From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 06FDBA0C40; Fri, 25 Jun 2021 07:39:07 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C9E25410D8; Fri, 25 Jun 2021 07:38:41 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A3A3840698 for ; Fri, 25 Jun 2021 07:38:40 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15P5ab9k018611; Thu, 24 Jun 2021 22:38:39 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=j9695IA6qnI+trHe21T4XouYoiAiOTMr5+as8Y7IEpA=; b=NrrpiIC4vopgvE+KUPRHfMPj8yqazi2lwsZ6wA6j/gkmzNA0PfGGWjNvNtBaHovGCAQF MSGEUk2wm+PxyCSKLsSs1m1QSW0rWFkXKurO9zXRaXmUX7pEmngIqOqD4vxe2GEpFHTe 28CSNpVtmTP4LdNUSS4NgiG8ZxdVv/VEaJND66SVDIgH0sAAr3sobkw3OA1/gOGYYvdC t/Y3QIBrOvSt+f0d9tvg+vws+RZ/qLzr687qnTzSkqvc+n0A1d71zAwQhgikkq93sKgP VLwLl+TxrNZdrRPdhQKxxrXeen1VTWTtBAyv+sWYTxP2d07MJuqp2Ef+DpXk6StZ6OVE ZA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 39d24dhh7y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 24 Jun 2021 22:38:39 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 24 Jun 2021 22:38:38 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 24 Jun 2021 22:38:38 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 239853F7041; Thu, 24 Jun 2021 22:38:34 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Ankur Dwivedi , Jerin Jacob , Tejasree Kondoj , Date: Fri, 25 Jun 2021 11:06:49 +0530 Message-ID: <1624599410-29689-18-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624599410-29689-1-git-send-email-anoobj@marvell.com> References: <1624599410-29689-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: ES_TbAO9V1JDcMblrE0um9hB8S5-PdJj X-Proofpoint-ORIG-GUID: ES_TbAO9V1JDcMblrE0um9hB8S5-PdJj X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-25_01:2021-06-24, 2021-06-25 signatures=0 Subject: [dpdk-dev] [PATCH v2 17/17] common/cnxk: add SE set key functions in roc X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ankur Dwivedi The set key functions are added in roc. Signed-off-by: Ankur Dwivedi --- drivers/common/cnxk/meson.build | 1 + drivers/common/cnxk/roc_se.c | 342 ++++++++++++++++++++++++++++++++++++++++ drivers/common/cnxk/roc_se.h | 8 + drivers/common/cnxk/version.map | 2 + 4 files changed, 353 insertions(+) create mode 100644 drivers/common/cnxk/roc_se.c diff --git a/drivers/common/cnxk/meson.build b/drivers/common/cnxk/meson.build index 1f118ef..08f54f5 100644 --- a/drivers/common/cnxk/meson.build +++ b/drivers/common/cnxk/meson.build @@ -44,6 +44,7 @@ sources = files( 'roc_npc_parse.c', 'roc_npc_utils.c', 'roc_platform.c', + 'roc_se.c', 'roc_sso.c', 'roc_sso_debug.c', 'roc_sso_irq.c', diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c new file mode 100644 index 0000000..3f74175 --- /dev/null +++ b/drivers/common/cnxk/roc_se.c @@ -0,0 +1,342 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include "roc_api.h" + +static uint8_t zuc_d[32] = {0x44, 0xD7, 0x26, 0xBC, 0x62, 0x6B, 0x13, 0x5E, + 0x57, 0x89, 0x35, 0xE2, 0x71, 0x35, 0x09, 0xAF, + 0x4D, 0x78, 0x2F, 0x13, 0x6B, 0xC4, 0x1A, 0xF1, + 0x5E, 0x26, 0x3C, 0x4D, 0x78, 0x9A, 0x47, 0xAC}; + +static inline void +cpt_snow3g_key_gen(const uint8_t *ck, uint32_t *keyx) +{ + int i, base; + + for (i = 0; i < 4; i++) { + base = 4 * i; + keyx[3 - i] = (ck[base] << 24) | (ck[base + 1] << 16) | + (ck[base + 2] << 8) | (ck[base + 3]); + keyx[3 - i] = plt_cpu_to_be_32(keyx[3 - i]); + } +} + +static inline int +cpt_ciph_aes_key_validate(uint16_t key_len) +{ + switch (key_len) { + case 16: + case 24: + case 32: + return 0; + default: + return -1; + } +} + +static inline int +cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, + uint16_t key_len) +{ + int fc_type = 0; + + switch (type) { + case ROC_SE_PASSTHROUGH: + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_DES3_CBC: + case ROC_SE_DES3_ECB: + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_AES_CBC: + case ROC_SE_AES_ECB: + case ROC_SE_AES_CFB: + case ROC_SE_AES_CTR: + case ROC_SE_AES_GCM: + if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0)) + return -1; + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_CHACHA20: + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_AES_XTS: + key_len = key_len / 2; + if (unlikely(key_len == 24)) { + plt_err("Invalid AES key len for XTS"); + return -1; + } + if (unlikely(cpt_ciph_aes_key_validate(key_len) != 0)) + return -1; + fc_type = ROC_SE_FC_GEN; + break; + case ROC_SE_ZUC_EEA3: + case ROC_SE_SNOW3G_UEA2: + if (unlikely(key_len != 16)) + return -1; + /* No support for AEAD yet */ + if (unlikely(ctx->hash_type)) + return -1; + fc_type = ROC_SE_PDCP; + break; + case ROC_SE_AES_CTR_EEA2: + fc_type = ROC_SE_PDCP; + break; + case ROC_SE_KASUMI_F8_CBC: + case ROC_SE_KASUMI_F8_ECB: + if (unlikely(key_len != 16)) + return -1; + /* No support for AEAD yet */ + if (unlikely(ctx->hash_type)) + return -1; + fc_type = ROC_SE_KASUMI; + break; + default: + return -1; + } + + ctx->fc_type = fc_type; + return 0; +} + +static inline void +cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len) +{ + roc_se_aes_type aes_key_type = 0; + + switch (key_len) { + case 16: + aes_key_type = ROC_SE_AES_128_BIT; + break; + case 24: + aes_key_type = ROC_SE_AES_192_BIT; + break; + case 32: + aes_key_type = ROC_SE_AES_256_BIT; + break; + default: + /* This should not happen */ + plt_err("Invalid AES key len"); + return; + } + fctx->enc.aes_key = aes_key_type; +} + +int +roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, + const uint8_t *key, uint16_t key_len, uint16_t mac_len) +{ + struct roc_se_zuc_snow3g_ctx *zs_ctx; + struct roc_se_kasumi_ctx *k_ctx; + struct roc_se_context *fctx; + + if (se_ctx == NULL) + return -1; + + zs_ctx = &se_ctx->se_ctx.zs_ctx; + k_ctx = &se_ctx->se_ctx.k_ctx; + fctx = &se_ctx->se_ctx.fctx; + + if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) { + uint32_t keyx[4]; + + if (key_len != 16) + return -1; + /* No support for AEAD yet */ + if (se_ctx->enc_cipher) + return -1; + /* For ZUC/SNOW3G/Kasumi */ + switch (type) { + case ROC_SE_SNOW3G_UIA2: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; + cpt_snow3g_key_gen(key, keyx); + memcpy(zs_ctx->ci_key, keyx, key_len); + se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_ZUC_EIA3: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; + memcpy(zs_ctx->ci_key, key, key_len); + memcpy(zs_ctx->zuc_const, zuc_d, 32); + se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_AES_CMAC_EIA2: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR; + memcpy(zs_ctx->ci_key, key, key_len); + se_ctx->fc_type = ROC_SE_PDCP; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_KASUMI_F9_ECB: + /* Kasumi ECB mode */ + se_ctx->k_ecb = 1; + memcpy(k_ctx->ci_key, key, key_len); + se_ctx->fc_type = ROC_SE_KASUMI; + se_ctx->zsk_flags = 0x1; + break; + case ROC_SE_KASUMI_F9_CBC: + memcpy(k_ctx->ci_key, key, key_len); + se_ctx->fc_type = ROC_SE_KASUMI; + se_ctx->zsk_flags = 0x1; + break; + default: + return -1; + } + se_ctx->mac_len = 4; + se_ctx->hash_type = type; + return 0; + } + + if (!se_ctx->fc_type || + (type && type != ROC_SE_GMAC_TYPE && !se_ctx->enc_cipher)) + se_ctx->fc_type = ROC_SE_HASH_HMAC; + + if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64) + return -1; + + /* For GMAC auth, cipher must be NULL */ + if (type == ROC_SE_GMAC_TYPE) + fctx->enc.enc_cipher = 0; + + fctx->enc.hash_type = type; + se_ctx->hash_type = type; + fctx->enc.mac_len = mac_len; + se_ctx->mac_len = mac_len; + + if (key_len) { + se_ctx->hmac = 1; + memset(se_ctx->auth_key, 0, sizeof(se_ctx->auth_key)); + memcpy(se_ctx->auth_key, key, key_len); + se_ctx->auth_key_len = key_len; + memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); + memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad)); + + if (key_len <= 64) + memcpy(fctx->hmac.opad, key, key_len); + fctx->enc.auth_input_type = 1; + } + return 0; +} + +int +roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, + const uint8_t *key, uint16_t key_len, uint8_t *salt) +{ + struct roc_se_context *fctx = &se_ctx->se_ctx.fctx; + struct roc_se_zuc_snow3g_ctx *zs_ctx; + uint32_t keyx[4]; + int ret; + + /* For AES-GCM, salt is taken from ctx even if IV source + * is from DPTR + */ + if ((salt != NULL) && (type == ROC_SE_AES_GCM)) { + memcpy(fctx->enc.encr_iv, salt, 4); + /* Assuming it was just salt update + * and nothing else + */ + if (key == NULL) + return 0; + } + + ret = cpt_ciph_type_set(type, se_ctx, key_len); + if (unlikely(ret)) + return -1; + + if (se_ctx->fc_type == ROC_SE_FC_GEN) { + /* + * We need to always say IV is from DPTR as user can + * sometimes iverride IV per operation. + */ + fctx->enc.iv_source = ROC_SE_FROM_DPTR; + + if (se_ctx->auth_key_len > 64) + return -1; + } + + switch (type) { + case ROC_SE_PASSTHROUGH: + se_ctx->enc_cipher = 0; + fctx->enc.enc_cipher = 0; + goto success; + case ROC_SE_DES3_CBC: + /* CPT performs DES using 3DES with the 8B DES-key + * replicated 2 more times to match the 24B 3DES-key. + * Eg. If org. key is "0x0a 0x0b", then new key is + * "0x0a 0x0b 0x0a 0x0b 0x0a 0x0b" + */ + if (key_len == 8) { + /* Skipping the first 8B as it will be copied + * in the regular code flow + */ + memcpy(fctx->enc.encr_key + key_len, key, key_len); + memcpy(fctx->enc.encr_key + 2 * key_len, key, key_len); + } + break; + case ROC_SE_DES3_ECB: + /* For DES3_ECB IV need to be from CTX. */ + fctx->enc.iv_source = ROC_SE_FROM_CTX; + break; + case ROC_SE_AES_CBC: + case ROC_SE_AES_ECB: + case ROC_SE_AES_CFB: + case ROC_SE_AES_CTR: + case ROC_SE_CHACHA20: + cpt_ciph_aes_key_type_set(fctx, key_len); + break; + case ROC_SE_AES_GCM: + cpt_ciph_aes_key_type_set(fctx, key_len); + break; + case ROC_SE_AES_XTS: + key_len = key_len / 2; + cpt_ciph_aes_key_type_set(fctx, key_len); + + /* Copy key2 for XTS into ipad */ + memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad)); + memcpy(fctx->hmac.ipad, &key[key_len], key_len); + break; + case ROC_SE_SNOW3G_UEA2: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G; + cpt_snow3g_key_gen(key, keyx); + memcpy(se_ctx->se_ctx.zs_ctx.ci_key, keyx, key_len); + se_ctx->zsk_flags = 0; + goto success; + case ROC_SE_ZUC_EEA3: + zs_ctx = &se_ctx->se_ctx.zs_ctx; + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC; + memcpy(zs_ctx->ci_key, key, key_len); + memcpy(zs_ctx->zuc_const, zuc_d, 32); + se_ctx->zsk_flags = 0; + goto success; + case ROC_SE_AES_CTR_EEA2: + se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR; + memcpy(se_ctx->se_ctx.zs_ctx.ci_key, key, key_len); + se_ctx->zsk_flags = 0; + goto success; + case ROC_SE_KASUMI_F8_ECB: + se_ctx->k_ecb = 1; + memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len); + se_ctx->zsk_flags = 0; + goto success; + case ROC_SE_KASUMI_F8_CBC: + memcpy(se_ctx->se_ctx.k_ctx.ci_key, key, key_len); + se_ctx->zsk_flags = 0; + goto success; + default: + return -1; + } + + /* Only for ROC_SE_FC_GEN case */ + + /* For GMAC auth, cipher must be NULL */ + if (se_ctx->hash_type != ROC_SE_GMAC_TYPE) + fctx->enc.enc_cipher = type; + + memcpy(fctx->enc.encr_key, key, key_len); + +success: + se_ctx->enc_cipher = type; + + return 0; +} diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index ffae065..43a40dd 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -264,4 +264,12 @@ struct roc_se_ctx { uint8_t auth_key[1024]; }; +int __roc_api roc_se_auth_key_set(struct roc_se_ctx *se_ctx, + roc_se_auth_type type, const uint8_t *key, + uint16_t key_len, uint16_t mac_len); + +int __roc_api roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, + roc_se_cipher_type type, const uint8_t *key, + uint16_t key_len, uint8_t *salt); + #endif /* __ROC_SE_H__ */ diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map index 91e8b40..9089717 100644 --- a/drivers/common/cnxk/version.map +++ b/drivers/common/cnxk/version.map @@ -47,6 +47,8 @@ INTERNAL { roc_idev_npa_nix_get; roc_idev_num_lmtlines_get; roc_model; + roc_se_auth_key_set; + roc_se_ciph_key_set; roc_nix_cq_dump; roc_nix_cq_fini; roc_nix_cq_init; -- 2.7.4