@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
AES XCBC MAC = Y
ZUC EIA3 = Y
+AES GMAC = Y
AES CMAC (128) = Y
;
@@ -2847,6 +2847,13 @@ dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
aeaddata->algmode = OP_ALG_AAI_CCM;
session->aead_alg = RTE_CRYPTO_AEAD_AES_CCM;
break;
+ case RTE_CRYPTO_AEAD_AES_GMAC:
+ /**
+ * AES-GMAC is an AEAD algo with NULL encryption and GMAC
+ * authentication.
+ */
+ aeaddata->algtype = OP_PCL_IPSEC_AES_NULL_WITH_GMAC;
+ break;
default:
DPAA2_SEC_ERR("Crypto: Undefined AEAD specified %u",
aead_xform->algo);
@@ -2945,6 +2952,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
+ DPAA2_SEC_ERR(
+ "AES_GMAC is supported as AEAD algo for IPSEC proto only");
+ return -ENOTSUP;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
@@ -2953,7 +2964,6 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_ZUC_EIA3:
@@ -3096,6 +3106,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
+ case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
memcpy(encap_pdb.gcm.salt,
(uint8_t *)&(ipsec_xform->salt), 4);
break;
@@ -3172,6 +3183,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
+ case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
memcpy(decap_pdb.gcm.salt,
(uint8_t *)&(ipsec_xform->salt), 4);
break;
@@ -514,6 +514,36 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES GMAC (AEAD) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ }
+ }, }
+ }, }
+ },
{ /* AES XCBC HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
/**< AES algorithm in CCM mode. */
RTE_CRYPTO_AEAD_AES_GCM,
/**< AES algorithm in GCM mode. */
- RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+ RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
/**< Chacha20 cipher with poly1305 authenticator */
+ RTE_CRYPTO_AEAD_AES_GMAC
+ /**< AES algorithm in GMAC mode. */
};
/** AEAD algorithm name strings */