As part of this patch: - Implemented driver support in cnxk for SNOW5G NEA4/NIA4 and ZUC NEA6/NIA6 algorithms. - Added capability structures for ZUC256/SNOW5G algorithms. - Update cn20k.ini with new algorithm settings. - Document changes in release notes.
Signed-off-by: Nithinsen Kaithakadan <[email protected]> --- doc/guides/cryptodevs/features/cn20k.ini | 4 + doc/guides/rel_notes/release_26_03.rst | 4 + drivers/common/cnxk/hw/cpt.h | 4 +- drivers/common/cnxk/roc_se.c | 40 ++++++- drivers/common/cnxk/roc_se.h | 16 ++- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 103 +++++++++++++++++- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 3 + drivers/crypto/cnxk/cnxk_se.h | 25 ++++- 9 files changed, 185 insertions(+), 16 deletions(-) diff --git a/doc/guides/cryptodevs/features/cn20k.ini b/doc/guides/cryptodevs/features/cn20k.ini index ff00a8a107..d4c52082c6 100644 --- a/doc/guides/cryptodevs/features/cn20k.ini +++ b/doc/guides/cryptodevs/features/cn20k.ini @@ -46,6 +46,8 @@ SM4 CBC = Y SM4 CTR = Y SM4 CFB = Y SM4 OFB = Y +SNOW5G NEA4 = Y +ZUC-256 NEA6 = Y ; ; Supported authentication algorithms of 'cn20k' crypto driver. @@ -82,6 +84,8 @@ SHA3_512 HMAC = Y SHAKE_128 = Y SHAKE_256 = Y SM3 = Y +SNOW5G NIA4 = Y +ZUC-256 NIA6 = Y ; ; Supported AEAD algorithms of 'cn20k' crypto driver. diff --git a/doc/guides/rel_notes/release_26_03.rst b/doc/guides/rel_notes/release_26_03.rst index 2c3a318dba..fa53f0c8f3 100644 --- a/doc/guides/rel_notes/release_26_03.rst +++ b/doc/guides/rel_notes/release_26_03.rst @@ -108,6 +108,10 @@ New Features Added handling of the key combination Control+L to clear the screen before redisplaying the prompt. +* **Updated Marvell cnxk crypto driver.** + + * Added SNOW5G and ZUC256 v2 support for CN20K SoC. + Removed Items ------------- diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h index 6e577b6277..eb795f61ac 100644 --- a/drivers/common/cnxk/hw/cpt.h +++ b/drivers/common/cnxk/hw/cpt.h @@ -81,7 +81,9 @@ union cpt_eng_caps { uint64_t __io reserved_15_20 : 6; uint64_t __io sm3 : 1; uint64_t __io sm4 : 1; - uint64_t __io reserved_23_34 : 12; + uint64_t __io reserved_23_24 : 2; + uint64_t __io zuc256_snow5g : 1; + uint64_t __io reserved_26_34 : 9; uint64_t __io sg_ver2 : 1; uint64_t __io sm2 : 1; uint64_t __io pdcp_chain_zuc256 : 1; diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c index bdb42567c7..d841a926a4 100644 --- a/drivers/common/cnxk/roc_se.c +++ b/drivers/common/cnxk/roc_se.c @@ -91,6 +91,7 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, uint16_t key_ fc_type = ROC_SE_FC_GEN; break; case ROC_SE_ZUC_EEA3: + case ROC_SE_ZUC_NEA6: if (unlikely(key_len != 16)) { /* * ZUC 256 is not supported with older microcode @@ -115,6 +116,11 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, uint16_t key_ else fc_type = ROC_SE_PDCP; break; + case ROC_SE_SNOW5G_NEA4: + if (unlikely(key_len != 32)) + return -1; + fc_type = ROC_SE_PDCP; + break; case ROC_SE_AES_CTR_EEA2: if (chained_op) fc_type = ROC_SE_PDCP_CHAIN; @@ -287,7 +293,7 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint chained_op = se_ctx->ciph_then_auth || se_ctx->auth_then_ciph; - if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) { + if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_ZUC_NIA6)) { uint32_t keyx[4]; int key_type; @@ -316,7 +322,20 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint se_ctx->zsk_flags = 0x1; opcode_major = ROC_SE_MAJOR_OP_PDCP_CHAIN; break; + case ROC_SE_SNOW5G_NIA4: + pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV; + pctx->w0.s.auth_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW5G; + pctx->w0.s.mac_len = mac_len; + pctx->w0.s.auth_key_len = 3; + memcpy(pctx->st.auth_key, key, key_len); + + se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_SNOW5G; + se_ctx->zsk_flags = 0x1; + opcode_major = ROC_SE_MAJOR_OP_PDCP_CHAIN; + break; case ROC_SE_ZUC_EIA3: + case ROC_SE_ZUC_NIA6: if (unlikely(key_len != 16)) { /* * ZUC 256 is not supported with older microcode @@ -336,13 +355,16 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint pctx->w0.s.auth_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC; pctx->w0.s.mac_len = mac_len; memcpy(pctx->st.auth_key, key, key_len); - if (key_len == 32) + + if (!roc_model_is_cn20k() && key_len == 32) roc_se_zuc_bytes_swap(pctx->st.auth_key, key_len); + cpt_zuc_const_update(pctx->st.auth_zuc_const, key_len, mac_len); se_ctx->fc_type = ROC_SE_PDCP_CHAIN; if (!chained_op) se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_ZUC; se_ctx->zsk_flags = 0x1; opcode_major = ROC_SE_MAJOR_OP_PDCP_CHAIN; @@ -547,7 +569,16 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_SNOW3G; se_ctx->zsk_flags = 0; goto success; + case ROC_SE_SNOW5G_NEA4: + pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV; + pctx->w0.s.cipher_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW5G; + pctx->w0.s.ci_key_len = 3; + memcpy(pctx->st.ci_key, key, key_len); + se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_SNOW5G; + se_ctx->zsk_flags = 0; + goto success; case ROC_SE_ZUC_EEA3: + case ROC_SE_ZUC_NEA6: key_type = cpt_pdcp_chain_key_type_get(key_len); if (key_type < 0) return key_type; @@ -556,11 +587,12 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui pctx->w0.s.cipher_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC; memcpy(pctx->st.ci_key, key, key_len); if (key_len == 32) { - roc_se_zuc_bytes_swap(pctx->st.ci_key, key_len); if (roc_model_is_cn20k()) memcpy(pctx->st.ci_zuc_const, zuc_key256_v2, 16); - else + else { memcpy(pctx->st.ci_zuc_const, zuc_key256, 16); + roc_se_zuc_bytes_swap(pctx->st.ci_key, key_len); + } } else memcpy(pctx->st.ci_zuc_const, zuc_key128, 32); se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_ZUC; diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index 03a6eabfd3..499e71ce85 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -101,6 +101,8 @@ typedef enum { ROC_SE_AES_CMAC_EIA2 = 0x92, ROC_SE_KASUMI_F9_CBC = 0x93, ROC_SE_KASUMI_F9_ECB = 0x94, + ROC_SE_SNOW5G_NIA4 = 0x95, + ROC_SE_ZUC_NIA6 = 0x96, } roc_se_auth_type; typedef enum { @@ -129,6 +131,8 @@ typedef enum { ROC_SE_KASUMI_F8_ECB = 0x94, ROC_SE_AES_DOCSISBPI = 0x95, ROC_SE_DES_DOCSISBPI = 0x96, + ROC_SE_SNOW5G_NEA4 = 0x97, + ROC_SE_ZUC_NEA6 = 0x98, } roc_se_cipher_type; typedef enum { @@ -257,10 +261,8 @@ struct roc_se_pdcp_ctx { union { uint64_t u64; struct { - uint64_t cipher_type : 2; - uint64_t rsvd58_59 : 2; - uint64_t auth_type : 2; - uint64_t rsvd62_63 : 2; + uint64_t cipher_type : 4; + uint64_t auth_type : 4; uint64_t mac_len : 4; uint64_t ci_key_len : 2; uint64_t auth_key_len : 2; @@ -307,8 +309,10 @@ struct roc_se_iov_ptr { #define ROC_SE_PDCP_ALG_TYPE_SNOW3G 1 #define ROC_SE_PDCP_ALG_TYPE_AES_CTR 2 #define ROC_SE_PDCP_ALG_TYPE_AES_CMAC 3 +#define ROC_SE_PDCP_ALG_TYPE_SNOW5G 4 #define ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G 1 #define ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC 3 +#define ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW5G 5 #define ROC_SE_PDCP_CHAIN_CTX_LFSR 0 #define ROC_SE_PDCP_CHAIN_CTX_KEY_IV 1 @@ -348,8 +352,8 @@ struct roc_se_ctx { uint64_t hmac : 1; uint64_t zsk_flags : 3; uint64_t k_ecb : 1; - uint64_t pdcp_ci_alg : 2; - uint64_t pdcp_auth_alg : 2; + uint64_t pdcp_ci_alg : 3; + uint64_t pdcp_auth_alg : 3; uint64_t ciph_then_auth : 1; uint64_t auth_then_ciph : 1; uint64_t eia2 : 1; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 088149badb..f88162ad3c 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -11,7 +11,7 @@ #include "roc_ae.h" #include "roc_cpt.h" -#define CNXK_CPT_MAX_CAPS 56 +#define CNXK_CPT_MAX_CAPS 60 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16 #define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 3 #define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7 diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 5c1542909e..be6d383717 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -724,6 +724,99 @@ static const struct rte_cryptodev_capabilities caps_zuc_snow3g[] = { }, }; +static const struct rte_cryptodev_capabilities caps_zuc256_snow5g[] = { + { /* SNOW 5G (NEA4) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_SNOW5G_NEA4, + .block_size = 16, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SNOW 5G (NIA4) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SNOW5G_NIA4, + .block_size = 16, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC 256 (NEA6) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_ZUC_NEA6, + .block_size = 16, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* ZUC 256 (NIA6) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_ZUC_NIA6, + .block_size = 16, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, +}; + static const struct rte_cryptodev_capabilities caps_aes[] = { { /* AES GMAC (AUTH) */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, @@ -1917,7 +2010,8 @@ cn10k_20k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[]) while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) && (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) && - (caps->sym.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)) { + ((caps->sym.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) || + (caps->sym.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_NEA6))) { caps->sym.cipher.key_size.max = 32; caps->sym.cipher.key_size.increment = 16; @@ -1930,8 +2024,8 @@ cn10k_20k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[]) if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) && (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) && - (caps->sym.auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3)) { - + ((caps->sym.auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) || + (caps->sym.auth.algo == RTE_CRYPTO_AUTH_ZUC_NIA6))) { caps->sym.auth.key_size.max = 32; caps->sym.auth.key_size.increment = 16; caps->sym.auth.digest_size.max = 16; @@ -1985,6 +2079,9 @@ crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], if (roc_model_is_cn10k() || roc_model_is_cn20k()) cn10k_20k_crypto_caps_add(cnxk_caps, hw_caps, &cur_pos); + if (roc_model_is_cn20k()) + CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, zuc256_snow5g); + cpt_caps_add(cnxk_caps, &cur_pos, caps_null, RTE_DIM(caps_null)); cpt_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index b431b78005..2f9eb322dc 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -611,6 +611,7 @@ is_valid_pdcp_cipher_alg(struct rte_crypto_sym_xform *c_xfrm, { switch (c_xfrm->cipher.algo) { case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + case RTE_CRYPTO_CIPHER_SNOW5G_NEA4: case RTE_CRYPTO_CIPHER_ZUC_EEA3: break; case RTE_CRYPTO_CIPHER_AES_CTR: @@ -736,6 +737,7 @@ cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform, } break; case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + case RTE_CRYPTO_AUTH_SNOW5G_NIA4: case RTE_CRYPTO_AUTH_ZUC_EIA3: case RTE_CRYPTO_AUTH_AES_CMAC: if (!is_valid_pdcp_cipher_alg(c_xfrm, sess)) @@ -771,6 +773,7 @@ cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform, } break; case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + case RTE_CRYPTO_AUTH_SNOW5G_NIA4: case RTE_CRYPTO_AUTH_ZUC_EIA3: case RTE_CRYPTO_AUTH_AES_CMAC: if (!is_valid_pdcp_cipher_alg(c_xfrm, sess)) diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index db25fd90d8..8dbf3e73c7 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -131,7 +131,8 @@ pdcp_iv_copy(uint8_t *iv_d, const uint8_t *iv_s, const uint8_t pdcp_alg_type, co iv_temp[j] = iv_s_temp[3 - j]; memcpy(iv_d, iv_temp, 16); } else if ((pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) || - pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_AES_CTR) { + (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_AES_CTR) || + (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_SNOW5G)) { memcpy(iv_d, iv_s, 16); if (pack_iv) { uint8_t iv_d23, iv_d24; @@ -2243,12 +2244,24 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) zsk_flag = ROC_SE_ZS_EA; zs_cipher = ROC_SE_ZS_EA; break; + case RTE_CRYPTO_CIPHER_SNOW5G_NEA4: + enc_type = ROC_SE_SNOW5G_NEA4; + cipher_key_len = 32; + zsk_flag = ROC_SE_ZS_EA; + zs_cipher = ROC_SE_ZS_EA; + break; case RTE_CRYPTO_CIPHER_ZUC_EEA3: enc_type = ROC_SE_ZUC_EEA3; cipher_key_len = c_form->key.length; zsk_flag = ROC_SE_ZS_EA; zs_cipher = ROC_SE_ZS_EA; break; + case RTE_CRYPTO_CIPHER_ZUC_NEA6: + enc_type = ROC_SE_ZUC_NEA6; + cipher_key_len = 32; + zsk_flag = ROC_SE_ZS_EA; + zs_cipher = ROC_SE_ZS_EA; + break; case RTE_CRYPTO_CIPHER_AES_XTS: enc_type = ROC_SE_AES_XTS; cipher_key_len = 16; @@ -2437,11 +2450,21 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) zsk_flag = ROC_SE_ZS_IA; zs_auth = ROC_SE_ZS_IA; break; + case RTE_CRYPTO_AUTH_SNOW5G_NIA4: + auth_type = ROC_SE_SNOW5G_NIA4; + zsk_flag = ROC_SE_ZS_IA; + zs_auth = ROC_SE_ZS_IA; + break; case RTE_CRYPTO_AUTH_ZUC_EIA3: auth_type = ROC_SE_ZUC_EIA3; zsk_flag = ROC_SE_ZS_IA; zs_auth = ROC_SE_ZS_IA; break; + case RTE_CRYPTO_AUTH_ZUC_NIA6: + auth_type = ROC_SE_ZUC_NIA6; + zsk_flag = ROC_SE_ZS_IA; + zs_auth = ROC_SE_ZS_IA; + break; case RTE_CRYPTO_AUTH_NULL: auth_type = 0; is_null = 1; -- 2.34.1
