From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0081.outbound.protection.outlook.com [104.47.41.81]) by dpdk.org (Postfix) with ESMTP id 0E2B01B141 for ; Tue, 9 Oct 2018 11:09:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UYpsnGJdQeRf3tiu0ntsfYh9g30L4qsOnEf8qjDfkG8=; b=MQ61226Sk0sqKzRDWFBZpG7m0s7srGllMqF+1ifRLFt6XLXxBrVP1KeY/EkJ7PojQnYa07mZplBuCe64F0Zfs6qYj7EmOFkwe0Sa/vLMEYUSV1amPBn0sdL9poGPq64cfb7lbtR9AYpyucmbP8/ghgZWDAFtx0MMSYYM1LyqH/k= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from ajoseph83.caveonetworks.com.com (115.113.156.2) by BN7PR07MB4897.namprd07.prod.outlook.com (2603:10b6:406:ef::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.28; Tue, 9 Oct 2018 09:09:20 +0000 From: Anoob Joseph To: Akhil Goyal , Pablo de Lara , Thomas Monjalon Cc: Nithin Dabilpuram , Jerin Jacob , Narayana Prasad , Ankur Dwivedi , Anoob Joseph , Murthy NSSR , Ragothaman Jayaraman , Srisivasubramanian S , Tejasree Kondoj , dev@dpdk.org Date: Tue, 9 Oct 2018 14:37:44 +0530 Message-Id: <1539076076-19786-12-git-send-email-anoob.joseph@caviumnetworks.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1539076076-19786-1-git-send-email-anoob.joseph@caviumnetworks.com> References: <1538744363-30340-1-git-send-email-anoob.joseph@caviumnetworks.com> <1539076076-19786-1-git-send-email-anoob.joseph@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: PN1PR0101CA0004.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c00:e::14) To BN7PR07MB4897.namprd07.prod.outlook.com (2603:10b6:406:ef::26) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8be3d219-ecbc-45bc-6842-08d62dc6e80e X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BN7PR07MB4897; X-Microsoft-Exchange-Diagnostics: 1; BN7PR07MB4897; 3:Bl762Bx6WtVhKkYMRYnOUH/QKtpakHj5y4NupRydlGnXNFLOAHQI7PEJU8wC0duJu2nbBk9B3zvlRq2z/wzztia9fpGA3mnVa0eJkTDL5HdHTQOafjqYLrZ7faStuyeG6hncVsCOWsbQaGJlJQ0npnXIbkTqJVCgAqS2IKb7WYQUKTAn0JUAxtxVs6WlFY0WzP9hkA8WbJQSp6zHo56HzXUefLZLAxtmIlaf34o8cZ9zozi02ZoL8Y1ZtVRzB7fF; 25:9fma3BkcWmu2zz0GeecwEQA0ItxDjZpqGtL2f3dgklMO2Lp5ySkLnUXAG4IrLzU/hgRNSsV+31cNQz6Tw/0pvSaoJr+Z3B6mEDaeUDYvZpLe1oy1umPk4kfQLLOygdSM12CGbYKO9Vt6f0T0f1YT1SUTYUzQ4SbvHM7cLyDfLSzFWBkJOYirAtJrVxjaJltOroCnqhuA9INDPegtdVgI0bPhM3mtaDrAij0eBF/lxsCLLi3Gw6drXOxEr4PeVZz+AeYM4F1C+ktgAcuVO0x9pbStE4oxoj75S1mjhWWswWXKr76yAIsGIxc2ytH0iiwCjpzEP8jRHh9anibqGvXExA==; 31:ZpEyFVL2X2v/pRqliODnA6Jia9BV4Bcx7S8tHj7fwCrilUjhRDBQAdS/HBho+2VandbXF129+0tukVrld3RLCfpOUzQVoWbeWBSX9oOTZubO9fZ/jlIh/9EINGtsBdFKSnXbWyh+VWrPZOgHgeQVcXirKh5Co0G+CYAMozLxMRj3Ggg01A4fNhlrTng1xp6rFQNVDOWeMhHykNDtLtpeavPtjDeiDj7Apzm+YuqZFfU= X-MS-TrafficTypeDiagnostic: BN7PR07MB4897: X-Microsoft-Exchange-Diagnostics: 1; BN7PR07MB4897; 20:dmpTjUnV3O2k9kQCkHnon/MHF3lX9nmrg1nlwAhCGw9mo30fTUt97x/UAHH6H+InSGD9ceQSonUgF/YO8cLz7gS6UAFGBn0AK5Sj2aq4qPAGqr1fPXW0P8W4FmuxesnBMPf+gODF6ZNYJAq79yXmTNrbsDAS8Q4xqC0eULvfElXwVt6XlCEUuO2JGSY3UOvO1xG1dOFfwF924rieNJg3dFgUMMw8yiA6Kih8Jckr1/zCj89V5cuUJnJymqNsm/xWuG5LuDq5o+CL6KtAQcTKKQ4s/JT+1f9zjd69A6UENQ6JZvSG7EYiw9TIEvWk2WvNnsdNbxeJmbDHy5MxotWKx8I7ErwIIUWLlMSRo9Fq6uwNy/N9eE5BKWK3fceDeOcUpSwxmfHWeKbgtOc5fr4I+/FFCpTBlwdPW54MvVpqfF/+2IXoxJwLTCsI+/Px+6NX3K8vI13fzJlP1HrhUNnXVe32fiLASrlXYrH/6jKGjTq0t/MGmMEl1n8/3oZ4YciNNHz1Lg5AoMYIE5IbV88LRf0fgUAEDQ/d5aZbm5Qqr99om6YuLJHQaFIBNdrINeii48wB1gOQ/IZmT5J0OenpAOrRAP4Pnh10+UipJpZS1u0=; 4:GHQkWO+CY5/7i02jA8qTE+/Ch3dZki1jn4en+eYqodm1un8lPmx5iSAlkiCoSyDGnMr7QzQcR9dZcplKnKezxT1aiPESGrnlg8hoJRNbofWElsqiXjzg9i8vzmmxy9MFsZFpUOfcAXhJLiRp128qxlr5fswCYoI0D3WrdXLH7OYmceiKesPvd3q8srnVS1wYCoel4X0l2uSoCU0LO0PnugZ7WdY9LFZ67AYgI4ALsNXo/h0wJ7WGKhxIUWwPyVGEFkB/JfFylaP9BKboKyU/4lhBUojPOIIs4ShTvGLBdHvl3tOjNvS8ugFvS5SYrzyD X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(163750095850); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(93006095)(10201501046)(3231355)(944501410)(52105095)(149066)(150057)(6041310)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123564045)(20161123558120)(201708071742011)(7699051); SRVR:BN7PR07MB4897; BCL:0; PCL:0; RULEID:; SRVR:BN7PR07MB4897; X-Forefront-PRVS: 08200063E9 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(376002)(136003)(346002)(39860400002)(199004)(189003)(42882007)(47776003)(106356001)(6666003)(186003)(5660300001)(26005)(68736007)(16526019)(8936002)(25786009)(6116002)(2906002)(81156014)(50226002)(305945005)(81166006)(7736002)(3846002)(105586002)(478600001)(8676002)(54906003)(110136005)(48376002)(16586007)(14444005)(575784001)(6486002)(6506007)(50466002)(316002)(53936002)(386003)(51416003)(52116002)(76176011)(11346002)(6512007)(44832011)(446003)(36756003)(55236004)(956004)(2616005)(4744004)(486006)(4326008)(66066001)(97736004)(72206003)(476003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR07MB4897; H:ajoseph83.caveonetworks.com.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN7PR07MB4897; 23:5dUUjeasUYd8ZePfpiwL59pD+4U47kvjJx7SJNSYU?= =?us-ascii?Q?3b/SjWMQ63DNFLMadw5hapdyS+FjDSAnYFlQ3zj5GreP7BhGGd3F51eODVfX?= =?us-ascii?Q?RZrjJ/3j3d+eAS3BPH4OrFh3ItVIihK3XbEMXNAIpZ0jzot1lyC7wTmFFvbC?= =?us-ascii?Q?LdeiV2HqyqW4lOVRXqP9TMcNhYc5bDr2UerXX0wKDYCqm7Fu9gPXGuCaxvwI?= =?us-ascii?Q?QyMCAeOO2IuISIakv28YjWSQmDcPqjuFEsbkhui5Ofxfv51kpyrkyA1PqHfH?= =?us-ascii?Q?aZ8g12COBiqB6VjAposp/e5g6gJiPYV7URYG5gtcQMtnJNSK7eIC4Wdkd+7R?= =?us-ascii?Q?oTShnwFj0VMpYTuNUSSMDZoxKO8s4oK7BDPMePRHmetCjaWLM3Sntt2XGleT?= =?us-ascii?Q?AKjaEdUhSKx8zkONC0FmMRp1ZIzT9hZBEGD8CgrGzhpSik1HbQrROMbUNCo/?= =?us-ascii?Q?ZVmiI8rPL3RWdlGFEPoOMCILjg+AQngr/zclt0GriaR8anWfeh+k+plMMnhs?= =?us-ascii?Q?O9cEhEjblJheArT3t5k8cvyead9r2ttjNvFvWWx05gS76tp3TuJV9O4B1G1a?= =?us-ascii?Q?4AGR6oFB8o6yLjvlDwOpymwVbcMUKHByKpbK9SQc5u5k5DAuJnQ24NX6yKmg?= =?us-ascii?Q?teZi6uxupUs/nckyYLntiZsedvdkaKr2hFAXuNejhDYy3NfdgKHwuB1lpO6P?= =?us-ascii?Q?KoG+aD7j74tQ50it+7QI6RZw3u3Y7CIK474ecm5gb82wzovAPYMBr7QajRGl?= =?us-ascii?Q?7L6o0UQrkS0hMMJYzMJZUV5CDgfZY2eFlgYSe/WLKZ3OhyVcbNAV/KvmoDZ+?= =?us-ascii?Q?8U3NIeS1i6jGScayF3K12sT6sT/vOrKdbkkQqR7XVN50WKcn0XTFzX9up32z?= =?us-ascii?Q?R1t0rFHqlM8I7RvyfE5egyOa20NS3sfAI/qrxO99LJ+QtogeA/YOsZJIRCsU?= =?us-ascii?Q?NpMaMq8ex5zlRIf9NPsOz6Nc8AAdByZJn3YzP5bcf3raizNmiYGtnf/+xZtD?= =?us-ascii?Q?Pdwt3tuyMqjC7UUUQDSjiGLEo2SKW/Ubt6aNOeQ7ge5xQWYQfnfY0eStrRJ/?= =?us-ascii?Q?Xg7WDatgjfWeoOWJMpJTsXRbwSgRamSAZwABqaYR/ei9t+3H2fuTZMg5UMiU?= =?us-ascii?Q?nqwgWmuqyHSmgG+bDnU3NdtIlprmZInion1OWOotk012OL2tssJO1N2a146A?= =?us-ascii?Q?2vKeLeBqe7n9x3PYAXju68jAkXeDEje/Adv9njM5CCevW6F74XyKo8H71zuc?= =?us-ascii?Q?DVuG3zRG72dNsUhbst70Nh6nQcj3XGhEDFeh/Izh8kDc6DmiW3KA7CXGCFpv?= =?us-ascii?Q?h58xaGOwEvjUxsrWO4AQ5A=3D?= X-Microsoft-Antispam-Message-Info: lT5PBt3tyYP1d4KVm4WyzKVtjfXwi8SvWKTQeyfUweCcMQah0auh8IyBUImIzwuqbD8E26xd8EJMG8M0rDMSX2/d6RXiKkZY9e0pghPGU9E7MuueUaR3v3AlIrqAEpjFMR2cmnKwIGVSbfSb4A3ayh0b/X0I93awVcJF41hmNZ6PGc/cp4Ijt+4NW1zHIhiiffy2B7EhdxxhBBelCoaTa4DxuXE/YCshJhC0GmSxNk0iyuXLyinpET5Os+SMMhByytY4IbjBARnYTo96rip4XNFIvvCx04EwEbh2JXx8/WXmRmJUpHIYIJXssIHMnYgEnwDogoKdqy3vUqBhB7ndKY4Lr859T1AEqs+HrdbA68Y= X-Microsoft-Exchange-Diagnostics: 1; BN7PR07MB4897; 6:FkLdQiVWAaRsfsMRpc1BDizDkiIKsAAt0ZSoFzwfDWIfigyl0NRZEBnGIXvcy7y20eDGzJGM5tv1ZY0tWiyRYbLVllFembQ1PmYqQXgANCeRR1+LSDMFTgWi0vYsMRlCsqpLl9w1EiVE8280lH6ihk08nWzHr/e95on4Jmp7Od8YdPR5yLXnb4lIRLWr2H2kMcVekZqiW47sJIYk6jZErLJN+45Qb24ST+AAtOdzkijZ06ZbvRMDbVxyHY+J9F0fOJO+mACo01k1RlthEX40vb/IT7JThJSr3tvJWcXuCCkACSVsU9d8jpP58y3biaI1EmgzUOkq/nfvo7NfowdZaCddRm4J3zgOl1ZZBsxI5V2hSm/EthItRW/SdbnBZAaqfn7TfckdBZgqo5eHgqpsXXEt42R0SNSeOWMKPXQb3sslZddqEeJrMEYu4RUVTmKkx/2K+Pv7LPckvgF+ZDJpAw==; 5:6xhNb0/eS6tqpBpRgQQmEGcRhppn70zdL4bDeRXAm2vVTO06BGstWixxXkqfkO+VcUsH5UTNe1XnmyCRZmDPLXoTtSJrqyNTnbcpRAKTJvjQ2UsiYA4h4TR+Z8tKsFREFhJCbdZZ27aYZozQQCBnVpFLs1TcEgl77AFnBV3bfJg=; 7:lnbHo0dNtpPK0bopEHfP4jxvTFMkqaPt7dJZZw8LqUj1+A01ToGoccO33kKIju9y5ooER6Qq9HAamBG9tLCiA4KeikwVttywAwJXUln+geZtNMTbBaKWVvvhW4/1tx47lb4IYGV27vowvPinW96wLqyz9CVhhTC/tkj8efdst0qIfq2FeffP/XqV13Elv5jQ1KeEGQbSIdUR7KFBmC1+fz0xprK7qubcVmyXGf1WRZTFs6GTdfO53rvvyjSbTRLZ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Oct 2018 09:09:20.5743 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8be3d219-ecbc-45bc-6842-08d62dc6e80e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR07MB4897 Subject: [dpdk-dev] [PATCH v4 11/23] crypto/octeontx: add supported sessions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Oct 2018 09:09:26 -0000 From: Nithin Dabilpuram Adding AEAD, cipher & auth sessions support. Signed-off-by: Ankur Dwivedi Signed-off-by: Anoob Joseph Signed-off-by: Murthy NSSR Signed-off-by: Nithin Dabilpuram Signed-off-by: Ragothaman Jayaraman Signed-off-by: Srisivasubramanian S Signed-off-by: Tejasree Kondoj --- drivers/common/cpt/cpt_mcode_defines.h | 90 ++++ drivers/common/cpt/cpt_ucode.h | 669 ++++++++++++++++++++++++++++ drivers/crypto/octeontx/otx_cryptodev_ops.c | 17 + 3 files changed, 776 insertions(+) diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index 235320c..50657a2 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -25,9 +25,88 @@ #define SG_LIST_HDR_SIZE (8u) #define SG_ENTRY_SIZE sizeof(sg_comp_t) +#define CPT_DMA_MODE (1 << 7) + +#define CPT_FROM_CTX 0 +#define CPT_FROM_DPTR 1 + +#define FC_GEN 0x1 +#define ZUC_SNOW3G 0x2 +#define KASUMI 0x3 +#define HASH_HMAC 0x4 + +#define ZS_EA 0x1 +#define ZS_IA 0x2 +#define K_F8 0x4 +#define K_F9 0x8 + +#define CPT_OP_CIPHER_ENCRYPT 0x1 +#define CPT_OP_CIPHER_DECRYPT 0x2 +#define CPT_OP_CIPHER_MASK 0x3 + +#define CPT_OP_AUTH_VERIFY 0x4 +#define CPT_OP_AUTH_GENERATE 0x8 +#define CPT_OP_AUTH_MASK 0xC + +#define CPT_OP_ENCODE (CPT_OP_CIPHER_ENCRYPT | CPT_OP_AUTH_GENERATE) +#define CPT_OP_DECODE (CPT_OP_CIPHER_DECRYPT | CPT_OP_AUTH_VERIFY) + /* #define CPT_ALWAYS_USE_SG_MODE */ #define CPT_ALWAYS_USE_SEPARATE_BUF +typedef enum { + MD5_TYPE = 1, + SHA1_TYPE = 2, + SHA2_SHA224 = 3, + SHA2_SHA256 = 4, + SHA2_SHA384 = 5, + SHA2_SHA512 = 6, + GMAC_TYPE = 7, + XCBC_TYPE = 8, + SHA3_SHA224 = 10, + SHA3_SHA256 = 11, + SHA3_SHA384 = 12, + SHA3_SHA512 = 13, + SHA3_SHAKE256 = 14, + SHA3_SHAKE512 = 15, + + /* These are only for software use */ + ZUC_EIA3 = 0x90, + SNOW3G_UIA2 = 0x91, + KASUMI_F9_CBC = 0x92, + KASUMI_F9_ECB = 0x93, +} mc_hash_type_t; + +typedef enum { + /* To support passthrough */ + PASSTHROUGH = 0x0, + /* + * These are defined by MC for Flexi crypto + * for field of 4 bits + */ + DES3_CBC = 0x1, + DES3_ECB = 0x2, + AES_CBC = 0x3, + AES_ECB = 0x4, + AES_CFB = 0x5, + AES_CTR = 0x6, + AES_GCM = 0x7, + AES_XTS = 0x8, + + /* These are only for software use */ + ZUC_EEA3 = 0x90, + SNOW3G_UEA2 = 0x91, + KASUMI_F8_CBC = 0x92, + KASUMI_F8_ECB = 0x93, +} mc_cipher_type_t; + +typedef enum { + AES_128_BIT = 0x1, + AES_192_BIT = 0x2, + AES_256_BIT = 0x3 +} mc_aes_type_t; + + typedef struct sglist_comp { union { uint64_t len; @@ -152,6 +231,17 @@ struct cpt_ctx { uint8_t auth_key[64]; }; +typedef struct fc_params digest_params_t; + +/* Cipher Algorithms */ +typedef mc_cipher_type_t cipher_type_t; + +/* Auth Algorithms */ +typedef mc_hash_type_t auth_type_t; + #define CPT_P_ENC_CTRL(fctx) fctx->enc.enc_ctrl.e +#define SESS_PRIV(__sess) \ + (void *)((uint8_t *)__sess + sizeof(struct cpt_sess_misc)) + #endif /* _CPT_MCODE_DEFINES_H_ */ diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index e4f16fe..4bbb27a 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -12,6 +12,13 @@ * */ +static uint8_t zuc_d[32] = { + 0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E, + 0x57, 0x89, 0x35, 0xE2, 0x71, 0x35, 0x09, 0xAF, + 0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4, 0x1A, 0xF1, + 0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC +}; + static __rte_always_inline int cpt_is_algo_supported(struct rte_crypto_sym_xform *xform) { @@ -44,4 +51,666 @@ cpt_is_algo_supported(struct rte_crypto_sym_xform *xform) return 0; } +static __rte_always_inline void +gen_key_snow3g(uint8_t *ck, uint32_t *keyx) +{ + int i, base; + + for (i = 0; i < 4; i++) { + base = 4 * i; + keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) | + (ck[base + 2] << 8) | (ck[base + 3]); + keyx[3 - i] = rte_cpu_to_be_32(keyx[3 - i]); + } +} + +static __rte_always_inline int +cpt_fc_ciph_validate_key_aes(uint16_t key_len) +{ + switch (key_len) { + case CPT_BYTE_16: + case CPT_BYTE_24: + case CPT_BYTE_32: + return 0; + default: + return -1; + } +} + +static __rte_always_inline int +cpt_fc_ciph_validate_key(cipher_type_t type, struct cpt_ctx *cpt_ctx, + uint16_t key_len) +{ + int fc_type = 0; + switch (type) { + case PASSTHROUGH: + fc_type = FC_GEN; + break; + case DES3_CBC: + case DES3_ECB: + fc_type = FC_GEN; + break; + case AES_CBC: + case AES_ECB: + case AES_CFB: + case AES_CTR: + case AES_GCM: + if (unlikely(cpt_fc_ciph_validate_key_aes(key_len) != 0)) + return -1; + fc_type = FC_GEN; + break; + case AES_XTS: + key_len = key_len / 2; + if (unlikely(key_len == CPT_BYTE_24)) { + CPT_LOG_DP_ERR("Invalid AES key len for XTS"); + return -1; + } + if (unlikely(cpt_fc_ciph_validate_key_aes(key_len) != 0)) + return -1; + fc_type = FC_GEN; + break; + case ZUC_EEA3: + case SNOW3G_UEA2: + if (unlikely(key_len != 16)) + return -1; + /* No support for AEAD yet */ + if (unlikely(cpt_ctx->hash_type)) + return -1; + fc_type = ZUC_SNOW3G; + break; + case KASUMI_F8_CBC: + case KASUMI_F8_ECB: + if (unlikely(key_len != 16)) + return -1; + /* No support for AEAD yet */ + if (unlikely(cpt_ctx->hash_type)) + return -1; + fc_type = KASUMI; + break; + default: + return -1; + } + return fc_type; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_passthrough(struct cpt_ctx *cpt_ctx, mc_fc_context_t *fctx) +{ + cpt_ctx->enc_cipher = 0; + CPT_P_ENC_CTRL(fctx).enc_cipher = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_set_aes_key_type(mc_fc_context_t *fctx, uint16_t key_len) +{ + mc_aes_type_t aes_key_type = 0; + switch (key_len) { + case CPT_BYTE_16: + aes_key_type = AES_128_BIT; + break; + case CPT_BYTE_24: + aes_key_type = AES_192_BIT; + break; + case CPT_BYTE_32: + aes_key_type = AES_256_BIT; + break; + default: + /* This should not happen */ + CPT_LOG_DP_ERR("Invalid AES key len"); + return; + } + CPT_P_ENC_CTRL(fctx).aes_key = aes_key_type; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, uint8_t *key, + uint16_t key_len) +{ + uint32_t keyx[4]; + cpt_ctx->snow3g = 1; + gen_key_snow3g(key, keyx); + memcpy(cpt_ctx->zs_ctx.ci_key, keyx, key_len); + cpt_ctx->fc_type = ZUC_SNOW3G; + cpt_ctx->zsk_flags = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, uint8_t *key, + uint16_t key_len) +{ + cpt_ctx->snow3g = 0; + memcpy(cpt_ctx->zs_ctx.ci_key, key, key_len); + memcpy(cpt_ctx->zs_ctx.zuc_const, zuc_d, 32); + cpt_ctx->fc_type = ZUC_SNOW3G; + cpt_ctx->zsk_flags = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, uint8_t *key, + uint16_t key_len) +{ + cpt_ctx->k_ecb = 1; + memcpy(cpt_ctx->k_ctx.ci_key, key, key_len); + cpt_ctx->zsk_flags = 0; + cpt_ctx->fc_type = KASUMI; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key, + uint16_t key_len) +{ + memcpy(cpt_ctx->k_ctx.ci_key, key, key_len); + cpt_ctx->zsk_flags = 0; + cpt_ctx->fc_type = KASUMI; +} + +static __rte_always_inline int +cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, uint8_t *key, + uint16_t key_len, uint8_t *salt) +{ + struct cpt_ctx *cpt_ctx = ctx; + mc_fc_context_t *fctx = &cpt_ctx->fctx; + uint64_t *ctrl_flags = NULL; + int fc_type; + + /* Validate key before proceeding */ + fc_type = cpt_fc_ciph_validate_key(type, cpt_ctx, key_len); + if (unlikely(fc_type == -1)) + return -1; + + if (fc_type == FC_GEN) { + cpt_ctx->fc_type = FC_GEN; + ctrl_flags = (uint64_t *)&(fctx->enc.enc_ctrl.flags); + *ctrl_flags = rte_be_to_cpu_64(*ctrl_flags); + /* + * We need to always say IV is from DPTR as user can + * sometimes iverride IV per operation. + */ + CPT_P_ENC_CTRL(fctx).iv_source = CPT_FROM_DPTR; + } + + switch (type) { + case PASSTHROUGH: + cpt_fc_ciph_set_key_passthrough(cpt_ctx, fctx); + goto fc_success; + case DES3_CBC: + /* CPT performs DES using 3DES with the 8B DES-key + * replicated 2 more times to match the 24B 3DES-key. + * Eg. If org. key is "0x0a 0x0b", then new key is + * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b" + */ + if (key_len == 8) { + /* Skipping the first 8B as it will be copied + * in the regular code flow + */ + memcpy(fctx->enc.encr_key+key_len, key, key_len); + memcpy(fctx->enc.encr_key+2*key_len, key, key_len); + } + break; + case DES3_ECB: + /* For DES3_ECB IV need to be from CTX. */ + CPT_P_ENC_CTRL(fctx).iv_source = CPT_FROM_CTX; + break; + case AES_CBC: + case AES_ECB: + case AES_CFB: + case AES_CTR: + cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); + break; + case AES_GCM: + /* Even though iv source is from dptr, + * aes_gcm salt is taken from ctx + */ + if (salt) { + memcpy(fctx->enc.encr_iv, salt, 4); + /* Assuming it was just salt update + * and nothing else + */ + if (!key) + goto fc_success; + } + cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); + break; + case AES_XTS: + key_len = key_len / 2; + cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); + + /* Copy key2 for XTS into ipad */ + memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); + memcpy(fctx->hmac.ipad, &key[key_len], key_len); + break; + case SNOW3G_UEA2: + cpt_fc_ciph_set_key_snow3g_uea2(cpt_ctx, key, key_len); + goto success; + case ZUC_EEA3: + cpt_fc_ciph_set_key_zuc_eea3(cpt_ctx, key, key_len); + goto success; + case KASUMI_F8_ECB: + cpt_fc_ciph_set_key_kasumi_f8_ecb(cpt_ctx, key, key_len); + goto success; + case KASUMI_F8_CBC: + cpt_fc_ciph_set_key_kasumi_f8_cbc(cpt_ctx, key, key_len); + goto success; + default: + break; + } + + /* Only for FC_GEN case */ + + /* For GMAC auth, cipher must be NULL */ + if (cpt_ctx->hash_type != GMAC_TYPE) + CPT_P_ENC_CTRL(fctx).enc_cipher = type; + + memcpy(fctx->enc.encr_key, key, key_len); + +fc_success: + *ctrl_flags = rte_cpu_to_be_64(*ctrl_flags); + +success: + cpt_ctx->enc_cipher = type; + + return 0; +} + +static __rte_always_inline int +cpt_fc_auth_set_key(void *ctx, auth_type_t type, uint8_t *key, + uint16_t key_len, uint16_t mac_len) +{ + struct cpt_ctx *cpt_ctx = ctx; + mc_fc_context_t *fctx = &cpt_ctx->fctx; + uint64_t *ctrl_flags = NULL; + + if ((type >= ZUC_EIA3) && (type <= KASUMI_F9_ECB)) { + uint32_t keyx[4]; + + if (key_len != 16) + return -1; + /* No support for AEAD yet */ + if (cpt_ctx->enc_cipher) + return -1; + /* For ZUC/SNOW3G/Kasumi */ + switch (type) { + case SNOW3G_UIA2: + cpt_ctx->snow3g = 1; + gen_key_snow3g(key, keyx); + memcpy(cpt_ctx->zs_ctx.ci_key, keyx, key_len); + cpt_ctx->fc_type = ZUC_SNOW3G; + cpt_ctx->zsk_flags = 0x1; + break; + case ZUC_EIA3: + cpt_ctx->snow3g = 0; + memcpy(cpt_ctx->zs_ctx.ci_key, key, key_len); + memcpy(cpt_ctx->zs_ctx.zuc_const, zuc_d, 32); + cpt_ctx->fc_type = ZUC_SNOW3G; + cpt_ctx->zsk_flags = 0x1; + break; + case KASUMI_F9_ECB: + /* Kasumi ECB mode */ + cpt_ctx->k_ecb = 1; + memcpy(cpt_ctx->k_ctx.ci_key, key, key_len); + cpt_ctx->fc_type = KASUMI; + cpt_ctx->zsk_flags = 0x1; + break; + case KASUMI_F9_CBC: + memcpy(cpt_ctx->k_ctx.ci_key, key, key_len); + cpt_ctx->fc_type = KASUMI; + cpt_ctx->zsk_flags = 0x1; + break; + default: + return -1; + } + cpt_ctx->mac_len = 4; + cpt_ctx->hash_type = type; + return 0; + } + + if (!(cpt_ctx->fc_type == FC_GEN && !type)) { + if (!cpt_ctx->fc_type || !cpt_ctx->enc_cipher) + cpt_ctx->fc_type = HASH_HMAC; + } + + ctrl_flags = (uint64_t *)&fctx->enc.enc_ctrl.flags; + *ctrl_flags = rte_be_to_cpu_64(*ctrl_flags); + + /* For GMAC auth, cipher must be NULL */ + if (type == GMAC_TYPE) + CPT_P_ENC_CTRL(fctx).enc_cipher = 0; + + CPT_P_ENC_CTRL(fctx).hash_type = cpt_ctx->hash_type = type; + CPT_P_ENC_CTRL(fctx).mac_len = cpt_ctx->mac_len = mac_len; + + if (key_len) { + cpt_ctx->hmac = 1; + memset(cpt_ctx->auth_key, 0, sizeof(cpt_ctx->auth_key)); + memcpy(cpt_ctx->auth_key, key, key_len); + cpt_ctx->auth_key_len = key_len; + memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); + memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad)); + memcpy(fctx->hmac.opad, key, key_len); + CPT_P_ENC_CTRL(fctx).auth_input_type = 1; + } + *ctrl_flags = rte_cpu_to_be_64(*ctrl_flags); + return 0; +} + +static __rte_always_inline int +fill_sess_aead(struct rte_crypto_sym_xform *xform, + struct cpt_sess_misc *sess) +{ + struct rte_crypto_aead_xform *aead_form; + cipher_type_t enc_type = 0; /* NULL Cipher type */ + auth_type_t auth_type = 0; /* NULL Auth type */ + uint32_t cipher_key_len = 0; + uint8_t zsk_flag = 0, aes_gcm = 0; + aead_form = &xform->aead; + void *ctx; + + if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT && + aead_form->algo == RTE_CRYPTO_AEAD_AES_GCM) { + sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT; + sess->cpt_op |= CPT_OP_AUTH_GENERATE; + } else if (aead_form->op == RTE_CRYPTO_AEAD_OP_DECRYPT && + aead_form->algo == RTE_CRYPTO_AEAD_AES_GCM) { + sess->cpt_op |= CPT_OP_CIPHER_DECRYPT; + sess->cpt_op |= CPT_OP_AUTH_VERIFY; + } else { + CPT_LOG_DP_ERR("Unknown cipher operation\n"); + return -1; + } + switch (aead_form->algo) { + case RTE_CRYPTO_AEAD_AES_GCM: + enc_type = AES_GCM; + cipher_key_len = 16; + aes_gcm = 1; + break; + case RTE_CRYPTO_AEAD_AES_CCM: + CPT_LOG_DP_ERR("Crypto: Unsupported cipher algo %u", + aead_form->algo); + return -1; + default: + CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified", + aead_form->algo); + return -1; + } + if (aead_form->key.length < cipher_key_len) { + CPT_LOG_DP_ERR("Invalid cipher params keylen %lu", + (unsigned int long)aead_form->key.length); + return -1; + } + sess->zsk_flag = zsk_flag; + sess->aes_gcm = aes_gcm; + sess->mac_len = aead_form->digest_length; + sess->iv_offset = aead_form->iv.offset; + sess->iv_length = aead_form->iv.length; + sess->aad_length = aead_form->aad_length; + ctx = (void *)((uint8_t *)sess + sizeof(struct cpt_sess_misc)), + + cpt_fc_ciph_set_key(ctx, enc_type, aead_form->key.data, + aead_form->key.length, NULL); + + cpt_fc_auth_set_key(ctx, auth_type, NULL, 0, aead_form->digest_length); + + return 0; +} + +static __rte_always_inline int +fill_sess_cipher(struct rte_crypto_sym_xform *xform, + struct cpt_sess_misc *sess) +{ + struct rte_crypto_cipher_xform *c_form; + cipher_type_t enc_type = 0; /* NULL Cipher type */ + uint32_t cipher_key_len = 0; + uint8_t zsk_flag = 0, aes_gcm = 0, aes_ctr = 0, is_null = 0; + + if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) + return -1; + + c_form = &xform->cipher; + + if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT; + else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) + sess->cpt_op |= CPT_OP_CIPHER_DECRYPT; + else { + CPT_LOG_DP_ERR("Unknown cipher operation\n"); + return -1; + } + + switch (c_form->algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + enc_type = AES_CBC; + cipher_key_len = 16; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + enc_type = DES3_CBC; + cipher_key_len = 24; + break; + case RTE_CRYPTO_CIPHER_DES_CBC: + /* DES is implemented using 3DES in hardware */ + enc_type = DES3_CBC; + cipher_key_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + enc_type = AES_CTR; + cipher_key_len = 16; + aes_ctr = 1; + break; + case RTE_CRYPTO_CIPHER_NULL: + enc_type = 0; + is_null = 1; + break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + enc_type = KASUMI_F8_ECB; + cipher_key_len = 16; + zsk_flag = K_F8; + break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + enc_type = SNOW3G_UEA2; + cipher_key_len = 16; + zsk_flag = ZS_EA; + break; + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + enc_type = ZUC_EEA3; + cipher_key_len = 16; + zsk_flag = ZS_EA; + break; + case RTE_CRYPTO_CIPHER_AES_XTS: + enc_type = AES_XTS; + cipher_key_len = 16; + break; + case RTE_CRYPTO_CIPHER_3DES_ECB: + enc_type = DES3_ECB; + cipher_key_len = 24; + break; + case RTE_CRYPTO_CIPHER_AES_ECB: + enc_type = AES_ECB; + cipher_key_len = 16; + break; + case RTE_CRYPTO_CIPHER_3DES_CTR: + case RTE_CRYPTO_CIPHER_AES_F8: + case RTE_CRYPTO_CIPHER_ARC4: + CPT_LOG_DP_ERR("Crypto: Unsupported cipher algo %u", + c_form->algo); + return -1; + default: + CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified", + c_form->algo); + return -1; + } + + if (c_form->key.length < cipher_key_len) { + CPT_LOG_DP_ERR("Invalid cipher params keylen %lu", + (unsigned long) c_form->key.length); + return -1; + } + + sess->zsk_flag = zsk_flag; + sess->aes_gcm = aes_gcm; + sess->aes_ctr = aes_ctr; + sess->iv_offset = c_form->iv.offset; + sess->iv_length = c_form->iv.length; + sess->is_null = is_null; + + cpt_fc_ciph_set_key(SESS_PRIV(sess), enc_type, c_form->key.data, + c_form->key.length, NULL); + + return 0; +} + +static __rte_always_inline int +fill_sess_auth(struct rte_crypto_sym_xform *xform, + struct cpt_sess_misc *sess) +{ + struct rte_crypto_auth_xform *a_form; + auth_type_t auth_type = 0; /* NULL Auth type */ + uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + + if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) + goto error_out; + + a_form = &xform->auth; + + if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) + sess->cpt_op |= CPT_OP_AUTH_VERIFY; + else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE) + sess->cpt_op |= CPT_OP_AUTH_GENERATE; + else { + CPT_LOG_DP_ERR("Unknown auth operation"); + return -1; + } + + if (a_form->key.length > 64) { + CPT_LOG_DP_ERR("Auth key length is big"); + return -1; + } + + switch (a_form->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + /* Fall through */ + case RTE_CRYPTO_AUTH_SHA1: + auth_type = SHA1_TYPE; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_SHA256: + auth_type = SHA2_SHA256; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA512: + auth_type = SHA2_SHA512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + auth_type = GMAC_TYPE; + aes_gcm = 1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_SHA224: + auth_type = SHA2_SHA224; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + case RTE_CRYPTO_AUTH_SHA384: + auth_type = SHA2_SHA384; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + case RTE_CRYPTO_AUTH_MD5: + auth_type = MD5_TYPE; + break; + case RTE_CRYPTO_AUTH_KASUMI_F9: + auth_type = KASUMI_F9_ECB; + /* + * Indicate that direction needs to be taken out + * from end of src + */ + zsk_flag = K_F9; + break; + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + auth_type = SNOW3G_UIA2; + zsk_flag = ZS_IA; + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + auth_type = ZUC_EIA3; + zsk_flag = ZS_IA; + break; + case RTE_CRYPTO_AUTH_NULL: + auth_type = 0; + is_null = 1; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_AES_CMAC: + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + CPT_LOG_DP_ERR("Crypto: Unsupported hash algo %u", + a_form->algo); + goto error_out; + default: + CPT_LOG_DP_ERR("Crypto: Undefined Hash algo %u specified", + a_form->algo); + goto error_out; + } + + sess->zsk_flag = zsk_flag; + sess->aes_gcm = aes_gcm; + sess->mac_len = a_form->digest_length; + sess->is_null = is_null; + if (zsk_flag) { + sess->auth_iv_offset = a_form->iv.offset; + sess->auth_iv_length = a_form->iv.length; + } + cpt_fc_auth_set_key(SESS_PRIV(sess), auth_type, a_form->key.data, + a_form->key.length, a_form->digest_length); + + return 0; + +error_out: + return -1; +} + +static __rte_always_inline int +fill_sess_gmac(struct rte_crypto_sym_xform *xform, + struct cpt_sess_misc *sess) +{ + struct rte_crypto_auth_xform *a_form; + cipher_type_t enc_type = 0; /* NULL Cipher type */ + auth_type_t auth_type = 0; /* NULL Auth type */ + uint8_t zsk_flag = 0, aes_gcm = 0; + void *ctx; + + if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -1; + + a_form = &xform->auth; + + if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE) + sess->cpt_op |= CPT_OP_ENCODE; + else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) + sess->cpt_op |= CPT_OP_DECODE; + else { + CPT_LOG_DP_ERR("Unknown auth operation"); + return -1; + } + + switch (a_form->algo) { + case RTE_CRYPTO_AUTH_AES_GMAC: + enc_type = AES_GCM; + auth_type = GMAC_TYPE; + break; + default: + CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified", + a_form->algo); + return -1; + } + + sess->zsk_flag = zsk_flag; + sess->aes_gcm = aes_gcm; + sess->is_gmac = 1; + sess->iv_offset = a_form->iv.offset; + sess->iv_length = a_form->iv.length; + sess->mac_len = a_form->digest_length; + ctx = (void *)((uint8_t *)sess + sizeof(struct cpt_sess_misc)), + + cpt_fc_ciph_set_key(ctx, enc_type, a_form->key.data, + a_form->key.length, NULL); + cpt_fc_auth_set_key(ctx, auth_type, NULL, 0, a_form->digest_length); + + return 0; +} + #endif /*_CPT_UCODE_H_ */ diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index 653f372..16fad49 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -293,6 +293,23 @@ otx_cpt_session_cfg(struct rte_cryptodev *dev, chain = xform; while (chain) { switch (chain->type) { + case RTE_CRYPTO_SYM_XFORM_AEAD: + if (fill_sess_aead(chain, sess_private_data)) + goto err; + break; + case RTE_CRYPTO_SYM_XFORM_CIPHER: + if (fill_sess_cipher(chain, sess_private_data)) + goto err; + break; + case RTE_CRYPTO_SYM_XFORM_AUTH: + if (chain->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (fill_sess_gmac(chain, sess_private_data)) + goto err; + } else { + if (fill_sess_auth(chain, sess_private_data)) + goto err; + } + break; default: CPT_LOG_ERR("Invalid crypto xform type"); break; -- 2.7.4