From patchwork Tue May 16 15:24:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Power, Ciara" <ciara.power@intel.com>
X-Patchwork-Id: 126893
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id A238442B24;
	Tue, 16 May 2023 17:24:32 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id BC3EB41151;
	Tue, 16 May 2023 17:24:30 +0200 (CEST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mails.dpdk.org (Postfix) with ESMTP id 649C34114A
 for <dev@dpdk.org>; Tue, 16 May 2023 17:24:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1684250668; x=1715786668;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=hNU8gxx4eseAH7M1/hsKxagrAYuaDyQa/zvh2Fkuui8=;
 b=Mcny4L8moEX8xFYXLOsOFIyV63iBfTwwGWsMefao29M4/nRo4aHhh6GC
 QP3sJR7qshlmeUdCG8Wu/Cz5Jedfw13Z4RZON+rDfkIzAjHbHpdPfkbmG
 ebDadS6fPnD0e4Aleq7SzeCyMyEjKv+4ev1lwLnnJBz+ZyKk94T4l5O+1
 gRK25g7JTa/gg2Ta84Hko6dCy4nepjgzFCHhHWf2pSbKfyhcOx/eomwcN
 HXzCbBqK9b1e0sFrRR4I03kW4GCcHGpNbYJa4YXdtPVpN1BwSh3SV45iq
 +miZGIhJb44X3CaagcSJO21n/WktMBr+GVNB2K7HZz6SMo2zTfDc5aBT8 w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="353789066"
X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="353789066"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
 by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 May 2023 08:24:27 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10712"; a="695500636"
X-IronPort-AV: E=Sophos;i="5.99,278,1677571200"; d="scan'208";a="695500636"
Received: from silpixa00400355.ir.intel.com (HELO
 silpixa00400355.ger.corp.intel.com) ([10.237.222.80])
 by orsmga007.jf.intel.com with ESMTP; 16 May 2023 08:24:25 -0700
From: Ciara Power <ciara.power@intel.com>
To: dev@dpdk.org
Cc: kai.ji@intel.com, gakhil@marvell.com,
 Pablo de Lara <pablo.de.lara.guarch@intel.com>,
 Ciara Power <ciara.power@intel.com>
Subject: [PATCH v2 1/8] crypto/ipsec_mb: use GMAC dedicated algorithms
Date: Tue, 16 May 2023 15:24:15 +0000
Message-Id: <20230516152422.606617-2-ciara.power@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230516152422.606617-1-ciara.power@intel.com>
References: <20230421131221.1732314-1-ciara.power@intel.com>
 <20230516152422.606617-1-ciara.power@intel.com>
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Pablo de Lara <pablo.de.lara.guarch@intel.com>

AES-GMAC can be done with auth-only enums
IMB_AES_GMAC_128/192/256, which allows another cipher
algorithm to be used, instead of being part of AES-GCM.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 104 +++++++++++--------------
 1 file changed, 47 insertions(+), 57 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ac20d01937..c53548aa3b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -57,8 +57,7 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
 {
 	return (hash_alg == IMB_AUTH_CHACHA20_POLY1305 ||
 		hash_alg == IMB_AUTH_AES_CCM ||
-		(hash_alg == IMB_AUTH_AES_GMAC &&
-		cipher_mode == IMB_CIPHER_GCM));
+		cipher_mode == IMB_CIPHER_GCM);
 }
 
 /** Set session authentication parameters */
@@ -155,7 +154,6 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 		} else
 			sess->cipher.direction = IMB_DIR_DECRYPT;
 
-		sess->auth.algo = IMB_AUTH_AES_GMAC;
 		if (sess->auth.req_digest_len >
 			get_digest_byte_length(IMB_AUTH_AES_GMAC)) {
 			IPSEC_MB_LOG(ERR, "Invalid digest size\n");
@@ -167,16 +165,19 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
 
 		switch (xform->auth.key.length) {
 		case IMB_KEY_128_BYTES:
+			sess->auth.algo = IMB_AUTH_AES_GMAC_128;
 			IMB_AES128_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
 			sess->cipher.key_length_in_bytes = IMB_KEY_128_BYTES;
 			break;
 		case IMB_KEY_192_BYTES:
+			sess->auth.algo = IMB_AUTH_AES_GMAC_192;
 			IMB_AES192_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
 			sess->cipher.key_length_in_bytes = IMB_KEY_192_BYTES;
 			break;
 		case IMB_KEY_256_BYTES:
+			sess->auth.algo = IMB_AUTH_AES_GMAC_256;
 			IMB_AES256_GCM_PRE(mb_mgr, xform->auth.key.data,
 				&sess->cipher.gcm_key);
 			sess->cipher.key_length_in_bytes = IMB_KEY_256_BYTES;
@@ -1039,19 +1040,20 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 		break;
 
 	case IMB_AUTH_AES_GMAC:
-		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->u.GCM.aad = aad->va;
-			job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
-		} else {
-			/* For GMAC */
-			job->u.GCM.aad = buf;
-			job->u.GCM.aad_len_in_bytes = len;
-			job->cipher_mode = IMB_CIPHER_GCM;
-		}
+		job->u.GCM.aad = aad->va;
+		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
 		job->enc_keys = &session->cipher.gcm_key;
 		job->dec_keys = &session->cipher.gcm_key;
 		break;
 
+	case IMB_AUTH_AES_GMAC_128:
+	case IMB_AUTH_AES_GMAC_192:
+	case IMB_AUTH_AES_GMAC_256:
+		job->u.GMAC._key = &session->cipher.gcm_key;
+		job->u.GMAC._iv = iv->va;
+		job->u.GMAC.iv_len_in_bytes = session->iv.length;
+		break;
+
 	case IMB_AUTH_CHACHA20_POLY1305:
 		job->u.CHACHA20_POLY1305.aad = aad->va;
 		job->u.CHACHA20_POLY1305.aad_len_in_bytes =
@@ -1091,16 +1093,10 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 	job->dst = (uint8_t *)buf + sofs.ofs.cipher.head;
 	job->cipher_start_src_offset_in_bytes = sofs.ofs.cipher.head;
 	job->hash_start_src_offset_in_bytes = sofs.ofs.auth.head;
-	if (job->hash_alg == IMB_AUTH_AES_GMAC &&
-			session->cipher.mode != IMB_CIPHER_GCM) {
-		job->msg_len_to_hash_in_bytes = 0;
-		job->msg_len_to_cipher_in_bytes = 0;
-	} else {
-		job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head -
-			sofs.ofs.auth.tail;
-		job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head -
-			sofs.ofs.cipher.tail;
-	}
+	job->msg_len_to_hash_in_bytes = len - sofs.ofs.auth.head -
+		sofs.ofs.auth.tail;
+	job->msg_len_to_cipher_in_bytes = len - sofs.ofs.cipher.head -
+		sofs.ofs.cipher.tail;
 
 	job->user_data = udata;
 }
@@ -1184,8 +1180,6 @@ sgl_linear_cipher_auth_len(IMB_JOB *job, uint64_t *auth_len)
 			job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN)
 		*auth_len = (job->msg_len_to_hash_in_bits >> 3) +
 				job->hash_start_src_offset_in_bytes;
-	else if (job->hash_alg == IMB_AUTH_AES_GMAC)
-		*auth_len = job->u.GCM.aad_len_in_bytes;
 	else
 		*auth_len = job->msg_len_to_hash_in_bytes +
 				job->hash_start_src_offset_in_bytes;
@@ -1352,24 +1346,24 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		break;
 
 	case IMB_AUTH_AES_GMAC:
-		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->u.GCM.aad = op->sym->aead.aad.data;
-			job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
-			if (sgl) {
-				job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
-				job->cipher_mode = IMB_CIPHER_GCM_SGL;
-				job->hash_alg = IMB_AUTH_GCM_SGL;
-			}
-		} else {
-			/* For GMAC */
-			job->u.GCM.aad = rte_pktmbuf_mtod_offset(m_src,
-					uint8_t *, op->sym->auth.data.offset);
-			job->u.GCM.aad_len_in_bytes = op->sym->auth.data.length;
-			job->cipher_mode = IMB_CIPHER_GCM;
+		job->u.GCM.aad = op->sym->aead.aad.data;
+		job->u.GCM.aad_len_in_bytes = session->aead.aad_len;
+		if (sgl) {
+			job->u.GCM.ctx = &qp_data->gcm_sgl_ctx;
+			job->cipher_mode = IMB_CIPHER_GCM_SGL;
+			job->hash_alg = IMB_AUTH_GCM_SGL;
 		}
 		job->enc_keys = &session->cipher.gcm_key;
 		job->dec_keys = &session->cipher.gcm_key;
 		break;
+	case IMB_AUTH_AES_GMAC_128:
+	case IMB_AUTH_AES_GMAC_192:
+	case IMB_AUTH_AES_GMAC_256:
+		job->u.GMAC._key = &session->cipher.gcm_key;
+		job->u.GMAC._iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+						session->auth_iv.offset);
+		job->u.GMAC.iv_len_in_bytes = session->auth_iv.length;
+		break;
 	case IMB_AUTH_ZUC_EIA3_BITLEN:
 	case IMB_AUTH_ZUC256_EIA3_BITLEN:
 		job->u.ZUC_EIA3._key = session->auth.zuc_auth_key;
@@ -1472,19 +1466,21 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		break;
 
 	case IMB_AUTH_AES_GMAC:
-		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->hash_start_src_offset_in_bytes =
-					op->sym->aead.data.offset;
-			job->msg_len_to_hash_in_bytes =
-					op->sym->aead.data.length;
-		} else { /* AES-GMAC only, only AAD used */
-			job->msg_len_to_hash_in_bytes = 0;
-			job->hash_start_src_offset_in_bytes = 0;
-		}
-
+		job->hash_start_src_offset_in_bytes =
+				op->sym->aead.data.offset;
+		job->msg_len_to_hash_in_bytes =
+				op->sym->aead.data.length;
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 				session->iv.offset);
 		break;
+	case IMB_AUTH_AES_GMAC_128:
+	case IMB_AUTH_AES_GMAC_192:
+	case IMB_AUTH_AES_GMAC_256:
+		job->hash_start_src_offset_in_bytes =
+				op->sym->auth.data.offset;
+		job->msg_len_to_hash_in_bytes =
+				op->sym->auth.data.length;
+		break;
 
 	case IMB_AUTH_GCM_SGL:
 	case IMB_AUTH_CHACHA20_POLY1305_SGL:
@@ -1567,15 +1563,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 					op->sym->cipher.data.length;
 		break;
 	case IMB_CIPHER_GCM:
-		if (session->cipher.mode == IMB_CIPHER_NULL) {
-			/* AES-GMAC only (only AAD used) */
-			job->msg_len_to_cipher_in_bytes = 0;
-			job->cipher_start_src_offset_in_bytes = 0;
-		} else {
-			job->cipher_start_src_offset_in_bytes =
-					op->sym->aead.data.offset;
-			job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
-		}
+		job->cipher_start_src_offset_in_bytes =
+				op->sym->aead.data.offset;
+		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
 		break;
 	case IMB_CIPHER_CCM:
 	case IMB_CIPHER_CHACHA20_POLY1305: