From patchwork Fri Dec 17 09:19:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 105210 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2F20DA0352; Fri, 17 Dec 2021 10:21:19 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8014741142; Fri, 17 Dec 2021 10:21:00 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CAB884113D for ; Fri, 17 Dec 2021 10:20:58 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1BH2YRrw014938 for ; Fri, 17 Dec 2021 01:20:58 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=hFRU9uGReaCSleoUtV9VgPXn7pJOUCpkGQy9cqO/XyM=; b=BR+a2aanmgmcg2eHSVZfcioUsj1dhZfFgb4ZKJqgtwuZG6kgJYuC5U4b0kfpAxK4+rF2 CTYicJxgoSWnYw1xU6iaebmNZJcMI4/n2d9FnQGoBWv4Mn/8tg9dKYy3C4AeEUzo6Kvp udnw/RAI5mSXBlJc5H/deTQs3nUHzrQKcGZyPG2WsqpLGhs2/tf3bTMIsTQOYDSeQS0e yjBaQpRfgibdTYxyNPb5wXj3CEzGX/ncZNitthO+DClYbzC1gzb3DAQKzyajLUcavYms lz+UOKvmN0DPUuM9tDZbPrLOmP4IxjNzwiUn51p/h0U/vGIHZkFSRbV77/3F1jTf4HjI sQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3d0b372tc5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Fri, 17 Dec 2021 01:20:58 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 17 Dec 2021 01:20:56 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 17 Dec 2021 01:20:55 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 9CA413F70A5; Fri, 17 Dec 2021 01:20:53 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Tejasree Kondoj , Archana Muniganti , Subject: [PATCH v3 08/29] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Date: Fri, 17 Dec 2021 14:49:50 +0530 Message-ID: <1639732811-1440-9-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1639732811-1440-1-git-send-email-anoobj@marvell.com> References: <1639676975-1316-1-git-send-email-anoobj@marvell.com> <1639732811-1440-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: a3GHfm3VE4QrXBhzs8R-PzkIICUHIPYX X-Proofpoint-GUID: a3GHfm3VE4QrXBhzs8R-PzkIICUHIPYX X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-17_03,2021-12-16_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Tejasree Kondoj Adding AES-CBC-HMAC-SHA256 support to lookaside IPsec PMD. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 39 +++++++++++++++++++---- doc/guides/rel_notes/release_22_03.rst | 4 +++ drivers/common/cnxk/cnxk_security.c | 14 ++++++++ drivers/crypto/cnxk/cn10k_ipsec.c | 3 ++ drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20 ++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 3 +- 6 files changed, 75 insertions(+), 8 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 23cc823..8c4c4ea 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -246,14 +246,27 @@ CN9XX Features supported * IPv4 * IPv6 * ESP +* ESN +* Anti-replay * Tunnel mode * Transport mode(IPv4) * UDP Encapsulation + +AEAD algorithms ++++++++++++++++ + * AES-128/192/256-GCM -* AES-128/192/256-CBC-SHA1-HMAC -* AES-128/192/256-CBC-SHA256-128-HMAC -* ESN -* Anti-replay + +Cipher algorithms ++++++++++++++++++ + +* AES-128/192/256-CBC + +Auth algorithms ++++++++++++++++ + +* SHA1-HMAC +* SHA256-128-HMAC CN10XX Features supported ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -263,6 +276,20 @@ CN10XX Features supported * Tunnel mode * Transport mode * UDP Encapsulation + +AEAD algorithms ++++++++++++++++ + * AES-128/192/256-GCM -* AES-128/192/256-CBC-NULL -* AES-128/192/256-CBC-SHA1-HMAC + +Cipher algorithms ++++++++++++++++++ + +* AES-128/192/256-CBC + +Auth algorithms ++++++++++++++++ + +* NULL +* SHA1-HMAC +* SHA256-128-HMAC diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst index 6d99d1e..1639b0e 100644 --- a/doc/guides/rel_notes/release_22_03.rst +++ b/doc/guides/rel_notes/release_22_03.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated Marvell cnxk crypto PMD.** + + * Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K. + Removed Items ------------- diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index 787138b..f39bc1e 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -32,6 +32,10 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]); break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); + roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]); + break; default: break; } @@ -129,6 +133,16 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, i++) tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256; + ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); + + tmp_key = (uint64_t *)hmac_opad_ipad; + for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / + sizeof(uint64_t)); + i++) + tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); + break; default: return -ENOTSUP; } diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 27df1dc..93eab1b 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -65,6 +65,9 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { sa->iv_offset = crypto_xfrm->aead.iv.offset; sa->iv_length = crypto_xfrm->aead.iv.length; + } else { + sa->iv_offset = crypto_xfrm->cipher.iv.offset; + sa->iv_length = crypto_xfrm->cipher.iv.length; } } #else diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 59b63ed..7d22626 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -797,6 +797,26 @@ static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = { }, } }, } }, + { /* SHA256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 1024, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, }; static const struct rte_security_capability sec_caps_templ[] = { diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index dddb414..f4a1012 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -46,8 +46,7 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { if (keylen >= 20 && keylen <= 64) return 0; - } else if (roc_model_is_cn9k() && - (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) { + } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) { if (keylen >= 32 && keylen <= 64) return 0; }