From: Ciara Power <ciara.power@intel.com>
To: dev@dpdk.org
Cc: kai.ji@intel.com, gakhil@marvell.com,
Pablo de Lara <pablo.de.lara.guarch@intel.com>,
Ciara Power <ciara.power@intel.com>
Subject: [PATCH v2 5/8] crypto/ipsec_mb: store template job
Date: Tue, 16 May 2023 15:24:19 +0000 [thread overview]
Message-ID: <20230516152422.606617-6-ciara.power@intel.com> (raw)
In-Reply-To: <20230516152422.606617-1-ciara.power@intel.com>
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Store template IMB_JOB in session that
will have filled all session-related fields.
These fields include cipher direction, chain order, cipher mode,
hash algorithm, key length, IV lengths, AAD length, digest length,
and key pointers.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 403 ++++++++------------
drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 20 +-
2 files changed, 159 insertions(+), 264 deletions(-)
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ef1f141cad..80f59e75de 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -76,7 +76,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
uint32_t auth_precompute = 1;
if (xform == NULL) {
- sess->auth.algo = IMB_AUTH_NULL;
+ sess->template_job.hash_alg = IMB_AUTH_NULL;
return 0;
}
@@ -87,7 +87,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
/* Set IV parameters */
sess->auth_iv.offset = xform->auth.iv.offset;
- sess->auth_iv.length = xform->auth.iv.length;
/* Set the request digest size */
sess->auth.req_digest_len = xform->auth.digest_length;
@@ -97,13 +96,13 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
/* Set Authentication Parameters */
if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL) {
- sess->auth.algo = IMB_AUTH_NULL;
- sess->auth.gen_digest_len = 0;
+ sess->template_job.hash_alg = IMB_AUTH_NULL;
+ sess->template_job.auth_tag_output_len_in_bytes = 0;
return 0;
}
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
- sess->auth.algo = IMB_AUTH_AES_XCBC;
+ sess->template_job.hash_alg = IMB_AUTH_AES_XCBC;
uint16_t xcbc_mac_digest_len =
get_truncated_digest_byte_length(IMB_AUTH_AES_XCBC);
@@ -111,18 +110,21 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
IMB_AES_XCBC_KEYEXP(mb_mgr, xform->auth.key.data,
sess->auth.xcbc.k1_expanded,
sess->auth.xcbc.k2, sess->auth.xcbc.k3);
+ sess->template_job.u.XCBC._k1_expanded = sess->auth.xcbc.k1_expanded;
+ sess->template_job.u.XCBC._k2 = sess->auth.xcbc.k2;
+ sess->template_job.u.XCBC._k3 = sess->auth.xcbc.k3;
return 0;
}
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_CMAC) {
uint32_t dust[4*15];
- sess->auth.algo = IMB_AUTH_AES_CMAC;
+ sess->template_job.hash_alg = IMB_AUTH_AES_CMAC;
uint16_t cmac_digest_len =
get_digest_byte_length(IMB_AUTH_AES_CMAC);
@@ -140,70 +142,74 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
* the requested number of bytes.
*/
if (sess->auth.req_digest_len < 4)
- sess->auth.gen_digest_len = cmac_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = cmac_digest_len;
else
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
IMB_AES_KEYEXP_128(mb_mgr, xform->auth.key.data,
sess->auth.cmac.expkey, dust);
IMB_AES_CMAC_SUBKEY_GEN_128(mb_mgr, sess->auth.cmac.expkey,
sess->auth.cmac.skey1, sess->auth.cmac.skey2);
+ sess->template_job.u.CMAC._key_expanded = sess->auth.cmac.expkey;
+ sess->template_job.u.CMAC._skey1 = sess->auth.cmac.skey1;
+ sess->template_job.u.CMAC._skey2 = sess->auth.cmac.skey2;
return 0;
}
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
if (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) {
- sess->cipher.direction = IMB_DIR_ENCRYPT;
- sess->chain_order = IMB_ORDER_CIPHER_HASH;
+ sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
+ sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
} else
- sess->cipher.direction = IMB_DIR_DECRYPT;
+ sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
if (sess->auth.req_digest_len >
get_digest_byte_length(IMB_AUTH_AES_GMAC)) {
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
- sess->iv.length = xform->auth.iv.length;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
+ sess->template_job.u.GMAC.iv_len_in_bytes = xform->auth.iv.length;
sess->iv.offset = xform->auth.iv.offset;
switch (xform->auth.key.length) {
case IMB_KEY_128_BYTES:
- sess->auth.algo = IMB_AUTH_AES_GMAC_128;
+ sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_128;
IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
&sess->cipher.gcm_key);
- sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
break;
case IMB_KEY_192_BYTES:
- sess->auth.algo = IMB_AUTH_AES_GMAC_192;
+ sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_192;
IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
&sess->cipher.gcm_key);
- sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
break;
case IMB_KEY_256_BYTES:
- sess->auth.algo = IMB_AUTH_AES_GMAC_256;
+ sess->template_job.hash_alg = IMB_AUTH_AES_GMAC_256;
IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
&sess->cipher.gcm_key);
- sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
break;
default:
IPSEC_MB_LOG(ERR, "Invalid authentication key length\n");
return -EINVAL;
}
+ sess->template_job.u.GMAC._key = &sess->cipher.gcm_key;
return 0;
}
if (xform->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) {
if (xform->auth.key.length == 16) {
- sess->auth.algo = IMB_AUTH_ZUC_EIA3_BITLEN;
+ sess->template_job.hash_alg = IMB_AUTH_ZUC_EIA3_BITLEN;
if (sess->auth.req_digest_len != 4) {
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
} else if (xform->auth.key.length == 32) {
- sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
+ sess->template_job.hash_alg = IMB_AUTH_ZUC256_EIA3_BITLEN;
#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
if (sess->auth.req_digest_len != 4 &&
sess->auth.req_digest_len != 8 &&
@@ -219,13 +225,14 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
return -EINVAL;
}
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
memcpy(sess->auth.zuc_auth_key, xform->auth.key.data,
xform->auth.key.length);
+ sess->template_job.u.ZUC_EIA3._key = sess->auth.zuc_auth_key;
return 0;
} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
- sess->auth.algo = IMB_AUTH_SNOW3G_UIA2_BITLEN;
+ sess->template_job.hash_alg = IMB_AUTH_SNOW3G_UIA2_BITLEN;
uint16_t snow3g_uia2_digest_len =
get_truncated_digest_byte_length(
IMB_AUTH_SNOW3G_UIA2_BITLEN);
@@ -233,33 +240,37 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->auth.key.data,
&sess->auth.pKeySched_snow3g_auth);
+ sess->template_job.u.SNOW3G_UIA2._key = (void *)
+ &sess->auth.pKeySched_snow3g_auth;
return 0;
} else if (xform->auth.algo == RTE_CRYPTO_AUTH_KASUMI_F9) {
- sess->auth.algo = IMB_AUTH_KASUMI_UIA1;
+ sess->template_job.hash_alg = IMB_AUTH_KASUMI_UIA1;
uint16_t kasumi_f9_digest_len =
get_truncated_digest_byte_length(IMB_AUTH_KASUMI_UIA1);
if (sess->auth.req_digest_len != kasumi_f9_digest_len) {
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
}
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
IMB_KASUMI_INIT_F9_KEY_SCHED(mb_mgr, xform->auth.key.data,
&sess->auth.pKeySched_kasumi_auth);
+ sess->template_job.u.KASUMI_UIA1._key = (void *)
+ &sess->auth.pKeySched_kasumi_auth;
return 0;
}
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
- sess->auth.algo = IMB_AUTH_MD5;
+ sess->template_job.hash_alg = IMB_AUTH_MD5;
hash_oneblock_fn = mb_mgr->md5_one_block;
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
- sess->auth.algo = IMB_AUTH_HMAC_SHA_1;
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
hash_oneblock_fn = mb_mgr->sha1_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_1)) {
@@ -271,11 +282,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
break;
case RTE_CRYPTO_AUTH_SHA1:
- sess->auth.algo = IMB_AUTH_SHA_1;
+ sess->template_job.hash_alg = IMB_AUTH_SHA_1;
auth_precompute = 0;
break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
- sess->auth.algo = IMB_AUTH_HMAC_SHA_224;
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
hash_oneblock_fn = mb_mgr->sha224_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_224)) {
@@ -287,11 +298,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
break;
case RTE_CRYPTO_AUTH_SHA224:
- sess->auth.algo = IMB_AUTH_SHA_224;
+ sess->template_job.hash_alg = IMB_AUTH_SHA_224;
auth_precompute = 0;
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
- sess->auth.algo = IMB_AUTH_HMAC_SHA_256;
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
hash_oneblock_fn = mb_mgr->sha256_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_256)) {
@@ -303,11 +314,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
break;
case RTE_CRYPTO_AUTH_SHA256:
- sess->auth.algo = IMB_AUTH_SHA_256;
+ sess->template_job.hash_alg = IMB_AUTH_SHA_256;
auth_precompute = 0;
break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
- sess->auth.algo = IMB_AUTH_HMAC_SHA_384;
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_384;
hash_oneblock_fn = mb_mgr->sha384_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_384)) {
@@ -319,11 +330,11 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
break;
case RTE_CRYPTO_AUTH_SHA384:
- sess->auth.algo = IMB_AUTH_SHA_384;
+ sess->template_job.hash_alg = IMB_AUTH_SHA_384;
auth_precompute = 0;
break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
- sess->auth.algo = IMB_AUTH_HMAC_SHA_512;
+ sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_512;
hash_oneblock_fn = mb_mgr->sha512_one_block;
if (xform->auth.key.length > get_auth_algo_blocksize(
IMB_AUTH_HMAC_SHA_512)) {
@@ -335,7 +346,7 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
}
break;
case RTE_CRYPTO_AUTH_SHA512:
- sess->auth.algo = IMB_AUTH_SHA_512;
+ sess->template_job.hash_alg = IMB_AUTH_SHA_512;
auth_precompute = 0;
break;
default:
@@ -344,9 +355,9 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
return -ENOTSUP;
}
uint16_t trunc_digest_size =
- get_truncated_digest_byte_length(sess->auth.algo);
+ get_truncated_digest_byte_length(sess->template_job.hash_alg);
uint16_t full_digest_size =
- get_digest_byte_length(sess->auth.algo);
+ get_digest_byte_length(sess->template_job.hash_alg);
if (sess->auth.req_digest_len > full_digest_size ||
sess->auth.req_digest_len == 0) {
@@ -356,9 +367,9 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
if (sess->auth.req_digest_len != trunc_digest_size &&
sess->auth.req_digest_len != full_digest_size)
- sess->auth.gen_digest_len = full_digest_size;
+ sess->template_job.auth_tag_output_len_in_bytes = full_digest_size;
else
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
/* Plain SHA does not require precompute key */
if (auth_precompute == 0)
@@ -370,14 +381,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
sess->auth.pads.inner, sess->auth.pads.outer,
hashed_key,
xform->auth.key.length,
- get_auth_algo_blocksize(sess->auth.algo));
+ get_auth_algo_blocksize(sess->template_job.hash_alg));
} else {
calculate_auth_precomputes(hash_oneblock_fn,
sess->auth.pads.inner, sess->auth.pads.outer,
xform->auth.key.data,
xform->auth.key.length,
- get_auth_algo_blocksize(sess->auth.algo));
+ get_auth_algo_blocksize(sess->template_job.hash_alg));
}
+ sess->template_job.u.HMAC._hashed_auth_key_xor_ipad =
+ sess->auth.pads.inner;
+ sess->template_job.u.HMAC._hashed_auth_key_xor_opad =
+ sess->auth.pads.outer;
return 0;
}
@@ -396,7 +411,7 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
uint8_t is_kasumi = 0;
if (xform == NULL) {
- sess->cipher.mode = IMB_CIPHER_NULL;
+ sess->template_job.cipher_mode = IMB_CIPHER_NULL;
return 0;
}
@@ -408,10 +423,10 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
/* Select cipher direction */
switch (xform->cipher.op) {
case RTE_CRYPTO_CIPHER_OP_ENCRYPT:
- sess->cipher.direction = IMB_DIR_ENCRYPT;
+ sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
break;
case RTE_CRYPTO_CIPHER_OP_DECRYPT:
- sess->cipher.direction = IMB_DIR_DECRYPT;
+ sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
break;
default:
IPSEC_MB_LOG(ERR, "Invalid cipher operation parameter");
@@ -421,48 +436,48 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
/* Select cipher mode */
switch (xform->cipher.algo) {
case RTE_CRYPTO_CIPHER_AES_CBC:
- sess->cipher.mode = IMB_CIPHER_CBC;
+ sess->template_job.cipher_mode = IMB_CIPHER_CBC;
is_aes = 1;
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
- sess->cipher.mode = IMB_CIPHER_CNTR;
+ sess->template_job.cipher_mode = IMB_CIPHER_CNTR;
is_aes = 1;
break;
case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
- sess->cipher.mode = IMB_CIPHER_DOCSIS_SEC_BPI;
+ sess->template_job.cipher_mode = IMB_CIPHER_DOCSIS_SEC_BPI;
is_docsis = 1;
break;
case RTE_CRYPTO_CIPHER_DES_CBC:
- sess->cipher.mode = IMB_CIPHER_DES;
+ sess->template_job.cipher_mode = IMB_CIPHER_DES;
break;
case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
- sess->cipher.mode = IMB_CIPHER_DOCSIS_DES;
+ sess->template_job.cipher_mode = IMB_CIPHER_DOCSIS_DES;
break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
- sess->cipher.mode = IMB_CIPHER_DES3;
+ sess->template_job.cipher_mode = IMB_CIPHER_DES3;
is_3DES = 1;
break;
case RTE_CRYPTO_CIPHER_AES_ECB:
- sess->cipher.mode = IMB_CIPHER_ECB;
+ sess->template_job.cipher_mode = IMB_CIPHER_ECB;
is_aes = 1;
break;
case RTE_CRYPTO_CIPHER_ZUC_EEA3:
- sess->cipher.mode = IMB_CIPHER_ZUC_EEA3;
+ sess->template_job.cipher_mode = IMB_CIPHER_ZUC_EEA3;
is_zuc = 1;
break;
case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
- sess->cipher.mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
+ sess->template_job.cipher_mode = IMB_CIPHER_SNOW3G_UEA2_BITLEN;
is_snow3g = 1;
break;
case RTE_CRYPTO_CIPHER_KASUMI_F8:
- sess->cipher.mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
+ sess->template_job.cipher_mode = IMB_CIPHER_KASUMI_UEA1_BITLEN;
is_kasumi = 1;
break;
case RTE_CRYPTO_CIPHER_NULL:
- sess->cipher.mode = IMB_CIPHER_NULL;
- sess->cipher.key_length_in_bytes = 0;
+ sess->template_job.cipher_mode = IMB_CIPHER_NULL;
+ sess->template_job.key_len_in_bytes = 0;
sess->iv.offset = xform->cipher.iv.offset;
- sess->iv.length = xform->cipher.iv.length;
+ sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
return 0;
default:
IPSEC_MB_LOG(ERR, "Unsupported cipher mode parameter");
@@ -471,25 +486,25 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
/* Set IV parameters */
sess->iv.offset = xform->cipher.iv.offset;
- sess->iv.length = xform->cipher.iv.length;
+ sess->template_job.iv_len_in_bytes = xform->cipher.iv.length;
/* Check key length and choose key expansion function for AES */
if (is_aes) {
switch (xform->cipher.key.length) {
case IMB_KEY_128_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
IMB_AES_KEYEXP_128(mb_mgr, xform->cipher.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
break;
case IMB_KEY_192_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
IMB_AES_KEYEXP_192(mb_mgr, xform->cipher.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
break;
case IMB_KEY_256_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
@@ -498,16 +513,19 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
+
+ sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
} else if (is_docsis) {
switch (xform->cipher.key.length) {
case IMB_KEY_128_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
IMB_AES_KEYEXP_128(mb_mgr, xform->cipher.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
break;
case IMB_KEY_256_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
IMB_AES_KEYEXP_256(mb_mgr, xform->cipher.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
@@ -516,6 +534,8 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
+ sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
} else if (is_3DES) {
uint64_t *keys[3] = {sess->cipher.exp_3des_keys.key[0],
sess->cipher.exp_3des_keys.key[1],
@@ -559,38 +579,46 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 24;
+ sess->template_job.enc_keys = sess->cipher.exp_3des_keys.ks_ptr;
+ sess->template_job.dec_keys = sess->cipher.exp_3des_keys.ks_ptr;
+ sess->template_job.key_len_in_bytes = 24;
} else if (is_zuc) {
if (xform->cipher.key.length != 16 &&
xform->cipher.key.length != 32) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = xform->cipher.key.length;
+ sess->template_job.key_len_in_bytes = xform->cipher.key.length;
memcpy(sess->cipher.zuc_cipher_key, xform->cipher.key.data,
xform->cipher.key.length);
+ sess->template_job.enc_keys = sess->cipher.zuc_cipher_key;
+ sess->template_job.dec_keys = sess->cipher.zuc_cipher_key;
} else if (is_snow3g) {
if (xform->cipher.key.length != 16) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 16;
+ sess->template_job.key_len_in_bytes = 16;
IMB_SNOW3G_INIT_KEY_SCHED(mb_mgr, xform->cipher.key.data,
&sess->cipher.pKeySched_snow3g_cipher);
+ sess->template_job.enc_keys = &sess->cipher.pKeySched_snow3g_cipher;
+ sess->template_job.dec_keys = &sess->cipher.pKeySched_snow3g_cipher;
} else if (is_kasumi) {
if (xform->cipher.key.length != 16) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 16;
+ sess->template_job.key_len_in_bytes = 16;
IMB_KASUMI_INIT_F8_KEY_SCHED(mb_mgr, xform->cipher.key.data,
&sess->cipher.pKeySched_kasumi_cipher);
+ sess->template_job.enc_keys = &sess->cipher.pKeySched_kasumi_cipher;
+ sess->template_job.dec_keys = &sess->cipher.pKeySched_kasumi_cipher;
} else {
if (xform->cipher.key.length != 8) {
IPSEC_MB_LOG(ERR, "Invalid cipher key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 8;
+ sess->template_job.key_len_in_bytes = 8;
IMB_DES_KEYSCHED(mb_mgr,
(uint64_t *)sess->cipher.expanded_aes_keys.encode,
@@ -598,6 +626,8 @@ aesni_mb_set_session_cipher_parameters(const IMB_MGR *mb_mgr,
IMB_DES_KEYSCHED(mb_mgr,
(uint64_t *)sess->cipher.expanded_aes_keys.decode,
xform->cipher.key.data);
+ sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
}
return 0;
@@ -610,11 +640,11 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
{
switch (xform->aead.op) {
case RTE_CRYPTO_AEAD_OP_ENCRYPT:
- sess->cipher.direction = IMB_DIR_ENCRYPT;
+ sess->template_job.cipher_direction = IMB_DIR_ENCRYPT;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
break;
case RTE_CRYPTO_AEAD_OP_DECRYPT:
- sess->cipher.direction = IMB_DIR_DECRYPT;
+ sess->template_job.cipher_direction = IMB_DIR_DECRYPT;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
break;
default:
@@ -624,27 +654,28 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
/* Set IV parameters */
sess->iv.offset = xform->aead.iv.offset;
- sess->iv.length = xform->aead.iv.length;
+ sess->template_job.iv_len_in_bytes = xform->aead.iv.length;
/* Set digest sizes */
sess->auth.req_digest_len = xform->aead.digest_length;
- sess->auth.gen_digest_len = sess->auth.req_digest_len;
+ sess->template_job.auth_tag_output_len_in_bytes = sess->auth.req_digest_len;
switch (xform->aead.algo) {
case RTE_CRYPTO_AEAD_AES_CCM:
- sess->cipher.mode = IMB_CIPHER_CCM;
- sess->auth.algo = IMB_AUTH_AES_CCM;
+ sess->template_job.cipher_mode = IMB_CIPHER_CCM;
+ sess->template_job.hash_alg = IMB_AUTH_AES_CCM;
+ sess->template_job.u.CCM.aad_len_in_bytes = xform->aead.aad_length;
/* Check key length and choose key expansion function for AES */
switch (xform->aead.key.length) {
case IMB_KEY_128_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
IMB_AES_KEYEXP_128(mb_mgr, xform->aead.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
break;
case IMB_KEY_256_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
IMB_AES_KEYEXP_256(mb_mgr, xform->aead.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
@@ -654,6 +685,8 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
return -EINVAL;
}
+ sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
/* CCM digests must be between 4 and 16 and an even number */
if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
@@ -664,22 +697,23 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
break;
case RTE_CRYPTO_AEAD_AES_GCM:
- sess->cipher.mode = IMB_CIPHER_GCM;
- sess->auth.algo = IMB_AUTH_AES_GMAC;
+ sess->template_job.cipher_mode = IMB_CIPHER_GCM;
+ sess->template_job.hash_alg = IMB_AUTH_AES_GMAC;
+ sess->template_job.u.GCM.aad_len_in_bytes = xform->aead.aad_length;
switch (xform->aead.key.length) {
case IMB_KEY_128_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_128_BYTES;
IMB_AES128_GCM_PRE(mb_mgr, xform->aead.key.data,
&sess->cipher.gcm_key);
break;
case IMB_KEY_192_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_192_BYTES;
IMB_AES192_GCM_PRE(mb_mgr, xform->aead.key.data,
&sess->cipher.gcm_key);
break;
case IMB_KEY_256_BYTES:
- sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
+ sess->template_job.key_len_in_bytes = IMB_KEY_256_BYTES;
IMB_AES256_GCM_PRE(mb_mgr, xform->aead.key.data,
&sess->cipher.gcm_key);
break;
@@ -688,6 +722,8 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
return -EINVAL;
}
+ sess->template_job.enc_keys = &sess->cipher.gcm_key;
+ sess->template_job.dec_keys = &sess->cipher.gcm_key;
/* GCM digest size must be between 1 and 16 */
if (sess->auth.req_digest_len == 0 ||
sess->auth.req_digest_len > 16) {
@@ -697,16 +733,20 @@ aesni_mb_set_session_aead_parameters(const IMB_MGR *mb_mgr,
break;
case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
- sess->cipher.mode = IMB_CIPHER_CHACHA20_POLY1305;
- sess->auth.algo = IMB_AUTH_CHACHA20_POLY1305;
+ sess->template_job.cipher_mode = IMB_CIPHER_CHACHA20_POLY1305;
+ sess->template_job.hash_alg = IMB_AUTH_CHACHA20_POLY1305;
+ sess->template_job.u.CHACHA20_POLY1305.aad_len_in_bytes =
+ xform->aead.aad_length;
if (xform->aead.key.length != 32) {
IPSEC_MB_LOG(ERR, "Invalid key length");
return -EINVAL;
}
- sess->cipher.key_length_in_bytes = 32;
+ sess->template_job.key_len_in_bytes = 32;
memcpy(sess->cipher.expanded_aes_keys.encode,
xform->aead.key.data, 32);
+ sess->template_job.enc_keys = sess->cipher.expanded_aes_keys.encode;
+ sess->template_job.dec_keys = sess->cipher.expanded_aes_keys.decode;
if (sess->auth.req_digest_len != 16) {
IPSEC_MB_LOG(ERR, "Invalid digest size\n");
return -EINVAL;
@@ -741,16 +781,16 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
/* Select Crypto operation - hash then cipher / cipher then hash */
switch (mode) {
case IPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT:
- sess->chain_order = IMB_ORDER_HASH_CIPHER;
+ sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
break;
case IPSEC_MB_OP_ENCRYPT_THEN_HASH_GEN:
case IPSEC_MB_OP_DECRYPT_THEN_HASH_VERIFY:
- sess->chain_order = IMB_ORDER_CIPHER_HASH;
+ sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
break;
case IPSEC_MB_OP_HASH_GEN_ONLY:
case IPSEC_MB_OP_HASH_VERIFY_ONLY:
case IPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT:
- sess->chain_order = IMB_ORDER_HASH_CIPHER;
+ sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
break;
/*
* Multi buffer library operates only at two modes,
@@ -760,18 +800,16 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
* the first operation and decryption the last one.
*/
case IPSEC_MB_OP_ENCRYPT_ONLY:
- sess->chain_order = IMB_ORDER_CIPHER_HASH;
+ sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
break;
case IPSEC_MB_OP_DECRYPT_ONLY:
- sess->chain_order = IMB_ORDER_HASH_CIPHER;
+ sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
break;
case IPSEC_MB_OP_AEAD_AUTHENTICATED_ENCRYPT:
- sess->chain_order = IMB_ORDER_CIPHER_HASH;
- sess->aead.aad_len = xform->aead.aad_length;
+ sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
break;
case IPSEC_MB_OP_AEAD_AUTHENTICATED_DECRYPT:
- sess->chain_order = IMB_ORDER_HASH_CIPHER;
- sess->aead.aad_len = xform->aead.aad_length;
+ sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
break;
case IPSEC_MB_OP_NOT_SUPPORTED:
default:
@@ -781,8 +819,7 @@ aesni_mb_session_configure(IMB_MGR *mb_mgr,
}
/* Default IV length = 0 */
- sess->iv.length = 0;
- sess->auth_iv.length = 0;
+ sess->template_job.iv_len_in_bytes = 0;
ret = aesni_mb_set_session_auth_parameters(mb_mgr, sess, auth_xform);
if (ret != 0) {
@@ -864,10 +901,10 @@ aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
/* Select CRC generate/verify */
if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) {
- sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+ sess->template_job.hash_alg = IMB_AUTH_DOCSIS_CRC32;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
} else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) {
- sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+ sess->template_job.hash_alg = IMB_AUTH_DOCSIS_CRC32;
sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
} else {
IPSEC_MB_LOG(ERR, "Unsupported DOCSIS direction");
@@ -875,7 +912,7 @@ aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
}
sess->auth.req_digest_len = RTE_ETHER_CRC_LEN;
- sess->auth.gen_digest_len = RTE_ETHER_CRC_LEN;
+ sess->template_job.auth_tag_output_len_in_bytes = RTE_ETHER_CRC_LEN;
return 0;
}
@@ -907,12 +944,12 @@ aesni_mb_set_docsis_sec_session_parameters(
switch (conf->docsis.direction) {
case RTE_SECURITY_DOCSIS_UPLINK:
- ipsec_sess->chain_order = IMB_ORDER_CIPHER_HASH;
+ ipsec_sess->template_job.chain_order = IMB_ORDER_CIPHER_HASH;
docsis_xform = &conf->docsis;
cipher_xform = conf->crypto_xform;
break;
case RTE_SECURITY_DOCSIS_DOWNLINK:
- ipsec_sess->chain_order = IMB_ORDER_HASH_CIPHER;
+ ipsec_sess->template_job.chain_order = IMB_ORDER_HASH_CIPHER;
cipher_xform = conf->crypto_xform;
docsis_xform = &conf->docsis;
break;
@@ -923,7 +960,7 @@ aesni_mb_set_docsis_sec_session_parameters(
}
/* Default IV length = 0 */
- ipsec_sess->iv.length = 0;
+ ipsec_sess->template_job.iv_len_in_bytes = 0;
ret = aesni_mb_set_docsis_sec_session_auth_parameters(ipsec_sess,
docsis_xform);
@@ -958,7 +995,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
uint32_t cipher_end, auth_end;
/* Only cipher then hash needs special calculation. */
- if (!oop || session->chain_order != IMB_ORDER_CIPHER_HASH || lb_sgl)
+ if (!oop || session->template_job.chain_order != IMB_ORDER_CIPHER_HASH || lb_sgl)
return auth_offset;
m_src = op->sym->m_src;
@@ -1004,80 +1041,35 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
struct rte_crypto_va_iova_ptr *iv,
struct rte_crypto_va_iova_ptr *aad, void *digest, void *udata)
{
- /* Set crypto operation */
- job->chain_order = session->chain_order;
-
- /* Set cipher parameters */
- job->cipher_direction = session->cipher.direction;
- job->cipher_mode = session->cipher.mode;
-
- job->key_len_in_bytes = session->cipher.key_length_in_bytes;
+ memcpy(job, &session->template_job, sizeof(IMB_JOB));
/* Set authentication parameters */
- job->hash_alg = session->auth.algo;
job->iv = iv->va;
switch (job->hash_alg) {
- case IMB_AUTH_AES_XCBC:
- job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
- job->u.XCBC._k2 = session->auth.xcbc.k2;
- job->u.XCBC._k3 = session->auth.xcbc.k3;
-
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
- break;
-
case IMB_AUTH_AES_CCM:
job->u.CCM.aad = (uint8_t *)aad->va + 18;
- job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
job->iv++;
break;
- case IMB_AUTH_AES_CMAC:
- job->u.CMAC._key_expanded = session->auth.cmac.expkey;
- job->u.CMAC._skey1 = session->auth.cmac.skey1;
- job->u.CMAC._skey2 = session->auth.cmac.skey2;
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
- break;
-
case IMB_AUTH_AES_GMAC:
job->u.GCM.aad = aad->va;
- job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
- job->enc_keys = &session->cipher.gcm_key;
- job->dec_keys = &session->cipher.gcm_key;
break;
case IMB_AUTH_AES_GMAC_128:
case IMB_AUTH_AES_GMAC_192:
case IMB_AUTH_AES_GMAC_256:
- job->u.GMAC._key = &session->cipher.gcm_key;
job->u.GMAC._iv = iv->va;
- job->u.GMAC.iv_len_in_bytes = session->iv.length;
break;
case IMB_AUTH_CHACHA20_POLY1305:
job->u.CHACHA20_POLY1305.aad = aad->va;
- job->u.CHACHA20_POLY1305.aad_len_in_bytes =
- session->aead.aad_len;
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.encode;
break;
default:
job->u.HMAC._hashed_auth_key_xor_ipad =
session->auth.pads.inner;
job->u.HMAC._hashed_auth_key_xor_opad =
session->auth.pads.outer;
-
- if (job->cipher_mode == IMB_CIPHER_DES3) {
- job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
- job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
- } else {
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
- }
}
/*
@@ -1087,10 +1079,6 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
/* Set digest location and length */
job->auth_tag_output = digest;
- job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
- /* Set IV parameters */
- job->iv_len_in_bytes = session->iv.length;
/* Data Parameters */
job->src = buf;
@@ -1235,8 +1223,10 @@ handle_sgl_linear(IMB_JOB *job, struct rte_crypto_op *op, uint32_t dst_offset,
static inline int
imb_lib_support_sgl_algo(IMB_CIPHER_MODE alg)
{
- if (alg == IMB_CIPHER_CHACHA20_POLY1305
- || alg == IMB_CIPHER_GCM)
+ if (alg == IMB_CIPHER_CHACHA20_POLY1305 ||
+ alg == IMB_CIPHER_CHACHA20_POLY1305_SGL ||
+ alg == IMB_CIPHER_GCM_SGL ||
+ alg == IMB_CIPHER_GCM)
return 1;
return 0;
}
@@ -1413,28 +1403,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
return -1;
}
- /* Set crypto operation */
- job->chain_order = session->chain_order;
-
- /* Set cipher parameters */
- job->cipher_direction = session->cipher.direction;
- job->cipher_mode = session->cipher.mode;
-
- job->key_len_in_bytes = session->cipher.key_length_in_bytes;
+ memcpy(job, &session->template_job, sizeof(IMB_JOB));
/* Set authentication parameters */
- job->hash_alg = session->auth.algo;
-
const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
- if (job->cipher_mode == IMB_CIPHER_DES3) {
- job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
- job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
- } else {
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
- }
-
if (!op->sym->m_dst) {
/* in-place operation */
m_dst = m_src;
@@ -1451,89 +1424,49 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
if (m_src->nb_segs > 1 || m_dst->nb_segs > 1) {
sgl = 1;
- if (!imb_lib_support_sgl_algo(session->cipher.mode))
+ if (!imb_lib_support_sgl_algo(job->cipher_mode))
lb_sgl = 1;
}
switch (job->hash_alg) {
- case IMB_AUTH_AES_XCBC:
- job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
- job->u.XCBC._k2 = session->auth.xcbc.k2;
- job->u.XCBC._k3 = session->auth.xcbc.k3;
-
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
- break;
-
case IMB_AUTH_AES_CCM:
job->u.CCM.aad = op->sym->aead.aad.data + 18;
- job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
- break;
-
- case IMB_AUTH_AES_CMAC:
- job->u.CMAC._key_expanded = session->auth.cmac.expkey;
- job->u.CMAC._skey1 = session->auth.cmac.skey1;
- job->u.CMAC._skey2 = session->auth.cmac.skey2;
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.decode;
break;
case IMB_AUTH_AES_GMAC:
job->u.GCM.aad = op->sym->aead.aad.data;
- job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
if (sgl) {
job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
job->cipher_mode = IMB_CIPHER_GCM_SGL;
job->hash_alg = IMB_AUTH_GCM_SGL;
}
- job->enc_keys = &session->cipher.gcm_key;
- job->dec_keys = &session->cipher.gcm_key;
break;
case IMB_AUTH_AES_GMAC_128:
case IMB_AUTH_AES_GMAC_192:
case IMB_AUTH_AES_GMAC_256:
- job->u.GMAC._key = &session->cipher.gcm_key;
job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
- job->u.GMAC.iv_len_in_bytes = session->auth_iv.length;
break;
case IMB_AUTH_ZUC_EIA3_BITLEN:
case IMB_AUTH_ZUC256_EIA3_BITLEN:
- job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
job->u.ZUC_EIA3._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
break;
case IMB_AUTH_SNOW3G_UIA2_BITLEN:
- job->u.SNOW3G_UIA2._key = (void *)
- &session->auth.pKeySched_snow3g_auth;
job->u.SNOW3G_UIA2._iv =
rte_crypto_op_ctod_offset(op, uint8_t *,
session->auth_iv.offset);
break;
- case IMB_AUTH_KASUMI_UIA1:
- job->u.KASUMI_UIA1._key = (void *)
- &session->auth.pKeySched_kasumi_auth;
- break;
case IMB_AUTH_CHACHA20_POLY1305:
job->u.CHACHA20_POLY1305.aad = op->sym->aead.aad.data;
- job->u.CHACHA20_POLY1305.aad_len_in_bytes =
- session->aead.aad_len;
if (sgl) {
job->u.CHACHA20_POLY1305.ctx = &qp_data->chacha_sgl_ctx;
job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
}
- job->enc_keys = session->cipher.expanded_aes_keys.encode;
- job->dec_keys = session->cipher.expanded_aes_keys.encode;
break;
default:
- job->u.HMAC._hashed_auth_key_xor_ipad =
- session->auth.pads.inner;
- job->u.HMAC._hashed_auth_key_xor_opad =
- session->auth.pads.outer;
-
+ break;
}
if (aead)
@@ -1542,14 +1475,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
m_offset = op->sym->cipher.data.offset;
if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
- job->enc_keys = session->cipher.zuc_cipher_key;
- job->dec_keys = session->cipher.zuc_cipher_key;
m_offset >>= 3;
} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
- job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
m_offset = 0;
} else if (job->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {
- job->enc_keys = &session->cipher.pKeySched_kasumi_cipher;
m_offset = 0;
}
@@ -1565,7 +1494,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->auth_tag_output = op->sym->auth.digest.data;
if (session->auth.req_digest_len !=
- session->auth.gen_digest_len) {
+ job->auth_tag_output_len_in_bytes) {
job->auth_tag_output =
qp_data->temp_digests[*digest_idx];
*digest_idx = (*digest_idx + 1) % IMB_MAX_JOBS;
@@ -1576,12 +1505,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
* digest length as specified in the relevant IPsec RFCs
*/
- /* Set digest length */
- job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
- /* Set IV parameters */
- job->iv_len_in_bytes = session->iv.length;
-
/* Data Parameters */
if (sgl) {
job->src = NULL;
@@ -1773,8 +1696,8 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
return -1;
}
/* Only DOCSIS protocol operations supported now */
- if (session->cipher.mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
- session->auth.algo != IMB_AUTH_DOCSIS_CRC32) {
+ if (session->template_job.cipher_mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
+ session->template_job.hash_alg != IMB_AUTH_DOCSIS_CRC32) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return -1;
}
@@ -1791,31 +1714,19 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
return -ENOTSUP;
}
- /* Set crypto operation */
- job->chain_order = session->chain_order;
+ memcpy(job, &session->template_job, sizeof(IMB_JOB));
/* Set cipher parameters */
- job->cipher_direction = session->cipher.direction;
- job->cipher_mode = session->cipher.mode;
-
- job->key_len_in_bytes = session->cipher.key_length_in_bytes;
job->enc_keys = session->cipher.expanded_aes_keys.encode;
job->dec_keys = session->cipher.expanded_aes_keys.decode;
/* Set IV parameters */
- job->iv_len_in_bytes = session->iv.length;
job->iv = (uint8_t *)op + session->iv.offset;
- /* Set authentication parameters */
- job->hash_alg = session->auth.algo;
-
/* Set digest output location */
job->auth_tag_output = qp_data->temp_digests[*digest_idx];
*digest_idx = (*digest_idx + 1) % IMB_MAX_JOBS;
- /* Set digest length */
- job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
-
/* Set data parameters */
job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *,
@@ -1865,7 +1776,7 @@ generate_digest(IMB_JOB *job, struct rte_crypto_op *op,
struct aesni_mb_session *sess)
{
/* No extra copy needed */
- if (likely(sess->auth.req_digest_len == sess->auth.gen_digest_len))
+ if (likely(sess->auth.req_digest_len == job->auth_tag_output_len_in_bytes))
return;
/*
@@ -1940,7 +1851,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
if ((op->sym->m_src->nb_segs > 1 ||
(op->sym->m_dst != NULL &&
op->sym->m_dst->nb_segs > 1)) &&
- !imb_lib_support_sgl_algo(sess->cipher.mode)) {
+ !imb_lib_support_sgl_algo(job->cipher_mode)) {
linear_buf = (uint8_t *) job->user_data2;
post_process_sgl_linear(op, job, sess, linear_buf);
}
@@ -1950,7 +1861,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
if (is_aead_algo(job->hash_alg,
- sess->cipher.mode))
+ job->cipher_mode))
verify_digest(job,
op->sym->aead.digest.data,
sess->auth.req_digest_len,
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
index 3cf44f8bc4..ce9a6e4886 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
@@ -852,14 +852,12 @@ get_digest_byte_length(IMB_HASH_ALG algo)
/** AES-NI multi-buffer private session structure */
struct aesni_mb_session {
- IMB_CHAIN_ORDER chain_order;
- /* common job fields */
+ IMB_JOB template_job;
+ /*< Template job structure */
struct {
- uint16_t length;
uint16_t offset;
} iv;
struct {
- uint16_t length;
uint16_t offset;
} auth_iv;
/* *< IV parameters
@@ -868,13 +866,6 @@ struct aesni_mb_session {
/* * Cipher Parameters
*/
struct {
- /* * Cipher direction - encrypt / decrypt */
- IMB_CIPHER_DIRECTION direction;
- /* * Cipher mode - CBC / Counter */
- IMB_CIPHER_MODE mode;
-
- uint64_t key_length_in_bytes;
-
union {
struct {
uint32_t encode[60] __rte_aligned(16);
@@ -907,7 +898,6 @@ struct aesni_mb_session {
/* *< Authentication Parameters */
struct {
- IMB_HASH_ALG algo; /* *< Authentication Algorithm */
enum rte_crypto_auth_operation operation;
/* *< auth operation generate or verify */
union {
@@ -948,16 +938,10 @@ struct aesni_mb_session {
kasumi_key_sched_t pKeySched_kasumi_auth;
/* *< KASUMI scheduled authentication key */
};
- /* * Generated digest size by the Multi-buffer library */
- uint16_t gen_digest_len;
/* * Requested digest size from Cryptodev */
uint16_t req_digest_len;
} auth;
- struct {
- /* * AAD data length */
- uint16_t aad_len;
- } aead;
} __rte_cache_aligned;
typedef void (*hash_one_block_t)(const void *data, void *digest);
--
2.25.1
next prev parent reply other threads:[~2023-05-16 15:25 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-21 13:12 [PATCH 0/8] add AESNI_MB optimisations Ciara Power
2023-04-21 13:12 ` [PATCH 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Ciara Power
2023-04-21 13:12 ` [PATCH 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-04-21 13:12 ` [PATCH 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-04-21 13:12 ` [PATCH 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-04-21 13:12 ` [PATCH 5/8] crypto/ipsec_mb: store template job Ciara Power
2023-04-21 13:12 ` [PATCH 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-04-21 13:12 ` [PATCH 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-04-21 13:12 ` [PATCH 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2024-02-22 20:52 ` Wathsala Wathawana Vithanage
2023-05-16 12:25 ` [EXT] [PATCH 0/8] add AESNI_MB optimisations Akhil Goyal
2023-05-16 12:54 ` Power, Ciara
2023-05-16 15:24 ` [PATCH v2 " Ciara Power
2023-05-16 15:24 ` [PATCH v2 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms Ciara Power
2023-05-16 15:24 ` [PATCH v2 2/8] crypto/ipsec_mb: use burst API in aesni_mb Ciara Power
2023-05-16 15:24 ` [PATCH v2 3/8] crypto/ipsec_mb: use new SGL API Ciara Power
2023-05-16 15:24 ` [PATCH v2 4/8] crypto/ipsec_mb: remove unneeded fields in crypto session Ciara Power
2023-05-16 15:24 ` Ciara Power [this message]
2023-05-16 15:24 ` [PATCH v2 6/8] crypto/ipsec_mb: optimize for GCM case Ciara Power
2023-05-16 15:24 ` [PATCH v2 7/8] crypto/ipsec_mb: do not free linear_sgl always Ciara Power
2023-05-16 15:24 ` [PATCH v2 8/8] crypto/ipsec_mb: set and use session ID Ciara Power
2023-06-10 20:15 ` Thomas Monjalon
2023-06-14 5:35 ` [EXT] " Akhil Goyal
2023-06-15 2:46 ` Fangming Fang
2023-06-15 4:47 ` Akhil Goyal
2023-06-16 9:25 ` De Lara Guarch, Pablo
2023-06-16 9:38 ` Akhil Goyal
2023-06-20 6:32 ` Fangming Fang
2024-02-21 5:01 ` Patrick Robb
2024-02-21 5:10 ` [EXT] " Honnappa Nagarahalli
2024-02-21 5:23 ` Patrick Robb
2024-02-21 9:50 ` Power, Ciara
2024-02-21 19:09 ` Patrick Robb
2024-02-22 1:55 ` [EXT] " Wathsala Wathawana Vithanage
2024-02-26 23:23 ` Wathsala Wathawana Vithanage
2024-02-27 1:05 ` Patrick Robb
2024-02-27 6:13 ` Akhil Goyal
2024-03-05 17:36 ` Wathsala Wathawana Vithanage
2023-06-20 14:41 ` Thomas Monjalon
2023-06-21 19:11 ` De Lara Guarch, Pablo
2023-05-17 16:44 ` [PATCH v2 0/8] add AESNI_MB optimisations Ji, Kai
2023-05-24 11:44 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230516152422.606617-6-ciara.power@intel.com \
--to=ciara.power@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
--cc=pablo.de.lara.guarch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).