From patchwork Thu Aug 17 11:45:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nagadheeraj Rottela X-Patchwork-Id: 130465 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1C47F4308D; Thu, 17 Aug 2023 13:46:16 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 66D8E40EE2; Thu, 17 Aug 2023 13:46:15 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 383B142D12; Thu, 17 Aug 2023 13:46:13 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 37H3ZFva017346; Thu, 17 Aug 2023 04:46:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0220; bh=Q6Ygg/Su5Re4Jk30l83aWtEuYrW6Eix+SffxM2740Ic=; b=gTV5lQoqlCLG6tdYxkdBs2Lm291bV2M4zCKCCMsWQgQydFDiCKw7tICwLz/CwE3KwDb1 o/FxAutsKlJ2Ja/NCd246ay51EyvbYpw6GMI371KAjucHz8fjnONNE9cH0QcIr0KouHX p/EUIzUy20k+sXJ9zsl3P2EE1QN65HwjineSbi+Lf/2svlCPH+eZnYf++wql7s7oR656 7okumWaPI0OfvjmJEdxiGP/UViHcgxQRwpR7Stlw/mBZylkSY417ZecA8DAM67kOPhIc AEuEk238Sy4wa73vV5uKf/7kdjPIOI3BbUBIRoaGZfutvac82aUynk3yZaI9/S1L6Nm0 dw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3sgptkwp48-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 17 Aug 2023 04:46:12 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 17 Aug 2023 04:46:10 -0700 Received: from hyd1399.caveonetworks.com.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 17 Aug 2023 04:46:08 -0700 From: Nagadheeraj Rottela To: CC: , Nagadheeraj Rottela , Subject: [PATCH 1/2] crypto/nitrox: fix panic with higher mbuf segments Date: Thu, 17 Aug 2023 17:15:56 +0530 Message-ID: <20230817114557.25574-2-rnagadheeraj@marvell.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20230817114557.25574-1-rnagadheeraj@marvell.com> References: <20230817114557.25574-1-rnagadheeraj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: VpLBF14vYj7BJiFl05AXSMlTWnsrjkCN X-Proofpoint-GUID: VpLBF14vYj7BJiFl05AXSMlTWnsrjkCN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-08-17_04,2023-08-17_02,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org When the number of segments in source or destination mbuf is higher than max supported then the application was panicked during the creation of sglist when RTE_VERIFY was called. Validate the number of mbuf segments and return an error instead of panicking. Fixes: 678f3eca1dfd ("crypto/nitrox: support cipher-only operations") Fixes: 9282bdee5cdf ("crypto/nitrox: add cipher auth chain processing") Cc: stable@dpdk.org Signed-off-by: Nagadheeraj Rottela --- drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c index 9edb0cc00f..d7e8ff7db4 100644 --- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c +++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c @@ -10,8 +10,11 @@ #include "nitrox_sym_reqmgr.h" #include "nitrox_logs.h" -#define MAX_SGBUF_CNT 16 -#define MAX_SGCOMP_CNT 5 +#define MAX_SUPPORTED_MBUF_SEGS 16 +/* IV + AAD + ORH + CC + DIGEST */ +#define ADDITIONAL_SGBUF_CNT 5 +#define MAX_SGBUF_CNT (MAX_SUPPORTED_MBUF_SEGS + ADDITIONAL_SGBUF_CNT) +#define MAX_SGCOMP_CNT (RTE_ALIGN_MUL_CEIL(MAX_SGBUF_CNT, 4) / 4) /* SLC_STORE_INFO */ #define MIN_UDD_LEN 16 /* PKT_IN_HDR + SLC_STORE_INFO */ @@ -303,7 +306,7 @@ create_sglist_from_mbuf(struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf, datalen -= mlen; } - RTE_VERIFY(cnt <= MAX_SGBUF_CNT); + RTE_ASSERT(cnt <= MAX_SGBUF_CNT); sgtbl->map_bufs_cnt = cnt; return 0; } @@ -375,7 +378,7 @@ create_cipher_outbuf(struct nitrox_softreq *sr) sr->out.sglist[cnt].virt = &sr->resp.completion; cnt++; - RTE_VERIFY(cnt <= MAX_SGBUF_CNT); + RTE_ASSERT(cnt <= MAX_SGBUF_CNT); sr->out.map_bufs_cnt = cnt; create_sgcomp(&sr->out); @@ -600,7 +603,7 @@ create_aead_outbuf(struct nitrox_softreq *sr, struct nitrox_sglist *digest) resp.completion); sr->out.sglist[cnt].virt = &sr->resp.completion; cnt++; - RTE_VERIFY(cnt <= MAX_SGBUF_CNT); + RTE_ASSERT(cnt <= MAX_SGBUF_CNT); sr->out.map_bufs_cnt = cnt; create_sgcomp(&sr->out); @@ -774,6 +777,14 @@ nitrox_process_se_req(uint16_t qno, struct rte_crypto_op *op, { int err; + if (unlikely(op->sym->m_src->nb_segs > MAX_SUPPORTED_MBUF_SEGS || + (op->sym->m_dst && + op->sym->m_dst->nb_segs > MAX_SUPPORTED_MBUF_SEGS))) { + NITROX_LOG(ERR, "Mbuf segments not supported. " + "Max supported %d\n", MAX_SUPPORTED_MBUF_SEGS); + return -ENOTSUP; + } + softreq_init(sr, sr->iova); sr->ctx = ctx; sr->op = op; From patchwork Thu Aug 17 11:45:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nagadheeraj Rottela X-Patchwork-Id: 130466 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 864C14308D; Thu, 17 Aug 2023 13:46:24 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 18F5E4325F; Thu, 17 Aug 2023 13:46:17 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E542342FB2 for ; Thu, 17 Aug 2023 13:46:15 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 37H3VIxk015951 for ; Thu, 17 Aug 2023 04:46:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0220; bh=zNUKDuHfE2RHHEIUsQZ4EVA68Wrr70uGc6LiJqRHkEs=; b=bxe4dyHV3xbyhri2ls5S5VVnfcsMEo+pd8kGWB5D3x482E7UOH5F0zMPU8x92kzMkue/ Frd7Gnsz2zxL4qretq8GVL+Q7oNcyWa/RfwSKYwEvfXY1Gdu/ibD7OarUJ3tg2nq2mn9 pHStI34k9404RI4nfBYS8KUCCubIVI3lbsJJdWUKM+FwLeiyqv0ayxyKP2jqHyDAKbOy wEdqUIAUWmPIAI7BNNk9u5Aa2w1isY8pX/G+8shw0MbIyVJgseOaJJClDcf16p0DI3SS Z6vuAm+oMubYP2f9Sa5cHUR+0dALqH0apdCUVsd7rrOkNYlqs5Ig09nqtuH68GenHht7 jw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3sgptkwp4b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 17 Aug 2023 04:46:15 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 17 Aug 2023 04:46:13 -0700 Received: from hyd1399.caveonetworks.com.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 17 Aug 2023 04:46:11 -0700 From: Nagadheeraj Rottela To: CC: , Nagadheeraj Rottela Subject: [PATCH 2/2] crypto/nitrox: support AES-CCM Date: Thu, 17 Aug 2023 17:15:57 +0530 Message-ID: <20230817114557.25574-3-rnagadheeraj@marvell.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20230817114557.25574-1-rnagadheeraj@marvell.com> References: <20230817114557.25574-1-rnagadheeraj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: M9vqgStFvEIvpQCAkUo9sJOM0_jXfl0h X-Proofpoint-GUID: M9vqgStFvEIvpQCAkUo9sJOM0_jXfl0h X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-08-17_04,2023-08-17_02,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch adds AES-CCM AEAD algorithm. Signed-off-by: Nagadheeraj Rottela --- doc/guides/cryptodevs/features/nitrox.ini | 3 ++ doc/guides/cryptodevs/nitrox.rst | 1 + doc/guides/rel_notes/release_23_11.rst | 4 ++ drivers/crypto/nitrox/nitrox_sym.c | 27 ++++++++++- drivers/crypto/nitrox/nitrox_sym_capabilities.c | 30 ++++++++++++ drivers/crypto/nitrox/nitrox_sym_ctx.h | 1 + drivers/crypto/nitrox/nitrox_sym_reqmgr.c | 61 ++++++++++++++++++++++--- 7 files changed, 119 insertions(+), 8 deletions(-) diff --git a/doc/guides/cryptodevs/features/nitrox.ini b/doc/guides/cryptodevs/features/nitrox.ini index 6cab93a343..32e2c5252c 100644 --- a/doc/guides/cryptodevs/features/nitrox.ini +++ b/doc/guides/cryptodevs/features/nitrox.ini @@ -37,6 +37,9 @@ SHA256 HMAC = Y AES GCM (128) = Y AES GCM (192) = Y AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y ; ; Supported Asymmetric algorithms of the 'nitrox' crypto driver. diff --git a/doc/guides/cryptodevs/nitrox.rst b/doc/guides/cryptodevs/nitrox.rst index 82c4418cd3..94e30220a0 100644 --- a/doc/guides/cryptodevs/nitrox.rst +++ b/doc/guides/cryptodevs/nitrox.rst @@ -29,6 +29,7 @@ Hash algorithms: Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_AES_CCM`` Limitations ----------- diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst index 4411bb32c1..09122984ba 100644 --- a/doc/guides/rel_notes/release_23_11.rst +++ b/doc/guides/rel_notes/release_23_11.rst @@ -72,6 +72,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated Marvell NITROX symmetric crypto PMD.** + + * Added support for AES-CCM algorithm. + Removed Items ------------- diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c index dd8457aaa4..1244317438 100644 --- a/drivers/crypto/nitrox/nitrox_sym.c +++ b/drivers/crypto/nitrox/nitrox_sym.c @@ -492,7 +492,8 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform, return -ENOTSUP; } - if (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM)) + if (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM && + xform->algo != RTE_CRYPTO_AEAD_AES_CCM)) return -ENOTSUP; aes_keylen = flexi_aes_keylen(xform->key.length, true); @@ -506,8 +507,29 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform, if (unlikely(xform->iv.length > MAX_IV_LEN)) return -EINVAL; + if (xform->algo == RTE_CRYPTO_AEAD_AES_CCM) { + int L; + + /* digest_length must be 4, 6, 8, 10, 12, 14, 16 bytes */ + if (unlikely(xform->digest_length < 4 || + xform->digest_length > 16 || + (xform->digest_length & 1) == 1)) { + NITROX_LOG(ERR, "Invalid digest length %d\n", + xform->digest_length); + return -EINVAL; + } + + L = 15 - xform->iv.length; + if (unlikely(L < 2 || L > 8)) { + NITROX_LOG(ERR, "Invalid iv length %d\n", + xform->iv.length); + return -EINVAL; + } + } + fctx->flags = rte_be_to_cpu_64(fctx->flags); - fctx->w0.cipher_type = CIPHER_AES_GCM; + fctx->w0.cipher_type = (xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ? + CIPHER_AES_GCM : CIPHER_AES_CCM; fctx->w0.aes_keylen = aes_keylen; fctx->w0.iv_source = IV_FROM_DPTR; fctx->w0.hash_type = AUTH_NULL; @@ -526,6 +548,7 @@ configure_aead_ctx(struct rte_crypto_aead_xform *xform, ctx->iv.length = xform->iv.length; ctx->digest_length = xform->digest_length; ctx->aad_length = xform->aad_length; + ctx->aead_algo = xform->algo; return 0; } diff --git a/drivers/crypto/nitrox/nitrox_sym_capabilities.c b/drivers/crypto/nitrox/nitrox_sym_capabilities.c index a30cd9f8fa..a1cdfdda7e 100644 --- a/drivers/crypto/nitrox/nitrox_sym_capabilities.c +++ b/drivers/crypto/nitrox/nitrox_sym_capabilities.c @@ -138,6 +138,36 @@ static const struct rte_cryptodev_capabilities nitrox_capabilities[] = { }, } }, } }, + { /* AES CCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_CCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 2 + }, + .aad_size = { + .min = 0, + .max = 512, + .increment = 1 + }, + .iv_size = { + .min = 7, + .max = 13, + .increment = 1 + }, + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/drivers/crypto/nitrox/nitrox_sym_ctx.h b/drivers/crypto/nitrox/nitrox_sym_ctx.h index deb00fc1e0..2bf229e4a3 100644 --- a/drivers/crypto/nitrox/nitrox_sym_ctx.h +++ b/drivers/crypto/nitrox/nitrox_sym_ctx.h @@ -70,6 +70,7 @@ struct flexi_crypto_context { struct nitrox_crypto_ctx { struct flexi_crypto_context fctx; enum nitrox_chain nitrox_chain; + enum rte_crypto_aead_algorithm aead_algo; struct { uint16_t offset; uint16_t length; diff --git a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c index d7e8ff7db4..973bb5f424 100644 --- a/drivers/crypto/nitrox/nitrox_sym_reqmgr.c +++ b/drivers/crypto/nitrox/nitrox_sym_reqmgr.c @@ -23,6 +23,8 @@ #define SOLICIT_BASE_DPORT 256 #define PENDING_SIG 0xFFFFFFFFFFFFFFFFUL #define CMD_TIMEOUT 2 +/* For AES_CCM actual AAD will be copied 18 bytes after the AAD pointer, according to the API */ +#define DPDK_AES_CCM_ADD_OFFSET 18 struct gphdr { uint16_t param0; @@ -486,10 +488,15 @@ create_combined_sglist(struct nitrox_softreq *sr, struct nitrox_sgtable *sgtbl, struct rte_mbuf *mbuf) { struct rte_crypto_op *op = sr->op; + uint32_t aad_offset = 0; + + if (sr->ctx->aead_algo == RTE_CRYPTO_AEAD_AES_CCM) + aad_offset = DPDK_AES_CCM_ADD_OFFSET; fill_sglist(sgtbl, sr->iv.len, sr->iv.iova, sr->iv.virt); - fill_sglist(sgtbl, sr->ctx->aad_length, op->sym->aead.aad.phys_addr, - op->sym->aead.aad.data); + fill_sglist(sgtbl, sr->ctx->aad_length, + op->sym->aead.aad.phys_addr + aad_offset, + op->sym->aead.aad.data + aad_offset); return create_sglist_from_mbuf(sgtbl, mbuf, op->sym->cipher.data.offset, op->sym->cipher.data.length); } @@ -721,11 +728,53 @@ process_combined_data(struct nitrox_softreq *sr) struct nitrox_sglist digest; struct rte_crypto_op *op = sr->op; - err = softreq_copy_salt(sr); - if (unlikely(err)) - return err; + if (sr->ctx->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) { + err = softreq_copy_salt(sr); + if (unlikely(err)) + return err; + + softreq_copy_iv(sr, AES_GCM_SALT_SIZE); + } else if (sr->ctx->aead_algo == RTE_CRYPTO_AEAD_AES_CCM) { + union { + uint8_t value; + struct { +#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN + uint8_t rsvd: 1; + uint8_t adata: 1; + uint8_t mstar: 3; + uint8_t lstar: 3; +#else + uint8_t lstar: 3; + uint8_t mstar: 3; + uint8_t adata: 1; + uint8_t rsvd: 1; +#endif + }; + } flags; + uint8_t L; + uint8_t *iv_addr; + + flags.value = 0; + flags.rsvd = 0; + flags.adata = (sr->ctx->aad_length > 0) ? 1 : 0; + flags.mstar = (sr->ctx->digest_length - 2) / 2; + L = 15 - sr->ctx->iv.length; + flags.lstar = L - 1; + iv_addr = rte_crypto_op_ctod_offset(sr->op, uint8_t *, + sr->ctx->iv.offset); + /* initialize IV flags */ + iv_addr[0] = flags.value; + /* initialize IV counter to 0 */ + memset(&iv_addr[1] + sr->ctx->iv.length, 0, L); + sr->iv.virt = rte_crypto_op_ctod_offset(sr->op, uint8_t *, + sr->ctx->iv.offset); + sr->iv.iova = rte_crypto_op_ctophys_offset(sr->op, + sr->ctx->iv.offset); + sr->iv.len = 16; + } else { + return -EINVAL; + } - softreq_copy_iv(sr, AES_GCM_SALT_SIZE); err = extract_combined_digest(sr, &digest); if (unlikely(err)) return err;