From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A238442B24; Tue, 16 May 2023 17:24:32 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BC3EB41151; Tue, 16 May 2023 17:24:30 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 649C34114A for ; Tue, 16 May 2023 17:24:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684250668; x=1715786668; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hNU8gxx4eseAH7M1/hsKxagrAYuaDyQa/zvh2Fkuui8=; b=Mcny4L8moEX8xFYXLOsOFIyV63iBfTwwGWsMefao29M4/nRo4aHhh6GC QP3sJR7qshlmeUdCG8Wu/Cz5Jedfw13Z4RZON+rDfkIzAjHbHpdPfkbmG ebDadS6fPnD0e4Aleq7SzeCyMyEjKv+4ev1lwLnnJBz+ZyKk94T4l5O+1 gRK25g7JTa/gg2Ta84Hko6dCy4nepjgzFCHhHWf2pSbKfyhcOx/eomwcN HXzCbBqK9b1e0sFrRR4I03kW4GCcHGpNbYJa4YXdtPVpN1BwSh3SV45iq +miZGIhJb44X3CaagcSJO21n/WktMBr+GVNB2K7HZz6SMo2zTfDc5aBT8 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="353789066" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="353789066" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2023 08:24:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="695500636" X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="695500636" Received: from silpixa00400355.ir.intel.com (HELO silpixa00400355.ger.corp.intel.com) ([10.237.222.80]) by orsmga007.jf.intel.com with ESMTP; 16 May 2023 08:24:25 -0700 From: Ciara Power To: dev@dpdk.org Cc: kai.ji@intel.com, gakhil@marvell.com, Pablo de Lara , Ciara Power Subject: [PATCH v2 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Date: Tue, 16 May 2023 15:24:15 +0000 Message-Id: <20230516152422.606617-2-ciara.power@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230516152422.606617-1-ciara.power@intel.com> References: <20230421131221.1732314-1-ciara.power@intel.com> <20230516152422.606617-1-ciara.power@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Pablo de Lara AES-GMAC can be done with auth-only enums IMB_AES_GMAC_128/192/256, which allows another cipher algorithm to be used, instead of being part of AES-GCM. Signed-off-by: Pablo de Lara Signed-off-by: Ciara Power --- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 104 +++++++++++-------------- 1 file changed, 47 insertions(+), 57 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index ac20d01937..c53548aa3b 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -57,8 +57,7 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode) { return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 || hash_alg == IMB_AUTH_AES_CCM || - (hash_alg == IMB_AUTH_AES_GMAC && - cipher_mode == IMB_CIPHER_GCM)); + cipher_mode == IMB_CIPHER_GCM); } /** Set session authentication parameters */ @@ -155,7 +154,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, } else sess->cipher.direction = IMB_DIR_DECRYPT; - sess->auth.algo = IMB_AUTH_AES_GMAC; if (sess->auth.req_digest_len > get_digest_byte_length(IMB_AUTH_AES_GMAC)) { IPSEC_MB_LOG(ERR, "Invalid digest size\n"); @@ -167,16 +165,19 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr, switch (xform->auth.key.length) { case IMB_KEY_128_BYTES: + sess->auth.algo = IMB_AUTH_AES_GMAC_128; IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data, &sess->cipher.gcm_key); sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES; break; case IMB_KEY_192_BYTES: + sess->auth.algo = IMB_AUTH_AES_GMAC_192; IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data, &sess->cipher.gcm_key); sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES; break; case IMB_KEY_256_BYTES: + sess->auth.algo = IMB_AUTH_AES_GMAC_256; IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data, &sess->cipher.gcm_key); sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES; @@ -1039,19 +1040,20 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session, break; case IMB_AUTH_AES_GMAC: - if (session->cipher.mode == IMB_CIPHER_GCM) { - job->u.GCM.aad = aad->va; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; - } else { - /* For GMAC */ - job->u.GCM.aad = buf; - job->u.GCM.aad_len_in_bytes = len; - job->cipher_mode = IMB_CIPHER_GCM; - } + job->u.GCM.aad = aad->va; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; job->enc_keys = &session->cipher.gcm_key; job->dec_keys = &session->cipher.gcm_key; break; + case IMB_AUTH_AES_GMAC_128: + case IMB_AUTH_AES_GMAC_192: + case IMB_AUTH_AES_GMAC_256: + job->u.GMAC._key = &session->cipher.gcm_key; + job->u.GMAC._iv = iv->va; + job->u.GMAC.iv_len_in_bytes = session->iv.length; + break; + case IMB_AUTH_CHACHA20_POLY1305: job->u.CHACHA20_POLY1305.aad = aad->va; job->u.CHACHA20_POLY1305.aad_len_in_bytes = @@ -1091,16 +1093,10 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session, job->dst = (uint8_t *)buf + sofs.ofs.cipher.head; job->cipher_start_src_offset_in_bytes = sofs.ofs.cipher.head; job->hash_start_src_offset_in_bytes = sofs.ofs.auth.head; - if (job->hash_alg == IMB_AUTH_AES_GMAC && - session->cipher.mode != IMB_CIPHER_GCM) { - job->msg_len_to_hash_in_bytes = 0; - job->msg_len_to_cipher_in_bytes = 0; - } else { - job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head - - sofs.ofs.auth.tail; - job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head - - sofs.ofs.cipher.tail; - } + job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head - + sofs.ofs.auth.tail; + job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head - + sofs.ofs.cipher.tail; job->user_data = udata; } @@ -1184,8 +1180,6 @@ sgl_linear_cipher_auth_len(IMB_JOB *job, uint64_t *auth_len) job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN) *auth_len = (job->msg_len_to_hash_in_bits >> 3) + job->hash_start_src_offset_in_bytes; - else if (job->hash_alg == IMB_AUTH_AES_GMAC) - *auth_len = job->u.GCM.aad_len_in_bytes; else *auth_len = job->msg_len_to_hash_in_bytes + job->hash_start_src_offset_in_bytes; @@ -1352,24 +1346,24 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, break; case IMB_AUTH_AES_GMAC: - if (session->cipher.mode == IMB_CIPHER_GCM) { - job->u.GCM.aad = op->sym->aead.aad.data; - job->u.GCM.aad_len_in_bytes = session->aead.aad_len; - if (sgl) { - job->u.GCM.ctx = &qp_data->gcm_sgl_ctx; - job->cipher_mode = IMB_CIPHER_GCM_SGL; - job->hash_alg = IMB_AUTH_GCM_SGL; - } - } else { - /* For GMAC */ - job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src, - uint8_t *, op->sym->auth.data.offset); - job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length; - job->cipher_mode = IMB_CIPHER_GCM; + job->u.GCM.aad = op->sym->aead.aad.data; + job->u.GCM.aad_len_in_bytes = session->aead.aad_len; + if (sgl) { + job->u.GCM.ctx = &qp_data->gcm_sgl_ctx; + job->cipher_mode = IMB_CIPHER_GCM_SGL; + job->hash_alg = IMB_AUTH_GCM_SGL; } job->enc_keys = &session->cipher.gcm_key; job->dec_keys = &session->cipher.gcm_key; break; + case IMB_AUTH_AES_GMAC_128: + case IMB_AUTH_AES_GMAC_192: + case IMB_AUTH_AES_GMAC_256: + job->u.GMAC._key = &session->cipher.gcm_key; + job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->auth_iv.offset); + job->u.GMAC.iv_len_in_bytes = session->auth_iv.length; + break; case IMB_AUTH_ZUC_EIA3_BITLEN: case IMB_AUTH_ZUC256_EIA3_BITLEN: job->u.ZUC_EIA3._key = session->auth.zuc_auth_key; @@ -1472,19 +1466,21 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, break; case IMB_AUTH_AES_GMAC: - if (session->cipher.mode == IMB_CIPHER_GCM) { - job->hash_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->msg_len_to_hash_in_bytes = - op->sym->aead.data.length; - } else { /* AES-GMAC only, only AAD used */ - job->msg_len_to_hash_in_bytes = 0; - job->hash_start_src_offset_in_bytes = 0; - } - + job->hash_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_hash_in_bytes = + op->sym->aead.data.length; job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, session->iv.offset); break; + case IMB_AUTH_AES_GMAC_128: + case IMB_AUTH_AES_GMAC_192: + case IMB_AUTH_AES_GMAC_256: + job->hash_start_src_offset_in_bytes = + op->sym->auth.data.offset; + job->msg_len_to_hash_in_bytes = + op->sym->auth.data.length; + break; case IMB_AUTH_GCM_SGL: case IMB_AUTH_CHACHA20_POLY1305_SGL: @@ -1567,15 +1563,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, op->sym->cipher.data.length; break; case IMB_CIPHER_GCM: - if (session->cipher.mode == IMB_CIPHER_NULL) { - /* AES-GMAC only (only AAD used) */ - job->msg_len_to_cipher_in_bytes = 0; - job->cipher_start_src_offset_in_bytes = 0; - } else { - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; - } + job->cipher_start_src_offset_in_bytes = + op->sym->aead.data.offset; + job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; break; case IMB_CIPHER_CCM: case IMB_CIPHER_CHACHA20_POLY1305: -- 2.25.1