/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2016-2020 NXP
+ * Copyright 2016-2021 NXP
*
*/
/* RTA header files */
#include <desc/ipsec.h>
#include <desc/pdcp.h>
+#include <desc/sdap.h>
#include <desc/algo.h>
/* Minimum job descriptor consists of a oneword job descriptor HEADER and
static uint8_t cryptodev_driver_id;
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
static inline int
build_proto_compound_sg_fd(dpaa2_sec_session *sess,
struct rte_crypto_op *op,
if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
sess = (dpaa2_sec_session *)get_sym_session_private_data(
op->sym->session, cryptodev_driver_id);
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
sess = (dpaa2_sec_session *)get_sec_session_private_data(
op->sym->sec_session);
case DPAA2_SEC_CIPHER_HASH:
ret = build_authenc_sg_fd(sess, op, fd, bpid);
break;
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
case DPAA2_SEC_IPSEC:
case DPAA2_SEC_PDCP:
ret = build_proto_compound_sg_fd(sess, op, fd, bpid);
case DPAA2_SEC_CIPHER_HASH:
ret = build_authenc_fd(sess, op, fd, bpid);
break;
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
case DPAA2_SEC_IPSEC:
ret = build_proto_fd(sess, op, fd, bpid);
break;
dpaa2_eqcr_size : nb_ops;
for (loop = 0; loop < frames_to_send; loop++) {
- if ((*ops)->sym->m_src->seqn) {
- uint8_t dqrr_index = (*ops)->sym->m_src->seqn - 1;
-
- flags[loop] = QBMAN_ENQUEUE_FLAG_DCA | dqrr_index;
- DPAA2_PER_LCORE_DQRR_SIZE--;
- DPAA2_PER_LCORE_DQRR_HELD &= ~(1 << dqrr_index);
- (*ops)->sym->m_src->seqn = DPAA2_INVALID_MBUF_SEQN;
+ if (*dpaa2_seqn((*ops)->sym->m_src)) {
+ uint8_t dqrr_index =
+ *dpaa2_seqn((*ops)->sym->m_src) - 1;
+
+ flags[loop] = QBMAN_ENQUEUE_FLAG_DCA | dqrr_index;
+ DPAA2_PER_LCORE_DQRR_SIZE--;
+ DPAA2_PER_LCORE_DQRR_HELD &= ~(1 << dqrr_index);
+ *dpaa2_seqn((*ops)->sym->m_src) =
+ DPAA2_INVALID_MBUF_SEQN;
}
/*Clear the unused FD fields before sending*/
return num_tx;
}
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
static inline struct rte_crypto_op *
sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
{
struct ctxt_priv *priv;
struct rte_mbuf *dst, *src;
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
if (DPAA2_FD_GET_FORMAT(fd) == qbman_fd_single)
return sec_simple_fd_to_mbuf(fd);
#endif
} else
dst = src;
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
uint16_t len = DPAA2_GET_FD_LEN(fd);
dst->pkt_len = len;
session->ctxt_type = DPAA2_SEC_CIPHER;
session->cipher_key.data = rte_zmalloc(NULL, xform->cipher.key.length,
RTE_CACHE_LINE_SIZE);
- if (session->cipher_key.data == NULL) {
+ if (session->cipher_key.data == NULL && xform->cipher.key.length > 0) {
DPAA2_SEC_ERR("No Memory for cipher key");
rte_free(priv);
return -ENOMEM;
!session->dir,
session->digest_length);
break;
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+ bufsize = cnstr_shdsc_aes_mac(
+ priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_AES_CMAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+ bufsize = cnstr_shdsc_aes_mac(
+ priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
case RTE_CRYPTO_AUTH_NULL:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_CMAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA224:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_AES_CMAC:
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_ZUC_EIA3:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
auth_xform->algo);
return ret;
}
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
static int
dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
dpaa2_sec_session *session,
authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256;
authdata->algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ authdata->algtype = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+ authdata->algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
case RTE_CRYPTO_AUTH_AES_CMAC:
authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
+ authdata->algmode = OP_ALG_AAI_CMAC;
break;
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
- case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA256:
return 0;
}
-#ifdef RTE_LIBRTE_SECURITY_TEST
-static uint8_t aes_cbc_iv[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
-#endif
-
static int
dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
struct rte_security_session_conf *conf,
&cipherdata, &authdata,
0);
} else {
- if (session->dir == DIR_ENC)
- bufsize = cnstr_shdsc_pdcp_u_plane_encap(
+ if (session->dir == DIR_ENC) {
+ if (pdcp_xform->sdap_enabled)
+ bufsize = cnstr_shdsc_pdcp_sdap_u_plane_encap(
priv->flc_desc[0].desc, 1, swap,
session->pdcp.sn_size,
pdcp_xform->hfn,
pdcp_xform->pkt_dir,
pdcp_xform->hfn_threshold,
&cipherdata, p_authdata, 0);
- else if (session->dir == DIR_DEC)
- bufsize = cnstr_shdsc_pdcp_u_plane_decap(
+ else
+ bufsize = cnstr_shdsc_pdcp_u_plane_encap(
+ priv->flc_desc[0].desc, 1, swap,
+ session->pdcp.sn_size,
+ pdcp_xform->hfn,
+ pdcp_xform->bearer,
+ pdcp_xform->pkt_dir,
+ pdcp_xform->hfn_threshold,
+ &cipherdata, p_authdata, 0);
+ } else if (session->dir == DIR_DEC) {
+ if (pdcp_xform->sdap_enabled)
+ bufsize = cnstr_shdsc_pdcp_sdap_u_plane_decap(
+ priv->flc_desc[0].desc, 1, swap,
+ session->pdcp.sn_size,
+ pdcp_xform->hfn,
+ pdcp_xform->bearer,
+ pdcp_xform->pkt_dir,
+ pdcp_xform->hfn_threshold,
+ &cipherdata, p_authdata, 0);
+ else
+ bufsize = cnstr_shdsc_pdcp_u_plane_decap(
priv->flc_desc[0].desc, 1, swap,
session->pdcp.sn_size,
pdcp_xform->hfn,
pdcp_xform->pkt_dir,
pdcp_xform->hfn_threshold,
&cipherdata, p_authdata, 0);
+ }
}
if (bufsize < 0) {
ev->event_ptr = sec_fd_to_mbuf(fd);
dqrr_index = qbman_get_dqrr_idx(dq);
- crypto_op->sym->m_src->seqn = dqrr_index + 1;
+ *dpaa2_seqn(crypto_op->sym->m_src) = dqrr_index + 1;
DPAA2_PER_LCORE_DQRR_SIZE++;
DPAA2_PER_LCORE_DQRR_HELD |= 1 << dqrr_index;
DPAA2_PER_LCORE_DQRR_MBUF(dqrr_index) = crypto_op->sym->m_src;
.sym_session_clear = dpaa2_sec_sym_session_clear,
};
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
static const struct rte_security_capability *
dpaa2_sec_capabilities_get(void *device __rte_unused)
{
struct dpaa2_sec_dev_private *internals;
struct rte_device *dev = cryptodev->device;
struct rte_dpaa2_device *dpaa2_dev;
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
struct rte_security_ctx *security_instance;
#endif
struct fsl_mc_io *dpseci;
DPAA2_SEC_DEBUG("Device already init by primary process");
return 0;
}
-#ifdef RTE_LIBRTE_SECURITY
+#ifdef RTE_LIB_SECURITY
/* Initialize security_ctx only for primary process*/
security_instance = rte_malloc("rte_security_instances_ops",
sizeof(struct rte_security_ctx), 0);
git.droids-corp.org / dpdk.git / blobdiff