DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Jerin Jacob <jerinj@marvell.com>,
	Vidya Sagar Velumuri <vvelumuri@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 12/24] common/cnxk: update opad-ipad gen to handle TLS
Date: Thu, 21 Dec 2023 18:05:33 +0530	[thread overview]
Message-ID: <20231221123545.510-13-anoobj@marvell.com> (raw)
In-Reply-To: <20231221123545.510-1-anoobj@marvell.com>

For TLS opcodes, ipad is at the offset 64 as compared to the packed
implementation for IPsec. Extend the function to handle TLS contexts as
well.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/common/cnxk/cnxk_security.c | 15 ++++++++-------
 drivers/common/cnxk/cnxk_security.h |  3 ++-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 81991c4697..bdb04fe142 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -9,7 +9,8 @@
 #include "roc_api.h"
 
 void
-cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad)
+cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
+		       bool is_tls)
 {
 	const uint8_t *key = auth_xform->auth.key.data;
 	uint32_t length = auth_xform->auth.key.length;
@@ -29,11 +30,11 @@ cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_op
 	switch (auth_xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 		roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-		roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+		roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
 		break;
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-		roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+		roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
@@ -191,7 +192,7 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 			const uint8_t *auth_key = auth_xfrm->auth.key.data;
 			roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
 		} else {
-			cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+			cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
 		}
 
 		tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -740,7 +741,7 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
 		key = cipher_xfrm->cipher.key.data;
 		length = cipher_xfrm->cipher.key.length;
 
-		cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+		cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
 	}
 
 	switch (length) {
@@ -1373,7 +1374,7 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
 
 			roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
 		} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
 		}
 	}
 
@@ -1440,7 +1441,7 @@ cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
 
 			roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
 		} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
 		}
 	}
 
diff --git a/drivers/common/cnxk/cnxk_security.h b/drivers/common/cnxk/cnxk_security.h
index fabf694df4..86ec657cb0 100644
--- a/drivers/common/cnxk/cnxk_security.h
+++ b/drivers/common/cnxk/cnxk_security.h
@@ -70,6 +70,7 @@ int __roc_api cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipse
 					   struct roc_ie_on_outb_sa *out_sa);
 
 __rte_internal
-void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad);
+void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
+			    bool is_tls);
 
 #endif /* _CNXK_SECURITY_H__ */
-- 
2.25.1


  parent reply	other threads:[~2023-12-21 12:37 UTC|newest]

Thread overview: 78+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-21 12:35 [PATCH 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2023-12-21 12:35 ` [PATCH 01/24] common/cnxk: fix memory leak Anoob Joseph
2023-12-21 12:35 ` [PATCH 02/24] crypto/cnxk: use common macro Anoob Joseph
2023-12-21 12:35 ` [PATCH 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2023-12-21 12:35 ` [PATCH 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2023-12-21 12:35 ` [PATCH 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2023-12-21 12:35 ` [PATCH 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2023-12-21 12:35 ` [PATCH 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2023-12-21 12:35 ` [PATCH 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2023-12-21 12:35 ` [PATCH 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2023-12-21 12:35 ` [PATCH 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2023-12-21 12:35 ` [PATCH 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2023-12-21 12:35 ` Anoob Joseph [this message]
2023-12-21 12:35 ` [PATCH 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2023-12-21 12:35 ` [PATCH 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2023-12-21 12:35 ` [PATCH 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2023-12-21 12:35 ` [PATCH 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2023-12-21 12:35 ` [PATCH 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2023-12-21 12:35 ` [PATCH 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2023-12-21 12:35 ` [PATCH 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2023-12-21 12:35 ` [PATCH 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2023-12-21 12:35 ` [PATCH 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-02  4:53 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-16  8:07     ` Akhil Goyal
2024-01-02  4:54   ` [PATCH v2 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-16  8:43   ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
2024-01-17 10:30   ` [PATCH v3 " Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-18 17:06     ` [PATCH v3 00/24] Fixes and improvements in crypto cnxk Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231221123545.510-13-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=vvelumuri@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).