From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Aakash Sasidharan <asasidharan@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>,
Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>,
Volodymyr Fialko <vfialko@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 02/17] common/cnxk: generate opad and ipad in driver
Date: Tue, 20 Dec 2022 20:02:17 +0530 [thread overview]
Message-ID: <20221220143232.2519650-3-ktejasree@marvell.com> (raw)
In-Reply-To: <20221220143232.2519650-1-ktejasree@marvell.com>
From: Aakash Sasidharan <asasidharan@marvell.com>
Generate opad and ipad in driver for SHA based crypto algos
Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
drivers/common/cnxk/cnxk_security.c | 4 +--
drivers/common/cnxk/roc_hash.c | 12 ++++---
drivers/common/cnxk/roc_hash.h | 2 +-
drivers/common/cnxk/roc_se.c | 52 +++++++++++++++++++++++++++--
4 files changed, 60 insertions(+), 10 deletions(-)
diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 85105472a1..5034c76938 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -37,8 +37,8 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,
roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
- roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
- roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]);
+ roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
+ roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64], 256);
break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
roc_hash_sha512_gen(opad, (uint64_t *)&hmac_opad_ipad[0], 384);
diff --git a/drivers/common/cnxk/roc_hash.c b/drivers/common/cnxk/roc_hash.c
index 1b9030e693..8c451440b1 100644
--- a/drivers/common/cnxk/roc_hash.c
+++ b/drivers/common/cnxk/roc_hash.c
@@ -232,7 +232,7 @@ roc_hash_sha1_gen(uint8_t *msg, uint32_t *hash)
* Based on implementation from RFC 3174
*/
void
-roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash)
+roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash, int hash_size)
{
const uint32_t _K[] = {
/* Round Constants defined in SHA-256 */
@@ -250,13 +250,17 @@ roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash)
0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
- const uint32_t _H[] = {/* Initial Hash constants defined in SHA-256 */
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
- 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
+ const uint32_t _H224[] = {/* Initial Hash constants defined in SHA-224 */
+ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
+ 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4};
+ const uint32_t _H256[] = {/* Initial Hash constants defined in SHA-256 */
+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+ 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
int i;
uint32_t temp[4], S0, S1; /* Temporary word value */
uint32_t W[64]; /* Word sequence */
uint32_t A, B, C, D, E, F, G, H; /* Word buffers */
+ const uint32_t *_H = (hash_size == 224) ? _H224 : _H256;
/* Initialize the first 16 words in the array W */
memcpy(&W[0], msg, 16 * sizeof(W[0]));
diff --git a/drivers/common/cnxk/roc_hash.h b/drivers/common/cnxk/roc_hash.h
index 8940faa6eb..c3ddb9407b 100644
--- a/drivers/common/cnxk/roc_hash.h
+++ b/drivers/common/cnxk/roc_hash.h
@@ -11,7 +11,7 @@
*/
void __roc_api roc_hash_md5_gen(uint8_t *msg, uint32_t *hash);
void __roc_api roc_hash_sha1_gen(uint8_t *msg, uint32_t *hash);
-void __roc_api roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash);
+void __roc_api roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash, int hash_size);
void __roc_api roc_hash_sha512_gen(uint8_t *msg, uint64_t *hash, int hash_size);
#endif /* _ROC_HASH_H_ */
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 2663480099..22df61f5f0 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -149,6 +149,53 @@ cpt_ciph_aes_key_type_set(struct roc_se_context *fctx, uint16_t key_len)
fctx->enc.aes_key = aes_key_type;
}
+static void
+cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t length,
+ struct roc_se_hmac_context *hmac)
+{
+ uint8_t opad[128] = {[0 ... 127] = 0x5c};
+ uint8_t ipad[128] = {[0 ... 127] = 0x36};
+ uint32_t i;
+
+ /* HMAC OPAD and IPAD */
+ for (i = 0; i < 128 && i < length; i++) {
+ opad[i] = opad[i] ^ key[i];
+ ipad[i] = ipad[i] ^ key[i];
+ }
+
+ /* Precompute hash of HMAC OPAD and IPAD to avoid
+ * per packet computation
+ */
+ switch (auth_type) {
+ case ROC_SE_MD5_TYPE:
+ roc_hash_md5_gen(opad, (uint32_t *)hmac->opad);
+ roc_hash_md5_gen(ipad, (uint32_t *)hmac->ipad);
+ break;
+ case ROC_SE_SHA1_TYPE:
+ roc_hash_sha1_gen(opad, (uint32_t *)hmac->opad);
+ roc_hash_sha1_gen(ipad, (uint32_t *)hmac->ipad);
+ break;
+ case ROC_SE_SHA2_SHA224:
+ roc_hash_sha256_gen(opad, (uint32_t *)hmac->opad, 224);
+ roc_hash_sha256_gen(ipad, (uint32_t *)hmac->ipad, 224);
+ break;
+ case ROC_SE_SHA2_SHA256:
+ roc_hash_sha256_gen(opad, (uint32_t *)hmac->opad, 256);
+ roc_hash_sha256_gen(ipad, (uint32_t *)hmac->ipad, 256);
+ break;
+ case ROC_SE_SHA2_SHA384:
+ roc_hash_sha512_gen(opad, (uint64_t *)hmac->opad, 384);
+ roc_hash_sha512_gen(ipad, (uint64_t *)hmac->ipad, 384);
+ break;
+ case ROC_SE_SHA2_SHA512:
+ roc_hash_sha512_gen(opad, (uint64_t *)hmac->opad, 512);
+ roc_hash_sha512_gen(ipad, (uint64_t *)hmac->ipad, 512);
+ break;
+ default:
+ break;
+ }
+}
+
static int
cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t key_len)
{
@@ -434,9 +481,8 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad));
- if (key_len <= 64)
- memcpy(fctx->hmac.opad, key, key_len);
- fctx->enc.auth_input_type = 1;
+ cpt_hmac_opad_ipad_gen(type, key, key_len, &fctx->hmac);
+ fctx->enc.auth_input_type = 0;
}
return 0;
}
--
2.25.1
next prev parent reply other threads:[~2022-12-20 14:32 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-20 14:32 [PATCH 00/17] fixes and improvements to cnxk crytpo PMD Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 01/17] common/cnxk: perform LF fini ops only when allocated Tejasree Kondoj
2022-12-20 14:32 ` Tejasree Kondoj [this message]
2022-12-20 14:32 ` [PATCH 03/17] crypto/cnxk: update resp len calculation for IPv6 Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 04/17] crypto/cnxk: add context to passthrough instruction Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 05/17] crypto/cnxk: support truncated digest length Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 06/17] crypto/cnxk: add queue pair check to meta set Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 07/17] crypto/cnxk: update crypto completion code handling Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 08/17] crypto/cnxk: fix incorrect digest for an empty input data Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 09/17] crypto/cnxk: add CN9K IPsec SG support Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 10/17] crypto/cnxk: add support for SHA3 hash Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 11/17] common/cnxk: skip hmac hash precomputation Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 12/17] crypto/octeontx: support truncated digest size Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 13/17] crypto/cnxk: set device ops to null in PCI remove Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 14/17] crypto/cnxk: add CTX for non IPsec operations Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 15/17] crypto/cnxk: set salt in dptr as part of IV Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 16/17] crypto/cnxk: remove null check of session priv Tejasree Kondoj
2022-12-20 14:32 ` [PATCH 17/17] common/cnxk: remove salt from session Tejasree Kondoj
2023-01-04 10:11 ` [PATCH 00/17] fixes and improvements to cnxk crytpo PMD Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221220143232.2519650-3-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=anoobj@marvell.com \
--cc=asasidharan@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=gmuthukrishn@marvell.com \
--cc=vfialko@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).