From patchwork Fri Jun 25 05:56:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94833 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CD4D9A0C40; Fri, 25 Jun 2021 07:58:16 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 65EDE410E8; Fri, 25 Jun 2021 07:57:50 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id DA31A410D8 for ; Fri, 25 Jun 2021 07:57:48 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15P5nxkO007987; Thu, 24 Jun 2021 22:57:48 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=TOzjp1ZmTDqizeuvNVOw8H2UdQleCE1ubfZSMn69tXE=; b=C994bfZFfsvAvcVqoeztP9pByqyE1fhDq6dU2+ikZ4VPJh0bBGMTpG6PFQqfEEysBd4U fCGOvC2IN35bFt6JfBzbuAFJcP/RDnXZclHHx3+NCb8pXBGaFE1ms0OZjCr/RNIuURSC 3cLcFg4fYysG+n5kKhuS9/xOoYU2uIH4eSV+PHajUL8ASUwbfphrwvARFvbUoniTgLHF +1vGiSHByMx7bu9s6p5AIgsv2VEkIZ13YmNI8ESLGuXs4/Bq8wf0+87tTLqGnnWEL4yH 1w2KzIogN8lKrbFx04oQGufcFOmZfS8ngz3izjQRxa966WabppwscLZ0xuodAGgo3hZn zw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39d24dhk2m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 24 Jun 2021 22:57:47 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 24 Jun 2021 22:57:46 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 24 Jun 2021 22:57:46 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 260D73F7041; Thu, 24 Jun 2021 22:57:42 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Anoob Joseph , Jerin Jacob , "Ankur Dwivedi" , Tejasree Kondoj , , Archana Muniganti Date: Fri, 25 Jun 2021 11:26:20 +0530 Message-ID: <1624600591-29841-10-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624600591-29841-1-git-send-email-anoobj@marvell.com> References: <1624600591-29841-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: N2tobQf8AQ5JYg9ScmORCj-kdK4lFxHa X-Proofpoint-ORIG-GUID: N2tobQf8AQ5JYg9ScmORCj-kdK4lFxHa X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-25_02:2021-06-24, 2021-06-25 signatures=0 Subject: [dpdk-dev] [PATCH v2 09/20] crypto/cnxk: add auth operation in session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for auth operations in session. Signed-off-by: Ankur Dwivedi Signed-off-by: Anoob Joseph Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 13 +++ drivers/crypto/cnxk/cnxk_se.h | 194 +++++++++++++++++++++++++++++++ 2 files changed, 207 insertions(+) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index b6d3076..f2319df 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -460,6 +460,12 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, case CNXK_CPT_CIPHER: ret = fill_sess_cipher(xform, sess_priv); break; + case CNXK_CPT_AUTH: + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) + ret = fill_sess_gmac(xform, sess_priv); + else + ret = fill_sess_auth(xform, sess_priv); + break; default: ret = -1; } @@ -467,6 +473,13 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, if (ret) goto priv_put; + if ((sess_priv->roc_se_ctx.fc_type == ROC_SE_HASH_HMAC) && + cpt_mac_len_verify(&xform->auth)) { + plt_dp_err("MAC length is not supported"); + ret = -ENOTSUP; + goto priv_put; + } + sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt); set_sym_session_private_data(sess, driver_id, sess_priv); diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index b5a16c4..6e4b032 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -29,6 +29,48 @@ struct cnxk_se_sess { } __rte_cache_aligned; static __rte_always_inline int +cpt_mac_len_verify(struct rte_crypto_auth_xform *auth) +{ + uint16_t mac_len = auth->digest_length; + int ret; + + switch (auth->algo) { + case RTE_CRYPTO_AUTH_MD5: + case RTE_CRYPTO_AUTH_MD5_HMAC: + ret = (mac_len == 16) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA1: + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ret = (mac_len == 20) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA224: + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ret = (mac_len == 28) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA256: + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ret = (mac_len == 32) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA384: + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ret = (mac_len == 48) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ret = (mac_len == 64) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_NULL: + ret = 0; + break; + default: + ret = -1; + } + + return ret; +} + + +static __rte_always_inline int fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) { struct rte_crypto_cipher_xform *c_form; @@ -134,4 +176,156 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) return 0; } + +static __rte_always_inline int +fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) +{ + struct rte_crypto_auth_xform *a_form; + roc_se_auth_type auth_type = 0; /* NULL Auth type */ + uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + + if (xform->next != NULL && + xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + /* Perform auth followed by encryption */ + sess->roc_se_ctx.template_w4.s.opcode_minor = + ROC_SE_FC_MINOR_OP_HMAC_FIRST; + } + + a_form = &xform->auth; + + if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) + sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY; + else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE) + sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE; + else { + plt_dp_err("Unknown auth operation"); + return -1; + } + + switch (a_form->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + /* Fall through */ + case RTE_CRYPTO_AUTH_SHA1: + auth_type = ROC_SE_SHA1_TYPE; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_SHA256: + auth_type = ROC_SE_SHA2_SHA256; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + case RTE_CRYPTO_AUTH_SHA512: + auth_type = ROC_SE_SHA2_SHA512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + auth_type = ROC_SE_GMAC_TYPE; + aes_gcm = 1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_SHA224: + auth_type = ROC_SE_SHA2_SHA224; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + case RTE_CRYPTO_AUTH_SHA384: + auth_type = ROC_SE_SHA2_SHA384; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + case RTE_CRYPTO_AUTH_MD5: + auth_type = ROC_SE_MD5_TYPE; + break; + case RTE_CRYPTO_AUTH_KASUMI_F9: + auth_type = ROC_SE_KASUMI_F9_ECB; + /* + * Indicate that direction needs to be taken out + * from end of src + */ + zsk_flag = ROC_SE_K_F9; + break; + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + auth_type = ROC_SE_SNOW3G_UIA2; + zsk_flag = ROC_SE_ZS_IA; + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + auth_type = ROC_SE_ZUC_EIA3; + zsk_flag = ROC_SE_ZS_IA; + break; + case RTE_CRYPTO_AUTH_NULL: + auth_type = 0; + is_null = 1; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_AES_CMAC: + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo); + return -1; + default: + plt_dp_err("Crypto: Undefined Hash algo %u specified", + a_form->algo); + return -1; + } + + sess->zsk_flag = zsk_flag; + sess->aes_gcm = aes_gcm; + sess->mac_len = a_form->digest_length; + sess->is_null = is_null; + if (zsk_flag) { + sess->auth_iv_offset = a_form->iv.offset; + sess->auth_iv_length = a_form->iv.length; + } + if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, + a_form->key.data, a_form->key.length, + a_form->digest_length))) + return -1; + + return 0; +} + +static __rte_always_inline int +fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) +{ + struct rte_crypto_auth_xform *a_form; + roc_se_cipher_type enc_type = 0; /* NULL Cipher type */ + roc_se_auth_type auth_type = 0; /* NULL Auth type */ + + a_form = &xform->auth; + + if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE) + sess->cpt_op |= ROC_SE_OP_ENCODE; + else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY) + sess->cpt_op |= ROC_SE_OP_DECODE; + else { + plt_dp_err("Unknown auth operation"); + return -1; + } + + switch (a_form->algo) { + case RTE_CRYPTO_AUTH_AES_GMAC: + enc_type = ROC_SE_AES_GCM; + auth_type = ROC_SE_GMAC_TYPE; + break; + default: + plt_dp_err("Crypto: Undefined cipher algo %u specified", + a_form->algo); + return -1; + } + + sess->zsk_flag = 0; + sess->aes_gcm = 0; + sess->is_gmac = 1; + sess->iv_offset = a_form->iv.offset; + sess->iv_length = a_form->iv.length; + sess->mac_len = a_form->digest_length; + + if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, + a_form->key.data, a_form->key.length, + NULL))) + return -1; + + if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0, + a_form->digest_length))) + return -1; + + return 0; +} + #endif /*_CNXK_SE_H_ */