diff mbox series

[v2,4/8] crypto/dpaa2_sec: support AES-GMAC

Message ID 20211228091058.3620177-5-g.singh@nxp.com (mailing list archive)
State Changes Requested, archived
Delegated to: akhil goyal
Headers
Series NXP crypto drivers changes |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Gagandeep Singh Dec. 28, 2021, 9:10 a.m. UTC 
  From: Akhil Goyal <akhil.goyal@nxp.com>

This patch supports AES_GMAC algorithm for DPAA2
driver.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 doc/guides/cryptodevs/features/dpaa2_sec.ini |  1 +
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 14 ++++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h    | 30 ++++++++++++++++++++
 lib/cryptodev/rte_crypto_sym.h               |  4 ++-
 4 files changed, 47 insertions(+), 2 deletions(-)

Comments

Akhil Goyal Jan. 21, 2022, 11:29 a.m. UTC | #1 
> From: Akhil Goyal <akhil.goyal@nxp.com>
> 
> This patch supports AES_GMAC algorithm for DPAA2
> driver.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
>  doc/guides/cryptodevs/features/dpaa2_sec.ini |  1 +
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 14 ++++++++-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h    | 30 ++++++++++++++++++++
>  lib/cryptodev/rte_crypto_sym.h               |  4 ++-
>  4 files changed, 47 insertions(+), 2 deletions(-)

This patch should be split in two - cryptodev change should be separate patch.

> diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> index daa090b978..4644fa3e25 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
>  	/**< AES algorithm in CCM mode. */
>  	RTE_CRYPTO_AEAD_AES_GCM,
>  	/**< AES algorithm in GCM mode. */
> -	RTE_CRYPTO_AEAD_CHACHA20_POLY1305
> +	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
>  	/**< Chacha20 cipher with poly1305 authenticator */
> +	RTE_CRYPTO_AEAD_AES_GMAC
> +	/**< AES algorithm in GMAC mode. */
>  };
AES-GMAC is also defined as AUTH algo. It may be removed but that would be
ABI break.
Is it not possible to use AES-GMAC as auth algo?
Gagandeep Singh Feb. 8, 2022, 2:15 p.m. UTC | #2 
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, January 21, 2022 4:59 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Cc: Akhil Goyal <akhil.goyal@nxp.com>
> Subject: RE: [EXT] [PATCH v2 4/8] crypto/dpaa2_sec: support AES-GMAC
> 
> > From: Akhil Goyal <akhil.goyal@nxp.com>
> >
> > This patch supports AES_GMAC algorithm for DPAA2
> > driver.
> >
> > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> >  doc/guides/cryptodevs/features/dpaa2_sec.ini |  1 +
> >  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 14 ++++++++-
> >  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h    | 30 ++++++++++++++++++++
> >  lib/cryptodev/rte_crypto_sym.h               |  4 ++-
> >  4 files changed, 47 insertions(+), 2 deletions(-)
> 
> This patch should be split in two - cryptodev change should be separate patch.
> 
> > diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
> > index daa090b978..4644fa3e25 100644
> > --- a/lib/cryptodev/rte_crypto_sym.h
> > +++ b/lib/cryptodev/rte_crypto_sym.h
> > @@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
> >  	/**< AES algorithm in CCM mode. */
> >  	RTE_CRYPTO_AEAD_AES_GCM,
> >  	/**< AES algorithm in GCM mode. */
> > -	RTE_CRYPTO_AEAD_CHACHA20_POLY1305
> > +	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
> >  	/**< Chacha20 cipher with poly1305 authenticator */
> > +	RTE_CRYPTO_AEAD_AES_GMAC
> > +	/**< AES algorithm in GMAC mode. */
> >  };
> AES-GMAC is also defined as AUTH algo. It may be removed but that would be
> ABI break.
> Is it not possible to use AES-GMAC as auth algo?
There are some issues in this patch. I will send it later.
diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 3d6e449ca1..dcaf64965d 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -48,6 +48,7 @@  SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
 AES XCBC MAC = Y
 ZUC EIA3     = Y
+AES GMAC     = Y
 AES CMAC (128) = Y
 
 ;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a9fda67ac3..99f5157abe 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2847,6 +2847,13 @@  dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
 		aeaddata->algmode = OP_ALG_AAI_CCM;
 		session->aead_alg = RTE_CRYPTO_AEAD_AES_CCM;
 		break;
+	case RTE_CRYPTO_AEAD_AES_GMAC:
+		/**
+		 * AES-GMAC is an AEAD algo with NULL encryption and GMAC
+		 * authentication.
+		 */
+		aeaddata->algtype = OP_PCL_IPSEC_AES_NULL_WITH_GMAC;
+		break;
 	default:
 		DPAA2_SEC_ERR("Crypto: Undefined AEAD specified %u",
 			      aead_xform->algo);
@@ -2945,6 +2952,10 @@  dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	case RTE_CRYPTO_AUTH_NULL:
 		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
 		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		DPAA2_SEC_ERR(
+			"AES_GMAC is supported as AEAD algo for IPSEC proto only");
+		return -ENOTSUP;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -2953,7 +2964,6 @@  dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_ZUC_EIA3:
@@ -3096,6 +3106,7 @@  dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		case OP_PCL_IPSEC_AES_GCM8:
 		case OP_PCL_IPSEC_AES_GCM12:
 		case OP_PCL_IPSEC_AES_GCM16:
+		case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
 			memcpy(encap_pdb.gcm.salt,
 				(uint8_t *)&(ipsec_xform->salt), 4);
 			break;
@@ -3172,6 +3183,7 @@  dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		case OP_PCL_IPSEC_AES_GCM8:
 		case OP_PCL_IPSEC_AES_GCM12:
 		case OP_PCL_IPSEC_AES_GCM16:
+		case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
 			memcpy(decap_pdb.gcm.salt,
 				(uint8_t *)&(ipsec_xform->salt), 4);
 			break;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 1756d917dd..6aa1c01e95 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -514,6 +514,36 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES GMAC (AEAD) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 0,
+					.max = 65535,
+					.increment = 1
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 16,
+					.increment = 4
+				}
+			}, }
+		}, }
+	},
 	{	/* AES XCBC HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index daa090b978..4644fa3e25 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -467,8 +467,10 @@  enum rte_crypto_aead_algorithm {
 	/**< AES algorithm in CCM mode. */
 	RTE_CRYPTO_AEAD_AES_GCM,
 	/**< AES algorithm in GCM mode. */
-	RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
 	/**< Chacha20 cipher with poly1305 authenticator */
+	RTE_CRYPTO_AEAD_AES_GMAC
+	/**< AES algorithm in GMAC mode. */
 };
 
 /** AEAD algorithm name strings */