[PATCH 1/2] crypto/cnxk: add ZUC256 v2 support for cn20k
Nithinsen Kaithakadan
nkaithakadan at marvell.com
Tue Mar 24 04:48:18 CET 2026
From: Tejasree Kondoj <ktejasree at marvell.com>
Adding ZUC256 v2 cipher only support in
CN20K PMD.
Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
---
drivers/common/cnxk/roc_se.c | 14 +++++++++++---
drivers/common/cnxk/roc_se.h | 2 ++
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 15 +++++++++------
drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 10 ++++++++--
drivers/crypto/cnxk/cnxk_se.h | 7 +++++--
5 files changed, 35 insertions(+), 13 deletions(-)
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index f71832ff3a..bdb42567c7 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -25,6 +25,9 @@ static uint8_t zuc_key256_mac16[16] = {0x23, 0x2f, 0x25, 0x2a, 0x6d, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x52, 0x10, 0x30};
+static uint8_t zuc_key256_v2[16] = {0x64, 0x43, 0x7b, 0x2a, 0x11, 0x05, 0x51, 0x42,
+ 0x1a, 0x31, 0x18, 0x66, 0x14, 0x2e, 0x01, 0x5c};
+
static inline void
cpt_snow3g_key_gen(const uint8_t *ck, uint32_t *keyx)
{
@@ -93,7 +96,8 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, uint16_t key_
* ZUC 256 is not supported with older microcode
* where pdcp_iv_offset is 16
*/
- if (chained_op || (ctx->pdcp_iv_offset == 16)) {
+ if ((chained_op ||
+ (!roc_model_is_cn20k() && (ctx->pdcp_iv_offset == 16)))) {
plt_err("ZUC 256 is not supported with chained operations");
return -1;
}
@@ -318,7 +322,8 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint
* ZUC 256 is not supported with older microcode
* where pdcp_iv_offset is 16
*/
- if (chained_op || (se_ctx->pdcp_iv_offset == 16)) {
+ if ((chained_op ||
+ (!roc_model_is_cn20k() && (se_ctx->pdcp_iv_offset == 16)))) {
plt_err("ZUC 256 is not supported with chained operations");
return -1;
}
@@ -552,7 +557,10 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
memcpy(pctx->st.ci_key, key, key_len);
if (key_len == 32) {
roc_se_zuc_bytes_swap(pctx->st.ci_key, key_len);
- memcpy(pctx->st.ci_zuc_const, zuc_key256, 16);
+ if (roc_model_is_cn20k())
+ memcpy(pctx->st.ci_zuc_const, zuc_key256_v2, 16);
+ else
+ memcpy(pctx->st.ci_zuc_const, zuc_key256, 16);
} else
memcpy(pctx->st.ci_zuc_const, zuc_key128, 32);
se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_ZUC;
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 9afcda8ba4..03a6eabfd3 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -355,6 +355,7 @@ struct roc_se_ctx {
uint64_t eia2 : 1;
/* auth_iv_offset passed to PDCP_CHAIN opcode based on FVC bit */
uint8_t pdcp_iv_offset;
+ uint8_t pdcp_iv_len;
union cpt_inst_w4 template_w4;
uint8_t *auth_key;
} __plt_aligned(ROC_ALIGN);
@@ -374,6 +375,7 @@ struct roc_se_fc_params {
uint8_t cipher_iv_len;
uint8_t auth_iv_len;
uint8_t pdcp_iv_offset;
+ uint8_t pdcp_iv_len;
struct roc_se_buf_ptr aad_buf;
struct roc_se_buf_ptr mac_buf;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index d2747878d3..5c1542909e 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1908,7 +1908,7 @@ cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
}
static void
-cn10k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
+cn10k_20k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
{
struct rte_cryptodev_capabilities *caps;
@@ -1921,7 +1921,10 @@ cn10k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
caps->sym.cipher.key_size.max = 32;
caps->sym.cipher.key_size.increment = 16;
- caps->sym.cipher.iv_size.max = 25;
+ if (roc_model_is_cn20k())
+ caps->sym.cipher.iv_size.max = 16;
+ else
+ caps->sym.cipher.iv_size.max = 25;
caps->sym.cipher.iv_size.increment = 1;
}
@@ -1946,8 +1949,8 @@ cn9k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos
}
static void
-cn10k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
- union cpt_eng_caps *hw_caps, int *cur_pos)
+cn10k_20k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
+ union cpt_eng_caps *hw_caps, int *cur_pos)
{
if (hw_caps[CPT_ENG_TYPE_SE].sg_ver2) {
CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm3);
@@ -1980,13 +1983,13 @@ crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
cn9k_crypto_caps_add(cnxk_caps, &cur_pos);
if (roc_model_is_cn10k() || roc_model_is_cn20k())
- cn10k_crypto_caps_add(cnxk_caps, hw_caps, &cur_pos);
+ cn10k_20k_crypto_caps_add(cnxk_caps, hw_caps, &cur_pos);
cpt_caps_add(cnxk_caps, &cur_pos, caps_null, RTE_DIM(caps_null));
cpt_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
if (roc_model_is_cn10k() || roc_model_is_cn20k())
- cn10k_crypto_caps_update(cnxk_caps);
+ cn10k_20k_crypto_caps_update(cnxk_caps);
}
const struct rte_cryptodev_capabilities *
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 370f311dd3..b431b78005 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -632,10 +632,16 @@ cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform,
struct rte_crypto_sym_xform *a_xfrm = NULL;
bool ciph_then_auth = false;
- if (roc_cpt->hw_caps[CPT_ENG_TYPE_SE].pdcp_chain_zuc256)
+ if (roc_model_is_cn20k()) {
+ sess->roc_se_ctx->pdcp_iv_len = 40;
+ sess->roc_se_ctx->pdcp_iv_offset = 16;
+ } else if (roc_cpt->hw_caps[CPT_ENG_TYPE_SE].pdcp_chain_zuc256) {
sess->roc_se_ctx->pdcp_iv_offset = 24;
- else
+ sess->roc_se_ctx->pdcp_iv_len = 48;
+ } else {
sess->roc_se_ctx->pdcp_iv_offset = 16;
+ sess->roc_se_ctx->pdcp_iv_len = 32;
+ }
if (xform == NULL)
return -EINVAL;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 7a0624ca28..db25fd90d8 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -1537,7 +1537,7 @@ cpt_pdcp_chain_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
const uint8_t *auth_iv = NULL, *cipher_iv = NULL;
uint8_t pdcp_iv_off = params->pdcp_iv_offset;
uint32_t off_ctrl_len = ROC_SE_OFF_CTRL_LEN;
- const int iv_len = pdcp_iv_off * 2;
+ const int iv_len = params->pdcp_iv_len;
uint8_t pdcp_ci_alg, pdcp_auth_alg;
union cpt_inst_w4 cpt_inst_w4;
struct roc_se_ctx *se_ctx;
@@ -1667,9 +1667,9 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
* So iv_len reserved is 32B for cipher and auth IVs with old microcode
* and 48B with new microcode.
*/
- const int iv_len = params->pdcp_iv_offset * 2;
uint32_t off_ctrl_len = ROC_SE_OFF_CTRL_LEN;
struct roc_se_ctx *se_ctx = params->ctx;
+ const int iv_len = params->pdcp_iv_len;
uint32_t encr_data_len, auth_data_len;
const int flags = se_ctx->zsk_flags;
uint32_t encr_offset, auth_offset;
@@ -3039,6 +3039,7 @@ fill_pdcp_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
fc_params.iv_buf = NULL;
fc_params.auth_iv_buf = NULL;
fc_params.pdcp_iv_offset = sess->roc_se_ctx->pdcp_iv_offset;
+ fc_params.pdcp_iv_len = sess->roc_se_ctx->pdcp_iv_len;
if (likely(sess->iv_length))
fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset);
@@ -3134,6 +3135,7 @@ fill_pdcp_chain_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
fc_params.iv_buf = NULL;
fc_params.auth_iv_buf = NULL;
fc_params.pdcp_iv_offset = sess->roc_se_ctx->pdcp_iv_offset;
+ fc_params.pdcp_iv_len = sess->roc_se_ctx->pdcp_iv_len;
m_src = sym_op->m_src;
m_dst = sym_op->m_dst;
@@ -3347,6 +3349,7 @@ fill_digest_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
params.auth_iv_buf =
rte_crypto_op_ctod_offset(cop, uint8_t *, sess->auth_iv_offset);
params.pdcp_iv_offset = sess->roc_se_ctx->pdcp_iv_offset;
+ params.pdcp_iv_len = sess->roc_se_ctx->pdcp_iv_len;
if (sess->zsk_flag == ROC_SE_K_F9) {
uint32_t length_in_bits, num_bytes;
uint8_t *src, direction = 0;
--
2.34.1
More information about the dev
mailing list