From patchwork Tue Dec 7 06:50:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 104976 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DC111A034F; Tue, 7 Dec 2021 07:53:00 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AB58442769; Tue, 7 Dec 2021 07:52:14 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 9BB2D4273E for ; Tue, 7 Dec 2021 07:52:09 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1B76pJvv018306 for ; Mon, 6 Dec 2021 22:52:08 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=wvdVVHsr62Wa5gyqgACrgIkCdHROpLTKwN7GZXuD860=; b=eZzCucb/bhp9T7hwLe2bM8Zg2vywc6ZJqEO58aLB5ffDqMDfKSq8e0lHqwni0rc4BH6L cYAnNf64h4MLb4zt9nGNNI6VH1TBZMvGd375T784Hcik7YBwcNGTJqNbUN+EPe2kXmHt Ts1M1NET4Ro/ruwCByt9TsYaIvGwyupeiirCDf80SiSrSbspeSBJKl16uqfKJQEcqaRU gLFl0dK9YtqsTYiYIi/W05X+vMvEeg2ubDYL8ME4ZDhleWB3aD4qmEEggjPGVJN3DiYK BS6JzR62TQ+ymg+B6j0m9UYkwjWvGR6owFOxuRBrZT50U73SK2OB4ATtzGbS17Wu5U3v Fg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3ct2q9004x-12 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Mon, 06 Dec 2021 22:52:08 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Dec 2021 22:52:06 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Mon, 6 Dec 2021 22:52:05 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 9A8F33F7092; Mon, 6 Dec 2021 22:52:03 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 17/25] crypto/cnxk: handle null chained ops Date: Tue, 7 Dec 2021 12:20:50 +0530 Message-ID: <1638859858-734-18-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1638859858-734-1-git-send-email-anoobj@marvell.com> References: <1638859858-734-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 4ol8RefPrB2SQ8kJjXsKIQFOiY457rJc X-Proofpoint-ORIG-GUID: 4ol8RefPrB2SQ8kJjXsKIQFOiY457rJc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-07_02,2021-12-06_02,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Verification doesn't cover cases when NULL auth/cipher is provided as a chain. Removed the separate function for verification and added a replacement function which calls the appropriate downstream functions. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 189 ++++++++++++++++--------------- drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 10 -- drivers/crypto/cnxk/cnxk_se.h | 6 + 3 files changed, 102 insertions(+), 103 deletions(-) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 21ee09f..b02f070 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -418,84 +418,121 @@ cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) } static int -sym_xform_verify(struct rte_crypto_sym_xform *xform) +cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) { - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.algo == RTE_CRYPTO_AUTH_NULL && - xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) - return -ENOTSUP; + struct rte_crypto_sym_xform *aead_xfrm = NULL; + struct rte_crypto_sym_xform *c_xfrm = NULL; + struct rte_crypto_sym_xform *a_xfrm = NULL; + bool ciph_then_auth; - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) - return CNXK_CPT_CIPHER; + if (xform == NULL) + return -EINVAL; - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL) - return CNXK_CPT_AUTH; + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + c_xfrm = xform; + a_xfrm = xform->next; + ciph_then_auth = true; + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + c_xfrm = xform->next; + a_xfrm = xform; + ciph_then_auth = false; + } else { + aead_xfrm = xform; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD && xform->next == NULL) - return CNXK_CPT_AEAD; + if (c_xfrm != NULL && c_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER) { + plt_dp_err("Invalid type in cipher xform"); + return -EINVAL; + } - if (xform->next == NULL) - return -EIO; + if (a_xfrm != NULL && a_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH) { + plt_dp_err("Invalid type in auth xform"); + return -EINVAL; + } + + if (aead_xfrm != NULL && aead_xfrm->type != RTE_CRYPTO_SYM_XFORM_AEAD) { + plt_dp_err("Invalid type in AEAD xform"); + return -EINVAL; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->auth.algo == RTE_CRYPTO_AUTH_SHA1) + if ((c_xfrm == NULL || c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL) && + a_xfrm != NULL && a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL && + a_xfrm->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) { + plt_dp_err("Null cipher + null auth verify is not supported"); return -ENOTSUP; + } + + /* Cipher only */ + if (c_xfrm != NULL && + (a_xfrm == NULL || a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL)) { + if (fill_sess_cipher(c_xfrm, sess)) + return -ENOTSUP; + else + return 0; + } + + /* Auth only */ + if (a_xfrm != NULL && + (c_xfrm == NULL || c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL)) { + if (fill_sess_auth(a_xfrm, sess)) + return -ENOTSUP; + else + return 0; + } + + /* AEAD */ + if (aead_xfrm != NULL) { + if (fill_sess_aead(aead_xfrm, sess)) + return -ENOTSUP; + else + return 0; + } + + /* Chained ops */ + if (c_xfrm == NULL || a_xfrm == NULL) { + plt_dp_err("Invalid xforms"); + return -EINVAL; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.algo == RTE_CRYPTO_AUTH_SHA1 && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC) + if (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC && + a_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA1) { + plt_dp_err("3DES-CBC + SHA1 is not supported"); return -ENOTSUP; + } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) - return CNXK_CPT_CIPHER_ENC_AUTH_GEN; - - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) - return CNXK_CPT_AUTH_VRFY_CIPHER_DEC; - - if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { - switch (xform->auth.algo) { - case RTE_CRYPTO_AUTH_SHA1_HMAC: - switch (xform->next->cipher.algo) { - case RTE_CRYPTO_CIPHER_AES_CBC: - return CNXK_CPT_AUTH_GEN_CIPHER_ENC; - default: - return -ENOTSUP; - } - default: + /* Cipher then auth */ + if (ciph_then_auth) { + if (fill_sess_cipher(c_xfrm, sess)) return -ENOTSUP; - } + if (fill_sess_auth(a_xfrm, sess)) + return -ENOTSUP; + else + return 0; } - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) { - switch (xform->cipher.algo) { - case RTE_CRYPTO_CIPHER_AES_CBC: - switch (xform->next->auth.algo) { - case RTE_CRYPTO_AUTH_SHA1_HMAC: - return CNXK_CPT_CIPHER_DEC_AUTH_VRFY; + /* else */ + + if (c_xfrm->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + switch (a_xfrm->auth.algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + switch (c_xfrm->cipher.algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + break; default: return -ENOTSUP; } + break; default: return -ENOTSUP; } } - return -ENOTSUP; + if (fill_sess_auth(a_xfrm, sess)) + return -ENOTSUP; + if (fill_sess_cipher(c_xfrm, sess)) + return -ENOTSUP; + else + return 0; } static uint64_t @@ -524,10 +561,6 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, void *priv; int ret; - ret = sym_xform_verify(xform); - if (unlikely(ret < 0)) - return ret; - if (unlikely(rte_mempool_get(pool, &priv))) { plt_dp_err("Could not allocate session private data"); return -ENOMEM; @@ -537,37 +570,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, sess_priv = priv; - switch (ret) { - case CNXK_CPT_CIPHER: - ret = fill_sess_cipher(xform, sess_priv); - break; - case CNXK_CPT_AUTH: - if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) - ret = fill_sess_gmac(xform, sess_priv); - else - ret = fill_sess_auth(xform, sess_priv); - break; - case CNXK_CPT_AEAD: - ret = fill_sess_aead(xform, sess_priv); - break; - case CNXK_CPT_CIPHER_ENC_AUTH_GEN: - case CNXK_CPT_CIPHER_DEC_AUTH_VRFY: - ret = fill_sess_cipher(xform, sess_priv); - if (ret < 0) - break; - ret = fill_sess_auth(xform->next, sess_priv); - break; - case CNXK_CPT_AUTH_VRFY_CIPHER_DEC: - case CNXK_CPT_AUTH_GEN_CIPHER_ENC: - ret = fill_sess_auth(xform, sess_priv); - if (ret < 0) - break; - ret = fill_sess_cipher(xform->next, sess_priv); - break; - default: - ret = -1; - } - + ret = cnxk_sess_fill(xform, sess_priv); if (ret) goto priv_put; @@ -592,7 +595,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id, priv_put: rte_mempool_put(pool, priv); - return -ENOTSUP; + return ret; } int diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h index 0d36365..ca363bb 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h @@ -30,16 +30,6 @@ struct cpt_qp_meta_info { int mlen; }; -enum sym_xform_type { - CNXK_CPT_CIPHER = 1, - CNXK_CPT_AUTH, - CNXK_CPT_AEAD, - CNXK_CPT_CIPHER_ENC_AUTH_GEN, - CNXK_CPT_AUTH_VRFY_CIPHER_DEC, - CNXK_CPT_AUTH_GEN_CIPHER_ENC, - CNXK_CPT_CIPHER_DEC_AUTH_VRFY -}; - #define CPT_OP_FLAGS_METABUF (1 << 1) #define CPT_OP_FLAGS_AUTH_VERIFY (1 << 0) #define CPT_OP_FLAGS_IPSEC_DIR_INBOUND (1 << 2) diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index 37237de..a8cd2c5 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -36,6 +36,9 @@ struct cnxk_se_sess { struct roc_se_ctx roc_se_ctx; } __rte_cache_aligned; +static __rte_always_inline int +fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess); + static inline void cpt_pack_iv(uint8_t *iv_src, uint8_t *iv_dst) { @@ -1808,6 +1811,9 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess) roc_se_auth_type auth_type = 0; /* NULL Auth type */ uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0; + if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) + return fill_sess_gmac(xform, sess); + if (xform->next != NULL && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {