Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/97604/?format=api
{ "id": 97604, "url": "http://patchwork.dpdk.org/api/patches/97604/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210831140127.31775-3-ktejasree@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210831140127.31775-3-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210831140127.31775-3-ktejasree@marvell.com", "date": "2021-08-31T14:01:21", "name": "[2/8] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA1 support", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "0e76df35274b3614b3367cc67769a9e35c18e2aa", "submitter": { "id": 1789, "url": "http://patchwork.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": null, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210831140127.31775-3-ktejasree@marvell.com/mbox/", "series": [ { "id": 18562, "url": "http://patchwork.dpdk.org/api/series/18562/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=18562", "date": "2021-08-31T14:01:19", "name": "add lookaside IPsec additional features", "version": 1, "mbox": "http://patchwork.dpdk.org/series/18562/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/97604/comments/", "check": "warning", "checks": "http://patchwork.dpdk.org/api/patches/97604/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id A6E66A0C46;\n\tTue, 31 Aug 2021 15:08:06 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 33061406A3;\n\tTue, 31 Aug 2021 15:08:02 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id 23A224067E\n for <dev@dpdk.org>; Tue, 31 Aug 2021 15:07:59 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 17VCMRwm029338\n for <dev@dpdk.org>; Tue, 31 Aug 2021 06:07:58 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0b-0016f401.pphosted.com with ESMTP id 3asf15hhe0-3\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Tue, 31 Aug 2021 06:07:57 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Tue, 31 Aug 2021 06:07:54 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Tue, 31 Aug 2021 06:07:54 -0700", "from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id A4DC53F7083;\n Tue, 31 Aug 2021 06:07:51 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=4TeJeYpAmV/L09CUnyFlf7G76j+41Jaoojr7BQHvHOk=;\n b=CauFxbbicVF1qowl/HN8S0mw+usVQTw7Qn8ijcSF3F51OoyF3U1WidGpEtOk66C5gmTx\n 3j4B9iJNWZwzMqs7W9gb45Ig1EQQmLpU3pAqshBl74fcaTbcK1Jk+gCdQwrPQEAyTjVK\n fNyUWOelejWPFM4HihPWrT7y/t7Y3J/p1I/jT3OYkTel/0675Bly/UGHms+1UXSl4Vu/\n 93lYCGnKhqoDFwpCxHdMPme2n0or+TG8x3B7gxbSt60ziMvnmZm2xIxuNkAt17nu9cGf\n Tt49Z+8vLBq6KEVUByQkVKeejWHSekPpeiYZFGgZWKZ7JaAvR9+nWntX7LyDFtSiHBBc Sw==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>", "CC": "Tejasree Kondoj <ktejasree@marvell.com>,\n Anoob Joseph <anoobj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>, Archana Muniganti\n <marchana@marvell.com>, Srujana Challa <schalla@marvell.com>, \"Nithin\n Dabilpuram\" <ndabilpuram@marvell.com>,\n Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org>", "Date": "Tue, 31 Aug 2021 19:31:21 +0530", "Message-ID": "<20210831140127.31775-3-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.27.0", "In-Reply-To": "<20210831140127.31775-1-ktejasree@marvell.com>", "References": "<20210831140127.31775-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-ORIG-GUID": "xdS9mQHxXTowdnULNNja0bnDuU4pllaG", "X-Proofpoint-GUID": "xdS9mQHxXTowdnULNNja0bnDuU4pllaG", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475\n definitions=2021-08-31_05,2021-08-31_01,2020-04-07_01", "Subject": "[dpdk-dev] [PATCH 2/8] crypto/cnxk: add lookaside IPsec\n AES-CBC-HMAC-SHA1 support", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Adding lookaside IPsec AES-CBC-HMAC-SHA1 support to cnxk driver.\n\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n doc/guides/cryptodevs/cnxk.rst | 1 +\n doc/guides/rel_notes/release_21_11.rst | 4 ++\n drivers/common/cnxk/cnxk_security.c | 68 ++++++++++++++++++-\n drivers/crypto/cnxk/cn10k_ipsec.c | 63 ++++++++++++++++-\n .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 44 ++++++++++++\n 5 files changed, 176 insertions(+), 4 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst\nindex 98c7118d68..a40295c087 100644\n--- a/doc/guides/cryptodevs/cnxk.rst\n+++ b/doc/guides/cryptodevs/cnxk.rst\n@@ -231,6 +231,7 @@ Features supported\n * ESP\n * Tunnel mode\n * AES-128/192/256-GCM\n+* AES-128/192/256-CBC-SHA1-HMAC\n \n Limitations\n -----------\ndiff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst\nindex d707a554ef..0d9ce123aa 100644\n--- a/doc/guides/rel_notes/release_21_11.rst\n+++ b/doc/guides/rel_notes/release_21_11.rst\n@@ -20,6 +20,10 @@ DPDK Release 21.11\n make doc-guides-html\n xdg-open build/doc/html/guides/rel_notes/release_21_11.html\n \n+* **Updated Marvell cn10k_crypto PMD.**\n+\n+ * Added AES-CBC-SHA1-HMAC in lookaside protocol (IPsec).\n+\n \n New Features\n ------------\ndiff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c\nindex 6c6728f570..fe64e70c81 100644\n--- a/drivers/common/cnxk/cnxk_security.c\n+++ b/drivers/common/cnxk/cnxk_security.c\n@@ -6,12 +6,43 @@\n \n #include \"cnxk_security.h\"\n \n+static void\n+ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,\n+\t\t\t uint8_t *hmac_opad_ipad)\n+{\n+\tconst uint8_t *key = auth_xform->auth.key.data;\n+\tuint32_t length = auth_xform->auth.key.length;\n+\tuint8_t opad[128] = {[0 ... 127] = 0x5c};\n+\tuint8_t ipad[128] = {[0 ... 127] = 0x36};\n+\tuint32_t i;\n+\n+\t/* HMAC OPAD and IPAD */\n+\tfor (i = 0; i < 127 && i < length; i++) {\n+\t\topad[i] = opad[i] ^ key[i];\n+\t\tipad[i] = ipad[i] ^ key[i];\n+\t}\n+\n+\t/* Precompute hash of HMAC OPAD and IPAD to avoid\n+\t * per packet computation\n+\t */\n+\tswitch (auth_xform->auth.algo) {\n+\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\troc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);\n+\t\troc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+}\n+\n static int\n ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\t\t uint8_t *cipher_key, uint8_t *salt_key,\n+\t\t\t uint8_t *hmac_opad_ipad,\n \t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n \t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n {\n+\tstruct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;\n \tconst uint8_t *key;\n \tuint32_t *tmp_salt;\n \tuint64_t *tmp_key;\n@@ -21,9 +52,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \tswitch (ipsec_xfrm->direction) {\n \tcase RTE_SECURITY_IPSEC_SA_DIR_INGRESS:\n \t\tw2->s.dir = ROC_IE_OT_SA_DIR_INBOUND;\n+\t\tauth_xfrm = crypto_xfrm;\n+\t\tcipher_xfrm = crypto_xfrm->next;\n \t\tbreak;\n \tcase RTE_SECURITY_IPSEC_SA_DIR_EGRESS:\n \t\tw2->s.dir = ROC_IE_OT_SA_DIR_OUTBOUND;\n+\t\tcipher_xfrm = crypto_xfrm;\n+\t\tauth_xfrm = crypto_xfrm->next;\n \t\tbreak;\n \tdefault:\n \t\treturn -EINVAL;\n@@ -70,7 +105,32 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\t\treturn -ENOTSUP;\n \t\t}\n \t} else {\n-\t\treturn -ENOTSUP;\n+\t\tswitch (cipher_xfrm->cipher.algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\tw2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\n+\t\tswitch (auth_xfrm->auth.algo) {\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\tw2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\n+\t\tkey = cipher_xfrm->cipher.key.data;\n+\t\tlength = cipher_xfrm->cipher.key.length;\n+\n+\t\tipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);\n+\n+\t\ttmp_key = (uint64_t *)hmac_opad_ipad;\n+\t\tfor (i = 0;\n+\t\t i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t));\n+\t\t i++)\n+\t\t\ttmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);\n \t}\n \n \t/* Set encapsulation type */\n@@ -129,7 +189,8 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,\n \n \tw2.u64 = 0;\n \trc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->w8.s.salt,\n-\t\t\t\t\t ipsec_xfrm, crypto_xfrm);\n+\t\t\t\t\t sa->hmac_opad_ipad, ipsec_xfrm,\n+\t\t\t\t\t crypto_xfrm);\n \tif (rc)\n \t\treturn rc;\n \n@@ -196,7 +257,8 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,\n \n \tw2.u64 = 0;\n \trc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->iv.s.salt,\n-\t\t\t\t\t ipsec_xfrm, crypto_xfrm);\n+\t\t\t\t\t sa->hmac_opad_ipad, ipsec_xfrm,\n+\t\t\t\t\t crypto_xfrm);\n \tif (rc)\n \t\treturn rc;\n \ndiff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c\nindex 1d567bf188..408a682b21 100644\n--- a/drivers/crypto/cnxk/cn10k_ipsec.c\n+++ b/drivers/crypto/cnxk/cn10k_ipsec.c\n@@ -17,6 +17,37 @@\n \n #include \"roc_api.h\"\n \n+static int\n+ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tif (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tswitch (xform->cipher.key.length) {\n+\t\tcase 16:\n+\t\tcase 24:\n+\t\tcase 32:\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static int\n+ipsec_xform_auth_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tuint16_t keylen = xform->auth.key.length;\n+\n+\tif (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {\n+\t\tif (keylen >= 20 && keylen <= 64)\n+\t\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n static int\n ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm,\n \t\t\tstruct rte_crypto_sym_xform *crypto_xfrm)\n@@ -48,6 +79,9 @@ static int\n cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm,\n \t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n {\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tint ret;\n+\n \tif ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&\n \t (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS))\n \t\treturn -EINVAL;\n@@ -67,7 +101,34 @@ cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm,\n \tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n \t\treturn ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm);\n \n-\treturn -ENOTSUP;\n+\tif (crypto_xfrm->next == NULL)\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\t/* Ingress */\n+\t\tif (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH ||\n+\t\t crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)\n+\t\t\treturn -EINVAL;\n+\t\tauth_xform = crypto_xfrm;\n+\t\tcipher_xform = crypto_xfrm->next;\n+\t} else {\n+\t\t/* Egress */\n+\t\tif (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||\n+\t\t crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)\n+\t\t\treturn -EINVAL;\n+\t\tcipher_xform = crypto_xfrm;\n+\t\tauth_xform = crypto_xfrm->next;\n+\t}\n+\n+\tret = ipsec_xform_cipher_verify(cipher_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = ipsec_xform_auth_verify(auth_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\treturn 0;\n }\n \n static uint64_t\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex ab37f9c43b..47274b2c24 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -754,6 +754,49 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES CBC */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,\n+\t\t\t{.cipher = {\n+\t\t\t\t.algo = RTE_CRYPTO_CIPHER_AES_CBC,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n+};\n+\n+static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {\n+\t{\t/* SHA1 HMAC */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t{.auth = {\n+\t\t\t\t.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,\n+\t\t\t\t.block_size = 64,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 20,\n+\t\t\t\t\t.max = 64,\n+\t\t\t\t\t.increment = 1\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n };\n \n static const struct rte_security_capability sec_caps_templ[] = {\n@@ -839,6 +882,7 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],\n \tint cur_pos = 0;\n \n \tSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);\n+\tSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);\n \n \tsec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));\n }\n", "prefixes": [ "2/8" ] }