[v1,3/3] crypto/ipsec_mb: add SM4 algorithm support

Message ID 20240906123939.2508919-3-brian.dooley@intel.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers
Series [v1,1/3] crypto/ipsec_mb: add SM3 algorithm support |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/intel-Functional success Functional PASS
ci/github-robot: build success github build: passed
ci/iol-marvell-Functional success Functional Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS

Commit Message

Dooley, Brian Sept. 6, 2024, 12:39 p.m. UTC
This patch introduces SM4 algorithm support to the AESNI_MB PMD.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 22 ++++++++++
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 47 +++++++++++++++++++++
 2 files changed, 69 insertions(+)
  

Comments

Akhil Goyal Sept. 18, 2024, 5:53 a.m. UTC | #1
> This patch introduces SM4 algorithm support to the AESNI_MB PMD.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 22 ++++++++++
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 47 +++++++++++++++++++++
>  2 files changed, 69 insertions(+)

Update corresponding .ini file for the newly added algos.
Also update release notes.


> 
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index 019867fe1c..1dbffb1337 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
>  	uint8_t is_zuc = 0;
>  	uint8_t is_snow3g = 0;
>  	uint8_t is_kasumi = 0;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +	uint8_t is_sm4 = 0;
> +#endif
> 
>  	if (xform == NULL) {
>  		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
> @@ -521,6 +524,16 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
>  		sess->iv.offset = xform->cipher.iv.offset;
>  		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
>  		return 0;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +	case RTE_CRYPTO_CIPHER_SM4_CBC:
> +		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
> +		is_sm4 = 1;
> +		break;
> +	case RTE_CRYPTO_CIPHER_SM4_ECB:
> +		sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
> +		is_sm4 = 1;
> +		break;
> +#endif
>  	default:
>  		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
>  		return -ENOTSUP;
> @@ -655,6 +668,15 @@ aesni_mb_set_session_cipher_parameters(const
> IMB_MGR *mb_mgr,
>  					&sess-
> >cipher.pKeySched_kasumi_cipher);
>  		sess->template_job.enc_keys = &sess-
> >cipher.pKeySched_kasumi_cipher;
>  		sess->template_job.dec_keys = &sess-
> >cipher.pKeySched_kasumi_cipher;
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +	} else if (is_sm4) {
> +		sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
> +		IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
> +				sess->cipher.expanded_sm4_keys.encode,
> +				sess->cipher.expanded_sm4_keys.decode);
> +		sess->template_job.enc_keys = sess-
> >cipher.expanded_sm4_keys.encode;
> +		sess->template_job.dec_keys = sess-
> >cipher.expanded_sm4_keys.decode;
> +#endif
>  	} else {
>  		if (xform->cipher.key.length != 8) {
>  			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index 24c2686952..e9d605d646 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -774,6 +774,42 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 CBC */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				}
> +			}, }
> +		}, }
> +	},
> +	{	/* SM4 ECB */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> +			{.cipher = {
> +				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0
> +				},
> +				.iv_size = { 0 }
> +			}, }
> +		}, }
> +	},
>  	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
>  };
> 
> @@ -951,6 +987,17 @@ struct __rte_cache_aligned aesni_mb_session {
>  			/* *< SNOW3G scheduled cipher key */
>  			kasumi_key_sched_t pKeySched_kasumi_cipher;
>  			/* *< KASUMI scheduled cipher key */
> +#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
> +			struct {
> +				alignas(16) uint32_t
> encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
> +				/* *< encode key */
> +				alignas(16) uint32_t
> decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
> +				/* *< decode key */
> +			} expanded_sm4_keys;
> +			/* *< Expanded SM4 keys - Original 128 bit key is
> +			 * expanded into 32 round keys, each 32 bits.
> +			 */
> +#endif
>  		};
>  	} cipher;
> 
> --
> 2.25.1
  

Patch

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..1dbffb1337 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@  aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 	uint8_t is_zuc = 0;
 	uint8_t is_snow3g = 0;
 	uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	uint8_t is_sm4 = 0;
+#endif
 
 	if (xform == NULL) {
 		sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,16 @@  aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 		sess->iv.offset = xform->cipher.iv.offset;
 		sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
 		return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	case RTE_CRYPTO_CIPHER_SM4_CBC:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+		is_sm4 = 1;
+		break;
+	case RTE_CRYPTO_CIPHER_SM4_ECB:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+		is_sm4 = 1;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
 		return -ENOTSUP;
@@ -655,6 +668,15 @@  aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 					&sess->cipher.pKeySched_kasumi_cipher);
 		sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
 		sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+	} else if (is_sm4) {
+		sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+		IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+				sess->cipher.expanded_sm4_keys.encode,
+				sess->cipher.expanded_sm4_keys.decode);
+		sess->template_job.enc_keys = sess->cipher.expanded_sm4_keys.encode;
+		sess->template_job.dec_keys = sess->cipher.expanded_sm4_keys.decode;
+#endif
 	} else {
 		if (xform->cipher.key.length != 8) {
 			IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 24c2686952..e9d605d646 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -774,6 +774,42 @@  static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 CBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SM4 ECB */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
@@ -951,6 +987,17 @@  struct __rte_cache_aligned aesni_mb_session {
 			/* *< SNOW3G scheduled cipher key */
 			kasumi_key_sched_t pKeySched_kasumi_cipher;
 			/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+			struct {
+				alignas(16) uint32_t encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< encode key */
+				alignas(16) uint32_t decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+				/* *< decode key */
+			} expanded_sm4_keys;
+			/* *< Expanded SM4 keys - Original 128 bit key is
+			 * expanded into 32 round keys, each 32 bits.
+			 */
+#endif
 		};
 	} cipher;