Add support for 8-byte and 16-byte tags for ZUC-EIA3-256.
Signed-off-by: Pablo de Lara <pablo.de.lara.gua...@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 1 -
doc/guides/rel_notes/release_22_11.rst | 4 ++++
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 22 ++++++++++++++-------
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 5 +++++
4 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst
b/doc/guides/cryptodevs/aesni_mb.rst
index 07222ee117..00ac454b6c 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -77,7 +77,6 @@ Limitations
protocol.
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
DOCSIS security protocol.
-* The only tag size supported for ZUC-EIA3-256 is 4 bytes.
Installation
diff --git a/doc/guides/rel_notes/release_22_11.rst
b/doc/guides/rel_notes/release_22_11.rst
index 8c021cf050..f1f304bee2 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -55,6 +55,10 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated the aesni_mb crypto PMD.**
+
+ * Added support for 8-byte and 16-byte tags for ZUC-EIA3-256.
+
Removed Items
-------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 6d5d3ce8eb..1a3d51b764 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -192,20 +192,28 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR
*mb_mgr,
if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
if (xform->auth.key.length == 16) {
sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+
+ if (sess->auth.req_digest_len != 4) {
+ IPSEC_MB_LOG(ERR, "Invalid digest size\n");
+ return -EINVAL;
+ }
} else if (xform->auth.key.length == 32) {
sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
+#if IMB_VERSION(1, 2, 0) > IMB_VERSION_NUM
+ if (sess->auth.req_digest_len != 4 &&
+ sess->auth.req_digest_len != 8 &&
+ sess->auth.req_digest_len != 16) {
+#else
+ if (sess->auth.req_digest_len != 4) {
+#endif
+ IPSEC_MB_LOG(ERR, "Invalid digest size\n");
+ return -EINVAL;
+ }
} else {
IPSEC_MB_LOG(ERR, "Invalid authentication key
length\n");
return -EINVAL;
}
- uint16_t zuc_eia3_digest_len =
- get_truncated_digest_byte_length(
- IMB_AUTH_ZUC_EIA3_BITLEN);
- if (sess->auth.req_digest_len != zuc_eia3_digest_len) {
- IPSEC_MB_LOG(ERR, "Invalid digest size\n");
- return -EINVAL;
- }
sess->auth.gen_digest_len = sess->auth.req_digest_len;
memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 9ef75aa51f..661a072e20 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -568,8 +568,13 @@ static const struct rte_cryptodev_capabilities
aesni_mb_capabilities[] = {
},
.digest_size = {
.min = 4,
+#if IMB_VERSION(1, 2, 0) > IMB_VERSION_NUM
+ .max = 16,
+ .increment = 4
+#else
.max = 4,
.increment = 0
+#endif
},
.iv_size = {
.min = 16,
--
2.25.1
