This patch introduces SM4 GCM algorithm support to the AESNI_MB PMD.
SM4 GCM is available in the v2.0 release of Intel IPsec MB.
Signed-off-by: Brian Dooley <brian.doo...@intel.com>
---
v2:
Added aad to cpu job params
Added ipsec mb version checks
v3:
Fix naming for patchwork
v4:
Remove cryptodev changes to separate patch
---
doc/guides/cryptodevs/aesni_mb.rst | 1 +
doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
doc/guides/rel_notes/release_25_03.rst | 4 ++
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 54 ++++++++++++++++++++-
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 30 ++++++++++++
5 files changed, 88 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst
b/doc/guides/cryptodevs/aesni_mb.rst
index 16d82147b2..8d7e221e79 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -67,6 +67,7 @@ AEAD algorithms:
* RTE_CRYPTO_AEAD_AES_CCM
* RTE_CRYPTO_AEAD_AES_GCM
* RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+* RTE_CRYPTO_AEAD_SM4_GCM
Protocol offloads:
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini
b/doc/guides/cryptodevs/features/aesni_mb.ini
index ebe00d075d..c648be62fb 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -80,6 +80,7 @@ AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
CHACHA20-POLY1305 = Y
+SM4 GCM = Y
;
; Supported Asymmetric algorithms of the 'aesni_mb' crypto driver.
;
diff --git a/doc/guides/rel_notes/release_25_03.rst
b/doc/guides/rel_notes/release_25_03.rst
index 145b018058..3f8c61e8d5 100644
--- a/doc/guides/rel_notes/release_25_03.rst
+++ b/doc/guides/rel_notes/release_25_03.rst
@@ -133,6 +133,10 @@ New Features
See the :doc:`../compressdevs/zsda` guide for more details on the new driver.
+* **Updated IPsec_MB crypto driver.**
+
+ * Added support for the SM4 GCM algorithm.
+
Removed Items
-------------
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 05dc1a039f..8b54e4a602 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -20,7 +20,11 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE
cipher_mode)
{
return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
hash_alg == IMB_AUTH_AES_CCM ||
- cipher_mode == IMB_CIPHER_GCM);
+ cipher_mode == IMB_CIPHER_GCM
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ || cipher_mode == IMB_CIPHER_SM4_GCM
+#endif
+ );
}
/** Set session authentication parameters */
@@ -602,7 +606,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR
*mb_mgr,
}
static int
-aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_aead_parameters(IMB_MGR *mb_mgr,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform)
{
@@ -720,6 +724,22 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
return -EINVAL;
}
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case RTE_CRYPTO_AEAD_SM4_GCM:
+ sess->template_job.cipher_mode = IMB_CIPHER_SM4_GCM;
+ sess->template_job.hash_alg = IMB_AUTH_SM4_GCM;
+ sess->template_job.u.GCM.aad_len_in_bytes =
xform->aead.aad_length;
+
+ if (xform->aead.key.length != 16) {
+ IPSEC_MB_LOG(ERR, "Invalid key length");
+ return -EINVAL;
+ }
+ sess->template_job.key_len_in_bytes = 16;
+ imb_sm4_gcm_pre(mb_mgr, xform->aead.key.data,
&sess->cipher.gcm_key);
+ sess->template_job.enc_keys = &sess->cipher.gcm_key;
+ sess->template_job.dec_keys = &sess->cipher.gcm_key;
+ break;
+#endif
default:
IPSEC_MB_LOG(ERR, "Unsupported aead mode parameter");
return -ENOTSUP;
@@ -1037,6 +1057,13 @@ set_cpu_mb_job_params(IMB_JOB *job, struct
aesni_mb_session *session,
case IMB_AUTH_CHACHA20_POLY1305:
job->u.CHACHA20_POLY1305.aad = aad->va;
break;
+
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_AUTH_SM4_GCM:
+ job->u.GCM.aad = aad->va;
+ break;
+#endif
+
default:
job->u.HMAC._hashed_auth_key_xor_ipad =
session->auth.pads.inner;
@@ -1559,6 +1586,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
imb_set_session(mb_mgr, job);
}
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_AUTH_SM4_GCM:
+ job->u.GCM.aad = op->sym->aead.aad.data;
+ break;
+#endif
default:
break;
}
@@ -1687,6 +1719,19 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->iv.offset);
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_AUTH_SM4_GCM:
+ job->hash_start_src_offset_in_bytes = 0;
+ /*
+ * Adding offset here as there is a bug in the ipsec mb library
+ */
+ job->src += op->sym->aead.data.offset;
+ job->msg_len_to_hash_in_bytes =
+ op->sym->aead.data.length;
+ job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+ session->iv.offset);
+ break;
+#endif
default:
job->hash_start_src_offset_in_bytes = auth_start_offset(op,
@@ -1732,6 +1777,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->msg_len_to_cipher_in_bytes = 0;
job->cipher_start_src_offset_in_bytes = 0;
break;
+#if IMB_VERSION(1, 5, 0) < IMB_VERSION_NUM
+ case IMB_CIPHER_SM4_GCM:
+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+ break;
+#endif
default:
job->cipher_start_src_offset_in_bytes =
op->sym->cipher.data.offset;
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 468a1f35eb..bdb9ad815b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -826,6 +826,36 @@ static const struct rte_cryptodev_capabilities
aesni_mb_capabilities[] = {
}, }
}, }
},
+ { /* SM4 GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_SM4_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0,
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0,
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1,
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0,
+ }
+ }, }
+ }, }
+ },
#endif
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.25.1
