This patch introduces SM4 CBC, SM4 ECB and SM4 CTR algorithm support to
the AESNI_MB PMD. SM4 CTR is available in the v2.0 release of
Intel IPsec MB.
Signed-off-by: Brian Dooley <brian.doo...@intel.com>
---
v2:
Add Intel IPsec MB version check to capabilities
Add SM4 CTR algorithm support
v3:
Fix ipsec mb version conditions
Add documentation
---
doc/guides/cryptodevs/aesni_mb.rst | 3 +
doc/guides/cryptodevs/features/aesni_mb.ini | 3 +
doc/guides/rel_notes/release_24_11.rst | 1 +
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 28 +++++++++
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 69 +++++++++++++++++++++
5 files changed, 104 insertions(+)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst
b/doc/guides/cryptodevs/aesni_mb.rst
index f1073c3c0b..ca930be1bd 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -36,6 +36,9 @@ Cipher algorithms:
* RTE_CRYPTO_CIPHER_ZUC_EEA3
* RTE_CRYPTO_CIPHER_SNOW3G_UEA2
* RTE_CRYPTO_CIPHER_KASUMI_F8
+* RTE_CRYPTO_CIPHER_SM4_CBC
+* RTE_CRYPTO_CIPHER_SM4_ECB
+* RTE_CRYPTO_CIPHER_SM4_CTR
Hash algorithms:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini
b/doc/guides/cryptodevs/features/aesni_mb.ini
index b4e9a1f65b..ebe00d075d 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -42,6 +42,9 @@ AES ECB (256) = Y
ZUC EEA3 = Y
SNOW3G UEA2 = Y
KASUMI F8 = Y
+SM4 CBC = Y
+SM4 ECB = Y
+SM4 CTR = Y
;
; Supported authentication algorithms of the 'aesni_mb' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst
b/doc/guides/rel_notes/release_24_11.rst
index b8b68780c5..7c68ec271b 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -58,6 +58,7 @@ New Features
* **Updated IPsec_MB crypto driver.**
* Added support for SM3 algorithm.
* Added support for SM3 HMAC algorithm.
+ * Added support for SM4 CBC, SM4 ECB and SM4 CTR algorithms.
Removed Items
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 019867fe1c..7110a4a350 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -451,6 +451,9 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR
*mb_mgr,
uint8_t is_zuc = 0;
uint8_t is_snow3g = 0;
uint8_t is_kasumi = 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ uint8_t is_sm4 = 0;
+#endif
if (xform == NULL) {
sess->template_job.cipher_mode = IMB_CIPHER_NULL;
@@ -521,6 +524,22 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR
*mb_mgr,
sess->iv.offset = xform->cipher.iv.offset;
sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
return 0;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ case RTE_CRYPTO_CIPHER_SM4_CBC:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CBC;
+ is_sm4 = 1;
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_ECB:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_ECB;
+ is_sm4 = 1;
+ break;
+#endif
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case RTE_CRYPTO_CIPHER_SM4_CTR:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_CNTR;
+ is_sm4 = 1;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
return -ENOTSUP;
@@ -655,6 +674,15 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR
*mb_mgr,
&sess->cipher.pKeySched_kasumi_cipher);
sess->template_job.enc_keys =
&sess->cipher.pKeySched_kasumi_cipher;
sess->template_job.dec_keys =
&sess->cipher.pKeySched_kasumi_cipher;
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ } else if (is_sm4) {
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
+ IMB_SM4_KEYEXP(mb_mgr, xform->cipher.key.data,
+ sess->cipher.expanded_sm4_keys.encode,
+ sess->cipher.expanded_sm4_keys.decode);
+ sess->template_job.enc_keys =
sess->cipher.expanded_sm4_keys.encode;
+ sess->template_job.dec_keys =
sess->cipher.expanded_sm4_keys.decode;
+#endif
} else {
if (xform->cipher.key.length != 8) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 51104f159c..6120a2f62d 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -775,6 +775,64 @@ static const struct rte_cryptodev_capabilities
aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM4 CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SM4 ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+#endif
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ { /* SM4 CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -953,6 +1011,17 @@ struct __rte_cache_aligned aesni_mb_session {
/* *< SNOW3G scheduled cipher key */
kasumi_key_sched_t pKeySched_kasumi_cipher;
/* *< KASUMI scheduled cipher key */
+#if IMB_VERSION(1, 5, 0) <= IMB_VERSION_NUM
+ struct {
+ alignas(16) uint32_t
encode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< encode key */
+ alignas(16) uint32_t
decode[IMB_SM4_KEY_SCHEDULE_ROUNDS];
+ /* *< decode key */
+ } expanded_sm4_keys;
+ /* *< Expanded SM4 keys - Original 128 bit key is
+ * expanded into 32 round keys, each 32 bits.
+ */
+#endif
};
} cipher;
--
2.25.1
