From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6CBCDA054F; Mon, 15 Mar 2021 10:33:49 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 50F1F2425F8; Mon, 15 Mar 2021 10:33:49 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E76152425EF for ; Mon, 15 Mar 2021 10:33:46 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12F9Pms3001491; Mon, 15 Mar 2021 02:33:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=SWqWu3q/CZTKOiAL1K2t/FrKBUeoB/tNP5YUOTTCOcM=; b=SqLds35d9HMcCj26d+6HgRDVQTYtXk2sYC8eAqm61k8gpLBJ9wjTxLEpQiL9Yk3PhIVq WNB0iMOkMbdZvXaB8jtLjfWkaSQzvF3x3sgeMZu1K6f2APaN9P2aKgxeLoz5ShH0f0ae f0kSxHsAZEOz+NaxQ1ZTDGLDmiyF9KKJGQiVTzAHNaXzySCAkbE1dqX0LCawXluxVuSz 3n0KZzEhGZOPE//RvMkC0QwfM0aT+mDMYrDDfmcgJ1Nlc50N06u/wPLhTt7tnFc50nt+ 3FU8FbkdVcXzN0xuB2+ay6C09QqMsC1sso9pxalrL0kV8Dvz13+TNGAJ60riM2DTbw1Y aw== Received: from dc6wp-exch01.marvell.com ([4.21.29.232]) by mx0b-0016f401.pphosted.com with ESMTP id 378wsqkuca-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 15 Mar 2021 02:33:46 -0700 Received: from DC6WP-EXCH01.marvell.com (10.76.176.21) by DC6WP-EXCH01.marvell.com (10.76.176.21) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 15 Mar 2021 05:33:39 -0400 Received: from maili.marvell.com (10.76.176.51) by DC6WP-EXCH01.marvell.com (10.76.176.21) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 15 Mar 2021 05:33:39 -0400 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id DB9C13F7040; Mon, 15 Mar 2021 02:33:35 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau , Fiona Trahe , Fan Zhang , Arek Kusztal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Jerin Jacob , Date: Mon, 15 Mar 2021 15:59:49 +0530 Message-ID: <20210315102950.30781-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210315102950.30781-1-ktejasree@marvell.com> References: <20210315102950.30781-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-15_03:2021-03-15, 2021-03-15 signatures=0 Subject: [dpdk-dev] [PATCH 1/2] common/cpt: support DIGEST_ENCRYPTED mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for DIGEST_ENCRYPTED mode. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/features/octeontx.ini | 1 + doc/guides/cryptodevs/features/octeontx2.ini | 1 + doc/guides/rel_notes/release_21_05.rst | 8 ++++ drivers/common/cpt/cpt_mcode_defines.h | 7 +++- drivers/common/cpt/cpt_ucode.h | 42 +++++++++++++++---- drivers/crypto/octeontx/otx_cryptodev_ops.c | 11 +++-- drivers/crypto/octeontx2/otx2_cryptodev.c | 3 +- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 +++- 8 files changed, 67 insertions(+), 14 deletions(-) diff --git a/doc/guides/cryptodevs/features/octeontx.ini b/doc/guides/cryptodevs/features/octeontx.ini index 10d94e3f7b..d9776a5788 100644 --- a/doc/guides/cryptodevs/features/octeontx.ini +++ b/doc/guides/cryptodevs/features/octeontx.ini @@ -13,6 +13,7 @@ OOP SGL In LB Out = Y OOP SGL In SGL Out = Y OOP LB In LB Out = Y RSA PRIV OP KEY QT = Y +Digest encrypted = Y Symmetric sessionless = Y ; diff --git a/doc/guides/cryptodevs/features/octeontx2.ini b/doc/guides/cryptodevs/features/octeontx2.ini index b0d50ce984..66c5fefde6 100644 --- a/doc/guides/cryptodevs/features/octeontx2.ini +++ b/doc/guides/cryptodevs/features/octeontx2.ini @@ -14,6 +14,7 @@ OOP SGL In LB Out = Y OOP SGL In SGL Out = Y OOP LB In LB Out = Y RSA PRIV OP KEY QT = Y +Digest encrypted = Y Symmetric sessionless = Y ; diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst index 23f7f0bff9..d7c65091a9 100644 --- a/doc/guides/rel_notes/release_21_05.rst +++ b/doc/guides/rel_notes/release_21_05.rst @@ -65,6 +65,14 @@ New Features * Added support for txgbevf PMD. +* **Updated the OCTEON TX crypto PMD.** + + * Added support for DIGEST_ENCRYPTED mode in OCTEON TX crypto PMD. + +* **Updated the OCTEON TX2 crypto PMD.** + + * Added support for DIGEST_ENCRYPTED mode in OCTEON TX2 crypto PMD. + * **Updated testpmd.** * Added command to display Rx queue used descriptor count. diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index 56a745f419..624bdcf3cf 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -20,6 +20,9 @@ #define CPT_MAJOR_OP_ZUC_SNOW3G 0x37 #define CPT_MAJOR_OP_KASUMI 0x38 #define CPT_MAJOR_OP_MISC 0x01 +#define CPT_HMAC_FIRST_BIT_POS 0x4 +#define CPT_FC_MINOR_OP_ENCRYPT 0x0 +#define CPT_FC_MINOR_OP_DECRYPT 0x1 /* AE opcodes */ #define CPT_MAJOR_OP_MODEX 0x03 @@ -314,8 +317,10 @@ struct cpt_ctx { uint64_t hmac :1; uint64_t zsk_flags :3; uint64_t k_ecb :1; + uint64_t auth_enc :1; + uint64_t dec_auth :1; uint64_t snow3g :2; - uint64_t rsvd :21; + uint64_t rsvd :19; /* Below fields are accessed by hardware */ union { mc_fc_context_t fctx; diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index 0536620710..ee6d49aae7 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags, /* Encryption */ vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC; - vq_cmd_w0.s.opcode.minor = 0; + vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT; + vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc << + CPT_HMAC_FIRST_BIT_POS); if (hash_type == GMAC_TYPE) { encr_offset = 0; @@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags, outputlen = enc_dlen + mac_len; } + if (cpt_ctx->auth_enc != 0) + outputlen = enc_dlen; + /* GP op header */ vq_cmd_w0.s.param1 = encr_data_len; vq_cmd_w0.s.param2 = auth_data_len; @@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags, /* Decryption */ vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC; - vq_cmd_w0.s.opcode.minor = 1; + vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT; + vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth << + CPT_HMAC_FIRST_BIT_POS); if (hash_type == GMAC_TYPE) { encr_offset = 0; @@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags, outputlen = enc_dlen; } + if (cpt_ctx->dec_auth != 0) + outputlen = inputlen = enc_dlen; + vq_cmd_w0.s.param1 = encr_data_len; vq_cmd_w0.s.param2 = auth_data_len; @@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cpt_sess_misc *sess) { struct rte_crypto_cipher_xform *c_form; + struct cpt_ctx *ctx = SESS_PRIV(sess); cipher_type_t enc_type = 0; /* NULL Cipher type */ uint32_t cipher_key_len = 0; uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0; @@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT; - else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) + else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { sess->cpt_op |= CPT_OP_CIPHER_DECRYPT; - else { + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + /* Perform decryption followed by auth verify */ + ctx->dec_auth = 1; + } + } else { CPT_LOG_DP_ERR("Unknown cipher operation\n"); return -1; } @@ -2667,10 +2683,18 @@ static __rte_always_inline int fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cpt_sess_misc *sess) { + struct cpt_ctx *ctx = SESS_PRIV(sess); struct rte_crypto_auth_xform *a_form; auth_type_t auth_type = 0; /* NULL Auth type */ uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + /* Perform auth followed by encryption */ + ctx->auth_enc = 1; + } + a_form = &xform->auth; if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) @@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop, { uint32_t space = 0; struct rte_crypto_sym_op *sym_op = cop->sym; + struct cpt_ctx *ctx = SESS_PRIV(sess_misc); void *mdata = NULL; uintptr_t *op; uint32_t mc_hash_off; @@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop, m = m_src; /* hmac immediately following data is best case */ - if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) + + if (!ctx->dec_auth && !ctx->auth_enc && + (unlikely(rte_pktmbuf_mtod(m, uint8_t *) + mc_hash_off != - (uint8_t *)sym_op->auth.digest.data)) { + (uint8_t *)sym_op->auth.digest.data))) { flags |= VALID_MAC_BUF; fc_params.mac_buf.size = sess_misc->mac_len; @@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop, fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc); fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr; - if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE)) + if (!ctx->dec_auth && + unlikely(sess_misc->is_null || + sess_misc->cpt_op == CPT_OP_DECODE)) inplace = 0; if (likely(!m_dst && inplace)) { diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index 0cf760b296..f536ba6058 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform) if (xform->next) { if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC || + xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC || + xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && @@ -1004,7 +1008,8 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev) RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; break; default: /* Feature not supported. Abort */ diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index e0a559b663..7f45e57cce 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -123,7 +123,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | - RTE_CRYPTODEV_FF_SECURITY; + RTE_CRYPTODEV_FF_SECURITY | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; if (rte_eal_process_type() == RTE_PROC_SECONDARY) otx2_cpt_set_enqdeq_fns(dev); diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index cec20b5c6d..fc4d5bac49 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -322,12 +322,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform) if (xform->next) { if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC || + xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC || + xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && -- 2.27.0