From: Akhil Goyal <akhil.go...@nxp.com>
This patch supports AES_GMAC algorithm for DPAA2
driver.
Signed-off-by: Akhil Goyal <akhil.go...@nxp.com>
Signed-off-by: Gagandeep Singh <g.si...@nxp.com>
---
doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 +
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 14 ++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 30 ++++++++++++++++++++
lib/cryptodev/rte_crypto_sym.h | 4 ++-
4 files changed, 47 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini
b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 3d6e449ca1..dcaf64965d 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
AES XCBC MAC = Y
ZUC EIA3 = Y
+AES GMAC = Y
AES CMAC (128) = Y
;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a9fda67ac3..99f5157abe 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2847,6 +2847,13 @@ dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform
*aead_xform,
aeaddata->algmode = OP_ALG_AAI_CCM;
session->aead_alg = RTE_CRYPTO_AEAD_AES_CCM;
break;
+ case RTE_CRYPTO_AEAD_AES_GMAC:
+ /**
+ * AES-GMAC is an AEAD algo with NULL encryption and GMAC
+ * authentication.
+ */
+ aeaddata->algtype = OP_PCL_IPSEC_AES_NULL_WITH_GMAC;
+ break;
default:
DPAA2_SEC_ERR("Crypto: Undefined AEAD specified %u",
aead_xform->algo);
@@ -2945,6 +2952,10 @@ dpaa2_sec_ipsec_proto_init(struct
rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
+ DPAA2_SEC_ERR(
+ "AES_GMAC is supported as AEAD algo for IPSEC proto
only");
+ return -ENOTSUP;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
@@ -2953,7 +2964,6 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform
*cipher_xform,
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_ZUC_EIA3:
@@ -3096,6 +3106,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
+ case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
memcpy(encap_pdb.gcm.salt,
(uint8_t *)&(ipsec_xform->salt), 4);
break;
@@ -3172,6 +3183,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
+ case OP_PCL_IPSEC_AES_NULL_WITH_GMAC:
memcpy(decap_pdb.gcm.salt,
(uint8_t *)&(ipsec_xform->salt), 4);
break;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 1756d917dd..6aa1c01e95 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -514,6 +514,36 @@ static const struct rte_cryptodev_capabilities
dpaa2_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES GMAC (AEAD) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ }
+ }, }
+ }, }
+ },
{ /* AES XCBC HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index daa090b978..4644fa3e25 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -467,8 +467,10 @@ enum rte_crypto_aead_algorithm {
/**< AES algorithm in CCM mode. */
RTE_CRYPTO_AEAD_AES_GCM,
/**< AES algorithm in GCM mode. */
- RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+ RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
/**< Chacha20 cipher with poly1305 authenticator */
+ RTE_CRYPTO_AEAD_AES_GMAC
+ /**< AES algorithm in GMAC mode. */
};
/** AEAD algorithm name strings */
--
2.25.1
