From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2BF6C437F8; Tue, 2 Jan 2024 05:57:13 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DF85540E36; Tue, 2 Jan 2024 05:56:58 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 35AB540A81 for ; Tue, 2 Jan 2024 05:56:53 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 401NSClt032581 for ; Mon, 1 Jan 2024 20:56:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Dv3u7OaSFtqkrveWmu99X60aZAz9NviTvHKo3Mb3gEs=; b=Z/F tWmvI1tZ0RdGcNxnaTYt3fdmHvIpg2ojDyTVkWU8aezuMctBdS9CqfYE7gYsq41L Yu7W9HC9jHLxIppv7JUo+CLno8zyi4YTsDWoiG2sKt0nDz3APon9OnQ3/PIH0XhZ pcEa42NgfiwtTuIOOsTmi2+ljoSlb3XjLilIN1xC6FRKytqn/VMrYmLyLA/1R4J5 mVzX0kl2MckH8Qh93dtVJPXDecbVHqhdhvSG2B7syB+aSaEi/ltcY/opLTxM4som c82Rkibb0max84+qFuQb9YCiv29isVaZi28MqS19vfJFuUCq+SgY0yx37o12Umxi WagACIadvmKQehSas7w== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3vb5c3469d-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Mon, 01 Jan 2024 20:56:52 -0800 (PST) Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 1 Jan 2024 20:56:48 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Mon, 1 Jan 2024 20:56:48 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 7E68D3F7083; Mon, 1 Jan 2024 20:56:43 -0800 (PST) From: Anoob Joseph To: Akhil Goyal CC: Vidya Sagar Velumuri , Jerin Jacob , Tejasree Kondoj , Subject: [PATCH v2 21/24] crypto/cnxk: use a single function for opad ipad Date: Tue, 2 Jan 2024 10:24:14 +0530 Message-ID: <20240102045417.115-22-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240102045417.115-1-anoobj@marvell.com> References: <20231221123545.510-1-anoobj@marvell.com> <20240102045417.115-1-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: rbwVV7dQiUBaQJgZ_e7SVSh75Piojt-Y X-Proofpoint-ORIG-GUID: rbwVV7dQiUBaQJgZ_e7SVSh75Piojt-Y X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-09_02,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Use a single function for opad and ipad generation for IPsec, TLS and flexi crypto. Signed-off-by: Vidya Sagar Velumuri --- drivers/common/cnxk/cnxk_security.c | 65 ++++++----------------------- drivers/common/cnxk/cnxk_security.h | 5 --- drivers/common/cnxk/roc_se.c | 48 ++++++++++++++------- drivers/common/cnxk/roc_se.h | 9 ++++ drivers/common/cnxk/version.map | 2 +- drivers/crypto/cnxk/cn10k_tls.c | 8 +++- 6 files changed, 61 insertions(+), 76 deletions(-) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index bdb04fe142..64c901a57a 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -8,55 +8,9 @@ #include "roc_api.h" -void -cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad, - bool is_tls) -{ - const uint8_t *key = auth_xform->auth.key.data; - uint32_t length = auth_xform->auth.key.length; - uint8_t opad[128] = {[0 ... 127] = 0x5c}; - uint8_t ipad[128] = {[0 ... 127] = 0x36}; - uint32_t i; - - /* HMAC OPAD and IPAD */ - for (i = 0; i < 128 && i < length; i++) { - opad[i] = opad[i] ^ key[i]; - ipad[i] = ipad[i] ^ key[i]; - } - - /* Precompute hash of HMAC OPAD and IPAD to avoid - * per packet computation - */ - switch (auth_xform->auth.algo) { - case RTE_CRYPTO_AUTH_MD5_HMAC: - roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); - roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]); - break; - case RTE_CRYPTO_AUTH_SHA1_HMAC: - roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); - roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]); - break; - case RTE_CRYPTO_AUTH_SHA256_HMAC: - roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256); - roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64], 256); - break; - case RTE_CRYPTO_AUTH_SHA384_HMAC: - roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 384); - roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 384); - break; - case RTE_CRYPTO_AUTH_SHA512_HMAC: - roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 512); - roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 512); - break; - default: - break; - } -} - static int -ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, - uint8_t *cipher_key, uint8_t *salt_key, - uint8_t *hmac_opad_ipad, +ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_key, + uint8_t *salt_key, uint8_t *hmac_opad_ipad, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm) { @@ -192,7 +146,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, const uint8_t *auth_key = auth_xfrm->auth.key.data; roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad); } else { - cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false); + roc_se_hmac_opad_ipad_gen(w2->s.auth_type, auth_xfrm->auth.key.data, + auth_xfrm->auth.key.length, &hmac_opad_ipad[0], + ROC_SE_IPSEC); } tmp_key = (uint64_t *)hmac_opad_ipad; @@ -741,7 +697,8 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt, key = cipher_xfrm->cipher.key.data; length = cipher_xfrm->cipher.key.length; - cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false); + roc_se_hmac_opad_ipad_gen(ctl->auth_type, auth_xfrm->auth.key.data, + auth_xfrm->auth.key.length, hmac_opad_ipad, ROC_SE_IPSEC); } switch (length) { @@ -1374,7 +1331,9 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec, roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad); } else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) { - cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false); + roc_se_hmac_opad_ipad_gen( + out_sa->common_sa.ctl.auth_type, auth_xform->auth.key.data, + auth_xform->auth.key.length, &hmac_opad_ipad[0], ROC_SE_IPSEC); } } @@ -1441,7 +1400,9 @@ cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec, roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad); } else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) { - cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false); + roc_se_hmac_opad_ipad_gen( + in_sa->common_sa.ctl.auth_type, auth_xform->auth.key.data, + auth_xform->auth.key.length, &hmac_opad_ipad[0], ROC_SE_IPSEC); } } diff --git a/drivers/common/cnxk/cnxk_security.h b/drivers/common/cnxk/cnxk_security.h index 86ec657cb0..b323b8b757 100644 --- a/drivers/common/cnxk/cnxk_security.h +++ b/drivers/common/cnxk/cnxk_security.h @@ -68,9 +68,4 @@ int __roc_api cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec int __roc_api cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, struct roc_ie_on_outb_sa *out_sa); - -__rte_internal -void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad, - bool is_tls); - #endif /* _CNXK_SECURITY_H__ */ diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c index 4e00268149..5a3ed0b647 100644 --- a/drivers/common/cnxk/roc_se.c +++ b/drivers/common/cnxk/roc_se.c @@ -157,14 +157,29 @@ cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len) fctx->enc.aes_key = aes_key_type; } -static void -cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t length, - struct roc_se_hmac_context *hmac) +void +roc_se_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t length, + uint8_t *opad_ipad, roc_se_op_type op_type) { uint8_t opad[128] = {[0 ... 127] = 0x5c}; uint8_t ipad[128] = {[0 ... 127] = 0x36}; + uint8_t ipad_offset, opad_offset; uint32_t i; + if (op_type == ROC_SE_IPSEC) { + if ((auth_type == ROC_SE_MD5_TYPE) || (auth_type == ROC_SE_SHA1_TYPE)) + ipad_offset = 24; + else + ipad_offset = 64; + opad_offset = 0; + } else if (op_type == ROC_SE_TLS) { + ipad_offset = 64; + opad_offset = 0; + } else { + ipad_offset = 0; + opad_offset = 64; + } + /* HMAC OPAD and IPAD */ for (i = 0; i < 128 && i < length; i++) { opad[i] = opad[i] ^ key[i]; @@ -176,28 +191,28 @@ cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t */ switch (auth_type) { case ROC_SE_MD5_TYPE: - roc_hash_md5_gen(opad, (uint32_t *)hmac->opad); - roc_hash_md5_gen(ipad, (uint32_t *)hmac->ipad); + roc_hash_md5_gen(opad, (uint32_t *)&opad_ipad[opad_offset]); + roc_hash_md5_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset]); break; case ROC_SE_SHA1_TYPE: - roc_hash_sha1_gen(opad, (uint32_t *)hmac->opad); - roc_hash_sha1_gen(ipad, (uint32_t *)hmac->ipad); + roc_hash_sha1_gen(opad, (uint32_t *)&opad_ipad[opad_offset]); + roc_hash_sha1_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset]); break; case ROC_SE_SHA2_SHA224: - roc_hash_sha256_gen(opad, (uint32_t *)hmac->opad, 224); - roc_hash_sha256_gen(ipad, (uint32_t *)hmac->ipad, 224); + roc_hash_sha256_gen(opad, (uint32_t *)&opad_ipad[opad_offset], 224); + roc_hash_sha256_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset], 224); break; case ROC_SE_SHA2_SHA256: - roc_hash_sha256_gen(opad, (uint32_t *)hmac->opad, 256); - roc_hash_sha256_gen(ipad, (uint32_t *)hmac->ipad, 256); + roc_hash_sha256_gen(opad, (uint32_t *)&opad_ipad[opad_offset], 256); + roc_hash_sha256_gen(ipad, (uint32_t *)&opad_ipad[ipad_offset], 256); break; case ROC_SE_SHA2_SHA384: - roc_hash_sha512_gen(opad, (uint64_t *)hmac->opad, 384); - roc_hash_sha512_gen(ipad, (uint64_t *)hmac->ipad, 384); + roc_hash_sha512_gen(opad, (uint64_t *)&opad_ipad[opad_offset], 384); + roc_hash_sha512_gen(ipad, (uint64_t *)&opad_ipad[ipad_offset], 384); break; case ROC_SE_SHA2_SHA512: - roc_hash_sha512_gen(opad, (uint64_t *)hmac->opad, 512); - roc_hash_sha512_gen(ipad, (uint64_t *)hmac->ipad, 512); + roc_hash_sha512_gen(opad, (uint64_t *)&opad_ipad[opad_offset], 512); + roc_hash_sha512_gen(ipad, (uint64_t *)&opad_ipad[ipad_offset], 512); break; default: break; @@ -401,7 +416,8 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint if (chained_op) { memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad)); - cpt_hmac_opad_ipad_gen(type, key, key_len, &fctx->hmac); + roc_se_hmac_opad_ipad_gen(type, key, key_len, &fctx->hmac.ipad[0], + ROC_SE_FC); fctx->enc.auth_input_type = 0; } else { se_ctx->hmac = 1; diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index d62c40b310..ddcf6bdb44 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -191,6 +191,12 @@ typedef enum { ROC_SE_PDCP_MAC_LEN_128_BIT = 0x3 } roc_se_pdcp_mac_len_type; +typedef enum { + ROC_SE_IPSEC = 0x0, + ROC_SE_TLS = 0x1, + ROC_SE_FC = 0x2, +} roc_se_op_type; + struct roc_se_enc_context { uint64_t iv_source : 1; uint64_t aes_key : 2; @@ -401,4 +407,7 @@ int __roc_api roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type void __roc_api roc_se_ctx_swap(struct roc_se_ctx *se_ctx); void __roc_api roc_se_ctx_init(struct roc_se_ctx *se_ctx); +void __roc_api roc_se_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, + uint16_t length, uint8_t *opad_ipad, + roc_se_op_type op_type); #endif /* __ROC_SE_H__ */ diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map index 15fd5710d2..b8b0478848 100644 --- a/drivers/common/cnxk/version.map +++ b/drivers/common/cnxk/version.map @@ -1,7 +1,6 @@ INTERNAL { global: - cnxk_sec_opad_ipad_gen; cnxk_ipsec_icvlen_get; cnxk_ipsec_ivlen_get; cnxk_ipsec_outb_rlens_get; @@ -472,6 +471,7 @@ INTERNAL { roc_plt_init; roc_plt_init_cb_register; roc_plt_lmt_validate; + roc_se_hmac_opad_ipad_gen; roc_sso_dev_fini; roc_sso_dev_init; roc_sso_dump; diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index 8f50d889d2..6f6fdf95ee 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -376,7 +376,9 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, else return -EINVAL; - cnxk_sec_opad_ipad_gen(auth_xfrm, read_sa->opad_ipad, true); + roc_se_hmac_opad_ipad_gen(read_sa->w2.s.mac_select, auth_xfrm->auth.key.data, + auth_xfrm->auth.key.length, read_sa->opad_ipad, ROC_SE_TLS); + tmp = (uint64_t *)read_sa->opad_ipad; for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); i++) tmp[i] = rte_be_to_cpu_64(tmp[i]); @@ -503,7 +505,9 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa, else return -EINVAL; - cnxk_sec_opad_ipad_gen(auth_xfrm, write_sa->opad_ipad, true); + roc_se_hmac_opad_ipad_gen(write_sa->w2.s.mac_select, auth_xfrm->auth.key.data, + auth_xfrm->auth.key.length, write_sa->opad_ipad, + ROC_SE_TLS); } tmp_key = (uint64_t *)write_sa->opad_ipad; -- 2.25.1