From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Tejasree Kondoj <ktejasree@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode
Date: Thu, 21 Dec 2023 18:05:40 +0530 [thread overview]
Message-ID: <20231221123545.510-20-anoobj@marvell.com> (raw)
In-Reply-To: <20231221123545.510-1-anoobj@marvell.com>
From: Tejasree Kondoj <ktejasree@marvell.com>
Replacing PDCP opcode with PDCP chain opcode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/common/cnxk/roc_se.c | 331 +++++++++-------------------------
drivers/common/cnxk/roc_se.h | 18 +-
drivers/crypto/cnxk/cnxk_se.h | 96 +++++-----
3 files changed, 135 insertions(+), 310 deletions(-)
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 6ced4ef789..4e00268149 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -88,13 +88,20 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, uint16_t key_
fc_type = ROC_SE_FC_GEN;
break;
case ROC_SE_ZUC_EEA3:
- if (chained_op) {
- if (unlikely(key_len != 16))
+ if (unlikely(key_len != 16)) {
+ /*
+ * ZUC 256 is not supported with older microcode
+ * where pdcp_iv_offset is 16
+ */
+ if (chained_op || (ctx->pdcp_iv_offset == 16)) {
+ plt_err("ZUC 256 is not supported with chained operations");
return -1;
+ }
+ }
+ if (chained_op)
fc_type = ROC_SE_PDCP_CHAIN;
- } else {
+ else
fc_type = ROC_SE_PDCP;
- }
break;
case ROC_SE_SNOW3G_UEA2:
if (unlikely(key_len != 16))
@@ -197,33 +204,6 @@ cpt_hmac_opad_ipad_gen(roc_se_auth_type auth_type, const uint8_t *key, uint16_t
}
}
-static int
-cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t key_len)
-{
- roc_se_aes_type key_type = 0;
-
- if (roc_model_is_cn9k()) {
- if (key_len != 16) {
- plt_err("Only key len 16 is supported on cn9k");
- return -ENOTSUP;
- }
- }
-
- switch (key_len) {
- case 16:
- key_type = ROC_SE_AES_128_BIT;
- break;
- case 32:
- key_type = ROC_SE_AES_256_BIT;
- break;
- default:
- plt_err("Invalid AES key len");
- return -ENOTSUP;
- }
- zs_ctx->zuc.otk_ctx.w0.s.key_len = key_type;
- return 0;
-}
-
static int
cpt_pdcp_chain_key_type_get(uint16_t key_len)
{
@@ -247,36 +227,6 @@ cpt_pdcp_chain_key_type_get(uint16_t key_len)
return key_type;
}
-static int
-cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t mac_len)
-{
- roc_se_pdcp_mac_len_type mac_type = 0;
-
- if (roc_model_is_cn9k()) {
- if (mac_len != 4) {
- plt_err("Only mac len 4 is supported on cn9k");
- return -ENOTSUP;
- }
- }
-
- switch (mac_len) {
- case 4:
- mac_type = ROC_SE_PDCP_MAC_LEN_32_BIT;
- break;
- case 8:
- mac_type = ROC_SE_PDCP_MAC_LEN_64_BIT;
- break;
- case 16:
- mac_type = ROC_SE_PDCP_MAC_LEN_128_BIT;
- break;
- default:
- plt_err("Invalid ZUC MAC len");
- return -ENOTSUP;
- }
- zs_ctx->zuc.otk_ctx.w0.s.mac_len = mac_type;
- return 0;
-}
-
static void
cpt_zuc_const_update(uint8_t *zuc_const, int key_len, int mac_len)
{
@@ -300,32 +250,27 @@ cpt_zuc_const_update(uint8_t *zuc_const, int key_len, int mac_len)
}
int
-roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
- const uint8_t *key, uint16_t key_len, uint16_t mac_len)
+roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type, const uint8_t *key,
+ uint16_t key_len, uint16_t mac_len)
{
- struct roc_se_zuc_snow3g_chain_ctx *zs_ch_ctx;
- struct roc_se_zuc_snow3g_ctx *zs_ctx;
struct roc_se_kasumi_ctx *k_ctx;
+ struct roc_se_pdcp_ctx *pctx;
struct roc_se_context *fctx;
uint8_t opcode_minor;
- uint8_t pdcp_alg;
bool chained_op;
- int ret;
if (se_ctx == NULL)
return -1;
- zs_ctx = &se_ctx->se_ctx.zs_ctx;
- zs_ch_ctx = &se_ctx->se_ctx.zs_ch_ctx;
+ pctx = &se_ctx->se_ctx.pctx;
k_ctx = &se_ctx->se_ctx.k_ctx;
fctx = &se_ctx->se_ctx.fctx;
chained_op = se_ctx->ciph_then_auth || se_ctx->auth_then_ciph;
if ((type >= ROC_SE_ZUC_EIA3) && (type <= ROC_SE_KASUMI_F9_ECB)) {
- uint8_t *zuc_const;
uint32_t keyx[4];
- uint8_t *ci_key;
+ int key_type;
if (!key_len)
return -1;
@@ -335,98 +280,64 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
return -1;
}
- if (roc_model_is_cn9k()) {
- ci_key = zs_ctx->zuc.onk_ctx.ci_key;
- zuc_const = zs_ctx->zuc.onk_ctx.zuc_const;
- } else {
- ci_key = zs_ctx->zuc.otk_ctx.ci_key;
- zuc_const = zs_ctx->zuc.otk_ctx.zuc_const;
- }
-
/* For ZUC/SNOW3G/Kasumi */
switch (type) {
case ROC_SE_SNOW3G_UIA2:
- if (chained_op) {
- struct roc_se_onk_zuc_chain_ctx *ctx =
- &zs_ch_ctx->zuc.onk_ctx;
- zs_ch_ctx->zuc.onk_ctx.w0.s.state_conf =
- ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
- ctx->w0.s.auth_type =
- ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G;
- ctx->w0.s.mac_len = mac_len;
- ctx->w0.s.auth_key_len = key_len;
- se_ctx->fc_type = ROC_SE_PDCP_CHAIN;
- cpt_snow3g_key_gen(key, keyx);
- memcpy(ctx->st.auth_key, keyx, key_len);
- } else {
- zs_ctx->zuc.otk_ctx.w0.s.alg_type =
- ROC_SE_PDCP_ALG_TYPE_SNOW3G;
- zs_ctx->zuc.otk_ctx.w0.s.mac_len =
- ROC_SE_PDCP_MAC_LEN_32_BIT;
- cpt_snow3g_key_gen(key, keyx);
- memcpy(ci_key, keyx, key_len);
+ pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
+ pctx->w0.s.auth_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G;
+ pctx->w0.s.mac_len = mac_len;
+ pctx->w0.s.auth_key_len = key_len;
+ se_ctx->fc_type = ROC_SE_PDCP_CHAIN;
+ cpt_snow3g_key_gen(key, keyx);
+ memcpy(pctx->st.auth_key, keyx, key_len);
+
+ if (!chained_op)
se_ctx->fc_type = ROC_SE_PDCP;
- }
se_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
se_ctx->zsk_flags = 0x1;
break;
case ROC_SE_ZUC_EIA3:
- if (chained_op) {
- struct roc_se_onk_zuc_chain_ctx *ctx =
- &zs_ch_ctx->zuc.onk_ctx;
- ctx->w0.s.state_conf =
- ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
- ctx->w0.s.auth_type =
- ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC;
- ctx->w0.s.mac_len = mac_len;
- ctx->w0.s.auth_key_len = key_len;
- memcpy(ctx->st.auth_key, key, key_len);
- cpt_zuc_const_update(ctx->st.auth_zuc_const,
- key_len, mac_len);
- se_ctx->fc_type = ROC_SE_PDCP_CHAIN;
- } else {
- zs_ctx->zuc.otk_ctx.w0.s.alg_type =
- ROC_SE_PDCP_ALG_TYPE_ZUC;
- ret = cpt_pdcp_key_type_set(zs_ctx, key_len);
- if (ret)
- return ret;
- ret = cpt_pdcp_mac_len_set(zs_ctx, mac_len);
- if (ret)
- return ret;
- memcpy(ci_key, key, key_len);
- if (key_len == 32)
- roc_se_zuc_bytes_swap(ci_key, key_len);
- cpt_zuc_const_update(zuc_const, key_len,
- mac_len);
- se_ctx->fc_type = ROC_SE_PDCP;
+ if (unlikely(key_len != 16)) {
+ /*
+ * ZUC 256 is not supported with older microcode
+ * where pdcp_iv_offset is 16
+ */
+ if (chained_op || (se_ctx->pdcp_iv_offset == 16)) {
+ plt_err("ZUC 256 is not supported with chained operations");
+ return -1;
+ }
}
+ key_type = cpt_pdcp_chain_key_type_get(key_len);
+ if (key_type < 0)
+ return key_type;
+ pctx->w0.s.auth_key_len = key_type;
+ pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
+ pctx->w0.s.auth_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC;
+ pctx->w0.s.mac_len = mac_len;
+ memcpy(pctx->st.auth_key, key, key_len);
+ if (key_len == 32)
+ roc_se_zuc_bytes_swap(pctx->st.auth_key, key_len);
+ cpt_zuc_const_update(pctx->st.auth_zuc_const, key_len, mac_len);
+ se_ctx->fc_type = ROC_SE_PDCP_CHAIN;
+
+ if (!chained_op)
+ se_ctx->fc_type = ROC_SE_PDCP;
se_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_ZUC;
se_ctx->zsk_flags = 0x1;
break;
case ROC_SE_AES_CMAC_EIA2:
- if (chained_op) {
- struct roc_se_onk_zuc_chain_ctx *ctx =
- &zs_ch_ctx->zuc.onk_ctx;
- int key_type;
- key_type = cpt_pdcp_chain_key_type_get(key_len);
- if (key_type < 0)
- return key_type;
- ctx->w0.s.auth_key_len = key_type;
- ctx->w0.s.state_conf =
- ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
- ctx->w0.s.auth_type =
- ROC_SE_PDCP_ALG_TYPE_AES_CTR;
- ctx->w0.s.mac_len = mac_len;
- memcpy(ctx->st.auth_key, key, key_len);
- se_ctx->fc_type = ROC_SE_PDCP_CHAIN;
- } else {
- zs_ctx->zuc.otk_ctx.w0.s.alg_type =
- ROC_SE_PDCP_ALG_TYPE_AES_CTR;
- zs_ctx->zuc.otk_ctx.w0.s.mac_len =
- ROC_SE_PDCP_MAC_LEN_32_BIT;
- memcpy(ci_key, key, key_len);
+ key_type = cpt_pdcp_chain_key_type_get(key_len);
+ if (key_type < 0)
+ return key_type;
+ pctx->w0.s.auth_key_len = key_type;
+ pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
+ pctx->w0.s.auth_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
+ pctx->w0.s.mac_len = mac_len;
+ memcpy(pctx->st.auth_key, key, key_len);
+ se_ctx->fc_type = ROC_SE_PDCP_CHAIN;
+
+ if (!chained_op)
se_ctx->fc_type = ROC_SE_PDCP;
- }
se_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_AES_CMAC;
se_ctx->eia2 = 1;
se_ctx->zsk_flags = 0x1;
@@ -454,11 +365,8 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
se_ctx->mac_len = mac_len;
se_ctx->hash_type = type;
- pdcp_alg = zs_ctx->zuc.otk_ctx.w0.s.alg_type;
if (chained_op)
opcode_minor = se_ctx->ciph_then_auth ? 2 : 3;
- else if (roc_model_is_cn9k())
- opcode_minor = ((1 << 7) | (pdcp_alg << 5) | 1);
else
opcode_minor = ((1 << 4) | 1);
@@ -513,29 +421,18 @@ int
roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const uint8_t *key,
uint16_t key_len)
{
- bool chained_op = se_ctx->ciph_then_auth || se_ctx->auth_then_ciph;
- struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx;
struct roc_se_context *fctx = &se_ctx->se_ctx.fctx;
- struct roc_se_zuc_snow3g_chain_ctx *zs_ch_ctx;
+ struct roc_se_pdcp_ctx *pctx;
uint8_t opcode_minor = 0;
- uint8_t *zuc_const;
uint32_t keyx[4];
- uint8_t *ci_key;
+ int key_type;
int i, ret;
/* For NULL cipher, no processing required. */
if (type == ROC_SE_PASSTHROUGH)
return 0;
- zs_ch_ctx = &se_ctx->se_ctx.zs_ch_ctx;
-
- if (roc_model_is_cn9k()) {
- ci_key = zs_ctx->zuc.onk_ctx.ci_key;
- zuc_const = zs_ctx->zuc.onk_ctx.zuc_const;
- } else {
- ci_key = zs_ctx->zuc.otk_ctx.ci_key;
- zuc_const = zs_ctx->zuc.otk_ctx.zuc_const;
- }
+ pctx = &se_ctx->se_ctx.pctx;
if ((type == ROC_SE_AES_GCM) || (type == ROC_SE_AES_CCM))
se_ctx->template_w4.s.opcode_minor = BIT(5);
@@ -615,72 +512,38 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
fctx->enc.enc_cipher = ROC_SE_DES3_CBC;
goto success;
case ROC_SE_SNOW3G_UEA2:
- if (chained_op == true) {
- struct roc_se_onk_zuc_chain_ctx *ctx =
- &zs_ch_ctx->zuc.onk_ctx;
- zs_ch_ctx->zuc.onk_ctx.w0.s.state_conf =
- ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
- zs_ch_ctx->zuc.onk_ctx.w0.s.cipher_type =
- ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G;
- zs_ch_ctx->zuc.onk_ctx.w0.s.ci_key_len = key_len;
- cpt_snow3g_key_gen(key, keyx);
- memcpy(ctx->st.ci_key, keyx, key_len);
- } else {
- zs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;
- zs_ctx->zuc.otk_ctx.w0.s.alg_type =
- ROC_SE_PDCP_ALG_TYPE_SNOW3G;
- cpt_snow3g_key_gen(key, keyx);
- memcpy(ci_key, keyx, key_len);
- }
+ pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
+ pctx->w0.s.cipher_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G;
+ pctx->w0.s.ci_key_len = key_len;
+ cpt_snow3g_key_gen(key, keyx);
+ memcpy(pctx->st.ci_key, keyx, key_len);
se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_SNOW3G;
se_ctx->zsk_flags = 0;
goto success;
case ROC_SE_ZUC_EEA3:
- if (chained_op == true) {
- struct roc_se_onk_zuc_chain_ctx *ctx =
- &zs_ch_ctx->zuc.onk_ctx;
- zs_ch_ctx->zuc.onk_ctx.w0.s.state_conf =
- ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
- zs_ch_ctx->zuc.onk_ctx.w0.s.cipher_type =
- ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC;
- memcpy(ctx->st.ci_key, key, key_len);
- memcpy(ctx->st.ci_zuc_const, zuc_key128, 32);
- zs_ch_ctx->zuc.onk_ctx.w0.s.ci_key_len = key_len;
- } else {
- ret = cpt_pdcp_key_type_set(zs_ctx, key_len);
- if (ret)
- return ret;
- zs_ctx->zuc.otk_ctx.w0.s.alg_type =
- ROC_SE_PDCP_ALG_TYPE_ZUC;
- memcpy(ci_key, key, key_len);
- if (key_len == 32) {
- roc_se_zuc_bytes_swap(ci_key, key_len);
- memcpy(zuc_const, zuc_key256, 16);
- } else
- memcpy(zuc_const, zuc_key128, 32);
- }
-
+ key_type = cpt_pdcp_chain_key_type_get(key_len);
+ if (key_type < 0)
+ return key_type;
+ pctx->w0.s.ci_key_len = key_type;
+ pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
+ pctx->w0.s.cipher_type = ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC;
+ memcpy(pctx->st.ci_key, key, key_len);
+ if (key_len == 32) {
+ roc_se_zuc_bytes_swap(pctx->st.ci_key, key_len);
+ memcpy(pctx->st.ci_zuc_const, zuc_key256, 16);
+ } else
+ memcpy(pctx->st.ci_zuc_const, zuc_key128, 32);
se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_ZUC;
se_ctx->zsk_flags = 0;
goto success;
case ROC_SE_AES_CTR_EEA2:
- if (chained_op == true) {
- struct roc_se_onk_zuc_chain_ctx *ctx =
- &zs_ch_ctx->zuc.onk_ctx;
- int key_type;
- key_type = cpt_pdcp_chain_key_type_get(key_len);
- if (key_type < 0)
- return key_type;
- ctx->w0.s.ci_key_len = key_type;
- ctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
- ctx->w0.s.cipher_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
- memcpy(ctx->st.ci_key, key, key_len);
- } else {
- zs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;
- zs_ctx->zuc.otk_ctx.w0.s.alg_type =
- ROC_SE_PDCP_ALG_TYPE_AES_CTR;
- memcpy(ci_key, key, key_len);
- }
+ key_type = cpt_pdcp_chain_key_type_get(key_len);
+ if (key_type < 0)
+ return key_type;
+ pctx->w0.s.ci_key_len = key_type;
+ pctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;
+ pctx->w0.s.cipher_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
+ memcpy(pctx->st.ci_key, key, key_len);
se_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_AES_CTR;
se_ctx->zsk_flags = 0;
goto success;
@@ -720,20 +583,6 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
return 0;
}
-void
-roc_se_ctx_swap(struct roc_se_ctx *se_ctx)
-{
- struct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx;
-
- if (roc_model_is_cn9k())
- return;
-
- if (se_ctx->fc_type == ROC_SE_PDCP_CHAIN)
- return;
-
- zs_ctx->zuc.otk_ctx.w0.u64 = htobe64(zs_ctx->zuc.otk_ctx.w0.u64);
-}
-
void
roc_se_ctx_init(struct roc_se_ctx *roc_se_ctx)
{
@@ -745,15 +594,13 @@ roc_se_ctx_init(struct roc_se_ctx *roc_se_ctx)
case ROC_SE_FC_GEN:
ctx_len = sizeof(struct roc_se_context);
break;
+ case ROC_SE_PDCP_CHAIN:
case ROC_SE_PDCP:
- ctx_len = sizeof(struct roc_se_zuc_snow3g_ctx);
+ ctx_len = sizeof(struct roc_se_pdcp_ctx);
break;
case ROC_SE_KASUMI:
ctx_len = sizeof(struct roc_se_kasumi_ctx);
break;
- case ROC_SE_PDCP_CHAIN:
- ctx_len = sizeof(struct roc_se_zuc_snow3g_chain_ctx);
- break;
case ROC_SE_SM:
ctx_len = sizeof(struct roc_se_sm_context);
break;
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index abb8c6a149..d62c40b310 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -246,7 +246,7 @@ struct roc_se_onk_zuc_ctx {
uint8_t zuc_const[32];
};
-struct roc_se_onk_zuc_chain_ctx {
+struct roc_se_pdcp_ctx {
union {
uint64_t u64;
struct {
@@ -278,19 +278,6 @@ struct roc_se_onk_zuc_chain_ctx {
} st;
};
-struct roc_se_zuc_snow3g_chain_ctx {
- union {
- struct roc_se_onk_zuc_chain_ctx onk_ctx;
- } zuc;
-};
-
-struct roc_se_zuc_snow3g_ctx {
- union {
- struct roc_se_onk_zuc_ctx onk_ctx;
- struct roc_se_otk_zuc_ctx otk_ctx;
- } zuc;
-};
-
struct roc_se_kasumi_ctx {
uint8_t reg_A[8];
uint8_t ci_key[16];
@@ -356,8 +343,7 @@ struct roc_se_ctx {
} w0;
union {
struct roc_se_context fctx;
- struct roc_se_zuc_snow3g_ctx zs_ctx;
- struct roc_se_zuc_snow3g_chain_ctx zs_ch_ctx;
+ struct roc_se_pdcp_ctx pctx;
struct roc_se_kasumi_ctx k_ctx;
struct roc_se_sm_context sm_ctx;
};
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 1aec7dea9f..8193e96a92 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -298,8 +298,13 @@ sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t
iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN);
if (pdcp_flag) {
- if (likely(iv_len))
- pdcp_iv_copy(iv_d, iv_s, pdcp_alg_type, pack_iv);
+ if (likely(iv_len)) {
+ if (zsk_flags == 0x1)
+ pdcp_iv_copy(iv_d + params->pdcp_iv_offset, iv_s, pdcp_alg_type,
+ pack_iv);
+ else
+ pdcp_iv_copy(iv_d, iv_s, pdcp_alg_type, pack_iv);
+ }
} else {
if (likely(iv_len))
memcpy(iv_d, iv_s, iv_len);
@@ -375,7 +380,7 @@ sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t
i = 0;
scatter_comp = (struct roc_sglist_comp *)((uint8_t *)gather_comp + g_size_bytes);
- if (zsk_flags == 0x1) {
+ if ((zsk_flags == 0x1) && (se_ctx->fc_type == ROC_SE_KASUMI)) {
/* IV in SLIST only for EEA3 & UEA2 or for F8 */
iv_len = 0;
}
@@ -492,8 +497,13 @@ sg2_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t
iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN);
if (pdcp_flag) {
- if (likely(iv_len))
- pdcp_iv_copy(iv_d, iv_s, pdcp_alg_type, pack_iv);
+ if (likely(iv_len)) {
+ if (zsk_flags == 0x1)
+ pdcp_iv_copy(iv_d + params->pdcp_iv_offset, iv_s, pdcp_alg_type,
+ pack_iv);
+ else
+ pdcp_iv_copy(iv_d, iv_s, pdcp_alg_type, pack_iv);
+ }
} else {
if (likely(iv_len))
memcpy(iv_d, iv_s, iv_len);
@@ -567,7 +577,7 @@ sg2_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t
i = 0;
scatter_comp = (struct roc_sg2list_comp *)((uint8_t *)gather_comp + g_size_bytes);
- if (zsk_flags == 0x1) {
+ if ((zsk_flags == 0x1) && (se_ctx->fc_type == ROC_SE_KASUMI)) {
/* IV in SLIST only for EEA3 & UEA2 or for F8 */
iv_len = 0;
}
@@ -1617,28 +1627,34 @@ static __rte_always_inline int
cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
struct roc_se_fc_params *params, struct cpt_inst_s *inst, const bool is_sg_ver2)
{
+ /*
+ * pdcp_iv_offset is auth_iv_offset wrt cipher_iv_offset which is
+ * 16 with old microcode without ZUC 256 support
+ * whereas it is 24 with new microcode which has ZUC 256.
+ * So iv_len reserved is 32B for cipher and auth IVs with old microcode
+ * and 48B with new microcode.
+ */
+ const int iv_len = params->pdcp_iv_offset * 2;
+ struct roc_se_ctx *se_ctx = params->ctx;
uint32_t encr_data_len, auth_data_len;
+ const int flags = se_ctx->zsk_flags;
uint32_t encr_offset, auth_offset;
union cpt_inst_w4 cpt_inst_w4;
int32_t inputlen, outputlen;
- struct roc_se_ctx *se_ctx;
uint64_t *offset_vaddr;
uint8_t pdcp_alg_type;
uint32_t mac_len = 0;
const uint8_t *iv_s;
uint8_t pack_iv = 0;
uint64_t offset_ctrl;
- int flags, iv_len;
int ret;
- se_ctx = params->ctx;
- flags = se_ctx->zsk_flags;
mac_len = se_ctx->mac_len;
cpt_inst_w4.u64 = se_ctx->template_w4.u64;
- cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;
if (flags == 0x1) {
+ cpt_inst_w4.s.opcode_minor = 1;
iv_s = params->auth_iv_buf;
/*
@@ -1650,47 +1666,32 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
pdcp_alg_type = se_ctx->pdcp_auth_alg;
if (pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CMAC) {
- iv_len = params->auth_iv_len;
- if (iv_len == 25) {
- iv_len -= 2;
+ if (params->auth_iv_len == 25)
pack_iv = 1;
- }
auth_offset = auth_offset / 8;
-
- /* consider iv len */
- auth_offset += iv_len;
-
- inputlen =
- auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
- } else {
- iv_len = 16;
-
- /* consider iv len */
- auth_offset += iv_len;
-
- inputlen = auth_offset + auth_data_len;
-
- /* length should be in bits */
- auth_data_len *= 8;
+ auth_data_len = RTE_ALIGN(auth_data_len, 8) / 8;
}
- outputlen = mac_len;
+ /* consider iv len */
+ auth_offset += iv_len;
+
+ inputlen = auth_offset + auth_data_len;
+ outputlen = iv_len + mac_len;
offset_ctrl = rte_cpu_to_be_64((uint64_t)auth_offset);
+ cpt_inst_w4.s.param1 = auth_data_len;
encr_data_len = 0;
encr_offset = 0;
} else {
+ cpt_inst_w4.s.opcode_minor = 0;
iv_s = params->iv_buf;
- iv_len = params->cipher_iv_len;
pdcp_alg_type = se_ctx->pdcp_ci_alg;
- if (iv_len == 25) {
- iv_len -= 2;
+ if (params->cipher_iv_len == 25)
pack_iv = 1;
- }
/*
* Microcode expects offsets in bytes
@@ -1700,6 +1701,7 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
encr_offset = ROC_SE_ENCR_OFFSET(d_offs);
encr_offset = encr_offset / 8;
+
/* consider iv len */
encr_offset += iv_len;
@@ -1707,10 +1709,11 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
outputlen = inputlen;
/* iv offset is 0 */
- offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset);
auth_data_len = 0;
auth_offset = 0;
+ cpt_inst_w4.s.param1 = (RTE_ALIGN(encr_data_len, 8) / 8);
}
if (unlikely((encr_offset >> 16) || (auth_offset >> 8))) {
@@ -1720,12 +1723,6 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
return -1;
}
- /*
- * Lengths are expected in bits.
- */
- cpt_inst_w4.s.param1 = encr_data_len;
- cpt_inst_w4.s.param2 = auth_data_len;
-
/*
* In cn9k, cn10k since we have a limitation of
* IV & Offset control word not part of instruction
@@ -1738,6 +1735,7 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
/* Use Direct mode */
+ cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP_CHAIN;
offset_vaddr = (uint64_t *)((uint8_t *)dm_vaddr - ROC_SE_OFF_CTRL_LEN - iv_len);
/* DPTR */
@@ -1753,6 +1751,7 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
*offset_vaddr = offset_ctrl;
inst->w4.u64 = cpt_inst_w4.u64;
} else {
+ cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP_CHAIN | ROC_DMA_MODE_SG;
inst->w4.u64 = cpt_inst_w4.u64;
if (is_sg_ver2)
ret = sg2_inst_prep(params, inst, offset_ctrl, iv_s, iv_len, pack_iv,
@@ -2243,8 +2242,6 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
c_form->key.length)))
return -1;
- if ((enc_type >= ROC_SE_ZUC_EEA3) && (enc_type <= ROC_SE_AES_CTR_EEA2))
- roc_se_ctx_swap(&sess->roc_se_ctx);
return 0;
}
@@ -2403,15 +2400,10 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
sess->auth_iv_offset = a_form->iv.offset;
sess->auth_iv_length = a_form->iv.length;
}
- if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type,
- a_form->key.data, a_form->key.length,
- a_form->digest_length)))
+ if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, a_form->key.data,
+ a_form->key.length, a_form->digest_length)))
return -1;
- if ((auth_type >= ROC_SE_ZUC_EIA3) &&
- (auth_type <= ROC_SE_AES_CMAC_EIA2))
- roc_se_ctx_swap(&sess->roc_se_ctx);
-
return 0;
}
--
2.25.1
next prev parent reply other threads:[~2023-12-21 12:38 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-21 12:35 [PATCH 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2023-12-21 12:35 ` [PATCH 01/24] common/cnxk: fix memory leak Anoob Joseph
2023-12-21 12:35 ` [PATCH 02/24] crypto/cnxk: use common macro Anoob Joseph
2023-12-21 12:35 ` [PATCH 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2023-12-21 12:35 ` [PATCH 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2023-12-21 12:35 ` [PATCH 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2023-12-21 12:35 ` [PATCH 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2023-12-21 12:35 ` [PATCH 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2023-12-21 12:35 ` [PATCH 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2023-12-21 12:35 ` [PATCH 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2023-12-21 12:35 ` [PATCH 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2023-12-21 12:35 ` [PATCH 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2023-12-21 12:35 ` [PATCH 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2023-12-21 12:35 ` [PATCH 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2023-12-21 12:35 ` [PATCH 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2023-12-21 12:35 ` [PATCH 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2023-12-21 12:35 ` [PATCH 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2023-12-21 12:35 ` Anoob Joseph [this message]
2023-12-21 12:35 ` [PATCH 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2023-12-21 12:35 ` [PATCH 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2023-12-21 12:35 ` [PATCH 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-16 8:07 ` Akhil Goyal
2024-01-02 4:54 ` [PATCH v2 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-16 8:43 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
2024-01-17 10:30 ` [PATCH v3 " Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-18 17:06 ` [PATCH v3 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231221123545.510-20-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.