From patchwork Wed Sep 1 10:19:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97676 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F051AA0C4D; Wed, 1 Sep 2021 11:26:03 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2D71D41144; Wed, 1 Sep 2021 11:25:51 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 8BB2D4111D for ; Wed, 1 Sep 2021 11:25:47 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159puC026653 for ; Wed, 1 Sep 2021 02:25:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Pm+PRteWPjRgUNFZgsMCKc2drPWZvM6tC61Xt/efmW4=; b=FpCODc9bMABN5fpOlH8R58+jRg02GD2p1xlRSXcTdyhjmVhA4q6ZWys5koZXkwZsJfz9 KoWNTeI5tDfjQvzSN1tUGSozAhVXCv7liCdrSNus6XOr1my2htfnGWslHFvO088nK0LQ HIJzPtiGv15GKt6xBsX3VE0h64OSAoWQKEzMN/BL7nP6BgKTJLQZ9wUSlEuFmLlbjHLQ F40XBMdtGf2x/D8L0OZagNEjVumnUWJ3hOfeNJzHz7Taw7c+Pmz+JejHG0Vvkg5ldRHT A1QgNzdNcxvYcvHWxZhjAjRNy0oCRAtI/Bd43CdwJBg+TaMWaO7qT1QCBoQJ0unyRYiP Hw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3at34prygn-9 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:46 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:30 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:30 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 511013F708A; Wed, 1 Sep 2021 02:25:27 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:23 +0530 Message-ID: <20210901101930.29333-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: xlGV5rWjFVgqTCzwNNlrnawVkHrxwGAd X-Proofpoint-GUID: xlGV5rWjFVgqTCzwNNlrnawVkHrxwGAd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 1/8] common/cnxk: add hash generation APIs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding functions for hash generation that can be used in hmac opad/ipad calculation. Signed-off-by: Tejasree Kondoj --- drivers/common/cnxk/meson.build | 1 + drivers/common/cnxk/roc_api.h | 3 + drivers/common/cnxk/roc_hash.c | 275 ++++++++++++++++++++++++++++++++ drivers/common/cnxk/roc_hash.h | 16 ++ drivers/common/cnxk/version.map | 3 + 5 files changed, 298 insertions(+) create mode 100644 drivers/common/cnxk/roc_hash.c create mode 100644 drivers/common/cnxk/roc_hash.h diff --git a/drivers/common/cnxk/meson.build b/drivers/common/cnxk/meson.build index 6a7849f31c..8a551d15d6 100644 --- a/drivers/common/cnxk/meson.build +++ b/drivers/common/cnxk/meson.build @@ -19,6 +19,7 @@ sources = files( 'roc_cpt.c', 'roc_cpt_debug.c', 'roc_dev.c', + 'roc_hash.c', 'roc_idev.c', 'roc_irq.c', 'roc_mbox.c', diff --git a/drivers/common/cnxk/roc_api.h b/drivers/common/cnxk/roc_api.h index 52cb2f2d79..9c06cfee9a 100644 --- a/drivers/common/cnxk/roc_api.h +++ b/drivers/common/cnxk/roc_api.h @@ -125,4 +125,7 @@ #include "roc_ie_ot.h" #include "roc_se.h" +/* HASH computation */ +#include "roc_hash.h" + #endif /* _ROC_API_H_ */ diff --git a/drivers/common/cnxk/roc_hash.c b/drivers/common/cnxk/roc_hash.c new file mode 100644 index 0000000000..092286e41e --- /dev/null +++ b/drivers/common/cnxk/roc_hash.c @@ -0,0 +1,275 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2021 Marvell. + */ + +#include "roc_api.h" + +#define lrot32(bits, word) (((word) << (bits)) | ((word) >> (32 - (bits)))) +#define rrot32(bits, word) lrot32(32 - (bits), word) +#define lrot64(bits, word) (((word) << (bits)) | ((word) >> (64 - (bits)))) +#define rrot64(bits, word) lrot64(64 - (bits), word) + +/* + * Compute a partial hash with the assumption that msg is the first block. + * Based on implementation from RFC 3174 + */ +void +roc_hash_sha1_gen(uint8_t *msg, uint32_t *hash) +{ + const uint32_t _K[] = {/* Round Constants defined in SHA-1 */ + 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6}; + + const uint32_t _H[] = {/* Initial Hash constants defined in SHA-1 */ + 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, + 0xC3D2E1F0}; + int i; + uint32_t temp; /* Temporary word value */ + uint32_t W[80]; /* Word sequence */ + uint32_t A, B, C, D, E; /* Word buffers */ + + /* Initialize the first 16 words in the array W */ + memcpy(&W[0], msg, 16 * sizeof(W[0])); + + for (i = 0; i < 16; i++) + W[i] = htobe32(W[i]); + + for (i = 16; i < 80; i++) + W[i] = lrot32(1, W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16]); + + A = _H[0]; + B = _H[1]; + C = _H[2]; + D = _H[3]; + E = _H[4]; + + for (i = 0; i < 80; i++) { + if (i >= 0 && i <= 19) + temp = ((B & C) | ((~B) & D)) + _K[0]; + else if (i >= 20 && i <= 39) + temp = (B ^ C ^ D) + _K[1]; + else if (i >= 40 && i <= 59) + temp = ((B & C) | (B & D) | (C & D)) + _K[2]; + else if (i >= 60 && i <= 79) + temp = (B ^ C ^ D) + _K[3]; + + temp = lrot32(5, A) + temp + E + W[i]; + E = D; + D = C; + C = lrot32(30, B); + B = A; + A = temp; + } + + A += _H[0]; + B += _H[1]; + C += _H[2]; + D += _H[3]; + E += _H[4]; + hash[0] = htobe32(A); + hash[1] = htobe32(B); + hash[2] = htobe32(C); + hash[3] = htobe32(D); + hash[4] = htobe32(E); +} + +/* + * Compute a partial hash with the assumption that msg is the first block. + * Based on implementation from RFC 3174 + */ +void +roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash) +{ + const uint32_t _K[] = { + /* Round Constants defined in SHA-256 */ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, + 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, + 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, + 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, + 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, + 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, + 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, + 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, + 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, + 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; + + const uint32_t _H[] = {/* Initial Hash constants defined in SHA-256 */ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; + int i; + uint32_t temp[4], S0, S1; /* Temporary word value */ + uint32_t W[64]; /* Word sequence */ + uint32_t A, B, C, D, E, F, G, H; /* Word buffers */ + + /* Initialize the first 16 words in the array W */ + memcpy(&W[0], msg, 16 * sizeof(W[0])); + + for (i = 0; i < 16; i++) + W[i] = htobe32(W[i]); + + for (i = 16; i < 64; i++) { + S0 = rrot32(7, W[i - 15]) ^ rrot32(18, W[i - 15]) ^ + (W[i - 15] >> 3); + S1 = rrot32(17, W[i - 2]) ^ rrot32(19, W[i - 2]) ^ + (W[i - 2] >> 10); + W[i] = W[i - 16] + S0 + W[i - 7] + S1; + } + + A = _H[0]; + B = _H[1]; + C = _H[2]; + D = _H[3]; + E = _H[4]; + F = _H[5]; + G = _H[6]; + H = _H[7]; + + for (i = 0; i < 64; i++) { + S1 = rrot32(6, E) ^ rrot32(11, E) ^ rrot32(25, E); + temp[0] = (E & F) ^ ((~E) & G); + temp[1] = H + S1 + temp[0] + _K[i] + W[i]; + S0 = rrot32(2, A) ^ rrot32(13, A) ^ rrot32(22, A); + temp[2] = (A & B) ^ (A & C) ^ (B & C); + temp[3] = S0 + temp[2]; + + H = G; + G = F; + F = E; + E = D + temp[1]; + D = C; + C = B; + B = A; + A = temp[1] + temp[3]; + } + + A += _H[0]; + B += _H[1]; + C += _H[2]; + D += _H[3]; + E += _H[4]; + F += _H[5]; + G += _H[6]; + H += _H[7]; + hash[0] = htobe32(A); + hash[1] = htobe32(B); + hash[2] = htobe32(C); + hash[3] = htobe32(D); + hash[4] = htobe32(E); + hash[5] = htobe32(F); + hash[6] = htobe32(G); + hash[7] = htobe32(H); +} + +/* + * Compute a partial hash with the assumption that msg is the first block. + * Based on implementation from RFC 3174 + */ +void +roc_hash_sha512_gen(uint8_t *msg, uint64_t *hash, int hash_size) +{ + const uint64_t _K[] = { + /* Round Constants defined in SHA-512 */ + 0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, + 0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019, + 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242, + 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, + 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, + 0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, + 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275, + 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, + 0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, + 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725, + 0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc, + 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df, + 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, + 0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001, + 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218, + 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, + 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, + 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, + 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc, + 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec, + 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, + 0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207, + 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba, + 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b, + 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, + 0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, + 0x5fcb6fab3ad6faec, 0x6c44198c4a475817}; + + const uint64_t _H384[] = {/* Initial Hash constants defined in SHA384 */ + 0xcbbb9d5dc1059ed8, 0x629a292a367cd507, + 0x9159015a3070dd17, 0x152fecd8f70e5939, + 0x67332667ffc00b31, 0x8eb44a8768581511, + 0xdb0c2e0d64f98fa7, 0x47b5481dbefa4fa4}; + const uint64_t _H512[] = {/* Initial Hash constants defined in SHA512 */ + 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, + 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1, + 0x510e527fade682d1, 0x9b05688c2b3e6c1f, + 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}; + int i; + uint64_t temp[4], S0, S1; /* Temporary word value */ + uint64_t W[80]; /* Word sequence */ + uint64_t A, B, C, D, E, F, G, H; /* Word buffers */ + const uint64_t *_H = (hash_size == 384) ? _H384 : _H512; + + /* Initialize the first 16 words in the array W */ + memcpy(&W[0], msg, 16 * sizeof(W[0])); + + for (i = 0; i < 16; i++) + W[i] = htobe64(W[i]); + + for (i = 16; i < 80; i++) { + S0 = rrot64(1, W[i - 15]) ^ rrot64(8, W[i - 15]) ^ + (W[i - 15] >> 7); + S1 = rrot64(19, W[i - 2]) ^ rrot64(61, W[i - 2]) ^ + (W[i - 2] >> 6); + W[i] = W[i - 16] + S0 + W[i - 7] + S1; + } + + A = _H[0]; + B = _H[1]; + C = _H[2]; + D = _H[3]; + E = _H[4]; + F = _H[5]; + G = _H[6]; + H = _H[7]; + + for (i = 0; i < 80; i++) { + S1 = rrot64(14, E) ^ rrot64(18, E) ^ rrot64(41, E); + temp[0] = (E & F) ^ ((~E) & G); + temp[1] = H + S1 + temp[0] + _K[i] + W[i]; + S0 = rrot64(28, A) ^ rrot64(34, A) ^ rrot64(39, A); + temp[2] = (A & B) ^ (A & C) ^ (B & C); + temp[3] = S0 + temp[2]; + + H = G; + G = F; + F = E; + E = D + temp[1]; + D = C; + C = B; + B = A; + A = temp[1] + temp[3]; + } + + A += _H[0]; + B += _H[1]; + C += _H[2]; + D += _H[3]; + E += _H[4]; + F += _H[5]; + G += _H[6]; + H += _H[7]; + hash[0] = htobe64(A); + hash[1] = htobe64(B); + hash[2] = htobe64(C); + hash[3] = htobe64(D); + hash[4] = htobe64(E); + hash[5] = htobe64(F); + hash[6] = htobe64(G); + hash[7] = htobe64(H); +} diff --git a/drivers/common/cnxk/roc_hash.h b/drivers/common/cnxk/roc_hash.h new file mode 100644 index 0000000000..1bc9222445 --- /dev/null +++ b/drivers/common/cnxk/roc_hash.h @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2021 Marvell. + */ + +#ifndef _ROC_HASH_H_ +#define _ROC_HASH_H_ + +/* + * Compute a partial hash with the assumption that msg is the first block. + * Based on implementation from RFC 3174 + */ +void __roc_api roc_hash_sha1_gen(uint8_t *msg, uint32_t *hash); +void __roc_api roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash); +void __roc_api roc_hash_sha512_gen(uint8_t *msg, uint64_t *hash, int hash_size); + +#endif /* _ROC_HASH_H_ */ diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map index 2cbcc4b93a..34a844bfe8 100644 --- a/drivers/common/cnxk/version.map +++ b/drivers/common/cnxk/version.map @@ -64,6 +64,9 @@ INTERNAL { roc_cpt_lmtline_init; roc_cpt_rxc_time_cfg; roc_error_msg_get; + roc_hash_sha1_gen; + roc_hash_sha256_gen; + roc_hash_sha512_gen; roc_idev_cpt_get; roc_idev_cpt_set; roc_idev_lmt_base_addr_get; From patchwork Wed Sep 1 10:19:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97677 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A7161A0C4D; Wed, 1 Sep 2021 11:26:10 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 508304114A; Wed, 1 Sep 2021 11:25:52 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 185B74013F for ; Wed, 1 Sep 2021 11:25:47 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159puE026653 for ; Wed, 1 Sep 2021 02:25:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=oriO321/StxWoWhGQWnGK/qhhAhhG6k0YNyW+/Jw8k0=; b=UuMf4zL+/h36eKnqfw5mQdk53Xc87NSfY7M4IoCVvuRmv4BVwa7jgV3y5dod3KbjzG9e TLaDS8BRvUNIEkkAux3oXTvszFhGEGWkybdYZ7B+un2PL9Nd9Rmi8Hx8RaNr7WGls/Xc i1epmKX3xAyK2GHiOVnQbEuemU5/orSJRLgjNkV5M6WulMvTOqcKE0RVRtMnhUpYHnYc drrSlthRdvVh9Dk5qujnPQSUXNqxeZxpeIBgAPrhGcpLa244kvkiIjghRWWtFp64P9px fwzuJnqUESKNwj+4IHzCnTbybR1gLjhA8TGHJizE5iqgG85GLosLgINSXhG3HGc87msM xw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3at34prygn-11 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:47 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:33 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:33 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 703AD3F708C; Wed, 1 Sep 2021 02:25:30 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:24 +0530 Message-ID: <20210901101930.29333-3-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 3gHC4JuhCHCCuUiVNJPvIDkfSLjJx51p X-Proofpoint-GUID: 3gHC4JuhCHCCuUiVNJPvIDkfSLjJx51p X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 2/8] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA1 support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding lookaside IPsec AES-CBC-HMAC-SHA1 support to cnxk driver. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/rel_notes/release_21_11.rst | 4 ++ drivers/common/cnxk/cnxk_security.c | 68 ++++++++++++++++++- drivers/crypto/cnxk/cn10k_ipsec.c | 63 ++++++++++++++++- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 44 ++++++++++++ 5 files changed, 176 insertions(+), 4 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 98c7118d68..a40295c087 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -231,6 +231,7 @@ Features supported * ESP * Tunnel mode * AES-128/192/256-GCM +* AES-128/192/256-CBC-SHA1-HMAC Limitations ----------- diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index d707a554ef..130d676a11 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated Marvell cn10k_crypto PMD.** + + * Added aes-cbc sha1-hmac in lookaside protocol (IPsec). + Removed Items ------------- diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index 6c6728f570..fe64e70c81 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -6,12 +6,43 @@ #include "cnxk_security.h" +static void +ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, + uint8_t *hmac_opad_ipad) +{ + const uint8_t *key = auth_xform->auth.key.data; + uint32_t length = auth_xform->auth.key.length; + uint8_t opad[128] = {[0 ... 127] = 0x5c}; + uint8_t ipad[128] = {[0 ... 127] = 0x36}; + uint32_t i; + + /* HMAC OPAD and IPAD */ + for (i = 0; i < 127 && i < length; i++) { + opad[i] = opad[i] ^ key[i]; + ipad[i] = ipad[i] ^ key[i]; + } + + /* Precompute hash of HMAC OPAD and IPAD to avoid + * per packet computation + */ + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]); + roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]); + break; + default: + break; + } +} + static int ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, uint8_t *cipher_key, uint8_t *salt_key, + uint8_t *hmac_opad_ipad, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm) { + struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm; const uint8_t *key; uint32_t *tmp_salt; uint64_t *tmp_key; @@ -21,9 +52,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, switch (ipsec_xfrm->direction) { case RTE_SECURITY_IPSEC_SA_DIR_INGRESS: w2->s.dir = ROC_IE_OT_SA_DIR_INBOUND; + auth_xfrm = crypto_xfrm; + cipher_xfrm = crypto_xfrm->next; break; case RTE_SECURITY_IPSEC_SA_DIR_EGRESS: w2->s.dir = ROC_IE_OT_SA_DIR_OUTBOUND; + cipher_xfrm = crypto_xfrm; + auth_xfrm = crypto_xfrm->next; break; default: return -EINVAL; @@ -70,7 +105,32 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, return -ENOTSUP; } } else { - return -ENOTSUP; + switch (cipher_xfrm->cipher.algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC; + break; + default: + return -ENOTSUP; + } + + switch (auth_xfrm->auth.algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1; + break; + default: + return -ENOTSUP; + } + + key = cipher_xfrm->cipher.key.data; + length = cipher_xfrm->cipher.key.length; + + ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); + + tmp_key = (uint64_t *)hmac_opad_ipad; + for (i = 0; + i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); + i++) + tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); } /* Set encapsulation type */ @@ -129,7 +189,8 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa, w2.u64 = 0; rc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->w8.s.salt, - ipsec_xfrm, crypto_xfrm); + sa->hmac_opad_ipad, ipsec_xfrm, + crypto_xfrm); if (rc) return rc; @@ -196,7 +257,8 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa, w2.u64 = 0; rc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->iv.s.salt, - ipsec_xfrm, crypto_xfrm); + sa->hmac_opad_ipad, ipsec_xfrm, + crypto_xfrm); if (rc) return rc; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 1d567bf188..408a682b21 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -17,6 +17,37 @@ #include "roc_api.h" +static int +ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *xform) +{ + if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + switch (xform->cipher.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -ENOTSUP; + } + return 0; + } + + return -ENOTSUP; +} + +static int +ipsec_xform_auth_verify(struct rte_crypto_sym_xform *xform) +{ + uint16_t keylen = xform->auth.key.length; + + if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + if (keylen >= 20 && keylen <= 64) + return 0; + } + + return -ENOTSUP; +} + static int ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm) @@ -48,6 +79,9 @@ static int cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm) { + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + int ret; + if ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) return -EINVAL; @@ -67,7 +101,34 @@ cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm, if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) return ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm); - return -ENOTSUP; + if (crypto_xfrm->next == NULL) + return -EINVAL; + + if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH || + crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) + return -EINVAL; + auth_xform = crypto_xfrm; + cipher_xform = crypto_xfrm->next; + } else { + /* Egress */ + if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER || + crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + cipher_xform = crypto_xfrm; + auth_xform = crypto_xfrm->next; + } + + ret = ipsec_xform_cipher_verify(cipher_xform); + if (ret) + return ret; + + ret = ipsec_xform_auth_verify(auth_xform); + if (ret) + return ret; + + return 0; } static uint64_t diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index ab37f9c43b..47274b2c24 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -754,6 +754,49 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = { }, } }, } }, + { /* AES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, +}; + +static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = { + { /* SHA1 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .block_size = 64, + .key_size = { + .min = 20, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 12, + .max = 12, + .increment = 0 + }, + }, } + }, } + }, }; static const struct rte_security_capability sec_caps_templ[] = { @@ -839,6 +882,7 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], int cur_pos = 0; SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes); + SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2); sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); } From patchwork Wed Sep 1 10:19:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97678 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C7F71A0C4D; Wed, 1 Sep 2021 11:26:16 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7C28D4114F; Wed, 1 Sep 2021 11:25:53 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 51A874111D for ; Wed, 1 Sep 2021 11:25:48 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159puF026653 for ; Wed, 1 Sep 2021 02:25:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=eSkurbTdT1a01c32PjhFv/LO+Gwf0X2hD93zz5c5UEo=; b=dig5gv9nk9zRCo8ZTjBXZEi0PNtC/qOv1Mo1SmwYhocz7xv52Fc1Wk1tKtixe7KF4Mof gV1exIr7QJEGnQN7CUVs5goUfx8IAWUhc8WCaa11qxeczTeHlh6Nx4AQoigL9tMMBQLC xPQX48ZVt48PX6YElxubQoJ45W6RUqZJyXmA5v29H61I9S5QxKI0s8bghFaBx17Zg3k1 PwiFaOCgzrAbEDbAcGVnGDFu6gwJOwCknmu+stt6IHdK+DFZkHa5IrCdKg8ByQ3hzdyK N5wL3DC7qVSQZYcFEGyTW96AnWB0h+8s9mK3vzlt1aTQyswHR05Hm7DXjGyvisWbpaED IA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3at34prygn-12 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:47 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:36 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:36 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id AE8A73F7088; Wed, 1 Sep 2021 02:25:33 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:25 +0530 Message-ID: <20210901101930.29333-4-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: yR_aBCphuxlO0umNgLCtEVJpnFIBae0B X-Proofpoint-GUID: yR_aBCphuxlO0umNgLCtEVJpnFIBae0B X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 3/8] crypto/cnxk: remove redundant code X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Removing redundant code in cn10k lookaside IPsec. Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_ipsec.c | 5 ----- drivers/crypto/cnxk/cn10k_ipsec.h | 2 -- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 2 -- 3 files changed, 9 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 408a682b21..944e0a7e3b 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -270,9 +270,6 @@ cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) return -EINVAL; - if (rte_security_dynfield_register() < 0) - return -ENOTSUP; - if (rte_mempool_get(mempool, (void **)&priv)) { plt_err("Could not allocate security session private data"); return -ENOMEM; @@ -280,8 +277,6 @@ cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, set_sec_session_private_data(sess, priv); - priv->userdata = conf->userdata; - if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { ret = -ENOTSUP; goto mempool_put; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index 668282f7aa..c30492e149 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -27,8 +27,6 @@ struct cn10k_ipsec_sa { struct cn10k_sec_session { struct cn10k_ipsec_sa sa; - void *userdata; - /**< Userdata registered by the application */ } __rte_cache_aligned; void cn10k_sec_ops_override(void); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 47274b2c24..9430ca5d00 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -810,7 +810,6 @@ static const struct rte_security_capability sec_caps_templ[] = { .options = { 0 } }, .crypto_capabilities = NULL, - .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA }, { /* IPsec Lookaside Protocol ESP Tunnel Egress */ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, @@ -822,7 +821,6 @@ static const struct rte_security_capability sec_caps_templ[] = { .options = { 0 } }, .crypto_capabilities = NULL, - .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA }, { .action = RTE_SECURITY_ACTION_TYPE_NONE From patchwork Wed Sep 1 10:19:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97673 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E707CA0C4D; Wed, 1 Sep 2021 11:25:44 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6645440140; Wed, 1 Sep 2021 11:25:44 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9044F4013F for ; Wed, 1 Sep 2021 11:25:42 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1819LhSr017266 for ; Wed, 1 Sep 2021 02:25:41 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=BvVBskFpXqL3N3xVEd19mNQv3g19pam59TQnzbhbIQ4=; b=WvAQwqDZw4s3Gl/3xgGPrNO++btPMrYHqiszCKLFsRDbOSlfIo5icl927TBanQY30dpI TZQ1HoL02f//4Ly+LPlRuGbbsQFkMlAf7ET0L1X6ru56z2CA9zqsJBL0UZxgC1PKEg++ dj0DcYEafojKZqC7wkApPl/1f36FPx6ngeeCmtDBbpaZG5YrlwJ7MXNDp3PFvV2PSetu exmiqNr48Kxoj386N41Q+rfJpEdMYyTzVs1WKgD0KOhb4AVs8C31Psdg9GniH9JLfjV4 AlWmh/BFdZ4NPuELk5PqyNKDDPrgo7aNqEyHFWtUZ4kw2nvqXg7djml1Uhr5umE5lV6s GQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3at0ax9fd5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:41 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:39 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:39 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id D36A13F708E; Wed, 1 Sep 2021 02:25:36 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:26 +0530 Message-ID: <20210901101930.29333-5-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 4sUoHypAZLqSY1koBaR21F7ISBnRZdzU X-Proofpoint-ORIG-GUID: 4sUoHypAZLqSY1koBaR21F7ISBnRZdzU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 4/8] crypto/cnxk: use rlen from CPT result with lookaside X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Use rlen from CPT result with lookaside operations Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 40 ++++++----------------- drivers/crypto/cnxk/cn10k_ipsec.c | 4 +-- drivers/crypto/cnxk/cn10k_ipsec.h | 4 +-- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 28 ++-------------- 4 files changed, 15 insertions(+), 61 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 15f66c2515..780a321cf7 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -48,7 +48,7 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) static __rte_always_inline int __rte_hot cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess, - struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) + struct cpt_inst_s *inst) { struct rte_crypto_sym_op *sym_op = op->sym; union roc_ot_ipsec_sa_word2 *w2; @@ -70,10 +70,8 @@ cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess, if (w2->s.dir == ROC_IE_OT_SA_DIR_OUTBOUND) ret = process_outb_sa(op, sa, inst); - else { - infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND; + else ret = process_inb_sa(op, sa, inst); - } return ret; } @@ -122,8 +120,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { sec_sess = get_sec_session_private_data( sym_op->sec_session); - ret = cpt_sec_inst_fill(op, sec_sess, infl_req, - &inst[0]); + ret = cpt_sec_inst_fill(op, sec_sess, &inst[0]); if (unlikely(ret)) return 0; w7 = sec_sess->sa.inst.w7; @@ -334,30 +331,13 @@ cn10k_cpt_crypto_adapter_enqueue(uintptr_t tag_op, struct rte_crypto_op *op) static inline void cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, - struct cpt_inflight_req *infl_req) + struct cpt_cn10k_res_s *res) { - struct rte_crypto_sym_op *sym_op = cop->sym; - struct rte_mbuf *m = sym_op->m_src; - struct rte_ipv6_hdr *ip6; - struct rte_ipv4_hdr *ip; - uint16_t m_len; - - if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) { - ip = (struct rte_ipv4_hdr *)rte_pktmbuf_mtod(m, char *); - - if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == - IPVERSION) { - m_len = rte_be_to_cpu_16(ip->total_length); - } else { - PLT_ASSERT(((ip->version_ihl & 0xf0) >> - RTE_IPV4_IHL_MULTIPLIER) == 6); - ip6 = (struct rte_ipv6_hdr *)ip; - m_len = rte_be_to_cpu_16(ip6->payload_len) + - sizeof(struct rte_ipv6_hdr); - } - m->data_len = m_len; - m->pkt_len = m_len; - } + struct rte_mbuf *m = cop->sym->m_src; + const uint16_t m_len = res->rlen; + + m->data_len = m_len; + m->pkt_len = m_len; } static inline void @@ -385,7 +365,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - cn10k_cpt_sec_post_process(cop, infl_req); + cn10k_cpt_sec_post_process(cop, res); return; } diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 944e0a7e3b..98110872a3 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -176,9 +176,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, if (ret) return ret; - sa->partial_len = rlens.partial_len; - sa->roundup_byte = rlens.roundup_byte; - sa->roundup_len = rlens.roundup_len; + sa->max_extended_len = rlens.max_extended_len; /* pre-populate CPT INST word 4 */ inst_w4.u64 = 0; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index c30492e149..bc52c60179 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -20,9 +20,7 @@ struct cn10k_ipsec_sa { }; /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; - uint8_t partial_len; - uint8_t roundup_len; - uint8_t roundup_byte; + uint16_t max_extended_len; }; struct cn10k_sec_session { diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index 1e9ebb594a..fe91638c99 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -12,40 +12,21 @@ #include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" -static __rte_always_inline int32_t -ipsec_po_out_rlen_get(struct cn10k_ipsec_sa *sess, uint32_t plen) -{ - uint32_t enc_payload_len; - - enc_payload_len = - RTE_ALIGN_CEIL(plen + sess->roundup_len, sess->roundup_byte); - - return sess->partial_len + enc_payload_len; -} - static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst) { struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; - uint32_t dlen, rlen, extend_tail; - char *mdata; - - dlen = rte_pktmbuf_pkt_len(m_src); - rlen = ipsec_po_out_rlen_get(sess, dlen); - extend_tail = rlen - dlen; - - mdata = rte_pktmbuf_append(m_src, extend_tail); - if (unlikely(mdata == NULL)) { + if (unlikely(rte_pktmbuf_tailroom(m_src) < sess->max_extended_len)) { plt_dp_err("Not enough tail room"); return -ENOMEM; } /* Prepare CPT instruction */ inst->w4.u64 = sess->inst.w4; - inst->w4.s.dlen = dlen; + inst->w4.s.dlen = rte_pktmbuf_pkt_len(m_src); inst->dptr = rte_pktmbuf_iova(m_src); inst->rptr = inst->dptr; @@ -58,13 +39,10 @@ process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa, { struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; - uint32_t dlen; - - dlen = rte_pktmbuf_pkt_len(m_src); /* Prepare CPT instruction */ inst->w4.u64 = sa->inst.w4; - inst->w4.s.dlen = dlen; + inst->w4.s.dlen = rte_pktmbuf_pkt_len(m_src); inst->dptr = rte_pktmbuf_iova(m_src); inst->rptr = inst->dptr; From patchwork Wed Sep 1 10:19:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97675 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C48A3A0C4D; Wed, 1 Sep 2021 11:25:55 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A27CC41136; Wed, 1 Sep 2021 11:25:49 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 2EB074013F for ; Wed, 1 Sep 2021 11:25:47 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1819KrmZ015711 for ; Wed, 1 Sep 2021 02:25:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=8xGwZYDqZYxaQeW8NKFqwwp3vNnJp7KYz8ZkLGHwv/U=; b=X7Z+BmaWIu4Fw31qGVm7gq/KigB0GnEnAC4y4BI+z7Zs67u1FJozfDiQ3ItplbHCqGr8 aGc6lWkXVR0kYkAKssjGHkbEO1kwVrFrckWSRt2z/Z98O/3/mlFCEirA0MRWq8oP/EwU YWG8MK8PIsGE/9UYobgKxp7SevdRMTg9Vi/fZuL0/N5Z+ks9hvRuSjRhlYk/bUEJqnh9 +/PyUqAP1X16xDb3XVQEs6FjaNCkHIq3apd76npgX0jHmyYiUniBx61Y65wNO0LyRjBI /hMNmvEgDDkBGzr9Ku2h+NJnGeuOUhhaaHNn/5ssffb5opZ+08G2W07WbdOq168ulzSe KQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3at0ax9fde-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:44 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:42 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:42 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id EC9783F7088; Wed, 1 Sep 2021 02:25:39 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Archana Muniganti , Anoob Joseph , Ankur Dwivedi , Srujana Challa , Nithin Dabilpuram , "Jerin Jacob" , Tejasree Kondoj , Date: Wed, 1 Sep 2021 15:49:27 +0530 Message-ID: <20210901101930.29333-6-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: QkK_H_2tJTCHSrGfgwbj3DT7JhnwO8lt X-Proofpoint-ORIG-GUID: QkK_H_2tJTCHSrGfgwbj3DT7JhnwO8lt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 5/8] crypto/cnxk: make IPsec verify functions common X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Archana Muniganti IPsec verify functions can be made common Signed-off-by: Archana Muniganti --- drivers/crypto/cnxk/cn10k_ipsec.c | 116 +----------------------------- drivers/crypto/cnxk/cnxk_ipsec.h | 113 +++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 115 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 98110872a3..5c57cf2818 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -17,120 +17,6 @@ #include "roc_api.h" -static int -ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *xform) -{ - if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { - switch (xform->cipher.key.length) { - case 16: - case 24: - case 32: - break; - default: - return -ENOTSUP; - } - return 0; - } - - return -ENOTSUP; -} - -static int -ipsec_xform_auth_verify(struct rte_crypto_sym_xform *xform) -{ - uint16_t keylen = xform->auth.key.length; - - if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { - if (keylen >= 20 && keylen <= 64) - return 0; - } - - return -ENOTSUP; -} - -static int -ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm, - struct rte_crypto_sym_xform *crypto_xfrm) -{ - if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && - crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) - return -EINVAL; - - if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && - crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) - return -EINVAL; - - if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { - switch (crypto_xfrm->aead.key.length) { - case ROC_CPT_AES128_KEY_LEN: - case ROC_CPT_AES192_KEY_LEN: - case ROC_CPT_AES256_KEY_LEN: - break; - default: - return -EINVAL; - } - return 0; - } - - return -ENOTSUP; -} - -static int -cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm, - struct rte_crypto_sym_xform *crypto_xfrm) -{ - struct rte_crypto_sym_xform *auth_xform, *cipher_xform; - int ret; - - if ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && - (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) - return -EINVAL; - - if ((ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) && - (ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH)) - return -EINVAL; - - if ((ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) && - (ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) - return -EINVAL; - - if ((ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && - (ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) - return -EINVAL; - - if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) - return ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm); - - if (crypto_xfrm->next == NULL) - return -EINVAL; - - if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { - /* Ingress */ - if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH || - crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) - return -EINVAL; - auth_xform = crypto_xfrm; - cipher_xform = crypto_xfrm->next; - } else { - /* Egress */ - if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER || - crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) - return -EINVAL; - cipher_xform = crypto_xfrm; - auth_xform = crypto_xfrm->next; - } - - ret = ipsec_xform_cipher_verify(cipher_xform); - if (ret) - return ret; - - ret = ipsec_xform_auth_verify(auth_xform); - if (ret) - return ret; - - return 0; -} - static uint64_t ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa) { @@ -245,7 +131,7 @@ cn10k_ipsec_session_create(void *dev, return -EPERM; } - ret = cn10k_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm); + ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm); if (ret) return ret; diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index f6897a0e14..d1eb74ebbe 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -17,4 +17,117 @@ struct cnxk_cpt_inst_tmpl { uint64_t w7; }; +static inline int +ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform) +{ + if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + switch (crypto_xform->cipher.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -ENOTSUP; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) +{ + uint16_t keylen = crypto_xform->auth.key.length; + + if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + if (keylen >= 20 && keylen <= 64) + return 0; + } else if (roc_model_is_cn9k() && + (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) { + if (keylen >= 32 && keylen <= 64) + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xform, + struct rte_crypto_sym_xform *crypto_xform) +{ + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) + return -EINVAL; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) + return -EINVAL; + + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + switch (crypto_xform->aead.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -EINVAL; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform, + struct rte_crypto_sym_xform *crypto_xform) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + int ret; + + if ((ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && + (ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) + return -EINVAL; + + if ((ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) && + (ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH)) + return -EINVAL; + + if ((ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) && + (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) + return -EINVAL; + + if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && + (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) + return -EINVAL; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + return ipsec_xform_aead_verify(ipsec_xform, crypto_xform); + + if (crypto_xform->next == NULL) + return -EINVAL; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH || + crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) + return -EINVAL; + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + } else { + /* Egress */ + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER || + crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + } + + ret = ipsec_xform_cipher_verify(cipher_xform); + if (ret) + return ret; + + return ipsec_xform_auth_verify(auth_xform); +} #endif /* __CNXK_IPSEC_H__ */ From patchwork Wed Sep 1 10:19:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97679 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 63BA0A0C4D; Wed, 1 Sep 2021 11:26:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EE3634111B; Wed, 1 Sep 2021 11:25:54 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 986984013F for ; Wed, 1 Sep 2021 11:25:48 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159puG026653 for ; Wed, 1 Sep 2021 02:25:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=IqcDE3gdrbPDSHDCuxgnmNFzbu+xolm5uQ7N4g9Zps8=; b=EZucqB6HTy7na6t1/y0ozA6qkme24Rm6aULBm0GgkWZHc+p2h1BZ3VoiHanj2v/pITcG 3nCzhpH0oULEUc3SJ5XnNFaKmkCW04LCtZUPNEDE1UUyvHI6E+CP+5aCrBO0iHg5nBot eD3xjSIfdnDfzLLuHPiCtAc+XB68urnYA95d4ynMhliZuFs4BrHrsIhP6SfivEGhtjzz 9t94Y8UcJAWjQpVnIinqDX7kX6lljeta1ytod0N142+tgNhEfL50RFMDf8jwIw9KGLcu yv2senVj0oW4fjJTGe7VCe30vLBobttoK+Kn+ih+wwsNR7JRADa1YRYad/rXY27VVYoH Uw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3at34prygn-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:47 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:45 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:45 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 10BCD3F708A; Wed, 1 Sep 2021 02:25:42 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:28 +0530 Message-ID: <20210901101930.29333-7-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: WDlMpgzhJMY_o7FOszJ1o7vMWVDzcigu X-Proofpoint-GUID: WDlMpgzhJMY_o7FOszJ1o7vMWVDzcigu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 6/8] crypto/cnxk: support cn10k transport mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for cn10k lookaside IPsec transport mode. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++- 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index a40295c087..0dd71135da 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -230,6 +230,7 @@ Features supported * IPv4 * ESP * Tunnel mode +* Transport mode * AES-128/192/256-GCM * AES-128/192/256-CBC-SHA1-HMAC diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 130d676a11..0a024dda8f 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -58,6 +58,7 @@ New Features * **Updated Marvell cn10k_crypto PMD.** * Added aes-cbc sha1-hmac in lookaside protocol (IPsec). + * Added transport mode in lookaside protocol (IPsec). Removed Items diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index b3856f7eaa..8e051fa0fa 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -12,7 +12,7 @@ #define CNXK_CPT_MAX_CAPS 34 #define CNXK_SEC_CRYPTO_MAX_CAPS 4 -#define CNXK_SEC_MAX_CAPS 3 +#define CNXK_SEC_MAX_CAPS 5 #define CNXK_AE_EC_ID_MAX 8 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 9430ca5d00..05bffa9759 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -822,6 +822,28 @@ static const struct rte_security_capability sec_caps_templ[] = { }, .crypto_capabilities = NULL, }, + { /* IPsec Lookaside Protocol ESP Transport Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, + { /* IPsec Lookaside Protocol ESP Transport Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index d1eb74ebbe..ff396179ca 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -98,7 +98,8 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform, (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) return -EINVAL; - if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && + if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) && + (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) return -EINVAL; From patchwork Wed Sep 1 10:19:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97680 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DCD1BA0C4D; Wed, 1 Sep 2021 11:26:29 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1BA494115F; Wed, 1 Sep 2021 11:25:56 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 17DC941135 for ; Wed, 1 Sep 2021 11:25:51 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1819LYmj016704 for ; Wed, 1 Sep 2021 02:25:51 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=ftym7O3BVcohPx3Lo5pIKpluQ4pMQjpkI/vsuDL+caE=; b=iwyeO8pA06UBza1P6fHZNgx9rSQfo4Pzsj80dnkDHat3y4oz9Vk5pq/J9Il4bmo3r7QP RL5/cuuZ/IT5dyPnjj2Q/YXiyXDsUuBugjgBMG9FHQ9nKDjhUt0KpsDiUe4Gh461v2ht XEqyplmqAID2JDCv4x0+HktEFsYF/lyoN+jTppbqmSOXQD2pQTszEvSAIZB59AuqAh+p HRMIvDFBqTFg8dwkExbgyaXYJ5dh4xjN94PP7DeZ2J20V3krmBOLsdjC5UdRHCrulSlP f04fiCY4AjYKd0eptuKS62U44TBUFBnsF8Nru2sZQeU2gx0sB769Xbup2nEwwZeCtUFI rA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3at0ax9fdv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:50 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:49 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:48 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 3216E3F7088; Wed, 1 Sep 2021 02:25:45 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:29 +0530 Message-ID: <20210901101930.29333-8-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: q4tECvJWAiwNpRtAK9gnp2hoRH0LX1Dm X-Proofpoint-ORIG-GUID: q4tECvJWAiwNpRtAK9gnp2hoRH0LX1Dm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 7/8] crypto/cnxk: support UDP encap with lookaside IPsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for UDP encapsulation in lookaside IPsec. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 11 ++++++++++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 0dd71135da..1eb72282db 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -231,6 +231,7 @@ Features supported * ESP * Tunnel mode * Transport mode +* UDP Encapsulation * AES-128/192/256-GCM * AES-128/192/256-CBC-SHA1-HMAC diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 0a024dda8f..70dd1c52f7 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -59,6 +59,7 @@ New Features * Added aes-cbc sha1-hmac in lookaside protocol (IPsec). * Added transport mode in lookaside protocol (IPsec). + * Added UDP encapsulation in lookaside protocol (IPsec). Removed Items diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 05bffa9759..c4f7824332 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -907,6 +907,12 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); } +static void +cnxk_sec_caps_update(struct rte_security_capability *sec_cap) +{ + sec_cap->ipsec.options.udp_encap = 1; +} + void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) { @@ -918,8 +924,11 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps)); memcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ)); - for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++) + for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++) { vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps; + + cnxk_sec_caps_update(&vf->sec_caps[i]); + } } const struct rte_security_capability * From patchwork Wed Sep 1 10:19:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97681 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 59454A0C4D; Wed, 1 Sep 2021 11:26:35 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 318C341164; Wed, 1 Sep 2021 11:25:57 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 5EDDC41153 for ; Wed, 1 Sep 2021 11:25:54 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159o5T026643 for ; Wed, 1 Sep 2021 02:25:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=+xFZ6UE9jbHlQCEP8KUeRBjuJE/tGZMCYUGetnQxsKY=; b=UBhTs53YTPfch95I7zlZnOm42U23OJHMAScW/uWg/4x4txgD1+J59b5+GL+r/3NiO+5Y EpLCbeRzVrzSyW2ydH6MKOgM1tiLlyocfzYIl0cMnIwPecfOgv9l3CYtu8hKRP7//ZyY 9KIODaw/nom8VB6LaF3AtoKUUc0bHkZJ1Jv/j0zZsq/Vc7zjCjbfQPpyzXZgKN9Z5sK+ miq4uF9T0jn24+iICuWz98h6I5flChzGA/2qqxOcmdbi8fQxVN2YNKtOnyUwcjZCvB+E P8a99toJZq/IsWdClhaz1+KJnTXtDIv/2RSZdQu9WH9LcAZKSNcQFI8Qt+6zAxQALrSl SA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3at34prykn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:53 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:52 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:52 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 5C2023F708A; Wed, 1 Sep 2021 02:25:49 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Archana Muniganti , Anoob Joseph , Ankur Dwivedi , Srujana Challa , Nithin Dabilpuram , "Jerin Jacob" , Tejasree Kondoj , Date: Wed, 1 Sep 2021 15:49:30 +0530 Message-ID: <20210901101930.29333-9-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: vMFjEVdBd7i2qZc2itaUsVSQeMijL6Rn X-Proofpoint-GUID: vMFjEVdBd7i2qZc2itaUsVSQeMijL6Rn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 8/8] common/cnxk: make IPsec defines common X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Archana Muniganti Make IPsec defines common and remove redundant macros. Signed-off-by: Archana Muniganti --- drivers/common/cnxk/cnxk_security.c | 24 +++++++++-------- drivers/common/cnxk/roc_api.h | 1 + drivers/common/cnxk/roc_ie.h | 33 ++++++++++++++++------- drivers/common/cnxk/roc_ie_on.h | 26 ------------------ drivers/common/cnxk/roc_ie_ot.h | 26 ------------------ drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 ++- 6 files changed, 41 insertions(+), 73 deletions(-) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index fe64e70c81..4f7fd1b3a0 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -6,6 +6,8 @@ #include "cnxk_security.h" +#include "roc_api.h" + static void ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad) @@ -51,12 +53,12 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, /* Set direction */ switch (ipsec_xfrm->direction) { case RTE_SECURITY_IPSEC_SA_DIR_INGRESS: - w2->s.dir = ROC_IE_OT_SA_DIR_INBOUND; + w2->s.dir = ROC_IE_SA_DIR_INBOUND; auth_xfrm = crypto_xfrm; cipher_xfrm = crypto_xfrm->next; break; case RTE_SECURITY_IPSEC_SA_DIR_EGRESS: - w2->s.dir = ROC_IE_OT_SA_DIR_OUTBOUND; + w2->s.dir = ROC_IE_SA_DIR_OUTBOUND; cipher_xfrm = crypto_xfrm; auth_xfrm = crypto_xfrm->next; break; @@ -67,10 +69,10 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, /* Set protocol - ESP vs AH */ switch (ipsec_xfrm->proto) { case RTE_SECURITY_IPSEC_SA_PROTO_ESP: - w2->s.protocol = ROC_IE_OT_SA_PROTOCOL_ESP; + w2->s.protocol = ROC_IE_SA_PROTOCOL_ESP; break; case RTE_SECURITY_IPSEC_SA_PROTO_AH: - w2->s.protocol = ROC_IE_OT_SA_PROTOCOL_AH; + w2->s.protocol = ROC_IE_SA_PROTOCOL_AH; break; default: return -EINVAL; @@ -79,10 +81,10 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, /* Set mode - transport vs tunnel */ switch (ipsec_xfrm->mode) { case RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT: - w2->s.mode = ROC_IE_OT_SA_MODE_TRANSPORT; + w2->s.mode = ROC_IE_SA_MODE_TRANSPORT; break; case RTE_SECURITY_IPSEC_SA_MODE_TUNNEL: - w2->s.mode = ROC_IE_OT_SA_MODE_TUNNEL; + w2->s.mode = ROC_IE_SA_MODE_TUNNEL; break; default: return -EINVAL; @@ -147,13 +149,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, switch (length) { case ROC_CPT_AES128_KEY_LEN: - w2->s.aes_key_len = ROC_IE_OT_SA_AES_KEY_LEN_128; + w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_128; break; case ROC_CPT_AES192_KEY_LEN: - w2->s.aes_key_len = ROC_IE_OT_SA_AES_KEY_LEN_192; + w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_192; break; case ROC_CPT_AES256_KEY_LEN: - w2->s.aes_key_len = ROC_IE_OT_SA_AES_KEY_LEN_256; + w2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_256; break; default: return -EINVAL; @@ -271,7 +273,7 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa, /* Tunnel header info */ switch (tunnel->type) { case RTE_SECURITY_IPSEC_TUNNEL_IPV4: - sa->w2.s.outer_ip_ver = ROC_IE_OT_SA_IP_VERSION_4; + sa->w2.s.outer_ip_ver = ROC_IE_SA_IP_VERSION_4; memcpy(&sa->outer_hdr.ipv4.src_addr, &tunnel->ipv4.src_ip, sizeof(struct in_addr)); memcpy(&sa->outer_hdr.ipv4.dst_addr, &tunnel->ipv4.dst_ip, @@ -302,7 +304,7 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa, } break; case RTE_SECURITY_IPSEC_TUNNEL_IPV6: - sa->w2.s.outer_ip_ver = ROC_IE_OT_SA_IP_VERSION_6; + sa->w2.s.outer_ip_ver = ROC_IE_SA_IP_VERSION_6; memcpy(&sa->outer_hdr.ipv6.src_addr, &tunnel->ipv6.src_addr, sizeof(struct in6_addr)); memcpy(&sa->outer_hdr.ipv6.dst_addr, &tunnel->ipv6.dst_addr, diff --git a/drivers/common/cnxk/roc_api.h b/drivers/common/cnxk/roc_api.h index 9c06cfee9a..7dec8453b4 100644 --- a/drivers/common/cnxk/roc_api.h +++ b/drivers/common/cnxk/roc_api.h @@ -121,6 +121,7 @@ /* CPT microcode */ #include "roc_ae.h" #include "roc_ae_fpm_tables.h" +#include "roc_ie.h" #include "roc_ie_on.h" #include "roc_ie_ot.h" #include "roc_se.h" diff --git a/drivers/common/cnxk/roc_ie.h b/drivers/common/cnxk/roc_ie.h index a330ea1b50..31b83948e1 100644 --- a/drivers/common/cnxk/roc_ie.h +++ b/drivers/common/cnxk/roc_ie.h @@ -5,15 +5,30 @@ #ifndef __ROC_IE_H__ #define __ROC_IE_H__ -/* CNXK IPSEC helper macros */ -#define ROC_IE_AH_HDR_LEN 12 -#define ROC_IE_AES_GCM_IV_LEN 8 -#define ROC_IE_AES_GCM_MAC_LEN 16 -#define ROC_IE_AES_CBC_IV_LEN 16 -#define ROC_IE_SHA1_HMAC_LEN 12 -#define ROC_IE_AUTH_KEY_LEN_MAX 64 +enum { + ROC_IE_SA_DIR_INBOUND = 0, + ROC_IE_SA_DIR_OUTBOUND = 1, +}; -#define ROC_IE_AES_GCM_ROUNDUP_BYTE_LEN 4 -#define ROC_IE_AES_CBC_ROUNDUP_BYTE_LEN 16 +enum { + ROC_IE_SA_IP_VERSION_4 = 0, + ROC_IE_SA_IP_VERSION_6 = 1, +}; + +enum { + ROC_IE_SA_MODE_TRANSPORT = 0, + ROC_IE_SA_MODE_TUNNEL = 1, +}; + +enum { + ROC_IE_SA_PROTOCOL_AH = 0, + ROC_IE_SA_PROTOCOL_ESP = 1, +}; + +enum { + ROC_IE_SA_AES_KEY_LEN_128 = 1, + ROC_IE_SA_AES_KEY_LEN_192 = 2, + ROC_IE_SA_AES_KEY_LEN_256 = 3, +}; #endif /* __ROC_IE_H__ */ diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h index 508654a9d8..222c298a53 100644 --- a/drivers/common/cnxk/roc_ie_on.h +++ b/drivers/common/cnxk/roc_ie_on.h @@ -18,32 +18,6 @@ /* Ucode completion codes */ #define ROC_IE_ONF_UCC_SUCCESS 0 -enum { - ROC_IE_ON_SA_DIR_INBOUND = 0, - ROC_IE_ON_SA_DIR_OUTBOUND = 1, -}; - -enum { - ROC_IE_ON_SA_IP_VERSION_4 = 0, - ROC_IE_ON_SA_IP_VERSION_6 = 1, -}; - -enum { - ROC_IE_ON_SA_MODE_TRANSPORT = 0, - ROC_IE_ON_SA_MODE_TUNNEL = 1, -}; - -enum { - ROC_IE_ON_SA_PROTOCOL_AH = 0, - ROC_IE_ON_SA_PROTOCOL_ESP = 1, -}; - -enum { - ROC_IE_ON_SA_AES_KEY_LEN_128 = 1, - ROC_IE_ON_SA_AES_KEY_LEN_192 = 2, - ROC_IE_ON_SA_AES_KEY_LEN_256 = 3, -}; - enum { ROC_IE_ON_SA_ENC_NULL = 0, ROC_IE_ON_SA_ENC_DES_CBC = 1, diff --git a/drivers/common/cnxk/roc_ie_ot.h b/drivers/common/cnxk/roc_ie_ot.h index aeb4be2971..3987a082a2 100644 --- a/drivers/common/cnxk/roc_ie_ot.h +++ b/drivers/common/cnxk/roc_ie_ot.h @@ -97,32 +97,6 @@ enum { ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1, }; -enum { - ROC_IE_OT_SA_DIR_INBOUND = 0, - ROC_IE_OT_SA_DIR_OUTBOUND = 1, -}; - -enum { - ROC_IE_OT_SA_IP_VERSION_4 = 0, - ROC_IE_OT_SA_IP_VERSION_6 = 1, -}; - -enum { - ROC_IE_OT_SA_MODE_TRANSPORT = 0, - ROC_IE_OT_SA_MODE_TUNNEL = 1, -}; - -enum { - ROC_IE_OT_SA_PROTOCOL_AH = 0, - ROC_IE_OT_SA_PROTOCOL_ESP = 1, -}; - -enum { - ROC_IE_OT_SA_AES_KEY_LEN_128 = 1, - ROC_IE_OT_SA_AES_KEY_LEN_192 = 2, - ROC_IE_OT_SA_AES_KEY_LEN_256 = 3, -}; - enum { ROC_IE_OT_SA_ENC_NULL = 0, ROC_IE_OT_SA_ENC_3DES_CBC = 2, diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 780a321cf7..28055aceed 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -16,6 +16,8 @@ #include "cnxk_cryptodev_ops.h" #include "cnxk_se.h" +#include "roc_api.h" + static inline struct cnxk_se_sess * cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) { @@ -68,7 +70,7 @@ cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess, sa = &sess->sa; w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; - if (w2->s.dir == ROC_IE_OT_SA_DIR_OUTBOUND) + if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) ret = process_outb_sa(op, sa, inst); else ret = process_inb_sa(op, sa, inst);