uadk: support aead stream mode and sm4-sm3 alg#657
Merged
Liulongfang merged 6 commits intoLinaro:masterfrom Jan 13, 2025
Merged
uadk: support aead stream mode and sm4-sm3 alg#657Liulongfang merged 6 commits intoLinaro:masterfrom
Liulongfang merged 6 commits intoLinaro:masterfrom
Conversation
Add the algorithm hmac(sm3)-cbc(sm4) to the nosva scene, the following fileds of the session setup need to be set, the calg(WCRYPTO_CIPHER_SM4), the cmode(WCRYPTO_CIPHER_CBC), the dalg(WCRYPTO_SM3) and the dmode(WCRYPTO_DIGEST_HMAC). Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Qi Tao <taoqi10@huawei.com>
Currently, the algorithm name of the aead cbc mode is designed only for sha256, but it is not suitable any more when other algorithms are added, such as hmac(sm3)-cbc(aes). Now a common name is used, authenc(generic,cbc(aes)), the actual algorithm and mode are still specified by dalg and dmode in the session setup. Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Qi Tao <taoqi10@huawei.com>
In stream processing encryption mode, a long file needs to be encrypted. When the accelerator is invoked, the encryption result of each block is assembled. The assembled result is the same as the result of encrypting the entire file at a time. For hisi_sec, the AAD is filled to the first message, plaintext are done with the middle and the end message. In an encrypted stream, the first and the end message are unique and must be delivered to hardware. Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Qi Tao <taoqi10@huawei.com>
For the gcm stream mode, assoc bytes should not be 0, check it to avoid hardware error. Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Qi Tao <taoqi10@huawei.com>
The hardware only uses the block mode, so set the aead message state to the block mode first. Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Qi Tao <taoqi10@huawei.com>
The hardware supports only 16-byte alignment for the aead middle messages, the invalid length check is added now. Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com> Signed-off-by: Qi Tao <taoqi10@huawei.com>
Collaborator
|
close this pr? only keep pr to develop? |
Collaborator
Author
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Wenkai Lin (6):
uadk/v1: support the hmac(sm3)-cbc(sm4) algorithm
uadk: fix for the algorithm name of the aead cbc mode
uadk/v1: Add stream mode for AES-GCM and SM4-GCM
uadk/v1: add assoc bytes check
uadk/v1: set aead msg state for the hardware v2
uadk/v1: fix input length check for aead stream mode.