if (ctx->hmac) {
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_HMAC | CPT_DMA_MODE;
vq_cmd_w0.s.param1 = key_len;
- vq_cmd_w0.s.dlen = data_len + ROUNDUP8(key_len);
+ vq_cmd_w0.s.dlen = data_len + RTE_ALIGN_CEIL(key_len, 8);
} else {
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_HASH | CPT_DMA_MODE;
vq_cmd_w0.s.param1 = 0;
i = 0;
if (ctx->hmac) {
- uint64_t k_dma = params->ctx_buf.dma_addr +
- offsetof(struct cpt_ctx, auth_key);
+ uint64_t k_dma = ctx->auth_key_iova;
/* Key */
- i = fill_sg_comp(gather_comp, i, k_dma, ROUNDUP8(key_len));
+ i = fill_sg_comp(gather_comp, i, k_dma,
+ RTE_ALIGN_CEIL(key_len, 8));
}
/* input data */
/* Encryption */
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
- vq_cmd_w0.s.opcode.minor = 0;
+ vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_ENCRYPT;
+ vq_cmd_w0.s.opcode.minor |= (cpt_ctx->auth_enc <<
+ CPT_HMAC_FIRST_BIT_POS);
if (hash_type == GMAC_TYPE) {
encr_offset = 0;
enc_dlen = encr_data_len + encr_offset;
if (unlikely(encr_data_len & 0xf)) {
if ((cipher_type == DES3_CBC) || (cipher_type == DES3_ECB))
- enc_dlen = ROUNDUP8(encr_data_len) + encr_offset;
+ enc_dlen = RTE_ALIGN_CEIL(encr_data_len, 8) +
+ encr_offset;
else if (likely((cipher_type == AES_CBC) ||
(cipher_type == AES_ECB)))
- enc_dlen = ROUNDUP16(encr_data_len) + encr_offset;
+ enc_dlen = RTE_ALIGN_CEIL(encr_data_len, 8) +
+ encr_offset;
}
if (unlikely(auth_dlen > enc_dlen)) {
outputlen = enc_dlen + mac_len;
}
+ if (cpt_ctx->auth_enc != 0)
+ outputlen = enc_dlen;
+
/* GP op header */
vq_cmd_w0.s.param1 = encr_data_len;
vq_cmd_w0.s.param2 = auth_data_len;
req->ist.ei2 = rptr_dma;
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
/* Decryption */
vq_cmd_w0.s.opcode.major = CPT_MAJOR_OP_FC;
- vq_cmd_w0.s.opcode.minor = 1;
+ vq_cmd_w0.s.opcode.minor = CPT_FC_MINOR_OP_DECRYPT;
+ vq_cmd_w0.s.opcode.minor |= (cpt_ctx->dec_auth <<
+ CPT_HMAC_FIRST_BIT_POS);
if (hash_type == GMAC_TYPE) {
encr_offset = 0;
outputlen = enc_dlen;
}
+ if (cpt_ctx->dec_auth != 0)
+ outputlen = inputlen = enc_dlen;
+
vq_cmd_w0.s.param1 = encr_data_len;
vq_cmd_w0.s.param2 = auth_data_len;
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
}
+ if (unlikely((encr_offset >> 16) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* IV */
iv_s = (flags == 0x1) ? params->auth_iv_buf :
params->iv_buf;
req->ist.ei2 = rptr_dma;
}
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
outputlen = inputlen;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
} else {
inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
outputlen = mac_len;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)auth_offset);
+ if (unlikely((auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
}
i = fill_sg_comp(gather_comp, i, offset_dma, OFF_CTRL_LEN + iv_len);
/* Offset control word followed by iv */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
i = fill_sg_comp(gather_comp, i, offset_dma, OFF_CTRL_LEN + iv_len);
if (key_len) {
cpt_ctx->hmac = 1;
- memset(cpt_ctx->auth_key, 0, sizeof(cpt_ctx->auth_key));
+
+ cpt_ctx->auth_key = rte_zmalloc(NULL, key_len, 8);
+ if (cpt_ctx->auth_key == NULL)
+ return -1;
+
+ cpt_ctx->auth_key_iova = rte_mem_virt2iova(cpt_ctx->auth_key);
memcpy(cpt_ctx->auth_key, key, key_len);
cpt_ctx->auth_key_len = key_len;
memset(fctx->hmac.ipad, 0, sizeof(fctx->hmac.ipad));
struct cpt_sess_misc *sess)
{
struct rte_crypto_cipher_xform *c_form;
+ struct cpt_ctx *ctx = SESS_PRIV(sess);
cipher_type_t enc_type = 0; /* NULL Cipher type */
uint32_t cipher_key_len = 0;
uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
sess->cpt_op |= CPT_OP_CIPHER_ENCRYPT;
- else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT)
+ else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
sess->cpt_op |= CPT_OP_CIPHER_DECRYPT;
- else {
+ if (xform->next != NULL &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ /* Perform decryption followed by auth verify */
+ ctx->dec_auth = 1;
+ }
+ } else {
CPT_LOG_DP_ERR("Unknown cipher operation\n");
return -1;
}
fill_sess_auth(struct rte_crypto_sym_xform *xform,
struct cpt_sess_misc *sess)
{
+ struct cpt_ctx *ctx = SESS_PRIV(sess);
struct rte_crypto_auth_xform *a_form;
auth_type_t auth_type = 0; /* NULL Auth type */
uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
+ if (xform->next != NULL &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ /* Perform auth followed by encryption */
+ ctx->auth_enc = 1;
+ }
+
a_form = &xform->auth;
if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
{
uint32_t space = 0;
struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct cpt_ctx *ctx = SESS_PRIV(sess_misc);
void *mdata = NULL;
uintptr_t *op;
uint32_t mc_hash_off;
m = m_src;
/* hmac immediately following data is best case */
- if (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
+ if (!ctx->dec_auth && !ctx->auth_enc &&
+ (unlikely(rte_pktmbuf_mtod(m, uint8_t *) +
mc_hash_off !=
- (uint8_t *)sym_op->auth.digest.data)) {
+ (uint8_t *)sym_op->auth.digest.data))) {
flags |= VALID_MAC_BUF;
fc_params.mac_buf.size =
sess_misc->mac_len;
fc_params.ctx_buf.vaddr = SESS_PRIV(sess_misc);
fc_params.ctx_buf.dma_addr = sess_misc->ctx_dma_addr;
- if (unlikely(sess_misc->is_null || sess_misc->cpt_op == CPT_OP_DECODE))
+ if (!ctx->dec_auth &&
+ unlikely(sess_misc->is_null ||
+ sess_misc->cpt_op == CPT_OP_DECODE))
inplace = 0;
if (likely(!m_dst && inplace)) {
git.droids-corp.org / dpdk.git / blobdiff