From patchwork Mon Jun  1 18:02:28 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <akhil.goyal@nxp.com>
X-Patchwork-Id: 70725
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 05102A04EF;
	Mon,  1 Jun 2020 20:02:43 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 2C15A1BFA7;
	Mon,  1 Jun 2020 20:02:43 +0200 (CEST)
Received: from inva020.nxp.com (inva020.nxp.com [92.121.34.13])
 by dpdk.org (Postfix) with ESMTP id 9D0AF1BF70
 for <dev@dpdk.org>; Mon,  1 Jun 2020 20:02:42 +0200 (CEST)
Received: from inva020.nxp.com (localhost [127.0.0.1])
 by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 25DA31A088B;
 Mon,  1 Jun 2020 20:02:42 +0200 (CEST)
Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com
 [165.114.16.14])
 by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 573671A0899;
 Mon,  1 Jun 2020 20:02:40 +0200 (CEST)
Received: from lsv03273.swis.in-blr01.nxp.com (lsv03273.swis.in-blr01.nxp.com
 [92.120.147.113])
 by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 0F08440280;
 Tue,  2 Jun 2020 02:02:38 +0800 (SGT)
From: Akhil Goyal <akhil.goyal@nxp.com>
To: dev@dpdk.org
Cc: hemant.agrawal@nxp.com,
	Akhil Goyal <akhil.goyal@nxp.com>
Date: Mon,  1 Jun 2020 23:32:28 +0530
Message-Id: <20200601180229.26566-1-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.17.1
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [dpdk-dev] [PATCH 1/2] drivers/crypto: fix 18bit PDCP cases with
	HFN override
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

In case of RTA_SEC_ERA = 8, where the length of shared desc
is large for some of PDCP cases, the descriptor buffer cannot
hold 2 extra words when HFN override is enabled. As a result,
the descriptor fails.

This patch converts one of the keys from immediate key to
reference key hence reducing the length of the descriptor.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h   | 44 +++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 33 +++-------------
 3 files changed, 58 insertions(+), 27 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index b5e2d24e4..99eb0f71a 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -262,6 +262,50 @@ enum pdb_type_e {
 	PDCP_PDB_TYPE_INVALID
 };
 
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ *                           immediate data or shall be referenced in a
+ *                           shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_query(enum auth_type_pdcp auth_alg,
+		      enum cipher_type_pdcp cipher_alg,
+		      enum pdcp_sn_size sn_size,
+		      int8_t hfn_ovd)
+{
+	/**
+	 * Shared Descriptors for some of the cases does not fit in the
+	 * MAX_DESC_SIZE of the descriptor especially when non-protocol
+	 * descriptors are formed as in 18bit cases and when HFN override
+	 * is enabled as 2 extra words are added in the job descriptor.
+	 * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+	 * enabled and 18bit uplane and either of following Algo combinations.
+	 * - SNOW-AES
+	 * - AES-SNOW
+	 * - SNOW-SNOW
+	 * - ZUC-SNOW
+	 *
+	 * We cannot make inline for all cases, as this will impact performance
+	 * due to extra memory accesses for the keys.
+	 */
+	if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+			(sn_size == PDCP_SN_SIZE_18) &&
+			((cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_AES) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_AES &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_ZUC &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW))) {
+
+		return 1;
+	}
+
+	return 0;
+}
+
 /*
  * Function for appending the portion of a PDCP Control Plane shared descriptor
  * which performs NULL encryption and integrity (i.e. copies the input frame
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 63e7d930a..f59ea52be 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3156,6 +3156,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 		goto out;
 	}
 
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				session->pdcp.sn_size,
+				session->pdcp.hfn_ovd)) {
+		cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+		cipherdata.key_type = RTA_DATA_PTR;
+	}
+
 	if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (session->dir == DIR_ENC)
 			bufsize = cnstr_shdsc_pdcp_c_plane_encap(
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 66ee0ba0c..2b715632d 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -242,7 +242,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	struct sec_cdb *cdb = &ses->cdb;
 	struct alginfo *p_authdata = NULL;
 	int32_t shared_desc_len = 0;
-	int err;
 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 	int swap = false;
 #else
@@ -256,10 +255,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	cipherdata.algtype = ses->cipher_key.alg;
 	cipherdata.algmode = ses->cipher_key.algmode;
 
-	cdb->sh_desc[0] = cipherdata.keylen;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
-
 	if (ses->auth_alg) {
 		authdata.key = (size_t)ses->auth_key.data;
 		authdata.keylen = ses->auth_key.length;
@@ -269,33 +264,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 		authdata.algmode = ses->auth_key.algmode;
 
 		p_authdata = &authdata;
-
-		cdb->sh_desc[1] = authdata.keylen;
 	}
 
-	err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
-			       MIN_JOB_DESC_SIZE,
-			       (unsigned int *)cdb->sh_desc,
-			       &cdb->sh_desc[2], 2);
-	if (err < 0) {
-		DPAA_SEC_ERR("Crypto: Incorrect key lengths");
-		return err;
-	}
-
-	if (!(cdb->sh_desc[2] & 1) && cipherdata.keylen) {
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				ses->pdcp.sn_size,
+				ses->pdcp.hfn_ovd)) {
 		cipherdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)cipherdata.key);
+			(size_t)rte_dpaa_mem_vtop((void *)
+					(size_t)cipherdata.key);
 		cipherdata.key_type = RTA_DATA_PTR;
 	}
-	if (!(cdb->sh_desc[2] & (1 << 1)) &&  authdata.keylen) {
-		authdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)authdata.key);
-		authdata.key_type = RTA_DATA_PTR;
-	}
-
-	cdb->sh_desc[0] = 0;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
 
 	if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (ses->dir == DIR_ENC)