From 1cdfbb0b8372ae4a4f22e122f52c4f3014d7a1c7 Mon Sep 17 00:00:00 2001 From: Vakul Garg Date: Wed, 6 Nov 2019 10:47:31 +0530 Subject: [PATCH] crypto/dpaax_sec: enable IPsec AES-CTR to use nonce The protocol aware ipsec descriptor has been modified to use ctr_initial value of 1 and salt configured for ipsec SA. Signed-off-by: Hemant Agrawal Signed-off-by: Vakul Garg Acked-by: Akhil Goyal --- drivers/common/dpaax/caamflib/desc/ipsec.h | 18 ++++++++---------- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 8 ++++++++ drivers/crypto/dpaa_sec/dpaa_sec.c | 12 ++++++++++-- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h index f33c68cc9d..cf6fa42525 100644 --- a/drivers/common/dpaax/caamflib/desc/ipsec.h +++ b/drivers/common/dpaax/caamflib/desc/ipsec.h @@ -256,14 +256,14 @@ struct ipsec_encap_cbc { /** * struct ipsec_encap_ctr - PDB part for IPsec CTR encapsulation - * @ctr_nonce: 4-byte array nonce + * @ctr_nonce: 4-byte nonce * @ctr_initial: initial count constant * @iv: initialization vector */ struct ipsec_encap_ctr { - uint8_t ctr_nonce[4]; + uint32_t ctr_nonce; uint32_t ctr_initial; - uint64_t iv; + uint8_t iv[8]; }; /** @@ -346,10 +346,9 @@ __rta_copy_ipsec_encap_pdb(struct program *program, break; case OP_PCL_IPSEC_AES_CTR: - rta_copy_data(program, pdb->ctr.ctr_nonce, - sizeof(pdb->ctr.ctr_nonce)); + rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4); __rta_out32(program, pdb->ctr.ctr_initial); - __rta_out64(program, true, pdb->ctr.iv); + rta_copy_data(program, pdb->ctr.iv, sizeof(pdb->ctr.iv)); break; case OP_PCL_IPSEC_AES_CCM8: @@ -386,11 +385,11 @@ struct ipsec_decap_cbc { /** * struct ipsec_decap_ctr - PDB part for IPsec CTR decapsulation - * @ctr_nonce: 4-byte array nonce + * @ctr_nonce: 4-byte nonce * @ctr_initial: initial count constant */ struct ipsec_decap_ctr { - uint8_t ctr_nonce[4]; + uint32_t ctr_nonce; uint32_t ctr_initial; }; @@ -464,8 +463,7 @@ __rta_copy_ipsec_decap_pdb(struct program *program, break; case OP_PCL_IPSEC_AES_CTR: - rta_copy_data(program, pdb->ctr.ctr_nonce, - sizeof(pdb->ctr.ctr_nonce)); + rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4); __rta_out32(program, pdb->ctr.ctr_initial); break; diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index 3150ca4a17..1cb78c6c23 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -2812,6 +2812,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, /* copy algo specific data to PDB */ switch (cipherdata.algtype) { + case OP_PCL_IPSEC_AES_CTR: + encap_pdb.ctr.ctr_initial = 0x00000001; + encap_pdb.ctr.ctr_nonce = ipsec_xform->salt; + break; case OP_PCL_IPSEC_AES_GCM8: case OP_PCL_IPSEC_AES_GCM12: case OP_PCL_IPSEC_AES_GCM16: @@ -2882,6 +2886,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev, memset(&decap_pdb, 0, sizeof(struct ipsec_decap_pdb)); /* copy algo specific data to PDB */ switch (cipherdata.algtype) { + case OP_PCL_IPSEC_AES_CTR: + decap_pdb.ctr.ctr_initial = 0x00000001; + decap_pdb.ctr.ctr_nonce = ipsec_xform->salt; + break; case OP_PCL_IPSEC_AES_GCM8: case OP_PCL_IPSEC_AES_GCM12: case OP_PCL_IPSEC_AES_GCM16: diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index dc528eed30..d4cf7fa32a 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -2581,6 +2581,7 @@ dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform, static int dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, struct rte_crypto_auth_xform *auth_xform, + struct rte_security_ipsec_xform *ipsec_xform, dpaa_sec_session *session) { if (cipher_xform) { @@ -2688,6 +2689,13 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, case RTE_CRYPTO_CIPHER_AES_CTR: session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR; session->cipher_key.algmode = OP_ALG_AAI_CTR; + if (session->dir == DIR_ENC) { + session->encap_pdb.ctr.ctr_initial = 0x00000001; + session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt; + } else { + session->decap_pdb.ctr.ctr_initial = 0x00000001; + session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt; + } break; case RTE_CRYPTO_CIPHER_NULL: session->cipher_key.alg = OP_PCL_IPSEC_NULL; @@ -2739,13 +2747,13 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, if (conf->crypto_xform->next) auth_xform = &conf->crypto_xform->next->auth; ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform, - session); + ipsec_xform, session); } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { auth_xform = &conf->crypto_xform->auth; if (conf->crypto_xform->next) cipher_xform = &conf->crypto_xform->next->cipher; ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform, - session); + ipsec_xform, session); } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { aead_xform = &conf->crypto_xform->aead; ret = dpaa_sec_ipsec_aead_init(aead_xform, -- 2.20.1