From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
by inbox.dpdk.org (Postfix) with ESMTP id 5BA0043750;
Thu, 21 Dec 2023 13:38:39 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
by mails.dpdk.org (Postfix) with ESMTP id 453DF42EEA;
Thu, 21 Dec 2023 13:37:02 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
[67.231.148.174])
by mails.dpdk.org (Postfix) with ESMTP id 9C0F242EBC
for <dev@dpdk.org>; Thu, 21 Dec 2023 13:36:55 +0100 (CET)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
3BLCVS39019305 for <dev@dpdk.org>; Thu, 21 Dec 2023 04:36:54 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
from:to:cc:subject:date:message-id:in-reply-to:references
:mime-version:content-transfer-encoding:content-type; s=
pfpt0220; bh=XopYekZuDL9WlxgM+U/L8z58g2Uyw0c9/nU2RwVloRw=; b=VhK
rA8q/WqwVMwAnWZntRiLQL8dXirWiL13cfYjJ6BkoV06Yf9SmZiBeG/wgiOZB939
TesqpAS5ONRH+dJl9tB7sO6xKHFYvMeI09wF9OIQM/wUn+1kveFH9jHcGt6SJv6F
ff4TDup18JCOD69PGMopuZ6yny7J/ia7+fff6ID7Ysav8dU1Sodt80sS7w5fRiDn
KUS9HuU9d0RkMkntA9Aq5B4q7p3Rkymg6RAJ3o9u8uUXiI/ubN9wO4bCrXTvQOkz
wijVrt3kuVVgPvasKynNejrFHW6O/swTzVhtOGVNbFGHl8JfqmQZ/IAFj4SH1laN
4lD0IBcYlM4cdWr0AbA==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3v4nekg0k0-4
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
for <dev@dpdk.org>; Thu, 21 Dec 2023 04:36:54 -0800 (PST)
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
(10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
Thu, 21 Dec 2023 04:36:45 -0800
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
(10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
Transport; Thu, 21 Dec 2023 04:36:45 -0800
Received: from BG-LT92004.corp.innovium.com (unknown [10.193.71.152])
by maili.marvell.com (Postfix) with ESMTP id 0135D3F7073;
Thu, 21 Dec 2023 04:36:42 -0800 (PST)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
CC: Vidya Sagar Velumuri <vvelumuri@marvell.com>, Jerin Jacob
<jerinj@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 21/24] crypto/cnxk: use a single function for opad ipad
Date: Thu, 21 Dec 2023 18:05:42 +0530
Message-ID: <20231221123545.510-22-anoobj@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231221123545.510-1-anoobj@marvell.com>
References: <20231221123545.510-1-anoobj@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: KfltbpXu-F_RZ9B7-7YcIsOwQmcs-f3B
X-Proofpoint-ORIG-GUID: KfltbpXu-F_RZ9B7-7YcIsOwQmcs-f3B
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26
definitions=2023-12-09_02,2023-12-07_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Use a single function for opad and ipad generation for IPsec, TLS and
flexi crypto.
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/common/cnxk/cnxk_security.c | 65 ++++++-----------------------
drivers/common/cnxk/cnxk_security.h | 5 ---
drivers/common/cnxk/roc_se.c | 48 ++++++++++++++-------
drivers/common/cnxk/roc_se.h | 9 ++++
drivers/common/cnxk/version.map | 2 +-
drivers/crypto/cnxk/cn10k_tls.c | 8 +++-
6 files changed, 61 insertions(+), 76 deletions(-)
diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index bdb04fe142..64c901a57a 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -8,55 +8,9 @@
#include "roc_api.h"
-void
-cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
- bool is_tls)
-{
- const uint8_t *key = auth_xform->auth.key.data;
- uint32_t length = auth_xform->auth.key.length;
- uint8_t opad[128] = {[0 ... 127] = 0x5c};
- uint8_t ipad[128] = {[0 ... 127] = 0x36};
- uint32_t i;
-
- /* HMAC OPAD and IPAD */
- for (i = 0; i < 128 && i < length; i++) {
- opad[i] = opad[i] ^ key[i];
- ipad[i] = ipad[i] ^ key[i];
- }
-
- /* Precompute hash of HMAC OPAD and IPAD to avoid
- * per packet computation
- */
- switch (auth_xform->auth.algo) {
- case RTE_CRYPTO_AUTH_MD5_HMAC:
- roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
- roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
- break;
- case RTE_CRYPTO_AUTH_SHA1_HMAC:
- roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
- roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
- break;
- case RTE_CRYPTO_AUTH_SHA256_HMAC:
- roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
- roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64], 256);
- break;
- case RTE_CRYPTO_AUTH_SHA384_HMAC:
- roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 384);
- roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 384);
- break;
- case RTE_CRYPTO_AUTH_SHA512_HMAC:
- roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 512);
- roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 512);
- break;
- default:
- break;
- }
-}
-
static int
-ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
- uint8_t *cipher_key, uint8_t *salt_key,
- uint8_t *hmac_opad_ipad,
+ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_key,
+ uint8_t *salt_key, uint8_t *hmac_opad_ipad,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm)
{
@@ -192,7 +146,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
const uint8_t *auth_key = auth_xfrm->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else {
- cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
+ roc_se_hmac_opad_ipad_gen(w2->s.auth_type, auth_xfrm->auth.key.data,
+ auth_xfrm->auth.key.length, &hmac_opad_ipad[0],
+ ROC_SE_IPSEC);
}
tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -741,7 +697,8 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
key = cipher_xfrm->cipher.key.data;
length = cipher_xfrm->cipher.key.length;
- cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
+ roc_se_hmac_opad_ipad_gen(ctl->auth_type, auth_xfrm->auth.key.data,
+ auth_xfrm->auth.key.length, hmac_opad_ipad, ROC_SE_IPSEC);
}
switch (length) {
@@ -1374,7 +1331,9 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
- cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
+ roc_se_hmac_opad_ipad_gen(
+ out_sa->common_sa.ctl.auth_type, auth_xform->auth.key.data,
+ auth_xform->auth.key.length, &hmac_opad_ipad[0], ROC_SE_IPSEC);
}
}
@@ -1441,7 +1400,9 @@ cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
- cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
+ roc_se_hmac_opad_ipad_gen(
+ in_sa->common_sa.ctl.auth_type, auth_xform->auth.key.data,
+ auth_xform->auth.key.length, &hmac_opad_ipad[0], ROC_SE_IPSEC);
}
}
diff --git a/drivers/common/cnxk/cnxk_security.h b/drivers/common/cnxk/cnxk_security.h
index 86ec657cb0..b323b8b757 100644
--- a/drivers/common/cnxk/cnxk_security.h
+++ b/drivers/common/cnxk/cnxk_security.h
@@ -68,9 +68,4 @@ int __roc_api cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec
int __roc_api cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
struct rte_crypto_sym_xform *crypto_xform,
struct roc_ie_on_outb_sa *out_sa);
-
-__rte_internal
-void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
- bool is_tls);
-
#endif /* _CNXK_SECURITY_H__ */
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 4e00268149..5a3ed0b647 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -157,14 +157,29 @@ cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len)
fctx->enc.aes_key = aes_key_type;
}
-static void
-cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t length,
- struct roc_se_hmac_context *hmac)
+void
+roc_se_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t length,
+ uint8_t *opad_ipad, roc_se_op_type op_type)
{
uint8_t opad[128] = {[0 ... 127] = 0x5c};
uint8_t ipad[128] = {[0 ... 127] = 0x36};
+ uint8_t ipad_offset, opad_offset;
uint32_t i;
+ if (op_type == ROC_SE_IPSEC) {
+ if ((auth_type == ROC_SE_MD5_TYPE) || (auth_type == ROC_SE_SHA1_TYPE))
+ ipad_offset = 24;
+ else
+ ipad_offset = 64;
+ opad_offset = 0;
+ } else if (op_type == ROC_SE_TLS) {
+ ipad_offset = 64;
+ opad_offset = 0;
+ } else {
+ ipad_offset = 0;
+ opad_offset = 64;
+ }
+
/* HMAC OPAD and IPAD */
for (i = 0; i < 128 && i < length; i++) {
opad[i] = opad[i] ^ key[i];
@@ -176,28 +191,28 @@ cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t
*/
switch (auth_type) {
case ROC_SE_MD5_TYPE:
- roc_hash_md5_gen(opad, (uint32_t *)hmac->opad);
- roc_hash_md5_gen(ipad, (uint32_t *)hmac->ipad);
+ roc_hash_md5_gen(opad, (uint32_t *)&opad_ipad[opad_offset]);
+ roc_hash_md5_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset]);
break;
case ROC_SE_SHA1_TYPE:
- roc_hash_sha1_gen(opad, (uint32_t *)hmac->opad);
- roc_hash_sha1_gen(ipad, (uint32_t *)hmac->ipad);
+ roc_hash_sha1_gen(opad, (uint32_t *)&opad_ipad[opad_offset]);
+ roc_hash_sha1_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset]);
break;
case ROC_SE_SHA2_SHA224:
- roc_hash_sha256_gen(opad, (uint32_t *)hmac->opad, 224);
- roc_hash_sha256_gen(ipad, (uint32_t *)hmac->ipad, 224);
+ roc_hash_sha256_gen(opad, (uint32_t *)&opad_ipad[opad_offset], 224);
+ roc_hash_sha256_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset], 224);
break;
case ROC_SE_SHA2_SHA256:
- roc_hash_sha256_gen(opad, (uint32_t *)hmac->opad, 256);
- roc_hash_sha256_gen(ipad, (uint32_t *)hmac->ipad, 256);
+ roc_hash_sha256_gen(opad, (uint32_t *)&opad_ipad[opad_offset], 256);
+ roc_hash_sha256_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset], 256);
break;
case ROC_SE_SHA2_SHA384:
- roc_hash_sha512_gen(opad, (uint64_t *)hmac->opad, 384);
- roc_hash_sha512_gen(ipad, (uint64_t *)hmac->ipad, 384);
+ roc_hash_sha512_gen(opad, (uint64_t *)&opad_ipad[opad_offset], 384);
+ roc_hash_sha512_gen(ipad, (uint64_t *)&opad_ipad[ipad_offset], 384);
break;
case ROC_SE_SHA2_SHA512:
- roc_hash_sha512_gen(opad, (uint64_t *)hmac->opad, 512);
- roc_hash_sha512_gen(ipad, (uint64_t *)hmac->ipad, 512);
+ roc_hash_sha512_gen(opad, (uint64_t *)&opad_ipad[opad_offset], 512);
+ roc_hash_sha512_gen(ipad, (uint64_t *)&opad_ipad[ipad_offset], 512);
break;
default:
break;
@@ -401,7 +416,8 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint
if (chained_op) {
memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad));
- cpt_hmac_opad_ipad_gen(type, key, key_len, &fctx->hmac);
+ roc_se_hmac_opad_ipad_gen(type, key, key_len, &fctx->hmac.ipad[0],
+ ROC_SE_FC);
fctx->enc.auth_input_type = 0;
} else {
se_ctx->hmac = 1;
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index d62c40b310..ddcf6bdb44 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -191,6 +191,12 @@ typedef enum {
ROC_SE_PDCP_MAC_LEN_128_BIT = 0x3
} roc_se_pdcp_mac_len_type;
+typedef enum {
+ ROC_SE_IPSEC = 0x0,
+ ROC_SE_TLS = 0x1,
+ ROC_SE_FC = 0x2,
+} roc_se_op_type;
+
struct roc_se_enc_context {
uint64_t iv_source : 1;
uint64_t aes_key : 2;
@@ -401,4 +407,7 @@ int __roc_api roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type
void __roc_api roc_se_ctx_swap(struct roc_se_ctx *se_ctx);
void __roc_api roc_se_ctx_init(struct roc_se_ctx *se_ctx);
+void __roc_api roc_se_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key,
+ uint16_t length, uint8_t *opad_ipad,
+ roc_se_op_type op_type);
#endif /* __ROC_SE_H__ */
diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map
index 15fd5710d2..b8b0478848 100644
--- a/drivers/common/cnxk/version.map
+++ b/drivers/common/cnxk/version.map
@@ -1,7 +1,6 @@
INTERNAL {
global:
- cnxk_sec_opad_ipad_gen;
cnxk_ipsec_icvlen_get;
cnxk_ipsec_ivlen_get;
cnxk_ipsec_outb_rlens_get;
@@ -472,6 +471,7 @@ INTERNAL {
roc_plt_init;
roc_plt_init_cb_register;
roc_plt_lmt_validate;
+ roc_se_hmac_opad_ipad_gen;
roc_sso_dev_fini;
roc_sso_dev_init;
roc_sso_dump;
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index fa3ce3e758..5baea181e8 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -376,7 +376,9 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,
else
return -EINVAL;
- cnxk_sec_opad_ipad_gen(auth_xfrm, read_sa->opad_ipad, true);
+ roc_se_hmac_opad_ipad_gen(read_sa->w2.s.mac_select, auth_xfrm->auth.key.data,
+ auth_xfrm->auth.key.length, read_sa->opad_ipad, ROC_SE_TLS);
+
tmp = (uint64_t *)read_sa->opad_ipad;
for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); i++)
tmp[i] = rte_be_to_cpu_64(tmp[i]);
@@ -503,7 +505,9 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,
else
return -EINVAL;
- cnxk_sec_opad_ipad_gen(auth_xfrm, write_sa->opad_ipad, true);
+ roc_se_hmac_opad_ipad_gen(write_sa->w2.s.mac_select, auth_xfrm->auth.key.data,
+ auth_xfrm->auth.key.length, write_sa->opad_ipad,
+ ROC_SE_TLS);
}
tmp_key = (uint64_t *)write_sa->opad_ipad;
--
2.25.1