From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0064.outbound.protection.outlook.com [104.47.41.64]) by dpdk.org (Postfix) with ESMTP id 3A4241B017 for ; Mon, 19 Mar 2018 13:24:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sEeC7L4XHw5yx361OdIfPncH4P4iiFezw8OlwFizNUc=; b=iFvAH9sjzl86J+0RysR/yzWpCy4ar9ByQ6pKx9K8Qc5MWjJZ0vq2d+CAU9S/tdn8jKzD5xLJ5KnN/vt7o8gW55Xtf7cetaodzKfiF1afK7V4/TMMEs2z3wVGaLSJIYksfo+GdkbNLG+4qtsPCxTnT4iTLx91TNxQ6HVgdknssKo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Ravi1.Kumar@amd.com; Received: from wallaby-smavila.amd.com (202.56.249.162) by BN6PR12MB1505.namprd12.prod.outlook.com (10.172.24.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.14; Mon, 19 Mar 2018 12:24:47 +0000 From: Ravi Kumar To: dev@dpdk.org Cc: pablo.de.lara.guarch@intel.com, hemant.agrawal@nxp.com Date: Mon, 19 Mar 2018 08:23:51 -0400 Message-Id: <1521462233-13590-17-git-send-email-Ravi1.kumar@amd.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1521462233-13590-1-git-send-email-Ravi1.kumar@amd.com> References: <1520584520-130522-1-git-send-email-Ravi1.kumar@amd.com> <1521462233-13590-1-git-send-email-Ravi1.kumar@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [202.56.249.162] X-ClientProxiedBy: MAXPR0101CA0025.INDPRD01.PROD.OUTLOOK.COM (10.174.62.139) To BN6PR12MB1505.namprd12.prod.outlook.com (10.172.24.146) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 518fd44a-6621-4b22-2836-08d58d946866 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BN6PR12MB1505; X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1505; 3:cbXmoiUfcqZ51h1+Szf4FarUyevtrQPOk1g7W3moe/JjjVsoWlDrf00ZUvKR9WQU+hfcuVUFTqs1xWg4ZRIIo4TdbtC58xVlZGVKKEz9ar3chE/BX1YIj1Hlj2BLtP1X7rqzo1p0CUrGmqqKXBlwvj6B4KmtnMFGs+pHHi9u+ug1PYuM+skVyGgoU5gYFx4xp0YxPFvBliZ5UOvt7jTQ7GwTFxeoB1EFLwZ7JawukFH6srysZnUp8GUReFfbb2Mv; 25:m8b2JbXrxM3nGo6UDsb9KoHReuceTFGPmqGcMc3mNrjFGXHEmiEO+4xXRm5cDh/h3rDOaX9MntnLL8cM1nkN4lWx0XT0LeSxSbTf4rHAlDq5HJFMuBh7/Y5Eyzn9A0IiwYEs/Xn4zTrzrTLJAF1eZWGfesbdbeK9ZDHnR+oWoAfm8ui6Y73dKsjSxg6V3nSMzyLbms+QCVYSlftdQ6JXQBsTiiv0lBpZGnQPpxRlFaOJI6IAcUNvoXUr7FzPro3SLc06sfaCk++QZPw3JcF2+vtYIgCawWHWdTOVo2y4F7/l/q3XoY+jtAYSb3rZJ4/M7ZJNNjvW1rUl9PmvZfJUgA==; 31:LUed6aJGRMvPKoviWctVC9/zEhAlFyPY55K/ifre3qDHTdlyO1l2Uv1n2QN3Ms0VGLxS5Oi68V2kmSm7saFce+hVZ0cV74vZN94SMsnQSC0P6MvqYt/fbjbLIxmOstQMfM+IfDCkFe6m8wELBpOAkxZmkqzvFKOfpD8pKgbMfbUjx3IjIv9SaFka4tEVtChYlmjpVUQo7azOygkRmTOA31axBjOuCqOg6k3vfYWCRVk= X-MS-TrafficTypeDiagnostic: BN6PR12MB1505: X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1505; 20:ad33kNJtUR2wP8+c3qCA+H0WyJjj98MMpNpkshdW76z/QvMeZHcFl7/z/R53DaCr9Ztqkeqg/8JEZzzbrPEgS9q4utPXLxPt31pryFV1T/r104bTOBibj8xXu7mvk3pTJ1KUvU3AtTDoxnCO2y1+fZ0rNlJfnQheUn0Fpy9NQPxbu+fxD/W8MKHjPUC8JUdHXeRM7A/NMRZDviV/j3pKJd9hf3RlHg6QDegyci49QZvD3Us4+lw5Ag6j8HoIhLGrCozbeeMWlXNn4S0tJnzLEJnJWdpUyKIFskFCju56GN943XP6hVWsVeJD+e8JRhmDwwTJAfpouuqIHCq52HDF2Pxw4L+9Tx8F0sM831DT+itDGSGZgGozbUshyjQGaDHanXlfxOHD3K+J9Go9bd9D7VvIVtnVJ13rCB8fKJ5ka72TwvrCroTN8IsF3W+guti+nJogXtaS+5yKj8OltWdyTvPEunlVtPfzWvCjIXvuoLFqLwCaeGQliaeEAbKz8uu6; 4:0ZzqqSGIV+TGTnxlfxbCdsFyxdAYTlFWVZaYE2ZDSicnD3KgGtxEny6FMFDfFIbRRNM8NSg18zuKoQcPvOPqcUgZWwoshKqNwkCm+dBiJGeMkDR6M3zmlTBGV+JLh+RnwgBCOkWAiyjV9AauZ1o53Zc3E7xezpq6eFSYlE6YzLAWyHd+dmBKgUPVcRrhsIlzReSVYWOWTAdLmy9M1sF6xRry+LVR9APG6ZitgE1dQ4t/NbxpNZH0/HQSvNZYNey5ar6VI0RHLi83Y3bKb/EvzsN57bRTJ0D+Vi3KBzVhq19u0QACcrj2qI6j5JjTMrWl X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231221)(944501300)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:BN6PR12MB1505; BCL:0; PCL:0; RULEID:; SRVR:BN6PR12MB1505; X-Forefront-PRVS: 06167FAD59 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(39860400002)(346002)(376002)(366004)(199004)(189003)(97736004)(105586002)(2361001)(2351001)(72206003)(48376002)(4326008)(50226002)(76176011)(59450400001)(8676002)(26005)(316002)(8936002)(53936002)(106356001)(16586007)(186003)(7696005)(51416003)(16526019)(52116002)(386003)(81166006)(81156014)(8656006)(25786009)(575784001)(66066001)(68736007)(86362001)(47776003)(6486002)(5660300001)(6666003)(7736002)(53416004)(6116002)(305945005)(3846002)(478600001)(2950100002)(36756003)(6916009)(2906002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR12MB1505; H:wallaby-smavila.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR12MB1505; 23:UI05fLaPz2DyBoxU2YFv1+LkiZgAdDkJ5SakdH+Vs?= =?us-ascii?Q?Ak85RVz3BMK8dmyEuHei/MJ1xQMQvH/lUtgKgTe9N7uUAEzizN8hypGSiyIh?= =?us-ascii?Q?zzUQbxIjj49HVkLSdoixCBGPmUzNEyIgTjGNBe917Z2q6nPFhIirImtlAnyU?= =?us-ascii?Q?22ErESHKCxhuDt82YoRhoPjErGR90wlr8lrAmdy+KBNrkW0b1uDH7TTFTlpQ?= =?us-ascii?Q?wIitTj0pWbCiR442DYFPDsbYs7rynRQORf5vLN8HLjvPAOmO4XX6ZFlG7r2z?= =?us-ascii?Q?GHsSeL29wqNQbQR/GIlO1NeFKOLKVfGtne7O2B3NWQfgCLkPwpzDrREXfsv8?= =?us-ascii?Q?Wa2LOwzvrCiMoMmBV2CTLMLBmLMTW8CZdHmUXKmKE0vC5hry7gaKT570wAua?= =?us-ascii?Q?ETCHoAmrmEmQflGepc0o137xDPst+uXd4xMgASzbg76lV9O8MFH/Mo3SyHOh?= =?us-ascii?Q?kq3GQfXwIFiiobOUGvhZ0GxCYavGO+n1JhT2ATrVzF+k1cMPQiCfvzl0UTVT?= =?us-ascii?Q?ZKzFEPJOKWnt2HPL57oQGeOI8ktRV5z9dZnjQMRSTVYQgpD0xadOWsRjun+H?= =?us-ascii?Q?e29dQXXXyXMr6BOsHcwIdw2OUciJgIgOHZJZKf382h3NuEtBUGKOKJmzF+/T?= =?us-ascii?Q?fJLRtXgW67YEIiaH/Oe6sunxgoWwLfGLo202p/EPkym3gkd8nb9EYc5KytiA?= =?us-ascii?Q?pEnggNpv9rnPBV2j8JsP6UsoepAxWC8Me+bBHlrqh0WY4bKFNWKLm5ifjFhj?= =?us-ascii?Q?62Ic5mFQxe7lvqWKM9xFXSvWcQ5ceoAabo7Tzx51btSYPLohc0nIm9L7h7BC?= =?us-ascii?Q?5tWxJpHCgTnc5ma1ci872SDgD3MR2AhGqTE2qAZlh3FV10MiXbkq3O4tf4m5?= =?us-ascii?Q?+9qZxuGFd5MNXIVKdDI7LrweZ+QHHyroNSk/L6IXiZl+vmtxIJCGsTMQxL+k?= =?us-ascii?Q?3q+L2DckWg8Rd0rMBWX+tTA3MQlU/SjcpKVNwkefNZg8F2Jmbl9Ronjuyed7?= =?us-ascii?Q?dwAqBnWhpt6MA7Gd4I1X3zohbH3yaUHUNzWmAJsWNndBQZObfd/sfKbcXpIY?= =?us-ascii?Q?cnNjLcHC9mtRfvs4utTd0oUwhcBkmVf9pBc6HMaZOG3v2+p13xmUbGl9p8Y4?= =?us-ascii?Q?wePJ/H1U0I81+FyAwuTj19tAcao9C+4L4szHveMhSYq9QqYctVCPxXk+UULd?= =?us-ascii?Q?iqVUVSC051Pj67J4N4UnMqs791sPcy7JKqkX+VQYa3ogrbz+/OvAtqR0g=3D?= =?us-ascii?Q?=3D?= X-Microsoft-Antispam-Message-Info: lkl4Epe6SfoL3WIoh6hQJZOV0eAW/p28Oa4n+OOXUJXxbRSthALV0uI+DpC5Bq37i7NHQzGhKB/L6xwC6silKWIPPOjDixLGskvS4KmaDJsc9aJacJaGFcd+SDPEqiadHbeWkENIylF6IzMrCcfBnWysK9uZD9CW5zExs8jsCR4Al5C0aQFH0eANJW1r+Z5U X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1505; 6:uua5kUwN6EYP+PxrekZvFZEXpwMrhTgvZYqFpGBdBaD2sYJ2R7R3IuVe7LIdzYiUKtFNSPHWQaubQ4FFDX8K7CCIX4TIMxvE0ILaMHz57bf2h78wToPS7y2X81KcI2gKWy3IIwFNQtGEvwpBmHY27e7eoaop9ISLRugAoZFCTXuMKucuedvCQuoSOAmsSFlG+uvtCGvw3TOQLw0FMn09PrNsD1k3uLxcDQhPTsf5vEfFbVWikWumY4W5DFKTWcKFtvzAgGKMyIJwOBbba74Ct2uk6nnxSVfXR2pJNzj4Ru18TGgSocg7dw+IVgt+GwnNsDdct5y5vuj2qAS7VQzm/UOMVpXOV6b7O1xfd2QmK3E=; 5:i4dFWYtYrJiNdRtOEtDCJ3yMbCA/UrFyRjU6Xqx9v2gAEaJJvHewGK23KgdAhp0U7ZiUhrMUo3E82o5vam1WuKhiHS8xwgF6wfZUDXKiSqPUHQgsdWu1A6YxUSCSyyRk89L1/vEi4acg/SX3ATZjvdZNgAZEO5YTEB1yLQCdJZk=; 24:ffQS9qpFlBmFYSa/pVIt0iEOM1JtEQEv+xJOnSPk99NWSbYR2X/AtIlBlDNP1yonBjEFncmZUMAjtJdhujW8pbZi8n31q+Lsnmh7rvSv+U0=; 7:Zi+9EtUZeYS2AY3518z28RLDNYv88yIxzIkgaK9w7wz0KR7OJSkZiaV6nG6i0gnungbjwhnZSktmR8/mWzhNihwoWgLNbqz3ClhqYGnxKZzQmYjpU8ABb/THRp+Kqw7nA0TCX+JFB+il2No0BMp/75gvQ/DJD2ZNviGn5hDJMwwVZlOehi3oOwhsoocbkJOPYUb+l4PpVU0DNyfCh1Em0sJQBjfBqPVtRpEcZJIbEB7jvsg9EEQ8fxxledf1dQba SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BN6PR12MB1505; 20:e1OPc17Ig/e/vFwsXh7sPpD/t7MvDt8tV0vV3FXMXTDQsSbKTfEI1IRxgY2Jkrnut3siR2s3tmVZHxW9BXNQfq5vlPbGAAI6zN9VCkX1q5ioAc4rJpU5PEkoWBL0fNin2UEWVrt8q27L6OO+feqSHJdJ5wWvFAeiNDX32fO8quxEiGMKJdPmtHUGOphp7bV479fC+jj3hn4AiaCzJlHS0rOp2uTSHlwauxlWr6zvX2gsPBYM7kps+o5Cvo4GDQKg X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Mar 2018 12:24:47.6163 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 518fd44a-6621-4b22-2836-08d58d946866 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1505 Subject: [dpdk-dev] [PATCH v5 17/19] crypto/ccp: support cpu based md5 and sha2 family authentication algo X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2018 12:24:51 -0000 Signed-off-by: Ravi Kumar --- config/common_base | 1 + drivers/crypto/ccp/ccp_crypto.c | 282 ++++++++++++++++++++++++++++++++++- drivers/crypto/ccp/ccp_crypto.h | 5 +- drivers/crypto/ccp/ccp_pmd_ops.c | 23 +++ drivers/crypto/ccp/ccp_pmd_private.h | 10 ++ 5 files changed, 316 insertions(+), 5 deletions(-) diff --git a/config/common_base b/config/common_base index 28237f0..65e34ae 100644 --- a/config/common_base +++ b/config/common_base @@ -532,6 +532,7 @@ CONFIG_RTE_LIBRTE_PMD_NULL_CRYPTO=y # Compile PMD for AMD CCP crypto device # CONFIG_RTE_LIBRTE_PMD_CCP=n +CONFIG_RTE_LIBRTE_PMD_CCP_CPU_AUTH=n # # Compile PMD for Marvell Crypto device diff --git a/drivers/crypto/ccp/ccp_crypto.c b/drivers/crypto/ccp/ccp_crypto.c index 53e731b..a0809e4 100644 --- a/drivers/crypto/ccp/ccp_crypto.c +++ b/drivers/crypto/ccp/ccp_crypto.c @@ -27,6 +27,12 @@ #include "ccp_pci.h" #include "ccp_pmd_private.h" +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH +#include +#include +#include +#endif + /* SHA initial context values */ static uint32_t ccp_sha1_init[SHA_COMMON_DIGEST_SIZE / sizeof(uint32_t)] = { SHA1_H4, SHA1_H3, @@ -760,6 +766,17 @@ ccp_configure_session_auth(struct ccp_session *sess, else sess->auth.op = CCP_AUTH_OP_VERIFY; switch (auth_xform->algo) { +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + case RTE_CRYPTO_AUTH_MD5_HMAC: + sess->auth.algo = CCP_AUTH_ALGO_MD5_HMAC; + sess->auth.offset = (CCP_SB_BYTES << 1) - MD5_DIGEST_SIZE; + sess->auth.key_length = auth_xform->key.length; + sess->auth.block_size = MD5_BLOCK_SIZE; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); + break; +#endif case RTE_CRYPTO_AUTH_SHA1: sess->auth.engine = CCP_ENGINE_SHA; sess->auth.algo = CCP_AUTH_ALGO_SHA1; @@ -769,6 +786,17 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.offset = CCP_SB_BYTES - SHA1_DIGEST_SIZE; break; case RTE_CRYPTO_AUTH_SHA1_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (auth_xform->key.length > SHA1_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA1_HMAC; + sess->auth.offset = CCP_SB_BYTES - SHA1_DIGEST_SIZE; + sess->auth.block_size = SHA1_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); +#else if (auth_xform->key.length > SHA1_BLOCK_SIZE) return -1; sess->auth.engine = CCP_ENGINE_SHA; @@ -784,6 +812,7 @@ ccp_configure_session_auth(struct ccp_session *sess, auth_xform->key.length); if (generate_partial_hash(sess)) return -1; +#endif break; case RTE_CRYPTO_AUTH_SHA224: sess->auth.algo = CCP_AUTH_ALGO_SHA224; @@ -794,6 +823,17 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.offset = CCP_SB_BYTES - SHA224_DIGEST_SIZE; break; case RTE_CRYPTO_AUTH_SHA224_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (auth_xform->key.length > SHA224_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA224_HMAC; + sess->auth.offset = CCP_SB_BYTES - SHA224_DIGEST_SIZE; + sess->auth.block_size = SHA224_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); +#else if (auth_xform->key.length > SHA224_BLOCK_SIZE) return -1; sess->auth.algo = CCP_AUTH_ALGO_SHA224_HMAC; @@ -809,6 +849,7 @@ ccp_configure_session_auth(struct ccp_session *sess, auth_xform->key.length); if (generate_partial_hash(sess)) return -1; +#endif break; case RTE_CRYPTO_AUTH_SHA3_224: sess->auth.algo = CCP_AUTH_ALGO_SHA3_224; @@ -843,6 +884,17 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.offset = CCP_SB_BYTES - SHA256_DIGEST_SIZE; break; case RTE_CRYPTO_AUTH_SHA256_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (auth_xform->key.length > SHA256_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA256_HMAC; + sess->auth.offset = CCP_SB_BYTES - SHA256_DIGEST_SIZE; + sess->auth.block_size = SHA256_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); +#else if (auth_xform->key.length > SHA256_BLOCK_SIZE) return -1; sess->auth.algo = CCP_AUTH_ALGO_SHA256_HMAC; @@ -858,6 +910,7 @@ ccp_configure_session_auth(struct ccp_session *sess, auth_xform->key.length); if (generate_partial_hash(sess)) return -1; +#endif break; case RTE_CRYPTO_AUTH_SHA3_256: sess->auth.algo = CCP_AUTH_ALGO_SHA3_256; @@ -892,6 +945,17 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.offset = (CCP_SB_BYTES << 1) - SHA384_DIGEST_SIZE; break; case RTE_CRYPTO_AUTH_SHA384_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (auth_xform->key.length > SHA384_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA384_HMAC; + sess->auth.offset = (CCP_SB_BYTES << 1) - SHA384_DIGEST_SIZE; + sess->auth.block_size = SHA384_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); +#else if (auth_xform->key.length > SHA384_BLOCK_SIZE) return -1; sess->auth.algo = CCP_AUTH_ALGO_SHA384_HMAC; @@ -907,6 +971,7 @@ ccp_configure_session_auth(struct ccp_session *sess, auth_xform->key.length); if (generate_partial_hash(sess)) return -1; +#endif break; case RTE_CRYPTO_AUTH_SHA3_384: sess->auth.algo = CCP_AUTH_ALGO_SHA3_384; @@ -941,6 +1006,17 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.offset = (CCP_SB_BYTES << 1) - SHA512_DIGEST_SIZE; break; case RTE_CRYPTO_AUTH_SHA512_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (auth_xform->key.length > SHA512_BLOCK_SIZE) + return -1; + sess->auth.algo = CCP_AUTH_ALGO_SHA512_HMAC; + sess->auth.offset = (CCP_SB_BYTES << 1) - SHA512_DIGEST_SIZE; + sess->auth.block_size = SHA512_BLOCK_SIZE; + sess->auth.key_length = auth_xform->key.length; + memset(sess->auth.key, 0, sess->auth.block_size); + rte_memcpy(sess->auth.key, auth_xform->key.data, + auth_xform->key.length); +#else if (auth_xform->key.length > SHA512_BLOCK_SIZE) return -1; sess->auth.algo = CCP_AUTH_ALGO_SHA512_HMAC; @@ -956,6 +1032,7 @@ ccp_configure_session_auth(struct ccp_session *sess, auth_xform->key.length); if (generate_partial_hash(sess)) return -1; +#endif break; case RTE_CRYPTO_AUTH_SHA3_512: sess->auth.algo = CCP_AUTH_ALGO_SHA3_512; @@ -986,7 +1063,7 @@ ccp_configure_session_auth(struct ccp_session *sess, sess->auth.engine = CCP_ENGINE_AES; sess->auth.um.aes_mode = CCP_AES_MODE_CMAC; sess->auth.key_length = auth_xform->key.length; - /**auth.ctx_len = CCP_SB_BYTES << 1; sess->auth.offset = AES_BLOCK_SIZE; sess->auth.block_size = AES_BLOCK_SIZE; @@ -1182,14 +1259,22 @@ ccp_auth_slot(struct ccp_session *session) count = 3; /**< op + lsb passthrough cpy to/from*/ break; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + case CCP_AUTH_ALGO_MD5_HMAC: + break; +#endif case CCP_AUTH_ALGO_SHA1_HMAC: case CCP_AUTH_ALGO_SHA224_HMAC: case CCP_AUTH_ALGO_SHA256_HMAC: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH count = 6; +#endif break; case CCP_AUTH_ALGO_SHA384_HMAC: case CCP_AUTH_ALGO_SHA512_HMAC: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH count = 7; +#endif /** * 1. Load PHash1 = H(k ^ ipad); to LSB * 2. generate IHash = H(hash on meassage with PHash1 @@ -1296,6 +1381,122 @@ ccp_compute_slot_count(struct ccp_session *session) return count; } +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH +static uint8_t +algo_select(int sessalgo, + const EVP_MD **algo) +{ + int res = 0; + + switch (sessalgo) { + case CCP_AUTH_ALGO_MD5_HMAC: + *algo = EVP_md5(); + break; + case CCP_AUTH_ALGO_SHA1_HMAC: + *algo = EVP_sha1(); + break; + case CCP_AUTH_ALGO_SHA224_HMAC: + *algo = EVP_sha224(); + break; + case CCP_AUTH_ALGO_SHA256_HMAC: + *algo = EVP_sha256(); + break; + case CCP_AUTH_ALGO_SHA384_HMAC: + *algo = EVP_sha384(); + break; + case CCP_AUTH_ALGO_SHA512_HMAC: + *algo = EVP_sha512(); + break; + default: + res = -EINVAL; + break; + } + return res; +} + +static int +process_cpu_auth_hmac(uint8_t *src, uint8_t *dst, + __rte_unused uint8_t *iv, + EVP_PKEY *pkey, + int srclen, + EVP_MD_CTX *ctx, + const EVP_MD *algo, + uint16_t d_len) +{ + size_t dstlen; + unsigned char temp_dst[64]; + + if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) + goto process_auth_err; + + if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) + goto process_auth_err; + + if (EVP_DigestSignFinal(ctx, temp_dst, &dstlen) <= 0) + goto process_auth_err; + + memcpy(dst, temp_dst, d_len); + return 0; +process_auth_err: + CCP_LOG_ERR("Process cpu auth failed"); + return -EINVAL; +} + +static int cpu_crypto_auth(struct ccp_qp *qp, + struct rte_crypto_op *op, + struct ccp_session *sess, + EVP_MD_CTX *ctx) +{ + uint8_t *src, *dst; + int srclen, status; + struct rte_mbuf *mbuf_src, *mbuf_dst; + const EVP_MD *algo = NULL; + EVP_PKEY *pkey; + + algo_select(sess->auth.algo, &algo); + pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sess->auth.key, + sess->auth.key_length); + mbuf_src = op->sym->m_src; + mbuf_dst = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src; + srclen = op->sym->auth.data.length; + src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, + op->sym->auth.data.offset); + + if (sess->auth.op == CCP_AUTH_OP_VERIFY) { + dst = qp->temp_digest; + } else { + dst = op->sym->auth.digest.data; + if (dst == NULL) { + dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, + op->sym->auth.data.offset + + sess->auth.digest_length); + } + } + status = process_cpu_auth_hmac(src, dst, NULL, + pkey, srclen, + ctx, + algo, + sess->auth.digest_length); + if (status) { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return status; + } + + if (sess->auth.op == CCP_AUTH_OP_VERIFY) { + if (memcmp(dst, op->sym->auth.digest.data, + sess->auth.digest_length) != 0) { + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + } else { + op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + } else { + op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + EVP_PKEY_free(pkey); + return 0; +} +#endif + static void ccp_perform_passthru(struct ccp_passthru *pst, struct ccp_queue *cmd_q) @@ -2391,14 +2592,24 @@ ccp_crypto_auth(struct rte_crypto_op *op, result = ccp_perform_sha(op, cmd_q); b_info->desccnt += 3; break; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + case CCP_AUTH_ALGO_MD5_HMAC: + break; +#endif case CCP_AUTH_ALGO_SHA1_HMAC: case CCP_AUTH_ALGO_SHA224_HMAC: case CCP_AUTH_ALGO_SHA256_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + break; +#endif result = ccp_perform_hmac(op, cmd_q); b_info->desccnt += 6; break; case CCP_AUTH_ALGO_SHA384_HMAC: case CCP_AUTH_ALGO_SHA512_HMAC: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + break; +#endif result = ccp_perform_hmac(op, cmd_q); b_info->desccnt += 7; break; @@ -2462,7 +2673,7 @@ ccp_crypto_aead(struct rte_crypto_op *op, } int -process_ops_to_enqueue(const struct ccp_qp *qp, +process_ops_to_enqueue(struct ccp_qp *qp, struct rte_crypto_op **op, struct ccp_queue *cmd_q, uint16_t nb_ops, @@ -2471,11 +2682,22 @@ process_ops_to_enqueue(const struct ccp_qp *qp, int i, result = 0; struct ccp_batch_info *b_info; struct ccp_session *session; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX *auth_ctx = NULL; +#endif if (rte_mempool_get(qp->batch_mp, (void **)&b_info)) { CCP_LOG_ERR("batch info allocation failed"); return 0; } +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + auth_ctx = EVP_MD_CTX_create(); + if (unlikely(!auth_ctx)) { + CCP_LOG_ERR("Unable to create auth ctx"); + return 0; + } + b_info->auth_ctr = 0; +#endif /* populate batch info necessary for dequeue */ b_info->op_idx = 0; b_info->lsb_buf_idx = 0; @@ -2497,6 +2719,11 @@ process_ops_to_enqueue(const struct ccp_qp *qp, break; case CCP_CMD_AUTH: result = ccp_crypto_auth(op[i], cmd_q, b_info); +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + b_info->auth_ctr++; + result = cpu_crypto_auth(qp, op[i], + session, auth_ctx); +#endif break; case CCP_CMD_CIPHER_HASH: result = ccp_crypto_cipher(op[i], cmd_q, b_info); @@ -2506,6 +2733,12 @@ process_ops_to_enqueue(const struct ccp_qp *qp, break; case CCP_CMD_HASH_CIPHER: result = ccp_crypto_auth(op[i], cmd_q, b_info); +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + result = cpu_crypto_auth(qp, op[i], + session, auth_ctx); + if (op[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + continue; +#endif if (result) break; result = ccp_crypto_cipher(op[i], cmd_q, b_info); @@ -2539,6 +2772,9 @@ process_ops_to_enqueue(const struct ccp_qp *qp, rte_ring_enqueue(qp->processed_pkts, (void *)b_info); +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX_destroy(auth_ctx); +#endif return i; } @@ -2607,13 +2843,27 @@ static inline void ccp_auth_dq_prepare(struct rte_crypto_op *op) } static int -ccp_prepare_ops(struct rte_crypto_op **op_d, +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH +ccp_prepare_ops(struct ccp_qp *qp, +#else +ccp_prepare_ops(struct ccp_qp *qp __rte_unused, +#endif + struct rte_crypto_op **op_d, struct ccp_batch_info *b_info, uint16_t nb_ops) { int i, min_ops; struct ccp_session *session; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX *auth_ctx = NULL; + + auth_ctx = EVP_MD_CTX_create(); + if (unlikely(!auth_ctx)) { + CCP_LOG_ERR("Unable to create auth ctx"); + return 0; + } +#endif min_ops = RTE_MIN(nb_ops, b_info->opcnt); for (i = 0; i < min_ops; i++) { @@ -2626,8 +2876,25 @@ ccp_prepare_ops(struct rte_crypto_op **op_d, op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS; break; case CCP_CMD_AUTH: +#ifndef RTE_LIBRTE_PMD_CCP_CPU_AUTH + ccp_auth_dq_prepare(op_d[i]); +#endif + break; case CCP_CMD_CIPHER_HASH: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + cpu_crypto_auth(qp, op_d[i], + session, auth_ctx); +#else + ccp_auth_dq_prepare(op_d[i]); +#endif + break; case CCP_CMD_HASH_CIPHER: +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + op_d[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS; +#else + ccp_auth_dq_prepare(op_d[i]); +#endif + break; case CCP_CMD_COMBINED: ccp_auth_dq_prepare(op_d[i]); break; @@ -2636,6 +2903,9 @@ ccp_prepare_ops(struct rte_crypto_op **op_d, } } +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + EVP_MD_CTX_destroy(auth_ctx); +#endif b_info->opcnt -= min_ops; return min_ops; } @@ -2655,6 +2925,10 @@ process_ops_to_dequeue(struct ccp_qp *qp, } else if (rte_ring_dequeue(qp->processed_pkts, (void **)&b_info)) return 0; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + if (b_info->auth_ctr == b_info->opcnt) + goto success; +#endif cur_head_offset = CCP_READ_REG(b_info->cmd_q->reg_base, CMD_Q_HEAD_LO_BASE); @@ -2674,7 +2948,7 @@ process_ops_to_dequeue(struct ccp_qp *qp, success: - nb_ops = ccp_prepare_ops(op, b_info, nb_ops); + nb_ops = ccp_prepare_ops(qp, op, b_info, nb_ops); rte_atomic64_add(&b_info->cmd_q->free_slots, b_info->desccnt); b_info->desccnt = 0; if (b_info->opcnt > 0) { diff --git a/drivers/crypto/ccp/ccp_crypto.h b/drivers/crypto/ccp/ccp_crypto.h index 23b0486..dd89ad9 100644 --- a/drivers/crypto/ccp/ccp_crypto.h +++ b/drivers/crypto/ccp/ccp_crypto.h @@ -68,6 +68,9 @@ #define SHA512_BLOCK_SIZE 128 #define SHA3_512_BLOCK_SIZE 72 +/* Maximum length for digest */ +#define DIGEST_LENGTH_MAX 64 + /* SHA LSB intialiazation values */ #define SHA1_H0 0x67452301UL @@ -346,7 +349,7 @@ int ccp_compute_slot_count(struct ccp_session *session); * @param nb_ops No. of ops to be submitted * @return 0 on success otherwise -1 */ -int process_ops_to_enqueue(const struct ccp_qp *qp, +int process_ops_to_enqueue(struct ccp_qp *qp, struct rte_crypto_op **op, struct ccp_queue *cmd_q, uint16_t nb_ops, diff --git a/drivers/crypto/ccp/ccp_pmd_ops.c b/drivers/crypto/ccp/ccp_pmd_ops.c index 24ad961..3d0d875 100644 --- a/drivers/crypto/ccp/ccp_pmd_ops.c +++ b/drivers/crypto/ccp/ccp_pmd_ops.c @@ -13,6 +13,29 @@ #include "ccp_crypto.h" static const struct rte_cryptodev_capabilities ccp_pmd_capabilities[] = { +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + { /* MD5 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, +#endif { /* SHA1 */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = { diff --git a/drivers/crypto/ccp/ccp_pmd_private.h b/drivers/crypto/ccp/ccp_pmd_private.h index 47c4fb2..560bed9 100644 --- a/drivers/crypto/ccp/ccp_pmd_private.h +++ b/drivers/crypto/ccp/ccp_pmd_private.h @@ -6,6 +6,7 @@ #define _CCP_PMD_PRIVATE_H_ #include +#include "ccp_crypto.h" #define CRYPTODEV_NAME_CCP_PMD crypto_ccp @@ -61,6 +62,10 @@ struct ccp_batch_info { phys_addr_t lsb_buf_phys; /**< LSB intermediate buf for passthru */ int lsb_buf_idx; +#ifdef RTE_LIBRTE_PMD_CCP_CPU_AUTH + uint16_t auth_ctr; + /**< auth only ops batch */ +#endif } __rte_cache_aligned; /**< CCP crypto queue pair */ @@ -81,6 +86,11 @@ struct ccp_qp { /**< Store ops pulled out of queue */ struct rte_cryptodev *dev; /**< rte crypto device to which this qp belongs */ + uint8_t temp_digest[DIGEST_LENGTH_MAX]; + /**< Buffer used to store the digest generated + * by the driver when verifying a digest provided + * by the user (using authentication verify operation) + */ } __rte_cache_aligned; -- 2.7.4