diff mbox series

[15/17] crypto/cnxk: set salt in dptr as part of IV

Message ID	20221220143232.2519650-16-ktejasree@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Tejasree Kondoj <ktejasree@marvell.com> To: Akhil Goyal <gakhil@marvell.com> CC: Anoob Joseph <anoobj@marvell.com>, Vidya Sagar Velumuri <vvelumuri@marvell.com>, Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>, Volodymyr Fialko <vfialko@marvell.com>, "Aakash Sasidharan" <asasidharan@marvell.com>, <dev@dpdk.org> Subject: [PATCH 15/17] crypto/cnxk: set salt in dptr as part of IV Date: Tue, 20 Dec 2022 20:02:30 +0530 Message-ID: <20221220143232.2519650-16-ktejasree@marvell.com> In-Reply-To: <20221220143232.2519650-1-ktejasree@marvell.com> References: <20221220143232.2519650-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	fixes and improvements to cnxk crytpo PMD \| [00/17] fixes and improvements to cnxk crytpo PMD [01/17] common/cnxk: perform LF fini ops only when allocated [02/17] common/cnxk: generate opad and ipad in driver [03/17] crypto/cnxk: update resp len calculation for IPv6 [04/17] crypto/cnxk: add context to passthrough instruction [05/17] crypto/cnxk: support truncated digest length [06/17] crypto/cnxk: add queue pair check to meta set [07/17] crypto/cnxk: update crypto completion code handling [08/17] crypto/cnxk: fix incorrect digest for an empty input data [09/17] crypto/cnxk: add CN9K IPsec SG support [10/17] crypto/cnxk: add support for SHA3 hash [11/17] common/cnxk: skip hmac hash precomputation [12/17] crypto/octeontx: support truncated digest size [13/17] crypto/cnxk: set device ops to null in PCI remove [14/17] crypto/cnxk: add CTX for non IPsec operations [15/17] crypto/cnxk: set salt in dptr as part of IV [16/17] crypto/cnxk: remove null check of session priv [17/17] common/cnxk: remove salt from session

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Tejasree Kondoj Dec. 20, 2022, 2:32 p.m. UTC

  Set salt as part of 16B IV in dptr to avoid race
condition.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/common/cnxk/roc_se.c  |  7 +++-
 drivers/crypto/cnxk/cnxk_se.h | 76 +++++++++++++++++++----------------
 2 files changed, 47 insertions(+), 36 deletions(-)

diff mbox series

Patch

diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 8c19c5fccc..f335c2367f 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -462,8 +462,10 @@  roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
 		return -1;
 
 	/* For GMAC auth, cipher must be NULL */
-	if (type == ROC_SE_GMAC_TYPE)
+	if (type == ROC_SE_GMAC_TYPE) {
 		fctx->enc.enc_cipher = 0;
+		se_ctx->template_w4.s.opcode_minor = BIT(5);
+	}
 
 	fctx->enc.hash_type = type;
 	se_ctx->hash_type = type;
@@ -530,6 +532,9 @@  roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
 			return 0;
 	}
 
+	if (type == ROC_SE_AES_GCM)
+		se_ctx->template_w4.s.opcode_minor = BIT(5);
+
 	ret = cpt_ciph_type_set(type, se_ctx, key_len);
 	if (unlikely(ret))
 		return -1;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 774efd5879..1827b0d7b3 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -43,7 +43,8 @@  struct cnxk_se_sess {
 	uint16_t dp_thr_type : 8;
 	uint16_t aad_length;
 	uint8_t is_sha3 : 1;
-	uint8_t rsvd : 7;
+	uint8_t short_iv : 1;
+	uint8_t rsvd : 6;
 	uint8_t mac_len;
 	uint8_t iv_length;
 	uint8_t auth_iv_length;
@@ -201,13 +202,6 @@  cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
 	return ret;
 }
 
-static __rte_always_inline void
-cpt_fc_salt_update(struct roc_se_ctx *se_ctx, uint8_t *salt)
-{
-	struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
-	memcpy(fctx->enc.encr_iv, salt, 4);
-}
-
 static __rte_always_inline int
 sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t offset_ctrl,
 	     uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type, int32_t inputlen,
@@ -1703,8 +1697,17 @@  fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->iv_length = aead_form->iv.length;
 	sess->aad_length = aead_form->aad_length;
 
-	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
-					 aead_form->key.data,
+	switch (sess->iv_length) {
+	case 12:
+		sess->short_iv = 1;
+	case 16:
+		break;
+	default:
+		plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+		return -1;
+	}
+
+	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, aead_form->key.data,
 					 aead_form->key.length, NULL)))
 		return -1;
 
@@ -1712,6 +1715,8 @@  fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 					 aead_form->digest_length)))
 		return -1;
 
+	if (enc_type == ROC_SE_CHACHA20)
+		sess->roc_se_ctx.template_w4.s.opcode_minor |= BIT(5);
 	return 0;
 }
 
@@ -1849,9 +1854,19 @@  fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->iv_length = c_form->iv.length;
 	sess->is_null = is_null;
 
-	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
-					 c_form->key.data, c_form->key.length,
-					 NULL)))
+	if (aes_ctr)
+		switch (sess->iv_length) {
+		case 12:
+			sess->short_iv = 1;
+		case 16:
+			break;
+		default:
+			plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+			return -1;
+		}
+
+	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, c_form->key.data,
+					 c_form->key.length, NULL)))
 		return -1;
 
 	if ((enc_type >= ROC_SE_ZUC_EEA3) && (enc_type <= ROC_SE_AES_CTR_EEA2))
@@ -2046,9 +2061,18 @@  fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 	sess->iv_length = a_form->iv.length;
 	sess->mac_len = a_form->digest_length;
 
-	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
-					 a_form->key.data, a_form->key.length,
-					 NULL)))
+	switch (sess->iv_length) {
+	case 12:
+		sess->short_iv = 1;
+	case 16:
+		break;
+	default:
+		plt_dp_err("Crypto: Unsupported IV length %u", sess->iv_length);
+		return -1;
+	}
+
+	if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type, a_form->key.data,
+					 a_form->key.length, NULL)))
 		return -1;
 
 	if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
@@ -2192,7 +2216,7 @@  fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	if (likely(is_kasumi || sess->iv_length)) {
 		flags |= ROC_SE_VALID_IV_BUF;
 		fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset);
-		if (!is_aead && sess->aes_ctr && unlikely(sess->iv_length != 16)) {
+		if (sess->short_iv) {
 			memcpy((uint8_t *)iv_buf,
 			       rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 12);
 			iv_buf[3] = rte_cpu_to_be_32(0x1);
@@ -2209,7 +2233,6 @@  fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 
 	if (is_aead) {
 		struct rte_mbuf *m;
-		uint8_t *salt;
 		uint8_t *aad_data;
 		uint16_t aad_len;
 
@@ -2234,13 +2257,6 @@  fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 			d_lens = d_lens << 32;
 		}
 
-		salt = fc_params.iv_buf;
-		if (unlikely(*(uint32_t *)salt != sess->salt)) {
-			cpt_fc_salt_update(&sess->roc_se_ctx, salt);
-			sess->salt = *(uint32_t *)salt;
-		}
-
-		fc_params.iv_buf = PLT_PTR_ADD(salt, 4);
 		m = cpt_m_dst_get(cpt_op, m_src, m_dst);
 
 		/* Digest immediately following data is best case */
@@ -2266,16 +2282,6 @@  fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 		d_lens = ci_data_length;
 		d_lens = (d_lens << 32) | a_data_length;
 
-		/* for gmac, salt should be updated like in gcm */
-		if (unlikely(sess->is_gmac)) {
-			uint8_t *salt;
-			salt = fc_params.iv_buf;
-			if (unlikely(*(uint32_t *)salt != sess->salt)) {
-				cpt_fc_salt_update(&sess->roc_se_ctx, salt);
-				sess->salt = *(uint32_t *)salt;
-			}
-			fc_params.iv_buf = salt + 4;
-		}
 		if (likely(sess->mac_len)) {
 			struct rte_mbuf *m = cpt_m_dst_get(cpt_op, m_src, m_dst);