From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 94113A0524; Wed, 2 Jun 2021 18:45:38 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 22334410E0; Wed, 2 Jun 2021 18:45:07 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4376E410D7 for ; Wed, 2 Jun 2021 18:45:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 152Gaseb016164; Wed, 2 Jun 2021 09:45:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=O07zY0OmQv55hEo2VOciZT+EaHdvlzu2gueRux9JHPA=; b=Xi4clyPJNb0vOXZ+uBjuYExL16deZ+OpJc3WmXfCOhhAC4yx3a0Il2nHD/dayVxNg5lw tHaK+K14OWVcZgt2j9YEvf6vB52jol+Ba8/oQFaPunJInmgteuokDOipbjb7kkpiHcFl 2iiNDJbS2pT52T+jwIakg2Ag5VI3ZvuHCB6GwKU5/h//k+VGNdUaF16IiyHjfKYSUa0k CbDM82BUfEa5oIpFCae5hh9ArgOJG2G2h5uGx/7+O2ul1+d+9M/tBvT6IMSCCjcHD3Hg 4dCCSj8690mnRSWLWrEkS+tbit7Mi8sXC3tR1lwqDeUHP3CByFk66gcxEs62hDnFhqu6 bA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 38wug73v60-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 02 Jun 2021 09:45:04 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Jun 2021 09:45:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 2 Jun 2021 09:45:02 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.1]) by maili.marvell.com (Postfix) with ESMTP id 733A63F7041; Wed, 2 Jun 2021 09:44:56 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Anoob Joseph , Jerin Jacob , "Ankur Dwivedi" , Tejasree Kondoj , , Archana Muniganti Date: Wed, 2 Jun 2021 22:13:31 +0530 Message-ID: <1622652221-22732-11-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1622652221-22732-1-git-send-email-anoobj@marvell.com> References: <1622652221-22732-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: _wpyUvqyTOuF_tH9aMnMiD5Bntmxgf3N X-Proofpoint-GUID: _wpyUvqyTOuF_tH9aMnMiD5Bntmxgf3N X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-06-02_09:2021-06-02, 2021-06-02 signatures=0 Subject: [dpdk-dev] [PATCH 10/20] crypto/cnxk: add auth operation in session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for auth operations in session. Signed-off-by: Ankur Dwivedi Signed-off-by: Anoob Joseph Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 13 ++ drivers/crypto/cnxk/cnxk_se.h | 283 +++++++++++++++++++++++++++++++ 2 files changed, 296 insertions(+) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 4e29396..f060763 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -444,6 +444,12 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, case CNXK_CPT_CIPHER: ret = fill_sess_cipher(xform, sess_priv); break; + case CNXK_CPT_AUTH: + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) + ret = fill_sess_gmac(xform, sess_priv); + else + ret = fill_sess_auth(xform, sess_priv); + break; default: ret = -1; } @@ -451,6 +457,13 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, if (ret) goto priv_put; + if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) && + cpt_mac_len_verify(&xform->auth)) { + CPT_LOG_DP_ERR("MAC length is not supported"); + ret = -ENOTSUP; + goto priv_put; + } + sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt); set_sym_session_private_data(sess, driver_id, sess_priv); diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index f14016c..2f406f6 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -46,6 +46,47 @@ gen_key_snow3g(const uint8_t *ck, uint32_t *keyx) } } +static __rte_always_inline int +cpt_mac_len_verify(struct rte_crypto_auth_xform *auth) +{ + uint16_t mac_len = auth->digest_length; + int ret; + + switch (auth->algo) { + case RTE_CRYPTO_AUTH_MD5: + case RTE_CRYPTO_AUTH_MD5_HMAC: + ret = (mac_len == 16) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA1: + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ret = (mac_len == 20) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA224: + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ret = (mac_len == 28) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA256: + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ret = (mac_len == 32) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA384: + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ret = (mac_len == 48) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ret = (mac_len == 64) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_NULL: + ret = 0; + break; + default: + ret = -1; + } + + return ret; +} + static __rte_always_inline void cpt_fc_salt_update(struct roc_se_ctx *se_ctx, uint8_t *salt) { @@ -308,6 +349,95 @@ cpt_fc_ciph_set_key(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, } static __rte_always_inline int +cpt_fc_auth_set_key(struct roc_se_ctx *se_ctx, roc_se_auth_type type, + const uint8_t *key, uint16_t key_len, uint16_t mac_len) +{ + struct roc_se_zuc_snow3g_ctx *zs_ctx; + struct roc_se_kasumi_ctx *k_ctx; + struct roc_se_context *fctx; + + if (se_ctx == NULL) + return -1; + + zs_ctx = &se_ctx->se_ctx.zs_ctx; + k_ctx = &se_ctx->se_ctx.k_ctx; + fctx = &se_ctx->se_ctx.fctx; + + if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) { + uint32_t keyx[4]; + + if (key_len != 16) + return -1; + /* No support for AEAD yet */ + if (se_ctx->enc_cipher) + return -1; + /* For ZUC/SNOW3G/Kasumi */ + switch (type) { + case ROC_SE_SNOW3G_UIA2: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; + gen_key_snow3g(key, keyx); + memcpy(zs_ctx->ci_key, keyx, key_len); + se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_ZUC_EIA3: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; + memcpy(zs_ctx->ci_key, key, key_len); + memcpy(zs_ctx->zuc_const, zuc_d, 32); + se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_KASUMI_F9_ECB: + /* Kasumi ECB mode */ + se_ctx->k_ecb = 1; + memcpy(k_ctx->ci_key, key, key_len); + se_ctx->fc_type = ROC_SE_KASUMI; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_KASUMI_F9_CBC: + memcpy(k_ctx->ci_key, key, key_len); + se_ctx->fc_type = ROC_SE_KASUMI; + se_ctx->zsk_flags = 0x1; + break; + default: + return -1; + } + se_ctx->mac_len = 4; + se_ctx->hash_type = type; + return 0; + } + + if (!(se_ctx->fc_type == ROC_SE_FC_GEN && !type)) { + if (!se_ctx->fc_type || !se_ctx->enc_cipher) + se_ctx->fc_type = ROC_SE_HASH_HMAC; + } + + if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64) + return -1; + + /* For GMAC auth, cipher must be NULL */ + if (type == ROC_SE_GMAC_TYPE) + fctx->enc.enc_cipher = 0; + + fctx->enc.hash_type = se_ctx->hash_type = type; + fctx->enc.mac_len = se_ctx->mac_len = mac_len; + + if (key_len) { + se_ctx->hmac = 1; + memset(se_ctx->auth_key, 0, sizeof(se_ctx->auth_key)); + memcpy(se_ctx->auth_key, key, key_len); + se_ctx->auth_key_len = key_len; + memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); + memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad)); + + if (key_len <= 64) + memcpy(fctx->hmac.opad, key, key_len); + fctx->enc.auth_input_type = 1; + } + return 0; +} + +static __rte_always_inline int fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) { struct rte_crypto_cipher_xform *c_form; @@ -414,4 +544,157 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) return 0; } + +static __rte_always_inline int +fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) +{ + struct rte_crypto_auth_xform *a_form; + roc_se_auth_type auth_type = 0; /* NULL Auth type */ + uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + /* Perform auth followed by encryption */ + sess->roc_se_ctx.template_w4.s.opcode_minor = + ROC_SE_FC_MINOR_OP_HMAC_FIRST; + } + + a_form = &xform->auth; + + if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) + sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY; + else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE) + sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE; + else { + CPT_LOG_DP_ERR("Unknown auth operation"); + return -1; + } + + switch (a_form->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + /* Fall through */ + case RTE_CRYPTO_AUTH_SHA1: + auth_type = ROC_SE_SHA1_TYPE; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_SHA256: + auth_type = ROC_SE_SHA2_SHA256; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA512: + auth_type = ROC_SE_SHA2_SHA512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + auth_type = ROC_SE_GMAC_TYPE; + aes_gcm = 1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_SHA224: + auth_type = ROC_SE_SHA2_SHA224; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + case RTE_CRYPTO_AUTH_SHA384: + auth_type = ROC_SE_SHA2_SHA384; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + case RTE_CRYPTO_AUTH_MD5: + auth_type = ROC_SE_MD5_TYPE; + break; + case RTE_CRYPTO_AUTH_KASUMI_F9: + auth_type = ROC_SE_KASUMI_F9_ECB; + /* + * Indicate that direction needs to be taken out + * from end of src + */ + zsk_flag = ROC_SE_K_F9; + break; + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + auth_type = ROC_SE_SNOW3G_UIA2; + zsk_flag = ROC_SE_ZS_IA; + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + auth_type = ROC_SE_ZUC_EIA3; + zsk_flag = ROC_SE_ZS_IA; + break; + case RTE_CRYPTO_AUTH_NULL: + auth_type = 0; + is_null = 1; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_AES_CMAC: + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + CPT_LOG_DP_ERR("Crypto: Unsupported hash algo %u", + a_form->algo); + return -1; + default: + CPT_LOG_DP_ERR("Crypto: Undefined Hash algo %u specified", + a_form->algo); + return -1; + } + + sess->zsk_flag = zsk_flag; + sess->aes_gcm = aes_gcm; + sess->mac_len = a_form->digest_length; + sess->is_null = is_null; + if (zsk_flag) { + sess->auth_iv_offset = a_form->iv.offset; + sess->auth_iv_length = a_form->iv.length; + } + if (unlikely(cpt_fc_auth_set_key(&sess->roc_se_ctx, auth_type, + a_form->key.data, a_form->key.length, + a_form->digest_length))) + return -1; + + return 0; +} + +static __rte_always_inline int +fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) +{ + struct rte_crypto_auth_xform *a_form; + roc_se_cipher_type enc_type = 0; /* NULL Cipher type */ + roc_se_auth_type auth_type = 0; /* NULL Auth type */ + + a_form = &xform->auth; + + if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE) + sess->cpt_op |= ROC_SE_OP_ENCODE; + else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) + sess->cpt_op |= ROC_SE_OP_DECODE; + else { + CPT_LOG_DP_ERR("Unknown auth operation"); + return -1; + } + + switch (a_form->algo) { + case RTE_CRYPTO_AUTH_AES_GMAC: + enc_type = ROC_SE_AES_GCM; + auth_type = ROC_SE_GMAC_TYPE; + break; + default: + CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified", + a_form->algo); + return -1; + } + + sess->zsk_flag = 0; + sess->aes_gcm = 0; + sess->is_gmac = 1; + sess->iv_offset = a_form->iv.offset; + sess->iv_length = a_form->iv.length; + sess->mac_len = a_form->digest_length; + + if (unlikely(cpt_fc_ciph_set_key(&sess->roc_se_ctx, enc_type, + a_form->key.data, a_form->key.length, + NULL))) + return -1; + + if (unlikely(cpt_fc_auth_set_key(&sess->roc_se_ctx, auth_type, NULL, 0, + a_form->digest_length))) + return -1; + + return 0; +} + #endif /*_CNXK_SE_H_ */ -- 2.7.4