[LX2160A] DPAA2 DPDK aes-cmac crypto algorithm support

jhkim2 · ‎01-24-2022

Hi,

I'm using LSDK20.04 and wish to use AES-CMAC crypto algorithm.

As far as I know, in that version AES-CMAC is not supported for DPAA2 crypto Authentication algorithm and only support in PDCP offloading.

Can I get the information of which DPDK version NXP DPAA2 support AES-CMAC algorithm in crypto authentication?

In LSDK 21.08, Is AES-CAMC is fully supported in dpaa2 crypto auth algorithm?

Thanks in advance.

J.Hwan Kim

yipingwang · ‎01-24-2022

AES-CAMC is supported in dpaa2 crypto auth algorithm in DPDK provided in LSDK 21.08.

jhkim2 · ‎01-25-2022

Thank you for reply.

I'm testing the LSDK21.08 DPDK dpaa2 AES-CMAC crypto algorithm.

When I test AES-CMAC digest (mac-i) generation mode, the result was success.

But in digest verification mode, the result was fail. (SEC driver returns error value of 2000101a)

I attached the IV first 8bytes in front of message as I did in digest generation mode.

INPUT data for digest verification = [ IV first 8 bytes + message + 4byte digest ]

Does AES-CMAC support only digest generation mode?

yipingwang · ‎01-27-2022

Status 0x2000101a means ICV check failed.

Accordint to rfc4493, AES_CMAC Verify_MAC Figure 2.4,

Input : K ( 128-bit Key )

: M ( message to be verified )

: len ( length of the message in octets )

: T' ( the received MAC to be verified )

Output : INVALID or VALID

IV was not required in AES_CMAC, the verify_MAC input should be "message + ICV".

For detailed FD construction with input/otuput buffer, please check LSDK21.08 DPDK DPAA2_SEC API "build_auth_fd()".