DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Thomas Monjalon <thomas@monjalon.net>
Cc: Ankur Dwivedi <adwivedi@marvell.com>,
	Jerin Jacob <jerinj@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v2 17/17] common/cnxk: add SE set key functions in roc
Date: Fri, 25 Jun 2021 11:06:49 +0530	[thread overview]
Message-ID: <1624599410-29689-18-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1624599410-29689-1-git-send-email-anoobj@marvell.com>

From: Ankur Dwivedi <adwivedi@marvell.com>

The set key functions are added in roc.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
 drivers/common/cnxk/meson.build |   1 +
 drivers/common/cnxk/roc_se.c    | 342 ++++++++++++++++++++++++++++++++++++++++
 drivers/common/cnxk/roc_se.h    |   8 +
 drivers/common/cnxk/version.map |   2 +
 4 files changed, 353 insertions(+)
 create mode 100644 drivers/common/cnxk/roc_se.c

diff --git a/drivers/common/cnxk/meson.build b/drivers/common/cnxk/meson.build
index 1f118ef..08f54f5 100644
--- a/drivers/common/cnxk/meson.build
+++ b/drivers/common/cnxk/meson.build
@@ -44,6 +44,7 @@ sources = files(
         'roc_npc_parse.c',
         'roc_npc_utils.c',
         'roc_platform.c',
+        'roc_se.c',
         'roc_sso.c',
         'roc_sso_debug.c',
         'roc_sso_irq.c',
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
new file mode 100644
index 0000000..3f74175
--- /dev/null
+++ b/drivers/common/cnxk/roc_se.c
@@ -0,0 +1,342 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2021 Marvell.
+ */
+
+#include "roc_api.h"
+
+static uint8_t zuc_d[32] = {0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E,
+			    0x57, 0x89, 0x35, 0xE2, 0x71, 0x35, 0x09, 0xAF,
+			    0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4, 0x1A, 0xF1,
+			    0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC};
+
+static inline void
+cpt_snow3g_key_gen(const uint8_t *ck, uint32_t *keyx)
+{
+	int i, base;
+
+	for (i = 0; i < 4; i++) {
+		base = 4 * i;
+		keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) |
+			      (ck[base + 2] << 8) | (ck[base + 3]);
+		keyx[3 - i] = plt_cpu_to_be_32(keyx[3 - i]);
+	}
+}
+
+static inline int
+cpt_ciph_aes_key_validate(uint16_t key_len)
+{
+	switch (key_len) {
+	case 16:
+	case 24:
+	case 32:
+		return 0;
+	default:
+		return -1;
+	}
+}
+
+static inline int
+cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx,
+		  uint16_t key_len)
+{
+	int fc_type = 0;
+
+	switch (type) {
+	case ROC_SE_PASSTHROUGH:
+		fc_type = ROC_SE_FC_GEN;
+		break;
+	case ROC_SE_DES3_CBC:
+	case ROC_SE_DES3_ECB:
+		fc_type = ROC_SE_FC_GEN;
+		break;
+	case ROC_SE_AES_CBC:
+	case ROC_SE_AES_ECB:
+	case ROC_SE_AES_CFB:
+	case ROC_SE_AES_CTR:
+	case ROC_SE_AES_GCM:
+		if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
+			return -1;
+		fc_type = ROC_SE_FC_GEN;
+		break;
+	case ROC_SE_CHACHA20:
+		fc_type = ROC_SE_FC_GEN;
+		break;
+	case ROC_SE_AES_XTS:
+		key_len = key_len / 2;
+		if (unlikely(key_len == 24)) {
+			plt_err("Invalid AES key len for XTS");
+			return -1;
+		}
+		if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0))
+			return -1;
+		fc_type = ROC_SE_FC_GEN;
+		break;
+	case ROC_SE_ZUC_EEA3:
+	case ROC_SE_SNOW3G_UEA2:
+		if (unlikely(key_len != 16))
+			return -1;
+		/* No support for AEAD yet */
+		if (unlikely(ctx->hash_type))
+			return -1;
+		fc_type = ROC_SE_PDCP;
+		break;
+	case ROC_SE_AES_CTR_EEA2:
+		fc_type = ROC_SE_PDCP;
+		break;
+	case ROC_SE_KASUMI_F8_CBC:
+	case ROC_SE_KASUMI_F8_ECB:
+		if (unlikely(key_len != 16))
+			return -1;
+		/* No support for AEAD yet */
+		if (unlikely(ctx->hash_type))
+			return -1;
+		fc_type = ROC_SE_KASUMI;
+		break;
+	default:
+		return -1;
+	}
+
+	ctx->fc_type = fc_type;
+	return 0;
+}
+
+static inline void
+cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len)
+{
+	roc_se_aes_type aes_key_type = 0;
+
+	switch (key_len) {
+	case 16:
+		aes_key_type = ROC_SE_AES_128_BIT;
+		break;
+	case 24:
+		aes_key_type = ROC_SE_AES_192_BIT;
+		break;
+	case 32:
+		aes_key_type = ROC_SE_AES_256_BIT;
+		break;
+	default:
+		/* This should not happen */
+		plt_err("Invalid AES key len");
+		return;
+	}
+	fctx->enc.aes_key = aes_key_type;
+}
+
+int
+roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
+		    const uint8_t *key, uint16_t key_len, uint16_t mac_len)
+{
+	struct roc_se_zuc_snow3g_ctx *zs_ctx;
+	struct roc_se_kasumi_ctx *k_ctx;
+	struct roc_se_context *fctx;
+
+	if (se_ctx == NULL)
+		return -1;
+
+	zs_ctx = &se_ctx->se_ctx.zs_ctx;
+	k_ctx = &se_ctx->se_ctx.k_ctx;
+	fctx = &se_ctx->se_ctx.fctx;
+
+	if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) {
+		uint32_t keyx[4];
+
+		if (key_len != 16)
+			return -1;
+		/* No support for AEAD yet */
+		if (se_ctx->enc_cipher)
+			return -1;
+		/* For ZUC/SNOW3G/Kasumi */
+		switch (type) {
+		case ROC_SE_SNOW3G_UIA2:
+			se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
+			cpt_snow3g_key_gen(key, keyx);
+			memcpy(zs_ctx->ci_key, keyx, key_len);
+			se_ctx->fc_type = ROC_SE_PDCP;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_ZUC_EIA3:
+			se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
+			memcpy(zs_ctx->ci_key, key, key_len);
+			memcpy(zs_ctx->zuc_const, zuc_d, 32);
+			se_ctx->fc_type = ROC_SE_PDCP;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_AES_CMAC_EIA2:
+			se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
+			memcpy(zs_ctx->ci_key, key, key_len);
+			se_ctx->fc_type = ROC_SE_PDCP;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_KASUMI_F9_ECB:
+			/* Kasumi ECB mode */
+			se_ctx->k_ecb = 1;
+			memcpy(k_ctx->ci_key, key, key_len);
+			se_ctx->fc_type = ROC_SE_KASUMI;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_KASUMI_F9_CBC:
+			memcpy(k_ctx->ci_key, key, key_len);
+			se_ctx->fc_type = ROC_SE_KASUMI;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		default:
+			return -1;
+		}
+		se_ctx->mac_len = 4;
+		se_ctx->hash_type = type;
+		return 0;
+	}
+
+	if (!se_ctx->fc_type ||
+	    (type && type != ROC_SE_GMAC_TYPE && !se_ctx->enc_cipher))
+		se_ctx->fc_type = ROC_SE_HASH_HMAC;
+
+	if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64)
+		return -1;
+
+	/* For GMAC auth, cipher must be NULL */
+	if (type == ROC_SE_GMAC_TYPE)
+		fctx->enc.enc_cipher = 0;
+
+	fctx->enc.hash_type = type;
+	se_ctx->hash_type = type;
+	fctx->enc.mac_len = mac_len;
+	se_ctx->mac_len = mac_len;
+
+	if (key_len) {
+		se_ctx->hmac = 1;
+		memset(se_ctx->auth_key, 0, sizeof(se_ctx->auth_key));
+		memcpy(se_ctx->auth_key, key, key_len);
+		se_ctx->auth_key_len = key_len;
+		memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
+		memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad));
+
+		if (key_len <= 64)
+			memcpy(fctx->hmac.opad, key, key_len);
+		fctx->enc.auth_input_type = 1;
+	}
+	return 0;
+}
+
+int
+roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
+		    const uint8_t *key, uint16_t key_len, uint8_t *salt)
+{
+	struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
+	struct roc_se_zuc_snow3g_ctx *zs_ctx;
+	uint32_t keyx[4];
+	int ret;
+
+	/* For AES-GCM, salt is taken from ctx even if IV source
+	 * is from DPTR
+	 */
+	if ((salt != NULL) && (type == ROC_SE_AES_GCM)) {
+		memcpy(fctx->enc.encr_iv, salt, 4);
+		/* Assuming it was just salt update
+		 * and nothing else
+		 */
+		if (key == NULL)
+			return 0;
+	}
+
+	ret = cpt_ciph_type_set(type, se_ctx, key_len);
+	if (unlikely(ret))
+		return -1;
+
+	if (se_ctx->fc_type == ROC_SE_FC_GEN) {
+		/*
+		 * We need to always say IV is from DPTR as user can
+		 * sometimes iverride IV per operation.
+		 */
+		fctx->enc.iv_source = ROC_SE_FROM_DPTR;
+
+		if (se_ctx->auth_key_len > 64)
+			return -1;
+	}
+
+	switch (type) {
+	case ROC_SE_PASSTHROUGH:
+		se_ctx->enc_cipher = 0;
+		fctx->enc.enc_cipher = 0;
+		goto success;
+	case ROC_SE_DES3_CBC:
+		/* CPT performs DES using 3DES with the 8B DES-key
+		 * replicated 2 more times to match the 24B 3DES-key.
+		 * Eg. If org. key is "0x0a 0x0b", then new key is
+		 * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b"
+		 */
+		if (key_len == 8) {
+			/* Skipping the first 8B as it will be copied
+			 * in the regular code flow
+			 */
+			memcpy(fctx->enc.encr_key + key_len, key, key_len);
+			memcpy(fctx->enc.encr_key + 2 * key_len, key, key_len);
+		}
+		break;
+	case ROC_SE_DES3_ECB:
+		/* For DES3_ECB IV need to be from CTX. */
+		fctx->enc.iv_source = ROC_SE_FROM_CTX;
+		break;
+	case ROC_SE_AES_CBC:
+	case ROC_SE_AES_ECB:
+	case ROC_SE_AES_CFB:
+	case ROC_SE_AES_CTR:
+	case ROC_SE_CHACHA20:
+		cpt_ciph_aes_key_type_set(fctx, key_len);
+		break;
+	case ROC_SE_AES_GCM:
+		cpt_ciph_aes_key_type_set(fctx, key_len);
+		break;
+	case ROC_SE_AES_XTS:
+		key_len = key_len / 2;
+		cpt_ciph_aes_key_type_set(fctx, key_len);
+
+		/* Copy key2 for XTS into ipad */
+		memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
+		memcpy(fctx->hmac.ipad, &key[key_len], key_len);
+		break;
+	case ROC_SE_SNOW3G_UEA2:
+		se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
+		cpt_snow3g_key_gen(key, keyx);
+		memcpy(se_ctx->se_ctx.zs_ctx.ci_key, keyx, key_len);
+		se_ctx->zsk_flags = 0;
+		goto success;
+	case ROC_SE_ZUC_EEA3:
+		zs_ctx = &se_ctx->se_ctx.zs_ctx;
+		se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
+		memcpy(zs_ctx->ci_key, key, key_len);
+		memcpy(zs_ctx->zuc_const, zuc_d, 32);
+		se_ctx->zsk_flags = 0;
+		goto success;
+	case ROC_SE_AES_CTR_EEA2:
+		se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
+		memcpy(se_ctx->se_ctx.zs_ctx.ci_key, key, key_len);
+		se_ctx->zsk_flags = 0;
+		goto success;
+	case ROC_SE_KASUMI_F8_ECB:
+		se_ctx->k_ecb = 1;
+		memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len);
+		se_ctx->zsk_flags = 0;
+		goto success;
+	case ROC_SE_KASUMI_F8_CBC:
+		memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len);
+		se_ctx->zsk_flags = 0;
+		goto success;
+	default:
+		return -1;
+	}
+
+	/* Only for ROC_SE_FC_GEN case */
+
+	/* For GMAC auth, cipher must be NULL */
+	if (se_ctx->hash_type != ROC_SE_GMAC_TYPE)
+		fctx->enc.enc_cipher = type;
+
+	memcpy(fctx->enc.encr_key, key, key_len);
+
+success:
+	se_ctx->enc_cipher = type;
+
+	return 0;
+}
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index ffae065..43a40dd 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -264,4 +264,12 @@ struct roc_se_ctx {
 	uint8_t auth_key[1024];
 };
 
+int __roc_api roc_se_auth_key_set(struct roc_se_ctx *se_ctx,
+				  roc_se_auth_type type, const uint8_t *key,
+				  uint16_t key_len, uint16_t mac_len);
+
+int __roc_api roc_se_ciph_key_set(struct roc_se_ctx *se_ctx,
+				  roc_se_cipher_type type, const uint8_t *key,
+				  uint16_t key_len, uint8_t *salt);
+
 #endif /* __ROC_SE_H__ */
diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map
index 91e8b40..9089717 100644
--- a/drivers/common/cnxk/version.map
+++ b/drivers/common/cnxk/version.map
@@ -47,6 +47,8 @@ INTERNAL {
 	roc_idev_npa_nix_get;
 	roc_idev_num_lmtlines_get;
 	roc_model;
+	roc_se_auth_key_set;
+	roc_se_ciph_key_set;
 	roc_nix_cq_dump;
 	roc_nix_cq_fini;
 	roc_nix_cq_init;
-- 
2.7.4


  parent reply	other threads:[~2021-06-25  5:39 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <patches.dpdk.org/project/dpdk/patch/1622649385-22652-1-git-send-email-anoobj@marvell.com/>
2021-06-25  5:36 ` [dpdk-dev] [PATCH v2 00/17] Add CPT in Marvell CNXK common driver Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 01/17] common/cnxk: add CPT HW defines Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 02/17] common/cnxk: update Rx inline IPsec mbox message format Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 03/17] common/cnxk: add CPT dev config routines Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 04/17] common/cnxk: add idev CPT set - get Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 05/17] common/cnxk: add mbox to configure RXC Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 06/17] common/cnxk: add CPT LF config Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 07/17] common/cnxk: add CPT diagnostics Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 08/17] common/cnxk: add CPT LF flush Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 09/17] common/cnxk: add inline IPsec configuration mbox Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 10/17] common/cnxk: add SE microcode defines Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 11/17] common/cnxk: add IE " Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 12/17] common/cnxk: add AE " Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 13/17] common/cnxk: add lmtline init Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 14/17] common/cnxk: add fpm tables Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 15/17] common/cnxk: add EC grp static vectors Anoob Joseph
2021-06-25  5:36   ` [dpdk-dev] [PATCH v2 16/17] common/cnxk: add IPsec common code Anoob Joseph
2021-06-25  5:36   ` Anoob Joseph [this message]
2021-06-28  8:56   ` [dpdk-dev] [PATCH v2 00/17] Add CPT in Marvell CNXK common driver Akhil Goyal
2021-06-28  9:06     ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1624599410-29689-18-git-send-email-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).