Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/74754/?format=api
{ "id": 74754, "url": "http://patches.dpdk.org/api/patches/74754/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20200724110007.41303-3-rnagadheeraj@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20200724110007.41303-3-rnagadheeraj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20200724110007.41303-3-rnagadheeraj@marvell.com", "date": "2020-07-24T11:00:06", "name": "[2/3] crypto/nitrox: support AES-GCM", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "a55b96558354bb4a1943e58b58e28e8efaf9e82f", "submitter": { "id": 1365, "url": "http://patches.dpdk.org/api/people/1365/?format=api", "name": "Nagadheeraj Rottela", "email": "rnagadheeraj@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20200724110007.41303-3-rnagadheeraj@marvell.com/mbox/", "series": [ { "id": 11282, "url": "http://patches.dpdk.org/api/series/11282/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=11282", "date": "2020-07-24T11:00:04", "name": "Add AES-GCM and cipher only offload support", "version": 1, "mbox": "http://patches.dpdk.org/series/11282/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/74754/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/74754/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 84BB4A0518;\n\tFri, 24 Jul 2020 13:00:36 +0200 (CEST)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 7B75C1C032;\n\tFri, 24 Jul 2020 13:00:24 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 712E41C031\n for <dev@dpdk.org>; Fri, 24 Jul 2020 13:00:22 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 06OAsrI9006884; Fri, 24 Jul 2020 04:00:21 -0700", "from sc-exch02.marvell.com ([199.233.58.182])\n by mx0a-0016f401.pphosted.com with ESMTP id 32bxep2bsk-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Fri, 24 Jul 2020 04:00:21 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com\n (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Fri, 24 Jul 2020 04:00:20 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Fri, 24 Jul 2020 04:00:19 -0700", "from hyd1669.caveonetworks.com (10.69.176.80) by\n DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id\n 15.0.1497.2 via Frontend Transport; Fri, 24 Jul 2020 04:00:18 -0700" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0818;\n bh=p0IHgbju1k4KS4Jzq19izf8bWDP79aEb59K30XPak7E=;\n b=u/ycSnGnRnYXqBsKQRtxmxtmS0S4xwu3CUol+pDSfVnK8pSMfq+xwHhc57qcnneYMhat\n 0cA1urnRxz9hu4SERdjcpayMdhPDgkSOZrCpnXG3I3JtkR5WDXYbLguMghqgy9JjNRov\n t6/CnV6e3MsK2NJkGt+MUE00wiM/0hnq69nO8YuHWwU8GrM/mkJ/7LLbZ1xYoUQBMzFE\n R7J4rSY0YyALDcNfoB9ZVHiGjhqmTGiQg/uHbCb+XKHqjc+W1et4qnd1h/gHVeUtbWu1\n E7MZ0v079apRonvCz0f0/R2xuIPEgxoVI6dTN00CS8PvGWSDDQLzBKh97Ue1tK3CEuZv 4g==", "From": "Nagadheeraj Rottela <rnagadheeraj@marvell.com>", "To": "<akhil.goyal@nxp.com>", "CC": "<dev@dpdk.org>, <jsrikanth@marvell.com>, Nagadheeraj Rottela\n <rnagadheeraj@marvell.com>", "Date": "Fri, 24 Jul 2020 16:30:06 +0530", "Message-ID": "<20200724110007.41303-3-rnagadheeraj@marvell.com>", "X-Mailer": "git-send-email 2.20.1", "In-Reply-To": "<20200724110007.41303-1-rnagadheeraj@marvell.com>", "References": "<20200724110007.41303-1-rnagadheeraj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687\n definitions=2020-07-24_03:2020-07-24,\n 2020-07-24 signatures=0", "Subject": "[dpdk-dev] [PATCH 2/3] crypto/nitrox: support AES-GCM", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "This patch adds AES-GCM AEAD algorithm.\n\nSigned-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>\n---\n doc/guides/cryptodevs/features/nitrox.ini | 3 +\n doc/guides/cryptodevs/nitrox.rst | 4 +\n drivers/crypto/nitrox/nitrox_sym.c | 82 +++++++-\n .../crypto/nitrox/nitrox_sym_capabilities.c | 30 +++\n drivers/crypto/nitrox/nitrox_sym_ctx.h | 5 +-\n drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 182 +++++++++++++++---\n 6 files changed, 268 insertions(+), 38 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/features/nitrox.ini b/doc/guides/cryptodevs/features/nitrox.ini\nindex 183494731..a1d6bcb4f 100644\n--- a/doc/guides/cryptodevs/features/nitrox.ini\n+++ b/doc/guides/cryptodevs/features/nitrox.ini\n@@ -34,6 +34,9 @@ SHA256 HMAC = Y\n ; Supported AEAD algorithms of the 'nitrox' crypto driver.\n ;\n [AEAD]\n+AES GCM (128) = Y\n+AES GCM (192) = Y\n+AES GCM (256) = Y\n \n ;\n ; Supported Asymmetric algorithms of the 'nitrox' crypto driver.\ndiff --git a/doc/guides/cryptodevs/nitrox.rst b/doc/guides/cryptodevs/nitrox.rst\nindex 85f5212b6..91fca905a 100644\n--- a/doc/guides/cryptodevs/nitrox.rst\n+++ b/doc/guides/cryptodevs/nitrox.rst\n@@ -26,6 +26,10 @@ Hash algorithms:\n * ``RTE_CRYPTO_AUTH_SHA224_HMAC``\n * ``RTE_CRYPTO_AUTH_SHA256_HMAC``\n \n+Supported AEAD algorithms:\n+\n+* ``RTE_CRYPTO_AEAD_AES_GCM``\n+\n Limitations\n -----------\n \ndiff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c\nindex fad4a7a48..fe3ee6e23 100644\n--- a/drivers/crypto/nitrox/nitrox_sym.c\n+++ b/drivers/crypto/nitrox/nitrox_sym.c\n@@ -20,6 +20,7 @@\n #define NPS_PKT_IN_INSTR_SIZE 64\n #define IV_FROM_DPTR 1\n #define FLEXI_CRYPTO_ENCRYPT_HMAC 0x33\n+#define FLEXI_CRYPTO_MAX_AAD_LEN 512\n #define AES_KEYSIZE_128 16\n #define AES_KEYSIZE_192 24\n #define AES_KEYSIZE_256 32\n@@ -297,6 +298,9 @@ get_crypto_chain_order(const struct rte_crypto_sym_xform *xform)\n \t\t\t}\n \t\t}\n \t\tbreak;\n+\tcase RTE_CRYPTO_SYM_XFORM_AEAD:\n+\t\tres = NITROX_CHAIN_COMBINED;\n+\t\tbreak;\n \tdefault:\n \t\tbreak;\n \t}\n@@ -431,17 +435,17 @@ get_flexi_auth_type(enum rte_crypto_auth_algorithm algo)\n }\n \n static bool\n-auth_key_digest_is_valid(struct rte_crypto_auth_xform *xform,\n-\t\t\t struct flexi_crypto_context *fctx)\n+auth_key_is_valid(const uint8_t *data, uint16_t length,\n+\t\t struct flexi_crypto_context *fctx)\n {\n-\tif (unlikely(!xform->key.data && xform->key.length)) {\n+\tif (unlikely(!data && length)) {\n \t\tNITROX_LOG(ERR, \"Invalid auth key\\n\");\n \t\treturn false;\n \t}\n \n-\tif (unlikely(xform->key.length > sizeof(fctx->auth.opad))) {\n+\tif (unlikely(length > sizeof(fctx->auth.opad))) {\n \t\tNITROX_LOG(ERR, \"Invalid auth key length %d\\n\",\n-\t\t\t xform->key.length);\n+\t\t\t length);\n \t\treturn false;\n \t}\n \n@@ -459,11 +463,10 @@ configure_auth_ctx(struct rte_crypto_auth_xform *xform,\n \tif (unlikely(type == AUTH_INVALID))\n \t\treturn -ENOTSUP;\n \n-\tif (unlikely(!auth_key_digest_is_valid(xform, fctx)))\n+\tif (unlikely(!auth_key_is_valid(xform->key.data, xform->key.length,\n+\t\t\t\t\tfctx)))\n \t\treturn -EINVAL;\n \n-\tctx->auth_op = xform->op;\n-\tctx->auth_algo = xform->algo;\n \tctx->digest_length = xform->digest_length;\n \n \tfctx->flags = rte_be_to_cpu_64(fctx->flags);\n@@ -476,6 +479,56 @@ configure_auth_ctx(struct rte_crypto_auth_xform *xform,\n \treturn 0;\n }\n \n+static int\n+configure_aead_ctx(struct rte_crypto_aead_xform *xform,\n+\t\t struct nitrox_crypto_ctx *ctx)\n+{\n+\tint aes_keylen;\n+\tstruct flexi_crypto_context *fctx = &ctx->fctx;\n+\n+\tif (unlikely(xform->aad_length > FLEXI_CRYPTO_MAX_AAD_LEN)) {\n+\t\tNITROX_LOG(ERR, \"AAD length %d not supported\\n\",\n+\t\t\t xform->aad_length);\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tif (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM))\n+\t\treturn -ENOTSUP;\n+\n+\taes_keylen = flexi_aes_keylen(xform->key.length, true);\n+\tif (unlikely(aes_keylen < 0))\n+\t\treturn -EINVAL;\n+\n+\tif (unlikely(!auth_key_is_valid(xform->key.data, xform->key.length,\n+\t\t\t\t\tfctx)))\n+\t\treturn -EINVAL;\n+\n+\tif (unlikely(xform->iv.length > MAX_IV_LEN))\n+\t\treturn -EINVAL;\n+\n+\tfctx->flags = rte_be_to_cpu_64(fctx->flags);\n+\tfctx->w0.cipher_type = CIPHER_AES_GCM;\n+\tfctx->w0.aes_keylen = aes_keylen;\n+\tfctx->w0.iv_source = IV_FROM_DPTR;\n+\tfctx->w0.hash_type = AUTH_NULL;\n+\tfctx->w0.auth_input_type = 1;\n+\tfctx->w0.mac_len = xform->digest_length;\n+\tfctx->flags = rte_cpu_to_be_64(fctx->flags);\n+\tmemset(fctx->crypto.key, 0, sizeof(fctx->crypto.key));\n+\tmemcpy(fctx->crypto.key, xform->key.data, xform->key.length);\n+\tmemset(&fctx->auth, 0, sizeof(fctx->auth));\n+\tmemcpy(fctx->auth.opad, xform->key.data, xform->key.length);\n+\n+\tctx->opcode = FLEXI_CRYPTO_ENCRYPT_HMAC;\n+\tctx->req_op = (xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?\n+\t\t\tNITROX_OP_ENCRYPT : NITROX_OP_DECRYPT;\n+\tctx->iv.offset = xform->iv.offset;\n+\tctx->iv.length = xform->iv.length;\n+\tctx->digest_length = xform->digest_length;\n+\tctx->aad_length = xform->aad_length;\n+\treturn 0;\n+}\n+\n static int\n nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,\n \t\t\t struct rte_crypto_sym_xform *xform,\n@@ -486,6 +539,8 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,\n \tstruct nitrox_crypto_ctx *ctx;\n \tstruct rte_crypto_cipher_xform *cipher_xform = NULL;\n \tstruct rte_crypto_auth_xform *auth_xform = NULL;\n+\tstruct rte_crypto_aead_xform *aead_xform = NULL;\n+\tint ret = -EINVAL;\n \n \tif (rte_mempool_get(mempool, &mp_obj)) {\n \t\tNITROX_LOG(ERR, \"Couldn't allocate context\\n\");\n@@ -503,8 +558,12 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,\n \t\tauth_xform = &xform->auth;\n \t\tcipher_xform = &xform->next->cipher;\n \t\tbreak;\n+\tcase NITROX_CHAIN_COMBINED:\n+\t\taead_xform = &xform->aead;\n+\t\tbreak;\n \tdefault:\n \t\tNITROX_LOG(ERR, \"Crypto chain not supported\\n\");\n+\t\tret = -ENOTSUP;\n \t\tgoto err;\n \t}\n \n@@ -518,12 +577,17 @@ nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,\n \t\tgoto err;\n \t}\n \n+\tif (aead_xform && unlikely(configure_aead_ctx(aead_xform, ctx))) {\n+\t\tNITROX_LOG(ERR, \"Failed to configure aead ctx\\n\");\n+\t\tgoto err;\n+\t}\n+\n \tctx->iova = rte_mempool_virt2iova(ctx);\n \tset_sym_session_private_data(sess, cdev->driver_id, ctx);\n \treturn 0;\n err:\n \trte_mempool_put(mempool, mp_obj);\n-\treturn -EINVAL;\n+\treturn ret;\n }\n \n static void\ndiff --git a/drivers/crypto/nitrox/nitrox_sym_capabilities.c b/drivers/crypto/nitrox/nitrox_sym_capabilities.c\nindex dc4df9185..a30cd9f8f 100644\n--- a/drivers/crypto/nitrox/nitrox_sym_capabilities.c\n+++ b/drivers/crypto/nitrox/nitrox_sym_capabilities.c\n@@ -108,6 +108,36 @@ static const struct rte_cryptodev_capabilities nitrox_capabilities[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES GCM */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t{.aead = {\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 1,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 1\n+\t\t\t\t},\n+\t\t\t\t.aad_size = {\n+\t\t\t\t\t.min = 0,\n+\t\t\t\t\t.max = 512,\n+\t\t\t\t\t.increment = 1\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 4\n+\t\t\t\t},\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n \tRTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()\n };\n \ndiff --git a/drivers/crypto/nitrox/nitrox_sym_ctx.h b/drivers/crypto/nitrox/nitrox_sym_ctx.h\nindex 2985e519f..deb00fc1e 100644\n--- a/drivers/crypto/nitrox/nitrox_sym_ctx.h\n+++ b/drivers/crypto/nitrox/nitrox_sym_ctx.h\n@@ -11,6 +11,7 @@\n \n #define AES_MAX_KEY_SIZE 32\n #define AES_BLOCK_SIZE 16\n+#define AES_GCM_SALT_SIZE 4\n \n enum nitrox_chain {\n \tNITROX_CHAIN_CIPHER_ONLY,\n@@ -69,14 +70,14 @@ struct flexi_crypto_context {\n struct nitrox_crypto_ctx {\n \tstruct flexi_crypto_context fctx;\n \tenum nitrox_chain nitrox_chain;\n-\tenum rte_crypto_auth_operation auth_op;\n-\tenum rte_crypto_auth_algorithm auth_algo;\n \tstruct {\n \t\tuint16_t offset;\n \t\tuint16_t length;\n \t} iv;\n \trte_iova_t iova;\n+\tuint8_t salt[AES_GCM_SALT_SIZE];\n \tuint16_t digest_length;\n+\tuint16_t aad_length;\n \tuint8_t opcode;\n \tuint8_t req_op;\n };\ndiff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c\nindex d9b426776..93d59b048 100644\n--- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c\n+++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c\n@@ -238,12 +238,13 @@ create_se_instr(struct nitrox_softreq *sr, uint8_t qno)\n }\n \n static void\n-softreq_copy_iv(struct nitrox_softreq *sr)\n+softreq_copy_iv(struct nitrox_softreq *sr, uint8_t salt_size)\n {\n-\tsr->iv.virt = rte_crypto_op_ctod_offset(sr->op, uint8_t *,\n-\t\t\t\t\t\tsr->ctx->iv.offset);\n-\tsr->iv.iova = rte_crypto_op_ctophys_offset(sr->op, sr->ctx->iv.offset);\n-\tsr->iv.len = sr->ctx->iv.length;\n+\tuint16_t offset = sr->ctx->iv.offset + salt_size;\n+\n+\tsr->iv.virt = rte_crypto_op_ctod_offset(sr->op, uint8_t *, offset);\n+\tsr->iv.iova = rte_crypto_op_ctophys_offset(sr->op, offset);\n+\tsr->iv.len = sr->ctx->iv.length - salt_size;\n }\n \n static int\n@@ -254,7 +255,7 @@ extract_cipher_auth_digest(struct nitrox_softreq *sr,\n \tstruct rte_mbuf *mdst = op->sym->m_dst ? op->sym->m_dst :\n \t\t\t\t\top->sym->m_src;\n \n-\tif (sr->ctx->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY &&\n+\tif (sr->ctx->req_op == NITROX_OP_DECRYPT &&\n \t unlikely(!op->sym->auth.digest.data))\n \t\treturn -EINVAL;\n \n@@ -352,6 +353,13 @@ create_cipher_auth_sglist(struct nitrox_softreq *sr,\n \tif (unlikely(auth_only_len < 0))\n \t\treturn -EINVAL;\n \n+\tif (unlikely(\n+\t\top->sym->cipher.data.offset + op->sym->cipher.data.length !=\n+\t\top->sym->auth.data.offset + op->sym->auth.data.length)) {\n+\t\tNITROX_LOG(ERR, \"Auth only data after cipher data not supported\\n\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n \terr = create_sglist_from_mbuf(sgtbl, mbuf, op->sym->auth.data.offset,\n \t\t\t\t auth_only_len);\n \tif (unlikely(err))\n@@ -365,6 +373,41 @@ create_cipher_auth_sglist(struct nitrox_softreq *sr,\n \treturn 0;\n }\n \n+static int\n+create_combined_sglist(struct nitrox_softreq *sr, struct nitrox_sgtable *sgtbl,\n+\t\t struct rte_mbuf *mbuf)\n+{\n+\tstruct rte_crypto_op *op = sr->op;\n+\n+\tfill_sglist(sgtbl, sr->iv.len, sr->iv.iova, sr->iv.virt);\n+\tfill_sglist(sgtbl, sr->ctx->aad_length, op->sym->aead.aad.phys_addr,\n+\t\t op->sym->aead.aad.data);\n+\treturn create_sglist_from_mbuf(sgtbl, mbuf, op->sym->cipher.data.offset,\n+\t\t\t\t op->sym->cipher.data.length);\n+}\n+\n+static int\n+create_aead_sglist(struct nitrox_softreq *sr, struct nitrox_sgtable *sgtbl,\n+\t\t struct rte_mbuf *mbuf)\n+{\n+\tint err;\n+\n+\tswitch (sr->ctx->nitrox_chain) {\n+\tcase NITROX_CHAIN_CIPHER_AUTH:\n+\tcase NITROX_CHAIN_AUTH_CIPHER:\n+\t\terr = create_cipher_auth_sglist(sr, sgtbl, mbuf);\n+\t\tbreak;\n+\tcase NITROX_CHAIN_COMBINED:\n+\t\terr = create_combined_sglist(sr, sgtbl, mbuf);\n+\t\tbreak;\n+\tdefault:\n+\t\terr = -EINVAL;\n+\t\tbreak;\n+\t}\n+\n+\treturn err;\n+}\n+\n static void\n create_sgcomp(struct nitrox_sgtable *sgtbl)\n {\n@@ -383,17 +426,16 @@ create_sgcomp(struct nitrox_sgtable *sgtbl)\n }\n \n static int\n-create_cipher_auth_inbuf(struct nitrox_softreq *sr,\n-\t\t\t struct nitrox_sglist *digest)\n+create_aead_inbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)\n {\n \tint err;\n \tstruct nitrox_crypto_ctx *ctx = sr->ctx;\n \n-\terr = create_cipher_auth_sglist(sr, &sr->in, sr->op->sym->m_src);\n+\terr = create_aead_sglist(sr, &sr->in, sr->op->sym->m_src);\n \tif (unlikely(err))\n \t\treturn err;\n \n-\tif (ctx->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)\n+\tif (ctx->req_op == NITROX_OP_DECRYPT)\n \t\tfill_sglist(&sr->in, digest->len, digest->iova, digest->virt);\n \n \tcreate_sgcomp(&sr->in);\n@@ -402,25 +444,24 @@ create_cipher_auth_inbuf(struct nitrox_softreq *sr,\n }\n \n static int\n-create_cipher_auth_oop_outbuf(struct nitrox_softreq *sr,\n-\t\t\t struct nitrox_sglist *digest)\n+create_aead_oop_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)\n {\n \tint err;\n \tstruct nitrox_crypto_ctx *ctx = sr->ctx;\n \n-\terr = create_cipher_auth_sglist(sr, &sr->out, sr->op->sym->m_dst);\n+\terr = create_aead_sglist(sr, &sr->out, sr->op->sym->m_dst);\n \tif (unlikely(err))\n \t\treturn err;\n \n-\tif (ctx->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)\n+\tif (ctx->req_op == NITROX_OP_ENCRYPT)\n \t\tfill_sglist(&sr->out, digest->len, digest->iova, digest->virt);\n \n \treturn 0;\n }\n \n static void\n-create_cipher_auth_inplace_outbuf(struct nitrox_softreq *sr,\n-\t\t\t\t struct nitrox_sglist *digest)\n+create_aead_inplace_outbuf(struct nitrox_softreq *sr,\n+\t\t\t struct nitrox_sglist *digest)\n {\n \tint i, cnt;\n \tstruct nitrox_crypto_ctx *ctx = sr->ctx;\n@@ -433,17 +474,16 @@ create_cipher_auth_inplace_outbuf(struct nitrox_softreq *sr,\n \t}\n \n \tsr->out.map_bufs_cnt = cnt;\n-\tif (ctx->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE) {\n+\tif (ctx->req_op == NITROX_OP_ENCRYPT) {\n \t\tfill_sglist(&sr->out, digest->len, digest->iova,\n \t\t\t digest->virt);\n-\t} else if (ctx->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {\n+\t} else if (ctx->req_op == NITROX_OP_DECRYPT) {\n \t\tsr->out.map_bufs_cnt--;\n \t}\n }\n \n static int\n-create_cipher_auth_outbuf(struct nitrox_softreq *sr,\n-\t\t\t struct nitrox_sglist *digest)\n+create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest)\n {\n \tstruct rte_crypto_op *op = sr->op;\n \tint cnt = 0;\n@@ -458,11 +498,11 @@ create_cipher_auth_outbuf(struct nitrox_softreq *sr,\n \tif (op->sym->m_dst) {\n \t\tint err;\n \n-\t\terr = create_cipher_auth_oop_outbuf(sr, digest);\n+\t\terr = create_aead_oop_outbuf(sr, digest);\n \t\tif (unlikely(err))\n \t\t\treturn err;\n \t} else {\n-\t\tcreate_cipher_auth_inplace_outbuf(sr, digest);\n+\t\tcreate_aead_inplace_outbuf(sr, digest);\n \t}\n \n \tcnt = sr->out.map_bufs_cnt;\n@@ -516,16 +556,16 @@ process_cipher_auth_data(struct nitrox_softreq *sr)\n \tint err;\n \tstruct nitrox_sglist digest;\n \n-\tsoftreq_copy_iv(sr);\n+\tsoftreq_copy_iv(sr, 0);\n \terr = extract_cipher_auth_digest(sr, &digest);\n \tif (unlikely(err))\n \t\treturn err;\n \n-\terr = create_cipher_auth_inbuf(sr, &digest);\n+\terr = create_aead_inbuf(sr, &digest);\n \tif (unlikely(err))\n \t\treturn err;\n \n-\terr = create_cipher_auth_outbuf(sr, &digest);\n+\terr = create_aead_outbuf(sr, &digest);\n \tif (unlikely(err))\n \t\treturn err;\n \n@@ -534,6 +574,86 @@ process_cipher_auth_data(struct nitrox_softreq *sr)\n \treturn 0;\n }\n \n+static int\n+softreq_copy_salt(struct nitrox_softreq *sr)\n+{\n+\tstruct nitrox_crypto_ctx *ctx = sr->ctx;\n+\tuint8_t *addr;\n+\n+\tif (unlikely(ctx->iv.length < AES_GCM_SALT_SIZE)) {\n+\t\tNITROX_LOG(ERR, \"Invalid IV length %d\\n\", ctx->iv.length);\n+\t\treturn -EINVAL;\n+\t}\n+\n+\taddr = rte_crypto_op_ctod_offset(sr->op, uint8_t *, ctx->iv.offset);\n+\tif (!memcmp(ctx->salt, addr, AES_GCM_SALT_SIZE))\n+\t\treturn 0;\n+\n+\tmemcpy(ctx->salt, addr, AES_GCM_SALT_SIZE);\n+\tmemcpy(ctx->fctx.crypto.iv, addr, AES_GCM_SALT_SIZE);\n+\treturn 0;\n+}\n+\n+static int\n+extract_combined_digest(struct nitrox_softreq *sr, struct nitrox_sglist *digest)\n+{\n+\tstruct rte_crypto_op *op = sr->op;\n+\tstruct rte_mbuf *mdst = op->sym->m_dst ? op->sym->m_dst :\n+\t\top->sym->m_src;\n+\n+\tdigest->len = sr->ctx->digest_length;\n+\tif (op->sym->aead.digest.data) {\n+\t\tdigest->iova = op->sym->aead.digest.phys_addr;\n+\t\tdigest->virt = op->sym->aead.digest.data;\n+\n+\t\treturn 0;\n+\t}\n+\n+\tif (unlikely(rte_pktmbuf_data_len(mdst) < op->sym->aead.data.offset +\n+\t op->sym->aead.data.length + digest->len))\n+\t\treturn -EINVAL;\n+\n+\tdigest->iova = rte_pktmbuf_mtophys_offset(mdst,\n+\t\t\t\t\top->sym->aead.data.offset +\n+\t\t\t\t\top->sym->aead.data.length);\n+\tdigest->virt = rte_pktmbuf_mtod_offset(mdst, uint8_t *,\n+\t\t\t\t\top->sym->aead.data.offset +\n+\t\t\t\t\top->sym->aead.data.length);\n+\n+\treturn 0;\n+}\n+\n+static int\n+process_combined_data(struct nitrox_softreq *sr)\n+{\n+\tint err;\n+\tstruct nitrox_sglist digest;\n+\tstruct rte_crypto_op *op = sr->op;\n+\n+\terr = softreq_copy_salt(sr);\n+\tif (unlikely(err))\n+\t\treturn err;\n+\n+\tsoftreq_copy_iv(sr, AES_GCM_SALT_SIZE);\n+\terr = extract_combined_digest(sr, &digest);\n+\tif (unlikely(err))\n+\t\treturn err;\n+\n+\terr = create_aead_inbuf(sr, &digest);\n+\tif (unlikely(err))\n+\t\treturn err;\n+\n+\terr = create_aead_outbuf(sr, &digest);\n+\tif (unlikely(err))\n+\t\treturn err;\n+\n+\tcreate_aead_gph(op->sym->aead.data.length, sr->iv.len,\n+\t\t\top->sym->aead.data.length + sr->ctx->aad_length,\n+\t\t\t&sr->gph);\n+\n+\treturn 0;\n+}\n+\n static int\n process_softreq(struct nitrox_softreq *sr)\n {\n@@ -545,6 +665,9 @@ process_softreq(struct nitrox_softreq *sr)\n \tcase NITROX_CHAIN_AUTH_CIPHER:\n \t\terr = process_cipher_auth_data(sr);\n \t\tbreak;\n+\tcase NITROX_CHAIN_COMBINED:\n+\t\terr = process_combined_data(sr);\n+\t\tbreak;\n \tdefault:\n \t\terr = -EINVAL;\n \t\tbreak;\n@@ -558,10 +681,15 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op,\n \t\t struct nitrox_crypto_ctx *ctx,\n \t\t struct nitrox_softreq *sr)\n {\n+\tint err;\n+\n \tsoftreq_init(sr, sr->iova);\n \tsr->ctx = ctx;\n \tsr->op = op;\n-\tprocess_softreq(sr);\n+\terr = process_softreq(sr);\n+\tif (unlikely(err))\n+\t\treturn err;\n+\n \tcreate_se_instr(sr, qno);\n \tsr->timeout = rte_get_timer_cycles() + CMD_TIMEOUT * rte_get_timer_hz();\n \treturn 0;\n@@ -577,7 +705,7 @@ nitrox_check_se_req(struct nitrox_softreq *sr, struct rte_crypto_op **op)\n \tcc = *(volatile uint64_t *)(&sr->resp.completion);\n \torh = *(volatile uint64_t *)(&sr->resp.orh);\n \tif (cc != PENDING_SIG)\n-\t\terr = 0;\n+\t\terr = orh & 0xff;\n \telse if ((orh != PENDING_SIG) && (orh & 0xff))\n \t\terr = orh & 0xff;\n \telse if (rte_get_timer_cycles() >= sr->timeout)\n", "prefixes": [ "2/3" ] }