[v2,4/8] crypto/dpaa2_sec: support AES-GMAC
Checks
Commit Message
From: Akhil Goyal <akhil.goyal@nxp.com>
This patch supports AES_GMAC algorithm for DPAA2
driver.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 +
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 14 ++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 30 ++++++++++++++++++++
lib/cryptodev/rte_crypto_sym.h | 4 ++-
4 files changed, 47 insertions(+), 2 deletions(-)
Comments
> From: Akhil Goyal <akhil.goyal@nxp.com>
>
> This patch supports AES_GMAC algorithm for DPAA2
> driver.
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 +
> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 14 ++++++++-
> drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 30 ++++++++++++++++++++
> lib/cryptodev/rte_crypto_sym.h | 4 ++-
> 4 files changed, 47 insertions(+), 2 deletions(-)
This patch should be split in two - cryptodev change should be separate patch.
> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> index daa090b978..4644fa3e25 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
> /**< AES algorithm in CCM mode. */
> RTE_CRYPTO_AEAD_AES_GCM,
> /**< AES algorithm in GCM mode. */
> - RTE_CRYPTO_AEAD_CHACHA20_POLY1305
> + RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
> /**< Chacha20 cipher with poly1305 authenticator */
> + RTE_CRYPTO_AEAD_AES_GMAC
> + /**< AES algorithm in GMAC mode. */
> };
AES-GMAC is also defined as AUTH algo. It may be removed but that would be
ABI break.
Is it not possible to use AES-GMAC as auth algo?
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, January 21, 2022 4:59 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Cc: Akhil Goyal <akhil.goyal@nxp.com>
> Subject: RE: [EXT] [PATCH v2 4/8] crypto/dpaa2_sec: support AES-GMAC
>
> > From: Akhil Goyal <akhil.goyal@nxp.com>
> >
> > This patch supports AES_GMAC algorithm for DPAA2
> > driver.
> >
> > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 +
> > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 14 ++++++++-
> > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 30 ++++++++++++++++++++
> > lib/cryptodev/rte_crypto_sym.h | 4 ++-
> > 4 files changed, 47 insertions(+), 2 deletions(-)
>
> This patch should be split in two - cryptodev change should be separate patch.
>
> > diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> > index daa090b978..4644fa3e25 100644
> > --- a/lib/cryptodev/rte_crypto_sym.h
> > +++ b/lib/cryptodev/rte_crypto_sym.h
> > @@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
> > /**< AES algorithm in CCM mode. */
> > RTE_CRYPTO_AEAD_AES_GCM,
> > /**< AES algorithm in GCM mode. */
> > - RTE_CRYPTO_AEAD_CHACHA20_POLY1305
> > + RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
> > /**< Chacha20 cipher with poly1305 authenticator */
> > + RTE_CRYPTO_AEAD_AES_GMAC
> > + /**< AES algorithm in GMAC mode. */
> > };
> AES-GMAC is also defined as AUTH algo. It may be removed but that would be
> ABI break.
> Is it not possible to use AES-GMAC as auth algo?
There are some issues in this patch. I will send it later.
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
AES XCBC MAC = Y
ZUC EIA3 = Y
+AES GMAC = Y
AES CMAC (128) = Y
;
@@ -2847,6 +2847,13 @@ dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
aeaddata->algmode = OP_ALG_AAI_CCM;
session->aead_alg = RTE_CRYPTO_AEAD_AES_CCM;
break;
+ case RTE_CRYPTO_AEAD_AES_GMAC:
+ /**
+ * AES-GMAC is an AEAD algo with NULL encryption and GMAC
+ * authentication.
+ */
+ aeaddata->algtype = OP_PCL_IPSEC_AES_NULL_WITH_GMAC;
+ break;
default:
DPAA2_SEC_ERR("Crypto: Undefined AEAD specified %u",
aead_xform->algo);
@@ -2945,6 +2952,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
+ DPAA2_SEC_ERR(
+ "AES_GMAC is supported as AEAD algo for IPSEC proto only");
+ return -ENOTSUP;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
@@ -2953,7 +2964,6 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_ZUC_EIA3:
@@ -3096,6 +3106,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
+ case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
memcpy(encap_pdb.gcm.salt,
(uint8_t *)&(ipsec_xform->salt), 4);
break;
@@ -3172,6 +3183,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
+ case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
memcpy(decap_pdb.gcm.salt,
(uint8_t *)&(ipsec_xform->salt), 4);
break;
@@ -514,6 +514,36 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES GMAC (AEAD) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ }
+ }, }
+ }, }
+ },
{ /* AES XCBC HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
/**< AES algorithm in CCM mode. */
RTE_CRYPTO_AEAD_AES_GCM,
/**< AES algorithm in GCM mode. */
- RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+ RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
/**< Chacha20 cipher with poly1305 authenticator */
+ RTE_CRYPTO_AEAD_AES_GMAC
+ /**< AES algorithm in GMAC mode. */
};
/** AEAD algorithm name strings */