X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fdpaa2_sec%2Fdpaa2_sec_dpseci.c;h=05b194ccff8a58d9d39d09fb9c4cdc167715f09b;hb=3841fc3581ec4d95bf8a72e8a545db8d03ecd2bd;hp=c11d02420834c1fef030fe637788fbfcd987510e;hpb=ca635a5899c81055133ed0ca0556316b4ab64525;p=dpdk.git diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index c11d024208..05b194ccff 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved. - * Copyright 2016-2020 NXP + * Copyright 2016-2021 NXP * */ @@ -36,6 +36,7 @@ /* RTA header files */ #include #include +#include #include /* Minimum job descriptor consists of a oneword job descriptor HEADER and @@ -58,7 +59,7 @@ static uint8_t cryptodev_driver_id; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY static inline int build_proto_compound_sg_fd(dpaa2_sec_session *sess, struct rte_crypto_op *op, @@ -1355,7 +1356,7 @@ build_sec_fd(struct rte_crypto_op *op, if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) sess = (dpaa2_sec_session *)get_sym_session_private_data( op->sym->session, cryptodev_driver_id); -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) sess = (dpaa2_sec_session *)get_sec_session_private_data( op->sym->sec_session); @@ -1383,7 +1384,7 @@ build_sec_fd(struct rte_crypto_op *op, case DPAA2_SEC_CIPHER_HASH: ret = build_authenc_sg_fd(sess, op, fd, bpid); break; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY case DPAA2_SEC_IPSEC: case DPAA2_SEC_PDCP: ret = build_proto_compound_sg_fd(sess, op, fd, bpid); @@ -1407,7 +1408,7 @@ build_sec_fd(struct rte_crypto_op *op, case DPAA2_SEC_CIPHER_HASH: ret = build_authenc_fd(sess, op, fd, bpid); break; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY case DPAA2_SEC_IPSEC: ret = build_proto_fd(sess, op, fd, bpid); break; @@ -1471,13 +1472,15 @@ dpaa2_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, dpaa2_eqcr_size : nb_ops; for (loop = 0; loop < frames_to_send; loop++) { - if ((*ops)->sym->m_src->seqn) { - uint8_t dqrr_index = (*ops)->sym->m_src->seqn - 1; - - flags[loop] = QBMAN_ENQUEUE_FLAG_DCA | dqrr_index; - DPAA2_PER_LCORE_DQRR_SIZE--; - DPAA2_PER_LCORE_DQRR_HELD &= ~(1 << dqrr_index); - (*ops)->sym->m_src->seqn = DPAA2_INVALID_MBUF_SEQN; + if (*dpaa2_seqn((*ops)->sym->m_src)) { + uint8_t dqrr_index = + *dpaa2_seqn((*ops)->sym->m_src) - 1; + + flags[loop] = QBMAN_ENQUEUE_FLAG_DCA | dqrr_index; + DPAA2_PER_LCORE_DQRR_SIZE--; + DPAA2_PER_LCORE_DQRR_HELD &= ~(1 << dqrr_index); + *dpaa2_seqn((*ops)->sym->m_src) = + DPAA2_INVALID_MBUF_SEQN; } /*Clear the unused FD fields before sending*/ @@ -1522,7 +1525,7 @@ skip_tx: return num_tx; } -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY static inline struct rte_crypto_op * sec_simple_fd_to_mbuf(const struct qbman_fd *fd) { @@ -1561,7 +1564,7 @@ sec_fd_to_mbuf(const struct qbman_fd *fd) struct ctxt_priv *priv; struct rte_mbuf *dst, *src; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY if (DPAA2_FD_GET_FORMAT(fd) == qbman_fd_single) return sec_simple_fd_to_mbuf(fd); #endif @@ -1594,7 +1597,7 @@ sec_fd_to_mbuf(const struct qbman_fd *fd) } else dst = src; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { uint16_t len = DPAA2_GET_FD_LEN(fd); dst->pkt_len = len; @@ -1839,7 +1842,7 @@ dpaa2_sec_cipher_init(struct rte_cryptodev *dev, session->ctxt_type = DPAA2_SEC_CIPHER; session->cipher_key.data = rte_zmalloc(NULL, xform->cipher.key.length, RTE_CACHE_LINE_SIZE); - if (session->cipher_key.data == NULL) { + if (session->cipher_key.data == NULL && xform->cipher.key.length > 0) { DPAA2_SEC_ERR("No Memory for cipher key"); rte_free(priv); return -ENOMEM; @@ -2131,10 +2134,28 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev, !session->dir, session->digest_length); break; - case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_XCBC_MAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC; + bufsize = cnstr_shdsc_aes_mac( + priv->flc_desc[DESC_INITFINAL].desc, + 1, 0, SHR_NEVER, &authdata, + !session->dir, + session->digest_length); + break; case RTE_CRYPTO_AUTH_AES_CMAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + bufsize = cnstr_shdsc_aes_mac( + priv->flc_desc[DESC_INITFINAL].desc, + 1, 0, SHR_NEVER, &authdata, + !session->dir, + session->digest_length); + break; case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_KASUMI_F9: case RTE_CRYPTO_AUTH_NULL: DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un", @@ -2403,6 +2424,17 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev, session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC; break; case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_XCBC_MAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + break; + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_SNOW3G_UIA2: case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1: @@ -2411,10 +2443,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev, case RTE_CRYPTO_AUTH_SHA224: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_MD5: - case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_KASUMI_F9: - case RTE_CRYPTO_AUTH_AES_CMAC: - case RTE_CRYPTO_AUTH_AES_CBC_MAC: case RTE_CRYPTO_AUTH_ZUC_EIA3: DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u", auth_xform->algo); @@ -2596,7 +2625,7 @@ dpaa2_sec_set_session_parameters(struct rte_cryptodev *dev, return ret; } -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY static int dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform, dpaa2_sec_session *session, @@ -2747,14 +2776,18 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256; authdata->algmode = OP_ALG_AAI_HMAC; break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + authdata->algtype = OP_PCL_IPSEC_AES_XCBC_MAC_96; + authdata->algmode = OP_ALG_AAI_XCBC_MAC; + break; case RTE_CRYPTO_AUTH_AES_CMAC: authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96; + authdata->algmode = OP_ALG_AAI_CMAC; break; case RTE_CRYPTO_AUTH_NULL: authdata->algtype = OP_PCL_IPSEC_HMAC_NULL; break; case RTE_CRYPTO_AUTH_SHA224_HMAC: - case RTE_CRYPTO_AUTH_AES_XCBC_MAC: case RTE_CRYPTO_AUTH_SNOW3G_UIA2: case RTE_CRYPTO_AUTH_SHA1: case RTE_CRYPTO_AUTH_SHA256: @@ -2817,12 +2850,6 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, return 0; } -#ifdef RTE_LIBRTE_SECURITY_TEST -static uint8_t aes_cbc_iv[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; -#endif - static int dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, struct rte_security_session_conf *conf, @@ -3264,8 +3291,9 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, &cipherdata, &authdata, 0); } else { - if (session->dir == DIR_ENC) - bufsize = cnstr_shdsc_pdcp_u_plane_encap( + if (session->dir == DIR_ENC) { + if (pdcp_xform->sdap_enabled) + bufsize = cnstr_shdsc_pdcp_sdap_u_plane_encap( priv->flc_desc[0].desc, 1, swap, session->pdcp.sn_size, pdcp_xform->hfn, @@ -3273,8 +3301,27 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, pdcp_xform->pkt_dir, pdcp_xform->hfn_threshold, &cipherdata, p_authdata, 0); - else if (session->dir == DIR_DEC) - bufsize = cnstr_shdsc_pdcp_u_plane_decap( + else + bufsize = cnstr_shdsc_pdcp_u_plane_encap( + priv->flc_desc[0].desc, 1, swap, + session->pdcp.sn_size, + pdcp_xform->hfn, + pdcp_xform->bearer, + pdcp_xform->pkt_dir, + pdcp_xform->hfn_threshold, + &cipherdata, p_authdata, 0); + } else if (session->dir == DIR_DEC) { + if (pdcp_xform->sdap_enabled) + bufsize = cnstr_shdsc_pdcp_sdap_u_plane_decap( + priv->flc_desc[0].desc, 1, swap, + session->pdcp.sn_size, + pdcp_xform->hfn, + pdcp_xform->bearer, + pdcp_xform->pkt_dir, + pdcp_xform->hfn_threshold, + &cipherdata, p_authdata, 0); + else + bufsize = cnstr_shdsc_pdcp_u_plane_decap( priv->flc_desc[0].desc, 1, swap, session->pdcp.sn_size, pdcp_xform->hfn, @@ -3282,6 +3329,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, pdcp_xform->pkt_dir, pdcp_xform->hfn_threshold, &cipherdata, p_authdata, 0); + } } if (bufsize < 0) { @@ -3692,7 +3740,7 @@ dpaa2_sec_process_atomic_event(struct qbman_swp *swp __rte_unused, ev->event_ptr = sec_fd_to_mbuf(fd); dqrr_index = qbman_get_dqrr_idx(dq); - crypto_op->sym->m_src->seqn = dqrr_index + 1; + *dpaa2_seqn(crypto_op->sym->m_src) = dqrr_index + 1; DPAA2_PER_LCORE_DQRR_SIZE++; DPAA2_PER_LCORE_DQRR_HELD |= 1 << dqrr_index; DPAA2_PER_LCORE_DQRR_MBUF(dqrr_index) = crypto_op->sym->m_src; @@ -3781,7 +3829,7 @@ static struct rte_cryptodev_ops crypto_ops = { .sym_session_clear = dpaa2_sec_sym_session_clear, }; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY static const struct rte_security_capability * dpaa2_sec_capabilities_get(void *device __rte_unused) { @@ -3819,7 +3867,7 @@ dpaa2_sec_dev_init(struct rte_cryptodev *cryptodev) struct dpaa2_sec_dev_private *internals; struct rte_device *dev = cryptodev->device; struct rte_dpaa2_device *dpaa2_dev; -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY struct rte_security_ctx *security_instance; #endif struct fsl_mc_io *dpseci; @@ -3858,7 +3906,7 @@ dpaa2_sec_dev_init(struct rte_cryptodev *cryptodev) DPAA2_SEC_DEBUG("Device already init by primary process"); return 0; } -#ifdef RTE_LIBRTE_SECURITY +#ifdef RTE_LIB_SECURITY /* Initialize security_ctx only for primary process*/ security_instance = rte_malloc("rte_security_instances_ops", sizeof(struct rte_security_ctx), 0);