[dpdk-dev] [PATCH v2 6/8] crypto/bcmfs: add session handling and capabilities
Vikas Gupta
vikas.gupta at broadcom.com
Tue Sep 29 13:12:56 CEST 2020
Hi Akhil,
On Tue, Sep 29, 2020 at 1:16 AM Akhil Goyal <akhil.goyal at nxp.com> wrote:
>
> Hi Vikas,
>
> > diff --git a/doc/guides/cryptodevs/features/bcmfs.ini
> > b/doc/guides/cryptodevs/features/bcmfs.ini
> > new file mode 100644
> > index 000000000..82d2c639d
> > --- /dev/null
> > +++ b/doc/guides/cryptodevs/features/bcmfs.ini
> > @@ -0,0 +1,56 @@
> > +;
> > +; Supported features of the 'bcmfs' crypto driver.
> > +;
> > +; Refer to default.ini for the full list of available PMD features.
> > +;
> > +[Features]
> > +Symmetric crypto = Y
> > +Sym operation chaining = Y
> > +HW Accelerated = Y
> > +Protocol offload = Y
> > +In Place SGL = Y
> > +
> > +;
> > +; Supported crypto algorithms of the 'bcmfs' crypto driver.
> > +;
> > +[Cipher]
> > +AES CBC (128) = Y
> > +AES CBC (192) = Y
> > +AES CBC (256) = Y
> > +AES CTR (128) = Y
> > +AES CTR (192) = Y
> > +AES CTR (256) = Y
> > +AES XTS (128) = Y
> > +AES XTS (256) = Y
> > +3DES CBC = Y
> > +DES CBC = Y
> > +;
> > +; Supported authentication algorithms of the 'bcmfs' crypto driver.
> > +;
> > +[Auth]
> > +MD5 HMAC = Y
> > +SHA1 = Y
> > +SHA1 HMAC = Y
> > +SHA224 = Y
> > +SHA224 HMAC = Y
> > +SHA256 = Y
> > +SHA256 HMAC = Y
> > +SHA384 = Y
> > +SHA384 HMAC = Y
> > +SHA512 = Y
> > +SHA512 HMAC = Y
> > +AES GMAC = Y
> > +AES CMAC (128) = Y
> > +AES CBC = Y
>
> AES CBC is not an auth algo
> You should use AES CBC MAC
> Please use the same notation as there in default.ini
> Check for all the names.
Will fix it.
>
> > +AES XCBC = Y
> > +
> > +;
> > +; Supported AEAD algorithms of the 'bcmfs' crypto driver.
> > +;
> > +[AEAD]
> > +AES GCM (128) = Y
> > +AES GCM (192) = Y
> > +AES GCM (256) = Y
> > +AES CCM (128) = Y
> > +AES CCM (192) = Y
> > +AES CCM (256) = Y
>
> // snip//
>
> > + {
> > + /* SHA1 HMAC */
> > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > + {.sym = {
> > + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> > + {.auth = {
> > + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
> > + .block_size = 64,
> > + .key_size = {
> > + .min = 1,
> > + .max = 64,
> > + .increment = 0
>
> Increment should be 1 for all HMAC cases.
I`ll go through all the list again. Thanks for catching.
>
> > + },
> > + .digest_size = {
> > + .min = 20,
> > + .max = 20,
> > + .increment = 0
> > + },
> > + .aad_size = { 0 }
> > + }, }
> > + }, }
> > + },
>
> //snipp//
>
> > + {
> > + /* AES CMAC */
> > + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> > + {.sym = {
> > + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> > + {.auth = {
> > + .algo = RTE_CRYPTO_AUTH_AES_CMAC,
> > + .block_size = 16,
> > + .key_size = {
> > + .min = 1,
> > + .max = 16,
> > + .increment = 0
>
> Do you only support key sizes of 1 and 16? I see increment =0 in many cases.
Will review the list and fix it accordingly.
>
> > + },
> > + .digest_size = {
> > + .min = 16,
> > + .max = 16,
> > + .increment = 0
> > + },
> > + .aad_size = { 0 }
> > + }, }
> > + }, }
> > + },
> > + {
>
> //snip//
>
>
> > +
> > +const struct rte_cryptodev_capabilities *
> > +bcmfs_sym_get_capabilities(void)
> > +{
> > + return bcmfs_sym_capabilities;
> > +}
> > diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
> > b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
> > new file mode 100644
> > index 000000000..3ff61b7d2
> > --- /dev/null
> > +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
> > @@ -0,0 +1,16 @@
> > +/* SPDX-License-Identifier: BSD-3-Clause
> > + * Copyright(c) 2020 Broadcom
> > + * All rights reserved.
> > + */
> > +
> > +#ifndef _BCMFS_SYM_CAPABILITIES_H_
> > +#define _BCMFS_SYM_CAPABILITIES_H_
> > +
> > +/*
> > + * Get capabilities list for the device
> > + *
> > + */
> > +const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void);
> > +
> > +#endif /* _BCMFS_SYM_CAPABILITIES_H__ */
> > +
> > diff --git a/drivers/crypto/bcmfs/bcmfs_sym_defs.h
> > b/drivers/crypto/bcmfs/bcmfs_sym_defs.h
> > new file mode 100644
> > index 000000000..d94446d35
> > --- /dev/null
> > +++ b/drivers/crypto/bcmfs/bcmfs_sym_defs.h
> > @@ -0,0 +1,170 @@
> > +/* SPDX-License-Identifier: BSD-3-Clause
> > + * Copyright(c) 2020 Broadcom
> > + * All rights reserved.
> > + */
> > +
> > +#ifndef _BCMFS_SYM_DEFS_H_
> > +#define _BCMFS_SYM_DEFS_H_
> > +
> > +/*
> > + * Max block size of hash algorithm
> > + * currently SHA3 supports max block size
> > + * of 144 bytes
> > + */
> > +#define BCMFS_MAX_KEY_SIZE 144
> > +#define BCMFS_MAX_IV_SIZE 16
> > +#define BCMFS_MAX_DIGEST_SIZE 64
> > +
> > +/** Symmetric Cipher Direction */
> > +enum bcmfs_crypto_cipher_op {
> > + /** Encrypt cipher operation */
> > + BCMFS_CRYPTO_CIPHER_OP_ENCRYPT,
> > +
> > + /** Decrypt cipher operation */
> > + BCMFS_CRYPTO_CIPHER_OP_DECRYPT,
> > +};
> > +
>
> Why are these enums needed, Aren't these replica of rte_sym_crypto.h
>
> Are these enum values getting filled in some HW desc/registers. If so, then
> Probably move it to the hw folder.
We`ll review this and place/modify macros accordingly.
>
> > +/** Symmetric Cipher Algorithms */
> > +enum bcmfs_crypto_cipher_algorithm {
> > + /** NULL cipher algorithm. No mode applies to the NULL algorithm. */
> > + BCMFS_CRYPTO_CIPHER_NONE = 0,
> > +
> > + /** Triple DES algorithm in CBC mode */
> > + BCMFS_CRYPTO_CIPHER_DES_CBC,
> > +
> > + /** Triple DES algorithm in ECB mode */
> > + BCMFS_CRYPTO_CIPHER_DES_ECB,
> > +
> > + /** Triple DES algorithm in CBC mode */
> > + BCMFS_CRYPTO_CIPHER_3DES_CBC,
> > +
> > + /** Triple DES algorithm in ECB mode */
> > + BCMFS_CRYPTO_CIPHER_3DES_ECB,
> > +
> > + /** AES algorithm in CBC mode */
> > + BCMFS_CRYPTO_CIPHER_AES_CBC,
> > +
> > + /** AES algorithm in CCM mode. */
> > + BCMFS_CRYPTO_CIPHER_AES_CCM,
> > +
> > + /** AES algorithm in Counter mode */
> > + BCMFS_CRYPTO_CIPHER_AES_CTR,
> > +
> > + /** AES algorithm in ECB mode */
> > + BCMFS_CRYPTO_CIPHER_AES_ECB,
> > +
> > + /** AES algorithm in GCM mode. */
> > + BCMFS_CRYPTO_CIPHER_AES_GCM,
> > +
> > + /** AES algorithm in XTS mode */
> > + BCMFS_CRYPTO_CIPHER_AES_XTS,
> > +
> > + /** AES algorithm in OFB mode */
> > + BCMFS_CRYPTO_CIPHER_AES_OFB,
> > +};
> > +
Thanks,
Vikas
More information about the dev
mailing list