DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ciara Power <ciara.power@intel.com>
To: dev@dpdk.org
Cc: kai.ji@intel.com, gakhil@marvell.com,
	Pablo de Lara <pablo.de.lara.guarch@intel.com>,
	Ciara Power <ciara.power@intel.com>
Subject: [PATCH v2 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms
Date: Tue, 16 May 2023 15:24:15 +0000	[thread overview]
Message-ID: <20230516152422.606617-2-ciara.power@intel.com> (raw)
In-Reply-To: <20230516152422.606617-1-ciara.power@intel.com>

From: Pablo de Lara <pablo.de.lara.guarch@intel.com>

AES-GMAC can be done with auth-only enums
IMB_AES_GMAC_128/192/256, which allows another cipher
algorithm to be used, instead of being part of AES-GCM.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 104 +++++++++++--------------
 1 file changed, 47 insertions(+), 57 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ac20d01937..c53548aa3b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -57,8 +57,7 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
 {
 	return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
 		hash_alg == IMB_AUTH_AES_CCM ||
-		(hash_alg == IMB_AUTH_AES_GMAC &&
-		cipher_mode == IMB_CIPHER_GCM));
+		cipher_mode == IMB_CIPHER_GCM);
 }
 
 /** Set session authentication parameters */
@@ -155,7 +154,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		} else
 			sess->cipher.direction = IMB_DIR_DECRYPT;
 
-		sess->auth.algo = IMB_AUTH_AES_GMAC;
 		if (sess->auth.req_digest_len >
 			get_digest_byte_length(IMB_AUTH_AES_GMAC)) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
@@ -167,16 +165,19 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 		switch (xform->auth.key.length) {
 		case IMB_KEY_128_BYTES:
+			sess->auth.algo = IMB_AUTH_AES_GMAC_128;
 			IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
 			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
 			break;
 		case IMB_KEY_192_BYTES:
+			sess->auth.algo = IMB_AUTH_AES_GMAC_192;
 			IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
 			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
 			break;
 		case IMB_KEY_256_BYTES:
+			sess->auth.algo = IMB_AUTH_AES_GMAC_256;
 			IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
 			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
@@ -1039,19 +1040,20 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 		break;
 
 	case IMB_AUTH_AES_GMAC:
-		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->u.GCM.aad = aad->va;
-			job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
-		} else {
-			/* For GMAC */
-			job->u.GCM.aad = buf;
-			job->u.GCM.aad_len_in_bytes = len;
-			job->cipher_mode = IMB_CIPHER_GCM;
-		}
+		job->u.GCM.aad = aad->va;
+		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
 		job->enc_keys = &session->cipher.gcm_key;
 		job->dec_keys = &session->cipher.gcm_key;
 		break;
 
+	case IMB_AUTH_AES_GMAC_128:
+	case IMB_AUTH_AES_GMAC_192:
+	case IMB_AUTH_AES_GMAC_256:
+		job->u.GMAC._key = &session->cipher.gcm_key;
+		job->u.GMAC._iv = iv->va;
+		job->u.GMAC.iv_len_in_bytes = session->iv.length;
+		break;
+
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = aad->va;
 		job->u.CHACHA20_POLY1305.aad_len_in_bytes =
@@ -1091,16 +1093,10 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 	job->dst = (uint8_t *)buf + sofs.ofs.cipher.head;
 	job->cipher_start_src_offset_in_bytes = sofs.ofs.cipher.head;
 	job->hash_start_src_offset_in_bytes = sofs.ofs.auth.head;
-	if (job->hash_alg == IMB_AUTH_AES_GMAC &&
-			session->cipher.mode != IMB_CIPHER_GCM) {
-		job->msg_len_to_hash_in_bytes = 0;
-		job->msg_len_to_cipher_in_bytes = 0;
-	} else {
-		job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head -
-			sofs.ofs.auth.tail;
-		job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head -
-			sofs.ofs.cipher.tail;
-	}
+	job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head -
+		sofs.ofs.auth.tail;
+	job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head -
+		sofs.ofs.cipher.tail;
 
 	job->user_data = udata;
 }
@@ -1184,8 +1180,6 @@ sgl_linear_cipher_auth_len(IMB_JOB *job, uint64_t *auth_len)
 			job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN)
 		*auth_len = (job->msg_len_to_hash_in_bits >> 3) +
 				job->hash_start_src_offset_in_bytes;
-	else if (job->hash_alg == IMB_AUTH_AES_GMAC)
-		*auth_len = job->u.GCM.aad_len_in_bytes;
 	else
 		*auth_len = job->msg_len_to_hash_in_bytes +
 				job->hash_start_src_offset_in_bytes;
@@ -1352,24 +1346,24 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		break;
 
 	case IMB_AUTH_AES_GMAC:
-		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->u.GCM.aad = op->sym->aead.aad.data;
-			job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
-			if (sgl) {
-				job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
-				job->cipher_mode = IMB_CIPHER_GCM_SGL;
-				job->hash_alg = IMB_AUTH_GCM_SGL;
-			}
-		} else {
-			/* For GMAC */
-			job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,
-					uint8_t *, op->sym->auth.data.offset);
-			job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;
-			job->cipher_mode = IMB_CIPHER_GCM;
+		job->u.GCM.aad = op->sym->aead.aad.data;
+		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+		if (sgl) {
+			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
+			job->cipher_mode = IMB_CIPHER_GCM_SGL;
+			job->hash_alg = IMB_AUTH_GCM_SGL;
 		}
 		job->enc_keys = &session->cipher.gcm_key;
 		job->dec_keys = &session->cipher.gcm_key;
 		break;
+	case IMB_AUTH_AES_GMAC_128:
+	case IMB_AUTH_AES_GMAC_192:
+	case IMB_AUTH_AES_GMAC_256:
+		job->u.GMAC._key = &session->cipher.gcm_key;
+		job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						session->auth_iv.offset);
+		job->u.GMAC.iv_len_in_bytes = session->auth_iv.length;
+		break;
 	case IMB_AUTH_ZUC_EIA3_BITLEN:
 	case IMB_AUTH_ZUC256_EIA3_BITLEN:
 		job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
@@ -1472,19 +1466,21 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		break;
 
 	case IMB_AUTH_AES_GMAC:
-		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->hash_start_src_offset_in_bytes =
-					op->sym->aead.data.offset;
-			job->msg_len_to_hash_in_bytes =
-					op->sym->aead.data.length;
-		} else { /* AES-GMAC only, only AAD used */
-			job->msg_len_to_hash_in_bytes = 0;
-			job->hash_start_src_offset_in_bytes = 0;
-		}
-
+		job->hash_start_src_offset_in_bytes =
+				op->sym->aead.data.offset;
+		job->msg_len_to_hash_in_bytes =
+				op->sym->aead.data.length;
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 				session->iv.offset);
 		break;
+	case IMB_AUTH_AES_GMAC_128:
+	case IMB_AUTH_AES_GMAC_192:
+	case IMB_AUTH_AES_GMAC_256:
+		job->hash_start_src_offset_in_bytes =
+				op->sym->auth.data.offset;
+		job->msg_len_to_hash_in_bytes =
+				op->sym->auth.data.length;
+		break;
 
 	case IMB_AUTH_GCM_SGL:
 	case IMB_AUTH_CHACHA20_POLY1305_SGL:
@@ -1567,15 +1563,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 					op->sym->cipher.data.length;
 		break;
 	case IMB_CIPHER_GCM:
-		if (session->cipher.mode == IMB_CIPHER_NULL) {
-			/* AES-GMAC only (only AAD used) */
-			job->msg_len_to_cipher_in_bytes = 0;
-			job->cipher_start_src_offset_in_bytes = 0;
-		} else {
-			job->cipher_start_src_offset_in_bytes =
-					op->sym->aead.data.offset;
-			job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
-		}
+		job->cipher_start_src_offset_in_bytes =
+				op->sym->aead.data.offset;
+		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
 		break;
 	case IMB_CIPHER_CCM:
 	case IMB_CIPHER_CHACHA20_POLY1305:
-- 
2.25.1


  reply	other threads:[~2023-05-16 15:24 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-21 13:12 [PATCH 0/8] add AESNI_MB optimisations Ciara Power
2023-04-21 13:12 ` [PATCH 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Ciara Power
2023-04-21 13:12 ` [PATCH 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-04-21 13:12 ` [PATCH 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-04-21 13:12 ` [PATCH 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-04-21 13:12 ` [PATCH 5/8] crypto/ipsec_mb: store template job Ciara Power
2023-04-21 13:12 ` [PATCH 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-04-21 13:12 ` [PATCH 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-04-21 13:12 ` [PATCH 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2024-02-22 20:52   ` Wathsala Wathawana Vithanage
2023-05-16 12:25 ` [EXT] [PATCH 0/8] add AESNI_MB optimisations Akhil Goyal
2023-05-16 12:54   ` Power, Ciara
2023-05-16 15:24 ` [PATCH v2 " Ciara Power
2023-05-16 15:24   ` Ciara Power [this message]
2023-05-16 15:24   ` [PATCH v2 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-05-16 15:24   ` [PATCH v2 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-05-16 15:24   ` [PATCH v2 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-05-16 15:24   ` [PATCH v2 5/8] crypto/ipsec_mb: store template job Ciara Power
2023-05-16 15:24   ` [PATCH v2 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-05-16 15:24   ` [PATCH v2 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-05-16 15:24   ` [PATCH v2 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2023-06-10 20:15     ` Thomas Monjalon
2023-06-14  5:35       ` [EXT] " Akhil Goyal
2023-06-15  2:46         ` Fangming Fang
2023-06-15  4:47           ` Akhil Goyal
2023-06-16  9:25             ` De Lara Guarch, Pablo
2023-06-16  9:38               ` Akhil Goyal
2023-06-20  6:32                 ` Fangming Fang
2024-02-21  5:01                   ` Patrick Robb
2024-02-21  5:10                     ` [EXT] " Honnappa Nagarahalli
2024-02-21  5:23                       ` Patrick Robb
2024-02-21  9:50                       ` Power, Ciara
2024-02-21 19:09                         ` Patrick Robb
2024-02-22  1:55                     ` [EXT] " Wathsala Wathawana Vithanage
2024-02-26 23:23                       ` Wathsala Wathawana Vithanage
2024-02-27  1:05                         ` Patrick Robb
2024-02-27  6:13                         ` Akhil Goyal
2024-03-05 17:36                         ` Wathsala Wathawana Vithanage
2023-06-20 14:41                 ` Thomas Monjalon
2023-06-21 19:11                   ` De Lara Guarch, Pablo
2023-05-17 16:44   ` [PATCH v2 0/8] add AESNI_MB optimisations Ji, Kai
2023-05-24 11:44     ` Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230516152422.606617-2-ciara.power@intel.com \
    --to=ciara.power@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=kai.ji@intel.com \
    --cc=pablo.de.lara.guarch@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).