Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/131173/?format=api
{ "id": 131173, "url": "https://patches.dpdk.org/api/patches/131173/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20230905151219.1548547-2-brian.dooley@intel.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230905151219.1548547-2-brian.dooley@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230905151219.1548547-2-brian.dooley@intel.com", "date": "2023-09-05T15:12:18", "name": "[v4,1/2] crypto/ipsec_mb: add digest encrypted feature", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "0914090d770a9035ad833a2d5bb6e5a65dd96bef", "submitter": { "id": 2520, "url": "https://patches.dpdk.org/api/people/2520/?format=api", "name": "Dooley, Brian", "email": "brian.dooley@intel.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20230905151219.1548547-2-brian.dooley@intel.com/mbox/", "series": [ { "id": 29426, "url": "https://patches.dpdk.org/api/series/29426/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=29426", "date": "2023-09-05T15:12:17", "name": "Add Digest Encrypted to aesni_mb PMD", "version": 4, "mbox": "https://patches.dpdk.org/series/29426/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/131173/comments/", "check": "warning", "checks": "https://patches.dpdk.org/api/patches/131173/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 4A82D42503;\n\tTue, 5 Sep 2023 17:13:07 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 44F5E40DFD;\n\tTue, 5 Sep 2023 17:13:07 +0200 (CEST)", "from mgamail.intel.com (mgamail.intel.com [134.134.136.20])\n by mails.dpdk.org (Postfix) with ESMTP id 031EC40279\n for <dev@dpdk.org>; Tue, 5 Sep 2023 17:13:04 +0200 (CEST)", "from orsmga003.jf.intel.com ([10.7.209.27])\n by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 05 Sep 2023 08:12:59 -0700", "from silpixa00400883.ir.intel.com ([10.243.22.155])\n by orsmga003.jf.intel.com with ESMTP; 05 Sep 2023 08:12:57 -0700" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1693926785; x=1725462785;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=dwDl0zJdeqD+A2Ql3Z3vPWLDqUV1KYvr5gPdjL8QXm0=;\n b=ERSg43syY0S/KgbcXmBLoMJvTuksOwChRQTYT8gdpB0aZKz2kCBkmbOW\n dWcb9WhLLKUil3lPVvlqAbis2q9G4caW1F3pcWz7kAVMan/x+IW3aikxJ\n 1C3JSmUvzT9aIh6mrctkAuxd2Bb7Z7HrtUpGgBgx5F22XFkKRoBnYW4Bl\n EykFzWlPWZG7RSQNorGeJrRPZTewGzpc+hmn3re2a+Y5NSz0cEbA2v2YL\n /8gmaQ9zBHEIxa7Wyzt2uXYC9o6BJzWkS4E5OC+03E+IgtWqSKZRA0lws\n Tk7wnI9QsnlLJFM51dpWQkLo31Bd097U/cNZ00dkJ0p4Tcr0AFMW9o8oJ A==;", "X-IronPort-AV": [ "E=McAfee;i=\"6600,9927,10824\"; a=\"367040610\"", "E=Sophos;i=\"6.02,229,1688454000\"; d=\"scan'208\";a=\"367040610\"", "E=McAfee;i=\"6600,9927,10824\"; a=\"690961560\"", "E=Sophos;i=\"6.02,229,1688454000\"; d=\"scan'208\";a=\"690961560\"" ], "X-ExtLoop1": "1", "From": "Brian Dooley <brian.dooley@intel.com>", "To": "Kai Ji <kai.ji@intel.com>, Pablo de Lara <pablo.de.lara.guarch@intel.com>", "Cc": "dev@dpdk.org,\n\tgakhil@marvell.com,\n\tBrian Dooley <brian.dooley@intel.com>", "Subject": "[PATCH v4 1/2] crypto/ipsec_mb: add digest encrypted feature", "Date": "Tue, 5 Sep 2023 15:12:18 +0000", "Message-Id": "<20230905151219.1548547-2-brian.dooley@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20230905151219.1548547-1-brian.dooley@intel.com>", "References": "<20230825084135.3430358-1-brian.dooley@intel.com>\n <20230905151219.1548547-1-brian.dooley@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "AESNI_MB PMD does not support Digest Encrypted. This patch adds a check and\nsupport for this feature.\n\nSigned-off-by: Brian Dooley <brian.dooley@intel.com>\n---\nv2:\nFixed CHECKPATCH warning\nv3:\nAdd Digest encrypted support to docs\nv4:\nadd comments and refactor\n---\n doc/guides/cryptodevs/features/aesni_mb.ini | 1 +\n drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 109 +++++++++++++++++++-\n 2 files changed, 105 insertions(+), 5 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini\nindex e4e965c35a..8df5fa2c85 100644\n--- a/doc/guides/cryptodevs/features/aesni_mb.ini\n+++ b/doc/guides/cryptodevs/features/aesni_mb.ini\n@@ -20,6 +20,7 @@ OOP LB In LB Out = Y\n CPU crypto = Y\n Symmetric sessionless = Y\n Non-Byte aligned data = Y\n+Digest encrypted = Y\n \n ;\n ; Supported crypto algorithms of the 'aesni_mb' crypto driver.\ndiff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\nindex 9e298023d7..552d1f16b5 100644\n--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\n+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\n@@ -1438,6 +1438,54 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,\n \treturn 0;\n }\n \n+/** Check if conditions are met for digest-appended operations */\n+static uint8_t *\n+aesni_mb_digest_appended_in_src(struct rte_crypto_op *op, IMB_JOB *job,\n+\t\tuint32_t oop)\n+{\n+\tunsigned int auth_size, cipher_size;\n+\tuint8_t *end_cipher;\n+\tuint8_t *start_cipher;\n+\n+\tif (job->cipher_mode == IMB_CIPHER_NULL)\n+\t\treturn NULL;\n+\n+\tif (job->cipher_mode == IMB_CIPHER_ZUC_EEA3 ||\n+\t\tjob->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||\n+\t\tjob->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {\n+\t\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t\t(op->sym->cipher.data.length >> 3);\n+\t} else {\n+\t\tcipher_size = (op->sym->cipher.data.offset) +\n+\t\t\t(op->sym->cipher.data.length);\n+\t}\n+\tif (job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN ||\n+\t\tjob->hash_alg == IMB_AUTH_SNOW3G_UIA2_BITLEN ||\n+\t\tjob->hash_alg == IMB_AUTH_KASUMI_UIA1 ||\n+\t\tjob->hash_alg == IMB_AUTH_ZUC256_EIA3_BITLEN) {\n+\t\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t\t(op->sym->auth.data.length >> 3);\n+\t} else {\n+\t\tauth_size = (op->sym->auth.data.offset) +\n+\t\t\t(op->sym->auth.data.length);\n+\t}\n+\n+\tif (!oop) {\n+\t\tend_cipher = rte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *, cipher_size);\n+\t\tstart_cipher = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);\n+\t} else {\n+\t\tend_cipher = rte_pktmbuf_mtod_offset(op->sym->m_dst, uint8_t *, cipher_size);\n+\t\tstart_cipher = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);\n+\t}\n+\n+\tif (start_cipher < op->sym->auth.digest.data &&\n+\t\top->sym->auth.digest.data < end_cipher) {\n+\t\treturn rte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *, auth_size);\n+\t} else {\n+\t\treturn NULL;\n+\t}\n+}\n+\n /**\n * Process a crypto operation and complete a IMB_JOB job structure for\n * submission to the multi buffer library for processing.\n@@ -1580,9 +1628,12 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,\n \t} else {\n \t\tif (aead)\n \t\t\tjob->auth_tag_output = op->sym->aead.digest.data;\n-\t\telse\n-\t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n-\n+\t\telse {\n+\t\t\tjob->auth_tag_output = aesni_mb_digest_appended_in_src(op, job, oop);\n+\t\t\tif (job->auth_tag_output == NULL) {\n+\t\t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n+\t\t\t}\n+\t\t}\n \t\tif (session->auth.req_digest_len !=\n \t\t\t\tjob->auth_tag_output_len_in_bytes) {\n \t\t\tjob->auth_tag_output =\n@@ -1917,6 +1968,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)\n \tstruct aesni_mb_session *sess = NULL;\n \tuint8_t *linear_buf = NULL;\n \tint sgl = 0;\n+\tuint8_t oop = 0;\n \tuint8_t is_docsis_sec = 0;\n \n \tif (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {\n@@ -1962,8 +2014,54 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)\n \t\t\t\t\t\top->sym->auth.digest.data,\n \t\t\t\t\t\tsess->auth.req_digest_len,\n \t\t\t\t\t\t&op->status);\n-\t\t\t} else\n+\t\t\t} else {\n+\t\t\t\tif (!op->sym->m_dst || op->sym->m_dst == op->sym->m_src) {\n+\t\t\t\t\t/* in-place operation */\n+\t\t\t\t\toop = 0;\n+\t\t\t\t} else { /* out-of-place operation */\n+\t\t\t\t\toop = 1;\n+\t\t\t\t}\n+\n+\t\t\t\t/* Enable digest check */\n+\t\t\t\tif (op->sym->m_src->nb_segs == 1 && op->sym->m_dst != NULL\n+\t\t\t\t&& !is_aead_algo(job->hash_alg,\tsess->template_job.cipher_mode) &&\n+\t\t\t\taesni_mb_digest_appended_in_src(op, job, oop) != NULL) {\n+\t\t\t\t\tunsigned int auth_size, cipher_size;\n+\t\t\t\t\tint unencrypted_bytes = 0;\n+\t\t\t\t\tif (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||\n+\t\t\t\t\t\tjob->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN ||\n+\t\t\t\t\t\tjob->cipher_mode == IMB_CIPHER_ZUC_EEA3) {\n+\t\t\t\t\t\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t\t\t\t\t\t(op->sym->cipher.data.length >> 3);\n+\t\t\t\t\t} else {\n+\t\t\t\t\t\tcipher_size = (op->sym->cipher.data.offset) +\n+\t\t\t\t\t\t\t(op->sym->cipher.data.length);\n+\t\t\t\t\t}\n+\t\t\t\t\tif (job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_SNOW3G_UIA2_BITLEN ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_KASUMI_UIA1 ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_ZUC256_EIA3_BITLEN) {\n+\t\t\t\t\t\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t\t\t\t\t\t(op->sym->auth.data.length >> 3);\n+\t\t\t\t\t} else {\n+\t\t\t\t\t\tauth_size = (op->sym->auth.data.offset) +\n+\t\t\t\t\t\t(op->sym->auth.data.length);\n+\t\t\t\t\t}\n+\t\t\t\t\t/* Check for unencrypted bytes in partial digest cases */\n+\t\t\t\t\tif (job->cipher_mode != IMB_CIPHER_NULL) {\n+\t\t\t\t\t\tunencrypted_bytes = auth_size +\n+\t\t\t\t\t\tjob->auth_tag_output_len_in_bytes - cipher_size;\n+\t\t\t\t\t\tif (unencrypted_bytes > 0)\n+\t\t\t\t\t\t\trte_memcpy(\n+\t\t\t\t\t\t\trte_pktmbuf_mtod_offset(\n+\t\t\t\t\t\t\t\top->sym->m_dst, uint8_t *, cipher_size),\n+\t\t\t\t\t\t\trte_pktmbuf_mtod_offset(\n+\t\t\t\t\t\t\t\top->sym->m_src, uint8_t *, cipher_size),\n+\t\t\t\t\t\t\tunencrypted_bytes);\n+\t\t\t\t\t}\n+\t\t\t\t}\n \t\t\t\tgenerate_digest(job, op, sess);\n+\t\t\t}\n \t\t\tbreak;\n \t\tdefault:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n@@ -2555,7 +2653,8 @@ RTE_INIT(ipsec_mb_register_aesni_mb)\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |\n \t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |\n-\t\t\tRTE_CRYPTODEV_FF_SECURITY;\n+\t\t\tRTE_CRYPTODEV_FF_SECURITY |\n+\t\t\tRTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;\n \n \taesni_mb_data->internals_priv_size = 0;\n \taesni_mb_data->ops = &aesni_mb_pmd_ops;\n", "prefixes": [ "v4", "1/2" ] }