16,
-		[PLAIN_SHA1]	= 64,
-		[PLAIN_SHA_224]	= 64,
-		[PLAIN_SHA_256]	= 64,
-		[PLAIN_SHA_384]	= 128,
-		[PLAIN_SHA_512]	= 128
+		[NULL_HASH]			= 0,
+		[MD5]				= 64,
+		[SHA1]				= 64,
+		[SHA_224]			= 64,
+		[SHA_256]			= 64,
+		[SHA_384]			= 128,
+		[SHA_512]			= 128,
+		[AES_XCBC]			= 16,
+		[AES_CCM]			= 16,
+		[AES_CMAC]			= 16,
+		[AES_GMAC]			= 16,
+		[PLAIN_SHA1]			= 64,
+		[PLAIN_SHA_224]			= 64,
+		[PLAIN_SHA_256]			= 64,
+		[PLAIN_SHA_384]			= 128,
+		[PLAIN_SHA_512]			= 128,
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 16
+#endif
 };
 
 /**
@@ -70,22 +73,25 @@ get_auth_algo_blocksize(JOB_HASH_ALG algo)
 }
 
 static const unsigned auth_truncated_digest_byte_lengths[] = {
-		[MD5]		= 12,
-		[SHA1]		= 12,
-		[SHA_224]	= 14,
-		[SHA_256]	= 16,
-		[SHA_384]	= 24,
-		[SHA_512]	= 32,
-		[AES_XCBC]	= 12,
-		[AES_CMAC]	= 12,
-		[AES_CCM]	= 8,
-		[NULL_HASH]	= 0,
-		[AES_GMAC]	= 16,
-		[PLAIN_SHA1]	= 20,
-		[PLAIN_SHA_224]	= 28,
-		[PLAIN_SHA_256]	= 32,
-		[PLAIN_SHA_384]	= 48,
-		[PLAIN_SHA_512]	= 64
+		[MD5]				= 12,
+		[SHA1]				= 12,
+		[SHA_224]			= 14,
+		[SHA_256]			= 16,
+		[SHA_384]			= 24,
+		[SHA_512]			= 32,
+		[AES_XCBC]			= 12,
+		[AES_CMAC]			= 12,
+		[AES_CCM]			= 8,
+		[NULL_HASH]			= 0,
+		[AES_GMAC]			= 16,
+		[PLAIN_SHA1]			= 20,
+		[PLAIN_SHA_224]			= 28,
+		[PLAIN_SHA_256]			= 32,
+		[PLAIN_SHA_384]			= 48,
+		[PLAIN_SHA_512]			= 64,
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4
+#endif
 };
 
 /**
@@ -102,22 +108,25 @@ get_truncated_digest_byte_length(JOB_HASH_ALG algo)
 }
 
 static const unsigned auth_digest_byte_lengths[] = {
-		[MD5]		= 16,
-		[SHA1]		= 20,
-		[SHA_224]	= 28,
-		[SHA_256]	= 32,
-		[SHA_384]	= 48,
-		[SHA_512]	= 64,
-		[AES_XCBC]	= 16,
-		[AES_CMAC]	= 16,
-		[AES_CCM]	= 16,
-		[AES_GMAC]	= 12,
-		[NULL_HASH]	= 0,
-		[PLAIN_SHA1]	= 20,
-		[PLAIN_SHA_224]	= 28,
-		[PLAIN_SHA_256]	= 32,
-		[PLAIN_SHA_384]	= 48,
-		[PLAIN_SHA_512]	= 64
+		[MD5]				= 16,
+		[SHA1]				= 20,
+		[SHA_224]			= 28,
+		[SHA_256]			= 32,
+		[SHA_384]			= 48,
+		[SHA_512]			= 64,
+		[AES_XCBC]			= 16,
+		[AES_CMAC]			= 16,
+		[AES_CCM]			= 16,
+		[AES_GMAC]			= 12,
+		[NULL_HASH]			= 0,
+		[PLAIN_SHA1]			= 20,
+		[PLAIN_SHA_224]			= 28,
+		[PLAIN_SHA_256]			= 32,
+		[PLAIN_SHA_384]			= 48,
+		[PLAIN_SHA_512]			= 64,
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4
+#endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
 };
@@ -189,6 +198,10 @@ struct aesni_mb_session {
 		uint16_t length;
 		uint16_t offset;
 	} iv;
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} auth_iv;
 	/**< IV parameters */
 
 	/** Cipher Parameters */const struct aesni_mb_op_fns *op_fns;
@@ -209,19 +222,23 @@ struct aesni_mb_session {
 				uint32_t decode[60] __rte_aligned(16);
 				/**< decode key */
 			} expanded_aes_keys;
+			/**< Expanded AES keys - Allocating space to
+			 * contain the maximum expanded key size which
+			 * is 240 bytes for 256 bit AES, calculate by:
+			 * ((key size (bytes)) *
+			 * ((number of rounds) + 1))
+			 */
 			struct {
 				const void *ks_ptr[3];
 				uint64_t key[3][16];
 			} exp_3des_keys;
+			/**< Expanded 3DES keys */
 
 			struct gcm_key_data gcm_key;
+			/**< Expanded GCM key */
+			uint8_t zuc_cipher_key[16];
+			/**< ZUC cipher key */
 		};
-		/**< Expanded AES keys - Allocating space to
-		 * contain the maximum expanded key size which
-		 * is 240 bytes for 256 bit AES, calculate by:
-		 * ((key size (bytes)) *
-		 * ((number of rounds) + 1))
-		 */
 	} cipher;
 
 	/** Authentication Parameters */
@@ -260,6 +277,8 @@ struct aesni_mb_session {
 						    /**< k3. */
 			} cmac;
 			/**< Expanded XCBC authentication keys */
+			uint8_t zuc_auth_key[16];
+			/**< ZUC authentication key */
 		};
 	/** Generated digest size by the Multi-buffer library */
 	uint16_t gen_digest_len;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 1bddbcf74..54023e013 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -146,6 +146,10 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 		return -1;
 	}
 
+	/* Set IV parameters */
+	sess->auth_iv.offset = xform->auth.iv.offset;
+	sess->auth_iv.length = xform->auth.iv.length;
+
 	/* Set the request digest size */
 	sess->auth.req_digest_len = xform->auth.digest_length;
 
@@ -249,6 +253,22 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 		return 0;
 	}
 
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
+		sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+		uint16_t zuc_eia3_digest_len =
+			get_truncated_digest_byte_length(IMB_AUTH_ZUC_EIA3_BITLEN);
+		if (sess->auth.req_digest_len != zuc_eia3_digest_len) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+
+		memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
+		return 0;
+	}
+#endif
+
 	switch (xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 		sess->auth.algo = MD5;
@@ -381,6 +401,9 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 	uint8_t is_aes = 0;
 	uint8_t is_3DES = 0;
 	uint8_t is_docsis = 0;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	uint8_t is_zuc = 0;
+#endif
 
 	if (xform == NULL) {
 		sess->cipher.mode = NULL_CIPHER;
@@ -429,6 +452,12 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 		sess->cipher.mode = DES3;
 		is_3DES = 1;
 		break;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+		sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
+		is_zuc = 1;
+		break;
+#endif
 	default:
 		AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter");
 		return -ENOTSUP;
@@ -471,7 +500,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 					sess->cipher.expanded_aes_keys.encode,
 					sess->cipher.expanded_aes_keys.decode);
 			break;
-#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		case AES_256_BYTES:
 			sess->cipher.key_length_in_bytes = AES_256_BYTES;
 			IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
@@ -527,6 +556,16 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 		}
 
 		sess->cipher.key_length_in_bytes = 24;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	} else if (is_zuc) {
+		if (xform->cipher.key.length != 16) {
+			AESNI_MB_LOG(ERR, "Invalid cipher key length");
+			return -EINVAL;
+		}
+		sess->cipher.key_length_in_bytes = 16;
+		memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
+			16);
+#endif
 	} else {
 		if (xform->cipher.key.length != 8) {
 			AESNI_MB_LOG(ERR, "Invalid cipher key length");
@@ -693,6 +732,7 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
 
 	/* Default IV length = 0 */
 	sess->iv.length = 0;
+	sess->auth_iv.length = 0;
 
 	ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform);
 	if (ret != 0) {
@@ -1168,7 +1208,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		job->aes_enc_key_expanded = &session->cipher.gcm_key;
 		job->aes_dec_key_expanded = &session->cipher.gcm_key;
 		break;
-
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	case IMB_AUTH_ZUC_EIA3_BITLEN:
+		job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
+		job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						session->auth_iv.offset);
+		break;
+#endif
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
 		job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer;
@@ -1186,6 +1232,13 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		}
 	}
 
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
+		job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
+		job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
+	}
+#endif
+
 	if (!op->sym->m_dst) {
 		/* in-place operation */
 		m_dst = m_src;
@@ -1286,6 +1339,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 			session->iv.offset);
 	}
 
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
+		job->msg_len_to_cipher_in_bytes >>= 3;
+#endif
+
 	/* Set user data to be crypto operation data struct */
 	job->user_data = op;
 
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 2362f0c3c..f4c4f56fe 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -497,6 +497,53 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	{	/* ZUC (EIA3) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 4,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* ZUC (EEA3) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
+#endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 

From patchwork Fri Sep 11 11:38:00 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "De Lara Guarch,
 Pablo" <pablo.de.lara.guarch@intel.com>
X-Patchwork-Id: 77379
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 397BDA04B5;
	Fri, 11 Sep 2020 13:38:19 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 331171C0CD;
	Fri, 11 Sep 2020 13:38:12 +0200 (CEST)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by dpdk.org (Postfix) with ESMTP id 1B6ABE07
 for <dev@dpdk.org>; Fri, 11 Sep 2020 13:38:08 +0200 (CEST)
IronPort-SDR: 
 yzGfvS4dPId/flxMZ2noBj7GhIy4l8T2rtKYjfA9v5UzFCcbO6GhtSiHi+L7+1kNquF9UvCYyJ
 6mnKig0wxDsQ==
X-IronPort-AV: E=McAfee;i="6000,8403,9740"; a="138253804"
X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="138253804"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 11 Sep 2020 04:38:08 -0700
IronPort-SDR: 
 0xbuZzvS1md7g1sS9dVlw9gnX7A1W4joPAw8LQvkPAFbo3inn/I1/xXERhfnwOAsRC506ofQ4r
 9Qb5dzMguQ+g==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="449959925"
Received: from silpixa00399593.ir.intel.com (HELO
 silpixa00399593.ger.corp.intel.com) ([10.237.223.27])
 by orsmga004.jf.intel.com with ESMTP; 11 Sep 2020 04:38:07 -0700
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: dev@dpdk.org
Cc: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Fri, 11 Sep 2020 11:38:00 +0000
Message-Id: <20200911113801.2664990-2-pablo.de.lara.guarch@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200911113801.2664990-1-pablo.de.lara.guarch@intel.com>
References: <20200911111901.2664106-1-pablo.de.lara.guarch@intel.com>
 <20200911113801.2664990-1-pablo.de.lara.guarch@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2 2/3] crypto/aesni_mb: support SNOW3G-UEA2/UIA2
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb
job API, allowing the mix of these algorithms with others.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
v2:
- Added commit description

---
 doc/guides/cryptodevs/aesni_mb.rst            |  2 +
 doc/guides/cryptodevs/features/aesni_mb.ini   |  2 +
 doc/guides/rel_notes/release_20_11.rst        |  1 +
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |  7 +++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    | 47 ++++++++++++++++---
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    | 45 ++++++++++++++++++
 6 files changed, 98 insertions(+), 6 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 0cb58bfe5..12bcafcba 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -33,6 +33,7 @@ Cipher algorithms:
 * RTE_CRYPTO_CIPHER_3DES_CBC
 * RTE_CRYPTO_CIPHER_DES_DOCSISBPI
 * RTE_CRYPTO_CIPHER_ZUC_EEA3
+* RTE_CRYPTO_CIPHER_SNOW3G_UEA2
 
 Authentication algorithms:
 
@@ -51,6 +52,7 @@ Authentication algorithms:
 * RTE_CRYPTO_AUTH_SHA384
 * RTE_CRYPTO_AUTH_SHA512
 * RTE_CRYPTO_AUTH_ZUC_EIA3
+* RTE_CRYPTO_AUTH_SNOW3G_UIA2
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 47210333c..76a0fd149 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -31,6 +31,7 @@ DES CBC        = Y
 3DES CBC       = Y
 DES DOCSIS BPI = Y
 ZUC EEA3       = Y
+SNOW3G UEA2    = Y
 
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@@ -51,6 +52,7 @@ AES XCBC MAC = Y
 AES CMAC (128)  = Y
 AES GMAC     = Y
 ZUC EIA3     = Y
+SNOW3G UIA2  = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index 1dc822cb7..ee8dff904 100644
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -58,6 +58,7 @@ New Features
 * **Updated the AESNI MB crypto PMD.**
 
   * Added support for ZUC-EEA3/EIA3 algorithms.
+  * Added support for SNOW3G-UEA2/UIA2 algorithms.
 
 
 Removed Items
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index 601ab9a40..75d01264e 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -57,6 +57,7 @@ static const unsigned auth_blocksize[] = {
 		[PLAIN_SHA_512]			= 128,
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 16
+		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 16
 #endif
 };
 
@@ -91,6 +92,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
 		[PLAIN_SHA_512]			= 64,
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4
+		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4
 #endif
 };
 
@@ -126,6 +128,7 @@ static const unsigned auth_digest_byte_lengths[] = {
 		[PLAIN_SHA_512]			= 64,
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4
+		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4
 #endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
@@ -238,6 +241,8 @@ struct aesni_mb_session {
 			/**< Expanded GCM key */
 			uint8_t zuc_cipher_key[16];
 			/**< ZUC cipher key */
+			snow3g_key_schedule_t pKeySched_snow3g_cipher;
+			/**< SNOW3G scheduled cipher key */
 		};
 	} cipher;
 
@@ -279,6 +284,8 @@ struct aesni_mb_session {
 			/**< Expanded XCBC authentication keys */
 			uint8_t zuc_auth_key[16];
 			/**< ZUC authentication key */
+			snow3g_key_schedule_t pKeySched_snow3g_auth;
+			/**< SNOW3G scheduled authentication key */
 		};
 	/** Generated digest size by the Multi-buffer library */
 	uint16_t gen_digest_len;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 54023e013..42f89a955 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -266,6 +266,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 
 		memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
 		return 0;
+	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
+		sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
+		uint16_t snow3g_uia2_digest_len =
+			get_truncated_digest_byte_length(IMB_AUTH_SNOW3G_UIA2_BITLEN);
+		if (sess->auth.req_digest_len != snow3g_uia2_digest_len) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+
+		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data,
+					&sess->auth.pKeySched_snow3g_auth);
+		return 0;
 	}
 #endif
 
@@ -403,6 +416,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 	uint8_t is_docsis = 0;
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 	uint8_t is_zuc = 0;
+	uint8_t is_snow3g = 0;
 #endif
 
 	if (xform == NULL) {
@@ -457,6 +471,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 		sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
 		is_zuc = 1;
 		break;
+	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
+		sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
+		is_snow3g = 1;
+		break;
 #endif
 	default:
 		AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter");
@@ -565,6 +583,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 		sess->cipher.key_length_in_bytes = 16;
 		memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
 			16);
+	} else if (is_snow3g) {
+		if (xform->cipher.key.length != 16) {
+			AESNI_MB_LOG(ERR, "Invalid cipher key length");
+			return -EINVAL;
+		}
+		sess->cipher.key_length_in_bytes = 16;
+		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data,
+					&sess->cipher.pKeySched_snow3g_cipher);
 #endif
 	} else {
 		if (xform->cipher.key.length != 8) {
@@ -1214,6 +1240,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
 		break;
+	case IMB_AUTH_SNOW3G_UIA2_BITLEN:
+		job->u.SNOW3G_UIA2._key = (void *) &session->auth.pKeySched_snow3g_auth;
+		job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						session->auth_iv.offset);
+		break;
 #endif
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
@@ -1232,10 +1263,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		}
 	}
 
+	if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
+			session->cipher.mode == GCM))
+		m_offset = op->sym->aead.data.offset;
+	else
+		m_offset = op->sym->cipher.data.offset;
+
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
 		job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
 		job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
+	} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
+		job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
+		m_offset = 0;
 	}
 #endif
 
@@ -1253,12 +1293,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		oop = 1;
 	}
 
-	if (job->hash_alg == AES_CCM || (job->hash_alg == AES_GMAC &&
-			session->cipher.mode == GCM))
-		m_offset = op->sym->aead.data.offset;
-	else
-		m_offset = op->sym->cipher.data.offset;
-
 	/* Set digest output location */
 	if (job->hash_alg != NULL_HASH &&
 			session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
@@ -1327,6 +1361,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		break;
 
 	default:
+		/* For SNOW3G, length and offsets are already in bits */
 		job->cipher_start_src_offset_in_bytes =
 				op->sym->cipher.data.offset;
 		job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index f4c4f56fe..9554ff0e7 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -543,6 +543,51 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SNOW 3G (UIA2) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 4,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SNOW 3G (UEA2) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
 #endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };

From patchwork Fri Sep 11 11:38:01 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "De Lara Guarch,
 Pablo" <pablo.de.lara.guarch@intel.com>
X-Patchwork-Id: 77380
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0C160A04B5;
	Fri, 11 Sep 2020 13:38:29 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id E94B51C10A;
	Fri, 11 Sep 2020 13:38:14 +0200 (CEST)
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by dpdk.org (Postfix) with ESMTP id 6A40E1C0D0
 for <dev@dpdk.org>; Fri, 11 Sep 2020 13:38:12 +0200 (CEST)
IronPort-SDR: 
 iXFZ2DEDc+aKxJNYrsr9rzt75HYFTrcjdWS0bR9XebWf1uRkIuFxlTY1Kq03SFTBLQjeOD3zIA
 SER+NYaDgckw==
X-IronPort-AV: E=McAfee;i="6000,8403,9740"; a="138253811"
X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="138253811"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 11 Sep 2020 04:38:11 -0700
IronPort-SDR: 
 8QE9wYiOSwrkz3VXt5yYvuPOIL/Fh/+pfhNXy/8IV2GVfeTsWj1L5YxuYFKpqoSwtKzOaeg4ZJ
 ZU3GbApwqAvw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,415,1592895600"; d="scan'208";a="449959937"
Received: from silpixa00399593.ir.intel.com (HELO
 silpixa00399593.ger.corp.intel.com) ([10.237.223.27])
 by orsmga004.jf.intel.com with ESMTP; 11 Sep 2020 04:38:10 -0700
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: dev@dpdk.org
Cc: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Fri, 11 Sep 2020 11:38:01 +0000
Message-Id: <20200911113801.2664990-3-pablo.de.lara.guarch@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200911113801.2664990-1-pablo.de.lara.guarch@intel.com>
References: <20200911111901.2664106-1-pablo.de.lara.guarch@intel.com>
 <20200911113801.2664990-1-pablo.de.lara.guarch@intel.com>
MIME-Version: 1.0
Subject: [dpdk-dev] [PATCH v2 3/3] crypto/aesni_mb: support KASUMI F8/F9
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb
job API, allowing the mix of these algorithms with others.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
v2:
- Added commit description

---

 doc/guides/cryptodevs/aesni_mb.rst            |  2 +
 doc/guides/cryptodevs/features/aesni_mb.ini   |  2 +
 doc/guides/rel_notes/release_20_11.rst        |  1 +
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |  7 ++++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    | 34 +++++++++++++++
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    | 41 +++++++++++++++++++
 6 files changed, 87 insertions(+)

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 12bcafcba..85c462e62 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -34,6 +34,7 @@ Cipher algorithms:
 * RTE_CRYPTO_CIPHER_DES_DOCSISBPI
 * RTE_CRYPTO_CIPHER_ZUC_EEA3
 * RTE_CRYPTO_CIPHER_SNOW3G_UEA2
+* RTE_CRYPTO_CIPHER_KASUMI_F8
 
 Authentication algorithms:
 
@@ -53,6 +54,7 @@ Authentication algorithms:
 * RTE_CRYPTO_AUTH_SHA512
 * RTE_CRYPTO_AUTH_ZUC_EIA3
 * RTE_CRYPTO_AUTH_SNOW3G_UIA2
+* RTE_CRYPTO_AUTH_KASUMI_F9
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 76a0fd149..f70adcec9 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -32,6 +32,7 @@ DES CBC        = Y
 DES DOCSIS BPI = Y
 ZUC EEA3       = Y
 SNOW3G UEA2    = Y
+KASUMI F8      = Y
 
 ;
 ; Supported authentication algorithms of the 'aesni_mb' crypto driver.
@@ -53,6 +54,7 @@ AES CMAC (128)  = Y
 AES GMAC     = Y
 ZUC EIA3     = Y
 SNOW3G UIA2  = Y
+KASUMI F9    = Y
 
 ;
 ; Supported AEAD algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index ee8dff904..2b6370025 100644
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -59,6 +59,7 @@ New Features
 
   * Added support for ZUC-EEA3/EIA3 algorithms.
   * Added support for SNOW3G-UEA2/UIA2 algorithms.
+  * Added support for KASUMI-F8/F9 algorithms.
 
 
 Removed Items
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index 75d01264e..0177b9180 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -58,6 +58,7 @@ static const unsigned auth_blocksize[] = {
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 16
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 16
+		[IMB_AUTH_KASUMI_UIA1]		= 16
 #endif
 };
 
@@ -93,6 +94,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4
+		[IMB_AUTH_KASUMI_UIA1]		= 4
 #endif
 };
 
@@ -129,6 +131,7 @@ static const unsigned auth_digest_byte_lengths[] = {
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 		[IMB_AUTH_ZUC_EIA3_BITLEN]	= 4
 		[IMB_AUTH_SNOW3G_UIA2_BITLEN]	= 4
+		[IMB_AUTH_KASUMI_UIA1]		= 4
 #endif
 	/**< Vector mode dependent pointer table of the multi-buffer APIs */
 
@@ -243,6 +246,8 @@ struct aesni_mb_session {
 			/**< ZUC cipher key */
 			snow3g_key_schedule_t pKeySched_snow3g_cipher;
 			/**< SNOW3G scheduled cipher key */
+			kasumi_key_sched_t pKeySched_kasumi_cipher;
+			/**< KASUMI scheduled cipher key */
 		};
 	} cipher;
 
@@ -286,6 +291,8 @@ struct aesni_mb_session {
 			/**< ZUC authentication key */
 			snow3g_key_schedule_t pKeySched_snow3g_auth;
 			/**< SNOW3G scheduled authentication key */
+			kasumi_key_sched_t pKeySched_kasumi_auth;
+			/**< KASUMI scheduled authentication key */
 		};
 	/** Generated digest size by the Multi-buffer library */
 	uint16_t gen_digest_len;
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 42f89a955..df4d86d0f 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -279,6 +279,19 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data,
 					&sess->auth.pKeySched_snow3g_auth);
 		return 0;
+	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) {
+		sess->auth.algo = IMB_AUTH_KASUMI_UIA1;
+		uint16_t kasumi_f9_digest_len =
+			get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1);
+		if (sess->auth.req_digest_len != kasumi_f9_digest_len) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
+
+		IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data,
+					&sess->auth.pKeySched_kasumi_auth);
+		return 0;
 	}
 #endif
 
@@ -417,6 +430,7 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 	uint8_t is_zuc = 0;
 	uint8_t is_snow3g = 0;
+	uint8_t is_kasumi = 0;
 #endif
 
 	if (xform == NULL) {
@@ -475,6 +489,10 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 		sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
 		is_snow3g = 1;
 		break;
+	case RTE_CRYPTO_CIPHER_KASUMI_F8:
+		sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
+		is_kasumi = 1;
+		break;
 #endif
 	default:
 		AESNI_MB_LOG(ERR, "Unsupported cipher mode parameter");
@@ -591,6 +609,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
 		sess->cipher.key_length_in_bytes = 16;
 		IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data,
 					&sess->cipher.pKeySched_snow3g_cipher);
+	} else if (is_kasumi) {
+		if (xform->cipher.key.length != 16) {
+			AESNI_MB_LOG(ERR, "Invalid cipher key length");
+			return -EINVAL;
+		}
+		sess->cipher.key_length_in_bytes = 16;
+		IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data,
+					&sess->cipher.pKeySched_kasumi_cipher);
 #endif
 	} else {
 		if (xform->cipher.key.length != 8) {
@@ -1245,6 +1271,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 		job->u.SNOW3G_UIA2._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 						session->auth_iv.offset);
 		break;
+	case IMB_AUTH_KASUMI_UIA1:
+		job->u.KASUMI_UIA1._key = (void *) &session->auth.pKeySched_kasumi_auth;
+		break;
 #endif
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
@@ -1276,6 +1305,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 	} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
 		job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
 		m_offset = 0;
+	} else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {
+		job->enc_keys = &session->cipher.pKeySched_kasumi_cipher;
+		m_offset = 0;
 	}
 #endif
 
@@ -1377,6 +1409,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
 	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
 		job->msg_len_to_cipher_in_bytes >>= 3;
+	else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1)
+		job->msg_len_to_hash_in_bytes >>= 3;
 #endif
 
 	/* Set user data to be crypto operation data struct */
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 9554ff0e7..7f5ef66c5 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -588,6 +588,47 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* KASUMI (F9) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_KASUMI_F9,
+				.block_size = 8,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 4,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
+	{	/* KASUMI (F8) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_KASUMI_F8,
+				.block_size = 8,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 8,
+					.max = 8,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
 #endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };