From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
Radu Nicolau <radu.nicolau@intel.com>,
Fiona Trahe <fiona.trahe@intel.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
Arek Kusztal <arkadiuszx.kusztal@intel.com>
Cc: Tejasree Kondoj <ktejasree@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v2 1/2] common/cpt: support DIGEST_ENCRYPTED mode
Date: Wed, 24 Mar 2021 22:15:07 +0530 [thread overview]
Message-ID: <20210324164508.2847-2-ktejasree@marvell.com> (raw)
In-Reply-To: <20210324164508.2847-1-ktejasree@marvell.com>
Adding support for DIGEST_ENCRYPTED mode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/cryptodevs/features/octeontx.ini | 1 +
doc/guides/cryptodevs/features/octeontx2.ini | 1 +
doc/guides/rel_notes/release_21_05.rst | 8 ++++
drivers/common/cpt/cpt_mcode_defines.h | 7 +++-
drivers/common/cpt/cpt_ucode.h | 42 +++++++++++++++----
drivers/crypto/octeontx/otx_cryptodev_ops.c | 11 +++--
drivers/crypto/octeontx2/otx2_cryptodev.c | 3 +-
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 +++-
8 files changed, 67 insertions(+), 14 deletions(-)
diff --git a/doc/guides/cryptodevs/features/octeontx.ini b/doc/guides/cryptodevs/features/octeontx.ini
index 10d94e3f7b..d9776a5788 100644
--- a/doc/guides/cryptodevs/features/octeontx.ini
+++ b/doc/guides/cryptodevs/features/octeontx.ini
@@ -13,6 +13,7 @@ OOP SGL In LB Out = Y
OOP SGL In SGL Out = Y
OOP LB In LB Out = Y
RSA PRIV OP KEY QT = Y
+Digest encrypted = Y
Symmetric sessionless = Y
;
diff --git a/doc/guides/cryptodevs/features/octeontx2.ini b/doc/guides/cryptodevs/features/octeontx2.ini
index b0d50ce984..66c5fefde6 100644
--- a/doc/guides/cryptodevs/features/octeontx2.ini
+++ b/doc/guides/cryptodevs/features/octeontx2.ini
@@ -14,6 +14,7 @@ OOP SGL In LB Out = Y
OOP SGL In SGL Out = Y
OOP LB In LB Out = Y
RSA PRIV OP KEY QT = Y
+Digest encrypted = Y
Symmetric sessionless = Y
;
diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst
index 8e686cc627..d1cb01e4ed 100644
--- a/doc/guides/rel_notes/release_21_05.rst
+++ b/doc/guides/rel_notes/release_21_05.rst
@@ -94,6 +94,14 @@ New Features
* Added support for preferred busy polling.
+* **Updated the OCTEON TX crypto PMD.**
+
+ * Added support for DIGEST_ENCRYPTED mode in OCTEON TX crypto PMD.
+
+* **Updated the OCTEON TX2 crypto PMD.**
+
+ * Added support for DIGEST_ENCRYPTED mode in OCTEON TX2 crypto PMD.
+
* **Updated testpmd.**
* Added a command line option to configure forced speed for Ethernet port.
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index 56a745f419..624bdcf3cf 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -20,6 +20,9 @@
#define CPT_MAJOR_OP_ZUC_SNOW3G 0x37
#define CPT_MAJOR_OP_KASUMI 0x38
#define CPT_MAJOR_OP_MISC 0x01
+#define CPT_HMAC_FIRST_BIT_POS 0x4
+#define CPT_FC_MINOR_OP_ENCRYPT 0x0
+#define CPT_FC_MINOR_OP_DECRYPT 0x1
/* AE opcodes */
#define CPT_MAJOR_OP_MODEX 0x03
@@ -314,8 +317,10 @@ struct cpt_ctx {
uint64_t hmac :1;
uint64_t zsk_flags :3;
uint64_t k_ecb :1;
+ uint64_t auth_enc :1;
+ uint64_t dec_auth :1;
uint64_t snow3g :2;
- uint64_t rsvd :21;
+ uint64_t rsvd :19;
/* Below fields are accessed by hardware */
union {
mc_fc_context_t fctx;
diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 0536620710..ee6d49aae7 100644
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags,
/* Encryption */
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
- vq_cmd_w0.s.opcode.minor = 0;
+ vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT;
+ vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc <<
+ CPT_HMAC_FIRST_BIT_POS);
if (hash_type == GMAC_TYPE) {
encr_offset = 0;
@@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags,
outputlen = enc_dlen + mac_len;
}
+ if (cpt_ctx->auth_enc != 0)
+ outputlen = enc_dlen;
+
/* GP op header */
vq_cmd_w0.s.param1 = encr_data_len;
vq_cmd_w0.s.param2 = auth_data_len;
@@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags,
/* Decryption */
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
- vq_cmd_w0.s.opcode.minor = 1;
+ vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT;
+ vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth <<
+ CPT_HMAC_FIRST_BIT_POS);
if (hash_type == GMAC_TYPE) {
encr_offset = 0;
@@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags,
outputlen = enc_dlen;
}
+ if (cpt_ctx->dec_auth != 0)
+ outputlen = inputlen = enc_dlen;
+
vq_cmd_w0.s.param1 = encr_data_len;
vq_cmd_w0.s.param2 = auth_data_len;
@@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
struct cpt_sess_misc *sess)
{
struct rte_crypto_cipher_xform *c_form;
+ struct cpt_ctx *ctx = SESS_PRIV(sess);
cipher_type_t enc_type = 0; /* NULL Cipher type */
uint32_t cipher_key_len = 0;
uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
@@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT;
- else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT)
+ else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
sess->cpt_op |= CPT_OP_CIPHER_DECRYPT;
- else {
+ if (xform->next != NULL &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ /* Perform decryption followed by auth verify */
+ ctx->dec_auth = 1;
+ }
+ } else {
CPT_LOG_DP_ERR("Unknown cipher operation\n");
return -1;
}
@@ -2667,10 +2683,18 @@ static __rte_always_inline int
fill_sess_auth(struct rte_crypto_sym_xform *xform,
struct cpt_sess_misc *sess)
{
+ struct cpt_ctx *ctx = SESS_PRIV(sess);
struct rte_crypto_auth_xform *a_form;
auth_type_t auth_type = 0; /* NULL Auth type */
uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
+ if (xform->next != NULL &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ /* Perform auth followed by encryption */
+ ctx->auth_enc = 1;
+ }
+
a_form = &xform->auth;
if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
@@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop,
{
uint32_t space = 0;
struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct cpt_ctx *ctx = SESS_PRIV(sess_misc);
void *mdata = NULL;
uintptr_t *op;
uint32_t mc_hash_off;
@@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop,
m = m_src;
/* hmac immediately following data is best case */
- if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
+ if (!ctx->dec_auth && !ctx->auth_enc &&
+ (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
mc_hash_off !=
- (uint8_t *)sym_op->auth.digest.data)) {
+ (uint8_t *)sym_op->auth.digest.data))) {
flags |= VALID_MAC_BUF;
fc_params.mac_buf.size =
sess_misc->mac_len;
@@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop,
fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc);
fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr;
- if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE))
+ if (!ctx->dec_auth &&
+ unlikely(sess_misc->is_null ||
+ sess_misc->cpt_op == CPT_OP_DECODE))
inplace = 0;
if (likely(!m_dst && inplace)) {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index b74eb2694b..d75f4b5f81 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
if (xform->next) {
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+ (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||
+ xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||
+ xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
@@ -1004,7 +1008,8 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev)
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
- RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
+ RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
+ RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
break;
default:
/* Feature not supported. Abort */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index e0a559b663..7f45e57cce 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -123,7 +123,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
- RTE_CRYPTODEV_FF_SECURITY;
+ RTE_CRYPTODEV_FF_SECURITY |
+ RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
if (rte_eal_process_type() == RTE_PROC_SECONDARY)
otx2_cpt_set_enqdeq_fns(dev);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index cec20b5c6d..fc4d5bac49 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -322,12 +322,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
if (xform->next) {
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+ (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||
+ xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||
+ xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
--
2.27.0
next prev parent reply other threads:[~2021-03-24 15:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 16:45 [dpdk-dev] [PATCH v2 0/2] support block cipher " Tejasree Kondoj
2021-03-24 16:45 ` Tejasree Kondoj [this message]
2021-03-31 19:44 ` [dpdk-dev] [PATCH v2 1/2] common/cpt: support " Akhil Goyal
2021-03-24 16:45 ` [dpdk-dev] [PATCH v2 2/2] test/crypto: support block cipher " Tejasree Kondoj
2021-03-31 19:46 ` Akhil Goyal
2021-04-05 18:26 ` [dpdk-dev] [PATCH v2 0/2] " Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210324164508.2847-2-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=radu.nicolau@intel.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).