From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5FD14A0032; Thu, 16 Dec 2021 18:54:27 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D6CC241142; Thu, 16 Dec 2021 18:54:11 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C061440143 for ; Thu, 16 Dec 2021 18:54:10 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1BGBdZ7P030133 for ; Thu, 16 Dec 2021 09:54:10 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=wvdVVHsr62Wa5gyqgACrgIkCdHROpLTKwN7GZXuD860=; b=hJOJ6ckqLKStFRf+Hp2Bl6Bci0ZvkzQbrowlqgzaZvlrZaPibjjijnQDoIY6qAEDmfRI 0ED91Knoi8RyNBcq43PdGujRwv7urqUU+GirX+Jf1TvJwzQLT3I7eAUY9K3ni/u7L8XF 0OjHzBviZZg5xmaCjU0AvGtE9smTnekQ7fJajumtJjmuPt6Giaqc/rF3BQbp/Jp7GZ9+ 0rEwCP5F8Xal4xy8bmwyOBTsJFy7YuBiOsTlrB4m94Ext6F+FvpdTtoh50HD0An4E+ec k+cANtgRlOjJPWnEeIQsV8JPHjP+IemH6jY/AxoV1/Eh5wK4umH5C+qAMYp4FeDAu4ud Qg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3d04s71p6j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 16 Dec 2021 09:54:09 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 16 Dec 2021 09:54:08 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 16 Dec 2021 09:54:08 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 2D0C13F7048; Thu, 16 Dec 2021 09:54:05 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Subject: [PATCH v2 18/29] crypto/cnxk: handle null chained ops Date: Thu, 16 Dec 2021 23:19:24 +0530 Message-ID: <1639676975-1316-19-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1639676975-1316-1-git-send-email-anoobj@marvell.com> References: <1638859858-734-1-git-send-email-anoobj@marvell.com> <1639676975-1316-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: 9ZE15Nw5kwIZ_XRMnMppNbZEnEfB9qeH X-Proofpoint-ORIG-GUID: 9ZE15Nw5kwIZ_XRMnMppNbZEnEfB9qeH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-16_06,2021-12-16_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Verification doesn't cover cases when NULL auth/cipher is provided as a chain. Removed the separate function for verification and added a replacement function which calls the appropriate downstream functions. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 189 ++++++++++++++++--------------- drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 10 -- drivers/crypto/cnxk/cnxk_se.h | 6 + 3 files changed, 102 insertions(+), 103 deletions(-) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 21ee09f..b02f070 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -418,84 +418,121 @@ cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) } static int -sym_xform_verify(struct rte_crypto_sym_xform *xform) +cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) { - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.algo == RTE_CRYPTO_AUTH_NULL && - xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) - return -ENOTSUP; + struct rte_crypto_sym_xform *aead_xfrm = NULL; + struct rte_crypto_sym_xform *c_xfrm = NULL; + struct rte_crypto_sym_xform *a_xfrm = NULL; + bool ciph_then_auth; - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) - return CNXK_CPT_CIPHER; + if (xform == NULL) + return -EINVAL; - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL) - return CNXK_CPT_AUTH; + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + c_xfrm = xform; + a_xfrm = xform->next; + ciph_then_auth = true; + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + c_xfrm = xform->next; + a_xfrm = xform; + ciph_then_auth = false; + } else { + aead_xfrm = xform; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD && xform->next == NULL) - return CNXK_CPT_AEAD; + if (c_xfrm != NULL && c_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER) { + plt_dp_err("Invalid type in cipher xform"); + return -EINVAL; + } - if (xform->next == NULL) - return -EIO; + if (a_xfrm != NULL && a_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH) { + plt_dp_err("Invalid type in auth xform"); + return -EINVAL; + } + + if (aead_xfrm != NULL && aead_xfrm->type != RTE_CRYPTO_SYM_XFORM_AEAD) { + plt_dp_err("Invalid type in AEAD xform"); + return -EINVAL; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->auth.algo == RTE_CRYPTO_AUTH_SHA1) + if ((c_xfrm == NULL || c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL) && + a_xfrm != NULL && a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL && + a_xfrm->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) { + plt_dp_err("Null cipher + null auth verify is not supported"); return -ENOTSUP; + } + + /* Cipher only */ + if (c_xfrm != NULL && + (a_xfrm == NULL || a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL)) { + if (fill_sess_cipher(c_xfrm, sess)) + return -ENOTSUP; + else + return 0; + } + + /* Auth only */ + if (a_xfrm != NULL && + (c_xfrm == NULL || c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL)) { + if (fill_sess_auth(a_xfrm, sess)) + return -ENOTSUP; + else + return 0; + } + + /* AEAD */ + if (aead_xfrm != NULL) { + if (fill_sess_aead(aead_xfrm, sess)) + return -ENOTSUP; + else + return 0; + } + + /* Chained ops */ + if (c_xfrm == NULL || a_xfrm == NULL) { + plt_dp_err("Invalid xforms"); + return -EINVAL; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.algo == RTE_CRYPTO_AUTH_SHA1 && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC) + if (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC && + a_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA1) { + plt_dp_err("3DES-CBC + SHA1 is not supported"); return -ENOTSUP; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) - return CNXK_CPT_CIPHER_ENC_AUTH_GEN; - - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) - return CNXK_CPT_AUTH_VRFY_CIPHER_DEC; - - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { - switch (xform->auth.algo) { - case RTE_CRYPTO_AUTH_SHA1_HMAC: - switch (xform->next->cipher.algo) { - case RTE_CRYPTO_CIPHER_AES_CBC: - return CNXK_CPT_AUTH_GEN_CIPHER_ENC; - default: - return -ENOTSUP; - } - default: + /* Cipher then auth */ + if (ciph_then_auth) { + if (fill_sess_cipher(c_xfrm, sess)) return -ENOTSUP; - } + if (fill_sess_auth(a_xfrm, sess)) + return -ENOTSUP; + else + return 0; } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) { - switch (xform->cipher.algo) { - case RTE_CRYPTO_CIPHER_AES_CBC: - switch (xform->next->auth.algo) { - case RTE_CRYPTO_AUTH_SHA1_HMAC: - return CNXK_CPT_CIPHER_DEC_AUTH_VRFY; + /* else */ + + if (c_xfrm->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + switch (a_xfrm->auth.algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + switch (c_xfrm->cipher.algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + break; default: return -ENOTSUP; } + break; default: return -ENOTSUP; } } - return -ENOTSUP; + if (fill_sess_auth(a_xfrm, sess)) + return -ENOTSUP; + if (fill_sess_cipher(c_xfrm, sess)) + return -ENOTSUP; + else + return 0; } static uint64_t @@ -524,10 +561,6 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, void *priv; int ret; - ret = sym_xform_verify(xform); - if (unlikely(ret < 0)) - return ret; - if (unlikely(rte_mempool_get(pool, &priv))) { plt_dp_err("Could not allocate session private data"); return -ENOMEM; @@ -537,37 +570,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, sess_priv = priv; - switch (ret) { - case CNXK_CPT_CIPHER: - ret = fill_sess_cipher(xform, sess_priv); - break; - case CNXK_CPT_AUTH: - if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) - ret = fill_sess_gmac(xform, sess_priv); - else - ret = fill_sess_auth(xform, sess_priv); - break; - case CNXK_CPT_AEAD: - ret = fill_sess_aead(xform, sess_priv); - break; - case CNXK_CPT_CIPHER_ENC_AUTH_GEN: - case CNXK_CPT_CIPHER_DEC_AUTH_VRFY: - ret = fill_sess_cipher(xform, sess_priv); - if (ret < 0) - break; - ret = fill_sess_auth(xform->next, sess_priv); - break; - case CNXK_CPT_AUTH_VRFY_CIPHER_DEC: - case CNXK_CPT_AUTH_GEN_CIPHER_ENC: - ret = fill_sess_auth(xform, sess_priv); - if (ret < 0) - break; - ret = fill_sess_cipher(xform->next, sess_priv); - break; - default: - ret = -1; - } - + ret = cnxk_sess_fill(xform, sess_priv); if (ret) goto priv_put; @@ -592,7 +595,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, priv_put: rte_mempool_put(pool, priv); - return -ENOTSUP; + return ret; } int diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h index 0d36365..ca363bb 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h @@ -30,16 +30,6 @@ struct cpt_qp_meta_info { int mlen; }; -enum sym_xform_type { - CNXK_CPT_CIPHER = 1, - CNXK_CPT_AUTH, - CNXK_CPT_AEAD, - CNXK_CPT_CIPHER_ENC_AUTH_GEN, - CNXK_CPT_AUTH_VRFY_CIPHER_DEC, - CNXK_CPT_AUTH_GEN_CIPHER_ENC, - CNXK_CPT_CIPHER_DEC_AUTH_VRFY -}; - #define CPT_OP_FLAGS_METABUF (1 << 1) #define CPT_OP_FLAGS_AUTH_VERIFY (1 << 0) #define CPT_OP_FLAGS_IPSEC_DIR_INBOUND (1 << 2) diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index 37237de..a8cd2c5 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -36,6 +36,9 @@ struct cnxk_se_sess { struct roc_se_ctx roc_se_ctx; } __rte_cache_aligned; +static __rte_always_inline int +fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess); + static inline void cpt_pack_iv(uint8_t *iv_src, uint8_t *iv_dst) { @@ -1808,6 +1811,9 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) roc_se_auth_type auth_type = 0; /* NULL Auth type */ uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) + return fill_sess_gmac(xform, sess); + if (xform->next != NULL && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { -- 2.7.4