d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

common/cnxk: generate MD5 ipad opad

Browse Source 
Add support to generate ipad and opad for MD5.
Skip the call to additional command WRITE_SA during SA creation.
Instead use the software defined function to generate opad and ipad.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
This commit is contained in:
Vidya Sagar Velumuri 2022-10-20 16:44:48 +05:30 committed by Akhil Goyal
parent 379bc7f43f
commit 729085b508
10 changed files with 178 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
drivers/common/cnxk/cnxk_security.c
View File

@ -28,6 +28,10 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,
* per packet computation
*/
switch (auth_xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
@ -1218,9 +1222,7 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
struct roc_ie_on_sa_ctl *ctl;
struct rte_ipv6_hdr *ip6;
struct rte_ipv4_hdr *ip4;
const uint8_t *auth_key;
uint16_t sport, dport;
int auth_key_len = 0;
size_t ctx_len;
int ret;
@ -1345,29 +1347,14 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
ctx_len += RTE_ALIGN_CEIL(ctx_len, 8);
if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
auth_key = auth_xform->auth.key.data;
auth_key_len = auth_xform->auth.key.length;
uint8_t *hmac_opad_ipad = (uint8_t *)&out_sa->sha2;
switch (auth_xform->auth.algo) {
case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_NULL:
break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
memcpy(out_sa->sha1.hmac_key, auth_key, auth_key_len);
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
case RTE_CRYPTO_AUTH_SHA384_HMAC:
case RTE_CRYPTO_AUTH_SHA512_HMAC:
memcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len);
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
memcpy(out_sa->aes_xcbc.key, auth_key, auth_key_len);
break;
default:
plt_err("Unsupported auth algorithm %u",
auth_xform->auth.algo);
return -ENOTSUP;
if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
const uint8_t *auth_key = auth_xform->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
ipsec_hmac_opad_ipad_gen(auth_xform, hmac_opad_ipad);
}
}
@ -1392,9 +1379,9 @@ cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD ||
auth_xform->auth.algo == RTE_CRYPTO_AUTH_NULL ||
auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) {
ctx_len = offsetof(struct roc_ie_on_inb_sa,
sha1_or_gcm.hmac_key[0]);
ctx_len = offsetof(struct roc_ie_on_inb_sa, sha1_or_gcm.hmac_key[0]);
} else {
uint8_t *hmac_opad_ipad = (uint8_t *)&in_sa->sha2;
auth_key = auth_xform->auth.key.data;
auth_key_len = auth_xform->auth.key.length;
@ -1421,10 +1408,16 @@ cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
aes_xcbc.selector);
break;
default:
plt_err("Unsupported auth algorithm %u",
auth_xform->auth.algo);
plt_err("Unsupported auth algorithm %u", auth_xform->auth.algo);
return -ENOTSUP;
}
if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
const uint8_t *auth_key = auth_xform->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
ipsec_hmac_opad_ipad_gen(auth_xform, hmac_opad_ipad);
}
}
return ctx_len;

95
drivers/common/cnxk/roc_cpt.c
View File

@ -1079,98 +1079,3 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr,
return 0;
}
int
roc_on_cpt_ctx_write(struct roc_cpt_lf *lf, uint64_t sa, bool inb,
uint16_t ctx_len, uint8_t egrp)
{
union cpt_res_s res, *hw_res;
struct cpt_inst_s inst;
uint64_t lmt_status;
int ret = 0;
hw_res = plt_zmalloc(sizeof(*hw_res), ROC_CPT_RES_ALIGN);
if (unlikely(hw_res == NULL)) {
plt_err("Couldn't allocate memory for result address");
return -ENOMEM;
}
hw_res->cn9k.compcode = CPT_COMP_NOT_DONE;
inst.w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND;
if (inb)
inst.w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND;
inst.w4.s.opcode_minor = ctx_len >> 3;
inst.w4.s.param1 = 0;
inst.w4.s.param2 = 0;
inst.w4.s.dlen = ctx_len;
inst.dptr = sa;
inst.rptr = 0;
inst.w7.s.cptr = sa;
inst.w7.s.egrp = egrp;
inst.w0.u64 = 0;
inst.w2.u64 = 0;
inst.w3.u64 = 0;
inst.res_addr = (uintptr_t)hw_res;
plt_io_wmb();
do {
/* Copy CPT command to LMTLINE */
roc_lmt_mov64((void *)lf->lmt_base, &inst);
lmt_status = roc_lmt_submit_ldeor(lf->io_addr);
} while (lmt_status == 0);
const uint64_t timeout = plt_tsc_cycles() + 60 * plt_tsc_hz();
/* Wait until CPT instruction completes */
do {
res.u64[0] = __atomic_load_n(&hw_res->u64[0], __ATOMIC_RELAXED);
if (unlikely(plt_tsc_cycles() > timeout)) {
plt_err("Request timed out");
ret = -ETIMEDOUT;
goto free;
}
} while (res.cn9k.compcode == CPT_COMP_NOT_DONE);
if (unlikely(res.cn9k.compcode != CPT_COMP_GOOD)) {
ret = res.cn9k.compcode;
switch (ret) {
case CPT_COMP_INSTERR:
plt_err("Request failed with instruction error");
break;
case CPT_COMP_FAULT:
plt_err("Request failed with DMA fault");
break;
case CPT_COMP_HWERR:
plt_err("Request failed with hardware error");
break;
default:
plt_err("Request failed with unknown hardware completion code : 0x%x",
ret);
}
ret = -EINVAL;
goto free;
}
if (unlikely(res.cn9k.uc_compcode != ROC_IE_ON_UCC_SUCCESS)) {
ret = res.cn9k.uc_compcode;
switch (ret) {
case ROC_IE_ON_AUTH_UNSUPPORTED:
plt_err("Invalid auth type");
break;
case ROC_IE_ON_ENCRYPT_UNSUPPORTED:
plt_err("Invalid encrypt type");
break;
default:
plt_err("Request failed with unknown microcode completion code : 0x%x",
ret);
}
ret = -ENOTSUP;
}
free:
plt_free(hw_res);
return ret;
}

3
drivers/common/cnxk/roc_cpt.h
View File

@ -174,7 +174,4 @@ int __roc_api roc_cpt_lmtline_init(struct roc_cpt *roc_cpt,
void __roc_api roc_cpt_parse_hdr_dump(const struct cpt_parse_hdr_s *cpth);
int __roc_api roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr,
void *sa_cptr, uint16_t sa_len);
int __roc_api roc_on_cpt_ctx_write(struct roc_cpt_lf *lf, uint64_t sa, bool inb,
uint16_t ctx_len, uint8_t egrp);
#endif /* _ROC_CPT_H_ */

155
drivers/common/cnxk/roc_hash.c
View File

@ -9,6 +9,161 @@
#define lrot64(bits, word) (((word) << (bits)) | ((word) >> (64 - (bits))))
#define rrot64(bits, word) lrot64(64 - (bits), word)
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
* Rotation is separate from addition to prevent recomputation.
*/
#define FF(a, b, c, d, x, s, ac) \
{ \
(a) += F((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) \
{ \
(a) += G((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) \
{ \
(a) += H((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) \
{ \
(a) += I((b), (c), (d)) + (x) + (uint32_t)(ac); \
(a) = ROTATE_LEFT((a), (s)); \
(a) += (b); \
}
/*
* Compute a partial hash with the assumption that msg is the first block.
* Based on implementation from RFC 1321
*/
void
roc_hash_md5_gen(uint8_t *msg, uint32_t *hash)
{
uint32_t state[4] = {0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476};
uint32_t a = state[0];
uint32_t b = state[1];
uint32_t c = state[2];
uint32_t d = state[3];
uint32_t x[16];
memcpy(x, msg, 64);
/* Round 1 */
FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
hash[0] = state[0];
hash[1] = state[1];
hash[2] = state[2];
hash[3] = state[3];
}
/*
* Compute a partial hash with the assumption that msg is the first block.
* Based on implementation from RFC 3174

1
drivers/common/cnxk/roc_hash.h
View File

@ -9,6 +9,7 @@
* Compute a partial hash with the assumption that msg is the first block.
* Based on implementation from RFC 3174
*/
void __roc_api roc_hash_md5_gen(uint8_t *msg, uint32_t *hash);
void __roc_api roc_hash_sha1_gen(uint8_t *msg, uint32_t *hash);
void __roc_api roc_hash_sha256_gen(uint8_t *msg, uint32_t *hash);
void __roc_api roc_hash_sha512_gen(uint8_t *msg, uint64_t *hash, int hash_size);

2
drivers/common/cnxk/roc_ie_on.h
View File

@ -8,8 +8,6 @@
/* CN9K IPsec LA */
/* CN9K IPsec LA opcodes */
#define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20
#define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21
#define ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23
#define ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24

6
drivers/common/cnxk/roc_nix_inl.c
View File

@ -1311,12 +1311,6 @@ roc_nix_inl_ctx_write(struct roc_nix *roc_nix, void *sa_dptr, void *sa_cptr,
/* Nothing much to do on cn9k */
if (roc_model_is_cn9k()) {
nix = roc_nix_to_nix_priv(roc_nix);
outb_lf = nix->cpt_lf_base;
rc = roc_on_cpt_ctx_write(outb_lf, (uint64_t)sa_dptr, inb,
sa_len, ROC_CPT_DFLT_ENG_GRP_SE_IE);
if (rc)
return rc;
return 0;
}

2
drivers/common/cnxk/version.map
View File

@ -78,13 +78,13 @@ INTERNAL {
roc_cpt_parse_hdr_dump;
roc_cpt_rxc_time_cfg;
roc_cpt_ctx_write;
roc_on_cpt_ctx_write;
roc_dpi_configure;
roc_dpi_dev_fini;
roc_dpi_dev_init;
roc_dpi_disable;
roc_dpi_enable;
roc_error_msg_get;
roc_hash_md5_gen;
roc_hash_sha1_gen;
roc_hash_sha256_gen;
roc_hash_sha512_gen;

7
drivers/crypto/cnxk/cn9k_ipsec.c
View File

@ -81,10 +81,6 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
ctx_len = ret;
egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
ret = roc_on_cpt_ctx_write(&qp->lf, (uintptr_t)sa, false, ctx_len, egrp);
if (ret)
return ret;
w4.u64 = 0;
w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC | ROC_IE_ON_INPLACE_BIT;
@ -169,9 +165,6 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
ctx_len = ret;
egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
ret = roc_on_cpt_ctx_write(&qp->lf, (uint64_t)sa, true, ctx_len, egrp);
if (ret)
return ret;
w4.u64 = 0;
w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC | ROC_IE_ON_INPLACE_BIT;

8
drivers/net/cnxk/cn9k_ethdev_sec.c
View File

@ -600,14 +600,6 @@ cn9k_eth_sec_session_create(void *device,
}
ctx_len = rc;
rc = roc_nix_inl_ctx_write(&dev->nix, inb_sa, inb_sa, inbound,
ctx_len);
if (rc) {
snprintf(tbuf, sizeof(tbuf),
"Failed to create inbound sa, rc=%d", rc);
goto err;
}
inb_priv = roc_nix_inl_on_ipsec_inb_sa_sw_rsvd(inb_sa);
/* Back pointer to get eth_sec */
inb_priv->eth_sec = eth_sec;