* [PATCH 0/2] Add AES-CCM support and fix application panic
@ 2023-08-17 11:45 Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments Nagadheeraj Rottela
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Nagadheeraj Rottela @ 2023-08-17 11:45 UTC (permalink / raw)
To: gakhil; +Cc: dev, Nagadheeraj Rottela
This patch set adds support for AES-CCM algorithm and fixes application
panic when source or destination mbuf segments are higher than max
supported by the driver.
Nagadheeraj Rottela (2):
crypto/nitrox: fix panic with higher mbuf segments
crypto/nitrox: support AES-CCM
doc/guides/cryptodevs/features/nitrox.ini | 3 +
doc/guides/cryptodevs/nitrox.rst | 1 +
doc/guides/rel_notes/release_23_11.rst | 4 ++
drivers/crypto/nitrox/nitrox_sym.c | 27 +++++++-
drivers/crypto/nitrox/nitrox_sym_capabilities.c | 30 +++++++++
drivers/crypto/nitrox/nitrox_sym_ctx.h | 1 +
drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 82 +++++++++++++++++++++----
7 files changed, 135 insertions(+), 13 deletions(-)
--
2.13.6
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments
2023-08-17 11:45 [PATCH 0/2] Add AES-CCM support and fix application panic Nagadheeraj Rottela
@ 2023-08-17 11:45 ` Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 2/2] crypto/nitrox: support AES-CCM Nagadheeraj Rottela
2023-10-27 18:39 ` [PATCH 0/2] Add AES-CCM support and fix application panic Akhil Goyal
2 siblings, 0 replies; 4+ messages in thread
From: Nagadheeraj Rottela @ 2023-08-17 11:45 UTC (permalink / raw)
To: gakhil; +Cc: dev, Nagadheeraj Rottela, stable
When the number of segments in source or destination mbuf is higher than
max supported then the application was panicked during the creation of
sglist when RTE_VERIFY was called. Validate the number of mbuf segments
and return an error instead of panicking.
Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations")
Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing")
Cc: stable@dpdk.org
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
---
drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index 9edb0cc00f..d7e8ff7db4 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -10,8 +10,11 @@
#include "nitrox_sym_reqmgr.h"
#include "nitrox_logs.h"
-#define MAX_SGBUF_CNT 16
-#define MAX_SGCOMP_CNT 5
+#define MAX_SUPPORTED_MBUF_SEGS 16
+/* IV + AAD + ORH + CC + DIGEST */
+#define ADDITIONAL_SGBUF_CNT 5
+#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT)
+#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4)
/* SLC_STORE_INFO */
#define MIN_UDD_LEN 16
/* PKT_IN_HDR + SLC_STORE_INFO */
@@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf,
datalen -= mlen;
}
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sgtbl->map_bufs_cnt = cnt;
return 0;
}
@@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr)
sr->out.sglist[cnt].virt = &sr->resp.completion;
cnt++;
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sr->out.map_bufs_cnt = cnt;
create_sgcomp(&sr->out);
@@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)
resp.completion);
sr->out.sglist[cnt].virt = &sr->resp.completion;
cnt++;
- RTE_VERIFY(cnt <= MAX_SGBUF_CNT);
+ RTE_ASSERT(cnt <= MAX_SGBUF_CNT);
sr->out.map_bufs_cnt = cnt;
create_sgcomp(&sr->out);
@@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,
{
int err;
+ if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS ||
+ (op->sym->m_dst &&
+ op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) {
+ NITROX_LOG(ERR, "Mbuf segments not supported. "
+ "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS);
+ return -ENOTSUP;
+ }
+
softreq_init(sr, sr->iova);
sr->ctx = ctx;
sr->op = op;
--
2.13.6
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 2/2] crypto/nitrox: support AES-CCM
2023-08-17 11:45 [PATCH 0/2] Add AES-CCM support and fix application panic Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments Nagadheeraj Rottela
@ 2023-08-17 11:45 ` Nagadheeraj Rottela
2023-10-27 18:39 ` [PATCH 0/2] Add AES-CCM support and fix application panic Akhil Goyal
2 siblings, 0 replies; 4+ messages in thread
From: Nagadheeraj Rottela @ 2023-08-17 11:45 UTC (permalink / raw)
To: gakhil; +Cc: dev, Nagadheeraj Rottela
This patch adds AES-CCM AEAD algorithm.
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
---
doc/guides/cryptodevs/features/nitrox.ini | 3 ++
doc/guides/cryptodevs/nitrox.rst | 1 +
doc/guides/rel_notes/release_23_11.rst | 4 ++
drivers/crypto/nitrox/nitrox_sym.c | 27 ++++++++++-
drivers/crypto/nitrox/nitrox_sym_capabilities.c | 30 ++++++++++++
drivers/crypto/nitrox/nitrox_sym_ctx.h | 1 +
drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 61 ++++++++++++++++++++++---
7 files changed, 119 insertions(+), 8 deletions(-)
diff --git a/doc/guides/cryptodevs/features/nitrox.ini b/doc/guides/cryptodevs/features/nitrox.ini
index 6cab93a343..32e2c5252c 100644
--- a/doc/guides/cryptodevs/features/nitrox.ini
+++ b/doc/guides/cryptodevs/features/nitrox.ini
@@ -37,6 +37,9 @@ SHA256 HMAC = Y
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
;
; Supported Asymmetric algorithms of the 'nitrox' crypto driver.
diff --git a/doc/guides/cryptodevs/nitrox.rst b/doc/guides/cryptodevs/nitrox.rst
index 82c4418cd3..94e30220a0 100644
--- a/doc/guides/cryptodevs/nitrox.rst
+++ b/doc/guides/cryptodevs/nitrox.rst
@@ -29,6 +29,7 @@ Hash algorithms:
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
Limitations
-----------
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 4411bb32c1..09122984ba 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -72,6 +72,10 @@ New Features
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated Marvell NITROX symmetric crypto PMD.**
+
+ * Added support for AES-CCM algorithm.
+
Removed Items
-------------
diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index dd8457aaa4..1244317438 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -492,7 +492,8 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
return -ENOTSUP;
}
- if (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM))
+ if (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM &&
+ xform->algo != RTE_CRYPTO_AEAD_AES_CCM))
return -ENOTSUP;
aes_keylen = flexi_aes_keylen(xform->key.length, true);
@@ -506,8 +507,29 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
if (unlikely(xform->iv.length > MAX_IV_LEN))
return -EINVAL;
+ if (xform->algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ int L;
+
+ /* digest_length must be 4, 6, 8, 10, 12, 14, 16 bytes */
+ if (unlikely(xform->digest_length < 4 ||
+ xform->digest_length > 16 ||
+ (xform->digest_length & 1) == 1)) {
+ NITROX_LOG(ERR, "Invalid digest length %d\n",
+ xform->digest_length);
+ return -EINVAL;
+ }
+
+ L = 15 - xform->iv.length;
+ if (unlikely(L < 2 || L > 8)) {
+ NITROX_LOG(ERR, "Invalid iv length %d\n",
+ xform->iv.length);
+ return -EINVAL;
+ }
+ }
+
fctx->flags = rte_be_to_cpu_64(fctx->flags);
- fctx->w0.cipher_type = CIPHER_AES_GCM;
+ fctx->w0.cipher_type = (xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ?
+ CIPHER_AES_GCM : CIPHER_AES_CCM;
fctx->w0.aes_keylen = aes_keylen;
fctx->w0.iv_source = IV_FROM_DPTR;
fctx->w0.hash_type = AUTH_NULL;
@@ -526,6 +548,7 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform,
ctx->iv.length = xform->iv.length;
ctx->digest_length = xform->digest_length;
ctx->aad_length = xform->aad_length;
+ ctx->aead_algo = xform->algo;
return 0;
}
diff --git a/drivers/crypto/nitrox/nitrox_sym_capabilities.c b/drivers/crypto/nitrox/nitrox_sym_capabilities.c
index a30cd9f8fa..a1cdfdda7e 100644
--- a/drivers/crypto/nitrox/nitrox_sym_capabilities.c
+++ b/drivers/crypto/nitrox/nitrox_sym_capabilities.c
@@ -138,6 +138,36 @@ static const struct rte_cryptodev_capabilities nitrox_capabilities[] = {
}, }
}, }
},
+ { /* AES CCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 2
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 512,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 7,
+ .max = 13,
+ .increment = 1
+ },
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
diff --git a/drivers/crypto/nitrox/nitrox_sym_ctx.h b/drivers/crypto/nitrox/nitrox_sym_ctx.h
index deb00fc1e0..2bf229e4a3 100644
--- a/drivers/crypto/nitrox/nitrox_sym_ctx.h
+++ b/drivers/crypto/nitrox/nitrox_sym_ctx.h
@@ -70,6 +70,7 @@ struct flexi_crypto_context {
struct nitrox_crypto_ctx {
struct flexi_crypto_context fctx;
enum nitrox_chain nitrox_chain;
+ enum rte_crypto_aead_algorithm aead_algo;
struct {
uint16_t offset;
uint16_t length;
diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
index d7e8ff7db4..973bb5f424 100644
--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c
@@ -23,6 +23,8 @@
#define SOLICIT_BASE_DPORT 256
#define PENDING_SIG 0xFFFFFFFFFFFFFFFFUL
#define CMD_TIMEOUT 2
+/* For AES_CCM actual AAD will be copied 18 bytes after the AAD pointer, according to the API */
+#define DPDK_AES_CCM_ADD_OFFSET 18
struct gphdr {
uint16_t param0;
@@ -486,10 +488,15 @@ create_combined_sglist(struct nitrox_softreq *sr, struct nitrox_sgtable *sgtbl,
struct rte_mbuf *mbuf)
{
struct rte_crypto_op *op = sr->op;
+ uint32_t aad_offset = 0;
+
+ if (sr->ctx->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+ aad_offset = DPDK_AES_CCM_ADD_OFFSET;
fill_sglist(sgtbl, sr->iv.len, sr->iv.iova, sr->iv.virt);
- fill_sglist(sgtbl, sr->ctx->aad_length, op->sym->aead.aad.phys_addr,
- op->sym->aead.aad.data);
+ fill_sglist(sgtbl, sr->ctx->aad_length,
+ op->sym->aead.aad.phys_addr + aad_offset,
+ op->sym->aead.aad.data + aad_offset);
return create_sglist_from_mbuf(sgtbl, mbuf, op->sym->cipher.data.offset,
op->sym->cipher.data.length);
}
@@ -721,11 +728,53 @@ process_combined_data(struct nitrox_softreq *sr)
struct nitrox_sglist digest;
struct rte_crypto_op *op = sr->op;
- err = softreq_copy_salt(sr);
- if (unlikely(err))
- return err;
+ if (sr->ctx->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ err = softreq_copy_salt(sr);
+ if (unlikely(err))
+ return err;
+
+ softreq_copy_iv(sr, AES_GCM_SALT_SIZE);
+ } else if (sr->ctx->aead_algo == RTE_CRYPTO_AEAD_AES_CCM) {
+ union {
+ uint8_t value;
+ struct {
+#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+ uint8_t rsvd: 1;
+ uint8_t adata: 1;
+ uint8_t mstar: 3;
+ uint8_t lstar: 3;
+#else
+ uint8_t lstar: 3;
+ uint8_t mstar: 3;
+ uint8_t adata: 1;
+ uint8_t rsvd: 1;
+#endif
+ };
+ } flags;
+ uint8_t L;
+ uint8_t *iv_addr;
+
+ flags.value = 0;
+ flags.rsvd = 0;
+ flags.adata = (sr->ctx->aad_length > 0) ? 1 : 0;
+ flags.mstar = (sr->ctx->digest_length - 2) / 2;
+ L = 15 - sr->ctx->iv.length;
+ flags.lstar = L - 1;
+ iv_addr = rte_crypto_op_ctod_offset(sr->op, uint8_t *,
+ sr->ctx->iv.offset);
+ /* initialize IV flags */
+ iv_addr[0] = flags.value;
+ /* initialize IV counter to 0 */
+ memset(&iv_addr[1] + sr->ctx->iv.length, 0, L);
+ sr->iv.virt = rte_crypto_op_ctod_offset(sr->op, uint8_t *,
+ sr->ctx->iv.offset);
+ sr->iv.iova = rte_crypto_op_ctophys_offset(sr->op,
+ sr->ctx->iv.offset);
+ sr->iv.len = 16;
+ } else {
+ return -EINVAL;
+ }
- softreq_copy_iv(sr, AES_GCM_SALT_SIZE);
err = extract_combined_digest(sr, &digest);
if (unlikely(err))
return err;
--
2.13.6
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [PATCH 0/2] Add AES-CCM support and fix application panic
2023-08-17 11:45 [PATCH 0/2] Add AES-CCM support and fix application panic Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 2/2] crypto/nitrox: support AES-CCM Nagadheeraj Rottela
@ 2023-10-27 18:39 ` Akhil Goyal
2 siblings, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2023-10-27 18:39 UTC (permalink / raw)
To: Nagadheeraj Rottela; +Cc: dev, Nagadheeraj Rottela
> Subject: [PATCH 0/2] Add AES-CCM support and fix application panic
>
> This patch set adds support for AES-CCM algorithm and fixes application
> panic when source or destination mbuf segments are higher than max
> supported by the driver.
>
> Nagadheeraj Rottela (2):
> crypto/nitrox: fix panic with higher mbuf segments
> crypto/nitrox: support AES-CCM
>
Series applied to dpdk-next-crypto
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-10-27 18:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-17 11:45 [PATCH 0/2] Add AES-CCM support and fix application panic Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments Nagadheeraj Rottela
2023-08-17 11:45 ` [PATCH 2/2] crypto/nitrox: support AES-CCM Nagadheeraj Rottela
2023-10-27 18:39 ` [PATCH 0/2] Add AES-CCM support and fix application panic Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).