diff mbox series

[v2,12/24] common/cnxk: update opad-ipad gen to handle TLS

Message ID	20240102045417.115-13-anoobj@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Anoob Joseph <anoobj@marvell.com> To: Akhil Goyal <gakhil@marvell.com> CC: Jerin Jacob <jerinj@marvell.com>, Vidya Sagar Velumuri <vvelumuri@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org> Subject: [PATCH v2 12/24] common/cnxk: update opad-ipad gen to handle TLS Date: Tue, 2 Jan 2024 10:24:05 +0530 Message-ID: <20240102045417.115-13-anoobj@marvell.com> In-Reply-To: <20240102045417.115-1-anoobj@marvell.com> References: <20231221123545.510-1-anoobj@marvell.com> <20240102045417.115-1-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	Fixes and improvements in crypto cnxk \| [v2,00/24] Fixes and improvements in crypto cnxk [v2,01/24] common/cnxk: fix memory leak [v2,02/24] crypto/cnxk: use common macro [v2,03/24] crypto/cnxk: fallback to SG if headroom is not available [v2,04/24] crypto/cnxk: return microcode completion code [v2,05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k [v2,06/24] crypto/cnxk: enable digest gen for zero len input [v2,07/24] crypto/cnxk: enable Rx inject in security lookaside [v2,08/24] common/cnxk: add Rx inject configs [v2,09/24] crypto/cnxk: Rx inject config update [v2,10/24] crypto/cnxk: enable Rx inject for 103 [v2,11/24] crypto/cnxk: rename security caps as IPsec security caps [v2,12/24] common/cnxk: update opad-ipad gen to handle TLS [v2,13/24] common/cnxk: add TLS record contexts [v2,14/24] crypto/cnxk: separate IPsec from security common code [v2,15/24] crypto/cnxk: add TLS record session ops [v2,16/24] crypto/cnxk: add TLS record datapath handling [v2,17/24] crypto/cnxk: add TLS capability [v2,18/24] crypto/cnxk: add PMD APIs for raw submission to CPT [v2,19/24] crypto/cnxk: replace PDCP with PDCP chain opcode [v2,20/24] crypto/cnxk: validate the combinations supported in TLS [v2,21/24] crypto/cnxk: use a single function for opad ipad [v2,22/24] crypto/cnxk: add support for TLS 1.3 [v2,23/24] crypto/cnxk: add TLS 1.3 capability [v2,24/24] crypto/cnxk: add CPT SG mode debug

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Anoob Joseph Jan. 2, 2024, 4:54 a.m. UTC

  For TLS opcodes, ipad is at the offset 64 as compared to the packed
implementation for IPsec. Extend the function to handle TLS contexts as
well.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/common/cnxk/cnxk_security.c | 15 ++++++++-------
 drivers/common/cnxk/cnxk_security.h |  3 ++-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff mbox series

Patch

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 81991c4697..bdb04fe142 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -9,7 +9,8 @@ 
 #include "roc_api.h"
 
 void
-cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad)
+cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
+		       bool is_tls)
 {
 	const uint8_t *key = auth_xform->auth.key.data;
 	uint32_t length = auth_xform->auth.key.length;
@@ -29,11 +30,11 @@  cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_op
 	switch (auth_xform->auth.algo) {
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 		roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-		roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+		roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
 		break;
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
 		roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
-		roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+		roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
@@ -191,7 +192,7 @@  ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 			const uint8_t *auth_key = auth_xfrm->auth.key.data;
 			roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
 		} else {
-			cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+			cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
 		}
 
 		tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -740,7 +741,7 @@  onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
 		key = cipher_xfrm->cipher.key.data;
 		length = cipher_xfrm->cipher.key.length;
 
-		cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+		cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
 	}
 
 	switch (length) {
@@ -1373,7 +1374,7 @@  cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
 
 			roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
 		} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
 		}
 	}
 
@@ -1440,7 +1441,7 @@  cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
 
 			roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
 		} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
-			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+			cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
 		}
 	}
 
diff --git a/drivers/common/cnxk/cnxk_security.h b/drivers/common/cnxk/cnxk_security.h
index fabf694df4..86ec657cb0 100644
--- a/drivers/common/cnxk/cnxk_security.h
+++ b/drivers/common/cnxk/cnxk_security.h
@@ -70,6 +70,7 @@  int __roc_api cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipse
 					   struct roc_ie_on_outb_sa *out_sa);
 
 __rte_internal
-void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad);
+void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
+			    bool is_tls);
 
 #endif /* _CNXK_SECURITY_H__ */