From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1FC11A09E4; Thu, 28 Jan 2021 11:06:02 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id ECA9C4069F; Thu, 28 Jan 2021 11:06:01 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id AA6B940699 for ; Thu, 28 Jan 2021 11:06:00 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10SA0EcA019968; Thu, 28 Jan 2021 02:05:59 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=9tliS6SFcJ+bZkLA10m8JCVUlVhNTa/37LBs7uJC++A=; b=NXd9eX5VURQnta5HOVlCvzMKYCaq86IEny2e/wsOu5PlkojHDeS4a4V4MQWtAuqTrvFy hLy9YHY5nxCE9N9wT0y4/t4oLDL+65aQ+ONgIz7ET9fK6YcuiQRRkpgS8xsa1geyDxXU bBdB/5aU1+YF0MhJNLgP1iKQcCjAzTIzOkc7qozFUkdQL50HJfMEgWHk5q2Bu6jJNv7B 0e6eBf0GdBY3rFFz0VO4wqnoppWzl4V7clroIMwAcj1WBZYX8Mtan4jB6GKv+3bk0BJI 4LoG/sDK4y0xpi9Q02e/wt/ZCwfVJZJqK/BQGMxJl1FP6gXq9FKXjGlns8onENVTOUqM 3g== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 36b1xpm0xv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 28 Jan 2021 02:05:59 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 28 Jan 2021 02:05:58 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 28 Jan 2021 02:05:57 -0800 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id C05AD3F703F; Thu, 28 Jan 2021 02:05:55 -0800 (PST) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Date: Thu, 28 Jan 2021 16:31:39 +0530 Message-ID: <20210128110140.13793-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210128110140.13793-1-ktejasree@marvell.com> References: <20210128110140.13793-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-28_05:2021-01-27, 2021-01-28 signatures=0 Subject: [dpdk-dev] [PATCH v3 1/2] common/cpt: support DIGEST_ENCRYPTED mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for DIGEST_ENCRYPTED mode. Signed-off-by: Tejasree Kondoj --- doc/guides/rel_notes/release_21_02.rst | 5 +++ drivers/common/cpt/cpt_mcode_defines.h | 7 +++- drivers/common/cpt/cpt_ucode.h | 42 +++++++++++++++---- drivers/crypto/octeontx/otx_cryptodev_ops.c | 11 +++-- drivers/crypto/octeontx2/otx2_cryptodev.c | 3 +- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 +++- 6 files changed, 62 insertions(+), 14 deletions(-) diff --git a/doc/guides/rel_notes/release_21_02.rst b/doc/guides/rel_notes/release_21_02.rst index e4b90a8e72..2864bdb2cc 100644 --- a/doc/guides/rel_notes/release_21_02.rst +++ b/doc/guides/rel_notes/release_21_02.rst @@ -121,6 +121,7 @@ New Features PMD lookaside protocol offload for IPsec. * Added support for aes-cbc sha256-128-hmac cipher combination in OCTEON TX2 crypto PMD lookaside protocol offload for IPsec. + * Added support for DIGEST_ENCRYPTED mode in OCTEON TX2 crypto PMD. * **Added mlx5 compress PMD.** @@ -128,6 +129,10 @@ New Features See the :doc:`../compressdevs/mlx5` for more details. +* **Updated the OCTEON TX crypto PMD.** + + * Added support for DIGEST_ENCRYPTED mode in OCTEON TX crypto PMD. + Removed Items ------------- diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index 56a745f419..624bdcf3cf 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -20,6 +20,9 @@ #define CPT_MAJOR_OP_ZUC_SNOW3G 0x37 #define CPT_MAJOR_OP_KASUMI 0x38 #define CPT_MAJOR_OP_MISC 0x01 +#define CPT_HMAC_FIRST_BIT_POS 0x4 +#define CPT_FC_MINOR_OP_ENCRYPT 0x0 +#define CPT_FC_MINOR_OP_DECRYPT 0x1 /* AE opcodes */ #define CPT_MAJOR_OP_MODEX 0x03 @@ -314,8 +317,10 @@ struct cpt_ctx { uint64_t hmac :1; uint64_t zsk_flags :3; uint64_t k_ecb :1; + uint64_t auth_enc :1; + uint64_t dec_auth :1; uint64_t snow3g :2; - uint64_t rsvd :21; + uint64_t rsvd :19; /* Below fields are accessed by hardware */ union { mc_fc_context_t fctx; diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index 0536620710..ee6d49aae7 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags, /* Encryption */ vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC; - vq_cmd_w0.s.opcode.minor = 0; + vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT; + vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc << + CPT_HMAC_FIRST_BIT_POS); if (hash_type == GMAC_TYPE) { encr_offset = 0; @@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags, outputlen = enc_dlen + mac_len; } + if (cpt_ctx->auth_enc != 0) + outputlen = enc_dlen; + /* GP op header */ vq_cmd_w0.s.param1 = encr_data_len; vq_cmd_w0.s.param2 = auth_data_len; @@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags, /* Decryption */ vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC; - vq_cmd_w0.s.opcode.minor = 1; + vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT; + vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth << + CPT_HMAC_FIRST_BIT_POS); if (hash_type == GMAC_TYPE) { encr_offset = 0; @@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags, outputlen = enc_dlen; } + if (cpt_ctx->dec_auth != 0) + outputlen = inputlen = enc_dlen; + vq_cmd_w0.s.param1 = encr_data_len; vq_cmd_w0.s.param2 = auth_data_len; @@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cpt_sess_misc *sess) { struct rte_crypto_cipher_xform *c_form; + struct cpt_ctx *ctx = SESS_PRIV(sess); cipher_type_t enc_type = 0; /* NULL Cipher type */ uint32_t cipher_key_len = 0; uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0; @@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT; - else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) + else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { sess->cpt_op |= CPT_OP_CIPHER_DECRYPT; - else { + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + /* Perform decryption followed by auth verify */ + ctx->dec_auth = 1; + } + } else { CPT_LOG_DP_ERR("Unknown cipher operation\n"); return -1; } @@ -2667,10 +2683,18 @@ static __rte_always_inline int fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cpt_sess_misc *sess) { + struct cpt_ctx *ctx = SESS_PRIV(sess); struct rte_crypto_auth_xform *a_form; auth_type_t auth_type = 0; /* NULL Auth type */ uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + /* Perform auth followed by encryption */ + ctx->auth_enc = 1; + } + a_form = &xform->auth; if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) @@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop, { uint32_t space = 0; struct rte_crypto_sym_op *sym_op = cop->sym; + struct cpt_ctx *ctx = SESS_PRIV(sess_misc); void *mdata = NULL; uintptr_t *op; uint32_t mc_hash_off; @@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop, m = m_src; /* hmac immediately following data is best case */ - if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) + + if (!ctx->dec_auth && !ctx->auth_enc && + (unlikely(rte_pktmbuf_mtod(m, uint8_t *) + mc_hash_off != - (uint8_t *)sym_op->auth.digest.data)) { + (uint8_t *)sym_op->auth.digest.data))) { flags |= VALID_MAC_BUF; fc_params.mac_buf.size = sess_misc->mac_len; @@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop, fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc); fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr; - if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE)) + if (!ctx->dec_auth && + unlikely(sess_misc->is_null || + sess_misc->cpt_op == CPT_OP_DECODE)) inplace = 0; if (likely(!m_dst && inplace)) { diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index 0cf760b296..f536ba6058 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform) if (xform->next) { if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC || + xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC || + xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && @@ -1004,7 +1008,8 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev) RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; break; default: /* Feature not supported. Abort */ diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index e0a559b663..7f45e57cce 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -123,7 +123,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | - RTE_CRYPTODEV_FF_SECURITY; + RTE_CRYPTODEV_FF_SECURITY | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; if (rte_eal_process_type() == RTE_PROC_SECONDARY) otx2_cpt_set_enqdeq_fns(dev); diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index cec20b5c6d..fc4d5bac49 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -322,12 +322,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform) if (xform->next) { if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC || + xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC || + xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && -- 2.27.0