Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/97677/?format=api
http://patchwork.dpdk.org/api/patches/97677/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20210901101930.29333-3-ktejasree@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210901101930.29333-3-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210901101930.29333-3-ktejasree@marvell.com", "date": "2021-09-01T10:19:24", "name": "[v2,2/8] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA1 support", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "5d0c05f7a6de04baf42f576100301aecfb3dcd62", "submitter": { "id": 1789, "url": "http://patchwork.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20210901101930.29333-3-ktejasree@marvell.com/mbox/", "series": [ { "id": 18598, "url": "http://patchwork.dpdk.org/api/series/18598/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=18598", "date": "2021-09-01T10:19:26", "name": "add lookaside IPsec additional features", "version": 2, "mbox": "http://patchwork.dpdk.org/series/18598/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/97677/comments/", "check": "warning", "checks": "http://patchwork.dpdk.org/api/patches/97677/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id A7161A0C4D;\n\tWed, 1 Sep 2021 11:26:10 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 508304114A;\n\tWed, 1 Sep 2021 11:25:52 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 185B74013F\n for <dev@dpdk.org>; Wed, 1 Sep 2021 11:25:47 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159puE026653\n for <dev@dpdk.org>; Wed, 1 Sep 2021 02:25:47 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0a-0016f401.pphosted.com with ESMTP id 3at34prygn-11\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Wed, 01 Sep 2021 02:25:47 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Wed, 1 Sep 2021 02:25:33 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Wed, 1 Sep 2021 02:25:33 -0700", "from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id 703AD3F708C;\n Wed, 1 Sep 2021 02:25:30 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=oriO321/StxWoWhGQWnGK/qhhAhhG6k0YNyW+/Jw8k0=;\n b=UuMf4zL+/h36eKnqfw5mQdk53Xc87NSfY7M4IoCVvuRmv4BVwa7jgV3y5dod3KbjzG9e\n TLaDS8BRvUNIEkkAux3oXTvszFhGEGWkybdYZ7B+un2PL9Nd9Rmi8Hx8RaNr7WGls/Xc\n i1epmKX3xAyK2GHiOVnQbEuemU5/orSJRLgjNkV5M6WulMvTOqcKE0RVRtMnhUpYHnYc\n drrSlthRdvVh9Dk5qujnPQSUXNqxeZxpeIBgAPrhGcpLa244kvkiIjghRWWtFp64P9px\n fwzuJnqUESKNwj+4IHzCnTbybR1gLjhA8TGHJizE5iqgG85GLosLgINSXhG3HGc87msM xw==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>", "CC": "Tejasree Kondoj <ktejasree@marvell.com>,\n Anoob Joseph <anoobj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>, Archana Muniganti\n <marchana@marvell.com>, Srujana Challa <schalla@marvell.com>, \"Nithin\n Dabilpuram\" <ndabilpuram@marvell.com>,\n Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org>", "Date": "Wed, 1 Sep 2021 15:49:24 +0530", "Message-ID": "<20210901101930.29333-3-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.27.0", "In-Reply-To": "<20210901101930.29333-1-ktejasree@marvell.com>", "References": "<20210901101930.29333-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-ORIG-GUID": "3gHC4JuhCHCCuUiVNJPvIDkfSLjJx51p", "X-Proofpoint-GUID": "3gHC4JuhCHCCuUiVNJPvIDkfSLjJx51p", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475\n definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01", "Subject": "[dpdk-dev] [PATCH v2 2/8] crypto/cnxk: add lookaside IPsec\n AES-CBC-HMAC-SHA1 support", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Adding lookaside IPsec AES-CBC-HMAC-SHA1 support to cnxk driver.\n\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n doc/guides/cryptodevs/cnxk.rst | 1 +\n doc/guides/rel_notes/release_21_11.rst | 4 ++\n drivers/common/cnxk/cnxk_security.c | 68 ++++++++++++++++++-\n drivers/crypto/cnxk/cn10k_ipsec.c | 63 ++++++++++++++++-\n .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 44 ++++++++++++\n 5 files changed, 176 insertions(+), 4 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst\nindex 98c7118d68..a40295c087 100644\n--- a/doc/guides/cryptodevs/cnxk.rst\n+++ b/doc/guides/cryptodevs/cnxk.rst\n@@ -231,6 +231,7 @@ Features supported\n * ESP\n * Tunnel mode\n * AES-128/192/256-GCM\n+* AES-128/192/256-CBC-SHA1-HMAC\n \n Limitations\n -----------\ndiff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst\nindex d707a554ef..130d676a11 100644\n--- a/doc/guides/rel_notes/release_21_11.rst\n+++ b/doc/guides/rel_notes/release_21_11.rst\n@@ -55,6 +55,10 @@ New Features\n Also, make sure to start the actual text at the margin.\n =======================================================\n \n+* **Updated Marvell cn10k_crypto PMD.**\n+\n+ * Added aes-cbc sha1-hmac in lookaside protocol (IPsec).\n+\n \n Removed Items\n -------------\ndiff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c\nindex 6c6728f570..fe64e70c81 100644\n--- a/drivers/common/cnxk/cnxk_security.c\n+++ b/drivers/common/cnxk/cnxk_security.c\n@@ -6,12 +6,43 @@\n \n #include \"cnxk_security.h\"\n \n+static void\n+ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,\n+\t\t\t uint8_t *hmac_opad_ipad)\n+{\n+\tconst uint8_t *key = auth_xform->auth.key.data;\n+\tuint32_t length = auth_xform->auth.key.length;\n+\tuint8_t opad[128] = {[0 ... 127] = 0x5c};\n+\tuint8_t ipad[128] = {[0 ... 127] = 0x36};\n+\tuint32_t i;\n+\n+\t/* HMAC OPAD and IPAD */\n+\tfor (i = 0; i < 127 && i < length; i++) {\n+\t\topad[i] = opad[i] ^ key[i];\n+\t\tipad[i] = ipad[i] ^ key[i];\n+\t}\n+\n+\t/* Precompute hash of HMAC OPAD and IPAD to avoid\n+\t * per packet computation\n+\t */\n+\tswitch (auth_xform->auth.algo) {\n+\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\troc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);\n+\t\troc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+}\n+\n static int\n ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\t\t uint8_t *cipher_key, uint8_t *salt_key,\n+\t\t\t uint8_t *hmac_opad_ipad,\n \t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n \t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n {\n+\tstruct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;\n \tconst uint8_t *key;\n \tuint32_t *tmp_salt;\n \tuint64_t *tmp_key;\n@@ -21,9 +52,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \tswitch (ipsec_xfrm->direction) {\n \tcase RTE_SECURITY_IPSEC_SA_DIR_INGRESS:\n \t\tw2->s.dir = ROC_IE_OT_SA_DIR_INBOUND;\n+\t\tauth_xfrm = crypto_xfrm;\n+\t\tcipher_xfrm = crypto_xfrm->next;\n \t\tbreak;\n \tcase RTE_SECURITY_IPSEC_SA_DIR_EGRESS:\n \t\tw2->s.dir = ROC_IE_OT_SA_DIR_OUTBOUND;\n+\t\tcipher_xfrm = crypto_xfrm;\n+\t\tauth_xfrm = crypto_xfrm->next;\n \t\tbreak;\n \tdefault:\n \t\treturn -EINVAL;\n@@ -70,7 +105,32 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\t\treturn -ENOTSUP;\n \t\t}\n \t} else {\n-\t\treturn -ENOTSUP;\n+\t\tswitch (cipher_xfrm->cipher.algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\tw2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\n+\t\tswitch (auth_xfrm->auth.algo) {\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\tw2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\n+\t\tkey = cipher_xfrm->cipher.key.data;\n+\t\tlength = cipher_xfrm->cipher.key.length;\n+\n+\t\tipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);\n+\n+\t\ttmp_key = (uint64_t *)hmac_opad_ipad;\n+\t\tfor (i = 0;\n+\t\t i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t));\n+\t\t i++)\n+\t\t\ttmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);\n \t}\n \n \t/* Set encapsulation type */\n@@ -129,7 +189,8 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,\n \n \tw2.u64 = 0;\n \trc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->w8.s.salt,\n-\t\t\t\t\t ipsec_xfrm, crypto_xfrm);\n+\t\t\t\t\t sa->hmac_opad_ipad, ipsec_xfrm,\n+\t\t\t\t\t crypto_xfrm);\n \tif (rc)\n \t\treturn rc;\n \n@@ -196,7 +257,8 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,\n \n \tw2.u64 = 0;\n \trc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->iv.s.salt,\n-\t\t\t\t\t ipsec_xfrm, crypto_xfrm);\n+\t\t\t\t\t sa->hmac_opad_ipad, ipsec_xfrm,\n+\t\t\t\t\t crypto_xfrm);\n \tif (rc)\n \t\treturn rc;\n \ndiff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c\nindex 1d567bf188..408a682b21 100644\n--- a/drivers/crypto/cnxk/cn10k_ipsec.c\n+++ b/drivers/crypto/cnxk/cn10k_ipsec.c\n@@ -17,6 +17,37 @@\n \n #include \"roc_api.h\"\n \n+static int\n+ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tif (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tswitch (xform->cipher.key.length) {\n+\t\tcase 16:\n+\t\tcase 24:\n+\t\tcase 32:\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static int\n+ipsec_xform_auth_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tuint16_t keylen = xform->auth.key.length;\n+\n+\tif (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {\n+\t\tif (keylen >= 20 && keylen <= 64)\n+\t\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n static int\n ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm,\n \t\t\tstruct rte_crypto_sym_xform *crypto_xfrm)\n@@ -48,6 +79,9 @@ static int\n cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm,\n \t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n {\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tint ret;\n+\n \tif ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&\n \t (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS))\n \t\treturn -EINVAL;\n@@ -67,7 +101,34 @@ cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm,\n \tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n \t\treturn ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm);\n \n-\treturn -ENOTSUP;\n+\tif (crypto_xfrm->next == NULL)\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\t/* Ingress */\n+\t\tif (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH ||\n+\t\t crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)\n+\t\t\treturn -EINVAL;\n+\t\tauth_xform = crypto_xfrm;\n+\t\tcipher_xform = crypto_xfrm->next;\n+\t} else {\n+\t\t/* Egress */\n+\t\tif (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||\n+\t\t crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)\n+\t\t\treturn -EINVAL;\n+\t\tcipher_xform = crypto_xfrm;\n+\t\tauth_xform = crypto_xfrm->next;\n+\t}\n+\n+\tret = ipsec_xform_cipher_verify(cipher_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = ipsec_xform_auth_verify(auth_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\treturn 0;\n }\n \n static uint64_t\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex ab37f9c43b..47274b2c24 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -754,6 +754,49 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES CBC */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,\n+\t\t\t{.cipher = {\n+\t\t\t\t.algo = RTE_CRYPTO_CIPHER_AES_CBC,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n+};\n+\n+static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {\n+\t{\t/* SHA1 HMAC */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t{.auth = {\n+\t\t\t\t.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,\n+\t\t\t\t.block_size = 64,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 20,\n+\t\t\t\t\t.max = 64,\n+\t\t\t\t\t.increment = 1\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n };\n \n static const struct rte_security_capability sec_caps_templ[] = {\n@@ -839,6 +882,7 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],\n \tint cur_pos = 0;\n \n \tSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);\n+\tSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);\n \n \tsec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));\n }\n", "prefixes": [ "v2", "2/8" ] }{ "id": 97677, "url": "