Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/85454/?format=api
https://patches.dpdk.org/api/patches/85454/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20201218141016.1834-2-ktejasree@marvell.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20201218141016.1834-2-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20201218141016.1834-2-ktejasree@marvell.com", "date": "2020-12-18T14:10:15", "name": "[1/2] common/cpt: support SSL/TLS way of cipher-auth operations", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "205dd2c2fe83201bb6f01f6da76d57cdb6b5a8a2", "submitter": { "id": 1789, "url": "https://patches.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20201218141016.1834-2-ktejasree@marvell.com/mbox/", "series": [ { "id": 14372, "url": "https://patches.dpdk.org/api/series/14372/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=14372", "date": "2020-12-18T14:10:14", "name": "support SSL/TLS way of cipher-auth operations", "version": 1, "mbox": "https://patches.dpdk.org/series/14372/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/85454/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/85454/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 9370FA09FD;\n\tFri, 18 Dec 2020 14:14:45 +0100 (CET)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 60A6CCAC9;\n\tFri, 18 Dec 2020 14:14:37 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 9C50DCAB9\n for <dev@dpdk.org>; Fri, 18 Dec 2020 14:14:35 +0100 (CET)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id\n 0BIDCuhI003446; Fri, 18 Dec 2020 05:14:34 -0800", "from sc-exch02.marvell.com ([199.233.58.182])\n by mx0b-0016f401.pphosted.com with ESMTP id 35gq80gtmg-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Fri, 18 Dec 2020 05:14:33 -0800", "from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com\n (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Fri, 18 Dec 2020 05:14:31 -0800", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Fri, 18 Dec 2020 05:14:31 -0800", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Fri, 18 Dec 2020 05:14:31 -0800", "from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id BBD033F703F;\n Fri, 18 Dec 2020 05:14:28 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=oDEzH+8/pvciHrdP8XqWAE7HJswmJSXS/uNI2UtckQo=;\n b=XRYrkMQxoFx1wiRB0UCdrrTW4pnZhec53qvWYN66uKd+5DPZqTvuqOzYCMyOUzTwEBTV\n 2ZmbBREmRAuxYOz4xhKyeZkUFW4lo/cK7tYaSInZArjUl/xRBXZ98Nx1gpyB4qGoOpJH\n bpQNpV+v6nKrN7iBYBBTTEPkM7L8EXxVjG1kToxfNb3uS7rQmgNb5rkeKcbBNy1F8Yq5\n knnaLnm+aMVmkT6GsOf5xaMipHcUILP4G2Yz2fu3I4Q5Hqv4B1H4Y96b1aJQuBkLws9c\n YUhqd1l6W+QxD6aBBPSQOaWF7MCIrtLlCoxUrhOCn8rHhmCotPWyZQM88+I5mBg79tQt EA==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>", "CC": "Tejasree Kondoj <ktejasree@marvell.com>,\n Anoob Joseph <anoobj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>, <dev@dpdk.org>", "Date": "Fri, 18 Dec 2020 19:40:15 +0530", "Message-ID": "<20201218141016.1834-2-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.27.0", "In-Reply-To": "<20201218141016.1834-1-ktejasree@marvell.com>", "References": "<20201218141016.1834-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737\n definitions=2020-12-18_09:2020-12-18,\n 2020-12-18 signatures=0", "Subject": "[dpdk-dev] [PATCH 1/2] common/cpt: support SSL/TLS way of\n\tcipher-auth operations", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Adding support for SSL/TLS way of cipher-auth operations order\n - auth generation followed by encryption\n - decryption followed by auth verify\n\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n doc/guides/rel_notes/release_21_02.rst | 6 +++\n drivers/common/cpt/cpt_mcode_defines.h | 7 +++-\n drivers/common/cpt/cpt_ucode.h | 42 +++++++++++++++----\n drivers/crypto/octeontx/otx_cryptodev_ops.c | 8 +++-\n drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 +++-\n 5 files changed, 59 insertions(+), 12 deletions(-)", "diff": "diff --git a/doc/guides/rel_notes/release_21_02.rst b/doc/guides/rel_notes/release_21_02.rst\nindex 638f98168b..d1d4b25665 100644\n--- a/doc/guides/rel_notes/release_21_02.rst\n+++ b/doc/guides/rel_notes/release_21_02.rst\n@@ -55,6 +55,12 @@ New Features\n Also, make sure to start the actual text at the margin.\n =======================================================\n \n+* **Updated OCTEON TX and OCTEON TX2 crypto PMDs.**\n+\n+ * Added SSL/TLS way of cipher-auth operations support i.e. auth generation\n+ followed by encryption and decryption followed by auth verify in OCTEONT TX\n+ and OCTEON TX2 crypto PMDs.\n+\n \n Removed Items\n -------------\ndiff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h\nindex 56a745f419..624bdcf3cf 100644\n--- a/drivers/common/cpt/cpt_mcode_defines.h\n+++ b/drivers/common/cpt/cpt_mcode_defines.h\n@@ -20,6 +20,9 @@\n #define CPT_MAJOR_OP_ZUC_SNOW3G\t0x37\n #define CPT_MAJOR_OP_KASUMI\t0x38\n #define CPT_MAJOR_OP_MISC\t0x01\n+#define CPT_HMAC_FIRST_BIT_POS\t0x4\n+#define CPT_FC_MINOR_OP_ENCRYPT\t0x0\n+#define CPT_FC_MINOR_OP_DECRYPT\t0x1\n \n /* AE opcodes */\n #define CPT_MAJOR_OP_MODEX\t0x03\n@@ -314,8 +317,10 @@ struct cpt_ctx {\n \tuint64_t hmac\t\t:1;\n \tuint64_t zsk_flags\t:3;\n \tuint64_t k_ecb\t\t:1;\n+\tuint64_t auth_enc\t:1;\n+\tuint64_t dec_auth\t:1;\n \tuint64_t snow3g\t\t:2;\n-\tuint64_t rsvd\t\t:21;\n+\tuint64_t rsvd\t\t:19;\n \t/* Below fields are accessed by hardware */\n \tunion {\n \t\tmc_fc_context_t fctx;\ndiff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h\nindex 0536620710..ee6d49aae7 100644\n--- a/drivers/common/cpt/cpt_ucode.h\n+++ b/drivers/common/cpt/cpt_ucode.h\n@@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags,\n \n \t/* Encryption */\n \tvq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;\n-\tvq_cmd_w0.s.opcode.minor = 0;\n+\tvq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT;\n+\tvq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc <<\n+\t\t\t\t\tCPT_HMAC_FIRST_BIT_POS);\n \n \tif (hash_type == GMAC_TYPE) {\n \t\tencr_offset = 0;\n@@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags,\n \t\toutputlen = enc_dlen + mac_len;\n \t}\n \n+\tif (cpt_ctx->auth_enc != 0)\n+\t\toutputlen = enc_dlen;\n+\n \t/* GP op header */\n \tvq_cmd_w0.s.param1 = encr_data_len;\n \tvq_cmd_w0.s.param2 = auth_data_len;\n@@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags,\n \n \t/* Decryption */\n \tvq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;\n-\tvq_cmd_w0.s.opcode.minor = 1;\n+\tvq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT;\n+\tvq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth <<\n+\t\t\t\t\tCPT_HMAC_FIRST_BIT_POS);\n \n \tif (hash_type == GMAC_TYPE) {\n \t\tencr_offset = 0;\n@@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags,\n \t\toutputlen = enc_dlen;\n \t}\n \n+\tif (cpt_ctx->dec_auth != 0)\n+\t\toutputlen = inputlen = enc_dlen;\n+\n \tvq_cmd_w0.s.param1 = encr_data_len;\n \tvq_cmd_w0.s.param2 = auth_data_len;\n \n@@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,\n \t\t struct cpt_sess_misc *sess)\n {\n \tstruct rte_crypto_cipher_xform *c_form;\n+\tstruct cpt_ctx *ctx = SESS_PRIV(sess);\n \tcipher_type_t enc_type = 0; /* NULL Cipher type */\n \tuint32_t cipher_key_len = 0;\n \tuint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;\n@@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,\n \n \tif (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n \t\tsess->cpt_op |= CPT_OP_CIPHER_ENCRYPT;\n-\telse if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT)\n+\telse if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {\n \t\tsess->cpt_op |= CPT_OP_CIPHER_DECRYPT;\n-\telse {\n+\t\tif (xform->next != NULL &&\n+\t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n+\t\t\t/* Perform decryption followed by auth verify */\n+\t\t\tctx->dec_auth = 1;\n+\t\t}\n+\t} else {\n \t\tCPT_LOG_DP_ERR(\"Unknown cipher operation\\n\");\n \t\treturn -1;\n \t}\n@@ -2667,10 +2683,18 @@ static __rte_always_inline int\n fill_sess_auth(struct rte_crypto_sym_xform *xform,\n \t struct cpt_sess_misc *sess)\n {\n+\tstruct cpt_ctx *ctx = SESS_PRIV(sess);\n \tstruct rte_crypto_auth_xform *a_form;\n \tauth_type_t auth_type = 0; /* NULL Auth type */\n \tuint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;\n \n+\tif (xform->next != NULL &&\n+\t xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n+\t xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n+\t\t/* Perform auth followed by encryption */\n+\t\tctx->auth_enc = 1;\n+\t}\n+\n \ta_form = &xform->auth;\n \n \tif (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)\n@@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop,\n {\n \tuint32_t space = 0;\n \tstruct rte_crypto_sym_op *sym_op = cop->sym;\n+\tstruct cpt_ctx *ctx = SESS_PRIV(sess_misc);\n \tvoid *mdata = NULL;\n \tuintptr_t *op;\n \tuint32_t mc_hash_off;\n@@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop,\n \t\t\t\tm = m_src;\n \n \t\t\t/* hmac immediately following data is best case */\n-\t\t\tif (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +\n+\t\t\tif (!ctx->dec_auth && !ctx->auth_enc &&\n+\t\t\t\t (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +\n \t\t\t mc_hash_off !=\n-\t\t\t (uint8_t *)sym_op->auth.digest.data)) {\n+\t\t\t (uint8_t *)sym_op->auth.digest.data))) {\n \t\t\t\tflags |= VALID_MAC_BUF;\n \t\t\t\tfc_params.mac_buf.size =\n \t\t\t\t\tsess_misc->mac_len;\n@@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop,\n \tfc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc);\n \tfc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr;\n \n-\tif (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE))\n+\tif (!ctx->dec_auth &&\n+\t\t unlikely(sess_misc->is_null ||\n+\t\t sess_misc->cpt_op == CPT_OP_DECODE))\n \t\tinplace = 0;\n \n \tif (likely(!m_dst && inplace)) {\ndiff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c\nindex 0cf760b296..af7a1f64f8 100644\n--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c\n+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c\n@@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)\n \tif (xform->next) {\n \t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&\n \t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n-\t\t xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&\n+\t\t (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||\n+\t\t xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))\n \t\t\treturn -ENOTSUP;\n \n \t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n \t\t xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&\n-\t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)\n+\t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&\n+\t\t (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||\n+\t\t xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))\n \t\t\treturn -ENOTSUP;\n \n \t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\ndiff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c\nindex 5f2ccc0872..5511739663 100644\n--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c\n+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c\n@@ -320,12 +320,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)\n \tif (xform->next) {\n \t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&\n \t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n-\t\t xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&\n+\t\t (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||\n+\t\t xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))\n \t\t\treturn -ENOTSUP;\n \n \t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n \t\t xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&\n-\t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)\n+\t\t xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&\n+\t\t (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||\n+\t\t xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))\n \t\t\treturn -ENOTSUP;\n \n \t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&\n", "prefixes": [ "1/2" ] }{ "id": 85454, "url": "