[PATCH 15/17] crypto/cnxk: set salt in dptr as part of IV

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Vidya Sagar Velumuri <vvelumuri@marvell.com>,
	Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>,
	Volodymyr Fialko <vfialko@marvell.com>,
	"Aakash Sasidharan" <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 15/17] crypto/cnxk: set salt in dptr as part of IV
Date: Tue, 20 Dec 2022 20:02:30 +0530	[thread overview]
Message-ID: <20221220143232.2519650-16-ktejasree@marvell.com> (raw)
In-Reply-To: <20221220143232.2519650-1-ktejasree@marvell.com>

Set salt as part of 16B IV in dptr to avoid race
condition.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/common/cnxk/roc_se.c  |  7 +++-
 drivers/crypto/cnxk/cnxk_se.h | 76 +++++++++++++++++++----------------
 2 files changed, 47 insertions(+), 36 deletions(-)

diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 8c19c5fccc..f335c2367f 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -462,8 +462,10 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
 		return -1;
 
 	/* For GMAC auth, cipher must be NULL */
-	if (type == ROC_SE_GMAC_TYPE)
+	if (type == ROC_SE_GMAC_TYPE) {
 		fctx->enc.enc_cipher = 0;
+		se_ctx->template_w4.s.opcode_minor = BIT(5);
+	}
 
 	fctx->enc.hash_type = type;
 	se_ctx->hash_type = type;
@@ -530,6 +532,9 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
 			return 0;
 	}
 
+	if (type == ROC_SE_AES_GCM)
+		se_ctx->template_w4.s.opcode_minor = BIT(5);
+
 	ret = cpt_ciph_type_set(type, se_ctx, key_len);
 	if (unlikely(ret))
 		return -1;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 774efd5879..1827b0d7b3 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -43,7 +43,8 @@ struct cnxk_se_sess {
 	uint16_t dp_thr_type : 8;
 	uint16_t aad_length;
 	uint8_t is_sha3 : 1;
-	uint8_t rsvd : 7;
+	uint8_t short_iv : 1;
+	uint8_t rsvd : 6;
 	uint8_t mac_len;
 	uint8_t iv_length;
 	uint8_t auth_iv_length;
@@ -201,13 +202,6 @@ cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
 	return ret;
 }
 
-static __rte_always_inline void
-cpt_fc_salt_update(struct roc_se_ctx *se_ctx, uint8_t *salt)
-{
-	struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
-	memcpy(fctx->enc.encr_iv, salt, 4);
-}
-
 static __rte_always_inline int
 sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t offset_ctrl,
 	     uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type, int32_t inputlen,
@@ -1703,8 +1697,17 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->iv_length = aead_form->iv.length;
 	sess->aad_length = aead_form->aad_length;
 
-	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
-					 aead_form->key.data,
+	switch (sess->iv_length) {
+	case 12:
+		sess->short_iv = 1;
+	case 16:
+		break;
+	default:
+		plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+		return -1;
+	}
+
+	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, aead_form->key.data,
 					 aead_form->key.length, NULL)))
 		return -1;
 
@@ -1712,6 +1715,8 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 					 aead_form->digest_length)))
 		return -1;
 
+	if (enc_type == ROC_SE_CHACHA20)
+		sess->roc_se_ctx.template_w4.s.opcode_minor |= BIT(5);
 	return 0;
 }
 
@@ -1849,9 +1854,19 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->iv_length = c_form->iv.length;
 	sess->is_null = is_null;
 
-	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
-					 c_form->key.data, c_form->key.length,
-					 NULL)))
+	if (aes_ctr)
+		switch (sess->iv_length) {
+		case 12:
+			sess->short_iv = 1;
+		case 16:
+			break;
+		default:
+			plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+			return -1;
+		}
+
+	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, c_form->key.data,
+					 c_form->key.length, NULL)))
 		return -1;
 
 	if ((enc_type >= ROC_SE_ZUC_EEA3) && (enc_type <= ROC_SE_AES_CTR_EEA2))
@@ -2046,9 +2061,18 @@ fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->iv_length = a_form->iv.length;
 	sess->mac_len = a_form->digest_length;
 
-	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
-					 a_form->key.data, a_form->key.length,
-					 NULL)))
+	switch (sess->iv_length) {
+	case 12:
+		sess->short_iv = 1;
+	case 16:
+		break;
+	default:
+		plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+		return -1;
+	}
+
+	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, a_form->key.data,
+					 a_form->key.length, NULL)))
 		return -1;
 
 	if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
@@ -2192,7 +2216,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	if (likely(is_kasumi || sess->iv_length)) {
 		flags |= ROC_SE_VALID_IV_BUF;
 		fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset);
-		if (!is_aead && sess->aes_ctr && unlikely(sess->iv_length != 16)) {
+		if (sess->short_iv) {
 			memcpy((uint8_t *)iv_buf,
 			       rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 12);
 			iv_buf[3] = rte_cpu_to_be_32(0x1);
@@ -2209,7 +2233,6 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 
 	if (is_aead) {
 		struct rte_mbuf *m;
-		uint8_t *salt;
 		uint8_t *aad_data;
 		uint16_t aad_len;
 
@@ -2234,13 +2257,6 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 			d_lens = d_lens << 32;
 		}
 
-		salt = fc_params.iv_buf;
-		if (unlikely(*(uint32_t *)salt != sess->salt)) {
-			cpt_fc_salt_update(&sess->roc_se_ctx, salt);
-			sess->salt = *(uint32_t *)salt;
-		}
-
-		fc_params.iv_buf = PLT_PTR_ADD(salt, 4);
 		m = cpt_m_dst_get(cpt_op, m_src, m_dst);
 
 		/* Digest immediately following data is best case */
@@ -2266,16 +2282,6 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 		d_lens = ci_data_length;
 		d_lens = (d_lens << 32) | a_data_length;
 
-		/* for gmac, salt should be updated like in gcm */
-		if (unlikely(sess->is_gmac)) {
-			uint8_t *salt;
-			salt = fc_params.iv_buf;
-			if (unlikely(*(uint32_t *)salt != sess->salt)) {
-				cpt_fc_salt_update(&sess->roc_se_ctx, salt);
-				sess->salt = *(uint32_t *)salt;
-			}
-			fc_params.iv_buf = salt + 4;
-		}
 		if (likely(sess->mac_len)) {
 			struct rte_mbuf *m = cpt_m_dst_get(cpt_op, m_src, m_dst);
 
-- 
2.25.1

next prev parent reply	other threads:[~2022-12-20 14:34 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-20 14:32 [PATCH 00/17] fixes and improvements to cnxk crytpo PMD Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 01/17] common/cnxk: perform LF fini ops only when allocated Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 02/17] common/cnxk: generate opad and ipad in driver Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 03/17] crypto/cnxk: update resp len calculation for IPv6 Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 04/17] crypto/cnxk: add context to passthrough instruction Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 05/17] crypto/cnxk: support truncated digest length Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 06/17] crypto/cnxk: add queue pair check to meta set Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 07/17] crypto/cnxk: update crypto completion code handling Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 08/17] crypto/cnxk: fix incorrect digest for an empty input data Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 09/17] crypto/cnxk: add CN9K IPsec SG support Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 10/17] crypto/cnxk: add support for SHA3 hash Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 11/17] common/cnxk: skip hmac hash precomputation Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 12/17] crypto/octeontx: support truncated digest size Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 13/17] crypto/cnxk: set device ops to null in PCI remove Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 14/17] crypto/cnxk: add CTX for non IPsec operations Tejasree Kondoj
2022-12-20 14:32 ` Tejasree Kondoj [this message]
2022-12-20 14:32 ` [PATCH 16/17] crypto/cnxk: remove null check of session priv Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 17/17] common/cnxk: remove salt from session Tejasree Kondoj
2023-01-04 10:11 ` [PATCH 00/17] fixes and improvements to cnxk crytpo PMD Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221220143232.2519650-16-ktejasree@marvell.com \
    --to=ktejasree@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=asasidharan@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=gmuthukrishn@marvell.com \
    --cc=vfialko@marvell.com \
    --cc=vvelumuri@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).