Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/131234/?format=api
http://patches.dpdk.org/api/patches/131234/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20230907161258.2288031-2-brian.dooley@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230907161258.2288031-2-brian.dooley@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230907161258.2288031-2-brian.dooley@intel.com", "date": "2023-09-07T16:12:56", "name": "[v7,1/3] crypto/ipsec_mb: add digest encrypted feature", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "7affbb3df3586157d668b180681e93c9921b3de2", "submitter": { "id": 2520, "url": "http://patches.dpdk.org/api/people/2520/?format=api", "name": "Dooley, Brian", "email": "brian.dooley@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20230907161258.2288031-2-brian.dooley@intel.com/mbox/", "series": [ { "id": 29451, "url": "http://patches.dpdk.org/api/series/29451/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=29451", "date": "2023-09-07T16:12:55", "name": "Add Digest Encrypted to aesni_mb PMD", "version": 7, "mbox": "http://patches.dpdk.org/series/29451/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/131234/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/131234/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 94F8742538;\n\tThu, 7 Sep 2023 18:13:28 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id ECA50402DF;\n\tThu, 7 Sep 2023 18:13:25 +0200 (CEST)", "from mgamail.intel.com (mgamail.intel.com [192.55.52.88])\n by mails.dpdk.org (Postfix) with ESMTP id 2A745400EF\n for <dev@dpdk.org>; Thu, 7 Sep 2023 18:13:23 +0200 (CEST)", "from orsmga008.jf.intel.com ([10.7.209.65])\n by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 07 Sep 2023 09:13:04 -0700", "from silpixa00400883.ir.intel.com ([10.243.22.155])\n by orsmga008.jf.intel.com with ESMTP; 07 Sep 2023 09:13:03 -0700" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1694103203; x=1725639203;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=vIuj3iSqKMgxZ3PJatrHIDgiCFh4lZelmQNgKurjllc=;\n b=VcL+CxJ21cqMFFStMBGbzJyItL3Jb1ECEn0HNg0dLp4NUxCFlxpRgEZN\n jUHzz4L9B3c6EiyOdsWmU6feBi0qo3d8rdy0hWq+GZ8dZ6U77XqoIaU1U\n kyfVzcWXhSUstdY6g7Xp5yP7fjXUwschltqpmmpqETJVJQGXHigIgG7mN\n 5eXrH3HxvXpQI6GmGNzQiBy9rDI80uiQ3iPaKBAjzI/MSfWgbgVy9sn4l\n F2+hc5ZbEeE86Yz+Q/8wrWbXWhl1ussWR/T+RMrHqbXq7TXUT1rWPZiTS\n uJt98L1q8iZIENMaR/Y01/Duh2oo1tWj+0FK2fekvQP4lPhzExOlep560 Q==;", "X-IronPort-AV": [ "E=McAfee;i=\"6600,9927,10826\"; a=\"408395798\"", "E=Sophos;i=\"6.02,235,1688454000\"; d=\"scan'208\";a=\"408395798\"", "E=McAfee;i=\"6600,9927,10826\"; a=\"771337672\"", "E=Sophos;i=\"6.02,235,1688454000\"; d=\"scan'208\";a=\"771337672\"" ], "X-ExtLoop1": "1", "From": "Brian Dooley <brian.dooley@intel.com>", "To": "Kai Ji <kai.ji@intel.com>, Pablo de Lara <pablo.de.lara.guarch@intel.com>", "Cc": "dev@dpdk.org, gakhil@marvell.com, Brian Dooley <brian.dooley@intel.com>,\n Ciara Power <ciara.power@intel.com>", "Subject": "[PATCH v7 1/3] crypto/ipsec_mb: add digest encrypted feature", "Date": "Thu, 7 Sep 2023 16:12:56 +0000", "Message-Id": "<20230907161258.2288031-2-brian.dooley@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20230907161258.2288031-1-brian.dooley@intel.com>", "References": "<20230907102614.2269913-2-brian.dooley@intel.com>\n <20230907161258.2288031-1-brian.dooley@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "AESNI_MB PMD does not support Digest Encrypted. This patch adds a check and\nsupport for this feature.\n\nAcked-by: Ciara Power <ciara.power@intel.com>\nSigned-off-by: Brian Dooley <brian.dooley@intel.com>\n---\nv2:\nFixed CHECKPATCH warning\nv3:\nAdd Digest encrypted support to docs\nv4:\nAdd comments and small refactor\nv5:\nFix checkpatch warnings\nv6:\nAdd skipping tests for synchronous crypto\nv7:\nSeparate synchronous fix into separate commit\n---\n doc/guides/cryptodevs/features/aesni_mb.ini | 1 +\n drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 109 +++++++++++++++++++-\n 2 files changed, 105 insertions(+), 5 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini\nindex e4e965c35a..8df5fa2c85 100644\n--- a/doc/guides/cryptodevs/features/aesni_mb.ini\n+++ b/doc/guides/cryptodevs/features/aesni_mb.ini\n@@ -20,6 +20,7 @@ OOP LB In LB Out = Y\n CPU crypto = Y\n Symmetric sessionless = Y\n Non-Byte aligned data = Y\n+Digest encrypted = Y\n \n ;\n ; Supported crypto algorithms of the 'aesni_mb' crypto driver.\ndiff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\nindex 9e298023d7..7f61065939 100644\n--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\n+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\n@@ -1438,6 +1438,54 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,\n \treturn 0;\n }\n \n+/** Check if conditions are met for digest-appended operations */\n+static uint8_t *\n+aesni_mb_digest_appended_in_src(struct rte_crypto_op *op, IMB_JOB *job,\n+\t\tuint32_t oop)\n+{\n+\tunsigned int auth_size, cipher_size;\n+\tuint8_t *end_cipher;\n+\tuint8_t *start_cipher;\n+\n+\tif (job->cipher_mode == IMB_CIPHER_NULL)\n+\t\treturn NULL;\n+\n+\tif (job->cipher_mode == IMB_CIPHER_ZUC_EEA3 ||\n+\t\tjob->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||\n+\t\tjob->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {\n+\t\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t\t(op->sym->cipher.data.length >> 3);\n+\t} else {\n+\t\tcipher_size = (op->sym->cipher.data.offset) +\n+\t\t\t(op->sym->cipher.data.length);\n+\t}\n+\tif (job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN ||\n+\t\tjob->hash_alg == IMB_AUTH_SNOW3G_UIA2_BITLEN ||\n+\t\tjob->hash_alg == IMB_AUTH_KASUMI_UIA1 ||\n+\t\tjob->hash_alg == IMB_AUTH_ZUC256_EIA3_BITLEN) {\n+\t\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t\t(op->sym->auth.data.length >> 3);\n+\t} else {\n+\t\tauth_size = (op->sym->auth.data.offset) +\n+\t\t\t(op->sym->auth.data.length);\n+\t}\n+\n+\tif (!oop) {\n+\t\tend_cipher = rte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *, cipher_size);\n+\t\tstart_cipher = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);\n+\t} else {\n+\t\tend_cipher = rte_pktmbuf_mtod_offset(op->sym->m_dst, uint8_t *, cipher_size);\n+\t\tstart_cipher = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);\n+\t}\n+\n+\tif (start_cipher < op->sym->auth.digest.data &&\n+\t\top->sym->auth.digest.data < end_cipher) {\n+\t\treturn rte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *, auth_size);\n+\t} else {\n+\t\treturn NULL;\n+\t}\n+}\n+\n /**\n * Process a crypto operation and complete a IMB_JOB job structure for\n * submission to the multi buffer library for processing.\n@@ -1580,9 +1628,12 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,\n \t} else {\n \t\tif (aead)\n \t\t\tjob->auth_tag_output = op->sym->aead.digest.data;\n-\t\telse\n-\t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n-\n+\t\telse {\n+\t\t\tjob->auth_tag_output = aesni_mb_digest_appended_in_src(op, job, oop);\n+\t\t\tif (job->auth_tag_output == NULL) {\n+\t\t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n+\t\t\t}\n+\t\t}\n \t\tif (session->auth.req_digest_len !=\n \t\t\t\tjob->auth_tag_output_len_in_bytes) {\n \t\t\tjob->auth_tag_output =\n@@ -1917,6 +1968,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)\n \tstruct aesni_mb_session *sess = NULL;\n \tuint8_t *linear_buf = NULL;\n \tint sgl = 0;\n+\tuint8_t oop = 0;\n \tuint8_t is_docsis_sec = 0;\n \n \tif (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {\n@@ -1962,8 +2014,54 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)\n \t\t\t\t\t\top->sym->auth.digest.data,\n \t\t\t\t\t\tsess->auth.req_digest_len,\n \t\t\t\t\t\t&op->status);\n-\t\t\t} else\n+\t\t\t} else {\n+\t\t\t\tif (!op->sym->m_dst || op->sym->m_dst == op->sym->m_src) {\n+\t\t\t\t\t/* in-place operation */\n+\t\t\t\t\toop = 0;\n+\t\t\t\t} else { /* out-of-place operation */\n+\t\t\t\t\toop = 1;\n+\t\t\t\t}\n+\n+\t\t\t\t/* Enable digest check */\n+\t\t\t\tif (op->sym->m_src->nb_segs == 1 && op->sym->m_dst != NULL\n+\t\t\t\t&& !is_aead_algo(job->hash_alg,\tsess->template_job.cipher_mode) &&\n+\t\t\t\taesni_mb_digest_appended_in_src(op, job, oop) != NULL) {\n+\t\t\t\t\tunsigned int auth_size, cipher_size;\n+\t\t\t\t\tint unencrypted_bytes = 0;\n+\t\t\t\t\tif (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||\n+\t\t\t\t\t\tjob->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN ||\n+\t\t\t\t\t\tjob->cipher_mode == IMB_CIPHER_ZUC_EEA3) {\n+\t\t\t\t\t\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t\t\t\t\t\t(op->sym->cipher.data.length >> 3);\n+\t\t\t\t\t} else {\n+\t\t\t\t\t\tcipher_size = (op->sym->cipher.data.offset) +\n+\t\t\t\t\t\t\t(op->sym->cipher.data.length);\n+\t\t\t\t\t}\n+\t\t\t\t\tif (job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_SNOW3G_UIA2_BITLEN ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_KASUMI_UIA1 ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_ZUC256_EIA3_BITLEN) {\n+\t\t\t\t\t\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t\t\t\t\t\t(op->sym->auth.data.length >> 3);\n+\t\t\t\t\t} else {\n+\t\t\t\t\t\tauth_size = (op->sym->auth.data.offset) +\n+\t\t\t\t\t\t(op->sym->auth.data.length);\n+\t\t\t\t\t}\n+\t\t\t\t\t/* Check for unencrypted bytes in partial digest cases */\n+\t\t\t\t\tif (job->cipher_mode != IMB_CIPHER_NULL) {\n+\t\t\t\t\t\tunencrypted_bytes = auth_size +\n+\t\t\t\t\t\tjob->auth_tag_output_len_in_bytes - cipher_size;\n+\t\t\t\t\t}\n+\t\t\t\t\tif (unencrypted_bytes > 0)\n+\t\t\t\t\t\trte_memcpy(\n+\t\t\t\t\t\trte_pktmbuf_mtod_offset(op->sym->m_dst, uint8_t *,\n+\t\t\t\t\t\tcipher_size),\n+\t\t\t\t\t\trte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *,\n+\t\t\t\t\t\tcipher_size),\n+\t\t\t\t\t\tunencrypted_bytes);\n+\t\t\t\t}\n \t\t\t\tgenerate_digest(job, op, sess);\n+\t\t\t}\n \t\t\tbreak;\n \t\tdefault:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n@@ -2555,7 +2653,8 @@ RTE_INIT(ipsec_mb_register_aesni_mb)\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |\n \t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |\n-\t\t\tRTE_CRYPTODEV_FF_SECURITY;\n+\t\t\tRTE_CRYPTODEV_FF_SECURITY |\n+\t\t\tRTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;\n \n \taesni_mb_data->internals_priv_size = 0;\n \taesni_mb_data->ops = &aesni_mb_pmd_ops;\n", "prefixes": [ "v7", "1/3" ] }{ "id": 131234, "url": "