* [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case
@ 2021-07-21 7:39 Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 2/5] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (4 more replies)
0 siblings, 5 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-07-21 7:39 UTC (permalink / raw)
To: dev; +Cc: gakhil, stable
This patch fixes the issue to check for next pointer as
null in the integrity only case in pdcp-security context.
Fixes: bef594ec5cc8 ("crypto/dpaa2_sec: support PDCP offload")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 +++++++++++----------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1ccead3641..4438486a8b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3102,7 +3102,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
struct rte_crypto_sym_xform *xform = conf->crypto_xform;
struct rte_crypto_auth_xform *auth_xform = NULL;
- struct rte_crypto_cipher_xform *cipher_xform;
+ struct rte_crypto_cipher_xform *cipher_xform = NULL;
dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
struct ctxt_priv *priv;
struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3134,18 +3134,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
flc = &priv->flc_desc[0].flc;
/* find xfrm types */
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
- cipher_xform = &xform->cipher;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
- session->ext_params.aead_ctxt.auth_cipher_text = true;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
cipher_xform = &xform->cipher;
- auth_xform = &xform->next->auth;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- session->ext_params.aead_ctxt.auth_cipher_text = false;
- cipher_xform = &xform->next->cipher;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = true;
+ auth_xform = &xform->next->auth;
+ }
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &xform->auth;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = false;
+ cipher_xform = &xform->next->cipher;
+ }
} else {
DPAA2_SEC_ERR("Invalid crypto type");
return -EINVAL;
@@ -3184,7 +3184,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
/* hfv ovd offset location is stored in iv.offset value*/
- session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+ if (cipher_xform)
+ session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
cipherdata.key = (size_t)session->cipher_key.data;
cipherdata.keylen = session->cipher_key.length;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH 2/5] crypto/dpaa_sec: support DES-CBC
2021-07-21 7:39 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
@ 2021-07-21 7:39 ` Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 3/5] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
` (3 subsequent siblings)
4 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-07-21 7:39 UTC (permalink / raw)
To: dev; +Cc: gakhil, Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
add DES-CBC support and enable available cipher-only
test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 13 +++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 20 ++++++++++++++++++++
3 files changed, 34 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 243f3e1d67..5d0d04d601 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -24,6 +24,7 @@ AES CBC (256) = Y
AES CTR (128) = Y
AES CTR (192) = Y
AES CTR (256) = Y
+DES CBC = Y
3DES CBC = Y
SNOW3G UEA2 = Y
ZUC EEA3 = Y
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 19d4684e24..af5c7c499c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -454,6 +454,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
switch (ses->cipher_alg) {
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
case RTE_CRYPTO_CIPHER_3DES_CTR:
shared_desc_len = cnstr_shdsc_blkcipher(
@@ -2043,6 +2044,10 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2218,6 +2223,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2667,6 +2676,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_PCL_IPSEC_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_PCL_IPSEC_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 368699678b..216e8c8b6f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -456,6 +456,26 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH 3/5] crypto/dpaa_sec: support non-HMAC auth algos
2021-07-21 7:39 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 2/5] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
@ 2021-07-21 7:39 ` Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
` (2 subsequent siblings)
4 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-07-21 7:39 UTC (permalink / raw)
To: dev; +Cc: gakhil, Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch add support for non-HMAC, md5, shax algos.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 8 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 55 +++++++--
drivers/crypto/dpaa_sec/dpaa_sec.h | 126 ++++++++++++++++++++
3 files changed, 180 insertions(+), 9 deletions(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 5d0d04d601..eab14da96c 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -33,11 +33,17 @@ ZUC EEA3 = Y
; Supported authentication algorithms of the 'dpaa_sec' crypto driver.
;
[Auth]
+MD5 = Y
MD5 HMAC = Y
+SHA1 = Y
SHA1 HMAC = Y
+SHA224 = Y
SHA224 HMAC = Y
+SHA256 = Y
SHA256 HMAC = Y
+SHA384 = Y
SHA384 HMAC = Y
+SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
@@ -53,4 +59,4 @@ AES GCM (256) = Y
;
; Supported Asymmetric algorithms of the 'dpaa_sec' crypto driver.
;
-[Asymmetric]
\ No newline at end of file
+[Asymmetric]
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index af5c7c499c..95b9d7414f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -489,6 +489,18 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
alginfo_a.algtype = ses->auth_key.alg;
alginfo_a.algmode = ses->auth_key.algmode;
switch (ses->auth_alg) {
+ case RTE_CRYPTO_AUTH_MD5:
+ case RTE_CRYPTO_AUTH_SHA1:
+ case RTE_CRYPTO_AUTH_SHA224:
+ case RTE_CRYPTO_AUTH_SHA256:
+ case RTE_CRYPTO_AUTH_SHA384:
+ case RTE_CRYPTO_AUTH_SHA512:
+ shared_desc_len = cnstr_shdsc_hash(
+ cdb->sh_desc, true,
+ swap, SHR_NEVER, &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA224_HMAC:
@@ -2080,43 +2092,70 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
{
session->ctxt = DPAA_SEC_AUTH;
session->auth_alg = xform->auth.algo;
- session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
+ session->auth_key.length = xform->auth.key.length;
+ if (xform->auth.key.length) {
+ session->auth_key.data =
+ rte_zmalloc(NULL, xform->auth.key.length,
RTE_CACHE_LINE_SIZE);
- if (session->auth_key.data == NULL && xform->auth.key.length > 0) {
- DPAA_SEC_ERR("No Memory for auth key");
- return -ENOMEM;
+ if (session->auth_key.data == NULL) {
+ DPAA_SEC_ERR("No Memory for auth key");
+ return -ENOMEM;
+ }
+ memcpy(session->auth_key.data, xform->auth.key.data,
+ xform->auth.key.length);
+
}
- session->auth_key.length = xform->auth.key.length;
session->digest_length = xform->auth.digest_length;
if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) {
session->iv.offset = xform->auth.iv.offset;
session->iv.length = xform->auth.iv.length;
}
- memcpy(session->auth_key.data, xform->auth.key.data,
- xform->auth.key.length);
-
switch (xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_MD5:
+ session->auth_key.alg = OP_ALG_ALGSEL_MD5;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_MD5;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 216e8c8b6f..d500a4c246 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -240,6 +240,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, },
}, },
},
+ { /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* MD5 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -261,6 +282,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA1 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -282,6 +324,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -303,6 +366,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -324,6 +408,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -345,6 +450,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH 4/5] crypto/dpaa_sec: support AES-XCBC-MAC
2021-07-21 7:39 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 2/5] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 3/5] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
@ 2021-07-21 7:39 ` Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
4 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-07-21 7:39 UTC (permalink / raw)
To: dev; +Cc: gakhil, Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES-XCBC-MAC algo.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 21 ++++++++++++++++++++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index eab14da96c..d7bc319373 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -47,6 +47,7 @@ SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
+AES XCBC MAC = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 95b9d7414f..fc9c3a4c2c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -527,6 +527,14 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
!ses->dir,
ses->digest_length);
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ shared_desc_len = cnstr_shdsc_aes_mac(
+ cdb->sh_desc,
+ true, swap, SHR_NEVER,
+ &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
default:
DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
}
@@ -2168,6 +2176,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
session->auth_key.algmode = OP_ALG_AAI_F9;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2249,6 +2261,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2688,8 +2704,11 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
break;
- case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA256:
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add support for AES CMAC integrity check
2021-07-21 7:39 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (2 preceding siblings ...)
2021-07-21 7:39 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
@ 2021-07-21 7:39 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
4 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-07-21 7:39 UTC (permalink / raw)
To: dev; +Cc: gakhil, Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
3 files changed, 54 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index d7bc319373..6a8f77fb1d 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
AES XCBC MAC = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index fc9c3a4c2c..c5416df726 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -528,6 +528,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_CMAC:
shared_desc_len = cnstr_shdsc_aes_mac(
cdb->sh_desc,
true, swap, SHR_NEVER,
@@ -2180,6 +2181,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2265,6 +2270,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2700,6 +2709,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index d500a4c246..c94d78e046 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -712,6 +712,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case
2021-07-21 7:39 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (3 preceding siblings ...)
2021-07-21 7:39 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 02/11] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (11 more replies)
4 siblings, 12 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: stable
This patch fixes the issue to check for next pointer as
null in the integrity only case in pdcp-security context.
Fixes: bef594ec5cc8 ("crypto/dpaa2_sec: support PDCP offload")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 +++++++++++----------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index fe90d9d2d8..87a94b2c04 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3095,7 +3095,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
struct rte_crypto_sym_xform *xform = conf->crypto_xform;
struct rte_crypto_auth_xform *auth_xform = NULL;
- struct rte_crypto_cipher_xform *cipher_xform;
+ struct rte_crypto_cipher_xform *cipher_xform = NULL;
dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
struct ctxt_priv *priv;
struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3127,18 +3127,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
flc = &priv->flc_desc[0].flc;
/* find xfrm types */
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
- cipher_xform = &xform->cipher;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
- session->ext_params.aead_ctxt.auth_cipher_text = true;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
cipher_xform = &xform->cipher;
- auth_xform = &xform->next->auth;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- session->ext_params.aead_ctxt.auth_cipher_text = false;
- cipher_xform = &xform->next->cipher;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = true;
+ auth_xform = &xform->next->auth;
+ }
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &xform->auth;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = false;
+ cipher_xform = &xform->next->cipher;
+ }
} else {
DPAA2_SEC_ERR("Invalid crypto type");
return -EINVAL;
@@ -3177,7 +3177,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
/* hfv ovd offset location is stored in iv.offset value*/
- session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+ if (cipher_xform)
+ session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
cipherdata.key = (size_t)session->cipher_key.data;
cipherdata.keylen = session->cipher_key.length;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 02/11] crypto/dpaa_sec: support DES-CBC
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 03/11] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
` (10 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
add DES-CBC support and enable available cipher-only
test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 13 +++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 20 ++++++++++++++++++++
3 files changed, 34 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 243f3e1d67..5d0d04d601 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -24,6 +24,7 @@ AES CBC (256) = Y
AES CTR (128) = Y
AES CTR (192) = Y
AES CTR (256) = Y
+DES CBC = Y
3DES CBC = Y
SNOW3G UEA2 = Y
ZUC EEA3 = Y
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 7534f80195..0a58f4e917 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -451,6 +451,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
switch (ses->cipher_alg) {
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
case RTE_CRYPTO_CIPHER_3DES_CTR:
shared_desc_len = cnstr_shdsc_blkcipher(
@@ -2040,6 +2041,10 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2215,6 +2220,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2664,6 +2673,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_PCL_IPSEC_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_PCL_IPSEC_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 2e0ab93ff0..9685010f3f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -482,6 +482,26 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 03/11] crypto/dpaa_sec: support non-HMAC auth algos
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 02/11] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 04/11] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
` (9 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch add support for non-HMAC, md5, shax algos.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 8 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 55 +++++++--
drivers/crypto/dpaa_sec/dpaa_sec.h | 126 ++++++++++++++++++++
3 files changed, 180 insertions(+), 9 deletions(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 5d0d04d601..eab14da96c 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -33,11 +33,17 @@ ZUC EEA3 = Y
; Supported authentication algorithms of the 'dpaa_sec' crypto driver.
;
[Auth]
+MD5 = Y
MD5 HMAC = Y
+SHA1 = Y
SHA1 HMAC = Y
+SHA224 = Y
SHA224 HMAC = Y
+SHA256 = Y
SHA256 HMAC = Y
+SHA384 = Y
SHA384 HMAC = Y
+SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
@@ -53,4 +59,4 @@ AES GCM (256) = Y
;
; Supported Asymmetric algorithms of the 'dpaa_sec' crypto driver.
;
-[Asymmetric]
\ No newline at end of file
+[Asymmetric]
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0a58f4e917..4f5d9d7f49 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -486,6 +486,18 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
alginfo_a.algtype = ses->auth_key.alg;
alginfo_a.algmode = ses->auth_key.algmode;
switch (ses->auth_alg) {
+ case RTE_CRYPTO_AUTH_MD5:
+ case RTE_CRYPTO_AUTH_SHA1:
+ case RTE_CRYPTO_AUTH_SHA224:
+ case RTE_CRYPTO_AUTH_SHA256:
+ case RTE_CRYPTO_AUTH_SHA384:
+ case RTE_CRYPTO_AUTH_SHA512:
+ shared_desc_len = cnstr_shdsc_hash(
+ cdb->sh_desc, true,
+ swap, SHR_NEVER, &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA224_HMAC:
@@ -2077,43 +2089,70 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
{
session->ctxt = DPAA_SEC_AUTH;
session->auth_alg = xform->auth.algo;
- session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
+ session->auth_key.length = xform->auth.key.length;
+ if (xform->auth.key.length) {
+ session->auth_key.data =
+ rte_zmalloc(NULL, xform->auth.key.length,
RTE_CACHE_LINE_SIZE);
- if (session->auth_key.data == NULL && xform->auth.key.length > 0) {
- DPAA_SEC_ERR("No Memory for auth key");
- return -ENOMEM;
+ if (session->auth_key.data == NULL) {
+ DPAA_SEC_ERR("No Memory for auth key");
+ return -ENOMEM;
+ }
+ memcpy(session->auth_key.data, xform->auth.key.data,
+ xform->auth.key.length);
+
}
- session->auth_key.length = xform->auth.key.length;
session->digest_length = xform->auth.digest_length;
if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) {
session->iv.offset = xform->auth.iv.offset;
session->iv.length = xform->auth.iv.length;
}
- memcpy(session->auth_key.data, xform->auth.key.data,
- xform->auth.key.length);
-
switch (xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_MD5:
+ session->auth_key.alg = OP_ALG_ALGSEL_MD5;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_MD5;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 9685010f3f..153747c87c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -266,6 +266,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, },
}, },
},
+ { /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* MD5 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -287,6 +308,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA1 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -308,6 +350,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -329,6 +392,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -350,6 +434,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -371,6 +476,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 04/11] crypto/dpaa_sec: support AES-XCBC-MAC
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 02/11] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 03/11] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 05/11] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
` (8 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES-XCBC-MAC algo.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 21 ++++++++++++++++++++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index eab14da96c..d7bc319373 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -47,6 +47,7 @@ SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
+AES XCBC MAC = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 4f5d9d7f49..dab0ad28c0 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -524,6 +524,14 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
!ses->dir,
ses->digest_length);
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ shared_desc_len = cnstr_shdsc_aes_mac(
+ cdb->sh_desc,
+ true, swap, SHR_NEVER,
+ &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
default:
DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
}
@@ -2165,6 +2173,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
session->auth_key.algmode = OP_ALG_AAI_F9;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2246,6 +2258,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2685,8 +2701,11 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
break;
- case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA256:
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 05/11] crypto/dpaa_sec: add support for AES CMAC integrity check
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (2 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 04/11] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-09-02 13:46 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 06/11] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
` (7 subsequent siblings)
11 siblings, 1 reply; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
3 files changed, 54 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index d7bc319373..6a8f77fb1d 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
AES XCBC MAC = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index dab0ad28c0..7d3f971f3c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -525,6 +525,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_CMAC:
shared_desc_len = cnstr_shdsc_aes_mac(
cdb->sh_desc,
true, swap, SHR_NEVER,
@@ -2177,6 +2178,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2262,6 +2267,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2697,6 +2706,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 153747c87c..faa740618f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -738,6 +738,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 06/11] common/dpaax: caamflib load correct HFN from DESCBUF
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (3 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 05/11] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 07/11] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
` (6 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
The offset of the HFn word and Bearer/Dir word is different
depending on type of PDB.
The wrong value was used.
This patch address this issue
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 7 +-
drivers/common/dpaax/caamflib/desc/sdap.h | 96 ++++++++++++++++++-----
2 files changed, 80 insertions(+), 23 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 659e289a45..e97d58cbc1 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -270,6 +270,9 @@ enum pdb_type_e {
PDCP_PDB_TYPE_INVALID
};
+#define REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET 4
+#define FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET 8
+
/**
* rta_inline_pdcp_query() - Provide indications if a key can be passed as
* immediate data or shall be referenced in a
@@ -2564,11 +2567,11 @@ insert_hfn_ov_op(struct program *p,
return 0;
case PDCP_PDB_TYPE_REDUCED_PDB:
- hfn_pdb_offset = 4;
+ hfn_pdb_offset = REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
break;
case PDCP_PDB_TYPE_FULL_PDB:
- hfn_pdb_offset = 8;
+ hfn_pdb_offset = FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
break;
default:
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index 6523db1733..f1c49ea3e6 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2020 NXP
+ * Copyright 2020-2021 NXP
*/
#ifndef __DESC_SDAP_H__
@@ -109,12 +109,17 @@ static inline int pdcp_sdap_insert_no_int_op(struct program *p,
bool swap __maybe_unused,
struct alginfo *cipherdata,
unsigned int dir,
- enum pdcp_sn_size sn_size)
+ enum pdcp_sn_size sn_size,
+ enum pdb_type_e pdb_type)
{
int op;
uint32_t sn_mask = 0;
uint32_t length = 0;
uint32_t offset = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (pdcp_sdap_get_sn_parameters(sn_size, swap, &offset, &length,
&sn_mask))
@@ -137,7 +142,8 @@ static inline int pdcp_sdap_insert_no_int_op(struct program *p,
SEQSTORE(p, MATH0, offset, length, 0);
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
MATHB(p, SEQINSZ, SUB, MATH3, VSEQINSZ, 4, 0);
@@ -190,9 +196,14 @@ pdcp_sdap_insert_enc_only_op(struct program *p, bool swap __maybe_unused,
struct alginfo *cipherdata,
struct alginfo *authdata __maybe_unused,
unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (pdcp_sdap_get_sn_parameters(sn_size, swap, &offset, &length,
&sn_mask))
@@ -217,7 +228,8 @@ pdcp_sdap_insert_enc_only_op(struct program *p, bool swap __maybe_unused,
/* Word (32 bit) swap */
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
/* Load words from PDB: word 02 (HFN) + word 03 (bearer_dir)*/
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
/* Create basic IV */
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
@@ -309,13 +321,18 @@ static inline int
pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
struct alginfo *cipherdata, struct alginfo *authdata,
unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
uint32_t int_op_alg = 0;
uint32_t int_op_aai = 0;
uint32_t cipher_op_alg = 0;
uint32_t cipher_op_aai = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (authdata->algtype == PDCP_CIPHER_TYPE_ZUC) {
if (rta_sec_era < RTA_SEC_ERA_5) {
@@ -362,11 +379,13 @@ pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
/* Load the HFN / Beare / Dir from the PDB
* CAAM word are 32bit hence loading 8 byte loads 2 words:
- * - The HFN at offset 8
- * - The Bearer / Dir at offset 12
+ * - The HFN at offset hfn_bearer_dir_offset_in_descbuf
+ * - The Bearer / Dir at next word
*/
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
- /* Create the 4 first byte of the ICV by oring the math registers */
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
+
+ /* Create the 4 first byte of the ICV by or-ing the math registers */
MATHB(p, MATH1, OR, MATH2, MATH1, 8, 0);
/* Set the IV of class 1 CHA */
@@ -562,11 +581,16 @@ pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
static inline int pdcp_sdap_insert_no_snoop_op(
struct program *p, bool swap __maybe_unused, struct alginfo *cipherdata,
struct alginfo *authdata, unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
uint32_t cipher_alg_op = 0;
uint32_t cipher_alg_aai = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (authdata->algtype == PDCP_CIPHER_TYPE_ZUC) {
if (rta_sec_era < RTA_SEC_ERA_5) {
@@ -592,7 +616,8 @@ static inline int pdcp_sdap_insert_no_snoop_op(
#endif
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
- MOVEB(p, DESCBUF, 8, MATH2, 0, 0x08, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 0x08, WAITCOMP | IMMED);
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
SEQSTORE(p, MATH0, offset, length, 0);
@@ -753,22 +778,51 @@ static inline int pdcp_sdap_insert_no_snoop_op(
return 0;
}
+static inline int
+pdcp_sdap_insert_cplane_null_op(struct program *p,
+ bool swap __maybe_unused,
+ struct alginfo *cipherdata,
+ struct alginfo *authdata,
+ unsigned int dir,
+ enum pdcp_sn_size sn_size,
+ unsigned char era_2_sw_hfn_ovrd,
+ enum pdb_type_e pdb_type __maybe_unused)
+{
+ return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
+ dir, sn_size, era_2_sw_hfn_ovrd);
+}
+
+static inline int
+pdcp_sdap_insert_cplane_int_only_op(struct program *p,
+ bool swap __maybe_unused,
+ struct alginfo *cipherdata,
+ struct alginfo *authdata,
+ unsigned int dir,
+ enum pdcp_sn_size sn_size,
+ unsigned char era_2_sw_hfn_ovrd,
+ enum pdb_type_e pdb_type __maybe_unused)
+{
+ return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
+ dir, sn_size, era_2_sw_hfn_ovrd);
+}
+
static int pdcp_sdap_insert_with_int_op(
struct program *p, bool swap __maybe_unused, struct alginfo *cipherdata,
struct alginfo *authdata, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd, unsigned int dir)
+ unsigned char era_2_sw_hfn_ovrd, unsigned int dir,
+ enum pdb_type_e pdb_type)
{
static int (
*pdcp_cp_fp[PDCP_CIPHER_TYPE_INVALID][PDCP_AUTH_TYPE_INVALID])(
struct program *, bool swap, struct alginfo *, struct alginfo *,
unsigned int, enum pdcp_sn_size,
- unsigned char __maybe_unused) = {
+ unsigned char __maybe_unused, enum pdb_type_e pdb_type) = {
{
/* NULL */
- pdcp_insert_cplane_null_op, /* NULL */
- pdcp_insert_cplane_int_only_op, /* SNOW f9 */
- pdcp_insert_cplane_int_only_op, /* AES CMAC */
- pdcp_insert_cplane_int_only_op /* ZUC-I */
+ pdcp_sdap_insert_cplane_null_op, /* NULL */
+ pdcp_sdap_insert_cplane_int_only_op, /* SNOW f9 */
+ pdcp_sdap_insert_cplane_int_only_op, /* AES CMAC */
+ pdcp_sdap_insert_cplane_int_only_op /* ZUC-I */
},
{
/* SNOW f8 */
@@ -796,7 +850,7 @@ static int pdcp_sdap_insert_with_int_op(
err = pdcp_cp_fp[cipherdata->algtype]
[authdata->algtype](p, swap, cipherdata, authdata, dir,
- sn_size, era_2_sw_hfn_ovrd);
+ sn_size, era_2_sw_hfn_ovrd, pdb_type);
if (err)
return err;
@@ -948,7 +1002,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
} else {
err = pdcp_sdap_insert_no_int_op(p, swap, cipherdata,
caps_mode,
- sn_size);
+ sn_size, pdb_type);
if (err) {
pr_err("Fail pdcp_sdap_insert_no_int_op\n");
return err;
@@ -958,7 +1012,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
err = pdcp_sdap_insert_with_int_op(p, swap, cipherdata,
authdata, sn_size,
era_2_sw_hfn_ovrd,
- caps_mode);
+ caps_mode, pdb_type);
if (err) {
pr_err("Fail pdcp_sdap_insert_with_int_op\n");
return err;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 07/11] common/dpaax: caamflib do not clear DPOVRD
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (4 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 06/11] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 08/11] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
` (5 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
For SDAP, we are not using the protocol operation to perform
4G/LTE operation so the DPOVRD option is not used.
Removing it save some space in the descriptor buffer and
execution time.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 14 ++++++++------
drivers/common/dpaax/caamflib/desc/sdap.h | 2 +-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index e97d58cbc1..5b3d846099 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -2546,7 +2546,8 @@ static inline int
insert_hfn_ov_op(struct program *p,
uint32_t shift,
enum pdb_type_e pdb_type,
- unsigned char era_2_sw_hfn_ovrd)
+ unsigned char era_2_sw_hfn_ovrd,
+ bool clear_dpovrd_at_end)
{
uint32_t imm = PDCP_DPOVRD_HFN_OV_EN;
uint16_t hfn_pdb_offset;
@@ -2597,13 +2598,14 @@ insert_hfn_ov_op(struct program *p,
MATHB(p, MATH0, SHLD, MATH0, MATH0, 8, 0);
MOVE(p, MATH0, 0, DESCBUF, hfn_pdb_offset, 4, IMMED);
- if (rta_sec_era >= RTA_SEC_ERA_8)
+ if (clear_dpovrd_at_end && (rta_sec_era >= RTA_SEC_ERA_8)) {
/*
* For ERA8, DPOVRD could be handled by the PROTOCOL command
* itself. For now, this is not done. Thus, clear DPOVRD here
* to alleviate any side-effects.
*/
MATHB(p, DPOVRD, AND, ZERO, DPOVRD, 4, STL);
+ }
SET_LABEL(p, keyjump);
PATCH_JUMP(p, pkeyjump, keyjump);
@@ -2989,7 +2991,7 @@ cnstr_shdsc_pdcp_c_plane_encap(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
err = insert_hfn_ov_op(p, sn_size, pdb_type,
- era_2_sw_hfn_ovrd);
+ era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3143,7 +3145,7 @@ cnstr_shdsc_pdcp_c_plane_decap(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
err = insert_hfn_ov_op(p, sn_size, pdb_type,
- era_2_sw_hfn_ovrd);
+ era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3319,7 +3321,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
}
SET_LABEL(p, pdb_end);
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3523,7 +3525,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
}
SET_LABEL(p, pdb_end);
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, true);
if (err)
return err;
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index f1c49ea3e6..d5d5850b4f 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -990,7 +990,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
/* Inser the HFN override operation */
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, false);
if (err)
return err;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 08/11] common/dpaax: enhance caamflib with inline keys
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (5 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 07/11] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 09/11] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
` (4 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
The space in descriptor buffer is scarce as it is limited to
64 words for platforms except ERA10 (which has 128).
As the descriptors are processed with QI, it adds some words
to the descriptor which is passed.
Some descriptors used for SDAP were using too much words reaching
the limit.
This patch reduces the number of words used by removing the inlining
of some keys (done for performance) in order to have working
descriptors.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/sdap.h | 61 ++++++++++++++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 28 ++++++++--
2 files changed, 81 insertions(+), 8 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index d5d5850b4f..b2497a5424 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -20,6 +20,63 @@
#define SDAP_BITS_SIZE (SDAP_BYTE_SIZE * 8)
#endif
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ * immediate data or shall be referenced in a
+ * shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_sdap_query(enum auth_type_pdcp auth_alg,
+ enum cipher_type_pdcp cipher_alg,
+ enum pdcp_sn_size sn_size,
+ int8_t hfn_ovd)
+{
+ int nb_key_to_inline = 0;
+
+ if ((cipher_alg != PDCP_CIPHER_TYPE_NULL) &&
+ (auth_alg != PDCP_AUTH_TYPE_NULL))
+ return 2;
+ else
+ return 0;
+
+ /**
+ * Shared Descriptors for some of the cases does not fit in the
+ * MAX_DESC_SIZE of the descriptor
+ * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+ * enabled and 12/18 bit uplane and either of following Algo combo.
+ * - AES-SNOW
+ * - AES-ZUC
+ * - SNOW-SNOW
+ * - SNOW-ZUC
+ * - ZUC-SNOW
+ * - ZUC-SNOW
+ *
+ * We cannot make inline for all cases, as this will impact performance
+ * due to extra memory accesses for the keys.
+ */
+
+ /* Inline only the cipher key */
+ if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+ ((sn_size == PDCP_SN_SIZE_12) ||
+ (sn_size == PDCP_SN_SIZE_18)) &&
+ (cipher_alg != PDCP_CIPHER_TYPE_NULL) &&
+ ((auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+ (auth_alg == PDCP_AUTH_TYPE_ZUC))) {
+
+ nb_key_to_inline++;
+
+ /* Sub case where inlining another key is required */
+ if ((cipher_alg == PDCP_CIPHER_TYPE_AES) &&
+ (auth_alg == PDCP_AUTH_TYPE_SNOW))
+ nb_key_to_inline++;
+ }
+
+ /* Inline both keys */
+
+ return nb_key_to_inline;
+}
+
static inline void key_loading_opti(struct program *p,
struct alginfo *cipherdata,
struct alginfo *authdata)
@@ -788,8 +845,8 @@ pdcp_sdap_insert_cplane_null_op(struct program *p,
unsigned char era_2_sw_hfn_ovrd,
enum pdb_type_e pdb_type __maybe_unused)
{
- return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
- dir, sn_size, era_2_sw_hfn_ovrd);
+ return pdcp_insert_cplane_null_op(p, swap, cipherdata, authdata, dir,
+ sn_size, era_2_sw_hfn_ovrd);
}
static inline int
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 87a94b2c04..3362e176a9 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3255,12 +3255,28 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
goto out;
}
- if (rta_inline_pdcp_query(authdata.algtype,
- cipherdata.algtype,
- session->pdcp.sn_size,
- session->pdcp.hfn_ovd)) {
- cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
- cipherdata.key_type = RTA_DATA_PTR;
+ if (pdcp_xform->sdap_enabled) {
+ int nb_keys_to_inline =
+ rta_inline_pdcp_sdap_query(authdata.algtype,
+ cipherdata.algtype,
+ session->pdcp.sn_size,
+ session->pdcp.hfn_ovd);
+ if (nb_keys_to_inline >= 1) {
+ cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
+ if (nb_keys_to_inline >= 2) {
+ authdata.key = DPAA2_VADDR_TO_IOVA(authdata.key);
+ authdata.key_type = RTA_DATA_PTR;
+ }
+ } else {
+ if (rta_inline_pdcp_query(authdata.algtype,
+ cipherdata.algtype,
+ session->pdcp.sn_size,
+ session->pdcp.hfn_ovd)) {
+ cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
}
if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 09/11] common/dpaax: fix IV value for shortMAC-I for SNOW algo
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (6 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 08/11] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 10/11] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
` (3 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh, stable
From: Gagandeep Singh <g.singh@nxp.com>
The logic was incorecly doing conditional swap. It need to
be bit swap always.
Fixes: 73a24060cd70 ("crypto/dpaa2_sec: add sample PDCP descriptor APIs")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 5b3d846099..8e8daf5ba8 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
* Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2020 NXP
+ * Copyright 2019-2021 NXP
*/
#ifndef __DESC_PDCP_H__
@@ -3715,9 +3715,10 @@ cnstr_shdsc_pdcp_short_mac(uint32_t *descbuf,
break;
case PDCP_AUTH_TYPE_SNOW:
+ /* IV calculation based on 3GPP specs. 36331, section:5.3.7.4 */
iv[0] = 0xFFFFFFFF;
- iv[1] = swap ? swab32(0x04000000) : 0x04000000;
- iv[2] = swap ? swab32(0xF8000000) : 0xF8000000;
+ iv[1] = swab32(0x04000000);
+ iv[2] = swab32(0xF8000000);
KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
authdata->keylen, INLINE_KEY(authdata));
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 10/11] crypto/dpaa_sec: force inline of the keys to save space
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (7 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 09/11] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 11/11] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
` (2 subsequent siblings)
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh, Franck LENORMAND
From: Gagandeep Singh <g.singh@nxp.com>
This patch improve storage and performance by force inline
of the keys.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa_sec/dpaa_sec.c | 35 ++++++++++++++++++++++--------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 7d3f971f3c..74f30bc5a4 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2017-2019 NXP
+ * Copyright 2017-2021 NXP
*
*/
@@ -260,14 +260,31 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
p_authdata = &authdata;
}
- if (rta_inline_pdcp_query(authdata.algtype,
- cipherdata.algtype,
- ses->pdcp.sn_size,
- ses->pdcp.hfn_ovd)) {
- cipherdata.key =
- (size_t)rte_dpaa_mem_vtop((void *)
- (size_t)cipherdata.key);
- cipherdata.key_type = RTA_DATA_PTR;
+ if (ses->pdcp.sdap_enabled) {
+ int nb_keys_to_inline =
+ rta_inline_pdcp_sdap_query(authdata.algtype,
+ cipherdata.algtype,
+ ses->pdcp.sn_size,
+ ses->pdcp.hfn_ovd);
+ if (nb_keys_to_inline >= 1) {
+ cipherdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
+ if (nb_keys_to_inline >= 2) {
+ authdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)authdata.key);
+ authdata.key_type = RTA_DATA_PTR;
+ }
+ } else {
+ if (rta_inline_pdcp_query(authdata.algtype,
+ cipherdata.algtype,
+ ses->pdcp.sn_size,
+ ses->pdcp.hfn_ovd)) {
+ cipherdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
}
if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v2 11/11] crypto/dpaa2_sec: add error packet counters
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (8 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 10/11] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
@ 2021-08-25 8:18 ` Hemant Agrawal
2021-09-02 12:46 ` [dpdk-dev] [EXT] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Akhil Goyal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
11 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-08-25 8:18 UTC (permalink / raw)
To: dev, gakhil
This patch add support to also counter err pkt counter per queue.
This also enhances few related debug prints.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 3362e176a9..3a8b11c4bb 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1702,8 +1702,9 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
if (unlikely(fd->simple.frc)) {
/* TODO Parse SEC errors */
- DPAA2_SEC_ERR("SEC returned Error - %x",
+ DPAA2_SEC_DP_ERR("SEC returned Error - %x\n",
fd->simple.frc);
+ dpaa2_qp->rx_vq.err_pkts += 1;
ops[num_rx]->status = RTE_CRYPTO_OP_STATUS_ERROR;
} else {
ops[num_rx]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1715,7 +1716,8 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
dpaa2_qp->rx_vq.rx_pkts += num_rx;
- DPAA2_SEC_DP_DEBUG("SEC Received %d Packets\n", num_rx);
+ DPAA2_SEC_DP_DEBUG("SEC RX pkts %d err pkts %" PRIu64 "\n", num_rx,
+ dpaa2_qp->rx_vq.err_pkts);
/*Return the total number of packets received to DPAA2 app*/
return num_rx;
}
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (9 preceding siblings ...)
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 11/11] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
@ 2021-09-02 12:46 ` Akhil Goyal
2021-09-02 13:48 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
11 siblings, 1 reply; 41+ messages in thread
From: Akhil Goyal @ 2021-09-02 12:46 UTC (permalink / raw)
To: Hemant Agrawal, dev; +Cc: stable
> This patch fixes the issue to check for next pointer as
> null in the integrity only case in pdcp-security context.
>
> Fixes: bef594ec5cc8 ("crypto/dpaa2_sec: support PDCP offload")
> Cc: stable@dpdk.org
This patch is not a fix and need not be backported, because integrity
only case is not a valid case for PDCP before the introduction of short MAC.
Since short MAC is supported here in this release only, this should be reworded
as to support short MAC, integrity-only case is required to be supported for
PDCP.
And this patch should be part of the short MAC-I series and not this one.
>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 +++++++++++----------
> 1 file changed, 13 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index fe90d9d2d8..87a94b2c04 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -3095,7 +3095,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
> struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
> struct rte_crypto_sym_xform *xform = conf->crypto_xform;
> struct rte_crypto_auth_xform *auth_xform = NULL;
> - struct rte_crypto_cipher_xform *cipher_xform;
> + struct rte_crypto_cipher_xform *cipher_xform = NULL;
> dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
> struct ctxt_priv *priv;
> struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
> @@ -3127,18 +3127,18 @@ dpaa2_sec_set_pdcp_session(struct
> rte_cryptodev *dev,
> flc = &priv->flc_desc[0].flc;
>
> /* find xfrm types */
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
> >next == NULL) {
> - cipher_xform = &xform->cipher;
> - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> - session->ext_params.aead_ctxt.auth_cipher_text = true;
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> cipher_xform = &xform->cipher;
> - auth_xform = &xform->next->auth;
> - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> - session->ext_params.aead_ctxt.auth_cipher_text = false;
> - cipher_xform = &xform->next->cipher;
> + if (xform->next != NULL) {
> + session->ext_params.aead_ctxt.auth_cipher_text =
> true;
> + auth_xform = &xform->next->auth;
> + }
> + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> auth_xform = &xform->auth;
> + if (xform->next != NULL) {
> + session->ext_params.aead_ctxt.auth_cipher_text =
> false;
> + cipher_xform = &xform->next->cipher;
> + }
> } else {
> DPAA2_SEC_ERR("Invalid crypto type");
> return -EINVAL;
> @@ -3177,7 +3177,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
> session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
> session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
> /* hfv ovd offset location is stored in iv.offset value*/
> - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> + if (cipher_xform)
> + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
>
> cipherdata.key = (size_t)session->cipher_key.data;
> cipherdata.keylen = session->cipher_key.length;
> --
> 2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v2 05/11] crypto/dpaa_sec: add support for AES CMAC integrity check
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 05/11] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-09-02 13:46 ` Akhil Goyal
0 siblings, 0 replies; 41+ messages in thread
From: Akhil Goyal @ 2021-09-02 13:46 UTC (permalink / raw)
To: Hemant Agrawal, dev; +Cc: Gagandeep Singh
> From: Gagandeep Singh <g.singh@nxp.com>
>
> This patch adds support for AES_CMAC integrity in non-security mode.
> This patch modifies the camm flib to handles the AES CMAC
> without conflicting the proto ALG operations. i.e. by creating
> another ALG operation routine.
Description do not match with the patch.
Camm flib is not updated in this patch.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
> drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
> drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
> 3 files changed, 54 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini
> b/doc/guides/cryptodevs/features/dpaa_sec.ini
> index d7bc319373..6a8f77fb1d 100644
> --- a/doc/guides/cryptodevs/features/dpaa_sec.ini
> +++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
> @@ -48,6 +48,7 @@ SHA512 HMAC = Y
> SNOW3G UIA2 = Y
> ZUC EIA3 = Y
> AES XCBC MAC = Y
> +AES CMAC (128) = Y
>
> ;
> ; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
> b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index dab0ad28c0..7d3f971f3c 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -525,6 +525,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->digest_length);
> break;
> case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> shared_desc_len = cnstr_shdsc_aes_mac(
> cdb->sh_desc,
> true, swap, SHR_NEVER,
> @@ -2177,6 +2178,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev
> __rte_unused,
> session->auth_key.alg = OP_ALG_ALGSEL_AES;
> session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
> break;
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_AES;
> + session->auth_key.algmode = OP_ALG_AAI_CMAC;
> + break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> xform->auth.algo);
> @@ -2262,6 +2267,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev
> __rte_unused,
> session->auth_key.alg = OP_ALG_ALGSEL_AES;
> session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
> break;
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_AES;
> + session->auth_key.algmode = OP_ALG_AAI_CMAC;
> + break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> auth_xform->algo);
> @@ -2697,6 +2706,7 @@ dpaa_sec_ipsec_proto_init(struct
> rte_crypto_cipher_xform *cipher_xform,
> break;
> case RTE_CRYPTO_AUTH_AES_CMAC:
> session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
> + session->auth_key.algmode = OP_ALG_AAI_CMAC;
> break;
> case RTE_CRYPTO_AUTH_NULL:
> session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h
> b/drivers/crypto/dpaa_sec/dpaa_sec.h
> index 153747c87c..faa740618f 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.h
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
> @@ -738,6 +738,49 @@ static const struct rte_cryptodev_capabilities
> dpaa_sec_capabilities[] = {
> }, }
> }, }
> },
> + { /* AES CMAC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_AES_CMAC,
> + .block_size = 16,
> + .key_size = {
> + .min = 1,
> + .max = 16,
> + .increment = 1
> + },
> + .digest_size = {
> + .min = 12,
> + .max = 16,
> + .increment = 4
> + },
> + .iv_size = { 0 }
> + }, }
> + }, }
> + },
> + { /* AES XCBC HMAC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
> + .block_size = 16,
> + .key_size = {
> + .min = 1,
> + .max = 16,
> + .increment = 1
> + },
> + .digest_size = {
> + .min = 12,
> + .max = 16,
> + .increment = 4
> + },
> + .aad_size = { 0 },
> + .iv_size = { 0 }
> + }, }
> + }, }
> + },
> RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> };
>
> --
> 2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case
2021-09-02 12:46 ` [dpdk-dev] [EXT] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Akhil Goyal
@ 2021-09-02 13:48 ` Hemant Agrawal
0 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-02 13:48 UTC (permalink / raw)
To: Akhil Goyal, Hemant Agrawal, dev; +Cc: stable
On 9/2/2021 6:16 PM, Akhil Goyal wrote:
>> This patch fixes the issue to check for next pointer as
>> null in the integrity only case in pdcp-security context.
>>
>> Fixes: bef594ec5cc8 ("crypto/dpaa2_sec: support PDCP offload")
>> Cc: stable@dpdk.org
> This patch is not a fix and need not be backported, because integrity
> only case is not a valid case for PDCP before the introduction of short MAC.
> Since short MAC is supported here in this release only, this should be reworded
> as to support short MAC, integrity-only case is required to be supported for
> PDCP.
> And this patch should be part of the short MAC-I series and not this one.
Ok,
>> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
>> ---
>> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 +++++++++++----------
>> 1 file changed, 13 insertions(+), 12 deletions(-)
>>
>> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
>> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
>> index fe90d9d2d8..87a94b2c04 100644
>> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
>> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
>> @@ -3095,7 +3095,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
>> *dev,
>> struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
>> struct rte_crypto_sym_xform *xform = conf->crypto_xform;
>> struct rte_crypto_auth_xform *auth_xform = NULL;
>> - struct rte_crypto_cipher_xform *cipher_xform;
>> + struct rte_crypto_cipher_xform *cipher_xform = NULL;
>> dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
>> struct ctxt_priv *priv;
>> struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
>> @@ -3127,18 +3127,18 @@ dpaa2_sec_set_pdcp_session(struct
>> rte_cryptodev *dev,
>> flc = &priv->flc_desc[0].flc;
>>
>> /* find xfrm types */
>> - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
>>> next == NULL) {
>> - cipher_xform = &xform->cipher;
>> - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
>> - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
>> - session->ext_params.aead_ctxt.auth_cipher_text = true;
>> + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
>> cipher_xform = &xform->cipher;
>> - auth_xform = &xform->next->auth;
>> - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
>> - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
>> - session->ext_params.aead_ctxt.auth_cipher_text = false;
>> - cipher_xform = &xform->next->cipher;
>> + if (xform->next != NULL) {
>> + session->ext_params.aead_ctxt.auth_cipher_text =
>> true;
>> + auth_xform = &xform->next->auth;
>> + }
>> + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
>> auth_xform = &xform->auth;
>> + if (xform->next != NULL) {
>> + session->ext_params.aead_ctxt.auth_cipher_text =
>> false;
>> + cipher_xform = &xform->next->cipher;
>> + }
>> } else {
>> DPAA2_SEC_ERR("Invalid crypto type");
>> return -EINVAL;
>> @@ -3177,7 +3177,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
>> *dev,
>> session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
>> session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
>> /* hfv ovd offset location is stored in iv.offset value*/
>> - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
>> + if (cipher_xform)
>> + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
>>
>> cipherdata.key = (size_t)session->cipher_key.data;
>> cipherdata.keylen = session->cipher_key.length;
>> --
>> 2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
` (10 preceding siblings ...)
2021-09-02 12:46 ` [dpdk-dev] [EXT] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Akhil Goyal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
` (10 more replies)
11 siblings, 11 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
add DES-CBC support and enable available cipher-only
test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 13 +++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 20 ++++++++++++++++++++
3 files changed, 34 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 243f3e1d67..5d0d04d601 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -24,6 +24,7 @@ AES CBC (256) = Y
AES CTR (128) = Y
AES CTR (192) = Y
AES CTR (256) = Y
+DES CBC = Y
3DES CBC = Y
SNOW3G UEA2 = Y
ZUC EEA3 = Y
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 7534f80195..0a58f4e917 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -451,6 +451,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
switch (ses->cipher_alg) {
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
case RTE_CRYPTO_CIPHER_3DES_CTR:
shared_desc_len = cnstr_shdsc_blkcipher(
@@ -2040,6 +2041,10 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2215,6 +2220,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2664,6 +2673,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_PCL_IPSEC_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_PCL_IPSEC_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 2e0ab93ff0..9685010f3f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -482,6 +482,26 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 02/10] crypto/dpaa_sec: support non-HMAC auth algos
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 03/10] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
` (9 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch add support for non-HMAC, md5, shax algos.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 8 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 55 +++++++--
drivers/crypto/dpaa_sec/dpaa_sec.h | 126 ++++++++++++++++++++
3 files changed, 180 insertions(+), 9 deletions(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 5d0d04d601..eab14da96c 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -33,11 +33,17 @@ ZUC EEA3 = Y
; Supported authentication algorithms of the 'dpaa_sec' crypto driver.
;
[Auth]
+MD5 = Y
MD5 HMAC = Y
+SHA1 = Y
SHA1 HMAC = Y
+SHA224 = Y
SHA224 HMAC = Y
+SHA256 = Y
SHA256 HMAC = Y
+SHA384 = Y
SHA384 HMAC = Y
+SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
@@ -53,4 +59,4 @@ AES GCM (256) = Y
;
; Supported Asymmetric algorithms of the 'dpaa_sec' crypto driver.
;
-[Asymmetric]
\ No newline at end of file
+[Asymmetric]
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 0a58f4e917..4f5d9d7f49 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -486,6 +486,18 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
alginfo_a.algtype = ses->auth_key.alg;
alginfo_a.algmode = ses->auth_key.algmode;
switch (ses->auth_alg) {
+ case RTE_CRYPTO_AUTH_MD5:
+ case RTE_CRYPTO_AUTH_SHA1:
+ case RTE_CRYPTO_AUTH_SHA224:
+ case RTE_CRYPTO_AUTH_SHA256:
+ case RTE_CRYPTO_AUTH_SHA384:
+ case RTE_CRYPTO_AUTH_SHA512:
+ shared_desc_len = cnstr_shdsc_hash(
+ cdb->sh_desc, true,
+ swap, SHR_NEVER, &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA224_HMAC:
@@ -2077,43 +2089,70 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
{
session->ctxt = DPAA_SEC_AUTH;
session->auth_alg = xform->auth.algo;
- session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
+ session->auth_key.length = xform->auth.key.length;
+ if (xform->auth.key.length) {
+ session->auth_key.data =
+ rte_zmalloc(NULL, xform->auth.key.length,
RTE_CACHE_LINE_SIZE);
- if (session->auth_key.data == NULL && xform->auth.key.length > 0) {
- DPAA_SEC_ERR("No Memory for auth key");
- return -ENOMEM;
+ if (session->auth_key.data == NULL) {
+ DPAA_SEC_ERR("No Memory for auth key");
+ return -ENOMEM;
+ }
+ memcpy(session->auth_key.data, xform->auth.key.data,
+ xform->auth.key.length);
+
}
- session->auth_key.length = xform->auth.key.length;
session->digest_length = xform->auth.digest_length;
if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) {
session->iv.offset = xform->auth.iv.offset;
session->iv.length = xform->auth.iv.length;
}
- memcpy(session->auth_key.data, xform->auth.key.data,
- xform->auth.key.length);
-
switch (xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_MD5:
+ session->auth_key.alg = OP_ALG_ALGSEL_MD5;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_MD5;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 9685010f3f..153747c87c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -266,6 +266,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, },
}, },
},
+ { /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* MD5 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -287,6 +308,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA1 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -308,6 +350,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -329,6 +392,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -350,6 +434,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -371,6 +476,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 03/10] crypto/dpaa_sec: support AES-XCBC-MAC
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
` (8 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES-XCBC-MAC algo.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 21 ++++++++++++++++++++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index eab14da96c..d7bc319373 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -47,6 +47,7 @@ SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
+AES XCBC MAC = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 4f5d9d7f49..dab0ad28c0 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -524,6 +524,14 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
!ses->dir,
ses->digest_length);
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ shared_desc_len = cnstr_shdsc_aes_mac(
+ cdb->sh_desc,
+ true, swap, SHR_NEVER,
+ &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
default:
DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
}
@@ -2165,6 +2173,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
session->auth_key.algmode = OP_ALG_AAI_F9;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2246,6 +2258,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2685,8 +2701,11 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
break;
- case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA256:
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 03/10] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 05/10] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
` (7 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES_CMAC integrity in non-security mode.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
3 files changed, 54 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index d7bc319373..6a8f77fb1d 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
AES XCBC MAC = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index dab0ad28c0..7d3f971f3c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -525,6 +525,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_CMAC:
shared_desc_len = cnstr_shdsc_aes_mac(
cdb->sh_desc,
true, swap, SHR_NEVER,
@@ -2177,6 +2178,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2262,6 +2267,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2697,6 +2706,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 153747c87c..faa740618f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -738,6 +738,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 05/10] common/dpaax: caamflib load correct HFN from DESCBUF
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (2 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 06/10] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
` (6 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
The offset of the HFn word and Bearer/Dir word is different
depending on type of PDB.
The wrong value was used.
This patch address this issue
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 7 +-
drivers/common/dpaax/caamflib/desc/sdap.h | 96 ++++++++++++++++++-----
2 files changed, 80 insertions(+), 23 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 659e289a45..e97d58cbc1 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -270,6 +270,9 @@ enum pdb_type_e {
PDCP_PDB_TYPE_INVALID
};
+#define REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET 4
+#define FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET 8
+
/**
* rta_inline_pdcp_query() - Provide indications if a key can be passed as
* immediate data or shall be referenced in a
@@ -2564,11 +2567,11 @@ insert_hfn_ov_op(struct program *p,
return 0;
case PDCP_PDB_TYPE_REDUCED_PDB:
- hfn_pdb_offset = 4;
+ hfn_pdb_offset = REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
break;
case PDCP_PDB_TYPE_FULL_PDB:
- hfn_pdb_offset = 8;
+ hfn_pdb_offset = FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
break;
default:
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index 6523db1733..f1c49ea3e6 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2020 NXP
+ * Copyright 2020-2021 NXP
*/
#ifndef __DESC_SDAP_H__
@@ -109,12 +109,17 @@ static inline int pdcp_sdap_insert_no_int_op(struct program *p,
bool swap __maybe_unused,
struct alginfo *cipherdata,
unsigned int dir,
- enum pdcp_sn_size sn_size)
+ enum pdcp_sn_size sn_size,
+ enum pdb_type_e pdb_type)
{
int op;
uint32_t sn_mask = 0;
uint32_t length = 0;
uint32_t offset = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (pdcp_sdap_get_sn_parameters(sn_size, swap, &offset, &length,
&sn_mask))
@@ -137,7 +142,8 @@ static inline int pdcp_sdap_insert_no_int_op(struct program *p,
SEQSTORE(p, MATH0, offset, length, 0);
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
MATHB(p, SEQINSZ, SUB, MATH3, VSEQINSZ, 4, 0);
@@ -190,9 +196,14 @@ pdcp_sdap_insert_enc_only_op(struct program *p, bool swap __maybe_unused,
struct alginfo *cipherdata,
struct alginfo *authdata __maybe_unused,
unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (pdcp_sdap_get_sn_parameters(sn_size, swap, &offset, &length,
&sn_mask))
@@ -217,7 +228,8 @@ pdcp_sdap_insert_enc_only_op(struct program *p, bool swap __maybe_unused,
/* Word (32 bit) swap */
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
/* Load words from PDB: word 02 (HFN) + word 03 (bearer_dir)*/
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
/* Create basic IV */
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
@@ -309,13 +321,18 @@ static inline int
pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
struct alginfo *cipherdata, struct alginfo *authdata,
unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
uint32_t int_op_alg = 0;
uint32_t int_op_aai = 0;
uint32_t cipher_op_alg = 0;
uint32_t cipher_op_aai = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (authdata->algtype == PDCP_CIPHER_TYPE_ZUC) {
if (rta_sec_era < RTA_SEC_ERA_5) {
@@ -362,11 +379,13 @@ pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
/* Load the HFN / Beare / Dir from the PDB
* CAAM word are 32bit hence loading 8 byte loads 2 words:
- * - The HFN at offset 8
- * - The Bearer / Dir at offset 12
+ * - The HFN at offset hfn_bearer_dir_offset_in_descbuf
+ * - The Bearer / Dir at next word
*/
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
- /* Create the 4 first byte of the ICV by oring the math registers */
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
+
+ /* Create the 4 first byte of the ICV by or-ing the math registers */
MATHB(p, MATH1, OR, MATH2, MATH1, 8, 0);
/* Set the IV of class 1 CHA */
@@ -562,11 +581,16 @@ pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
static inline int pdcp_sdap_insert_no_snoop_op(
struct program *p, bool swap __maybe_unused, struct alginfo *cipherdata,
struct alginfo *authdata, unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
uint32_t cipher_alg_op = 0;
uint32_t cipher_alg_aai = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (authdata->algtype == PDCP_CIPHER_TYPE_ZUC) {
if (rta_sec_era < RTA_SEC_ERA_5) {
@@ -592,7 +616,8 @@ static inline int pdcp_sdap_insert_no_snoop_op(
#endif
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
- MOVEB(p, DESCBUF, 8, MATH2, 0, 0x08, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 0x08, WAITCOMP | IMMED);
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
SEQSTORE(p, MATH0, offset, length, 0);
@@ -753,22 +778,51 @@ static inline int pdcp_sdap_insert_no_snoop_op(
return 0;
}
+static inline int
+pdcp_sdap_insert_cplane_null_op(struct program *p,
+ bool swap __maybe_unused,
+ struct alginfo *cipherdata,
+ struct alginfo *authdata,
+ unsigned int dir,
+ enum pdcp_sn_size sn_size,
+ unsigned char era_2_sw_hfn_ovrd,
+ enum pdb_type_e pdb_type __maybe_unused)
+{
+ return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
+ dir, sn_size, era_2_sw_hfn_ovrd);
+}
+
+static inline int
+pdcp_sdap_insert_cplane_int_only_op(struct program *p,
+ bool swap __maybe_unused,
+ struct alginfo *cipherdata,
+ struct alginfo *authdata,
+ unsigned int dir,
+ enum pdcp_sn_size sn_size,
+ unsigned char era_2_sw_hfn_ovrd,
+ enum pdb_type_e pdb_type __maybe_unused)
+{
+ return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
+ dir, sn_size, era_2_sw_hfn_ovrd);
+}
+
static int pdcp_sdap_insert_with_int_op(
struct program *p, bool swap __maybe_unused, struct alginfo *cipherdata,
struct alginfo *authdata, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd, unsigned int dir)
+ unsigned char era_2_sw_hfn_ovrd, unsigned int dir,
+ enum pdb_type_e pdb_type)
{
static int (
*pdcp_cp_fp[PDCP_CIPHER_TYPE_INVALID][PDCP_AUTH_TYPE_INVALID])(
struct program *, bool swap, struct alginfo *, struct alginfo *,
unsigned int, enum pdcp_sn_size,
- unsigned char __maybe_unused) = {
+ unsigned char __maybe_unused, enum pdb_type_e pdb_type) = {
{
/* NULL */
- pdcp_insert_cplane_null_op, /* NULL */
- pdcp_insert_cplane_int_only_op, /* SNOW f9 */
- pdcp_insert_cplane_int_only_op, /* AES CMAC */
- pdcp_insert_cplane_int_only_op /* ZUC-I */
+ pdcp_sdap_insert_cplane_null_op, /* NULL */
+ pdcp_sdap_insert_cplane_int_only_op, /* SNOW f9 */
+ pdcp_sdap_insert_cplane_int_only_op, /* AES CMAC */
+ pdcp_sdap_insert_cplane_int_only_op /* ZUC-I */
},
{
/* SNOW f8 */
@@ -796,7 +850,7 @@ static int pdcp_sdap_insert_with_int_op(
err = pdcp_cp_fp[cipherdata->algtype]
[authdata->algtype](p, swap, cipherdata, authdata, dir,
- sn_size, era_2_sw_hfn_ovrd);
+ sn_size, era_2_sw_hfn_ovrd, pdb_type);
if (err)
return err;
@@ -948,7 +1002,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
} else {
err = pdcp_sdap_insert_no_int_op(p, swap, cipherdata,
caps_mode,
- sn_size);
+ sn_size, pdb_type);
if (err) {
pr_err("Fail pdcp_sdap_insert_no_int_op\n");
return err;
@@ -958,7 +1012,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
err = pdcp_sdap_insert_with_int_op(p, swap, cipherdata,
authdata, sn_size,
era_2_sw_hfn_ovrd,
- caps_mode);
+ caps_mode, pdb_type);
if (err) {
pr_err("Fail pdcp_sdap_insert_with_int_op\n");
return err;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 06/10] common/dpaax: caamflib do not clear DPOVRD
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (3 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 05/10] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 07/10] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
` (5 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
For SDAP, we are not using the protocol operation to perform
4G/LTE operation so the DPOVRD option is not used.
Removing it save some space in the descriptor buffer and
execution time.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 14 ++++++++------
drivers/common/dpaax/caamflib/desc/sdap.h | 2 +-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index e97d58cbc1..5b3d846099 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -2546,7 +2546,8 @@ static inline int
insert_hfn_ov_op(struct program *p,
uint32_t shift,
enum pdb_type_e pdb_type,
- unsigned char era_2_sw_hfn_ovrd)
+ unsigned char era_2_sw_hfn_ovrd,
+ bool clear_dpovrd_at_end)
{
uint32_t imm = PDCP_DPOVRD_HFN_OV_EN;
uint16_t hfn_pdb_offset;
@@ -2597,13 +2598,14 @@ insert_hfn_ov_op(struct program *p,
MATHB(p, MATH0, SHLD, MATH0, MATH0, 8, 0);
MOVE(p, MATH0, 0, DESCBUF, hfn_pdb_offset, 4, IMMED);
- if (rta_sec_era >= RTA_SEC_ERA_8)
+ if (clear_dpovrd_at_end && (rta_sec_era >= RTA_SEC_ERA_8)) {
/*
* For ERA8, DPOVRD could be handled by the PROTOCOL command
* itself. For now, this is not done. Thus, clear DPOVRD here
* to alleviate any side-effects.
*/
MATHB(p, DPOVRD, AND, ZERO, DPOVRD, 4, STL);
+ }
SET_LABEL(p, keyjump);
PATCH_JUMP(p, pkeyjump, keyjump);
@@ -2989,7 +2991,7 @@ cnstr_shdsc_pdcp_c_plane_encap(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
err = insert_hfn_ov_op(p, sn_size, pdb_type,
- era_2_sw_hfn_ovrd);
+ era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3143,7 +3145,7 @@ cnstr_shdsc_pdcp_c_plane_decap(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
err = insert_hfn_ov_op(p, sn_size, pdb_type,
- era_2_sw_hfn_ovrd);
+ era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3319,7 +3321,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
}
SET_LABEL(p, pdb_end);
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3523,7 +3525,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
}
SET_LABEL(p, pdb_end);
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, true);
if (err)
return err;
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index f1c49ea3e6..d5d5850b4f 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -990,7 +990,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
/* Inser the HFN override operation */
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, false);
if (err)
return err;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 07/10] common/dpaax: enhance caamflib with inline keys
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (4 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 06/10] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
` (4 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
The space in descriptor buffer is scarce as it is limited to
64 words for platforms except ERA10 (which has 128).
As the descriptors are processed with QI, it adds some words
to the descriptor which is passed.
Some descriptors used for SDAP were using too much words reaching
the limit.
This patch reduces the number of words used by removing the inlining
of some keys (done for performance) in order to have working
descriptors.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/sdap.h | 61 ++++++++++++++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 28 ++++++++--
2 files changed, 81 insertions(+), 8 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index d5d5850b4f..b2497a5424 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -20,6 +20,63 @@
#define SDAP_BITS_SIZE (SDAP_BYTE_SIZE * 8)
#endif
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ * immediate data or shall be referenced in a
+ * shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_sdap_query(enum auth_type_pdcp auth_alg,
+ enum cipher_type_pdcp cipher_alg,
+ enum pdcp_sn_size sn_size,
+ int8_t hfn_ovd)
+{
+ int nb_key_to_inline = 0;
+
+ if ((cipher_alg != PDCP_CIPHER_TYPE_NULL) &&
+ (auth_alg != PDCP_AUTH_TYPE_NULL))
+ return 2;
+ else
+ return 0;
+
+ /**
+ * Shared Descriptors for some of the cases does not fit in the
+ * MAX_DESC_SIZE of the descriptor
+ * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+ * enabled and 12/18 bit uplane and either of following Algo combo.
+ * - AES-SNOW
+ * - AES-ZUC
+ * - SNOW-SNOW
+ * - SNOW-ZUC
+ * - ZUC-SNOW
+ * - ZUC-SNOW
+ *
+ * We cannot make inline for all cases, as this will impact performance
+ * due to extra memory accesses for the keys.
+ */
+
+ /* Inline only the cipher key */
+ if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+ ((sn_size == PDCP_SN_SIZE_12) ||
+ (sn_size == PDCP_SN_SIZE_18)) &&
+ (cipher_alg != PDCP_CIPHER_TYPE_NULL) &&
+ ((auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+ (auth_alg == PDCP_AUTH_TYPE_ZUC))) {
+
+ nb_key_to_inline++;
+
+ /* Sub case where inlining another key is required */
+ if ((cipher_alg == PDCP_CIPHER_TYPE_AES) &&
+ (auth_alg == PDCP_AUTH_TYPE_SNOW))
+ nb_key_to_inline++;
+ }
+
+ /* Inline both keys */
+
+ return nb_key_to_inline;
+}
+
static inline void key_loading_opti(struct program *p,
struct alginfo *cipherdata,
struct alginfo *authdata)
@@ -788,8 +845,8 @@ pdcp_sdap_insert_cplane_null_op(struct program *p,
unsigned char era_2_sw_hfn_ovrd,
enum pdb_type_e pdb_type __maybe_unused)
{
- return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
- dir, sn_size, era_2_sw_hfn_ovrd);
+ return pdcp_insert_cplane_null_op(p, swap, cipherdata, authdata, dir,
+ sn_size, era_2_sw_hfn_ovrd);
}
static inline int
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index fe90d9d2d8..cca1963da9 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3254,12 +3254,28 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
goto out;
}
- if (rta_inline_pdcp_query(authdata.algtype,
- cipherdata.algtype,
- session->pdcp.sn_size,
- session->pdcp.hfn_ovd)) {
- cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
- cipherdata.key_type = RTA_DATA_PTR;
+ if (pdcp_xform->sdap_enabled) {
+ int nb_keys_to_inline =
+ rta_inline_pdcp_sdap_query(authdata.algtype,
+ cipherdata.algtype,
+ session->pdcp.sn_size,
+ session->pdcp.hfn_ovd);
+ if (nb_keys_to_inline >= 1) {
+ cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
+ if (nb_keys_to_inline >= 2) {
+ authdata.key = DPAA2_VADDR_TO_IOVA(authdata.key);
+ authdata.key_type = RTA_DATA_PTR;
+ }
+ } else {
+ if (rta_inline_pdcp_query(authdata.algtype,
+ cipherdata.algtype,
+ session->pdcp.sn_size,
+ session->pdcp.hfn_ovd)) {
+ cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
}
if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (5 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 07/10] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 09/10] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
` (3 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh, stable
From: Gagandeep Singh <g.singh@nxp.com>
The logic was incorecly doing conditional swap. It need to
be bit swap always.
Fixes: 73a24060cd70 ("crypto/dpaa2_sec: add sample PDCP descriptor APIs")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 5b3d846099..8e8daf5ba8 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
* Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2020 NXP
+ * Copyright 2019-2021 NXP
*/
#ifndef __DESC_PDCP_H__
@@ -3715,9 +3715,10 @@ cnstr_shdsc_pdcp_short_mac(uint32_t *descbuf,
break;
case PDCP_AUTH_TYPE_SNOW:
+ /* IV calculation based on 3GPP specs. 36331, section:5.3.7.4 */
iv[0] = 0xFFFFFFFF;
- iv[1] = swap ? swab32(0x04000000) : 0x04000000;
- iv[2] = swap ? swab32(0xF8000000) : 0xF8000000;
+ iv[1] = swab32(0x04000000);
+ iv[2] = swab32(0xF8000000);
KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
authdata->keylen, INLINE_KEY(authdata));
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 09/10] crypto/dpaa_sec: force inline of the keys to save space
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (6 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 10/10] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
` (2 subsequent siblings)
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh, Franck LENORMAND
From: Gagandeep Singh <g.singh@nxp.com>
This patch improve storage and performance by force inline
of the keys.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa_sec/dpaa_sec.c | 35 ++++++++++++++++++++++--------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 7d3f971f3c..74f30bc5a4 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2017-2019 NXP
+ * Copyright 2017-2021 NXP
*
*/
@@ -260,14 +260,31 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
p_authdata = &authdata;
}
- if (rta_inline_pdcp_query(authdata.algtype,
- cipherdata.algtype,
- ses->pdcp.sn_size,
- ses->pdcp.hfn_ovd)) {
- cipherdata.key =
- (size_t)rte_dpaa_mem_vtop((void *)
- (size_t)cipherdata.key);
- cipherdata.key_type = RTA_DATA_PTR;
+ if (ses->pdcp.sdap_enabled) {
+ int nb_keys_to_inline =
+ rta_inline_pdcp_sdap_query(authdata.algtype,
+ cipherdata.algtype,
+ ses->pdcp.sn_size,
+ ses->pdcp.hfn_ovd);
+ if (nb_keys_to_inline >= 1) {
+ cipherdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
+ if (nb_keys_to_inline >= 2) {
+ authdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)authdata.key);
+ authdata.key_type = RTA_DATA_PTR;
+ }
+ } else {
+ if (rta_inline_pdcp_query(authdata.algtype,
+ cipherdata.algtype,
+ ses->pdcp.sn_size,
+ ses->pdcp.hfn_ovd)) {
+ cipherdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
}
if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v3 10/10] crypto/dpaa2_sec: add error packet counters
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (7 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 09/10] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
@ 2021-09-07 8:39 ` Hemant Agrawal
2021-09-07 11:47 ` [dpdk-dev] [EXT] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Akhil Goyal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
10 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-07 8:39 UTC (permalink / raw)
To: dev, gakhil
This patch add support to also counter err pkt counter per queue.
This also enhances few related debug prints.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index cca1963da9..c000da18dc 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1702,8 +1702,9 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
if (unlikely(fd->simple.frc)) {
/* TODO Parse SEC errors */
- DPAA2_SEC_ERR("SEC returned Error - %x",
+ DPAA2_SEC_DP_ERR("SEC returned Error - %x\n",
fd->simple.frc);
+ dpaa2_qp->rx_vq.err_pkts += 1;
ops[num_rx]->status = RTE_CRYPTO_OP_STATUS_ERROR;
} else {
ops[num_rx]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1715,7 +1716,8 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
dpaa2_qp->rx_vq.rx_pkts += num_rx;
- DPAA2_SEC_DP_DEBUG("SEC Received %d Packets\n", num_rx);
+ DPAA2_SEC_DP_DEBUG("SEC RX pkts %d err pkts %" PRIu64 "\n", num_rx,
+ dpaa2_qp->rx_vq.err_pkts);
/*Return the total number of packets received to DPAA2 app*/
return num_rx;
}
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (8 preceding siblings ...)
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 10/10] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
@ 2021-09-07 11:47 ` Akhil Goyal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
10 siblings, 0 replies; 41+ messages in thread
From: Akhil Goyal @ 2021-09-07 11:47 UTC (permalink / raw)
To: Hemant Agrawal, dev; +Cc: Gagandeep Singh
> From: Gagandeep Singh <g.singh@nxp.com>
>
> add DES-CBC support and enable available cipher-only
> test cases.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
Release notes missing for the new features added in PMDs.
Please update sequentially in each of the patches.
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 01/10] crypto/dpaa_sec: support DES-CBC
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
` (9 preceding siblings ...)
2021-09-07 11:47 ` [dpdk-dev] [EXT] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Akhil Goyal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
` (9 more replies)
10 siblings, 10 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
add DES-CBC support and enable available cipher-only
test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
doc/guides/rel_notes/release_21_11.rst | 3 +++
drivers/crypto/dpaa_sec/dpaa_sec.c | 13 +++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 20 ++++++++++++++++++++
4 files changed, 37 insertions(+)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 243f3e1d67..5d0d04d601 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -24,6 +24,7 @@ AES CBC (256) = Y
AES CTR (128) = Y
AES CTR (192) = Y
AES CTR (256) = Y
+DES CBC = Y
3DES CBC = Y
SNOW3G UEA2 = Y
ZUC EEA3 = Y
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 411fa9530a..4aa16d6915 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -73,6 +73,9 @@ New Features
* Added event crypto adapter OP_FORWARD mode support.
+* **Updated NXP dpaa_sec crypto PMD.**
+
+ * Added DES-CBC algo support
Removed Items
-------------
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 19d4684e24..af5c7c499c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -454,6 +454,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
switch (ses->cipher_alg) {
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
case RTE_CRYPTO_CIPHER_3DES_CTR:
shared_desc_len = cnstr_shdsc_blkcipher(
@@ -2043,6 +2044,10 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2218,6 +2223,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_AES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
@@ -2667,6 +2676,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ session->cipher_key.alg = OP_PCL_IPSEC_DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
session->cipher_key.alg = OP_PCL_IPSEC_3DES;
session->cipher_key.algmode = OP_ALG_AAI_CBC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 368699678b..216e8c8b6f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -456,6 +456,26 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 02/10] crypto/dpaa_sec: support non-HMAC auth algos
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 03/10] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
` (8 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch add support for non-HMAC, md5, shax algos.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 8 +-
doc/guides/rel_notes/release_21_11.rst | 2 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 55 +++++++--
drivers/crypto/dpaa_sec/dpaa_sec.h | 126 ++++++++++++++++++++
4 files changed, 181 insertions(+), 10 deletions(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index 5d0d04d601..eab14da96c 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -33,11 +33,17 @@ ZUC EEA3 = Y
; Supported authentication algorithms of the 'dpaa_sec' crypto driver.
;
[Auth]
+MD5 = Y
MD5 HMAC = Y
+SHA1 = Y
SHA1 HMAC = Y
+SHA224 = Y
SHA224 HMAC = Y
+SHA256 = Y
SHA256 HMAC = Y
+SHA384 = Y
SHA384 HMAC = Y
+SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
@@ -53,4 +59,4 @@ AES GCM (256) = Y
;
; Supported Asymmetric algorithms of the 'dpaa_sec' crypto driver.
;
-[Asymmetric]
\ No newline at end of file
+[Asymmetric]
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 4aa16d6915..88c2a31d49 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -75,7 +75,7 @@ New Features
* **Updated NXP dpaa_sec crypto PMD.**
- * Added DES-CBC algo support
+ * Added DES-CBC and non-HMAC algo support
Removed Items
-------------
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index af5c7c499c..95b9d7414f 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -489,6 +489,18 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
alginfo_a.algtype = ses->auth_key.alg;
alginfo_a.algmode = ses->auth_key.algmode;
switch (ses->auth_alg) {
+ case RTE_CRYPTO_AUTH_MD5:
+ case RTE_CRYPTO_AUTH_SHA1:
+ case RTE_CRYPTO_AUTH_SHA224:
+ case RTE_CRYPTO_AUTH_SHA256:
+ case RTE_CRYPTO_AUTH_SHA384:
+ case RTE_CRYPTO_AUTH_SHA512:
+ shared_desc_len = cnstr_shdsc_hash(
+ cdb->sh_desc, true,
+ swap, SHR_NEVER, &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA224_HMAC:
@@ -2080,43 +2092,70 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
{
session->ctxt = DPAA_SEC_AUTH;
session->auth_alg = xform->auth.algo;
- session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
+ session->auth_key.length = xform->auth.key.length;
+ if (xform->auth.key.length) {
+ session->auth_key.data =
+ rte_zmalloc(NULL, xform->auth.key.length,
RTE_CACHE_LINE_SIZE);
- if (session->auth_key.data == NULL && xform->auth.key.length > 0) {
- DPAA_SEC_ERR("No Memory for auth key");
- return -ENOMEM;
+ if (session->auth_key.data == NULL) {
+ DPAA_SEC_ERR("No Memory for auth key");
+ return -ENOMEM;
+ }
+ memcpy(session->auth_key.data, xform->auth.key.data,
+ xform->auth.key.length);
+
}
- session->auth_key.length = xform->auth.key.length;
session->digest_length = xform->auth.digest_length;
if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) {
session->iv.offset = xform->auth.iv.offset;
session->iv.length = xform->auth.iv.length;
}
- memcpy(session->auth_key.data, xform->auth.key.data,
- xform->auth.key.length);
-
switch (xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_MD5:
+ session->auth_key.alg = OP_ALG_ALGSEL_MD5;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_MD5;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
+ session->auth_key.algmode = OP_ALG_AAI_HASH;
+ break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 216e8c8b6f..d500a4c246 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -240,6 +240,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, },
}, },
},
+ { /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* MD5 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -261,6 +282,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA1 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -282,6 +324,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -303,6 +366,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -324,6 +408,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -345,6 +450,27 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 03/10] crypto/dpaa_sec: support AES-XCBC-MAC
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
` (7 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES-XCBC-MAC algo.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
doc/guides/rel_notes/release_21_11.rst | 2 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 21 ++++++++++++++++++++-
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index eab14da96c..d7bc319373 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -47,6 +47,7 @@ SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
+AES XCBC MAC = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 88c2a31d49..b0da7e3135 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -75,7 +75,7 @@ New Features
* **Updated NXP dpaa_sec crypto PMD.**
- * Added DES-CBC and non-HMAC algo support
+ * Added DES-CBC, AES-XCBC-MAC and non-HMAC algo support
Removed Items
-------------
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 95b9d7414f..fc9c3a4c2c 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -527,6 +527,14 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
!ses->dir,
ses->digest_length);
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ shared_desc_len = cnstr_shdsc_aes_mac(
+ cdb->sh_desc,
+ true, swap, SHR_NEVER,
+ &alginfo_a,
+ !ses->dir,
+ ses->digest_length);
+ break;
default:
DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
}
@@ -2168,6 +2176,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
session->auth_key.algmode = OP_ALG_AAI_F9;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2249,6 +2261,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2688,8 +2704,11 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
break;
- case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ session->auth_key.alg = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA256:
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 03/10] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 05/10] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
` (6 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh
From: Gagandeep Singh <g.singh@nxp.com>
This patch adds support for AES_CMAC integrity in non-security mode.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/cryptodevs/features/dpaa_sec.ini | 1 +
doc/guides/rel_notes/release_21_11.rst | 2 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++
drivers/crypto/dpaa_sec/dpaa_sec.h | 43 +++++++++++++++++++++
4 files changed, 55 insertions(+), 1 deletion(-)
diff --git a/doc/guides/cryptodevs/features/dpaa_sec.ini b/doc/guides/cryptodevs/features/dpaa_sec.ini
index d7bc319373..6a8f77fb1d 100644
--- a/doc/guides/cryptodevs/features/dpaa_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa_sec.ini
@@ -48,6 +48,7 @@ SHA512 HMAC = Y
SNOW3G UIA2 = Y
ZUC EIA3 = Y
AES XCBC MAC = Y
+AES CMAC (128) = Y
;
; Supported AEAD algorithms of the 'dpaa_sec' crypto driver.
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index b0da7e3135..bf4f1c389b 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -75,7 +75,7 @@ New Features
* **Updated NXP dpaa_sec crypto PMD.**
- * Added DES-CBC, AES-XCBC-MAC and non-HMAC algo support
+ * Added DES-CBC, AES-XCBC-MAC, AES-CMAC and non-HMAC algo support
Removed Items
-------------
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index fc9c3a4c2c..c5416df726 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -528,6 +528,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_CMAC:
shared_desc_len = cnstr_shdsc_aes_mac(
cdb->sh_desc,
true, swap, SHR_NEVER,
@@ -2180,6 +2181,10 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
xform->auth.algo);
@@ -2265,6 +2270,10 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.alg = OP_ALG_ALGSEL_AES;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_AES;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
+ break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
auth_xform->algo);
@@ -2700,6 +2709,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
break;
case RTE_CRYPTO_AUTH_AES_CMAC:
session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
+ session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index d500a4c246..c94d78e046 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -712,6 +712,49 @@ static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
}, }
}, }
},
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 05/10] common/dpaax: caamflib load correct HFN from DESCBUF
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (2 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 06/10] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
` (5 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
The offset of the HFn word and Bearer/Dir word is different
depending on type of PDB.
The wrong value was used.
This patch address this issue
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 7 +-
drivers/common/dpaax/caamflib/desc/sdap.h | 96 ++++++++++++++++++-----
2 files changed, 80 insertions(+), 23 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 659e289a45..e97d58cbc1 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -270,6 +270,9 @@ enum pdb_type_e {
PDCP_PDB_TYPE_INVALID
};
+#define REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET 4
+#define FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET 8
+
/**
* rta_inline_pdcp_query() - Provide indications if a key can be passed as
* immediate data or shall be referenced in a
@@ -2564,11 +2567,11 @@ insert_hfn_ov_op(struct program *p,
return 0;
case PDCP_PDB_TYPE_REDUCED_PDB:
- hfn_pdb_offset = 4;
+ hfn_pdb_offset = REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
break;
case PDCP_PDB_TYPE_FULL_PDB:
- hfn_pdb_offset = 8;
+ hfn_pdb_offset = FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
break;
default:
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index 6523db1733..f1c49ea3e6 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2020 NXP
+ * Copyright 2020-2021 NXP
*/
#ifndef __DESC_SDAP_H__
@@ -109,12 +109,17 @@ static inline int pdcp_sdap_insert_no_int_op(struct program *p,
bool swap __maybe_unused,
struct alginfo *cipherdata,
unsigned int dir,
- enum pdcp_sn_size sn_size)
+ enum pdcp_sn_size sn_size,
+ enum pdb_type_e pdb_type)
{
int op;
uint32_t sn_mask = 0;
uint32_t length = 0;
uint32_t offset = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (pdcp_sdap_get_sn_parameters(sn_size, swap, &offset, &length,
&sn_mask))
@@ -137,7 +142,8 @@ static inline int pdcp_sdap_insert_no_int_op(struct program *p,
SEQSTORE(p, MATH0, offset, length, 0);
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
MATHB(p, SEQINSZ, SUB, MATH3, VSEQINSZ, 4, 0);
@@ -190,9 +196,14 @@ pdcp_sdap_insert_enc_only_op(struct program *p, bool swap __maybe_unused,
struct alginfo *cipherdata,
struct alginfo *authdata __maybe_unused,
unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (pdcp_sdap_get_sn_parameters(sn_size, swap, &offset, &length,
&sn_mask))
@@ -217,7 +228,8 @@ pdcp_sdap_insert_enc_only_op(struct program *p, bool swap __maybe_unused,
/* Word (32 bit) swap */
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
/* Load words from PDB: word 02 (HFN) + word 03 (bearer_dir)*/
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
/* Create basic IV */
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
@@ -309,13 +321,18 @@ static inline int
pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
struct alginfo *cipherdata, struct alginfo *authdata,
unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
uint32_t int_op_alg = 0;
uint32_t int_op_aai = 0;
uint32_t cipher_op_alg = 0;
uint32_t cipher_op_aai = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (authdata->algtype == PDCP_CIPHER_TYPE_ZUC) {
if (rta_sec_era < RTA_SEC_ERA_5) {
@@ -362,11 +379,13 @@ pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
/* Load the HFN / Beare / Dir from the PDB
* CAAM word are 32bit hence loading 8 byte loads 2 words:
- * - The HFN at offset 8
- * - The Bearer / Dir at offset 12
+ * - The HFN at offset hfn_bearer_dir_offset_in_descbuf
+ * - The Bearer / Dir at next word
*/
- MOVEB(p, DESCBUF, 8, MATH2, 0, 8, WAITCOMP | IMMED);
- /* Create the 4 first byte of the ICV by oring the math registers */
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 8, WAITCOMP | IMMED);
+
+ /* Create the 4 first byte of the ICV by or-ing the math registers */
MATHB(p, MATH1, OR, MATH2, MATH1, 8, 0);
/* Set the IV of class 1 CHA */
@@ -562,11 +581,16 @@ pdcp_sdap_insert_snoop_op(struct program *p, bool swap __maybe_unused,
static inline int pdcp_sdap_insert_no_snoop_op(
struct program *p, bool swap __maybe_unused, struct alginfo *cipherdata,
struct alginfo *authdata, unsigned int dir, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd __maybe_unused)
+ unsigned char era_2_sw_hfn_ovrd __maybe_unused,
+ enum pdb_type_e pdb_type)
{
uint32_t offset = 0, length = 0, sn_mask = 0;
uint32_t cipher_alg_op = 0;
uint32_t cipher_alg_aai = 0;
+ int hfn_bearer_dir_offset_in_descbuf =
+ (pdb_type == PDCP_PDB_TYPE_FULL_PDB) ?
+ FULL_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET :
+ REDUCED_PDB_DESCBUF_HFN_BEARER_DIR_OFFSET;
if (authdata->algtype == PDCP_CIPHER_TYPE_ZUC) {
if (rta_sec_era < RTA_SEC_ERA_5) {
@@ -592,7 +616,8 @@ static inline int pdcp_sdap_insert_no_snoop_op(
#endif
MATHB(p, MATH1, SHLD, MATH1, MATH1, 8, 0);
- MOVEB(p, DESCBUF, 8, MATH2, 0, 0x08, WAITCOMP | IMMED);
+ MOVEB(p, DESCBUF, hfn_bearer_dir_offset_in_descbuf,
+ MATH2, 0, 0x08, WAITCOMP | IMMED);
MATHB(p, MATH1, OR, MATH2, MATH2, 8, 0);
SEQSTORE(p, MATH0, offset, length, 0);
@@ -753,22 +778,51 @@ static inline int pdcp_sdap_insert_no_snoop_op(
return 0;
}
+static inline int
+pdcp_sdap_insert_cplane_null_op(struct program *p,
+ bool swap __maybe_unused,
+ struct alginfo *cipherdata,
+ struct alginfo *authdata,
+ unsigned int dir,
+ enum pdcp_sn_size sn_size,
+ unsigned char era_2_sw_hfn_ovrd,
+ enum pdb_type_e pdb_type __maybe_unused)
+{
+ return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
+ dir, sn_size, era_2_sw_hfn_ovrd);
+}
+
+static inline int
+pdcp_sdap_insert_cplane_int_only_op(struct program *p,
+ bool swap __maybe_unused,
+ struct alginfo *cipherdata,
+ struct alginfo *authdata,
+ unsigned int dir,
+ enum pdcp_sn_size sn_size,
+ unsigned char era_2_sw_hfn_ovrd,
+ enum pdb_type_e pdb_type __maybe_unused)
+{
+ return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
+ dir, sn_size, era_2_sw_hfn_ovrd);
+}
+
static int pdcp_sdap_insert_with_int_op(
struct program *p, bool swap __maybe_unused, struct alginfo *cipherdata,
struct alginfo *authdata, enum pdcp_sn_size sn_size,
- unsigned char era_2_sw_hfn_ovrd, unsigned int dir)
+ unsigned char era_2_sw_hfn_ovrd, unsigned int dir,
+ enum pdb_type_e pdb_type)
{
static int (
*pdcp_cp_fp[PDCP_CIPHER_TYPE_INVALID][PDCP_AUTH_TYPE_INVALID])(
struct program *, bool swap, struct alginfo *, struct alginfo *,
unsigned int, enum pdcp_sn_size,
- unsigned char __maybe_unused) = {
+ unsigned char __maybe_unused, enum pdb_type_e pdb_type) = {
{
/* NULL */
- pdcp_insert_cplane_null_op, /* NULL */
- pdcp_insert_cplane_int_only_op, /* SNOW f9 */
- pdcp_insert_cplane_int_only_op, /* AES CMAC */
- pdcp_insert_cplane_int_only_op /* ZUC-I */
+ pdcp_sdap_insert_cplane_null_op, /* NULL */
+ pdcp_sdap_insert_cplane_int_only_op, /* SNOW f9 */
+ pdcp_sdap_insert_cplane_int_only_op, /* AES CMAC */
+ pdcp_sdap_insert_cplane_int_only_op /* ZUC-I */
},
{
/* SNOW f8 */
@@ -796,7 +850,7 @@ static int pdcp_sdap_insert_with_int_op(
err = pdcp_cp_fp[cipherdata->algtype]
[authdata->algtype](p, swap, cipherdata, authdata, dir,
- sn_size, era_2_sw_hfn_ovrd);
+ sn_size, era_2_sw_hfn_ovrd, pdb_type);
if (err)
return err;
@@ -948,7 +1002,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
} else {
err = pdcp_sdap_insert_no_int_op(p, swap, cipherdata,
caps_mode,
- sn_size);
+ sn_size, pdb_type);
if (err) {
pr_err("Fail pdcp_sdap_insert_no_int_op\n");
return err;
@@ -958,7 +1012,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
err = pdcp_sdap_insert_with_int_op(p, swap, cipherdata,
authdata, sn_size,
era_2_sw_hfn_ovrd,
- caps_mode);
+ caps_mode, pdb_type);
if (err) {
pr_err("Fail pdcp_sdap_insert_with_int_op\n");
return err;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 06/10] common/dpaax: caamflib do not clear DPOVRD
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (3 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 05/10] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 07/10] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
` (4 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
For SDAP, we are not using the protocol operation to perform
4G/LTE operation so the DPOVRD option is not used.
Removing it save some space in the descriptor buffer and
execution time.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 14 ++++++++------
drivers/common/dpaax/caamflib/desc/sdap.h | 2 +-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index e97d58cbc1..5b3d846099 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -2546,7 +2546,8 @@ static inline int
insert_hfn_ov_op(struct program *p,
uint32_t shift,
enum pdb_type_e pdb_type,
- unsigned char era_2_sw_hfn_ovrd)
+ unsigned char era_2_sw_hfn_ovrd,
+ bool clear_dpovrd_at_end)
{
uint32_t imm = PDCP_DPOVRD_HFN_OV_EN;
uint16_t hfn_pdb_offset;
@@ -2597,13 +2598,14 @@ insert_hfn_ov_op(struct program *p,
MATHB(p, MATH0, SHLD, MATH0, MATH0, 8, 0);
MOVE(p, MATH0, 0, DESCBUF, hfn_pdb_offset, 4, IMMED);
- if (rta_sec_era >= RTA_SEC_ERA_8)
+ if (clear_dpovrd_at_end && (rta_sec_era >= RTA_SEC_ERA_8)) {
/*
* For ERA8, DPOVRD could be handled by the PROTOCOL command
* itself. For now, this is not done. Thus, clear DPOVRD here
* to alleviate any side-effects.
*/
MATHB(p, DPOVRD, AND, ZERO, DPOVRD, 4, STL);
+ }
SET_LABEL(p, keyjump);
PATCH_JUMP(p, pkeyjump, keyjump);
@@ -2989,7 +2991,7 @@ cnstr_shdsc_pdcp_c_plane_encap(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
err = insert_hfn_ov_op(p, sn_size, pdb_type,
- era_2_sw_hfn_ovrd);
+ era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3143,7 +3145,7 @@ cnstr_shdsc_pdcp_c_plane_decap(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
err = insert_hfn_ov_op(p, sn_size, pdb_type,
- era_2_sw_hfn_ovrd);
+ era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3319,7 +3321,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
}
SET_LABEL(p, pdb_end);
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, true);
if (err)
return err;
@@ -3523,7 +3525,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
}
SET_LABEL(p, pdb_end);
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, true);
if (err)
return err;
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index f1c49ea3e6..d5d5850b4f 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -990,7 +990,7 @@ cnstr_shdsc_pdcp_sdap_u_plane(uint32_t *descbuf,
SET_LABEL(p, pdb_end);
/* Inser the HFN override operation */
- err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd);
+ err = insert_hfn_ov_op(p, sn_size, pdb_type, era_2_sw_hfn_ovrd, false);
if (err)
return err;
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 07/10] common/dpaax: enhance caamflib with inline keys
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (4 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 06/10] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
` (3 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Franck LENORMAND
From: Franck LENORMAND <franck.lenormand@nxp.com>
The space in descriptor buffer is scarce as it is limited to
64 words for platforms except ERA10 (which has 128).
As the descriptors are processed with QI, it adds some words
to the descriptor which is passed.
Some descriptors used for SDAP were using too much words reaching
the limit.
This patch reduces the number of words used by removing the inlining
of some keys (done for performance) in order to have working
descriptors.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
---
drivers/common/dpaax/caamflib/desc/sdap.h | 61 ++++++++++++++++++++-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 28 ++++++++--
2 files changed, 81 insertions(+), 8 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index d5d5850b4f..b2497a5424 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -20,6 +20,63 @@
#define SDAP_BITS_SIZE (SDAP_BYTE_SIZE * 8)
#endif
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ * immediate data or shall be referenced in a
+ * shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_sdap_query(enum auth_type_pdcp auth_alg,
+ enum cipher_type_pdcp cipher_alg,
+ enum pdcp_sn_size sn_size,
+ int8_t hfn_ovd)
+{
+ int nb_key_to_inline = 0;
+
+ if ((cipher_alg != PDCP_CIPHER_TYPE_NULL) &&
+ (auth_alg != PDCP_AUTH_TYPE_NULL))
+ return 2;
+ else
+ return 0;
+
+ /**
+ * Shared Descriptors for some of the cases does not fit in the
+ * MAX_DESC_SIZE of the descriptor
+ * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+ * enabled and 12/18 bit uplane and either of following Algo combo.
+ * - AES-SNOW
+ * - AES-ZUC
+ * - SNOW-SNOW
+ * - SNOW-ZUC
+ * - ZUC-SNOW
+ * - ZUC-SNOW
+ *
+ * We cannot make inline for all cases, as this will impact performance
+ * due to extra memory accesses for the keys.
+ */
+
+ /* Inline only the cipher key */
+ if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+ ((sn_size == PDCP_SN_SIZE_12) ||
+ (sn_size == PDCP_SN_SIZE_18)) &&
+ (cipher_alg != PDCP_CIPHER_TYPE_NULL) &&
+ ((auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+ (auth_alg == PDCP_AUTH_TYPE_ZUC))) {
+
+ nb_key_to_inline++;
+
+ /* Sub case where inlining another key is required */
+ if ((cipher_alg == PDCP_CIPHER_TYPE_AES) &&
+ (auth_alg == PDCP_AUTH_TYPE_SNOW))
+ nb_key_to_inline++;
+ }
+
+ /* Inline both keys */
+
+ return nb_key_to_inline;
+}
+
static inline void key_loading_opti(struct program *p,
struct alginfo *cipherdata,
struct alginfo *authdata)
@@ -788,8 +845,8 @@ pdcp_sdap_insert_cplane_null_op(struct program *p,
unsigned char era_2_sw_hfn_ovrd,
enum pdb_type_e pdb_type __maybe_unused)
{
- return pdcp_insert_cplane_int_only_op(p, swap, cipherdata, authdata,
- dir, sn_size, era_2_sw_hfn_ovrd);
+ return pdcp_insert_cplane_null_op(p, swap, cipherdata, authdata, dir,
+ sn_size, era_2_sw_hfn_ovrd);
}
static inline int
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1ccead3641..6b6fee828b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3261,12 +3261,28 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
goto out;
}
- if (rta_inline_pdcp_query(authdata.algtype,
- cipherdata.algtype,
- session->pdcp.sn_size,
- session->pdcp.hfn_ovd)) {
- cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
- cipherdata.key_type = RTA_DATA_PTR;
+ if (pdcp_xform->sdap_enabled) {
+ int nb_keys_to_inline =
+ rta_inline_pdcp_sdap_query(authdata.algtype,
+ cipherdata.algtype,
+ session->pdcp.sn_size,
+ session->pdcp.hfn_ovd);
+ if (nb_keys_to_inline >= 1) {
+ cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
+ if (nb_keys_to_inline >= 2) {
+ authdata.key = DPAA2_VADDR_TO_IOVA(authdata.key);
+ authdata.key_type = RTA_DATA_PTR;
+ }
+ } else {
+ if (rta_inline_pdcp_query(authdata.algtype,
+ cipherdata.algtype,
+ session->pdcp.sn_size,
+ session->pdcp.hfn_ovd)) {
+ cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
}
if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (5 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 07/10] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 09/10] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
` (2 subsequent siblings)
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh, stable
From: Gagandeep Singh <g.singh@nxp.com>
The logic was incorecly doing conditional swap. It need to
be bit swap always.
Fixes: 73a24060cd70 ("crypto/dpaa2_sec: add sample PDCP descriptor APIs")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 5b3d846099..8e8daf5ba8 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
* Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2020 NXP
+ * Copyright 2019-2021 NXP
*/
#ifndef __DESC_PDCP_H__
@@ -3715,9 +3715,10 @@ cnstr_shdsc_pdcp_short_mac(uint32_t *descbuf,
break;
case PDCP_AUTH_TYPE_SNOW:
+ /* IV calculation based on 3GPP specs. 36331, section:5.3.7.4 */
iv[0] = 0xFFFFFFFF;
- iv[1] = swap ? swab32(0x04000000) : 0x04000000;
- iv[2] = swap ? swab32(0xF8000000) : 0xF8000000;
+ iv[1] = swab32(0x04000000);
+ iv[2] = swab32(0xF8000000);
KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
authdata->keylen, INLINE_KEY(authdata));
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 09/10] crypto/dpaa_sec: force inline of the keys to save space
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (6 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 10/10] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
2021-09-08 10:13 ` [dpdk-dev] [EXT] [PATCH v4 01/10] crypto/dpaa_sec: support DES-CBC Akhil Goyal
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil; +Cc: Gagandeep Singh, Franck LENORMAND
From: Gagandeep Singh <g.singh@nxp.com>
This patch improve storage and performance by force inline
of the keys.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa_sec/dpaa_sec.c | 35 ++++++++++++++++++++++--------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index c5416df726..10ef990886 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2017-2019 NXP
+ * Copyright 2017-2021 NXP
*
*/
@@ -263,14 +263,31 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
p_authdata = &authdata;
}
- if (rta_inline_pdcp_query(authdata.algtype,
- cipherdata.algtype,
- ses->pdcp.sn_size,
- ses->pdcp.hfn_ovd)) {
- cipherdata.key =
- (size_t)rte_dpaa_mem_vtop((void *)
- (size_t)cipherdata.key);
- cipherdata.key_type = RTA_DATA_PTR;
+ if (ses->pdcp.sdap_enabled) {
+ int nb_keys_to_inline =
+ rta_inline_pdcp_sdap_query(authdata.algtype,
+ cipherdata.algtype,
+ ses->pdcp.sn_size,
+ ses->pdcp.hfn_ovd);
+ if (nb_keys_to_inline >= 1) {
+ cipherdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
+ if (nb_keys_to_inline >= 2) {
+ authdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)authdata.key);
+ authdata.key_type = RTA_DATA_PTR;
+ }
+ } else {
+ if (rta_inline_pdcp_query(authdata.algtype,
+ cipherdata.algtype,
+ ses->pdcp.sn_size,
+ ses->pdcp.hfn_ovd)) {
+ cipherdata.key = (size_t)rte_dpaa_mem_vtop((void *)
+ (size_t)cipherdata.key);
+ cipherdata.key_type = RTA_DATA_PTR;
+ }
}
if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* [dpdk-dev] [PATCH v4 10/10] crypto/dpaa2_sec: add error packet counters
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (7 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 09/10] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
@ 2021-09-08 6:59 ` Hemant Agrawal
2021-09-08 10:13 ` [dpdk-dev] [EXT] [PATCH v4 01/10] crypto/dpaa_sec: support DES-CBC Akhil Goyal
9 siblings, 0 replies; 41+ messages in thread
From: Hemant Agrawal @ 2021-09-08 6:59 UTC (permalink / raw)
To: dev, gakhil
This patch add support to also counter err pkt counter per queue.
This also enhances few related debug prints.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 6b6fee828b..aac4e9806a 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1709,8 +1709,9 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
if (unlikely(fd->simple.frc)) {
/* TODO Parse SEC errors */
- DPAA2_SEC_ERR("SEC returned Error - %x",
+ DPAA2_SEC_DP_ERR("SEC returned Error - %x\n",
fd->simple.frc);
+ dpaa2_qp->rx_vq.err_pkts += 1;
ops[num_rx]->status = RTE_CRYPTO_OP_STATUS_ERROR;
} else {
ops[num_rx]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1722,7 +1723,8 @@ dpaa2_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
dpaa2_qp->rx_vq.rx_pkts += num_rx;
- DPAA2_SEC_DP_DEBUG("SEC Received %d Packets\n", num_rx);
+ DPAA2_SEC_DP_DEBUG("SEC RX pkts %d err pkts %" PRIu64 "\n", num_rx,
+ dpaa2_qp->rx_vq.err_pkts);
/*Return the total number of packets received to DPAA2 app*/
return num_rx;
}
--
2.17.1
^ permalink raw reply [flat|nested] 41+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v4 01/10] crypto/dpaa_sec: support DES-CBC
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
` (8 preceding siblings ...)
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 10/10] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
@ 2021-09-08 10:13 ` Akhil Goyal
9 siblings, 0 replies; 41+ messages in thread
From: Akhil Goyal @ 2021-09-08 10:13 UTC (permalink / raw)
To: Hemant Agrawal, dev; +Cc: Gagandeep Singh
> From: Gagandeep Singh <g.singh@nxp.com>
>
> add DES-CBC support and enable available cipher-only
> test cases.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
Series Acked-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 41+ messages in thread
end of thread, other threads:[~2021-09-08 10:13 UTC | newest]
Thread overview: 41+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-21 7:39 [dpdk-dev] [PATCH 1/5] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 2/5] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 3/5] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
2021-07-21 7:39 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 02/11] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 03/11] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 04/11] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 05/11] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-09-02 13:46 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 06/11] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 07/11] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 08/11] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 09/11] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 10/11] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
2021-08-25 8:18 ` [dpdk-dev] [PATCH v2 11/11] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
2021-09-02 12:46 ` [dpdk-dev] [EXT] [PATCH v2 01/11] crypto/dpaa2_sec: fix to check next null for auth only case Akhil Goyal
2021-09-02 13:48 ` Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 03/10] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 05/10] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 06/10] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 07/10] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 09/10] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
2021-09-07 8:39 ` [dpdk-dev] [PATCH v3 10/10] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
2021-09-07 11:47 ` [dpdk-dev] [EXT] [PATCH v3 01/10] crypto/dpaa_sec: support DES-CBC Akhil Goyal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 " Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 02/10] crypto/dpaa_sec: support non-HMAC auth algos Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 03/10] crypto/dpaa_sec: support AES-XCBC-MAC Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 04/10] crypto/dpaa_sec: add support for AES CMAC integrity check Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 05/10] common/dpaax: caamflib load correct HFN from DESCBUF Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 06/10] common/dpaax: caamflib do not clear DPOVRD Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 07/10] common/dpaax: enhance caamflib with inline keys Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 08/10] common/dpaax: fix IV value for shortMAC-I for SNOW algo Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 09/10] crypto/dpaa_sec: force inline of the keys to save space Hemant Agrawal
2021-09-08 6:59 ` [dpdk-dev] [PATCH v4 10/10] crypto/dpaa2_sec: add error packet counters Hemant Agrawal
2021-09-08 10:13 ` [dpdk-dev] [EXT] [PATCH v4 01/10] crypto/dpaa_sec: support DES-CBC Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).