diff mbox series

[v3,1/2] crypto/ipsec_mb: add SM4 GCM support

Message ID	20250113171022.1649181-1-brian.dooley@intel.com (mailing list archive)
State	Superseded
Delegated to:	akhil goyal
Headers	From: Brian Dooley <brian.dooley@intel.com> To: Cc: dev@dpdk.org, gakhil@marvell.com, kai.ji@intel.com, pablo.de.lara.guarch@intel.com, Brian Dooley <brian.dooley@intel.com> Subject: [PATCH v3 1/2] crypto/ipsec_mb: add SM4 GCM support Date: Mon, 13 Jan 2025 17:10:21 +0000 Message-Id: <20250113171022.1649181-1-brian.dooley@intel.com> In-Reply-To: <20241213125850.2714328-1-brian.dooley@intel.com> References: <20241213125850.2714328-1-brian.dooley@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[v3,1/2] crypto/ipsec_mb: add SM4 GCM support \| [v3,1/2] crypto/ipsec_mb: add SM4 GCM support [v3,2/2] app/test: add SM4 GCM tests

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Brian Dooley Jan. 13, 2025, 5:10 p.m. UTC

This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD.
SM4 GCM is available in the v2.0 release of Intel IPsec MB.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
v2:
	Added aad to cpu job params
	Added ipsec mb version checks
v3:
	Fix naming for patchwork
---
 doc/guides/cryptodevs/aesni_mb.rst          |  1 +
 doc/guides/cryptodevs/features/aesni_mb.ini |  1 +
 doc/guides/cryptodevs/features/default.ini  |  2 +
 doc/guides/rel_notes/release_25_03.rst      |  4 ++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 54 ++++++++++++++++++++-
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 30 ++++++++++++
 lib/cryptodev/rte_crypto_sym.h              |  4 +-
 lib/cryptodev/rte_cryptodev.c               |  3 +-
 8 files changed, 95 insertions(+), 4 deletions(-)

Comments

Akhil Goyal Feb. 6, 2025, 12:51 p.m. UTC | #1

Hi Brian,

> This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD.
> SM4 GCM is available in the v2.0 release of Intel IPsec MB.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---
> v2:
> 	Added aad to cpu job params
> 	Added ipsec mb version checks
> v3:
> 	Fix naming for patchwork
> ---
>  doc/guides/cryptodevs/aesni_mb.rst          |  1 +
>  doc/guides/cryptodevs/features/aesni_mb.ini |  1 +
>  doc/guides/cryptodevs/features/default.ini  |  2 +
>  doc/guides/rel_notes/release_25_03.rst      |  4 ++
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 54 ++++++++++++++++++++-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 30 ++++++++++++


>  lib/cryptodev/rte_crypto_sym.h              |  4 +-
>  lib/cryptodev/rte_cryptodev.c               |  3 +-
>  8 files changed, 95 insertions(+), 4 deletions(-)
Split the cryptodev changes in a separate patch along with default.ini  update.

De Lara Guarch, Pablo Feb. 18, 2025, 10:48 a.m. UTC | #2

Hi Brian,

> -----Original Message-----
> From: Dooley, Brian <brian.dooley@intel.com>
> Sent: Monday, January 13, 2025 6:10 PM
> Cc: dev@dpdk.org; gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: [PATCH v3 1/2] crypto/ipsec_mb: add SM4 GCM support
> 
> This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD.
> SM4 GCM is available in the v2.0 release of Intel IPsec MB.
> 
> Signed-off-by: Brian Dooley <brian.dooley@intel.com>
> ---

A couple of comments below.

Thanks,
Pablo

...

> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -826,6 +826,36 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>  			}, }
>  		}, }
>  	},
> +	{	/* SM4 GCM */
> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> +		{.sym = {
> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
> +			{.aead = {
> +				.algo = RTE_CRYPTO_AEAD_SM4_GCM,
> +				.block_size = 16,
> +				.key_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0,
> +				},
> +				.digest_size = {
> +					.min = 16,
> +					.max = 16,
> +					.increment = 0,

Digest size can be 1 to 16 bytes.

> +				},
> +				.aad_size = {
> +					.min = 0,
> +					.max = 65535,
> +					.increment = 1,
> +				},
> +				.iv_size = {
> +					.min = 12,
> +					.max = 12,
> +					.increment = 0,
> +				}
> +			}, }
> +		}, }
> +	},
>  #endif
>  	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
>  };
> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> index 505356ff44..b47e52f63b 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -482,8 +482,10 @@ enum rte_crypto_aead_algorithm {
>  	/**< AES algorithm in CCM mode. */
>  	RTE_CRYPTO_AEAD_AES_GCM,
>  	/**< AES algorithm in GCM mode. */
> -	RTE_CRYPTO_AEAD_CHACHA20_POLY1305
> +	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
>  	/**< Chacha20 cipher with poly1305 authenticator */
> +	RTE_CRYPTO_AEAD_SM4_GCM
> +	/**< SM4 cipher with GCM mode */

To keep consistency, "in GCM mode".

>  };

diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 16d82147b2..8d7e221e79 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -67,6 +67,7 @@  AEAD algorithms:
 * RTE_CRYPTO_AEAD_AES_CCM
 * RTE_CRYPTO_AEAD_AES_GCM
 * RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+* RTE_CRYPTO_AEAD_SM4_GCM
 
 Protocol offloads:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index ebe00d075d..c648be62fb 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -80,6 +80,7 @@  AES GCM (128)     = Y
 AES GCM (192)     = Y
 AES GCM (256)     = Y
 CHACHA20-POLY1305 = Y
+SM4 GCM           = Y
 ;
 ; Supported Asymmetric algorithms of the 'aesni_mb' crypto driver.
 ;
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 592af48026..116ffce249 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -118,6 +118,8 @@  AES CCM (128)     =
 AES CCM (192)     =
 AES CCM (256)     =
 CHACHA20-POLY1305 =
+SM4 GCM           =
+
 ;
 ; Supported Asymmetric algorithms of a default crypto driver.
 ;
diff --git a/doc/guides/rel_notes/release_25_03.rst b/doc/guides/rel_notes/release_25_03.rst
index 426dfcd982..6f2b0bb5cb 100644
--- a/doc/guides/rel_notes/release_25_03.rst
+++ b/doc/guides/rel_notes/release_25_03.rst
@@ -55,6 +55,10 @@  New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+**Updated IPsec_MB crypto driver.**
+
+   * Added support for the SM4 GCM algorithm.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 05dc1a039f..8b54e4a602 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -20,7 +20,11 @@  is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
 {
 	return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
 		hash_alg == IMB_AUTH_AES_CCM ||
-		cipher_mode == IMB_CIPHER_GCM);
+		cipher_mode == IMB_CIPHER_GCM
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+		|| cipher_mode == IMB_CIPHER_SM4_GCM
+#endif
+		);
 }
 
 /** Set session authentication parameters */
@@ -602,7 +606,7 @@  aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 }
 
 static int
-aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_aead_parameters(IMB_MGR *mb_mgr,
 		struct aesni_mb_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
@@ -720,6 +724,22 @@  aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 		break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+		case RTE_CRYPTO_AEAD_SM4_GCM:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_GCM;
+		sess->template_job.hash_alg = IMB_AUTH_SM4_GCM;
+		sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length;
+
+		if (xform->aead.key.length != 16) {
+			IPSEC_MB_LOG(ERR, "Invalid key length");
+			return -EINVAL;
+		}
+		sess->template_job.key_len_in_bytes = 16;
+		imb_sm4_gcm_pre(mb_mgr, xform->aead.key.data, &sess->cipher.gcm_key);
+		sess->template_job.enc_keys = &sess->cipher.gcm_key;
+		sess->template_job.dec_keys = &sess->cipher.gcm_key;
+		break;
+#endif
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported aead mode parameter");
 		return -ENOTSUP;
@@ -1037,6 +1057,13 @@  set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = aad->va;
 		break;
+
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+	case IMB_AUTH_SM4_GCM:
+		job->u.GCM.aad = aad->va;
+		break;
+#endif
+
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad =
 				session->auth.pads.inner;
@@ -1559,6 +1586,11 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			imb_set_session(mb_mgr, job);
 		}
 		break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+	case IMB_AUTH_SM4_GCM:
+		job->u.GCM.aad = op->sym->aead.aad.data;
+		break;
+#endif
 	default:
 		break;
 	}
@@ -1687,6 +1719,19 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->iv.offset);
 		break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+	case IMB_AUTH_SM4_GCM:
+		job->hash_start_src_offset_in_bytes = 0;
+		/*
+		 * Adding offset here as there is a bug in the ipsec mb library
+		 */
+		job->src += op->sym->aead.data.offset;
+		job->msg_len_to_hash_in_bytes =
+					op->sym->aead.data.length;
+		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+				session->iv.offset);
+		break;
+#endif
 
 	default:
 		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
@@ -1732,6 +1777,11 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->msg_len_to_cipher_in_bytes = 0;
 		job->cipher_start_src_offset_in_bytes = 0;
 		break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+	case IMB_CIPHER_SM4_GCM:
+		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+		break;
+#endif
 	default:
 		job->cipher_start_src_offset_in_bytes =
 					op->sym->cipher.data.offset;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 468a1f35eb..bdb9ad815b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -826,6 +826,36 @@  static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_SM4_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0,
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0,
+				},
+				.aad_size = {
+					.min = 0,
+					.max = 65535,
+					.increment = 1,
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0,
+				}
+			}, }
+		}, }
+	},
 #endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 505356ff44..b47e52f63b 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -482,8 +482,10 @@  enum rte_crypto_aead_algorithm {
 	/**< AES algorithm in CCM mode. */
 	RTE_CRYPTO_AEAD_AES_GCM,
 	/**< AES algorithm in GCM mode. */
-	RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
 	/**< Chacha20 cipher with poly1305 authenticator */
+	RTE_CRYPTO_AEAD_SM4_GCM
+	/**< SM4 cipher with GCM mode */
 };
 
 /** Symmetric AEAD Operations */
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index a49b0662f3..7b5236ad41 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -168,7 +168,8 @@  static const char *
 crypto_aead_algorithm_strings[] = {
 	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
-	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305"
+	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305",
+	[RTE_CRYPTO_AEAD_SM4_GCM]   = "sm4-gcm"
 };