From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 597C4A0032; Thu, 16 Dec 2021 18:53:42 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8870641154; Thu, 16 Dec 2021 18:53:39 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4C82241142 for ; Thu, 16 Dec 2021 18:53:38 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1BGBddvr030176 for ; Thu, 16 Dec 2021 09:53:37 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=oURsMuTZXnMhFr8x5wZZb3J0dUQs0JhOmPp80qfRL2k=; b=kaSEhKcTTIi6DJVCz6kKzSshOVsk9aUourPS158M8ooWUiEGRtFRce8CiDkOJWcI/r5N 1PTT3oCk04la4z9xG20uli4uWg36b+w2tDcOTRGwN6MMjPsooGNk+eI+l/E81L24mFSN HTfiqUDjcGuibIRNVel1pA07ygdr4y4dmsmt183haohwoEYD/1gbfIW55ymXk+jsh7nf pccP2mlx2Q1e3/K+AJXoNyp0NA6kVdXbCfeqFLnK6T9OELRQHGW/n6p4Hd3Hbqk0PiRD oyeIiSrkwSFYJp2Q5FcAz8/EzNftHqyUy2uNmXNEbdIqxa7HsrtT62wFJRzJ6efmYSXR 4g== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3d04s71p3b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 16 Dec 2021 09:53:37 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 16 Dec 2021 09:53:36 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Dec 2021 09:53:36 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 017D13F7048; Thu, 16 Dec 2021 09:53:33 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Tejasree Kondoj , Archana Muniganti , Subject: [PATCH v2 12/29] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Date: Thu, 16 Dec 2021 23:19:18 +0530 Message-ID: <1639676975-1316-13-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1639676975-1316-1-git-send-email-anoobj@marvell.com> References: <1638859858-734-1-git-send-email-anoobj@marvell.com> <1639676975-1316-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: U23hWzA5lZgJe9x2RVr10LCi2K7wxD9G X-Proofpoint-ORIG-GUID: U23hWzA5lZgJe9x2RVr10LCi2K7wxD9G X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-16_06,2021-12-16_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Tejasree Kondoj Adding HMAC-SHA384/512 support to cnxk lookaside IPsec. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 4 ++ doc/guides/rel_notes/release_22_03.rst | 2 + drivers/common/cnxk/cnxk_security.c | 36 +++++++++------ drivers/crypto/cnxk/cn9k_ipsec.c | 55 ++++++++++++++++++----- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 40 +++++++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 6 +++ 7 files changed, 118 insertions(+), 27 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 8c4c4ea..c49a779 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -267,6 +267,8 @@ Auth algorithms * SHA1-HMAC * SHA256-128-HMAC +* SHA384-192-HMAC +* SHA512-256-HMAC CN10XX Features supported ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -293,3 +295,5 @@ Auth algorithms * NULL * SHA1-HMAC * SHA256-128-HMAC +* SHA384-192-HMAC +* SHA512-256-HMAC diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 1639b0e..8df9092 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -58,6 +58,8 @@ New Features * **Updated Marvell cnxk crypto PMD.** * Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K. + * Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K. + * Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K. Removed Items diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index f39bc1e..1c86f82 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -36,6 +36,14 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]); break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 384); + roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 384); + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 512); + roc_hash_sha512_gen(ipad, (uint64_t *)&hmac_opad_ipad[64], 512); + break; default: break; } @@ -125,28 +133,28 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, break; case RTE_CRYPTO_AUTH_SHA1_HMAC: w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1; - ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); - - tmp_key = (uint64_t *)hmac_opad_ipad; - for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / - sizeof(uint64_t)); - i++) - tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); break; case RTE_CRYPTO_AUTH_SHA256_HMAC: w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256; - ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); - - tmp_key = (uint64_t *)hmac_opad_ipad; - for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / - sizeof(uint64_t)); - i++) - tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_384; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_512; break; default: return -ENOTSUP; } + ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); + + tmp_key = (uint64_t *)hmac_opad_ipad; + for (i = 0; + i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); + i++) + tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); + key = cipher_xfrm->cipher.key.data; length = cipher_xfrm->cipher.key.length; } diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 6455ef9..395b0d5 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -321,14 +321,23 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL) { template = &out_sa->aes_gcm.template; ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template); - } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) { - template = &out_sa->sha1.template; - ctx_len = offsetof(struct roc_ie_on_outb_sa, sha1.template); - } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA2_256) { - template = &out_sa->sha2.template; - ctx_len = offsetof(struct roc_ie_on_outb_sa, sha2.template); } else { - return -EINVAL; + switch (ctl->auth_type) { + case ROC_IE_ON_SA_AUTH_SHA1: + template = &out_sa->sha1.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, + sha1.template); + break; + case ROC_IE_ON_SA_AUTH_SHA2_256: + case ROC_IE_ON_SA_AUTH_SHA2_384: + case ROC_IE_ON_SA_AUTH_SHA2_512: + template = &out_sa->sha2.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, + sha2.template); + break; + default: + return -EINVAL; + } } ip4 = (struct rte_ipv4_hdr *)&template->ip4.ipv4_hdr; @@ -397,10 +406,22 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, auth_key = auth_xform->auth.key.data; auth_key_len = auth_xform->auth.key.length; - if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: memcpy(out_sa->sha1.hmac_key, auth_key, auth_key_len); - else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_SHA384_HMAC: + case RTE_CRYPTO_AUTH_SHA512_HMAC: memcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len); + break; + default: + plt_err("Unsupported auth algorithm %u", + auth_xform->auth.algo); + return -ENOTSUP; + } } inst_tmpl = &sa->inst; @@ -466,16 +487,26 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, auth_key = auth_xform->auth.key.data; auth_key_len = auth_xform->auth.key.length; - if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: memcpy(in_sa->sha1_or_gcm.hmac_key, auth_key, auth_key_len); ctx_len = offsetof(struct roc_ie_on_inb_sa, sha1_or_gcm.selector); - } else if (auth_xform->auth.algo == - RTE_CRYPTO_AUTH_SHA256_HMAC) { + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_SHA384_HMAC: + case RTE_CRYPTO_AUTH_SHA512_HMAC: memcpy(in_sa->sha2.hmac_key, auth_key, auth_key_len); ctx_len = offsetof(struct roc_ie_on_inb_sa, sha2.selector); + break; + default: + plt_err("Unsupported auth algorithm %u", + auth_xform->auth.algo); + return -ENOTSUP; } } diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 2e0f467..f701c26 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -11,7 +11,7 @@ #include "roc_cpt.h" #define CNXK_CPT_MAX_CAPS 34 -#define CNXK_SEC_CRYPTO_MAX_CAPS 6 +#define CNXK_SEC_CRYPTO_MAX_CAPS 8 #define CNXK_SEC_MAX_CAPS 5 #define CNXK_AE_EC_ID_MAX 8 /** diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 8305341..9a55474 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -817,6 +817,46 @@ static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = { }, } }, } }, + { /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 64, + .key_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .digest_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + }, } + }, } + }, + { /* SHA512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, + .block_size = 128, + .key_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + }, } + }, } + }, }; static const struct rte_security_capability sec_caps_templ[] = { diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index f4a1012..426eaa8 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -49,6 +49,12 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) { if (keylen >= 32 && keylen <= 64) return 0; + } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC) { + if (keylen == 48) + return 0; + } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA512_HMAC) { + if (keylen == 64) + return 0; } return -ENOTSUP; -- 2.7.4