Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/131177/?format=api
http://patchwork.dpdk.org/api/patches/131177/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20230905161507.1561889-2-brian.dooley@intel.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20230905161507.1561889-2-brian.dooley@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20230905161507.1561889-2-brian.dooley@intel.com", "date": "2023-09-05T16:15:06", "name": "[v5,1/2] crypto/ipsec_mb: add digest encrypted feature", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "7affbb3df3586157d668b180681e93c9921b3de2", "submitter": { "id": 2520, "url": "http://patchwork.dpdk.org/api/people/2520/?format=api", "name": "Dooley, Brian", "email": "brian.dooley@intel.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20230905161507.1561889-2-brian.dooley@intel.com/mbox/", "series": [ { "id": 29428, "url": "http://patchwork.dpdk.org/api/series/29428/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=29428", "date": "2023-09-05T16:15:05", "name": "Add Digest Encrypted to aesni_mb PMD", "version": 5, "mbox": "http://patchwork.dpdk.org/series/29428/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/131177/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/131177/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 8F557424F4;\n\tTue, 5 Sep 2023 18:20:09 +0200 (CEST)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id C0B17427DE;\n\tTue, 5 Sep 2023 18:19:52 +0200 (CEST)", "from mgamail.intel.com (mgamail.intel.com [192.55.52.120])\n by mails.dpdk.org (Postfix) with ESMTP id 51CE741143\n for <dev@dpdk.org>; Tue, 5 Sep 2023 18:19:50 +0200 (CEST)", "from fmsmga001.fm.intel.com ([10.253.24.23])\n by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 05 Sep 2023 09:15:15 -0700", "from silpixa00400883.ir.intel.com ([10.243.22.155])\n by fmsmga001.fm.intel.com with ESMTP; 05 Sep 2023 09:15:04 -0700" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1693930790; x=1725466790;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=ud1RnYB9NXU3lNVwVMVRk8AIENCDzaB9lg9i8nnnEMM=;\n b=RcL9fI0X4iWk46/tf0L/mlAixNYctzpft2wxQA86MtvHk+j3MMIpfnrT\n IJhVwvVznQ7Yr6OCN0eVZCRRMPEHlwqLhzHoBOfcplFChRvSvRxuBPkIG\n N6TEinMt3aplL0utzpVxAyl/Z84IotJzr9h5OAf23MRbf+QEhFOSeLuom\n NLeNzhL6g+dzZpwCPIbeldr6NSSklFIEQXZxpKIMrdqI6HOIZez/mp6pc\n i+XK809Xz5LKbigjXvE4IetESsem5uMx68t+Ggr41KxjiVUTTMJFIjoqu\n +9/OYfNZ8ZriSPdws66Ix6VT6JdMcmgOCU1iS4AFH+ntJwse2bF+MYhMv A==;", "X-IronPort-AV": [ "E=McAfee;i=\"6600,9927,10824\"; a=\"375728532\"", "E=Sophos;i=\"6.02,229,1688454000\"; d=\"scan'208\";a=\"375728532\"", "E=McAfee;i=\"6600,9927,10824\"; a=\"884359909\"", "E=Sophos;i=\"6.02,229,1688454000\"; d=\"scan'208\";a=\"884359909\"" ], "X-ExtLoop1": "1", "From": "Brian Dooley <brian.dooley@intel.com>", "To": "Kai Ji <kai.ji@intel.com>, Pablo de Lara <pablo.de.lara.guarch@intel.com>", "Cc": "dev@dpdk.org,\n\tgakhil@marvell.com,\n\tBrian Dooley <brian.dooley@intel.com>", "Subject": "[PATCH v5 1/2] crypto/ipsec_mb: add digest encrypted feature", "Date": "Tue, 5 Sep 2023 16:15:06 +0000", "Message-Id": "<20230905161507.1561889-2-brian.dooley@intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20230905161507.1561889-1-brian.dooley@intel.com>", "References": "<20230905151219.1548547-1-brian.dooley@intel.com>\n <20230905161507.1561889-1-brian.dooley@intel.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "AESNI_MB PMD does not support Digest Encrypted. This patch adds a check and\nsupport for this feature.\n\nSigned-off-by: Brian Dooley <brian.dooley@intel.com>\n---\nv2:\nFixed CHECKPATCH warning\nv3:\nAdd Digest encrypted support to docs\nv4:\nAdd comments and small refactor\nv5:\nFix checkpatch warnings\n---\n doc/guides/cryptodevs/features/aesni_mb.ini | 1 +\n drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 109 +++++++++++++++++++-\n 2 files changed, 105 insertions(+), 5 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini\nindex e4e965c35a..8df5fa2c85 100644\n--- a/doc/guides/cryptodevs/features/aesni_mb.ini\n+++ b/doc/guides/cryptodevs/features/aesni_mb.ini\n@@ -20,6 +20,7 @@ OOP LB In LB Out = Y\n CPU crypto = Y\n Symmetric sessionless = Y\n Non-Byte aligned data = Y\n+Digest encrypted = Y\n \n ;\n ; Supported crypto algorithms of the 'aesni_mb' crypto driver.\ndiff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\nindex 9e298023d7..7f61065939 100644\n--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\n+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c\n@@ -1438,6 +1438,54 @@ set_gcm_job(IMB_MGR *mb_mgr, IMB_JOB *job, const uint8_t sgl,\n \treturn 0;\n }\n \n+/** Check if conditions are met for digest-appended operations */\n+static uint8_t *\n+aesni_mb_digest_appended_in_src(struct rte_crypto_op *op, IMB_JOB *job,\n+\t\tuint32_t oop)\n+{\n+\tunsigned int auth_size, cipher_size;\n+\tuint8_t *end_cipher;\n+\tuint8_t *start_cipher;\n+\n+\tif (job->cipher_mode == IMB_CIPHER_NULL)\n+\t\treturn NULL;\n+\n+\tif (job->cipher_mode == IMB_CIPHER_ZUC_EEA3 ||\n+\t\tjob->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||\n+\t\tjob->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN) {\n+\t\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t\t(op->sym->cipher.data.length >> 3);\n+\t} else {\n+\t\tcipher_size = (op->sym->cipher.data.offset) +\n+\t\t\t(op->sym->cipher.data.length);\n+\t}\n+\tif (job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN ||\n+\t\tjob->hash_alg == IMB_AUTH_SNOW3G_UIA2_BITLEN ||\n+\t\tjob->hash_alg == IMB_AUTH_KASUMI_UIA1 ||\n+\t\tjob->hash_alg == IMB_AUTH_ZUC256_EIA3_BITLEN) {\n+\t\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t\t(op->sym->auth.data.length >> 3);\n+\t} else {\n+\t\tauth_size = (op->sym->auth.data.offset) +\n+\t\t\t(op->sym->auth.data.length);\n+\t}\n+\n+\tif (!oop) {\n+\t\tend_cipher = rte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *, cipher_size);\n+\t\tstart_cipher = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);\n+\t} else {\n+\t\tend_cipher = rte_pktmbuf_mtod_offset(op->sym->m_dst, uint8_t *, cipher_size);\n+\t\tstart_cipher = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);\n+\t}\n+\n+\tif (start_cipher < op->sym->auth.digest.data &&\n+\t\top->sym->auth.digest.data < end_cipher) {\n+\t\treturn rte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *, auth_size);\n+\t} else {\n+\t\treturn NULL;\n+\t}\n+}\n+\n /**\n * Process a crypto operation and complete a IMB_JOB job structure for\n * submission to the multi buffer library for processing.\n@@ -1580,9 +1628,12 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,\n \t} else {\n \t\tif (aead)\n \t\t\tjob->auth_tag_output = op->sym->aead.digest.data;\n-\t\telse\n-\t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n-\n+\t\telse {\n+\t\t\tjob->auth_tag_output = aesni_mb_digest_appended_in_src(op, job, oop);\n+\t\t\tif (job->auth_tag_output == NULL) {\n+\t\t\t\tjob->auth_tag_output = op->sym->auth.digest.data;\n+\t\t\t}\n+\t\t}\n \t\tif (session->auth.req_digest_len !=\n \t\t\t\tjob->auth_tag_output_len_in_bytes) {\n \t\t\tjob->auth_tag_output =\n@@ -1917,6 +1968,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)\n \tstruct aesni_mb_session *sess = NULL;\n \tuint8_t *linear_buf = NULL;\n \tint sgl = 0;\n+\tuint8_t oop = 0;\n \tuint8_t is_docsis_sec = 0;\n \n \tif (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {\n@@ -1962,8 +2014,54 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)\n \t\t\t\t\t\top->sym->auth.digest.data,\n \t\t\t\t\t\tsess->auth.req_digest_len,\n \t\t\t\t\t\t&op->status);\n-\t\t\t} else\n+\t\t\t} else {\n+\t\t\t\tif (!op->sym->m_dst || op->sym->m_dst == op->sym->m_src) {\n+\t\t\t\t\t/* in-place operation */\n+\t\t\t\t\toop = 0;\n+\t\t\t\t} else { /* out-of-place operation */\n+\t\t\t\t\toop = 1;\n+\t\t\t\t}\n+\n+\t\t\t\t/* Enable digest check */\n+\t\t\t\tif (op->sym->m_src->nb_segs == 1 && op->sym->m_dst != NULL\n+\t\t\t\t&& !is_aead_algo(job->hash_alg,\tsess->template_job.cipher_mode) &&\n+\t\t\t\taesni_mb_digest_appended_in_src(op, job, oop) != NULL) {\n+\t\t\t\t\tunsigned int auth_size, cipher_size;\n+\t\t\t\t\tint unencrypted_bytes = 0;\n+\t\t\t\t\tif (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN ||\n+\t\t\t\t\t\tjob->cipher_mode == IMB_CIPHER_KASUMI_UEA1_BITLEN ||\n+\t\t\t\t\t\tjob->cipher_mode == IMB_CIPHER_ZUC_EEA3) {\n+\t\t\t\t\t\tcipher_size = (op->sym->cipher.data.offset >> 3) +\n+\t\t\t\t\t\t\t(op->sym->cipher.data.length >> 3);\n+\t\t\t\t\t} else {\n+\t\t\t\t\t\tcipher_size = (op->sym->cipher.data.offset) +\n+\t\t\t\t\t\t\t(op->sym->cipher.data.length);\n+\t\t\t\t\t}\n+\t\t\t\t\tif (job->hash_alg == IMB_AUTH_ZUC_EIA3_BITLEN ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_SNOW3G_UIA2_BITLEN ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_KASUMI_UIA1 ||\n+\t\t\t\t\t\tjob->hash_alg == IMB_AUTH_ZUC256_EIA3_BITLEN) {\n+\t\t\t\t\t\tauth_size = (op->sym->auth.data.offset >> 3) +\n+\t\t\t\t\t\t\t(op->sym->auth.data.length >> 3);\n+\t\t\t\t\t} else {\n+\t\t\t\t\t\tauth_size = (op->sym->auth.data.offset) +\n+\t\t\t\t\t\t(op->sym->auth.data.length);\n+\t\t\t\t\t}\n+\t\t\t\t\t/* Check for unencrypted bytes in partial digest cases */\n+\t\t\t\t\tif (job->cipher_mode != IMB_CIPHER_NULL) {\n+\t\t\t\t\t\tunencrypted_bytes = auth_size +\n+\t\t\t\t\t\tjob->auth_tag_output_len_in_bytes - cipher_size;\n+\t\t\t\t\t}\n+\t\t\t\t\tif (unencrypted_bytes > 0)\n+\t\t\t\t\t\trte_memcpy(\n+\t\t\t\t\t\trte_pktmbuf_mtod_offset(op->sym->m_dst, uint8_t *,\n+\t\t\t\t\t\tcipher_size),\n+\t\t\t\t\t\trte_pktmbuf_mtod_offset(op->sym->m_src, uint8_t *,\n+\t\t\t\t\t\tcipher_size),\n+\t\t\t\t\t\tunencrypted_bytes);\n+\t\t\t\t}\n \t\t\t\tgenerate_digest(job, op, sess);\n+\t\t\t}\n \t\t\tbreak;\n \t\tdefault:\n \t\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n@@ -2555,7 +2653,8 @@ RTE_INIT(ipsec_mb_register_aesni_mb)\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |\n \t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |\n-\t\t\tRTE_CRYPTODEV_FF_SECURITY;\n+\t\t\tRTE_CRYPTODEV_FF_SECURITY |\n+\t\t\tRTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;\n \n \taesni_mb_data->internals_priv_size = 0;\n \taesni_mb_data->ops = &aesni_mb_pmd_ops;\n", "prefixes": [ "v5", "1/2" ] }{ "id": 131177, "url": "