From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id CA1C3A3160 for ; Fri, 11 Oct 2019 15:02:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 352CA1EAB1; Fri, 11 Oct 2019 15:02:17 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 65B991EAC6 for ; Fri, 11 Oct 2019 15:02:15 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9BD08Nd013246; Fri, 11 Oct 2019 06:02:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=gCOLlAFhJPOua78e1KtXTvEeARzO2wfLG5E5/tb4usE=; b=egzD6MQRdrwbKLwE+5Gg8Nq5svxbqhFqMa03s6fO9wvnoWrITFl9i+CTTfvdN6UKlSsI VGeJoo22mvq7jD9su5XZ29w2/iy6/p/celq0H+NjGx5pnpOv+zycGa5hNvhypBjshK69 TtKB00lQkDDz3KmbQPQqLKsdq85GvDC2MmZ2O7Iw/ezVpBLJtzuTYflyyZB1nHoLzSnS bOPSPFqKJLWfNUx9QrS+ZWtAnImds6Gi7KAsGhwSIGOnyyBMq0pTWs3Jt1B30GEroIlt 5lfltH3psPzZZ6DoN+sxMwJPpu0zXfeZ+3DwuYR5K9dZUMcMsP7e8+hKUKRzJ1L7hSOP aQ== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0a-0016f401.pphosted.com with ESMTP id 2vjj6v1pnb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 11 Oct 2019 06:02:14 -0700 Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 11 Oct 2019 06:02:13 -0700 Received: from maili.marvell.com (10.93.176.43) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server id 15.0.1367.3 via Frontend Transport; Fri, 11 Oct 2019 06:02:13 -0700 Received: from ajoseph83.caveonetworks.com.com (unknown [10.29.45.60]) by maili.marvell.com (Postfix) with ESMTP id C40DE3F7040; Fri, 11 Oct 2019 06:02:09 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Pablo de Lara CC: Kanaka Durga Kotamarthy , Jerin Jacob , Narayana Prasad , Sunila Sahu , Shally Verma , Fiona Trahe , , Anoob Joseph Date: Fri, 11 Oct 2019 18:31:33 +0530 Message-ID: <1570798896-18974-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1570798896-18974-1-git-send-email-anoobj@marvell.com> References: <1568035687-25492-1-git-send-email-anoobj@marvell.com> <1570798896-18974-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-11_08:2019-10-10,2019-10-11 signatures=0 Subject: [dpdk-dev] [PATCH v2 2/5] crypto/octeontx: add asymmetric session operations X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Kanaka Durga Kotamarthy Add asymmetric session setup and free functions. RSA and modexp operations are supported. Signed-off-by: Anoob Joseph Signed-off-by: Kanaka Durga Kotamarthy Signed-off-by: Sunila Sahu --- doc/guides/cryptodevs/features/octeontx.ini | 6 +- doc/guides/cryptodevs/octeontx.rst | 10 +- drivers/common/cpt/cpt_mcode_defines.h | 9 ++ drivers/common/cpt/cpt_ucode_asym.h | 171 +++++++++++++++++++++ .../crypto/octeontx/otx_cryptodev_capabilities.c | 47 +++++- .../crypto/octeontx/otx_cryptodev_capabilities.h | 5 +- drivers/crypto/octeontx/otx_cryptodev_ops.c | 71 ++++++++- 7 files changed, 307 insertions(+), 12 deletions(-) create mode 100644 drivers/common/cpt/cpt_ucode_asym.h diff --git a/doc/guides/cryptodevs/features/octeontx.ini b/doc/guides/cryptodevs/features/octeontx.ini index 1735b8f..1c036c5 100644 --- a/doc/guides/cryptodevs/features/octeontx.ini +++ b/doc/guides/cryptodevs/features/octeontx.ini @@ -5,11 +5,13 @@ ; [Features] Symmetric crypto = Y +Asymmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y In Place SGL = Y OOP SGL In LB Out = Y OOP SGL In SGL Out = Y +RSA PRIV OP KEY QT = Y ; ; Supported crypto algorithms of 'octeontx' crypto driver. @@ -64,4 +66,6 @@ AES GCM (256) = Y ; ; Supported Asymmetric algorithms of the 'octeontx' crypto driver. ; -[Asymmetric] \ No newline at end of file +[Asymmetric] +RSA = Y +Modular Exponentiation = Y diff --git a/doc/guides/cryptodevs/octeontx.rst b/doc/guides/cryptodevs/octeontx.rst index 1600a56..8f8126b 100644 --- a/doc/guides/cryptodevs/octeontx.rst +++ b/doc/guides/cryptodevs/octeontx.rst @@ -10,8 +10,8 @@ cryptographic operations to cryptographic accelerator units on poll mode driver enqueues the crypto request to this accelerator and dequeues the response once the operation is completed. -Supported Algorithms --------------------- +Supported Symmetric Crypto Algorithms +------------------------------------- Cipher Algorithms ~~~~~~~~~~~~~~~~~ @@ -53,6 +53,12 @@ AEAD Algorithms * ``RTE_CRYPTO_AEAD_AES_GCM`` +Supported Asymmetric Crypto Algorithms +-------------------------------------- + +* ``RTE_CRYPTO_ASYM_XFORM_RSA`` +* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` + Config flags ------------ diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index b7c3feb..d5b3c59 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -6,6 +6,7 @@ #define _CPT_MCODE_DEFINES_H_ #include +#include #include /* @@ -314,6 +315,14 @@ struct cpt_ctx { uint8_t auth_key[64]; }; +struct cpt_asym_sess_misc { + enum rte_crypto_asym_xform_type xfrm_type; + union { + struct rte_crypto_rsa_xform rsa_ctx; + struct rte_crypto_modex_xform mod_ctx; + }; +}; + /* Buffer pointer */ typedef struct buf_ptr { void *vaddr; diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h new file mode 100644 index 0000000..e0311f1 --- /dev/null +++ b/drivers/common/cpt/cpt_ucode_asym.h @@ -0,0 +1,171 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2019 Marvell International Ltd. + */ + +#ifndef _CPT_UCODE_ASYM_H_ +#define _CPT_UCODE_ASYM_H_ + +#include +#include +#include + +#include "cpt_mcode_defines.h" + +static __rte_always_inline void +cpt_modex_param_normalize(uint8_t **data, size_t *len) +{ + size_t i; + + /* Strip leading NUL bytes */ + + for (i = 0; i < *len; i++) { + if ((*data)[i] != 0) + break; + } + + *data += i; + *len -= i; +} + +static __rte_always_inline int +cpt_fill_modex_params(struct cpt_asym_sess_misc *sess, + struct rte_crypto_asym_xform *xform) +{ + struct rte_crypto_modex_xform *ctx = &sess->mod_ctx; + size_t exp_len = xform->modex.exponent.length; + size_t mod_len = xform->modex.modulus.length; + uint8_t *exp = xform->modex.exponent.data; + uint8_t *mod = xform->modex.modulus.data; + + cpt_modex_param_normalize(&mod, &mod_len); + cpt_modex_param_normalize(&exp, &exp_len); + + if (unlikely(exp_len == 0 || mod_len == 0)) + return -EINVAL; + + if (unlikely(exp_len > mod_len)) { + CPT_LOG_DP_ERR("Exponent length greater than modulus length is not supported"); + return -ENOTSUP; + } + + /* Allocate buffer to hold modexp params */ + ctx->modulus.data = rte_malloc(NULL, mod_len + exp_len, 0); + if (ctx->modulus.data == NULL) { + CPT_LOG_DP_ERR("Could not allocate buffer for modex params"); + return -ENOMEM; + } + + /* Set up modexp prime modulus and private exponent */ + + memcpy(ctx->modulus.data, mod, mod_len); + ctx->exponent.data = ctx->modulus.data + mod_len; + memcpy(ctx->exponent.data, exp, exp_len); + + ctx->modulus.length = mod_len; + ctx->exponent.length = exp_len; + + return 0; +} + +static __rte_always_inline int +cpt_fill_rsa_params(struct cpt_asym_sess_misc *sess, + struct rte_crypto_asym_xform *xform) +{ + struct rte_crypto_rsa_priv_key_qt qt = xform->rsa.qt; + struct rte_crypto_rsa_xform *xfrm_rsa = &xform->rsa; + struct rte_crypto_rsa_xform *rsa = &sess->rsa_ctx; + size_t mod_len = xfrm_rsa->n.length; + size_t exp_len = xfrm_rsa->e.length; + uint64_t total_size; + size_t len = 0; + + /* Make sure key length used is not more than mod_len/2 */ + if (qt.p.data != NULL) + len = (((mod_len / 2) < qt.p.length) ? len : qt.p.length); + + /* Total size required for RSA key params(n,e,(q,dQ,p,dP,qInv)) */ + total_size = mod_len + exp_len + 5 * len; + + /* Allocate buffer to hold all RSA keys */ + rsa->n.data = rte_malloc(NULL, total_size, 0); + if (rsa->n.data == NULL) { + CPT_LOG_DP_ERR("Could not allocate buffer for RSA keys"); + return -ENOMEM; + } + + /* Set up RSA prime modulus and public key exponent */ + memcpy(rsa->n.data, xfrm_rsa->n.data, mod_len); + rsa->e.data = rsa->n.data + mod_len; + memcpy(rsa->e.data, xfrm_rsa->e.data, exp_len); + + /* Private key in quintuple format */ + if (len != 0) { + rsa->qt.q.data = rsa->e.data + exp_len; + memcpy(rsa->qt.q.data, qt.q.data, qt.q.length); + rsa->qt.dQ.data = rsa->qt.q.data + qt.q.length; + memcpy(rsa->qt.dQ.data, qt.dQ.data, qt.dQ.length); + rsa->qt.p.data = rsa->qt.dQ.data + qt.dQ.length; + memcpy(rsa->qt.p.data, qt.p.data, qt.p.length); + rsa->qt.dP.data = rsa->qt.p.data + qt.p.length; + memcpy(rsa->qt.dP.data, qt.dP.data, qt.dP.length); + rsa->qt.qInv.data = rsa->qt.dP.data + qt.dP.length; + memcpy(rsa->qt.qInv.data, qt.qInv.data, qt.qInv.length); + + rsa->qt.q.length = qt.q.length; + rsa->qt.dQ.length = qt.dQ.length; + rsa->qt.p.length = qt.p.length; + rsa->qt.dP.length = qt.dP.length; + rsa->qt.qInv.length = qt.qInv.length; + } + rsa->n.length = mod_len; + rsa->e.length = exp_len; + + return 0; +} + +static __rte_always_inline int +cpt_fill_asym_session_parameters(struct cpt_asym_sess_misc *sess, + struct rte_crypto_asym_xform *xform) +{ + int ret; + + sess->xfrm_type = xform->xform_type; + + switch (xform->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + ret = cpt_fill_rsa_params(sess, xform); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + ret = cpt_fill_modex_params(sess, xform); + break; + default: + CPT_LOG_DP_ERR("Unsupported transform type"); + return -ENOTSUP; + } + return ret; +} + +static __rte_always_inline void +cpt_free_asym_session_parameters(struct cpt_asym_sess_misc *sess) +{ + struct rte_crypto_modex_xform *mod; + struct rte_crypto_rsa_xform *rsa; + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + rsa = &sess->rsa_ctx; + if (rsa->n.data) + rte_free(rsa->n.data); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + mod = &sess->mod_ctx; + if (mod->modulus.data) + rte_free(mod->modulus.data); + break; + default: + CPT_LOG_DP_ERR("Invalid transform type"); + break; + } +} + +#endif /* _CPT_UCODE_ASYM_H_ */ diff --git a/drivers/crypto/octeontx/otx_cryptodev_capabilities.c b/drivers/crypto/octeontx/otx_cryptodev_capabilities.c index c6d94c9..8c0358f 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_capabilities.c +++ b/drivers/crypto/octeontx/otx_cryptodev_capabilities.c @@ -6,7 +6,7 @@ #include "otx_cryptodev_capabilities.h" -static const struct rte_cryptodev_capabilities otx_capabilities[] = { +static const struct rte_cryptodev_capabilities otx_sym_capabilities[] = { /* Symmetric capabilities */ { /* NULL (AUTH) */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, @@ -597,8 +597,49 @@ static const struct rte_cryptodev_capabilities otx_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +static const struct rte_cryptodev_capabilities otx_asym_capabilities[] = { + /* Asymmetric capabilities */ + { /* RSA */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + {.modlen = { + .min = 17, + .max = 1024, + .increment = 1 + }, } + } + }, } + }, + { /* MOD_EXP */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .op_types = 0, + {.modlen = { + .min = 17, + .max = 1024, + .increment = 1 + }, } + } + }, } + }, + /* End of asymmetric capabilities */ + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + const struct rte_cryptodev_capabilities * -otx_get_capabilities(void) +otx_get_capabilities(uint64_t flags) { - return otx_capabilities; + if (flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO) + return otx_asym_capabilities; + else + return otx_sym_capabilities; + } diff --git a/drivers/crypto/octeontx/otx_cryptodev_capabilities.h b/drivers/crypto/octeontx/otx_cryptodev_capabilities.h index fc62821..439b50e 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_capabilities.h +++ b/drivers/crypto/octeontx/otx_cryptodev_capabilities.h @@ -8,10 +8,9 @@ #include /* - * Get capabilities list for the device - * + * Get capabilities list for the device, based on device type */ const struct rte_cryptodev_capabilities * -otx_get_capabilities(void); +otx_get_capabilities(uint64_t flags); #endif /* _OTX_CRYPTODEV_CAPABILITIES_H_ */ diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index 4c6e266..4b58c85 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -18,6 +18,7 @@ #include "cpt_pmd_logs.h" #include "cpt_ucode.h" +#include "cpt_ucode_asym.h" /* Forward declarations */ @@ -105,7 +106,7 @@ otx_cpt_dev_info_get(struct rte_cryptodev *dev, struct rte_cryptodev_info *info) if (info != NULL) { info->max_nb_queue_pairs = CPT_NUM_QS_PER_VF; info->feature_flags = dev->feature_flags; - info->capabilities = otx_get_capabilities(); + info->capabilities = otx_get_capabilities(info->feature_flags); info->sym.max_nb_sessions = 0; info->driver_id = otx_cryptodev_driver_id; info->min_mbuf_headroom_req = OTX_CPT_MIN_HEADROOM_REQ; @@ -285,6 +286,65 @@ otx_cpt_session_clear(struct rte_cryptodev *dev, } } +static unsigned int +otx_cpt_asym_session_size_get(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct cpt_asym_sess_misc); +} + +static int +otx_cpt_asym_session_cfg(struct rte_cryptodev *dev, + struct rte_crypto_asym_xform *xform __rte_unused, + struct rte_cryptodev_asym_session *sess, + struct rte_mempool *pool) +{ + struct cpt_asym_sess_misc *priv; + int ret; + + CPT_PMD_INIT_FUNC_TRACE(); + + if (rte_mempool_get(pool, (void **)&priv)) { + CPT_LOG_ERR("Could not allocate session private data"); + return -ENOMEM; + } + + memset(priv, 0, sizeof(struct cpt_asym_sess_misc)); + + ret = cpt_fill_asym_session_parameters(priv, xform); + if (ret) { + CPT_LOG_ERR("Could not configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(pool, priv); + return ret; + } + + set_asym_session_private_data(sess, dev->driver_id, priv); + return 0; +} + +static void +otx_cpt_asym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_asym_session *sess) +{ + struct cpt_asym_sess_misc *priv; + struct rte_mempool *sess_mp; + + CPT_PMD_INIT_FUNC_TRACE(); + + priv = get_asym_session_private_data(sess, dev->driver_id); + + if (priv == NULL) + return; + + /* Free resources allocated during session configure */ + cpt_free_asym_session_parameters(priv); + memset(priv, 0, otx_cpt_asym_session_size_get(dev)); + sess_mp = rte_mempool_from_obj(priv); + set_asym_session_private_data(sess, dev->driver_id, NULL); + rte_mempool_put(sess_mp, priv); +} + static __rte_always_inline int32_t __hot otx_cpt_request_enqueue(struct cpt_instance *instance, struct pending_queue *pqueue, @@ -584,7 +644,11 @@ static struct rte_cryptodev_ops cptvf_ops = { /* Crypto related operations */ .sym_session_get_size = otx_cpt_get_session_size, .sym_session_configure = otx_cpt_session_cfg, - .sym_session_clear = otx_cpt_session_clear + .sym_session_clear = otx_cpt_session_clear, + + .asym_session_get_size = otx_cpt_asym_session_size_get, + .asym_session_configure = otx_cpt_asym_session_cfg, + .asym_session_clear = otx_cpt_asym_session_clear, }; int @@ -635,7 +699,8 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev) case OTX_CPT_VF_TYPE_AE: /* Set asymmetric cpt feature flags */ c_dev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | - RTE_CRYPTODEV_FF_HW_ACCELERATED; + RTE_CRYPTODEV_FF_HW_ACCELERATED | + RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT; break; case OTX_CPT_VF_TYPE_SE: /* Set symmetric cpt feature flags */ -- 2.7.4