[v2,05/11] crypto/dpaa_sec: add support for AES CMAC integrity check
Checks
Commit Message
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
3 files changed, 54 insertions(+)
Comments
> From: Gagandeep Singh <g.singh@nxp.com>
>
> This patch adds support for AES_CMAC integrity in non-security mode.
> This patch modifies the camm flib to handles the AES CMAC
> without conflicting the proto ALG operations. i.e. by creating
> another ALG operation routine.
Description do not match with the patch.
Camm flib is not updated in this patch.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
> drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
> drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
> 3 files changed, 54 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini
> b/doc/guides/cryptodevs/features/dpaa_sec.ini
> index d7bc319373..6a8f77fb1d 100644
> --- a/doc/guides/cryptodevs/features/dpaa_sec.ini
> +++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
> @@ -48,6 +48,7 @@ SHA512 HMAC = Y
> SNOW3G UIA2 = Y
> ZUC EIA3 = Y
> AES XCBC MAC = Y
> +AES CMAC (128) = Y
>
> ;
> ; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
> b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index dab0ad28c0..7d3f971f3c 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -525,6 +525,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->digest_length);
> break;
> case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> shared_desc_len = cnstr_shdsc_aes_mac(
> cdb->sh_desc,
> true, swap, SHR_NEVER,
> @@ -2177,6 +2178,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev
> __rte_unused,
> session->auth_key.alg = OP_ALG_ALGSEL_AES;
> session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
> break;
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_AES;
> + session->auth_key.algmode = OP_ALG_AAI_CMAC;
> + break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> xform->auth.algo);
> @@ -2262,6 +2267,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev
> __rte_unused,
> session->auth_key.alg = OP_ALG_ALGSEL_AES;
> session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
> break;
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_AES;
> + session->auth_key.algmode = OP_ALG_AAI_CMAC;
> + break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> auth_xform->algo);
> @@ -2697,6 +2706,7 @@ dpaa_sec_ipsec_proto_init(struct
> rte_crypto_cipher_xform *cipher_xform,
> break;
> case RTE_CRYPTO_AUTH_AES_CMAC:
> session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
> + session->auth_key.algmode = OP_ALG_AAI_CMAC;
> break;
> case RTE_CRYPTO_AUTH_NULL:
> session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h
> b/drivers/crypto/dpaa_sec/dpaa_sec.h
> index 153747c87c..faa740618f 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.h
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
> @@ -738,6 +738,49 @@ static const struct rte_cryptodev_capabilities
> dpaa_sec_capabilities[] = {
> }, }
> }, }
> },
> + { /* AES CMAC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_AES_CMAC,
> + .block_size = 16,
> + .key_size = {
> + .min = 1,
> + .max = 16,
> + .increment = 1
> + },
> + .digest_size = {
> + .min = 12,
> + .max = 16,
> + .increment = 4
> + },
> + .iv_size = { 0 }
> + }, }
> + }, }
> + },
> + { /* AES XCBC HMAC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
> + .block_size = 16,
> + .key_size = {
> + .min = 1,
> + .max = 16,
> + .increment = 1
> + },
> + .digest_size = {
> + .min = 12,
> + .max = 16,
> + .increment = 4
> + },
> + .aad_size = { 0 },
> + .iv_size = { 0 }
> + }, }
> + }, }
> + },
> RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> };
>
> --
> 2.17.1
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
AES XCBC MAC = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
@@ -525,6 +525,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_CMAC:
shared_desc_len = cnstr_shdsc_aes_mac(
cdb->sh_desc,
true, swap, SHR_NEVER,
@@ -2177,6 +2178,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2262,6 +2267,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2697,6 +2706,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
@@ -738,6 +738,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};