crypto/dpaa_sec: support null algos for protocol offload
authorHemant Agrawal <hemant.agrawal@nxp.com>
Thu, 30 Aug 2018 05:51:05 +0000 (11:21 +0530)
committerAkhil Goyal <akhil.goyal@nxp.com>
Wed, 26 Sep 2018 11:18:38 +0000 (13:18 +0200)
NULL cipher and NULL auth support is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
drivers/crypto/dpaa_sec/dpaa_sec.c

index 53a7590..7c0459f 100644 (file)
@@ -275,6 +275,9 @@ caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a)
 {
        switch (ses->auth_alg) {
        case RTE_CRYPTO_AUTH_NULL:
+               alginfo_a->algtype =
+                       (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
+                       OP_PCL_IPSEC_HMAC_NULL : 0;
                ses->digest_length = 0;
                break;
        case RTE_CRYPTO_AUTH_MD5_HMAC:
@@ -323,6 +326,9 @@ caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c)
 {
        switch (ses->cipher_alg) {
        case RTE_CRYPTO_CIPHER_NULL:
+               alginfo_c->algtype =
+                       (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
+                       OP_PCL_IPSEC_NULL : 0;
                break;
        case RTE_CRYPTO_CIPHER_AES_CBC:
                alginfo_c->algtype =
@@ -360,6 +366,87 @@ caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo)
        }
 }
 
+/* prepare ipsec proto command block of the session */
+static int
+dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
+{
+       struct alginfo cipherdata = {0}, authdata = {0};
+       struct sec_cdb *cdb = &ses->cdb;
+       int32_t shared_desc_len = 0;
+       int err;
+#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+       int swap = false;
+#else
+       int swap = true;
+#endif
+
+       caam_cipher_alg(ses, &cipherdata);
+       if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
+               DPAA_SEC_ERR("not supported cipher alg");
+               return -ENOTSUP;
+       }
+
+       cipherdata.key = (size_t)ses->cipher_key.data;
+       cipherdata.keylen = ses->cipher_key.length;
+       cipherdata.key_enc_flags = 0;
+       cipherdata.key_type = RTA_DATA_IMM;
+
+       caam_auth_alg(ses, &authdata);
+       if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
+               DPAA_SEC_ERR("not supported auth alg");
+               return -ENOTSUP;
+       }
+
+       authdata.key = (size_t)ses->auth_key.data;
+       authdata.keylen = ses->auth_key.length;
+       authdata.key_enc_flags = 0;
+       authdata.key_type = RTA_DATA_IMM;
+
+       cdb->sh_desc[0] = cipherdata.keylen;
+       cdb->sh_desc[1] = authdata.keylen;
+       err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
+                              MIN_JOB_DESC_SIZE,
+                              (unsigned int *)cdb->sh_desc,
+                              &cdb->sh_desc[2], 2);
+
+       if (err < 0) {
+               DPAA_SEC_ERR("Crypto: Incorrect key lengths");
+               return err;
+       }
+       if (cdb->sh_desc[2] & 1)
+               cipherdata.key_type = RTA_DATA_IMM;
+       else {
+               cipherdata.key = (size_t)dpaa_mem_vtop(
+                                       (void *)(size_t)cipherdata.key);
+               cipherdata.key_type = RTA_DATA_PTR;
+       }
+       if (cdb->sh_desc[2] & (1<<1))
+               authdata.key_type = RTA_DATA_IMM;
+       else {
+               authdata.key = (size_t)dpaa_mem_vtop(
+                                       (void *)(size_t)authdata.key);
+               authdata.key_type = RTA_DATA_PTR;
+       }
+
+       cdb->sh_desc[0] = 0;
+       cdb->sh_desc[1] = 0;
+       cdb->sh_desc[2] = 0;
+       if (ses->dir == DIR_ENC) {
+               shared_desc_len = cnstr_shdsc_ipsec_new_encap(
+                               cdb->sh_desc,
+                               true, swap, SHR_SERIAL,
+                               &ses->encap_pdb,
+                               (uint8_t *)&ses->ip4_hdr,
+                               &cipherdata, &authdata);
+       } else if (ses->dir == DIR_DEC) {
+               shared_desc_len = cnstr_shdsc_ipsec_new_decap(
+                               cdb->sh_desc,
+                               true, swap, SHR_SERIAL,
+                               &ses->decap_pdb,
+                               &cipherdata, &authdata);
+       }
+       return shared_desc_len;
+}
 
 /* prepare command block of the session */
 static int
@@ -377,7 +464,9 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 
        memset(cdb, 0, sizeof(struct sec_cdb));
 
-       if (is_cipher_only(ses)) {
+       if (is_proto_ipsec(ses)) {
+               shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
+       } else if (is_cipher_only(ses)) {
                caam_cipher_alg(ses, &alginfo_c);
                if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
                        DPAA_SEC_ERR("not supported cipher alg");
@@ -485,30 +574,13 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
                cdb->sh_desc[0] = 0;
                cdb->sh_desc[1] = 0;
                cdb->sh_desc[2] = 0;
-               if (is_proto_ipsec(ses)) {
-                       if (ses->dir == DIR_ENC) {
-                               shared_desc_len = cnstr_shdsc_ipsec_new_encap(
-                                               cdb->sh_desc,
-                                               true, swap, SHR_SERIAL,
-                                               &ses->encap_pdb,
-                                               (uint8_t *)&ses->ip4_hdr,
-                                               &alginfo_c, &alginfo_a);
-                       } else if (ses->dir == DIR_DEC) {
-                               shared_desc_len = cnstr_shdsc_ipsec_new_decap(
-                                               cdb->sh_desc,
-                                               true, swap, SHR_SERIAL,
-                                               &ses->decap_pdb,
-                                               &alginfo_c, &alginfo_a);
-                       }
-               } else {
-                       /* Auth_only_len is set as 0 here and it will be
-                        * overwritten in fd for each packet.
-                        */
-                       shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,
-                                       true, swap, &alginfo_c, &alginfo_a,
-                                       ses->iv.length, 0,
-                                       ses->digest_length, ses->dir);
-               }
+               /* Auth_only_len is set as 0 here and it will be
+                * overwritten in fd for each packet.
+                */
+               shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,
+                               true, swap, &alginfo_c, &alginfo_a,
+                               ses->iv.length, 0,
+                               ses->digest_length, ses->dir);
        }
 
        if (shared_desc_len < 0) {
@@ -1465,7 +1537,9 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
                        auth_only_len = op->sym->auth.data.length -
                                                op->sym->cipher.data.length;
                        if (rte_pktmbuf_is_contiguous(op->sym->m_src)) {
-                               if (is_auth_only(ses)) {
+                               if (is_proto_ipsec(ses)) {
+                                       cf = build_proto(op, ses);
+                               } else if (is_auth_only(ses)) {
                                        cf = build_auth_only(op, ses);
                                } else if (is_cipher_only(ses)) {
                                        cf = build_cipher_only(op, ses);
@@ -1474,8 +1548,6 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
                                        auth_only_len = ses->auth_only_len;
                                } else if (is_auth_cipher(ses)) {
                                        cf = build_cipher_auth(op, ses);
-                               } else if (is_proto_ipsec(ses)) {
-                                       cf = build_proto(op, ses);
                                } else {
                                        DPAA_SEC_DP_ERR("not supported ops");
                                        frames_to_send = loop;
@@ -1898,8 +1970,8 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 {
        struct dpaa_sec_dev_private *internals = dev->data->dev_private;
        struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
-       struct rte_crypto_auth_xform *auth_xform;
-       struct rte_crypto_cipher_xform *cipher_xform;
+       struct rte_crypto_auth_xform *auth_xform = NULL;
+       struct rte_crypto_cipher_xform *cipher_xform = NULL;
        dpaa_sec_session *session = (dpaa_sec_session *)sess;
 
        PMD_INIT_FUNC_TRACE();
@@ -1907,103 +1979,77 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
        memset(session, 0, sizeof(dpaa_sec_session));
        if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
                cipher_xform = &conf->crypto_xform->cipher;
-               auth_xform = &conf->crypto_xform->next->auth;
+               if (conf->crypto_xform->next)
+                       auth_xform = &conf->crypto_xform->next->auth;
        } else {
                auth_xform = &conf->crypto_xform->auth;
-               cipher_xform = &conf->crypto_xform->next->cipher;
+               if (conf->crypto_xform->next)
+                       cipher_xform = &conf->crypto_xform->next->cipher;
        }
        session->proto_alg = conf->protocol;
-       session->cipher_key.data = rte_zmalloc(NULL,
-                                              cipher_xform->key.length,
-                                              RTE_CACHE_LINE_SIZE);
-       if (session->cipher_key.data == NULL &&
-                       cipher_xform->key.length > 0) {
-               DPAA_SEC_ERR("No Memory for cipher key");
-               return -ENOMEM;
-       }
 
-       session->cipher_key.length = cipher_xform->key.length;
-       session->auth_key.data = rte_zmalloc(NULL,
-                                       auth_xform->key.length,
-                                       RTE_CACHE_LINE_SIZE);
-       if (session->auth_key.data == NULL &&
-                       auth_xform->key.length > 0) {
-               DPAA_SEC_ERR("No Memory for auth key");
-               rte_free(session->cipher_key.data);
-               return -ENOMEM;
+       if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) {
+               session->cipher_key.data = rte_zmalloc(NULL,
+                                                      cipher_xform->key.length,
+                                                      RTE_CACHE_LINE_SIZE);
+               if (session->cipher_key.data == NULL &&
+                               cipher_xform->key.length > 0) {
+                       DPAA_SEC_ERR("No Memory for cipher key");
+                       return -ENOMEM;
+               }
+               memcpy(session->cipher_key.data, cipher_xform->key.data,
+                               cipher_xform->key.length);
+               session->cipher_key.length = cipher_xform->key.length;
+
+               switch (cipher_xform->algo) {
+               case RTE_CRYPTO_CIPHER_AES_CBC:
+               case RTE_CRYPTO_CIPHER_3DES_CBC:
+               case RTE_CRYPTO_CIPHER_AES_CTR:
+                       break;
+               default:
+                       DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
+                               cipher_xform->algo);
+                       goto out;
+               }
+               session->cipher_alg = cipher_xform->algo;
+       } else {
+               session->cipher_key.data = NULL;
+               session->cipher_key.length = 0;
+               session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
        }
-       session->auth_key.length = auth_xform->key.length;
-       memcpy(session->cipher_key.data, cipher_xform->key.data,
-                       cipher_xform->key.length);
-       memcpy(session->auth_key.data, auth_xform->key.data,
-                       auth_xform->key.length);
 
-       switch (auth_xform->algo) {
-       case RTE_CRYPTO_AUTH_SHA1_HMAC:
-               session->auth_alg = RTE_CRYPTO_AUTH_SHA1_HMAC;
-               break;
-       case RTE_CRYPTO_AUTH_MD5_HMAC:
-               session->auth_alg = RTE_CRYPTO_AUTH_MD5_HMAC;
-               break;
-       case RTE_CRYPTO_AUTH_SHA256_HMAC:
-               session->auth_alg = RTE_CRYPTO_AUTH_SHA256_HMAC;
-               break;
-       case RTE_CRYPTO_AUTH_SHA384_HMAC:
-               session->auth_alg = RTE_CRYPTO_AUTH_SHA384_HMAC;
-               break;
-       case RTE_CRYPTO_AUTH_SHA512_HMAC:
-               session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
-               break;
-       case RTE_CRYPTO_AUTH_AES_CMAC:
-               session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
-               break;
-       case RTE_CRYPTO_AUTH_NULL:
+       if (auth_xform && auth_xform->algo != RTE_CRYPTO_AUTH_NULL) {
+               session->auth_key.data = rte_zmalloc(NULL,
+                                               auth_xform->key.length,
+                                               RTE_CACHE_LINE_SIZE);
+               if (session->auth_key.data == NULL &&
+                               auth_xform->key.length > 0) {
+                       DPAA_SEC_ERR("No Memory for auth key");
+                       rte_free(session->cipher_key.data);
+                       return -ENOMEM;
+               }
+               memcpy(session->auth_key.data, auth_xform->key.data,
+                               auth_xform->key.length);
+               session->auth_key.length = auth_xform->key.length;
+
+               switch (auth_xform->algo) {
+               case RTE_CRYPTO_AUTH_SHA1_HMAC:
+               case RTE_CRYPTO_AUTH_MD5_HMAC:
+               case RTE_CRYPTO_AUTH_SHA256_HMAC:
+               case RTE_CRYPTO_AUTH_SHA384_HMAC:
+               case RTE_CRYPTO_AUTH_SHA512_HMAC:
+               case RTE_CRYPTO_AUTH_AES_CMAC:
+                       break;
+               default:
+                       DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
+                               auth_xform->algo);
+                       goto out;
+               }
+               session->auth_alg = auth_xform->algo;
+       } else {
+               session->auth_key.data = NULL;
+               session->auth_key.length = 0;
                session->auth_alg = RTE_CRYPTO_AUTH_NULL;
-               break;
-       case RTE_CRYPTO_AUTH_SHA224_HMAC:
-       case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-       case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
-       case RTE_CRYPTO_AUTH_SHA1:
-       case RTE_CRYPTO_AUTH_SHA256:
-       case RTE_CRYPTO_AUTH_SHA512:
-       case RTE_CRYPTO_AUTH_SHA224:
-       case RTE_CRYPTO_AUTH_SHA384:
-       case RTE_CRYPTO_AUTH_MD5:
-       case RTE_CRYPTO_AUTH_AES_GMAC:
-       case RTE_CRYPTO_AUTH_KASUMI_F9:
-       case RTE_CRYPTO_AUTH_AES_CBC_MAC:
-       case RTE_CRYPTO_AUTH_ZUC_EIA3:
-               DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
-                       auth_xform->algo);
-               goto out;
-       default:
-               DPAA_SEC_ERR("Crypto: Undefined Auth specified %u",
-                       auth_xform->algo);
-               goto out;
-       }
-
-       switch (cipher_xform->algo) {
-       case RTE_CRYPTO_CIPHER_AES_CBC:
-               session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CBC;
-               break;
-       case RTE_CRYPTO_CIPHER_3DES_CBC:
-               session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
-               break;
-       case RTE_CRYPTO_CIPHER_AES_CTR:
-               session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR;
-               break;
-       case RTE_CRYPTO_CIPHER_NULL:
-       case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
-       case RTE_CRYPTO_CIPHER_3DES_ECB:
-       case RTE_CRYPTO_CIPHER_AES_ECB:
-       case RTE_CRYPTO_CIPHER_KASUMI_F8:
-               DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
-                       cipher_xform->algo);
-               goto out;
-       default:
-               DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
-                       cipher_xform->algo);
-               goto out;
        }
 
        if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {