* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
AEAD algorithms:
SHA512 = Y
SHA512 HMAC = Y
SNOW3G UIA2 = Y
+AES XCBC MAC = Y
ZUC EIA3 = Y
;
return PROGRAM_FINALIZE(p);
}
+/**
+ * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * @descbuf: pointer to descriptor-under-construction buffer
+ * @ps: if 36/40bit addressing is desired, this parameter must be true
+ * @swap: must be true when core endianness doesn't match SEC endianness
+ * @share: sharing type of shared descriptor
+ * @authdata: pointer to authentication transform definitions;
+ * message digest algorithm: OP_ALG_ALGSEL_AES.
+ * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
+ * is needed for all the packets processed by this shared descriptor
+ * @trunc_len: Length of the truncated ICV to be written in the output buffer,
+ * 0 if no truncation is needed
+ *
+ * Note: There's no support for keys longer than the block size of the
+ * underlying hash function, according to the selected algorithm.
+ *
+ * Return: size of descriptor written in words or negative number on error
+ */
+static inline int
+cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+ enum rta_share_type share,
+ struct alginfo *authdata, uint8_t do_icv,
+ uint8_t trunc_len)
+{
+ struct program prg;
+ struct program *p = &prg;
+ uint8_t opicv, dir;
+
+ opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
+ dir = do_icv ? DIR_DEC : DIR_ENC;
+
+ PROGRAM_CNTXT_INIT(p, descbuf, 0);
+ if (swap)
+ PROGRAM_SET_BSWAP(p);
+ if (ps)
+ PROGRAM_SET_36BIT_ADDR(p);
+ SHR_HDR(p, share, 1, SC);
+
+ KEY(p, KEY2, authdata->key_enc_flags, authdata->key, authdata->keylen,
+ INLINE_KEY(authdata));
+
+ /* compute sequences */
+ if (opicv == ICV_CHECK_ENABLE)
+ MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
+ else
+ MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
+
+ /* Do operation */
+ ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+ OP_ALG_AS_INITFINAL, opicv, dir);
+
+ /* Do load (variable length) */
+ SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
+
+ if (opicv == ICV_CHECK_ENABLE) {
+ LOAD(p, trunc_len, ICV2SZ, 0, 4, IMMED);
+ SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
+ } else
+ SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
+
+ return PROGRAM_FINALIZE(p);
+}
+
#endif /* __DESC_ALGO_H__ */
* cnstr_shdsc_ipsec_encap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
* AES-XCBC-MAC-96 ESP encapsulation shared descriptor.
* @descbuf: pointer to buffer used for descriptor construction
+ * @share: sharing type of shared descriptor
* @pdb: pointer to the PDB to be used with this descriptor
* This structure will be copied inline to the descriptor under
* construction. No error checking will be made. Refer to the
*/
static inline int
cnstr_shdsc_ipsec_encap_des_aes_xcbc(uint32_t *descbuf,
+ enum rta_share_type share,
struct ipsec_encap_pdb *pdb,
struct alginfo *cipherdata,
struct alginfo *authdata)
REFERENCE(write_swapped_seqin_ptr);
PROGRAM_CNTXT_INIT(p, descbuf, 0);
- phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+ phdr = SHR_HDR(p, share, hdr, 0);
__rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
COPY_DATA(p, pdb->ip_hdr, pdb->ip_hdr_len);
SET_LABEL(p, hdr);
* cnstr_shdsc_ipsec_decap_des_aes_xcbc - IPSec DES-CBC/3DES-CBC and
* AES-XCBC-MAC-96 ESP decapsulation shared descriptor.
* @descbuf: pointer to buffer used for descriptor construction
+ * @share: sharing type of shared descriptor
* @pdb: pointer to the PDB to be used with this descriptor
* This structure will be copied inline to the descriptor under
* construction. No error checking will be made. Refer to the
*/
static inline int
cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
+ enum rta_share_type share,
struct ipsec_decap_pdb *pdb,
struct alginfo *cipherdata,
struct alginfo *authdata)
REFERENCE(write_swapped_seqout_ptr);
PROGRAM_CNTXT_INIT(p, descbuf, 0);
- phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+ phdr = SHR_HDR(p, share, hdr, 0);
__rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
SET_LABEL(p, hdr);
pkeyjump = JUMP(p, keyjump, LOCAL_JUMP, ALL_TRUE, SHRD | SELF);
cipherdata->keylen, INLINE_KEY(cipherdata));
/* Do operation */
- ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
+ ALG_OPERATION(p, authdata->algtype, authdata->algmode,
OP_ALG_AS_INITFINAL,
dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
dir);
SET_LABEL(p, keyjmp);
- ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+ if (authdata->algmode == OP_ALG_AAI_HMAC)
+ ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+ OP_ALG_AS_INITFINAL,
+ dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
+ dir);
+ else
+ ALG_OPERATION(p, authdata->algtype, authdata->algmode,
OP_ALG_AS_INITFINAL,
dir == DIR_ENC ? ICV_CHECK_DISABLE : ICV_CHECK_ENABLE,
dir);
for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
if (alg_table[i].chipher_algo == cipher_algo) {
- opcode |= cipher_algo | alg_table[i].class;
+ if ((aai == OP_ALG_AAI_XCBC_MAC) ||
+ (aai == OP_ALG_AAI_CBC_XCBCMAC))
+ opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+ else
+ opcode |= cipher_algo | alg_table[i].class;
/* nothing else to verify */
if (alg_table[i].aai_func == NULL) {
found = 1;
!session->dir,
session->digest_length);
break;
- case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+ bufsize = cnstr_shdsc_aes_xcbc_mac(
+ priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_AES_CMAC:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
case RTE_CRYPTO_AUTH_KASUMI_F9:
session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
break;
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ authdata.algtype = OP_ALG_ALGSEL_AES;
+ authdata.algmode = OP_ALG_AAI_XCBC_MAC;
+ session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
+ break;
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256;
authdata->algmode = OP_ALG_AAI_HMAC;
break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ authdata->algtype = OP_PCL_IPSEC_AES_XCBC_MAC_96;
+ authdata->algmode = OP_ALG_AAI_XCBC_MAC;
+ break;
case RTE_CRYPTO_AUTH_AES_CMAC:
authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
break;
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
- case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
case RTE_CRYPTO_AUTH_SHA1:
case RTE_CRYPTO_AUTH_SHA256:
}, }
}, }
},
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* NULL (CIPHER) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {