From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 95D95A0A02; Wed, 24 Mar 2021 16:49:06 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 75705140F24; Wed, 24 Mar 2021 16:49:06 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 12BD3140DE1 for ; Wed, 24 Mar 2021 16:49:04 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12OFZZek032360; Wed, 24 Mar 2021 08:49:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=+4QYiJS4w82Qbsw9w2ySC0giIGPeE8D6WUu2JgHXgEk=; b=Osj8j3KLtZivKMSx4qPXOC3sKfHvJAmEiPY2YRaesaJHdlvW+nirF7XXTj7NX3wUG5Zo 0pL3f1y5ExDeRWz0hJXSVHdvh65EgNsOkpuYHyQVwG88delEynKeWhS0fqGE5KSLHDmc fcjA8rXJZZhiotHMrDzpq+hO+H3z46tRTnzPowPG0tHoplUxh8GJPKj9yWnj+4E21A/d f+s2P1kLKC09DlHNSYjB3R8TbjPeotkAPUia7Dqd6keJ+03gF+aMnoMRMWaexftrIGz2 bZpYCNy8WNyFqJuRDW6gwTBBtpwW7/qyY95ri+nYVqtYxbOti0JMF1sgvbRK8e6tlihS Eg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 37ft17jmwa-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 24 Mar 2021 08:49:04 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 24 Mar 2021 08:49:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 24 Mar 2021 08:49:02 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 2CFF93F703F; Wed, 24 Mar 2021 08:48:56 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau , Fiona Trahe , Fan Zhang , Arek Kusztal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Jerin Jacob , Date: Wed, 24 Mar 2021 22:15:07 +0530 Message-ID: <20210324164508.2847-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210324164508.2847-1-ktejasree@marvell.com> References: <20210324164508.2847-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-24_13:2021-03-24, 2021-03-24 signatures=0 Subject: [dpdk-dev] [PATCH v2 1/2] common/cpt: support DIGEST_ENCRYPTED mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for DIGEST_ENCRYPTED mode. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/features/octeontx.ini | 1 + doc/guides/cryptodevs/features/octeontx2.ini | 1 + doc/guides/rel_notes/release_21_05.rst | 8 ++++ drivers/common/cpt/cpt_mcode_defines.h | 7 +++- drivers/common/cpt/cpt_ucode.h | 42 +++++++++++++++---- drivers/crypto/octeontx/otx_cryptodev_ops.c | 11 +++-- drivers/crypto/octeontx2/otx2_cryptodev.c | 3 +- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 +++- 8 files changed, 67 insertions(+), 14 deletions(-) diff --git a/doc/guides/cryptodevs/features/octeontx.ini b/doc/guides/cryptodevs/features/octeontx.ini index 10d94e3f7b..d9776a5788 100644 --- a/doc/guides/cryptodevs/features/octeontx.ini +++ b/doc/guides/cryptodevs/features/octeontx.ini @@ -13,6 +13,7 @@ OOP SGL In LB Out = Y OOP SGL In SGL Out = Y OOP LB In LB Out = Y RSA PRIV OP KEY QT = Y +Digest encrypted = Y Symmetric sessionless = Y ; diff --git a/doc/guides/cryptodevs/features/octeontx2.ini b/doc/guides/cryptodevs/features/octeontx2.ini index b0d50ce984..66c5fefde6 100644 --- a/doc/guides/cryptodevs/features/octeontx2.ini +++ b/doc/guides/cryptodevs/features/octeontx2.ini @@ -14,6 +14,7 @@ OOP SGL In LB Out = Y OOP SGL In SGL Out = Y OOP LB In LB Out = Y RSA PRIV OP KEY QT = Y +Digest encrypted = Y Symmetric sessionless = Y ; diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst index 8e686cc627..d1cb01e4ed 100644 --- a/doc/guides/rel_notes/release_21_05.rst +++ b/doc/guides/rel_notes/release_21_05.rst @@ -94,6 +94,14 @@ New Features * Added support for preferred busy polling. +* **Updated the OCTEON TX crypto PMD.** + + * Added support for DIGEST_ENCRYPTED mode in OCTEON TX crypto PMD. + +* **Updated the OCTEON TX2 crypto PMD.** + + * Added support for DIGEST_ENCRYPTED mode in OCTEON TX2 crypto PMD. + * **Updated testpmd.** * Added a command line option to configure forced speed for Ethernet port. diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index 56a745f419..624bdcf3cf 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -20,6 +20,9 @@ #define CPT_MAJOR_OP_ZUC_SNOW3G 0x37 #define CPT_MAJOR_OP_KASUMI 0x38 #define CPT_MAJOR_OP_MISC 0x01 +#define CPT_HMAC_FIRST_BIT_POS 0x4 +#define CPT_FC_MINOR_OP_ENCRYPT 0x0 +#define CPT_FC_MINOR_OP_DECRYPT 0x1 /* AE opcodes */ #define CPT_MAJOR_OP_MODEX 0x03 @@ -314,8 +317,10 @@ struct cpt_ctx { uint64_t hmac :1; uint64_t zsk_flags :3; uint64_t k_ecb :1; + uint64_t auth_enc :1; + uint64_t dec_auth :1; uint64_t snow3g :2; - uint64_t rsvd :21; + uint64_t rsvd :19; /* Below fields are accessed by hardware */ union { mc_fc_context_t fctx; diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index 0536620710..ee6d49aae7 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags, /* Encryption */ vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC; - vq_cmd_w0.s.opcode.minor = 0; + vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT; + vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc << + CPT_HMAC_FIRST_BIT_POS); if (hash_type == GMAC_TYPE) { encr_offset = 0; @@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags, outputlen = enc_dlen + mac_len; } + if (cpt_ctx->auth_enc != 0) + outputlen = enc_dlen; + /* GP op header */ vq_cmd_w0.s.param1 = encr_data_len; vq_cmd_w0.s.param2 = auth_data_len; @@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags, /* Decryption */ vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC; - vq_cmd_w0.s.opcode.minor = 1; + vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT; + vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth << + CPT_HMAC_FIRST_BIT_POS); if (hash_type == GMAC_TYPE) { encr_offset = 0; @@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags, outputlen = enc_dlen; } + if (cpt_ctx->dec_auth != 0) + outputlen = inputlen = enc_dlen; + vq_cmd_w0.s.param1 = encr_data_len; vq_cmd_w0.s.param2 = auth_data_len; @@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cpt_sess_misc *sess) { struct rte_crypto_cipher_xform *c_form; + struct cpt_ctx *ctx = SESS_PRIV(sess); cipher_type_t enc_type = 0; /* NULL Cipher type */ uint32_t cipher_key_len = 0; uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0; @@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT; - else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) + else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { sess->cpt_op |= CPT_OP_CIPHER_DECRYPT; - else { + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + /* Perform decryption followed by auth verify */ + ctx->dec_auth = 1; + } + } else { CPT_LOG_DP_ERR("Unknown cipher operation\n"); return -1; } @@ -2667,10 +2683,18 @@ static __rte_always_inline int fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cpt_sess_misc *sess) { + struct cpt_ctx *ctx = SESS_PRIV(sess); struct rte_crypto_auth_xform *a_form; auth_type_t auth_type = 0; /* NULL Auth type */ uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + /* Perform auth followed by encryption */ + ctx->auth_enc = 1; + } + a_form = &xform->auth; if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) @@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop, { uint32_t space = 0; struct rte_crypto_sym_op *sym_op = cop->sym; + struct cpt_ctx *ctx = SESS_PRIV(sess_misc); void *mdata = NULL; uintptr_t *op; uint32_t mc_hash_off; @@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop, m = m_src; /* hmac immediately following data is best case */ - if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) + + if (!ctx->dec_auth && !ctx->auth_enc && + (unlikely(rte_pktmbuf_mtod(m, uint8_t *) + mc_hash_off != - (uint8_t *)sym_op->auth.digest.data)) { + (uint8_t *)sym_op->auth.digest.data))) { flags |= VALID_MAC_BUF; fc_params.mac_buf.size = sess_misc->mac_len; @@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop, fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc); fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr; - if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE)) + if (!ctx->dec_auth && + unlikely(sess_misc->is_null || + sess_misc->cpt_op == CPT_OP_DECODE)) inplace = 0; if (likely(!m_dst && inplace)) { diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index b74eb2694b..d75f4b5f81 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform) if (xform->next) { if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC || + xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC || + xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && @@ -1004,7 +1008,8 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev) RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; break; default: /* Feature not supported. Abort */ diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index e0a559b663..7f45e57cce 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -123,7 +123,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | - RTE_CRYPTODEV_FF_SECURITY; + RTE_CRYPTODEV_FF_SECURITY | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; if (rte_eal_process_type() == RTE_PROC_SECONDARY) otx2_cpt_set_enqdeq_fns(dev); diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index cec20b5c6d..fc4d5bac49 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -322,12 +322,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform) if (xform->next) { if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC || + xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC || + xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC)) return -ENOTSUP; if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && -- 2.27.0