LX1046A SEC SNOW3G and ZUC crypto support in LSDK20.04 ?

cancel
Showing results for 
Search instead for 
Did you mean: 

LX1046A SEC SNOW3G and ZUC crypto support in LSDK20.04 ?

328 Views
hongyuanz
Contributor IV

Hi NXP,

I want to do DPDK application and use cryptographic acceleration by LX1046A SEC to do SNOW3G/ ZUC algorithm.

After read Layerscape Software Development Kit User Guide, Rev. 20.04 and checked the linux caam driver, I did not see any description or source codes about SNOW3G and ZUC support

Does LSDK20.04 implement the function and how to check the function is OK ?


Thank you

0 Kudos
1 Reply

317 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please refer to the suggestion from the AE team.

Can they try the DPDK from:
https://github.com/nxpmicro/dpdk/tree/19.11-qoriq
branch: 19.11-qoriq

Next, they can refer the example code in :
https://github.com/NXPmicro/dpdk/blob/19.11-qoriq/app/test/test_cryptodev_security_pdcp.c

Please note that LS processors supports SNOW and ZUC as security offload.

Here are additional information:
#####
#13 PDCP support in DPDK

PDCP is supported using rte_securityAPIs as illustrated below. It support all PDCP algosfor both control/data plane for all SN sizes.
Get device context
void *rte_cryptodev_get_sec_ctx(uint8_t dev_id)
void *rte_eth_dev_get_sec_ctx(uint8_t port_id)
Create Session

struct rte_security_session* rte_security_session_create(
struct rte_security_ctx*instance,
struct rte_security_session_conf*conf,
struct rte_mempool*mp);
Update (rte_security_session_update)
Destroy (rte_security_session_destroy)
Attach session with crypto_op(rte_security_attach_session)

/* Security context for crypto/eth devices */
struct rte_security_ctx{
void *device;
/**< Crypto/ethernet device attached */
conststruct rte_security_ops*ops;
/**< Pointer to security ops for the device */
uint16_t sess_cnt;
/**< Number of sessions attached to this context */
};
/** security session configuration parameters */
struct rte_security_session_confsess_conf= {
.action_type= RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
.protocol = RTE_SECURITY_PROTOCOL_PDCP,
{.pdcp= {
.bearer = pdcp_test_bearer[i],
.domain = pdcp_test_params[i].domain,
.pkt_dir= pdcp_test_packet_direction[i],
.sn_size= pdcp_test_data_sn_size[i],
.hfn= pdcp_test_hfn[i],
.hfn_threshold= pdcp_test_hfn_threshold[i],
} },
.crypto_xform= &ut_params->cipher_xform
};

#14 rte_security–PDCP xform
Create PDCP security session using rte_security_session_create() with updated session configuration as follows:
struct rte_security_session_conf{
enumrte_security_session_action_typeaction_type; /**< Type of action to be performed on the session */
enumrte_security_session_protocolprotocol; /**< Security protocol to be configured */
RTE_STD_C11
union {
struct rte_security_ipsec_xformipsec; /**< IPSec specific configurations */
struct rte_security_macsec_xformmacsec; /**< macsecSpecific configurations */
struct rte_security_pdcp_xformpdcp; /**< PDCP specific configurations */
}; /**< Configuration parameters for security session */
struct rte_crypto_sym_xform*crypto_xform; /**< Security Session Crypto Transformations */
void *userdata; /**< Application specific userdatato be saved with session */
};
•Here protocolshould be RTE_SECURITY_PROTOCOL_PDCP.

#15 PDCP Configuration
/**
* PDCP security association configuration data.
*
* This structure contains data required to create a PDCP security session.
*/
struct rte_security_pdcp_xform{
int8_t bearer; /**< PDCP bearer ID */
enumrte_security_pdcp_domaindomain; /** < PDCP mode of operation: Control or data */
enumrte_security_pdcp_directionpkt_dir; /**< PDCP Frame Direction 0:UL 1:DL */
enumrte_security_pdcp_sn_sizesn_size; /**< Sequence number size, 5/7/12/15/18 */
int8_t hfn_ovd; /**< Overwrite HFN per operation 0:disable,1:enable */
uint32_t hfn; /**< Hyper Frame Number */
uint32_t hfn_threshold; /**< HFN Threshold for key renegotiation */
};

#16 PDCP Supported Algos/SN sizes
A test code can be seen in DPDK test app and test-crypto-perf app

#17 Crypto algosupport
•Cipher
−AES-128/256 –both CBC/CTR mode
−3DES
−SNOW-3G-UEA2
−ZUC-EEA2
•Auth
−HMAC-SHA1
−HMAC-SHA256/384/512
−HMAC-MD5
−SNOW-3G-UIA2
−ZUC-EIA2
•AEAD
−AES-GCM 128/256
Note: Cipher+Authis supported in single pass for ipsecalgoonly. It is not supported for PDCP algosin non-security mode.
Though HW is capable of supporting many more algos, they are yet to be enabled in software.

#18 RTE_SECURITY based IPSEC algoin DPAAx_SECdrivers
•Cipher
−AES-128/256 –both CBC/CTR mode
−3DES
•Auth
−HMAC-SHA1
−HMAC-SHA256/384/512
−HMAC-MD5
•AEAD
−AES-GCM 128/256
Note: Cipher+Authis supported in single pass
Though HW is capable of supporting many more algos, they are yet to be enabled in software.
#####