@@ -122,6 +122,7 @@ Hash algorithms:
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
AEAD algorithms:
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
AES XCBC MAC = Y
ZUC EIA3 = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver.
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019-2020 NXP
+ * Copyright 2016,2019-2021 NXP
*
*/
@@ -435,13 +435,17 @@ cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
INLINE_KEY(authdata));
/* Do operation */
- ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
+ ALG_OPERATION(p, authdata->algtype, authdata->algmode,
OP_ALG_AS_INITFINAL, opicv, dir);
pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
SET_LABEL(p, keyjmp);
- ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+ if (authdata->algmode == OP_ALG_AAI_HMAC)
+ ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+ OP_ALG_AS_INITFINAL, opicv, dir);
+ else
+ ALG_OPERATION(p, authdata->algtype, authdata->algmode,
OP_ALG_AS_INITFINAL, opicv, dir);
SET_LABEL(p, jmpprecomp);
@@ -874,7 +878,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
}
/**
- * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * cnstr_shdsc_aes_xx_mac - AES_XCBC_MAC, CMAC cases
* @descbuf: pointer to descriptor-under-construction buffer
* @ps: if 36/40bit addressing is desired, this parameter must be true
* @swap: must be true when core endianness doesn't match SEC endianness
@@ -892,7 +896,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
* Return: size of descriptor written in words or negative number on error
*/
static inline int
-cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+cnstr_shdsc_aes_xx_mac(uint32_t *descbuf, bool ps, bool swap,
enum rta_share_type share,
struct alginfo *authdata, uint8_t do_icv,
uint8_t trunc_len)
@@ -921,7 +925,7 @@ cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
/* Do operation */
- ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+ ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode,
OP_ALG_AS_INITFINAL, opicv, dir);
/* Do load (variable length) */
@@ -485,6 +485,9 @@ rta_get_sec_era(void)
#define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \
rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc)
+#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \
+ rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc)
+
/**
* PROTOCOL - Configures PROTOCOL OPERATION command
* @program: pointer to struct program
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2021 NXP
*/
#ifndef __RTA_OPERATION_CMD_H__
@@ -328,6 +328,107 @@ rta_operation(struct program *program, uint32_t cipher_algo,
return ret;
}
+/* For non-proto offload CMAC, GMAC etc cases */
+static inline int
+rta_operation2(struct program *program, uint32_t cipher_algo,
+ uint16_t aai, uint8_t algo_state,
+ int icv_checking, int enc)
+{
+ uint32_t opcode = CMD_OPERATION;
+ unsigned int i, found = 0;
+ unsigned int start_pc = program->current_pc;
+ int ret;
+
+ for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
+ if (alg_table[i].chipher_algo == cipher_algo) {
+ if ((aai == OP_ALG_AAI_XCBC_MAC) ||
+ (aai == OP_ALG_AAI_CBC_XCBCMAC) ||
+ (aai == OP_ALG_AAI_GCM) ||
+ (aai == OP_ALG_AAI_CMAC) ||
+ (aai == OP_ALG_AAI_CBC_CMAC))
+ opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+ else
+ opcode |= cipher_algo | alg_table[i].class;
+ /* nothing else to verify */
+ if (alg_table[i].aai_func == NULL) {
+ found = 1;
+ break;
+ }
+
+ aai &= OP_ALG_AAI_MASK;
+
+ ret = (*alg_table[i].aai_func)(aai);
+ if (ret < 0) {
+ pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n",
+ program->current_pc);
+ goto err;
+ }
+ opcode |= aai;
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n",
+ program->current_pc);
+ ret = -EINVAL;
+ goto err;
+ }
+
+ switch (algo_state) {
+ case OP_ALG_AS_UPDATE:
+ case OP_ALG_AS_INIT:
+ case OP_ALG_AS_FINALIZE:
+ case OP_ALG_AS_INITFINAL:
+ opcode |= algo_state;
+ break;
+ default:
+ pr_err("Invalid Operation Command\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ switch (icv_checking) {
+ case ICV_CHECK_DISABLE:
+ /*
+ * opcode |= OP_ALG_ICV_OFF;
+ * OP_ALG_ICV_OFF is 0
+ */
+ break;
+ case ICV_CHECK_ENABLE:
+ opcode |= OP_ALG_ICV_ON;
+ break;
+ default:
+ pr_err("Invalid Operation Command\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ switch (enc) {
+ case DIR_DEC:
+ /*
+ * opcode |= OP_ALG_DECRYPT;
+ * OP_ALG_DECRYPT is 0
+ */
+ break;
+ case DIR_ENC:
+ opcode |= OP_ALG_ENCRYPT;
+ break;
+ default:
+ pr_err("Invalid Operation Command\n");
+ ret = -EINVAL;
+ goto err;
+ }
+
+ __rta_out32(program, opcode);
+ program->current_instruction++;
+ return (int)start_pc;
+
+ err:
+ program->first_error_pc = start_pc;
+ return ret;
+}
+
/*
* OPERATION PKHA routines
*/
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2020 NXP
+ * Copyright 2016-2021 NXP
*
*/
@@ -2138,15 +2138,33 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
authdata.algtype = OP_ALG_ALGSEL_AES;
authdata.algmode = OP_ALG_AAI_XCBC_MAC;
session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
- bufsize = cnstr_shdsc_aes_xcbc_mac(
+ bufsize = cnstr_shdsc_aes_xx_mac(
priv->flc_desc[DESC_INITFINAL].desc,
1, 0, SHR_NEVER, &authdata,
!session->dir,
session->digest_length);
break;
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_AES_CMAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+ bufsize = cnstr_shdsc_aes_xx_mac(
+ priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC;
+ bufsize = cnstr_shdsc_aes_xx_mac(
+ priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_NULL:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
@@ -2419,6 +2437,17 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
authdata.algmode = OP_ALG_AAI_XCBC_MAC;
session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
@@ -2427,10 +2456,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_AES_CMAC:
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_ZUC_EIA3:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
auth_xform->algo);
@@ -2769,6 +2795,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
+ authdata->algmode = OP_ALG_AAI_CCM;
break;
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
@@ -525,6 +525,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* NULL (CIPHER) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
This patch adds support for AES_CMAC integrity in non-security mode. This patch modifies the camm flib to handles the AES CMAC without conflicting the proto ALG operations. i.e. by creating another ALG operation routine. Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com> --- doc/guides/cryptodevs/dpaa2_sec.rst | 1 + doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 + drivers/common/dpaax/caamflib/desc/algo.h | 16 ++- drivers/common/dpaax/caamflib/rta.h | 3 + .../common/dpaax/caamflib/rta/operation_cmd.h | 103 +++++++++++++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 39 ++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 21 ++++ 7 files changed, 171 insertions(+), 13 deletions(-) -- 2.17.1