Adding support for DIGEST_ENCRYPTED mode.
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---
doc/guides/cryptodevs/features/octeontx.ini | 1 +
doc/guides/cryptodevs/features/octeontx2.ini | 1 +
doc/guides/rel_notes/release_21_05.rst | 8 ++++
drivers/common/cpt/cpt_mcode_defines.h | 7 +++-
drivers/common/cpt/cpt_ucode.h | 42 +++++++++++++++----
drivers/crypto/octeontx/otx_cryptodev_ops.c | 11 +++--
drivers/crypto/octeontx2/otx2_cryptodev.c | 3 +-
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 +++-
8 files changed, 67 insertions(+), 14 deletions(-)
diff --git a/doc/guides/cryptodevs/features/octeontx.ini
b/doc/guides/cryptodevs/features/octeontx.ini
index 10d94e3f7b..d9776a5788 100644
--- a/doc/guides/cryptodevs/features/octeontx.ini
+++ b/doc/guides/cryptodevs/features/octeontx.ini
@@ -13,6 +13,7 @@ OOP SGL In LB Out = Y
OOP SGL In SGL Out = Y
OOP LB In LB Out = Y
RSA PRIV OP KEY QT = Y
+Digest encrypted = Y
Symmetric sessionless = Y
;
diff --git a/doc/guides/cryptodevs/features/octeontx2.ini
b/doc/guides/cryptodevs/features/octeontx2.ini
index b0d50ce984..66c5fefde6 100644
--- a/doc/guides/cryptodevs/features/octeontx2.ini
+++ b/doc/guides/cryptodevs/features/octeontx2.ini
@@ -14,6 +14,7 @@ OOP SGL In LB Out = Y
OOP SGL In SGL Out = Y
OOP LB In LB Out = Y
RSA PRIV OP KEY QT = Y
+Digest encrypted = Y
Symmetric sessionless = Y
;
diff --git a/doc/guides/rel_notes/release_21_05.rst
b/doc/guides/rel_notes/release_21_05.rst
index 23f7f0bff9..d7c65091a9 100644
--- a/doc/guides/rel_notes/release_21_05.rst
+++ b/doc/guides/rel_notes/release_21_05.rst
@@ -65,6 +65,14 @@ New Features
* Added support for txgbevf PMD.
+* **Updated the OCTEON TX crypto PMD.**
+
+ * Added support for DIGEST_ENCRYPTED mode in OCTEON TX crypto PMD.
+
+* **Updated the OCTEON TX2 crypto PMD.**
+
+ * Added support for DIGEST_ENCRYPTED mode in OCTEON TX2 crypto PMD.
+
* **Updated testpmd.**
* Added command to display Rx queue used descriptor count.
diff --git a/drivers/common/cpt/cpt_mcode_defines.h
b/drivers/common/cpt/cpt_mcode_defines.h
index 56a745f419..624bdcf3cf 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -20,6 +20,9 @@
#define CPT_MAJOR_OP_ZUC_SNOW3G 0x37
#define CPT_MAJOR_OP_KASUMI 0x38
#define CPT_MAJOR_OP_MISC 0x01
+#define CPT_HMAC_FIRST_BIT_POS 0x4
+#define CPT_FC_MINOR_OP_ENCRYPT 0x0
+#define CPT_FC_MINOR_OP_DECRYPT 0x1
/* AE opcodes */
#define CPT_MAJOR_OP_MODEX 0x03
@@ -314,8 +317,10 @@ struct cpt_ctx {
uint64_t hmac :1;
uint64_t zsk_flags :3;
uint64_t k_ecb :1;
+ uint64_t auth_enc :1;
+ uint64_t dec_auth :1;
uint64_t snow3g :2;
- uint64_t rsvd :21;
+ uint64_t rsvd :19;
/* Below fields are accessed by hardware */
union {
mc_fc_context_t fctx;
diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 0536620710..ee6d49aae7 100644
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -752,7 +752,9 @@ cpt_enc_hmac_prep(uint32_t flags,
/* Encryption */
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
- vq_cmd_w0.s.opcode.minor = 0;
+ vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT;
+ vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc <<
+ CPT_HMAC_FIRST_BIT_POS);
if (hash_type == GMAC_TYPE) {
encr_offset = 0;
@@ -779,6 +781,9 @@ cpt_enc_hmac_prep(uint32_t flags,
outputlen = enc_dlen + mac_len;
}
+ if (cpt_ctx->auth_enc != 0)
+ outputlen = enc_dlen;
+
/* GP op header */
vq_cmd_w0.s.param1 = encr_data_len;
vq_cmd_w0.s.param2 = auth_data_len;
@@ -1112,7 +1117,9 @@ cpt_dec_hmac_prep(uint32_t flags,
/* Decryption */
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
- vq_cmd_w0.s.opcode.minor = 1;
+ vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT;
+ vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth <<
+ CPT_HMAC_FIRST_BIT_POS);
if (hash_type == GMAC_TYPE) {
encr_offset = 0;
@@ -1130,6 +1137,9 @@ cpt_dec_hmac_prep(uint32_t flags,
outputlen = enc_dlen;
}
+ if (cpt_ctx->dec_auth != 0)
+ outputlen = inputlen = enc_dlen;
+
vq_cmd_w0.s.param1 = encr_data_len;
vq_cmd_w0.s.param2 = auth_data_len;
@@ -2566,6 +2576,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
struct cpt_sess_misc *sess)
{
struct rte_crypto_cipher_xform *c_form;
+ struct cpt_ctx *ctx = SESS_PRIV(sess);
cipher_type_t enc_type = 0; /* NULL Cipher type */
uint32_t cipher_key_len = 0;
uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
@@ -2574,9 +2585,14 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform,
if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT;
- else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT)
+ else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
sess->cpt_op |= CPT_OP_CIPHER_DECRYPT;
- else {
+ if (xform->next != NULL &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ /* Perform decryption followed by auth verify */
+ ctx->dec_auth = 1;
+ }
+ } else {
CPT_LOG_DP_ERR("Unknown cipher operation\n");
return -1;
}
@@ -2667,10 +2683,18 @@ static __rte_always_inline int
fill_sess_auth(struct rte_crypto_sym_xform *xform,
struct cpt_sess_misc *sess)
{
+ struct cpt_ctx *ctx = SESS_PRIV(sess);
struct rte_crypto_auth_xform *a_form;
auth_type_t auth_type = 0; /* NULL Auth type */
uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
+ if (xform->next != NULL &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ /* Perform auth followed by encryption */
+ ctx->auth_enc = 1;
+ }
+
a_form = &xform->auth;
if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
@@ -2993,6 +3017,7 @@ fill_fc_params(struct rte_crypto_op *cop,
{
uint32_t space = 0;
struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct cpt_ctx *ctx = SESS_PRIV(sess_misc);
void *mdata = NULL;
uintptr_t *op;
uint32_t mc_hash_off;
@@ -3120,9 +3145,10 @@ fill_fc_params(struct rte_crypto_op *cop,
m = m_src;
/* hmac immediately following data is best case */
- if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
+ if (!ctx->dec_auth && !ctx->auth_enc &&
+ (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
mc_hash_off !=
- (uint8_t *)sym_op->auth.digest.data)) {
+ (uint8_t *)sym_op->auth.digest.data))) {
flags |= VALID_MAC_BUF;
fc_params.mac_buf.size =
sess_misc->mac_len;
@@ -3137,7 +3163,9 @@ fill_fc_params(struct rte_crypto_op *cop,
fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc);
fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr;
- if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE))
+ if (!ctx->dec_auth &&
+ unlikely(sess_misc->is_null ||
+ sess_misc->cpt_op == CPT_OP_DECODE))
inplace = 0;
if (likely(!m_dst && inplace)) {
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c
b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 0cf760b296..f536ba6058 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -205,12 +205,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
if (xform->next) {
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+ (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||
+ xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||
+ xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
@@ -1004,7 +1008,8 @@ otx_cpt_dev_create(struct rte_cryptodev *c_dev)
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
- RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
+ RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
+ RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
break;
default:
/* Feature not supported. Abort */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c
b/drivers/crypto/octeontx2/otx2_cryptodev.c
index e0a559b663..7f45e57cce 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -123,7 +123,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv
__rte_unused,
RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
- RTE_CRYPTODEV_FF_SECURITY;
+ RTE_CRYPTODEV_FF_SECURITY |
+ RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
if (rte_eal_process_type() == RTE_PROC_SECONDARY)
otx2_cpt_set_enqdeq_fns(dev);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index cec20b5c6d..fc4d5bac49 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -322,12 +322,16 @@ sym_xform_verify(struct rte_crypto_sym_xform *xform)
if (xform->next) {
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+ (xform->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC ||
+ xform->next->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_CBC ||
+ xform->next->auth.algo != RTE_CRYPTO_AUTH_SHA1_HMAC))
return -ENOTSUP;
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
--
2.27.0
