Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 94478,
    "url": "https://patches.dpdk.org/api/patches/94478/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20210618121803.1189857-7-piotrx.bronowski@intel.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20210618121803.1189857-7-piotrx.bronowski@intel.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20210618121803.1189857-7-piotrx.bronowski@intel.com",
    "date": "2021-06-18T12:18:02",
    "name": "[RFC,6/7] crypto/snow3g: add support for digest appended ops",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "6fdd4195e2b8f3a49071c0faf6a94d1047337e4a",
    "submitter": {
        "id": 2261,
        "url": "https://patches.dpdk.org/api/people/2261/?format=api",
        "name": "Piotr Bronowski",
        "email": "piotrx.bronowski@intel.com"
    },
    "delegate": {
        "id": 6690,
        "url": "https://patches.dpdk.org/api/users/6690/?format=api",
        "username": "akhil",
        "first_name": "akhil",
        "last_name": "goyal",
        "email": "gakhil@marvell.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20210618121803.1189857-7-piotrx.bronowski@intel.com/mbox/",
    "series": [
        {
            "id": 17395,
            "url": "https://patches.dpdk.org/api/series/17395/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17395",
            "date": "2021-06-18T12:17:56",
            "name": "crypto/ipsec_mb: introduce ipsec_mb framework",
            "version": 1,
            "mbox": "https://patches.dpdk.org/series/17395/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/94478/comments/",
    "check": "success",
    "checks": "https://patches.dpdk.org/api/patches/94478/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 67A1FA0C46;\n\tFri, 18 Jun 2021 14:20:10 +0200 (CEST)",
            "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id E261441136;\n\tFri, 18 Jun 2021 14:19:45 +0200 (CEST)",
            "from mga07.intel.com (mga07.intel.com [134.134.136.100])\n by mails.dpdk.org (Postfix) with ESMTP id BB6C74113D\n for <dev@dpdk.org>; Fri, 18 Jun 2021 14:19:44 +0200 (CEST)",
            "from fmsmga001.fm.intel.com ([10.253.24.23])\n by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 18 Jun 2021 05:19:44 -0700",
            "from silpixa00400320.ir.intel.com ([10.237.214.214])\n by fmsmga001.fm.intel.com with ESMTP; 18 Jun 2021 05:19:42 -0700"
        ],
        "IronPort-SDR": [
            "\n 3DdDqTY/4lpfL26EqjC7bNwLtjf7PB1SgpS5ixlr0rXTIDACwTu4vpY3q66N1DlbmkVxSSUj1s\n kOVEKNM/VUUw==",
            "\n 5+VT6Yz/qU/VZffnL683WyQ0sUNDyq9JXm5tOR924FH9Usx3Pv88l9wNO2QFel2Ks9zf11iylM\n +5eIGr3IML/Q=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6200,9189,10018\"; a=\"270392104\"",
            "E=Sophos;i=\"5.83,283,1616482800\"; d=\"scan'208\";a=\"270392104\"",
            "E=Sophos;i=\"5.83,283,1616482800\"; d=\"scan'208\";a=\"555560549\""
        ],
        "X-ExtLoop1": "1",
        "From": "pbronowx <piotrx.bronowski@intel.com>",
        "To": "dev@dpdk.org",
        "Cc": "roy.fan.zhang@intel.com, thomas@monjalon.net, gakhil@marvell.com,\n ferruh.yigit@intel.com, declan.doherty@intel.com,\n pbronowx <piotrx.bronowski@intel.com>,\n Damian Nowak <damianx.nowak@intel.com>, Kai Ji <kai.ji@intel.com>",
        "Date": "Fri, 18 Jun 2021 12:18:02 +0000",
        "Message-Id": "<20210618121803.1189857-7-piotrx.bronowski@intel.com>",
        "X-Mailer": "git-send-email 2.25.1",
        "In-Reply-To": "<20210618121803.1189857-1-piotrx.bronowski@intel.com>",
        "References": "<20210618121803.1189857-1-piotrx.bronowski@intel.com>",
        "MIME-Version": "1.0",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Subject": "[dpdk-dev] [RFC 6/7] crypto/snow3g: add support for digest appended\n ops",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "This patch enable out-of-place auth-cipher operations where\ndigest should be encrypted among with the rest of raw data.\nIt also adds support for partially encrypted digest when using\nauth-cipher operations.\n\nFixes: 7c87e2d7b359 (\"crypto/snow3g: use IPsec library\").\nMerged to ipsec_mb framework.\n\nSigned-off-by: Damian Nowak <damianx.nowak@intel.com>\nSigned-off-by: Kai Ji <kai.ji@intel.com>\nSigned-off-by: pbronowx <piotrx.bronowski@intel.com>\n---\n doc/guides/cryptodevs/features/snow3g.ini |   1 +\n drivers/crypto/ipsec_mb/pmd_snow3g.c      | 140 ++++++++++++++++++++--\n 2 files changed, 128 insertions(+), 13 deletions(-)",
    "diff": "diff --git a/doc/guides/cryptodevs/features/snow3g.ini b/doc/guides/cryptodevs/features/snow3g.ini\nindex 14ac7e4b6d..4d4c5b579b 100644\n--- a/doc/guides/cryptodevs/features/snow3g.ini\n+++ b/doc/guides/cryptodevs/features/snow3g.ini\n@@ -8,6 +8,7 @@ Symmetric crypto       = Y\n Sym operation chaining = Y\n Symmetric sessionless  = Y\n Non-Byte aligned data  = Y\n+Digest encrypted       = Y\n OOP LB  In LB  Out     = Y\n \n ;\ndiff --git a/drivers/crypto/ipsec_mb/pmd_snow3g.c b/drivers/crypto/ipsec_mb/pmd_snow3g.c\nindex 2bd35be847..da8718c15b 100644\n--- a/drivers/crypto/ipsec_mb/pmd_snow3g.c\n+++ b/drivers/crypto/ipsec_mb/pmd_snow3g.c\n@@ -160,6 +160,24 @@ snow3g_session_configure(MB_MGR *mgr, void *priv_sess,\n \treturn 0;\n }\n \n+/** Check if conditions are met for digest-appended operations */\n+static uint8_t *\n+snow3g_digest_appended_in_src(struct rte_crypto_op *op)\n+{\n+\tunsigned int auth_size, cipher_size;\n+\n+\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t(op->sym->auth.data.length >> 3);\n+\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t(op->sym->cipher.data.length >> 3);\n+\n+\tif (auth_size < cipher_size)\n+\t\treturn rte_pktmbuf_mtod_offset(op->sym->m_src,\n+\t\t\t\tuint8_t *, auth_size);\n+\n+\treturn NULL;\n+}\n+\n /** Encrypt/decrypt mbufs with same cipher key. */\n static uint8_t\n process_snow3g_cipher_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,\n@@ -170,27 +188,73 @@ process_snow3g_cipher_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,\n \tuint8_t processed_ops = 0;\n \tconst void *src[SNOW3G_MAX_BURST];\n \tvoid *dst[SNOW3G_MAX_BURST];\n+\tuint8_t *digest_appended[SNOW3G_MAX_BURST];\n \tconst void *iv[SNOW3G_MAX_BURST];\n \tuint32_t num_bytes[SNOW3G_MAX_BURST];\n+\tuint32_t cipher_off, cipher_len;\n+\tint unencrypted_bytes = 0;\n \n \tfor (i = 0; i < num_ops; i++) {\n-\t\tsrc[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +\n-\t\t\t\t(ops[i]->sym->cipher.data.offset >> 3);\n-\t\tdst[i] = ops[i]->sym->m_dst ?\n-\t\t\trte_pktmbuf_mtod(ops[i]->sym->m_dst, uint8_t *) +\n-\t\t\t\t(ops[i]->sym->cipher.data.offset >> 3) :\n-\t\t\trte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +\n-\t\t\t\t(ops[i]->sym->cipher.data.offset >> 3);\n+\n+\t\tcipher_off = ops[i]->sym->cipher.data.offset >> 3;\n+\t\tcipher_len = ops[i]->sym->cipher.data.length >> 3;\n+\t\tsrc[i] = rte_pktmbuf_mtod_offset(\n+\t\t\tops[i]->sym->m_src,\tuint8_t *, cipher_off);\n+\n+\t\t/* If out-of-place operation */\n+\t\tif (ops[i]->sym->m_dst &&\n+\t\t\tops[i]->sym->m_src != ops[i]->sym->m_dst) {\n+\t\t\tdst[i] = rte_pktmbuf_mtod_offset(\n+\t\t\t\tops[i]->sym->m_dst, uint8_t *, cipher_off);\n+\n+\t\t\t/* In case of out-of-place, auth-cipher operation\n+\t\t\t * with partial encryption of the digest, copy\n+\t\t\t * the remaining, unencrypted part.\n+\t\t\t */\n+\t\t\tif (session->op == IPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT\n+\t\t\t    || session->op == IPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT)\n+\t\t\t\tunencrypted_bytes =\n+\t\t\t\t\t(ops[i]->sym->auth.data.offset >> 3) +\n+\t\t\t\t\t(ops[i]->sym->auth.data.length >> 3) +\n+\t\t\t\t\t(SNOW3G_DIGEST_LENGTH) -\n+\t\t\t\t\tcipher_off - cipher_len;\n+\t\t\tif (unencrypted_bytes > 0)\n+\t\t\t\trte_memcpy(\n+\t\t\t\t\trte_pktmbuf_mtod_offset(\n+\t\t\t\t\t\tops[i]->sym->m_dst, uint8_t *,\n+\t\t\t\t\t\tcipher_off + cipher_len),\n+\t\t\t\t\trte_pktmbuf_mtod_offset(\n+\t\t\t\t\t\tops[i]->sym->m_src, uint8_t *,\n+\t\t\t\t\t\tcipher_off + cipher_len),\n+\t\t\t\t\tunencrypted_bytes);\n+\t\t} else\n+\t\t\tdst[i] = rte_pktmbuf_mtod_offset(ops[i]->sym->m_src,\n+\t\t\t\t\t\tuint8_t *, cipher_off);\n+\n \t\tiv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,\n \t\t\t\tsession->cipher_iv_offset);\n-\t\tnum_bytes[i] = ops[i]->sym->cipher.data.length >> 3;\n-\n+\t\tnum_bytes[i] = cipher_len;\n \t\tprocessed_ops++;\n \t}\n \n \tIMB_SNOW3G_F8_N_BUFFER(qp->mb_mgr, &session->pKeySched_cipher, iv,\n \t\t\tsrc, dst, num_bytes, processed_ops);\n \n+\t/* Take care of the raw digest data in src buffer */\n+\tfor (i = 0; i < num_ops; i++) {\n+\t\tif ((session->op == IPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT ||\n+\t\t\tsession->op == IPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT) &&\n+\t\t\t\tops[i]->sym->m_dst != NULL) {\n+\t\t\tdigest_appended[i] =\n+\t\t\t\tsnow3g_digest_appended_in_src(ops[i]);\n+\t\t\t/* Clear unencrypted digest from\n+\t\t\t * the src buffer\n+\t\t\t */\n+\t\t\tif (digest_appended[i] != NULL)\n+\t\t\t\tmemset(digest_appended[i],\n+\t\t\t\t\t0, SNOW3G_DIGEST_LENGTH);\n+\t\t}\n+\t}\n \treturn processed_ops;\n }\n \n@@ -203,6 +267,7 @@ process_snow3g_cipher_op_bit(struct ipsec_mb_qp *qp,\n \tuint8_t *src, *dst;\n \tuint8_t *iv;\n \tuint32_t length_in_bits, offset_in_bits;\n+\tint unencrypted_bytes = 0;\n \n \toffset_in_bits = op->sym->cipher.data.offset;\n \tsrc = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);\n@@ -211,10 +276,32 @@ process_snow3g_cipher_op_bit(struct ipsec_mb_qp *qp,\n \t\tIPSEC_MB_LOG(ERR, \"bit-level in-place not supported\\n\");\n \t\treturn 0;\n \t}\n+\tlength_in_bits = op->sym->cipher.data.length;\n \tdst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);\n+\t/* In case of out-of-place, auth-cipher operation\n+\t * with partial encryption of the digest, copy\n+\t * the remaining, unencrypted part.\n+\t */\n+\tif (session->op == IPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT ||\n+\t\tsession->op == IPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT)\n+\t\tunencrypted_bytes =\n+\t\t\t(op->sym->auth.data.offset >> 3) +\n+\t\t\t(op->sym->auth.data.length >> 3) +\n+\t\t\t(SNOW3G_DIGEST_LENGTH) -\n+\t\t\t(offset_in_bits >> 3) -\n+\t\t\t(length_in_bits >> 3);\n+\tif (unencrypted_bytes > 0)\n+\t\trte_memcpy(\n+\t\t\trte_pktmbuf_mtod_offset(\n+\t\t\t\top->sym->m_dst, uint8_t *,\n+\t\t\t\t(length_in_bits >> 3)),\n+\t\t\trte_pktmbuf_mtod_offset(\n+\t\t\t\top->sym->m_src, uint8_t *,\n+\t\t\t\t(length_in_bits >> 3)),\n+\t\t\t\tunencrypted_bytes);\n+\n \tiv = rte_crypto_op_ctod_offset(op, uint8_t *,\n \t\t\t\tsession->cipher_iv_offset);\n-\tlength_in_bits = op->sym->cipher.data.length;\n \n \tIMB_SNOW3G_F8_1_BUFFER_BIT(qp->mb_mgr, &session->pKeySched_cipher, iv,\n \t\t\tsrc, dst, length_in_bits, offset_in_bits);\n@@ -233,6 +320,7 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,\n \tuint8_t *src, *dst;\n \tuint32_t length_in_bits;\n \tuint8_t *iv;\n+\tuint8_t digest_appended = 0;\n \tstruct snow3g_qp_data *qp_data = ipsec_mb_get_qp_private_data(qp);\n \n \tfor (i = 0; i < num_ops; i++) {\n@@ -243,6 +331,8 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,\n \t\t\tbreak;\n \t\t}\n \n+\t\tdst = NULL;\n+\n \t\tlength_in_bits = ops[i]->sym->auth.data.length;\n \n \t\tsrc = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +\n@@ -252,6 +342,15 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,\n \n \t\tif (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {\n \t\t\tdst = qp_data->temp_digest;\n+\t\t\t /* Handle auth cipher verify oop case*/\n+\t\t\tif ((session->op ==\n+\t\t\t\tIPSEC_MB_OP_ENCRYPT_THEN_HASH_GEN ||\n+\t\t\t\tsession->op ==\n+\t\t\t\tIPSEC_MB_OP_DECRYPT_THEN_HASH_VERIFY) &&\n+\t\t\t\tops[i]->sym->m_dst != NULL)\n+\t\t\t\tsrc = rte_pktmbuf_mtod_offset(\n+\t\t\t\t\tops[i]->sym->m_dst, uint8_t *,\n+\t\t\t\t\tops[i]->sym->auth.data.offset >> 3);\n \n \t\t\tIMB_SNOW3G_F9_1_BUFFER(qp->mb_mgr,\n \t\t\t\t\t&session->pKeySched_hash,\n@@ -261,12 +360,26 @@ process_snow3g_hash_op(struct ipsec_mb_qp *qp, struct rte_crypto_op **ops,\n \t\t\t\t\tSNOW3G_DIGEST_LENGTH) != 0)\n \t\t\t\tops[i]->status =\n \t\t\t\t\tRTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n-\t\t} else  {\n-\t\t\tdst = ops[i]->sym->auth.digest.data;\n+\t\t} else {\n+\t\t\tif (session->op ==\n+\t\t\t\tIPSEC_MB_OP_HASH_VERIFY_THEN_DECRYPT ||\n+\t\t\t\tsession->op ==\n+\t\t\t\tIPSEC_MB_OP_HASH_GEN_THEN_ENCRYPT)\n+\t\t\t\tdst = snow3g_digest_appended_in_src(ops[i]);\n+\n+\t\t\tif (dst != NULL)\n+\t\t\t\tdigest_appended = 1;\n+\t\t\telse\n+\t\t\t\tdst = ops[i]->sym->auth.digest.data;\n \n \t\t\tIMB_SNOW3G_F9_1_BUFFER(qp->mb_mgr,\n \t\t\t\t\t&session->pKeySched_hash,\n \t\t\t\t\tiv, src, length_in_bits, dst);\n+\n+\t\t\t/* Copy back digest from src to auth.digest.data */\n+\t\t\tif (digest_appended)\n+\t\t\t\trte_memcpy(ops[i]->sym->auth.digest.data,\n+\t\t\t\t\tdst, SNOW3G_DIGEST_LENGTH);\n \t\t}\n \t\tprocessed_ops++;\n \t}\n@@ -582,7 +695,8 @@ RTE_INIT(ipsec_mb_register_snow3g)\n \t\t\tRTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |\n \t\t\tRTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA |\n \t\t\tRTE_CRYPTODEV_FF_SYM_SESSIONLESS |\n-\t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;\n+\t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |\n+\t\t\tRTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;\n \tsnow3g_data->internals_priv_size = 0;\n \tsnow3g_data->ops = &snow3g_pmd_ops;\n \tsnow3g_data->qp_priv_size = sizeof(struct snow3g_qp_data);\n",
    "prefixes": [
        "RFC",
        "6/7"
    ]
}