diff mbox series

[v1,1/2] crypto/ipsec_mb: add SM4 GCM support

Message ID 20241213125850.2714328-1-brian.dooley@intel.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers
Series [v1,1/2] crypto/ipsec_mb: add SM4 GCM support |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Brian Dooley Dec. 13, 2024, 12:58 p.m. UTC 
This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD.
SM4 GCM is available in the v2.0 release of Intel IPsec MB.

Signed-off-by: Brian Dooley <brian.dooley@intel.com>
---
 doc/guides/cryptodevs/aesni_mb.rst          |  1 +
 doc/guides/cryptodevs/features/aesni_mb.ini |  1 +
 doc/guides/cryptodevs/features/default.ini  |  2 ++
 doc/guides/rel_notes/release_25_03.rst      |  4 +++
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c      | 37 +++++++++++++++++++--
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 30 +++++++++++++++++
 lib/cryptodev/rte_crypto_sym.h              |  4 ++-
 lib/cryptodev/rte_cryptodev.c               |  3 +-
 8 files changed, 78 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index 16d82147b2..8d7e221e79 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -67,6 +67,7 @@  AEAD algorithms:
 * RTE_CRYPTO_AEAD_AES_CCM
 * RTE_CRYPTO_AEAD_AES_GCM
 * RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+* RTE_CRYPTO_AEAD_SM4_GCM
 
 Protocol offloads:
 
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index ebe00d075d..c648be62fb 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -80,6 +80,7 @@  AES GCM (128)     = Y
 AES GCM (192)     = Y
 AES GCM (256)     = Y
 CHACHA20-POLY1305 = Y
+SM4 GCM           = Y
 ;
 ; Supported Asymmetric algorithms of the 'aesni_mb' crypto driver.
 ;
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 592af48026..116ffce249 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -118,6 +118,8 @@  AES CCM (128)     =
 AES CCM (192)     =
 AES CCM (256)     =
 CHACHA20-POLY1305 =
+SM4 GCM           =
+
 ;
 ; Supported Asymmetric algorithms of a default crypto driver.
 ;
diff --git a/doc/guides/rel_notes/release_25_03.rst b/doc/guides/rel_notes/release_25_03.rst
index 426dfcd982..6f2b0bb5cb 100644
--- a/doc/guides/rel_notes/release_25_03.rst
+++ b/doc/guides/rel_notes/release_25_03.rst
@@ -55,6 +55,10 @@  New Features
      Also, make sure to start the actual text at the margin.
      =======================================================
 
+**Updated IPsec_MB crypto driver.**
+
+   * Added support for the SM4 GCM algorithm.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 05dc1a039f..1bb47fb5ad 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -20,7 +20,8 @@  is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
 {
 	return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
 		hash_alg == IMB_AUTH_AES_CCM ||
-		cipher_mode == IMB_CIPHER_GCM);
+		cipher_mode == IMB_CIPHER_GCM ||
+		cipher_mode == IMB_CIPHER_SM4_GCM);
 }
 
 /** Set session authentication parameters */
@@ -602,7 +603,7 @@  aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
 }
 
 static int
-aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_aead_parameters(IMB_MGR *mb_mgr,
 		struct aesni_mb_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
@@ -720,6 +721,21 @@  aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 		break;
+
+	case RTE_CRYPTO_AEAD_SM4_GCM:
+		sess->template_job.cipher_mode = IMB_CIPHER_SM4_GCM;
+		sess->template_job.hash_alg = IMB_AUTH_SM4_GCM;
+		sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length;
+
+		if (xform->aead.key.length != 16) {
+			IPSEC_MB_LOG(ERR, "Invalid key length");
+			return -EINVAL;
+		}
+		sess->template_job.key_len_in_bytes = 16;
+		imb_sm4_gcm_pre(mb_mgr, xform->aead.key.data, &sess->cipher.gcm_key);
+		sess->template_job.enc_keys = &sess->cipher.gcm_key;
+		sess->template_job.dec_keys = &sess->cipher.gcm_key;
+		break;
 	default:
 		IPSEC_MB_LOG(ERR, "Unsupported aead mode parameter");
 		return -ENOTSUP;
@@ -1559,6 +1575,9 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			imb_set_session(mb_mgr, job);
 		}
 		break;
+	case IMB_AUTH_SM4_GCM:
+		job->u.GCM.aad = op->sym->aead.aad.data;
+		break;
 	default:
 		break;
 	}
@@ -1687,6 +1706,17 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->iv.offset);
 		break;
+	case IMB_AUTH_SM4_GCM:
+		job->hash_start_src_offset_in_bytes = 0;
+		/*
+		 * Adding offset here as there is a bug in the ipsec mb library
+		 */
+		job->src += op->sym->aead.data.offset;
+		job->msg_len_to_hash_in_bytes =
+					op->sym->aead.data.length;
+		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+				session->iv.offset);
+		break;
 
 	default:
 		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
@@ -1732,6 +1762,9 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->msg_len_to_cipher_in_bytes = 0;
 		job->cipher_start_src_offset_in_bytes = 0;
 		break;
+	case IMB_CIPHER_SM4_GCM:
+		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+		break;
 	default:
 		job->cipher_start_src_offset_in_bytes =
 					op->sym->cipher.data.offset;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 468a1f35eb..bdb9ad815b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -826,6 +826,36 @@  static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SM4 GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_SM4_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0,
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0,
+				},
+				.aad_size = {
+					.min = 0,
+					.max = 65535,
+					.increment = 1,
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0,
+				}
+			}, }
+		}, }
+	},
 #endif
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 505356ff44..b47e52f63b 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -482,8 +482,10 @@  enum rte_crypto_aead_algorithm {
 	/**< AES algorithm in CCM mode. */
 	RTE_CRYPTO_AEAD_AES_GCM,
 	/**< AES algorithm in GCM mode. */
-	RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+	RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
 	/**< Chacha20 cipher with poly1305 authenticator */
+	RTE_CRYPTO_AEAD_SM4_GCM
+	/**< SM4 cipher with GCM mode */
 };
 
 /** Symmetric AEAD Operations */
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 85a4b46ac9..f6fc949785 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -168,7 +168,8 @@  static const char *
 crypto_aead_algorithm_strings[] = {
 	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
 	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
-	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305"
+	[RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305",
+	[RTE_CRYPTO_AEAD_SM4_GCM]   = "sm4-gcm"
 };