crypto/ipsec_mb: support all tag sizes for ZUC-EIA3-256
Checks
Commit Message
Add support for 8-byte and 16-byte tags for ZUC-EIA3-256.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 1 -
doc/guides/rel_notes/release_22_11.rst | 4 ++++
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 22 ++++++++++++++-------
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 5 +++++
4 files changed, 24 insertions(+), 8 deletions(-)
Comments
> Add support for 8-byte and 16-byte tags for ZUC-EIA3-256.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Applied to dpdk-next-crypto
Thanks.
@@ -77,7 +77,6 @@ Limitations
protocol.
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
DOCSIS security protocol.
-* The only tag size supported for ZUC-EIA3-256 is 4 bytes.
Installation
@@ -55,6 +55,10 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated the aesni_mb crypto PMD.**
+
+ * Added support for 8-byte and 16-byte tags for ZUC-EIA3-256.
+
Removed Items
-------------
@@ -192,20 +192,28 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
if (xform->auth.key.length == 16) {
sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+
+ if (sess->auth.req_digest_len != 4) {
+ IPSEC_MB_LOG(ERR, "Invalid digest size\n");
+ return -EINVAL;
+ }
} else if (xform->auth.key.length == 32) {
sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
+#if IMB_VERSION(1, 2, 0) > IMB_VERSION_NUM
+ if (sess->auth.req_digest_len != 4 &&
+ sess->auth.req_digest_len != 8 &&
+ sess->auth.req_digest_len != 16) {
+#else
+ if (sess->auth.req_digest_len != 4) {
+#endif
+ IPSEC_MB_LOG(ERR, "Invalid digest size\n");
+ return -EINVAL;
+ }
} else {
IPSEC_MB_LOG(ERR, "Invalid authentication key length\n");
return -EINVAL;
}
- uint16_t zuc_eia3_digest_len =
- get_truncated_digest_byte_length(
- IMB_AUTH_ZUC_EIA3_BITLEN);
- if (sess->auth.req_digest_len != zuc_eia3_digest_len) {
- IPSEC_MB_LOG(ERR, "Invalid digest size\n");
- return -EINVAL;
- }
sess->auth.gen_digest_len = sess->auth.req_digest_len;
memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
@@ -568,8 +568,13 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
},
.digest_size = {
.min = 4,
+#if IMB_VERSION(1, 2, 0) > IMB_VERSION_NUM
+ .max = 16,
+ .increment = 4
+#else
.max = 4,
.increment = 0
+#endif
},
.iv_size = {
.min = 16,