> -----Original Message-----
> From: Power, Ciara <ciara.power@intel.com>
> Sent: Friday, October 15, 2021 3:40 PM
> To: dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Bronowski, PiotrX
> <piotrx.bronowski@intel.com>; gakhil@marvell.com; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; mdr@ashroe.eu
> Subject: [PATCH v4 04/14] crypto/ipsec_mb: support ZUC-256 for aesni_mb
>
> From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
>
> Add support for ZUC-EEA3-256 and ZUC-EIA3-256.
> Only 4-byte tags supported for now.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
@@ -77,6 +77,7 @@ Limitations
protocol.
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
DOCSIS security protocol.
+* The only tag size supported for ZUC-EIA3-256 is 4 bytes.
Installation
@@ -106,6 +106,10 @@ New Features
* AESNI_MB PMD.
+* **Updated the aesni_mb crypto PMD.**
+
+ * Added support for ZUC-EEA3-256 and ZUC-EIA3-256.
+
* **Updated Marvell cnxk ethdev driver.**
* Added rte_flow support for dual VLAN insert and strip actions.
@@ -179,7 +179,15 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
- sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+ if (xform->auth.key.length == 16) {
+ sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+ } else if (xform->auth.key.length == 32) {
+ sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
+ } else {
+ IPSEC_MB_LOG(ERR, "Invalid authentication key length\n");
+ return -EINVAL;
+ }
+
uint16_t zuc_eia3_digest_len =
get_truncated_digest_byte_length(
IMB_AUTH_ZUC_EIA3_BITLEN);
@@ -189,7 +197,8 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
sess->auth.gen_digest_len = sess->auth.req_digest_len;
- memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
+ memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
+ xform->auth.key.length);
return 0;
} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
@@ -522,13 +531,14 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
sess->cipher.key_length_in_bytes = 24;
} else if (is_zuc) {
- if (xform->cipher.key.length != 16) {
+ if (xform->cipher.key.length != 16 &&
+ xform->cipher.key.length != 32) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 16;
+ sess->cipher.key_length_in_bytes = xform->cipher.key.length;
memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
- 16);
+ xform->cipher.key.length);
} else if (is_snow3g) {
if (xform->cipher.key.length != 16) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
@@ -1150,6 +1160,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->dec_keys = &session->cipher.gcm_key;
break;
case IMB_AUTH_ZUC_EIA3_BITLEN:
+ case IMB_AUTH_ZUC256_EIA3_BITLEN:
job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
@@ -526,8 +526,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
.block_size = 16,
.key_size = {
.min = 16,
- .max = 16,
- .increment = 0
+ .max = 32,
+ .increment = 16
},
.digest_size = {
.min = 4,
@@ -536,8 +536,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
},
.iv_size = {
.min = 16,
- .max = 16,
- .increment = 0
+ .max = 25,
+ .increment = 9
}
}, }
}, }
@@ -551,13 +551,13 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
.block_size = 16,
.key_size = {
.min = 16,
- .max = 16,
- .increment = 0
+ .max = 32,
+ .increment = 16
},
.iv_size = {
.min = 16,
- .max = 16,
- .increment = 0
+ .max = 25,
+ .increment = 9
},
}, }
}, }