From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0063.outbound.protection.outlook.com [104.47.38.63]) by dpdk.org (Postfix) with ESMTP id 5C20E58CB for ; Thu, 30 Nov 2017 14:13:06 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BKt8uO3LKX2nlzmkLdRzM7HEbtMXbNUa4FV6EeRPRec=; b=GdWqrVoP3cw7hE7Zz9Wk4XL0m0jZVOiOK4tsJi7r02rsuDJn9B3k929rQJovDgCT/CL1k/Uap8dZ3xZKEvpFvznhT/fLK4kIxpYIK6/qjFePZxNY0JXNg8BZTPV10ZnqjmjAfSSNe7nqTqM34YlD9+5yE+inv/EzohXP29fxVsI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ravi1.Kumar@amd.com; Received: from wallaby-smavila.amd.com (202.56.249.162) by BN6PR12MB1508.namprd12.prod.outlook.com (10.172.24.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Thu, 30 Nov 2017 13:13:03 +0000 From: Ravi Kumar To: dev@dpdk.org Date: Thu, 30 Nov 2017 08:12:27 -0500 Message-Id: <1512047553-118101-5-git-send-email-Ravi1.kumar@amd.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512047553-118101-1-git-send-email-Ravi1.kumar@amd.com> References: <1512047553-118101-1-git-send-email-Ravi1.kumar@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [202.56.249.162] X-ClientProxiedBy: MA1PR0101CA0047.INDPRD01.PROD.OUTLOOK.COM (52.134.137.33) To BN6PR12MB1508.namprd12.prod.outlook.com (10.172.24.149) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: d699fe8e-9510-49f0-9008-08d537f41763 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(2017052603286); SRVR:BN6PR12MB1508; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1508; 3:KZpTHsHrBbZURmO1deYoETvYOqX87/dxjayen+pnGvM9/41Casx3MHZ8EeWzwrHsP5OUWvgqyShSFvDen79MSzb+amB74fnsGqyYa3J6l2IpsVrtiHIuQYZSly1B0W0Ra11sLaC1PrrpNj+ZJhH9+N3NNvzDysdN3ln6/c/RYcMt8cPxzgvZG73JmZ17PqaQ9a+ztF5tR48uHxtEasbQvEYW6GK8EGb2sUAkZLJtKUEOKAshhZyaC4EoUrPyWXuu; 25:Pm4tmGU4rAjzv+G/IwpYSUXjopBGAASe0yFVzvJr1yrQRr0TkR2wOaA4y5CC2j4JqrL02tpVhoXwUp5bQQ1CfG3duNq7PW0DUtrjsq0FXxCPRbiRsxNfvgsAi19fPeVi89dVyLrHRhbJCcYdKcXK4VYHKz5VFhT6JuHnZa5Ol9xHuL2bevfvADzyCfd5OWYKzL0qvkxaC6uZabHQNkOG4WT301GdnT0Mi/5KVsNe/xEJuqk4HOSfoQS6iE0QWC9XT/tjJA2Dvk2q+KcHXH9j6KC5YMbXfvxj65NHTJNj2NrYFDPklkIL9ZUltAXQ+QogN7iQSRhL4+b5sf1KWI7a4w==; 31:6yikxzAWOaPZE0Wxd4eCes9ESepY/sQREmRPWWvMupRLey7h69obgZR0QnIuyC+gkTHojdSVo/JYGLVRvLdrUV/agdCLR8w5TK9f1L9vK3ZEKmT1Je7OEOIaGKZhHMab0RiHm2GOfU4E8lKGKm7mjlZVh2PqKEB2hekmVIIBHRtqXJoS5glVnVMy+/5wyCvsj5aHwX7tnc0TsCCcgPc+LBZewcSGbHzGxcVBXg0aa1o= X-MS-TrafficTypeDiagnostic: BN6PR12MB1508: X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1508; 20:zwieyArFMU3grtWj+7aFAvS8VTsWKtUqcjcGlNTCMjtip4R4LlJaL/P3O0rMMgzLDTZdGeDe1w4Q+HoupgqD8HVFHwqETnIRDmUyhSsgm7Xp2yZTqSGqHxuhMsEAL9yB95Kd2jWUybA5B8z7b1v2GylzyE2n7sJMi5P4GF9Run+YAQhC1Nc/7OlAZcIe2tvaTqCXfUNpUYeNbQeyYpd2/vmDHdAg3yMeP5DIDtumlG4wgJun+K4FqqpSR2+mIuuWfZ8jBUELAcJNdueMNiYCXb2zWB9XaXwPD2SDm9Tj2VrHNFKOgFudIv2itlUFrmzTpzrUMZZqB5pdGDfCGXyOIfb7cYhKVy4cjcVq/tc83pU8oVWtmekMoCZEFh2GSrlGYUDFv9zdgHNCcpjE6EERL4JVzFtxWAfblZdWUjzbuyn7iiCKxsFzyO8BMfphY1G8Myb983hrI3r0OPkgBLoYsy6yrPHHbYmXJi3/326FjokMZhSH0/AjBv9p/DUsSVDX; 4:RPhQkpqKKTIunzrjASe/5d3bQyS8NaUE0F4ub8y7zD/0IPkLDBcvIHrLC2pL+xdeZzgGd6MJYcXPGMe1XEpUzBalL/LthKfW4CdZ1d938ZwO6HJJ0SlXJUXYCtHs5Y6dKm4wVn5TNkg26HzwXV7N9IjnkaCSHk3aN4bl7gYnbQpdGyJlikyUJAElcs/4HG1ixfjQ4N3h5zSVnASLRo9ZHoy0Immab/38QmrGUy5kChpnUPMn48Amye6LIRxKIb43PiWcjaZ94nzvuBfCF5eYwC9xYkafD63oDS2pjhNbfchn8bQfj1XatB/cQnU+MHui X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(3231022)(10201501046)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011); SRVR:BN6PR12MB1508; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:BN6PR12MB1508; X-Forefront-PRVS: 05079D8470 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(366004)(39860400002)(189002)(199003)(36756003)(72206003)(6486002)(16526018)(5660300001)(101416001)(50226002)(97736004)(8936002)(50986010)(76176010)(8676002)(81156014)(105586002)(81166006)(53936002)(53416004)(16586007)(6666003)(478600001)(106356001)(7736002)(6916009)(2906002)(50466002)(2950100002)(48376002)(52116002)(51416003)(2361001)(305945005)(2351001)(86362001)(68736007)(7696005)(47776003)(25786009)(316002)(3846002)(6116002)(189998001)(66066001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1508; H:wallaby-smavila.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR12MB1508; 23:N0rDpJ6HdZVMB+UZ4p5lcAertIzZ8EislSvnH9fKK?= =?us-ascii?Q?hT8YJ3oiosSk4Z6tEjFKd8rdc9181ZSIqHr+QK1tdSDOvnFkUz8PtTI6lEyI?= =?us-ascii?Q?syGx2nKjMbT1aCqsfMS76r0K1dGPiCi1mFvGeMUQb63giF2jvk/n4h4S+UBH?= =?us-ascii?Q?rsJj9ax/HwHQYrzAxqIAqrBPsWLunkiNYbRYCb2CTdG1JtDDTUm1W4tcJacD?= =?us-ascii?Q?rImrHJORtPNZd/QhzngY7h+A6Nt82Xne3uCmofRP9CwyvZ1ybmzovNUWvPNt?= =?us-ascii?Q?1X0rCPvoTTqQ1l1cNow1RLRfoMqYPWjN80V1oFjoHibPOZEmw19WPDHjSA8+?= =?us-ascii?Q?Wd6DLUlrdV32v0uhPku5tgS6R1JOyRFgx0J9YvCs8tFRhglsw8QTJ23Kvz2C?= =?us-ascii?Q?Tc/fTzUCQQtXY+9MrfSlhDNDDfXcI3C26WZpEQuww3FTv749jWKngsz1hMa9?= =?us-ascii?Q?eUuZ4XNMHvg+S/qS/eS3m762fZlp9RsvoQwmH8Ki38UV8XTjrlbtuJM1DIqw?= =?us-ascii?Q?1HpnKXyfLX6FFb7uZV7xmDrc9vMfVO16OfXjOqZvtgtdSaOodnvklZ7ovaX1?= =?us-ascii?Q?CxmOrPDCm/2o+rHJX1X1CcD4MQu4c3pAA+al/emMskHaoLpbmINdBB/G5xkG?= =?us-ascii?Q?2Aa1lZu4XM2KSLIygNOKKNX4nq3JVpnBuuP63q6GL+nUi7zPaAt3jRmMy6sT?= =?us-ascii?Q?g286mrpGTuUx+FQYKEb4MBxX5RX9PlzB+97y1WWhFkAWDCuoCCKq9d6ttR6/?= =?us-ascii?Q?dWOxEoZPnucif6/jKVWlvCjZQaonFyEaB+uXVnPzY+cttuyJxMZ+DLgsIYv6?= =?us-ascii?Q?+qk/RS96xf9AfIPZl+1zU13B4bevs1R0ttcD7sWX7GHErTwq6Bl8dz0x47/p?= =?us-ascii?Q?ww7KJ6Yi3Nl75aJI6OyOGAswXxpZmTSeK+Ho9dngwW+wZI+P4a+XBWlGSWQR?= =?us-ascii?Q?RkJ9+gLEcx+LMXLDH1Tky6MVHT3Ozfq8K+ifQgmGOY5q8SxqRdIcCYqYBCT8?= =?us-ascii?Q?uzf6EfpoPcpYRkR9Z4p38HBM8QHjSjYPAkW5cRwhZoNQYemWwuT/PAJgbq3R?= =?us-ascii?Q?4m4FfDlns7o+KrdF8k+gnsv2tklpaOvV3X+T1N6/4tusFDfqeOhKroP37nhI?= =?us-ascii?Q?EYFMIFO56GrR90SAs8cd5xQJhGGJRxa?= X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1508; 6:jXQx97k5d+IUgUXYCJpolgmg4n3+bdK6QqbBFvUZ+8zwIe/yI9aP9B+TQwOPlcS8OUTKhecw5YSnpX6radYxk1SRhDFLBfRa6WleRRz2s92BO8ZgWIUaPJ5zXbW0u37R6wwGAWidwjqJgfADn/o3SRTGObVBtS3EDZv6HLNf658WguVrQ0SqEiHVMyLB9FJaYdKGXooGVI4wZNDobDl/8wiebvZgfzNctllWgDXqmv5TyjlXSw+ZUzJDdsg0Zlxt7jC2oSMvBYYRZzZMc+whV86MCUAYhhhfaJE/eaVdCAX2ODGuEQaF/qpBvz93xnt1dacHkuksYSmer7vD5tTkGvBEMeXJXLy+28DhocMkhAQ=; 5:cLt3iIe/AbfvRWhCKWic4XF2Dbh4KKrawtgcoIUj8wTZE6oYsRxwPKcSgtRAb+Z+iVC04+u47GOeg4YQPPd8eq6sNyLic2MJCZ+Ks9yahwemoSlKAbip4HpyHvTzXfk2+3YA6ZQLKRNOtusZWCaYyxMDAfsCElOy1msKFREWSG0=; 24:zjm6Ay3EYNupz+fQJBVijzUVRkAgFa1eGZKe5rTPj/CU6/w967Ql4Xvmsk5P9X9TAFa5JhrxYFfGeR+e4UkPyHyDcVjqEwOm5soHQzkYlxw=; 7:h9AmZ/w5kElj4jEpzM/9iJuC1FH1IDNlsjE+cBrwkEYyfMZqsAMAC0NaJoGQEVJf98e/ILhZ1x6IWT4KbQ78lWCGNQNf1mHTYyM/nVet4yGsfmI+eq9PSH5eadtZE4p+DVIKxcEDzykZuHSTlZGfvEs5TEzRr6C0tncX+ZFGXaEiFCoFNtPLKU5xLZkcVgP7Pp/WaFlLIcoL7mLDykvBbwXV3PuP0pxNARpMvWH1fG6+kDcxGK/hqxG60I/jPbEG SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1508; 20:eN+98+kw95XtpoXVsAD1IZFCBR+isFgFnXiwnogQ7N3IXLCUhEf0oHaNzh5LdCs0t3CsqizaYp5QmJX4egEm0M0Fw5mQFZ4QxM+MWq7LW6cKREPggWX9ioBz8g7S4+itFWHdTg/fZynIXqLYUnjDHZqotEprN/E/zskiTrzJGUt72IEt1liHB6KZnvngrwbzTgyxg9Cu9EGKj6+dt91VKMCom9XfhUB5vGdWJnljqIxy6k64ju76jGe0STa3zOh6 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Nov 2017 13:13:03.7679 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d699fe8e-9510-49f0-9008-08d537f41763 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1508 Subject: [dpdk-dev] [PATCH 05/11] crypto/ccp: add support for CPU based authentication X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2017 13:13:06 -0000 Signed-off-by: Ravi Kumar --- config/common_base | 1 + drivers/crypto/ccp/ccp_crypto.c | 264 +++++++++++++++++++++++++++++++++++ drivers/crypto/ccp/ccp_crypto.h | 8 ++ drivers/crypto/ccp/ccp_pmd_ops.c | 23 +++ drivers/crypto/ccp/ccp_pmd_private.h | 4 + 5 files changed, 300 insertions(+) diff --git a/config/common_base b/config/common_base index 88826c8..2974581 100644 --- a/config/common_base +++ b/config/common_base @@ -560,6 +560,7 @@ CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO=y # Compile PMD for AMD CCP crypto device # CONFIG_RTE_LIBRTE_PMD_CCP=n +CONFIG_RTE_LIBRTE_PMD_CCP_CPU_AUTH=n # # Compile PMD for Marvell Crypto device diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c index 4d71ec1..1833929 100644 --- a/drivers/crypto/ccp/ccp_crypto.c +++ b/drivers/crypto/ccp/ccp_crypto.c @@ -54,6 +54,13 @@ #include /*sub key apis*/ #include /*sub key apis*/ +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH +#include +#include +#include +#endif + +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH /* SHA initial context values */ static uint32_t ccp_sha1_init[SHA256_DIGEST_SIZE / sizeof(uint32_t)] = { SHA1_H4, SHA1_H3, @@ -89,6 +96,7 @@ uint64_t ccp_sha512_init[SHA512_DIGEST_SIZE / sizeof(uint64_t)] = { SHA512_H3, SHA512_H2, SHA512_H1, SHA512_H0, }; +#endif static enum ccp_cmd_order ccp_get_cmd_id(const struct rte_crypto_sym_xform *xform) @@ -114,6 +122,7 @@ ccp_get_cmd_id(const struct rte_crypto_sym_xform *xform) return res; } +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH /**partial hash using openssl*/ static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out) { @@ -354,6 +363,7 @@ generate_cmac_subkeys(struct ccp_session *sess) CCP_LOG_ERR("CMAC Init failed"); return -1; } +#endif /**configure session*/ static int @@ -452,7 +462,9 @@ ccp_configure_session_auth(struct ccp_session *sess, const struct rte_crypto_sym_xform *xform) { const struct rte_crypto_auth_xform *auth_xform = NULL; +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH size_t i; +#endif auth_xform = &xform->auth; @@ -461,6 +473,7 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.op = CCP_AUTH_OP_GENERATE; else sess->auth.op = CCP_AUTH_OP_VERIFY; +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH switch (auth_xform->algo) { case RTE_CRYPTO_AUTH_SHA1: sess->auth.engine = CCP_ENGINE_SHA; @@ -618,6 +631,77 @@ ccp_configure_session_auth(struct ccp_session *sess, CCP_LOG_ERR("Unsupported hash algo"); return -1; } +#else + switch (auth_xform->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + if (auth_xform->key.length > SHA1_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA1_HMAC; + sess->auth.offset = CCP_SB_BYTES - SHA1_DIGEST_SIZE; + sess->auth.block_size = SHA1_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + if (auth_xform->key.length > SHA224_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA224_HMAC; + sess->auth.offset = CCP_SB_BYTES - SHA224_DIGEST_SIZE; + sess->auth.block_size = SHA224_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + if (auth_xform->key.length > SHA256_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA256_HMAC; + sess->auth.offset = CCP_SB_BYTES - SHA256_DIGEST_SIZE; + sess->auth.block_size = SHA256_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + if (auth_xform->key.length > SHA384_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA384_HMAC; + sess->auth.offset = (CCP_SB_BYTES << 1) - SHA384_DIGEST_SIZE; + sess->auth.block_size = SHA384_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + if (auth_xform->key.length > SHA512_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA512_HMAC; + sess->auth.offset = (CCP_SB_BYTES << 1) - SHA512_DIGEST_SIZE; + sess->auth.block_size = SHA512_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + sess->auth.algo = CCP_AUTH_ALGO_MD5_HMAC; + sess->auth.offset = (CCP_SB_BYTES << 1) - MD5_DIGEST_SIZE; + sess->auth.key_length = auth_xform->key.length; + sess->auth.block_size = MD5_BLOCK_SIZE; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; + default: + CCP_LOG_ERR("Unsupported hash algo"); + return -1; + } +#endif return 0; } @@ -860,12 +944,16 @@ ccp_compute_slot_count(struct ccp_session *session) count = ccp_cipher_slot(session); break; case CCP_CMD_AUTH: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH count = ccp_auth_slot(session); +#endif break; case CCP_CMD_CIPHER_HASH: case CCP_CMD_HASH_CIPHER: count = ccp_cipher_slot(session); +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH count += ccp_auth_slot(session); +#endif break; case CCP_CMD_COMBINED: count = ccp_combined_mode_slot(session); @@ -878,6 +966,123 @@ ccp_compute_slot_count(struct ccp_session *session) return count; } +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH +static uint8_t +algo_select(int sessalgo, + const EVP_MD **algo) +{ + int res = 0; + + switch (sessalgo) { + case CCP_AUTH_ALGO_MD5_HMAC: + *algo = EVP_md5(); + break; + case CCP_AUTH_ALGO_SHA1_HMAC: + *algo = EVP_sha1(); + break; + case CCP_AUTH_ALGO_SHA224_HMAC: + *algo = EVP_sha224(); + break; + case CCP_AUTH_ALGO_SHA256_HMAC: + *algo = EVP_sha256(); + break; + case CCP_AUTH_ALGO_SHA384_HMAC: + *algo = EVP_sha384(); + break; + case CCP_AUTH_ALGO_SHA512_HMAC: + *algo = EVP_sha512(); + break; + default: + res = -EINVAL; + break; + } + return res; +} + +static int +process_cpu_auth_hmac(uint8_t *src, uint8_t *dst, + __rte_unused uint8_t *iv, + EVP_PKEY *pkey, + int srclen, + EVP_MD_CTX *ctx, + const EVP_MD *algo, + uint16_t d_len) +{ + size_t dstlen; + unsigned char temp_dst[64]; + + if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) + goto process_auth_err; + + if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) + goto process_auth_err; + + if (EVP_DigestSignFinal(ctx, temp_dst, &dstlen) <= 0) + goto process_auth_err; + + rte_memcpy(dst, temp_dst, d_len); + return 0; +process_auth_err: + CCP_LOG_ERR("Process cpu auth failed"); + return -EINVAL; +} + +static int cpu_crypto_auth(struct rte_crypto_op *op, struct ccp_session *sess, + EVP_MD_CTX *ctx) +{ + uint8_t *src, *dst; + int srclen, status; + struct rte_mbuf *mbuf_src, *mbuf_dst; + const EVP_MD *algo = NULL; + EVP_PKEY *pkey; + + algo_select(sess->auth.algo, &algo); + pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sess->auth.key, + sess->auth.key_length); + mbuf_src = op->sym->m_src; + mbuf_dst = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src; + srclen = op->sym->auth.data.length; + src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, + op->sym->auth.data.offset); + + if (sess->auth.op == CCP_AUTH_OP_VERIFY) { + dst = (uint8_t *)rte_pktmbuf_append(mbuf_src, + sess->auth.digest_length); + } else { + dst = op->sym->auth.digest.data; + if (dst == NULL) { + dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, + op->sym->auth.data.offset + + sess->auth.digest_length); + } + } + status = process_cpu_auth_hmac(src, dst, NULL, + pkey, srclen, + ctx, + algo, + sess->auth.digest_length); + if (status) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return status; + } + + if (sess->auth.op == CCP_AUTH_OP_VERIFY) { + if (memcmp(dst, op->sym->auth.digest.data, + sess->auth.digest_length) != 0) { + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + } else { + op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + rte_pktmbuf_trim(mbuf_src, + sess->auth.digest_length); + } else { + op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + EVP_PKEY_free(pkey); + return 0; +} +#endif + static void ccp_perform_passthru(struct ccp_passthru *pst, struct ccp_queue *cmd_q) @@ -1831,11 +2036,22 @@ process_ops_to_enqueue(const struct ccp_qp *qp, int i, result = 0; struct ccp_batch_info *b_info; struct ccp_session *session; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX *auth_ctx = NULL; +#endif if (rte_mempool_get(qp->batch_mp, (void **)&b_info)) { CCP_LOG_ERR("batch info allocation failed"); return 0; } +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + auth_ctx = EVP_MD_CTX_create(); + if (unlikely(!auth_ctx)) { + CCP_LOG_ERR("Unable to create auth ctx"); + return 0; + } + b_info->auth_ctr = 0; +#endif /* populate batch info necessary for dequeue */ b_info->op_idx = 0; b_info->lsb_buf_idx = 0; @@ -1856,16 +2072,29 @@ process_ops_to_enqueue(const struct ccp_qp *qp, result = ccp_crypto_cipher(op[i], cmd_q, b_info); break; case CCP_CMD_AUTH: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH result = ccp_crypto_auth(op[i], cmd_q, b_info); +#else + b_info->auth_ctr++; + result = cpu_crypto_auth(op[i], session, auth_ctx); +#endif break; case CCP_CMD_CIPHER_HASH: result = ccp_crypto_cipher(op[i], cmd_q, b_info); if (result) break; +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH result = ccp_crypto_auth(op[i], cmd_q, b_info); +#endif break; case CCP_CMD_HASH_CIPHER: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH result = ccp_crypto_auth(op[i], cmd_q, b_info); +#else + result = cpu_crypto_auth(op[i], session, auth_ctx); + if (op[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + continue; +#endif if (result) break; result = ccp_crypto_cipher(op[i], cmd_q, b_info); @@ -1899,6 +2128,9 @@ process_ops_to_enqueue(const struct ccp_qp *qp, rte_ring_enqueue(qp->processed_pkts, (void *)b_info); +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX_destroy(auth_ctx); +#endif return i; } @@ -1974,6 +2206,15 @@ ccp_prepare_ops(struct rte_crypto_op **op_d, int i, min_ops; struct ccp_session *session; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX *auth_ctx = NULL; + + auth_ctx = EVP_MD_CTX_create(); + if (unlikely(!auth_ctx)) { + CCP_LOG_ERR("Unable to create auth ctx"); + return 0; + } +#endif min_ops = RTE_MIN(nb_ops, b_info->opcnt); for (i = 0; i < min_ops; i++) { @@ -1986,8 +2227,24 @@ ccp_prepare_ops(struct rte_crypto_op **op_d, op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS; break; case CCP_CMD_AUTH: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH + ccp_auth_dq_prepare(op_d[i]); +#endif + break; case CCP_CMD_CIPHER_HASH: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + cpu_crypto_auth(op_d[i], session, auth_ctx); +#else + ccp_auth_dq_prepare(op_d[i]); +#endif + break; case CCP_CMD_HASH_CIPHER: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS; +#else + ccp_auth_dq_prepare(op_d[i]); +#endif + break; case CCP_CMD_COMBINED: ccp_auth_dq_prepare(op_d[i]); break; @@ -1996,6 +2253,9 @@ ccp_prepare_ops(struct rte_crypto_op **op_d, } } +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX_destroy(auth_ctx); +#endif b_info->opcnt -= min_ops; return min_ops; } @@ -2015,6 +2275,10 @@ process_ops_to_dequeue(struct ccp_qp *qp, } else if (rte_ring_dequeue(qp->processed_pkts, (void **)&b_info)) return 0; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (b_info->auth_ctr == b_info->opcnt) + goto success; +#endif cur_head_offset = CCP_READ_REG(b_info->cmd_q->reg_base, CMD_Q_HEAD_LO_BASE); diff --git a/drivers/crypto/ccp/ccp_crypto.h b/drivers/crypto/ccp/ccp_crypto.h index 21cc99f..a350dfd 100644 --- a/drivers/crypto/ccp/ccp_crypto.h +++ b/drivers/crypto/ccp/ccp_crypto.h @@ -68,6 +68,11 @@ #define HMAC_IPAD_VALUE 0x36 #define HMAC_OPAD_VALUE 0x5c +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH +#define MD5_DIGEST_SIZE 16 +#define MD5_BLOCK_SIZE 64 +#endif + /**SHA */ #define SHA1_DIGEST_SIZE 20 #define SHA1_BLOCK_SIZE 64 @@ -236,6 +241,9 @@ enum ccp_hash_algo { CCP_AUTH_ALGO_SHA512_HMAC, CCP_AUTH_ALGO_AES_CMAC, CCP_AUTH_ALGO_AES_GCM, +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + CCP_AUTH_ALGO_MD5_HMAC, +#endif }; /** diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c index 3a5e03c..e0160b3 100644 --- a/drivers/crypto/ccp/ccp_pmd_ops.c +++ b/drivers/crypto/ccp/ccp_pmd_ops.c @@ -39,6 +39,29 @@ #include static const struct rte_cryptodev_capabilities ccp_pmd_capabilities[] = { +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + { /* MD5 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, +#endif { /* SHA1 */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h index 95433d7..9e288c5 100644 --- a/drivers/crypto/ccp/ccp_pmd_private.h +++ b/drivers/crypto/ccp/ccp_pmd_private.h @@ -88,6 +88,10 @@ struct ccp_batch_info { phys_addr_t lsb_buf_phys; /**< LSB intermediate buf for passthru */ int lsb_buf_idx; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + uint16_t auth_ctr; + /**< auth only ops batch */ +#endif } __rte_cache_aligned; /**< CCP crypto queue pair */ -- 2.7.4