From patchwork Wed Jun  2 16:43:31 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 93818
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 94113A0524;
	Wed,  2 Jun 2021 18:45:38 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 22334410E0;
	Wed,  2 Jun 2021 18:45:07 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 4376E410D7
 for <dev@dpdk.org>; Wed,  2 Jun 2021 18:45:05 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id
 152Gaseb016164; Wed, 2 Jun 2021 09:45:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=O07zY0OmQv55hEo2VOciZT+EaHdvlzu2gueRux9JHPA=;
 b=Xi4clyPJNb0vOXZ+uBjuYExL16deZ+OpJc3WmXfCOhhAC4yx3a0Il2nHD/dayVxNg5lw
 tHaK+K14OWVcZgt2j9YEvf6vB52jol+Ba8/oQFaPunJInmgteuokDOipbjb7kkpiHcFl
 2iiNDJbS2pT52T+jwIakg2Ag5VI3ZvuHCB6GwKU5/h//k+VGNdUaF16IiyHjfKYSUa0k
 CbDM82BUfEa5oIpFCae5hh9ArgOJG2G2h5uGx/7+O2ul1+d+9M/tBvT6IMSCCjcHD3Hg
 4dCCSj8690mnRSWLWrEkS+tbit7Mi8sXC3tR1lwqDeUHP3CByFk66gcxEs62hDnFhqu6 bA==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com with ESMTP id 38wug73v60-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 02 Jun 2021 09:45:04 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Wed, 2 Jun 2021 09:45:02 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Wed, 2 Jun 2021 09:45:02 -0700
Received: from HY-LT1002.marvell.com (unknown [10.193.70.1])
 by maili.marvell.com (Postfix) with ESMTP id 733A63F7041;
 Wed,  2 Jun 2021 09:44:56 -0700 (PDT)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Thomas Monjalon <thomas@monjalon.net>
CC: Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
 "Ankur Dwivedi" <adwivedi@marvell.com>, Tejasree Kondoj
 <ktejasree@marvell.com>, <dev@dpdk.org>, Archana Muniganti
 <marchana@marvell.com>
Date: Wed, 2 Jun 2021 22:13:31 +0530
Message-ID: <1622652221-22732-11-git-send-email-anoobj@marvell.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1622652221-22732-1-git-send-email-anoobj@marvell.com>
References: <1622652221-22732-1-git-send-email-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: _wpyUvqyTOuF_tH9aMnMiD5Bntmxgf3N
X-Proofpoint-GUID: _wpyUvqyTOuF_tH9aMnMiD5Bntmxgf3N
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761
 definitions=2021-06-02_09:2021-06-02,
 2021-06-02 signatures=0
Subject: [dpdk-dev] [PATCH 10/20] crypto/cnxk: add auth operation in session
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for auth operations in session.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c |  13 ++
 drivers/crypto/cnxk/cnxk_se.h            | 283 +++++++++++++++++++++++++++++++
 2 files changed, 296 insertions(+)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 4e29396..f060763 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -444,6 +444,12 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	case CNXK_CPT_CIPHER:
 		ret = fill_sess_cipher(xform, sess_priv);
 		break;
+	case CNXK_CPT_AUTH:
+		if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)
+			ret = fill_sess_gmac(xform, sess_priv);
+		else
+			ret = fill_sess_auth(xform, sess_priv);
+		break;
 	default:
 		ret = -1;
 	}
@@ -451,6 +457,13 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
 	if (ret)
 		goto priv_put;
 
+	if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) &&
+	    cpt_mac_len_verify(&xform->auth)) {
+		CPT_LOG_DP_ERR("MAC length is not supported");
+		ret = -ENOTSUP;
+		goto priv_put;
+	}
+
 	sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
 
 	set_sym_session_private_data(sess, driver_id, sess_priv);
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index f14016c..2f406f6 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -46,6 +46,47 @@ gen_key_snow3g(const uint8_t *ck, uint32_t *keyx)
 	}
 }
 
+static __rte_always_inline int
+cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
+{
+	uint16_t mac_len = auth->digest_length;
+	int ret;
+
+	switch (auth->algo) {
+	case RTE_CRYPTO_AUTH_MD5:
+	case RTE_CRYPTO_AUTH_MD5_HMAC:
+		ret = (mac_len == 16) ? 0 : -1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA1:
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		ret = (mac_len == 20) ? 0 : -1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA224:
+	case RTE_CRYPTO_AUTH_SHA224_HMAC:
+		ret = (mac_len == 28) ? 0 : -1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA256:
+	case RTE_CRYPTO_AUTH_SHA256_HMAC:
+		ret = (mac_len == 32) ? 0 : -1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA384:
+	case RTE_CRYPTO_AUTH_SHA384_HMAC:
+		ret = (mac_len == 48) ? 0 : -1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA512:
+	case RTE_CRYPTO_AUTH_SHA512_HMAC:
+		ret = (mac_len == 64) ? 0 : -1;
+		break;
+	case RTE_CRYPTO_AUTH_NULL:
+		ret = 0;
+		break;
+	default:
+		ret = -1;
+	}
+
+	return ret;
+}
+
 static __rte_always_inline void
 cpt_fc_salt_update(struct roc_se_ctx *se_ctx, uint8_t *salt)
 {
@@ -308,6 +349,95 @@ cpt_fc_ciph_set_key(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
 }
 
 static __rte_always_inline int
+cpt_fc_auth_set_key(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
+		    const uint8_t *key, uint16_t key_len, uint16_t mac_len)
+{
+	struct roc_se_zuc_snow3g_ctx *zs_ctx;
+	struct roc_se_kasumi_ctx *k_ctx;
+	struct roc_se_context *fctx;
+
+	if (se_ctx == NULL)
+		return -1;
+
+	zs_ctx = &se_ctx->se_ctx.zs_ctx;
+	k_ctx = &se_ctx->se_ctx.k_ctx;
+	fctx = &se_ctx->se_ctx.fctx;
+
+	if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) {
+		uint32_t keyx[4];
+
+		if (key_len != 16)
+			return -1;
+		/* No support for AEAD yet */
+		if (se_ctx->enc_cipher)
+			return -1;
+		/* For ZUC/SNOW3G/Kasumi */
+		switch (type) {
+		case ROC_SE_SNOW3G_UIA2:
+			se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
+			gen_key_snow3g(key, keyx);
+			memcpy(zs_ctx->ci_key, keyx, key_len);
+			se_ctx->fc_type = ROC_SE_PDCP;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_ZUC_EIA3:
+			se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
+			memcpy(zs_ctx->ci_key, key, key_len);
+			memcpy(zs_ctx->zuc_const, zuc_d, 32);
+			se_ctx->fc_type = ROC_SE_PDCP;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_KASUMI_F9_ECB:
+			/* Kasumi ECB mode */
+			se_ctx->k_ecb = 1;
+			memcpy(k_ctx->ci_key, key, key_len);
+			se_ctx->fc_type = ROC_SE_KASUMI;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		case ROC_SE_KASUMI_F9_CBC:
+			memcpy(k_ctx->ci_key, key, key_len);
+			se_ctx->fc_type = ROC_SE_KASUMI;
+			se_ctx->zsk_flags = 0x1;
+			break;
+		default:
+			return -1;
+		}
+		se_ctx->mac_len = 4;
+		se_ctx->hash_type = type;
+		return 0;
+	}
+
+	if (!(se_ctx->fc_type == ROC_SE_FC_GEN && !type)) {
+		if (!se_ctx->fc_type || !se_ctx->enc_cipher)
+			se_ctx->fc_type = ROC_SE_HASH_HMAC;
+	}
+
+	if (se_ctx->fc_type == ROC_SE_FC_GEN && key_len > 64)
+		return -1;
+
+	/* For GMAC auth, cipher must be NULL */
+	if (type == ROC_SE_GMAC_TYPE)
+		fctx->enc.enc_cipher = 0;
+
+	fctx->enc.hash_type = se_ctx->hash_type = type;
+	fctx->enc.mac_len = se_ctx->mac_len = mac_len;
+
+	if (key_len) {
+		se_ctx->hmac = 1;
+		memset(se_ctx->auth_key, 0, sizeof(se_ctx->auth_key));
+		memcpy(se_ctx->auth_key, key, key_len);
+		se_ctx->auth_key_len = key_len;
+		memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
+		memset(fctx->hmac.opad, 0, sizeof(fctx->hmac.opad));
+
+		if (key_len <= 64)
+			memcpy(fctx->hmac.opad, key, key_len);
+		fctx->enc.auth_input_type = 1;
+	}
+	return 0;
+}
+
+static __rte_always_inline int
 fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 {
 	struct rte_crypto_cipher_xform *c_form;
@@ -414,4 +544,157 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 
 	return 0;
 }
+
+static __rte_always_inline int
+fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
+{
+	struct rte_crypto_auth_xform *a_form;
+	roc_se_auth_type auth_type = 0; /* NULL Auth type */
+	uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
+
+	if (xform->next != NULL &&
+	    xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+	    xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+		/* Perform auth followed by encryption */
+		sess->roc_se_ctx.template_w4.s.opcode_minor =
+			ROC_SE_FC_MINOR_OP_HMAC_FIRST;
+	}
+
+	a_form = &xform->auth;
+
+	if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
+		sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY;
+	else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE;
+	else {
+		CPT_LOG_DP_ERR("Unknown auth operation");
+		return -1;
+	}
+
+	switch (a_form->algo) {
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		/* Fall through */
+	case RTE_CRYPTO_AUTH_SHA1:
+		auth_type = ROC_SE_SHA1_TYPE;
+		break;
+	case RTE_CRYPTO_AUTH_SHA256_HMAC:
+	case RTE_CRYPTO_AUTH_SHA256:
+		auth_type = ROC_SE_SHA2_SHA256;
+		break;
+	case RTE_CRYPTO_AUTH_SHA512_HMAC:
+	case RTE_CRYPTO_AUTH_SHA512:
+		auth_type = ROC_SE_SHA2_SHA512;
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		auth_type = ROC_SE_GMAC_TYPE;
+		aes_gcm = 1;
+		break;
+	case RTE_CRYPTO_AUTH_SHA224_HMAC:
+	case RTE_CRYPTO_AUTH_SHA224:
+		auth_type = ROC_SE_SHA2_SHA224;
+		break;
+	case RTE_CRYPTO_AUTH_SHA384_HMAC:
+	case RTE_CRYPTO_AUTH_SHA384:
+		auth_type = ROC_SE_SHA2_SHA384;
+		break;
+	case RTE_CRYPTO_AUTH_MD5_HMAC:
+	case RTE_CRYPTO_AUTH_MD5:
+		auth_type = ROC_SE_MD5_TYPE;
+		break;
+	case RTE_CRYPTO_AUTH_KASUMI_F9:
+		auth_type = ROC_SE_KASUMI_F9_ECB;
+		/*
+		 * Indicate that direction needs to be taken out
+		 * from end of src
+		 */
+		zsk_flag = ROC_SE_K_F9;
+		break;
+	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
+		auth_type = ROC_SE_SNOW3G_UIA2;
+		zsk_flag = ROC_SE_ZS_IA;
+		break;
+	case RTE_CRYPTO_AUTH_ZUC_EIA3:
+		auth_type = ROC_SE_ZUC_EIA3;
+		zsk_flag = ROC_SE_ZS_IA;
+		break;
+	case RTE_CRYPTO_AUTH_NULL:
+		auth_type = 0;
+		is_null = 1;
+		break;
+	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+		CPT_LOG_DP_ERR("Crypto: Unsupported hash algo %u",
+			       a_form->algo);
+		return -1;
+	default:
+		CPT_LOG_DP_ERR("Crypto: Undefined Hash algo %u specified",
+			       a_form->algo);
+		return -1;
+	}
+
+	sess->zsk_flag = zsk_flag;
+	sess->aes_gcm = aes_gcm;
+	sess->mac_len = a_form->digest_length;
+	sess->is_null = is_null;
+	if (zsk_flag) {
+		sess->auth_iv_offset = a_form->iv.offset;
+		sess->auth_iv_length = a_form->iv.length;
+	}
+	if (unlikely(cpt_fc_auth_set_key(&sess->roc_se_ctx, auth_type,
+					 a_form->key.data, a_form->key.length,
+					 a_form->digest_length)))
+		return -1;
+
+	return 0;
+}
+
+static __rte_always_inline int
+fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
+{
+	struct rte_crypto_auth_xform *a_form;
+	roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
+	roc_se_auth_type auth_type = 0;	 /* NULL Auth type */
+
+	a_form = &xform->auth;
+
+	if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		sess->cpt_op |= ROC_SE_OP_ENCODE;
+	else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
+		sess->cpt_op |= ROC_SE_OP_DECODE;
+	else {
+		CPT_LOG_DP_ERR("Unknown auth operation");
+		return -1;
+	}
+
+	switch (a_form->algo) {
+	case RTE_CRYPTO_AUTH_AES_GMAC:
+		enc_type = ROC_SE_AES_GCM;
+		auth_type = ROC_SE_GMAC_TYPE;
+		break;
+	default:
+		CPT_LOG_DP_ERR("Crypto: Undefined cipher algo %u specified",
+			       a_form->algo);
+		return -1;
+	}
+
+	sess->zsk_flag = 0;
+	sess->aes_gcm = 0;
+	sess->is_gmac = 1;
+	sess->iv_offset = a_form->iv.offset;
+	sess->iv_length = a_form->iv.length;
+	sess->mac_len = a_form->digest_length;
+
+	if (unlikely(cpt_fc_ciph_set_key(&sess->roc_se_ctx, enc_type,
+					 a_form->key.data, a_form->key.length,
+					 NULL)))
+		return -1;
+
+	if (unlikely(cpt_fc_auth_set_key(&sess->roc_se_ctx, auth_type, NULL, 0,
+					 a_form->digest_length)))
+		return -1;
+
+	return 0;
+}
+
 #endif /*_CNXK_SE_H_ */