From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>,
Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>,
Volodymyr Fialko <vfialko@marvell.com>,
"Aakash Sasidharan" <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 15/17] crypto/cnxk: set salt in dptr as part of IV
Date: Tue, 20 Dec 2022 20:02:30 +0530 [thread overview]
Message-ID: <20221220143232.2519650-16-ktejasree@marvell.com> (raw)
In-Reply-To: <20221220143232.2519650-1-ktejasree@marvell.com>
Set salt as part of 16B IV in dptr to avoid race
condition.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/common/cnxk/roc_se.c | 7 +++-
drivers/crypto/cnxk/cnxk_se.h | 76 +++++++++++++++++++----------------
2 files changed, 47 insertions(+), 36 deletions(-)
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 8c19c5fccc..f335c2367f 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -462,8 +462,10 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
return -1;
/* For GMAC auth, cipher must be NULL */
- if (type == ROC_SE_GMAC_TYPE)
+ if (type == ROC_SE_GMAC_TYPE) {
fctx->enc.enc_cipher = 0;
+ se_ctx->template_w4.s.opcode_minor = BIT(5);
+ }
fctx->enc.hash_type = type;
se_ctx->hash_type = type;
@@ -530,6 +532,9 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
return 0;
}
+ if (type == ROC_SE_AES_GCM)
+ se_ctx->template_w4.s.opcode_minor = BIT(5);
+
ret = cpt_ciph_type_set(type, se_ctx, key_len);
if (unlikely(ret))
return -1;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 774efd5879..1827b0d7b3 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -43,7 +43,8 @@ struct cnxk_se_sess {
uint16_t dp_thr_type : 8;
uint16_t aad_length;
uint8_t is_sha3 : 1;
- uint8_t rsvd : 7;
+ uint8_t short_iv : 1;
+ uint8_t rsvd : 6;
uint8_t mac_len;
uint8_t iv_length;
uint8_t auth_iv_length;
@@ -201,13 +202,6 @@ cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
return ret;
}
-static __rte_always_inline void
-cpt_fc_salt_update(struct roc_se_ctx *se_ctx, uint8_t *salt)
-{
- struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
- memcpy(fctx->enc.encr_iv, salt, 4);
-}
-
static __rte_always_inline int
sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t offset_ctrl,
uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type, int32_t inputlen,
@@ -1703,8 +1697,17 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
sess->iv_length = aead_form->iv.length;
sess->aad_length = aead_form->aad_length;
- if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
- aead_form->key.data,
+ switch (sess->iv_length) {
+ case 12:
+ sess->short_iv = 1;
+ case 16:
+ break;
+ default:
+ plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+ return -1;
+ }
+
+ if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, aead_form->key.data,
aead_form->key.length, NULL)))
return -1;
@@ -1712,6 +1715,8 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
aead_form->digest_length)))
return -1;
+ if (enc_type == ROC_SE_CHACHA20)
+ sess->roc_se_ctx.template_w4.s.opcode_minor |= BIT(5);
return 0;
}
@@ -1849,9 +1854,19 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
sess->iv_length = c_form->iv.length;
sess->is_null = is_null;
- if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
- c_form->key.data, c_form->key.length,
- NULL)))
+ if (aes_ctr)
+ switch (sess->iv_length) {
+ case 12:
+ sess->short_iv = 1;
+ case 16:
+ break;
+ default:
+ plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+ return -1;
+ }
+
+ if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, c_form->key.data,
+ c_form->key.length, NULL)))
return -1;
if ((enc_type >= ROC_SE_ZUC_EEA3) && (enc_type <= ROC_SE_AES_CTR_EEA2))
@@ -2046,9 +2061,18 @@ fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
sess->iv_length = a_form->iv.length;
sess->mac_len = a_form->digest_length;
- if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
- a_form->key.data, a_form->key.length,
- NULL)))
+ switch (sess->iv_length) {
+ case 12:
+ sess->short_iv = 1;
+ case 16:
+ break;
+ default:
+ plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+ return -1;
+ }
+
+ if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, a_form->key.data,
+ a_form->key.length, NULL)))
return -1;
if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
@@ -2192,7 +2216,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
if (likely(is_kasumi || sess->iv_length)) {
flags |= ROC_SE_VALID_IV_BUF;
fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset);
- if (!is_aead && sess->aes_ctr && unlikely(sess->iv_length != 16)) {
+ if (sess->short_iv) {
memcpy((uint8_t *)iv_buf,
rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 12);
iv_buf[3] = rte_cpu_to_be_32(0x1);
@@ -2209,7 +2233,6 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
if (is_aead) {
struct rte_mbuf *m;
- uint8_t *salt;
uint8_t *aad_data;
uint16_t aad_len;
@@ -2234,13 +2257,6 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
d_lens = d_lens << 32;
}
- salt = fc_params.iv_buf;
- if (unlikely(*(uint32_t *)salt != sess->salt)) {
- cpt_fc_salt_update(&sess->roc_se_ctx, salt);
- sess->salt = *(uint32_t *)salt;
- }
-
- fc_params.iv_buf = PLT_PTR_ADD(salt, 4);
m = cpt_m_dst_get(cpt_op, m_src, m_dst);
/* Digest immediately following data is best case */
@@ -2266,16 +2282,6 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
d_lens = ci_data_length;
d_lens = (d_lens << 32) | a_data_length;
- /* for gmac, salt should be updated like in gcm */
- if (unlikely(sess->is_gmac)) {
- uint8_t *salt;
- salt = fc_params.iv_buf;
- if (unlikely(*(uint32_t *)salt != sess->salt)) {
- cpt_fc_salt_update(&sess->roc_se_ctx, salt);
- sess->salt = *(uint32_t *)salt;
- }
- fc_params.iv_buf = salt + 4;
- }
if (likely(sess->mac_len)) {
struct rte_mbuf *m = cpt_m_dst_get(cpt_op, m_src, m_dst);
--
2.25.1
next prev parent reply other threads:[~2022-12-20 14:34 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-20 14:32 [PATCH 00/17] fixes and improvements to cnxk crytpo PMD Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 01/17] common/cnxk: perform LF fini ops only when allocated Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 02/17] common/cnxk: generate opad and ipad in driver Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 03/17] crypto/cnxk: update resp len calculation for IPv6 Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 04/17] crypto/cnxk: add context to passthrough instruction Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 05/17] crypto/cnxk: support truncated digest length Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 06/17] crypto/cnxk: add queue pair check to meta set Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 07/17] crypto/cnxk: update crypto completion code handling Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 08/17] crypto/cnxk: fix incorrect digest for an empty input data Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 09/17] crypto/cnxk: add CN9K IPsec SG support Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 10/17] crypto/cnxk: add support for SHA3 hash Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 11/17] common/cnxk: skip hmac hash precomputation Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 12/17] crypto/octeontx: support truncated digest size Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 13/17] crypto/cnxk: set device ops to null in PCI remove Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 14/17] crypto/cnxk: add CTX for non IPsec operations Tejasree Kondoj
2022-12-20 14:32 ` Tejasree Kondoj [this message]
2022-12-20 14:32 ` [PATCH 16/17] crypto/cnxk: remove null check of session priv Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 17/17] common/cnxk: remove salt from session Tejasree Kondoj
2023-01-04 10:11 ` [PATCH 00/17] fixes and improvements to cnxk crytpo PMD Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221220143232.2519650-16-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=anoobj@marvell.com \
--cc=asasidharan@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=gmuthukrishn@marvell.com \
--cc=vfialko@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).