From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 34CD8A00BE; Mon, 6 Jul 2020 07:22:03 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B41B81D607; Mon, 6 Jul 2020 07:21:55 +0200 (CEST) Received: from inva020.nxp.com (inva020.nxp.com [92.121.34.13]) by dpdk.org (Postfix) with ESMTP id BEA6C1C139 for ; Mon, 6 Jul 2020 07:21:52 +0200 (CEST) Received: from inva020.nxp.com (localhost [127.0.0.1]) by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 950861A054D; Mon, 6 Jul 2020 07:21:52 +0200 (CEST) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id AF0701A0559; Mon, 6 Jul 2020 07:21:50 +0200 (CEST) Received: from lsv03273.swis.in-blr01.nxp.com (lsv03273.swis.in-blr01.nxp.com [92.120.147.113]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 5883D402F7; Mon, 6 Jul 2020 13:21:48 +0800 (SGT) From: Akhil Goyal To: dev@dpdk.org Cc: hemant.agrawal@nxp.com, Akhil Goyal Date: Mon, 6 Jul 2020 10:51:40 +0530 Message-Id: <20200706052142.12116-2-akhil.goyal@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200706052142.12116-1-akhil.goyal@nxp.com> References: <20200601180229.26566-1-akhil.goyal@nxp.com> <20200706052142.12116-1-akhil.goyal@nxp.com> X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" In case of RTA_SEC_ERA = 8, where the length of shared desc is large for some of PDCP cases, the descriptor buffer cannot hold 2 extra words when HFN override is enabled. As a result, the descriptor fails. This patch converts one of the keys from immediate key to reference key hence reducing the length of the descriptor. Signed-off-by: Akhil Goyal --- drivers/common/dpaax/caamflib/desc/pdcp.h | 44 +++++++++++++++++++++ drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 8 ++++ drivers/crypto/dpaa_sec/dpaa_sec.c | 33 +++------------- 3 files changed, 58 insertions(+), 27 deletions(-) diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h index b5e2d24e4..99eb0f71a 100644 --- a/drivers/common/dpaax/caamflib/desc/pdcp.h +++ b/drivers/common/dpaax/caamflib/desc/pdcp.h @@ -262,6 +262,50 @@ enum pdb_type_e { PDCP_PDB_TYPE_INVALID }; +/** + * rta_inline_pdcp_query() - Provide indications if a key can be passed as + * immediate data or shall be referenced in a + * shared descriptor. + * Return: 0 if data can be inlined or 1 if referenced. + */ +static inline int +rta_inline_pdcp_query(enum auth_type_pdcp auth_alg, + enum cipher_type_pdcp cipher_alg, + enum pdcp_sn_size sn_size, + int8_t hfn_ovd) +{ + /** + * Shared Descriptors for some of the cases does not fit in the + * MAX_DESC_SIZE of the descriptor especially when non-protocol + * descriptors are formed as in 18bit cases and when HFN override + * is enabled as 2 extra words are added in the job descriptor. + * The cases which exceed are for RTA_SEC_ERA=8 and HFN override + * enabled and 18bit uplane and either of following Algo combinations. + * - SNOW-AES + * - AES-SNOW + * - SNOW-SNOW + * - ZUC-SNOW + * + * We cannot make inline for all cases, as this will impact performance + * due to extra memory accesses for the keys. + */ + if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd && + (sn_size == PDCP_SN_SIZE_18) && + ((cipher_alg == PDCP_CIPHER_TYPE_SNOW && + auth_alg == PDCP_AUTH_TYPE_AES) || + (cipher_alg == PDCP_CIPHER_TYPE_AES && + auth_alg == PDCP_AUTH_TYPE_SNOW) || + (cipher_alg == PDCP_CIPHER_TYPE_SNOW && + auth_alg == PDCP_AUTH_TYPE_SNOW) || + (cipher_alg == PDCP_CIPHER_TYPE_ZUC && + auth_alg == PDCP_AUTH_TYPE_SNOW))) { + + return 1; + } + + return 0; +} + /* * Function for appending the portion of a PDCP Control Plane shared descriptor * which performs NULL encryption and integrity (i.e. copies the input frame diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index 12f833136..60fdced78 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -3154,6 +3154,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, goto out; } + if (rta_inline_pdcp_query(authdata.algtype, + cipherdata.algtype, + session->pdcp.sn_size, + session->pdcp.hfn_ovd)) { + cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key); + cipherdata.key_type = RTA_DATA_PTR; + } + if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) { if (session->dir == DIR_ENC) bufsize = cnstr_shdsc_pdcp_c_plane_encap( diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index d9fa8bb36..01e79c8ea 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -240,7 +240,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) struct sec_cdb *cdb = &ses->cdb; struct alginfo *p_authdata = NULL; int32_t shared_desc_len = 0; - int err; #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN int swap = false; #else @@ -254,10 +253,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) cipherdata.algtype = ses->cipher_key.alg; cipherdata.algmode = ses->cipher_key.algmode; - cdb->sh_desc[0] = cipherdata.keylen; - cdb->sh_desc[1] = 0; - cdb->sh_desc[2] = 0; - if (ses->auth_alg) { authdata.key = (size_t)ses->auth_key.data; authdata.keylen = ses->auth_key.length; @@ -267,33 +262,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) authdata.algmode = ses->auth_key.algmode; p_authdata = &authdata; - - cdb->sh_desc[1] = authdata.keylen; } - err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, - MIN_JOB_DESC_SIZE, - (unsigned int *)cdb->sh_desc, - &cdb->sh_desc[2], 2); - if (err < 0) { - DPAA_SEC_ERR("Crypto: Incorrect key lengths"); - return err; - } - - if (!(cdb->sh_desc[2] & 1) && cipherdata.keylen) { + if (rta_inline_pdcp_query(authdata.algtype, + cipherdata.algtype, + ses->pdcp.sn_size, + ses->pdcp.hfn_ovd)) { cipherdata.key = - (size_t)rte_dpaa_mem_vtop((void *)(size_t)cipherdata.key); + (size_t)rte_dpaa_mem_vtop((void *) + (size_t)cipherdata.key); cipherdata.key_type = RTA_DATA_PTR; } - if (!(cdb->sh_desc[2] & (1 << 1)) && authdata.keylen) { - authdata.key = - (size_t)rte_dpaa_mem_vtop((void *)(size_t)authdata.key); - authdata.key_type = RTA_DATA_PTR; - } - - cdb->sh_desc[0] = 0; - cdb->sh_desc[1] = 0; - cdb->sh_desc[2] = 0; if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) { if (ses->dir == DIR_ENC) -- 2.17.1