@@ -61,6 +61,7 @@ Hash algorithms:
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
AEAD algorithms:
@@ -41,23 +41,26 @@ ZUC EEA3 = Y
; Supported authentication algorithms of 'cn10k' crypto driver.
;
[Auth]
-NULL = Y
-AES GMAC = Y
-KASUMI F9 = Y
-MD5 = Y
-MD5 HMAC = Y
-SHA1 = Y
-SHA1 HMAC = Y
-SHA224 = Y
-SHA224 HMAC = Y
-SHA256 = Y
-SHA256 HMAC = Y
-SHA384 = Y
-SHA384 HMAC = Y
-SHA512 = Y
-SHA512 HMAC = Y
-SNOW3G UIA2 = Y
-ZUC EIA3 = Y
+NULL = Y
+AES GMAC = Y
+KASUMI F9 = Y
+MD5 = Y
+MD5 HMAC = Y
+SHA1 = Y
+SHA1 HMAC = Y
+SHA224 = Y
+SHA224 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+SNOW3G UIA2 = Y
+ZUC EIA3 = Y
+AES CMAC (128) = Y
+AES CMAC (192) = Y
+AES CMAC (256) = Y
;
; Supported AEAD algorithms of 'cn10k' crypto driver.
@@ -40,23 +40,26 @@ ZUC EEA3 = Y
; Supported authentication algorithms of 'cn9k' crypto driver.
;
[Auth]
-NULL = Y
-AES GMAC = Y
-KASUMI F9 = Y
-MD5 = Y
-MD5 HMAC = Y
-SHA1 = Y
-SHA1 HMAC = Y
-SHA224 = Y
-SHA224 HMAC = Y
-SHA256 = Y
-SHA256 HMAC = Y
-SHA384 = Y
-SHA384 HMAC = Y
-SHA512 = Y
-SHA512 HMAC = Y
-SNOW3G UIA2 = Y
-ZUC EIA3 = Y
+NULL = Y
+AES GMAC = Y
+KASUMI F9 = Y
+MD5 = Y
+MD5 HMAC = Y
+SHA1 = Y
+SHA1 HMAC = Y
+SHA224 = Y
+SHA224 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+SNOW3G UIA2 = Y
+ZUC EIA3 = Y
+AES CMAC (128) = Y
+AES CMAC (192) = Y
+AES CMAC (256) = Y
;
; Supported AEAD algorithms of 'cn9k' crypto driver.
@@ -63,6 +63,7 @@ New Features
* Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added AES-CMAC support in CN9K & CN10K.
Removed Items
@@ -11,10 +11,10 @@
#define ROC_SE_FC_MINOR_OP_DECRYPT 0x1
#define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10
-#define ROC_SE_MAJOR_OP_HASH 0x34
-#define ROC_SE_MAJOR_OP_HMAC 0x35
-#define ROC_SE_MAJOR_OP_ZUC_SNOW3G 0x37
-#define ROC_SE_MAJOR_OP_KASUMI 0x38
+#define ROC_SE_MAJOR_OP_HASH 0x34
+#define ROC_SE_MAJOR_OP_HMAC 0x35
+#define ROC_SE_MAJOR_OP_PDCP 0x37
+#define ROC_SE_MAJOR_OP_KASUMI 0x38
#define ROC_SE_MAJOR_OP_MISC 0x01
#define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03
@@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 4,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
};
static const struct rte_cryptodev_capabilities caps_kasumi[] = {
@@ -73,11 +73,15 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
for (j = 0; j < 4; j++)
iv_temp[j] = iv_s_temp[3 - j];
memcpy(iv_d, iv_temp, 16);
- } else {
+ } else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) {
/* ZUC doesn't need a swap */
memcpy(iv_d, iv_s, 16);
if (pack_iv)
cpt_pack_iv(iv_s, iv_d);
+ } else {
+ /* AES-CMAC EIA2, microcode expects 16B zeroized IV */
+ for (j = 0; j < 4; j++)
+ iv_d[j] = 0;
}
}
@@ -992,8 +996,8 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
}
static __rte_always_inline int
-cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
- struct roc_se_fc_params *params, struct cpt_inst_s *inst)
+cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
+ struct roc_se_fc_params *params, struct cpt_inst_s *inst)
{
uint32_t size;
int32_t inputlen, outputlen;
@@ -1014,33 +1018,43 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
mac_len = se_ctx->mac_len;
pdcp_alg_type = se_ctx->pdcp_alg_type;
- cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_ZUC_SNOW3G;
-
+ cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;
cpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;
if (flags == 0x1) {
iv_s = params->auth_iv_buf;
- iv_len = params->auth_iv_len;
-
- if (iv_len == 25) {
- iv_len -= 2;
- pack_iv = 1;
- }
/*
* Microcode expects offsets in bytes
* TODO: Rounding off
*/
auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
-
- /* EIA3 or UIA2 */
auth_offset = ROC_SE_AUTH_OFFSET(d_offs);
- auth_offset = auth_offset / 8;
- /* consider iv len */
- auth_offset += iv_len;
+ if (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) {
+ iv_len = params->auth_iv_len;
+
+ if (iv_len == 25) {
+ iv_len -= 2;
+ pack_iv = 1;
+ }
+
+ auth_offset = auth_offset / 8;
+
+ /* consider iv len */
+ auth_offset += iv_len;
+
+ inputlen =
+ auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
+ } else {
+ iv_len = 16;
+
+ /* consider iv len */
+ auth_offset += iv_len;
+
+ inputlen = auth_offset + auth_data_len;
+ }
- inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
outputlen = mac_len;
offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset);
@@ -1056,7 +1070,6 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
pack_iv = 1;
}
- /* EEA3 or UEA2 */
/*
* Microcode expects offsets in bytes
* TODO: Rounding off
@@ -1589,8 +1602,7 @@ cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
if (likely(fc_type == ROC_SE_FC_GEN)) {
ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
} else if (fc_type == ROC_SE_PDCP) {
- ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
- inst);
+ ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
} else if (fc_type == ROC_SE_KASUMI) {
ret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst);
}
@@ -1618,8 +1630,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
if (likely(fc_type == ROC_SE_FC_GEN)) {
ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, fc_params, inst);
} else if (fc_type == ROC_SE_PDCP) {
- ret = cpt_zuc_snow3g_prep(flags, d_offs, d_lens, fc_params,
- inst);
+ ret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);
} else if (fc_type == ROC_SE_KASUMI) {
ret = cpt_kasumi_enc_prep(flags, d_offs, d_lens, fc_params,
inst);
@@ -1883,8 +1894,11 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
auth_type = 0;
is_null = 1;
break;
- case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
case RTE_CRYPTO_AUTH_AES_CMAC:
+ auth_type = ROC_SE_AES_CMAC_EIA2;
+ zsk_flag = ROC_SE_ZS_IA;
+ break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
return -1;