crypto/ipsec_mb: support ZUC-256
Checks
Commit Message
Add support for ZUC-EEA3-256 and ZUC-EIA3-256
(only 4-byte tags supported for now).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
This patch depends on patchset https://patches.dpdk.org/project/dpdk/list/?series=18470
---
doc/guides/cryptodevs/aesni_mb.rst | 1 +
doc/guides/rel_notes/release_21_11.rst | 4 ++++
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 18 ++++++++++--------
3 files changed, 15 insertions(+), 8 deletions(-)
Comments
> Add support for ZUC-EEA3-256 and ZUC-EIA3-256
> (only 4-byte tags supported for now).
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>
> This patch depends on patchset
> https://patches.dpdk.org/project/dpdk/list/?series=18470
>
Hi Fan/Ciara/Pablo,
Please add this patch also to the dependent series.
So that it gets compiled in CI.
Thanks.
Hi Akhil,
Will do in V4.
Regards,
Fan
> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> Sent: Friday, October 8, 2021 8:19 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty,
> Declan <declan.doherty@intel.com>; Power, Ciara <ciara.power@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [dpdk-dev] [EXT] [PATCH] crypto/ipsec_mb: support ZUC-256
>
> > Add support for ZUC-EEA3-256 and ZUC-EIA3-256
> > (only 4-byte tags supported for now).
> >
> > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > ---
> >
> > This patch depends on patchset
> > https://patches.dpdk.org/project/dpdk/list/?series=18470
> >
> Hi Fan/Ciara/Pablo,
>
> Please add this patch also to the dependent series.
> So that it gets compiled in CI.
>
> Thanks.
@@ -77,6 +77,7 @@ Limitations
protocol.
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
DOCSIS security protocol.
+* The only tag size supported for ZUC-EIA3-256 is 4 bytes.
Installation
@@ -82,6 +82,10 @@ New Features
* Added PDCP short MAC-I support.
+* **Updated the aesni_mb crypto PMD.**
+
+ * Added support for ZUC-EEA3-256 and ZUC-EIA3-256.
+
Removed Items
-------------
@@ -526,8 +526,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
.block_size = 16,
.key_size = {
.min = 16,
- .max = 16,
- .increment = 0
+ .max = 32,
+ .increment = 16
},
.digest_size = {
.min = 4,
@@ -551,8 +551,8 @@ static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
.block_size = 16,
.key_size = {
.min = 16,
- .max = 16,
- .increment = 0
+ .max = 32,
+ .increment = 16
},
.iv_size = {
.min = 16,
@@ -1099,7 +1099,8 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
}
sess->auth.gen_digest_len = sess->auth.req_digest_len;
- memcpy(sess->auth.zuc_auth_key, xform->auth.key.data, 16);
+ memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
+ xform->auth.key.length);
return 0;
} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
@@ -1427,13 +1428,14 @@ aesni_mb_set_session_cipher_parameters(const MB_MGR *mb_mgr,
sess->cipher.key_length_in_bytes = 24;
} else if (is_zuc) {
- if (xform->cipher.key.length != 16) {
+ if (xform->cipher.key.length != 16 &&
+ xform->cipher.key.length != 32) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 16;
+ sess->cipher.key_length_in_bytes = xform->cipher.key.length;
memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
- 16);
+ xform->cipher.key.length);
} else if (is_snow3g) {
if (xform->cipher.key.length != 16) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");