X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fqat%2Fqat_sym_session.c;h=f66175d039754ef701bfe5e223e3fad27ebca470;hb=ad4a8adf25160413f5d4b2627c67e436dc032e46;hp=83d0fb10d1c7210881511eaf2f8be19bcac68ae9;hpb=dc0349e08fbeb19d2cdc3e5ce409cf2d52dec959;p=dpdk.git diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 83d0fb10d1..f66175d039 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #include /* Needed to calculate pre-compute values */ @@ -112,7 +112,7 @@ qat_sym_session_clear(struct rte_cryptodev *dev, struct rte_cryptodev_sym_session *sess) { uint8_t index = dev->driver_id; - void *sess_priv = get_session_private_data(sess, index); + void *sess_priv = get_sym_session_private_data(sess, index); struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; if (sess_priv) { @@ -121,7 +121,7 @@ qat_sym_session_clear(struct rte_cryptodev *dev, memset(s, 0, qat_sym_session_get_private_size(dev)); struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); - set_session_private_data(sess, index, NULL); + set_sym_session_private_data(sess, index, NULL); rte_mempool_put(sess_mp, sess_priv); } } @@ -217,7 +217,7 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_AES_CBC: if (qat_sym_validate_aes_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid AES cipher key size"); + QAT_LOG(ERR, "Invalid AES cipher key size"); ret = -EINVAL; goto error_out; } @@ -226,7 +226,7 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_AES_CTR: if (qat_sym_validate_aes_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid AES cipher key size"); + QAT_LOG(ERR, "Invalid AES cipher key size"); ret = -EINVAL; goto error_out; } @@ -235,19 +235,20 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: if (qat_sym_validate_snow3g_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid SNOW 3G cipher key size"); + QAT_LOG(ERR, "Invalid SNOW 3G cipher key size"); ret = -EINVAL; goto error_out; } session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE; break; case RTE_CRYPTO_CIPHER_NULL: - session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE; + session->qat_cipher_alg = ICP_QAT_HW_CIPHER_ALGO_NULL; + session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; break; case RTE_CRYPTO_CIPHER_KASUMI_F8: if (qat_sym_validate_kasumi_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid KASUMI cipher key size"); + QAT_LOG(ERR, "Invalid KASUMI cipher key size"); ret = -EINVAL; goto error_out; } @@ -256,7 +257,7 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_3DES_CBC: if (qat_sym_validate_3des_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size"); + QAT_LOG(ERR, "Invalid 3DES cipher key size"); ret = -EINVAL; goto error_out; } @@ -265,7 +266,7 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_DES_CBC: if (qat_sym_validate_des_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid DES cipher key size"); + QAT_LOG(ERR, "Invalid DES cipher key size"); ret = -EINVAL; goto error_out; } @@ -274,7 +275,7 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_3DES_CTR: if (qat_sym_validate_3des_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size"); + QAT_LOG(ERR, "Invalid 3DES cipher key size"); ret = -EINVAL; goto error_out; } @@ -287,12 +288,12 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, cipher_xform->key.data, &session->bpi_ctx); if (ret != 0) { - PMD_DRV_LOG(ERR, "failed to create DES BPI ctx"); + QAT_LOG(ERR, "failed to create DES BPI ctx"); goto error_out; } if (qat_sym_validate_des_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid DES cipher key size"); + QAT_LOG(ERR, "Invalid DES cipher key size"); ret = -EINVAL; goto error_out; } @@ -305,12 +306,12 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, cipher_xform->key.data, &session->bpi_ctx); if (ret != 0) { - PMD_DRV_LOG(ERR, "failed to create AES BPI ctx"); + QAT_LOG(ERR, "failed to create AES BPI ctx"); goto error_out; } if (qat_sym_validate_aes_docsisbpi_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid AES DOCSISBPI key size"); + QAT_LOG(ERR, "Invalid AES DOCSISBPI key size"); ret = -EINVAL; goto error_out; } @@ -319,7 +320,7 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, case RTE_CRYPTO_CIPHER_ZUC_EEA3: if (!qat_is_cipher_alg_supported( cipher_xform->algo, internals)) { - PMD_DRV_LOG(ERR, "%s not supported on this device", + QAT_LOG(ERR, "%s not supported on this device", rte_crypto_cipher_algorithm_strings [cipher_xform->algo]); ret = -ENOTSUP; @@ -327,23 +328,36 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev, } if (qat_sym_validate_zuc_key(cipher_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid ZUC cipher key size"); + QAT_LOG(ERR, "Invalid ZUC cipher key size"); ret = -EINVAL; goto error_out; } session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE; break; + case RTE_CRYPTO_CIPHER_AES_XTS: + if ((cipher_xform->key.length/2) == ICP_QAT_HW_AES_192_KEY_SZ) { + QAT_LOG(ERR, "AES-XTS-192 not supported"); + ret = -EINVAL; + goto error_out; + } + if (qat_sym_validate_aes_key((cipher_xform->key.length/2), + &session->qat_cipher_alg) != 0) { + QAT_LOG(ERR, "Invalid AES-XTS cipher key size"); + ret = -EINVAL; + goto error_out; + } + session->qat_mode = ICP_QAT_HW_CIPHER_XTS_MODE; + break; case RTE_CRYPTO_CIPHER_3DES_ECB: case RTE_CRYPTO_CIPHER_AES_ECB: case RTE_CRYPTO_CIPHER_AES_F8: - case RTE_CRYPTO_CIPHER_AES_XTS: case RTE_CRYPTO_CIPHER_ARC4: - PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u", + QAT_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u", cipher_xform->algo); ret = -ENOTSUP; goto error_out; default: - PMD_DRV_LOG(ERR, "Crypto: Undefined Cipher specified %u\n", + QAT_LOG(ERR, "Crypto: Undefined Cipher specified %u\n", cipher_xform->algo); ret = -EINVAL; goto error_out; @@ -388,7 +402,7 @@ qat_sym_session_configure(struct rte_cryptodev *dev, ret = qat_sym_session_set_parameters(dev, xform, sess_private_data); if (ret != 0) { - PMD_DRV_LOG(ERR, + QAT_LOG(ERR, "Crypto QAT PMD: failed to configure session parameters"); /* Return session to mempool */ @@ -396,7 +410,7 @@ qat_sym_session_configure(struct rte_cryptodev *dev, return ret; } - set_session_private_data(sess, dev->driver_id, + set_sym_session_private_data(sess, dev->driver_id, sess_private_data); return 0; @@ -419,7 +433,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, /* Get requested QAT command id */ qat_cmd_id = qat_get_cmd_id(xform); if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { - PMD_DRV_LOG(ERR, "Unsupported xform chain requested"); + QAT_LOG(ERR, "Unsupported xform chain requested"); return -ENOTSUP; } session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; @@ -477,11 +491,11 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, case ICP_QAT_FW_LA_CMD_AUTH_PRE_COMP: case ICP_QAT_FW_LA_CMD_CIPHER_PRE_COMP: case ICP_QAT_FW_LA_CMD_DELIMITER: - PMD_DRV_LOG(ERR, "Unsupported Service %u", + QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd); return -ENOTSUP; default: - PMD_DRV_LOG(ERR, "Unsupported Service %u", + QAT_LOG(ERR, "Unsupported Service %u", session->qat_cmd); return -ENOTSUP; } @@ -498,6 +512,7 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev, struct qat_sym_dev_private *internals = dev->data->dev_private; uint8_t *key_data = auth_xform->key.data; uint8_t key_length = auth_xform->key.length; + session->aes_cmac = 0; switch (auth_xform->algo) { case RTE_CRYPTO_AUTH_SHA1_HMAC: @@ -518,10 +533,14 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev, case RTE_CRYPTO_AUTH_AES_XCBC_MAC: session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC; break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC; + session->aes_cmac = 1; + break; case RTE_CRYPTO_AUTH_AES_GMAC: if (qat_sym_validate_aes_key(auth_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid AES key size"); + QAT_LOG(ERR, "Invalid AES key size"); return -EINVAL; } session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; @@ -542,7 +561,7 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev, break; case RTE_CRYPTO_AUTH_ZUC_EIA3: if (!qat_is_auth_alg_supported(auth_xform->algo, internals)) { - PMD_DRV_LOG(ERR, "%s not supported on this device", + QAT_LOG(ERR, "%s not supported on this device", rte_crypto_auth_algorithm_strings [auth_xform->algo]); return -ENOTSUP; @@ -555,13 +574,12 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev, case RTE_CRYPTO_AUTH_SHA224: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_MD5: - case RTE_CRYPTO_AUTH_AES_CMAC: case RTE_CRYPTO_AUTH_AES_CBC_MAC: - PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u", + QAT_LOG(ERR, "Crypto: Unsupported hash alg %u", auth_xform->algo); return -ENOTSUP; default: - PMD_DRV_LOG(ERR, "Crypto: Undefined Hash algo %u specified", + QAT_LOG(ERR, "Crypto: Undefined Hash algo %u specified", auth_xform->algo); return -EINVAL; } @@ -645,7 +663,7 @@ qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, case RTE_CRYPTO_AEAD_AES_GCM: if (qat_sym_validate_aes_key(aead_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid AES key size"); + QAT_LOG(ERR, "Invalid AES key size"); return -EINVAL; } session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; @@ -654,14 +672,14 @@ qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, case RTE_CRYPTO_AEAD_AES_CCM: if (qat_sym_validate_aes_key(aead_xform->key.length, &session->qat_cipher_alg) != 0) { - PMD_DRV_LOG(ERR, "Invalid AES key size"); + QAT_LOG(ERR, "Invalid AES key size"); return -EINVAL; } session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC; break; default: - PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n", + QAT_LOG(ERR, "Crypto: Undefined AEAD specified %u\n", aead_xform->algo); return -EINVAL; } @@ -737,7 +755,7 @@ int qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg) case ICP_QAT_HW_CIPHER_ALGO_AES256: return ICP_QAT_HW_AES_BLK_SZ; default: - PMD_DRV_LOG(ERR, "invalid block cipher alg %u", qat_cipher_alg); + QAT_LOG(ERR, "invalid block cipher alg %u", qat_cipher_alg); return -EFAULT; }; return -EFAULT; @@ -795,7 +813,7 @@ static int qat_hash_get_state1_size(enum icp_qat_hw_auth_algo qat_hash_alg) return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA512_STATE1_SZ, QAT_HW_DEFAULT_ALIGNMENT); default: - PMD_DRV_LOG(ERR, "invalid hash alg %u", qat_hash_alg); + QAT_LOG(ERR, "invalid hash alg %u", qat_hash_alg); return -EFAULT; }; return -EFAULT; @@ -817,11 +835,13 @@ static int qat_hash_get_digest_size(enum icp_qat_hw_auth_algo qat_hash_alg) return ICP_QAT_HW_SHA512_STATE1_SZ; case ICP_QAT_HW_AUTH_ALGO_MD5: return ICP_QAT_HW_MD5_STATE1_SZ; + case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC: + return ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ; case ICP_QAT_HW_AUTH_ALGO_DELIMITER: /* return maximum digest size in this case */ return ICP_QAT_HW_SHA512_STATE1_SZ; default: - PMD_DRV_LOG(ERR, "invalid hash alg %u", qat_hash_alg); + QAT_LOG(ERR, "invalid hash alg %u", qat_hash_alg); return -EFAULT; }; return -EFAULT; @@ -843,13 +863,15 @@ static int qat_hash_get_block_size(enum icp_qat_hw_auth_algo qat_hash_alg) return SHA512_CBLOCK; case ICP_QAT_HW_AUTH_ALGO_GALOIS_128: return 16; + case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC: + return ICP_QAT_HW_AES_BLK_SZ; case ICP_QAT_HW_AUTH_ALGO_MD5: return MD5_CBLOCK; case ICP_QAT_HW_AUTH_ALGO_DELIMITER: /* return maximum block size in this case */ return SHA512_CBLOCK; default: - PMD_DRV_LOG(ERR, "invalid hash alg %u", qat_hash_alg); + QAT_LOG(ERR, "invalid hash alg %u", qat_hash_alg); return -EFAULT; }; return -EFAULT; @@ -981,7 +1003,7 @@ static int partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg, return -EFAULT; break; default: - PMD_DRV_LOG(ERR, "invalid hash alg %u", hash_alg); + QAT_LOG(ERR, "invalid hash alg %u", hash_alg); return -EFAULT; } @@ -991,11 +1013,28 @@ static int partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg, #define HMAC_OPAD_VALUE 0x5c #define HASH_XCBC_PRECOMP_KEY_NUM 3 +static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ]; + +static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived) +{ + int i; + + derived[0] = base[0] << 1; + for (i = 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) { + derived[i] = base[i] << 1; + derived[i - 1] |= base[i] >> 7; + } + + if (base[0] & 0x80) + derived[ICP_QAT_HW_AES_BLK_SZ - 1] ^= QAT_AES_CMAC_CONST_RB; +} + static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, const uint8_t *auth_key, uint16_t auth_keylen, uint8_t *p_state_buf, - uint16_t *p_state_len) + uint16_t *p_state_len, + uint8_t aes_cmac) { int block_size; uint8_t ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)]; @@ -1003,47 +1042,91 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, int i; if (hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC) { - static uint8_t qat_aes_xcbc_key_seed[ - ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = { - 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, - 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, - 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, - 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, - 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, - 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, - }; - uint8_t *in = NULL; - uint8_t *out = p_state_buf; - int x; - AES_KEY enc_key; + /* CMAC */ + if (aes_cmac) { + AES_KEY enc_key; + uint8_t *in = NULL; + uint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ]; + uint8_t *k1, *k2; - in = rte_zmalloc("working mem for key", - ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16); - if (in == NULL) { - PMD_DRV_LOG(ERR, "Failed to alloc memory"); - return -ENOMEM; - } + auth_keylen = ICP_QAT_HW_AES_128_KEY_SZ; + + in = rte_zmalloc("AES CMAC K1", + ICP_QAT_HW_AES_128_KEY_SZ, 16); + + if (in == NULL) { + QAT_LOG(ERR, "Failed to alloc memory"); + return -ENOMEM; + } + + rte_memcpy(in, AES_CMAC_SEED, + ICP_QAT_HW_AES_128_KEY_SZ); + rte_memcpy(p_state_buf, auth_key, auth_keylen); - rte_memcpy(in, qat_aes_xcbc_key_seed, - ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ); - for (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) { if (AES_set_encrypt_key(auth_key, auth_keylen << 3, &enc_key) != 0) { - rte_free(in - - (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ)); - memset(out - - (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ), - 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ); + rte_free(in); return -EFAULT; } - AES_encrypt(in, out, &enc_key); - in += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ; - out += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ; + + AES_encrypt(in, k0, &enc_key); + + k1 = p_state_buf + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ; + k2 = k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ; + + aes_cmac_key_derive(k0, k1); + aes_cmac_key_derive(k1, k2); + + memset(k0, 0, ICP_QAT_HW_AES_128_KEY_SZ); + *p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ; + rte_free(in); + return 0; + } else { + static uint8_t qat_aes_xcbc_key_seed[ + ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = { + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, + 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + }; + + uint8_t *in = NULL; + uint8_t *out = p_state_buf; + int x; + AES_KEY enc_key; + + in = rte_zmalloc("working mem for key", + ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16); + if (in == NULL) { + QAT_LOG(ERR, "Failed to alloc memory"); + return -ENOMEM; + } + + rte_memcpy(in, qat_aes_xcbc_key_seed, + ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ); + for (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) { + if (AES_set_encrypt_key(auth_key, + auth_keylen << 3, + &enc_key) != 0) { + rte_free(in - + (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ)); + memset(out - + (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ), + 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ); + return -EFAULT; + } + AES_encrypt(in, out, &enc_key); + in += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ; + out += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ; + } + *p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ; + rte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ); + return 0; } - *p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ; - rte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ); - return 0; + } else if ((hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) || (hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) { uint8_t *in = NULL; @@ -1056,7 +1139,7 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, in = rte_zmalloc("working mem for key", ICP_QAT_HW_GALOIS_H_SZ, 16); if (in == NULL) { - PMD_DRV_LOG(ERR, "Failed to alloc memory"); + QAT_LOG(ERR, "Failed to alloc memory"); return -ENOMEM; } @@ -1074,14 +1157,14 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, } block_size = qat_hash_get_block_size(hash_alg); - if (block_size <= 0) - return -EFAULT; + if (block_size < 0) + return block_size; /* init ipad and opad from key and xor with fixed values */ memset(ipad, 0, block_size); memset(opad, 0, block_size); if (auth_keylen > (unsigned int)block_size) { - PMD_DRV_LOG(ERR, "invalid keylen %u", auth_keylen); + QAT_LOG(ERR, "invalid keylen %u", auth_keylen); return -EFAULT; } rte_memcpy(ipad, auth_key, auth_keylen); @@ -1098,7 +1181,7 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, if (partial_hash_compute(hash_alg, ipad, p_state_buf)) { memset(ipad, 0, block_size); memset(opad, 0, block_size); - PMD_DRV_LOG(ERR, "ipad precompute failed"); + QAT_LOG(ERR, "ipad precompute failed"); return -EFAULT; } @@ -1110,7 +1193,7 @@ static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg, if (partial_hash_compute(hash_alg, opad, p_state_buf + *p_state_len)) { memset(ipad, 0, block_size); memset(opad, 0, block_size); - PMD_DRV_LOG(ERR, "opad precompute failed"); + QAT_LOG(ERR, "opad precompute failed"); return -EFAULT; } @@ -1230,7 +1313,7 @@ int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cdesc, ICP_QAT_FW_SLICE_DRAM_WR); cdesc->cd_cur_ptr = (uint8_t *)&cdesc->cd; } else if (cdesc->qat_cmd != ICP_QAT_FW_LA_CMD_HASH_CIPHER) { - PMD_DRV_LOG(ERR, "Invalid param, must be a cipher command."); + QAT_LOG(ERR, "Invalid param, must be a cipher command."); return -EFAULT; } @@ -1322,11 +1405,19 @@ int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cdesc, if (total_key_size > cipherkeylen) { uint32_t padding_size = total_key_size-cipherkeylen; if ((cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_3DES) - && (cipherkeylen == QAT_3DES_KEY_SZ_OPT2)) + && (cipherkeylen == QAT_3DES_KEY_SZ_OPT2)) { /* K3 not provided so use K1 = K3*/ memcpy(cdesc->cd_cur_ptr, cipherkey, padding_size); - else + } else if ((cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_3DES) + && (cipherkeylen == QAT_3DES_KEY_SZ_OPT3)) { + /* K2 and K3 not provided so use K1 = K2 = K3*/ + memcpy(cdesc->cd_cur_ptr, cipherkey, + cipherkeylen); + memcpy(cdesc->cd_cur_ptr+cipherkeylen, + cipherkey, cipherkeylen); + } else memset(cdesc->cd_cur_ptr, 0, padding_size); + cdesc->cd_cur_ptr += padding_size; } cd_size = cdesc->cd_cur_ptr-(uint8_t *)&cdesc->cd; @@ -1379,7 +1470,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, ICP_QAT_FW_SLICE_DRAM_WR); cdesc->cd_cur_ptr = (uint8_t *)&cdesc->cd; } else if (cdesc->qat_cmd != ICP_QAT_FW_LA_CMD_CIPHER_HASH) { - PMD_DRV_LOG(ERR, "Invalid param, must be a hash command."); + QAT_LOG(ERR, "Invalid param, must be a hash command."); return -EFAULT; } @@ -1409,11 +1500,19 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, if (cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_KASUMI_F9 - || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3) + || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 + || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC + || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC + || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL + ) hash->auth_counter.counter = 0; - else - hash->auth_counter.counter = rte_bswap32( - qat_hash_get_block_size(cdesc->qat_hash_alg)); + else { + int block_size = qat_hash_get_block_size(cdesc->qat_hash_alg); + + if (block_size < 0) + return block_size; + hash->auth_counter.counter = rte_bswap32(block_size); + } cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_auth_setup); @@ -1422,51 +1521,62 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, */ switch (cdesc->qat_hash_alg) { case ICP_QAT_HW_AUTH_ALGO_SHA1: - if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, - authkey, authkeylen, cdesc->cd_cur_ptr, &state1_size)) { - PMD_DRV_LOG(ERR, "(SHA)precompute failed"); + if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey, + authkeylen, cdesc->cd_cur_ptr, &state1_size, + cdesc->aes_cmac)) { + QAT_LOG(ERR, "(SHA)precompute failed"); return -EFAULT; } state2_size = RTE_ALIGN_CEIL(ICP_QAT_HW_SHA1_STATE2_SZ, 8); break; case ICP_QAT_HW_AUTH_ALGO_SHA224: - if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, - authkey, authkeylen, cdesc->cd_cur_ptr, &state1_size)) { - PMD_DRV_LOG(ERR, "(SHA)precompute failed"); + if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey, + authkeylen, cdesc->cd_cur_ptr, &state1_size, + cdesc->aes_cmac)) { + QAT_LOG(ERR, "(SHA)precompute failed"); return -EFAULT; } state2_size = ICP_QAT_HW_SHA224_STATE2_SZ; break; case ICP_QAT_HW_AUTH_ALGO_SHA256: - if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, - authkey, authkeylen, cdesc->cd_cur_ptr, &state1_size)) { - PMD_DRV_LOG(ERR, "(SHA)precompute failed"); + if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey, + authkeylen, cdesc->cd_cur_ptr, &state1_size, + cdesc->aes_cmac)) { + QAT_LOG(ERR, "(SHA)precompute failed"); return -EFAULT; } state2_size = ICP_QAT_HW_SHA256_STATE2_SZ; break; case ICP_QAT_HW_AUTH_ALGO_SHA384: - if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, - authkey, authkeylen, cdesc->cd_cur_ptr, &state1_size)) { - PMD_DRV_LOG(ERR, "(SHA)precompute failed"); + if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey, + authkeylen, cdesc->cd_cur_ptr, &state1_size, + cdesc->aes_cmac)) { + QAT_LOG(ERR, "(SHA)precompute failed"); return -EFAULT; } state2_size = ICP_QAT_HW_SHA384_STATE2_SZ; break; case ICP_QAT_HW_AUTH_ALGO_SHA512: - if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, - authkey, authkeylen, cdesc->cd_cur_ptr, &state1_size)) { - PMD_DRV_LOG(ERR, "(SHA)precompute failed"); + if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey, + authkeylen, cdesc->cd_cur_ptr, &state1_size, + cdesc->aes_cmac)) { + QAT_LOG(ERR, "(SHA)precompute failed"); return -EFAULT; } state2_size = ICP_QAT_HW_SHA512_STATE2_SZ; break; case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC: state1_size = ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ; + + if (cdesc->aes_cmac) + memset(cdesc->cd_cur_ptr, 0, state1_size); if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC, authkey, authkeylen, cdesc->cd_cur_ptr + state1_size, - &state2_size)) { - PMD_DRV_LOG(ERR, "(XCBC)precompute failed"); + &state2_size, cdesc->aes_cmac)) { + cdesc->aes_cmac ? QAT_LOG(ERR, + "(CMAC)precompute failed") + : QAT_LOG(ERR, + "(XCBC)precompute failed"); return -EFAULT; } break; @@ -1474,10 +1584,10 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, case ICP_QAT_HW_AUTH_ALGO_GALOIS_64: qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_GCM; state1_size = ICP_QAT_HW_GALOIS_128_STATE1_SZ; - if (qat_sym_do_precomputes(cdesc->qat_hash_alg, - authkey, authkeylen, cdesc->cd_cur_ptr + state1_size, - &state2_size)) { - PMD_DRV_LOG(ERR, "(GCM)precompute failed"); + if (qat_sym_do_precomputes(cdesc->qat_hash_alg, authkey, + authkeylen, cdesc->cd_cur_ptr + state1_size, + &state2_size, cdesc->aes_cmac)) { + QAT_LOG(ERR, "(GCM)precompute failed"); return -EFAULT; } /* @@ -1534,10 +1644,10 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, break; case ICP_QAT_HW_AUTH_ALGO_MD5: - if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, - authkey, authkeylen, cdesc->cd_cur_ptr, - &state1_size)) { - PMD_DRV_LOG(ERR, "(MD5)precompute failed"); + if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey, + authkeylen, cdesc->cd_cur_ptr, &state1_size, + cdesc->aes_cmac)) { + QAT_LOG(ERR, "(MD5)precompute failed"); return -EFAULT; } state2_size = ICP_QAT_HW_MD5_STATE2_SZ; @@ -1592,7 +1702,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, pTempKey[wordIndex] ^= KASUMI_F9_KEY_MODIFIER_4_BYTES; break; default: - PMD_DRV_LOG(ERR, "Invalid HASH alg %u", cdesc->qat_hash_alg); + QAT_LOG(ERR, "Invalid HASH alg %u", cdesc->qat_hash_alg); return -EFAULT; } @@ -1695,6 +1805,7 @@ int qat_sym_validate_3des_key(int key_len, enum icp_qat_hw_cipher_algo *alg) switch (key_len) { case QAT_3DES_KEY_SZ_OPT1: case QAT_3DES_KEY_SZ_OPT2: + case QAT_3DES_KEY_SZ_OPT3: *alg = ICP_QAT_HW_CIPHER_ALGO_3DES; break; default: