From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9D9C7A0524; Wed, 2 Jun 2021 18:45:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0DB5E410E3; Wed, 2 Jun 2021 18:44:59 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 28AD0410E7 for ; Wed, 2 Jun 2021 18:44:58 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 152GaK25032426; Wed, 2 Jun 2021 09:44:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=yafyg0gHxADT2QoTcfE7wEkBxcw04g39m2RvWOQ6vtg=; b=VqZYMHeUu5ZvyB+Y0uU5jd82Mwc5dvma3rzp4Sr7pkWwMseH/N+4vhNR8FB7KMDZcIZo +ctX9hsQ7hwhae0u7bGaofP4ajp+iXQmrkE62mMHaVPbgil/kKNA4igv/obd0Cm2IEIv z2f8Brb7ZH2bYiJaNZw0g/k/FSXh4kn01FnwxTCLaQvZ6QhPofC5Qcpyvfghh+owlHsE 82DvDN5Prj2LWAncvcFUbY/qw2Pjou9kEoFHWlvEcXycnOjWirGVb5co9gxnAw70aecg 2EFoxw+L4vCd1I48NqQimc6UyBJawZlwPAVTolK57ZOEkk0ngcjWoDFP6YICjoMrxN1F wQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 38wufgur0b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 02 Jun 2021 09:44:57 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Jun 2021 09:44:55 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 2 Jun 2021 09:44:55 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.1]) by maili.marvell.com (Postfix) with ESMTP id B07083F703F; Wed, 2 Jun 2021 09:44:50 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Anoob Joseph , Jerin Jacob , "Ankur Dwivedi" , Tejasree Kondoj , , Archana Muniganti Date: Wed, 2 Jun 2021 22:13:30 +0530 Message-ID: <1622652221-22732-10-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1622652221-22732-1-git-send-email-anoobj@marvell.com> References: <1622652221-22732-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: 4F9CitTT4xfymVmPyVXjdKBODl4bjupf X-Proofpoint-GUID: 4F9CitTT4xfymVmPyVXjdKBODl4bjupf X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-06-02_09:2021-06-02, 2021-06-02 signatures=0 Subject: [dpdk-dev] [PATCH 09/20] crypto/cnxk: add cipher operation in session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for cipher operation in session. Signed-off-by: Ankur Dwivedi Signed-off-by: Anoob Joseph Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 3 + drivers/crypto/cnxk/cnxk_se.h | 386 +++++++++++++++++++++++++++++++ 2 files changed, 389 insertions(+) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index c2e07cf..4e29396 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -441,6 +441,9 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, sess_priv = priv; switch (ret) { + case CNXK_CPT_CIPHER: + ret = fill_sess_cipher(xform, sess_priv); + break; default: ret = -1; } diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index 9cccab0..f14016c 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -28,4 +28,390 @@ struct cnxk_se_sess { struct roc_se_ctx roc_se_ctx; } __rte_cache_aligned; +static uint8_t zuc_d[32] = {0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E, + 0x57, 0x89, 0x35, 0xE2, 0x71, 0x35, 0x09, 0xAF, + 0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4, 0x1A, 0xF1, + 0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC}; + +static __rte_always_inline void +gen_key_snow3g(const uint8_t *ck, uint32_t *keyx) +{ + int i, base; + + for (i = 0; i < 4; i++) { + base = 4 * i; + keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) | + (ck[base + 2] << 8) | (ck[base + 3]); + keyx[3 - i] = rte_cpu_to_be_32(keyx[3 - i]); + } +} + +static __rte_always_inline void +cpt_fc_salt_update(struct roc_se_ctx *se_ctx, uint8_t *salt) +{ + struct roc_se_context *fctx = &se_ctx->se_ctx.fctx; + memcpy(fctx->enc.encr_iv, salt, 4); +} + +static __rte_always_inline int +cpt_fc_ciph_validate_key_aes(uint16_t key_len) +{ + switch (key_len) { + case 16: + case 24: + case 32: + return 0; + default: + return -1; + } +} + +static __rte_always_inline int +cpt_fc_ciph_set_type(roc_se_cipher_type type, struct roc_se_ctx *ctx, + uint16_t key_len) +{ + int fc_type = 0; + switch (type) { + case ROC_SE_PASSTHROUGH: + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_DES3_CBC: + case ROC_SE_DES3_ECB: + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_AES_CBC: + case ROC_SE_AES_ECB: + case ROC_SE_AES_CFB: + case ROC_SE_AES_CTR: + case ROC_SE_AES_GCM: + if (unlikely(cpt_fc_ciph_validate_key_aes(key_len) != 0)) + return -1; + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_CHACHA20: + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_AES_XTS: + key_len = key_len / 2; + if (unlikely(key_len == 24)) { + CPT_LOG_DP_ERR("Invalid AES key len for XTS"); + return -1; + } + if (unlikely(cpt_fc_ciph_validate_key_aes(key_len) != 0)) + return -1; + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_ZUC_EEA3: + case ROC_SE_SNOW3G_UEA2: + if (unlikely(key_len != 16)) + return -1; + /* No support for AEAD yet */ + if (unlikely(ctx->hash_type)) + return -1; + fc_type = ROC_SE_PDCP; + break; + case ROC_SE_KASUMI_F8_CBC: + case ROC_SE_KASUMI_F8_ECB: + if (unlikely(key_len != 16)) + return -1; + /* No support for AEAD yet */ + if (unlikely(ctx->hash_type)) + return -1; + fc_type = ROC_SE_KASUMI; + break; + default: + return -1; + } + + ctx->fc_type = fc_type; + return 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_passthrough(struct roc_se_ctx *se_ctx, + struct roc_se_context *fctx) +{ + se_ctx->enc_cipher = 0; + fctx->enc.enc_cipher = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_set_aes_key_type(struct roc_se_context *fctx, + uint16_t key_len) +{ + roc_se_aes_type aes_key_type = 0; + switch (key_len) { + case 16: + aes_key_type = ROC_SE_AES_128_BIT; + break; + case 24: + aes_key_type = ROC_SE_AES_192_BIT; + break; + case 32: + aes_key_type = ROC_SE_AES_256_BIT; + break; + default: + /* This should not happen */ + CPT_LOG_DP_ERR("Invalid AES key len"); + return; + } + fctx->enc.aes_key = aes_key_type; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_snow3g_uea2(struct roc_se_ctx *se_ctx, const uint8_t *key, + uint16_t key_len) +{ + struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx; + uint32_t keyx[4]; + + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; + gen_key_snow3g(key, keyx); + memcpy(zs_ctx->ci_key, keyx, key_len); + se_ctx->zsk_flags = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_zuc_eea3(struct roc_se_ctx *se_ctx, const uint8_t *key, + uint16_t key_len) +{ + struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx; + + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; + memcpy(zs_ctx->ci_key, key, key_len); + memcpy(zs_ctx->zuc_const, zuc_d, 32); + se_ctx->zsk_flags = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_kasumi_f8_ecb(struct roc_se_ctx *se_ctx, const uint8_t *key, + uint16_t key_len) +{ + struct roc_se_kasumi_ctx *k_ctx = &se_ctx->se_ctx.k_ctx; + + se_ctx->k_ecb = 1; + memcpy(k_ctx->ci_key, key, key_len); + se_ctx->zsk_flags = 0; +} + +static __rte_always_inline void +cpt_fc_ciph_set_key_kasumi_f8_cbc(struct roc_se_ctx *se_ctx, const uint8_t *key, + uint16_t key_len) +{ + struct roc_se_kasumi_ctx *k_ctx = &se_ctx->se_ctx.k_ctx; + + memcpy(k_ctx->ci_key, key, key_len); + se_ctx->zsk_flags = 0; +} + +static __rte_always_inline int +cpt_fc_ciph_set_key(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, + const uint8_t *key, uint16_t key_len, uint8_t *salt) +{ + struct roc_se_context *fctx = &se_ctx->se_ctx.fctx; + int ret; + + ret = cpt_fc_ciph_set_type(type, se_ctx, key_len); + if (unlikely(ret)) + return -1; + + if (se_ctx->fc_type == ROC_SE_FC_GEN) { + /* + * We need to always say IV is from DPTR as user can + * sometimes iverride IV per operation. + */ + fctx->enc.iv_source = ROC_SE_FROM_DPTR; + + if (se_ctx->auth_key_len > 64) + return -1; + } + + switch (type) { + case ROC_SE_PASSTHROUGH: + cpt_fc_ciph_set_key_passthrough(se_ctx, fctx); + goto success; + case ROC_SE_DES3_CBC: + /* CPT performs DES using 3DES with the 8B DES-key + * replicated 2 more times to match the 24B 3DES-key. + * Eg. If org. key is "0x0a 0x0b", then new key is + * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b" + */ + if (key_len == 8) { + /* Skipping the first 8B as it will be copied + * in the regular code flow + */ + memcpy(fctx->enc.encr_key + key_len, key, key_len); + memcpy(fctx->enc.encr_key + 2 * key_len, key, key_len); + } + break; + case ROC_SE_DES3_ECB: + /* For DES3_ECB IV need to be from CTX. */ + fctx->enc.iv_source = ROC_SE_FROM_CTX; + break; + case ROC_SE_AES_CBC: + case ROC_SE_AES_ECB: + case ROC_SE_AES_CFB: + case ROC_SE_AES_CTR: + case ROC_SE_CHACHA20: + cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); + break; + case ROC_SE_AES_GCM: + /* Even though iv source is from dptr, + * aes_gcm salt is taken from ctx + */ + if (salt) { + memcpy(fctx->enc.encr_iv, salt, 4); + /* Assuming it was just salt update + * and nothing else + */ + if (!key) + goto success; + } + cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); + break; + case ROC_SE_AES_XTS: + key_len = key_len / 2; + cpt_fc_ciph_set_key_set_aes_key_type(fctx, key_len); + + /* Copy key2 for XTS into ipad */ + memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); + memcpy(fctx->hmac.ipad, &key[key_len], key_len); + break; + case ROC_SE_SNOW3G_UEA2: + cpt_fc_ciph_set_key_snow3g_uea2(se_ctx, key, key_len); + goto success; + case ROC_SE_ZUC_EEA3: + cpt_fc_ciph_set_key_zuc_eea3(se_ctx, key, key_len); + goto success; + case ROC_SE_KASUMI_F8_ECB: + cpt_fc_ciph_set_key_kasumi_f8_ecb(se_ctx, key, key_len); + goto success; + case ROC_SE_KASUMI_F8_CBC: + cpt_fc_ciph_set_key_kasumi_f8_cbc(se_ctx, key, key_len); + goto success; + default: + return -1; + } + + /* Only for ROC_SE_FC_GEN case */ + + /* For GMAC auth, cipher must be NULL */ + if (se_ctx->hash_type != ROC_SE_GMAC_TYPE) + fctx->enc.enc_cipher = type; + + memcpy(fctx->enc.encr_key, key, key_len); + +success: + se_ctx->enc_cipher = type; + + return 0; +} + +static __rte_always_inline int +fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) +{ + struct rte_crypto_cipher_xform *c_form; + roc_se_cipher_type enc_type = 0; /* NULL Cipher type */ + uint32_t cipher_key_len = 0; + uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0; + + c_form = &xform->cipher; + + if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + sess->cpt_op |= ROC_SE_OP_CIPHER_ENCRYPT; + else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { + sess->cpt_op |= ROC_SE_OP_CIPHER_DECRYPT; + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + /* Perform decryption followed by auth verify */ + sess->roc_se_ctx.template_w4.s.opcode_minor = + ROC_SE_FC_MINOR_OP_HMAC_FIRST; + } + } else { + CPT_LOG_DP_ERR("Unknown cipher operation\n"); + return -1; + } + + switch (c_form->algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + enc_type = ROC_SE_AES_CBC; + cipher_key_len = 16; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + enc_type = ROC_SE_DES3_CBC; + cipher_key_len = 24; + break; + case RTE_CRYPTO_CIPHER_DES_CBC: + /* DES is implemented using 3DES in hardware */ + enc_type = ROC_SE_DES3_CBC; + cipher_key_len = 8; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + enc_type = ROC_SE_AES_CTR; + cipher_key_len = 16; + aes_ctr = 1; + break; + case RTE_CRYPTO_CIPHER_NULL: + enc_type = 0; + is_null = 1; + break; + case RTE_CRYPTO_CIPHER_KASUMI_F8: + enc_type = ROC_SE_KASUMI_F8_ECB; + cipher_key_len = 16; + zsk_flag = ROC_SE_K_F8; + break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + enc_type = ROC_SE_SNOW3G_UEA2; + cipher_key_len = 16; + zsk_flag = ROC_SE_ZS_EA; + break; + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + enc_type = ROC_SE_ZUC_EEA3; + cipher_key_len = 16; + zsk_flag = ROC_SE_ZS_EA; + break; + case RTE_CRYPTO_CIPHER_AES_XTS: + enc_type = ROC_SE_AES_XTS; + cipher_key_len = 16; + break; + case RTE_CRYPTO_CIPHER_3DES_ECB: + enc_type = ROC_SE_DES3_ECB; + cipher_key_len = 24; + break; + case RTE_CRYPTO_CIPHER_AES_ECB: + enc_type = ROC_SE_AES_ECB; + cipher_key_len = 16; + break; + case RTE_CRYPTO_CIPHER_3DES_CTR: + case RTE_CRYPTO_CIPHER_AES_F8: + case RTE_CRYPTO_CIPHER_ARC4: + CPT_LOG_DP_ERR("Crypto: Unsupported cipher algo %u", + c_form->algo); + return -1; + default: + CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified", + c_form->algo); + return -1; + } + + if (c_form->key.length < cipher_key_len) { + CPT_LOG_DP_ERR("Invalid cipher params keylen %u", + c_form->key.length); + return -1; + } + + sess->zsk_flag = zsk_flag; + sess->aes_gcm = 0; + sess->aes_ctr = aes_ctr; + sess->iv_offset = c_form->iv.offset; + sess->iv_length = c_form->iv.length; + sess->is_null = is_null; + + if (unlikely(cpt_fc_ciph_set_key(&sess->roc_se_ctx, enc_type, + c_form->key.data, c_form->key.length, + NULL))) + return -1; + + return 0; +} #endif /*_CNXK_SE_H_ */ -- 2.7.4