@@ -76,6 +76,7 @@ Hash algorithms:
AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
Asymmetric Crypto Algorithms
@@ -81,6 +81,9 @@ SHAKE_256 = Y
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
CHACHA20-POLY1305 = Y
;
@@ -82,6 +82,9 @@ SHAKE_256 = Y
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
CHACHA20-POLY1305 = Y
;
@@ -71,6 +71,7 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx,
case ROC_SE_AES_CFB:
case ROC_SE_AES_CTR:
case ROC_SE_AES_GCM:
+ case ROC_SE_AES_CCM:
case ROC_SE_AES_DOCSISBPI:
if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
return -1;
@@ -520,7 +521,7 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
zuc_const = zs_ctx->zuc.otk_ctx.zuc_const;
}
- if (type == ROC_SE_AES_GCM)
+ if ((type == ROC_SE_AES_GCM) || (type == ROC_SE_AES_CCM))
se_ctx->template_w4.s.opcode_minor = BIT(5);
ret = cpt_ciph_type_set(type, se_ctx, key_len);
@@ -569,6 +570,7 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
cpt_ciph_aes_key_type_set(fctx, key_len);
break;
case ROC_SE_AES_GCM:
+ case ROC_SE_AES_CCM:
cpt_ciph_aes_key_type_set(fctx, key_len);
break;
case ROC_SE_AES_XTS:
@@ -112,6 +112,7 @@ typedef enum {
ROC_SE_AES_GCM = 0x7,
ROC_SE_AES_XTS = 0x8,
ROC_SE_CHACHA20 = 0x9,
+ ROC_SE_AES_CCM = 0xA,
/* These are only for software use */
ROC_SE_ZUC_EEA3 = 0x90,
@@ -782,6 +782,36 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
}, }
}, }
},
+ { /* AES CCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 1
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 1024,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 11,
+ .max = 13,
+ .increment = 1
+ }
+ }, }
+ }, }
+ },
{ /* AES CMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -671,7 +671,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xfor
if (sess_priv->cpt_op & ROC_SE_OP_CIPHER_MASK) {
switch (sess_priv->roc_se_ctx.fc_type) {
case ROC_SE_FC_GEN:
- if (sess_priv->aes_gcm || sess_priv->chacha_poly)
+ if (sess_priv->aes_gcm || sess_priv->aes_ccm || sess_priv->chacha_poly)
thr_type = CPT_DP_THREAD_TYPE_FC_AEAD;
else
thr_type = CPT_DP_THREAD_TYPE_FC_CHAIN;
@@ -31,6 +31,7 @@ struct cnxk_se_sess {
uint16_t cpt_op : 4;
uint16_t zsk_flag : 4;
uint16_t aes_gcm : 1;
+ uint16_t aes_ccm : 1;
uint16_t aes_ctr : 1;
uint16_t chacha_poly : 1;
uint16_t is_null : 1;
@@ -1655,10 +1656,10 @@ static __rte_always_inline int
fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
{
struct rte_crypto_aead_xform *aead_form;
+ uint8_t aes_gcm = 0, aes_ccm = 0;
roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
roc_se_auth_type auth_type = 0; /* NULL Auth type */
uint32_t cipher_key_len = 0;
- uint8_t aes_gcm = 0;
aead_form = &xform->aead;
if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
@@ -1678,9 +1679,10 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
aes_gcm = 1;
break;
case RTE_CRYPTO_AEAD_AES_CCM:
- plt_dp_err("Crypto: Unsupported cipher algo %u",
- aead_form->algo);
- return -1;
+ enc_type = ROC_SE_AES_CCM;
+ cipher_key_len = 16;
+ aes_ccm = 1;
+ break;
case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
enc_type = ROC_SE_CHACHA20;
auth_type = ROC_SE_POLY1305;
@@ -1699,19 +1701,27 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
}
sess->zsk_flag = 0;
sess->aes_gcm = aes_gcm;
+ sess->aes_ccm = aes_ccm;
sess->mac_len = aead_form->digest_length;
sess->iv_offset = aead_form->iv.offset;
sess->iv_length = aead_form->iv.length;
sess->aad_length = aead_form->aad_length;
- switch (sess->iv_length) {
- case 12:
- sess->short_iv = 1;
- case 16:
- break;
- default:
- plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
- return -1;
+ if (aes_ccm) {
+ if ((sess->iv_length < 11) || (sess->iv_length > 13)) {
+ plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+ return -1;
+ }
+ } else {
+ switch (sess->iv_length) {
+ case 12:
+ sess->short_iv = 1;
+ case 16:
+ break;
+ default:
+ plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+ return -1;
+ }
}
if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, aead_form->key.data,
@@ -1856,6 +1866,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
sess->zsk_flag = zsk_flag;
sess->zs_cipher = zs_cipher;
sess->aes_gcm = 0;
+ sess->aes_ccm = 0;
sess->aes_ctr = aes_ctr;
sess->iv_offset = c_form->iv.offset;
sess->iv_length = c_form->iv.length;
@@ -2218,6 +2229,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
struct roc_se_fc_params fc_params;
char src[SRC_IOV_SIZE];
char dst[SRC_IOV_SIZE];
+ uint8_t ccm_iv_buf[16];
uint32_t iv_buf[4];
int ret;
@@ -2237,6 +2249,13 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
iv_buf[3] = rte_cpu_to_be_32(0x1);
fc_params.iv_buf = iv_buf;
}
+ if (sess->aes_ccm) {
+ memcpy((uint8_t *)ccm_iv_buf,
+ rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
+ sess->iv_length + 1);
+ ccm_iv_buf[0] = 14 - sess->iv_length;
+ fc_params.iv_buf = ccm_iv_buf;
+ }
}
/* Kasumi would need SG mode */
@@ -2264,7 +2283,11 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
d_offs = (d_offs - aad_len) | (d_offs << 16);
d_lens = (d_lens + aad_len) | (d_lens << 32);
} else {
- fc_params.aad_buf.vaddr = sym_op->aead.aad.data;
+ /* For AES CCM, AAD is written 18B after aad.data as per API */
+ if (sess->aes_ccm)
+ fc_params.aad_buf.vaddr = PLT_PTR_ADD(sym_op->aead.aad.data, 18);
+ else
+ fc_params.aad_buf.vaddr = sym_op->aead.aad.data;
fc_params.aad_buf.size = aad_len;
flags |= ROC_SE_VALID_AAD_BUF;
inplace = 0;