[10/10] crypto/dpaa_sec: code reorg for better session mgmt
Checks
Commit Message
The session related parameters shall be populated during
the session create only.
At the runtime on first packet, the CDB should just reference
the session data instead of re-interpreting data again.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa_sec/dpaa_sec.c | 612 ++++++++++++++++-------------
drivers/crypto/dpaa_sec/dpaa_sec.h | 18 +-
2 files changed, 345 insertions(+), 285 deletions(-)
Comments
Hemant Agrawal <hemant.agrawal@nxp.com> writes:
> The session related parameters shall be populated during
> the session create only.
> At the runtime on first packet, the CDB should just reference
> the session data instead of re-interpreting data again.
>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
As a part of this patch, a number of static functions are no longer
used, and should be removed (for example is_auth_only, is_cipher_only,
is_aead, is_auth_cipher, and is_proto_ipsec).
You will see this if you choose to build with clang. gcc sees the
functions marked as static inline, and doesn't seem to warn.
> drivers/crypto/dpaa_sec/dpaa_sec.c | 612 ++++++++++++++++-------------
> drivers/crypto/dpaa_sec/dpaa_sec.h | 18 +-
> 2 files changed, 345 insertions(+), 285 deletions(-)
>
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index 970cdf0cc..b932bf1cb 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -290,102 +290,6 @@ static inline int is_decode(dpaa_sec_session *ses)
> return ses->dir == DIR_DEC;
> }
>
> -static inline void
> -caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a)
> -{
> - switch (ses->auth_alg) {
> - case RTE_CRYPTO_AUTH_NULL:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_NULL : 0;
> - ses->digest_length = 0;
> - break;
> - case RTE_CRYPTO_AUTH_MD5_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA1_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA224_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA256_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA384_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA512_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - default:
> - DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
> - }
> -}
> -
> -static inline void
> -caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c)
> -{
> - switch (ses->cipher_alg) {
> - case RTE_CRYPTO_CIPHER_NULL:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_NULL : 0;
> - break;
> - case RTE_CRYPTO_CIPHER_AES_CBC:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES;
> - alginfo_c->algmode = OP_ALG_AAI_CBC;
> - break;
> - case RTE_CRYPTO_CIPHER_3DES_CBC:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES;
> - alginfo_c->algmode = OP_ALG_AAI_CBC;
> - break;
> - case RTE_CRYPTO_CIPHER_AES_CTR:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES;
> - alginfo_c->algmode = OP_ALG_AAI_CTR;
> - break;
> - default:
> - DPAA_SEC_ERR("unsupported cipher alg %d", ses->cipher_alg);
> - }
> -}
> -
> -static inline void
> -caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo)
> -{
> - switch (ses->aead_alg) {
> - case RTE_CRYPTO_AEAD_AES_GCM:
> - alginfo->algtype = OP_ALG_ALGSEL_AES;
> - alginfo->algmode = OP_ALG_AAI_GCM;
> - break;
> - default:
> - DPAA_SEC_ERR("unsupported AEAD alg %d", ses->aead_alg);
> - }
> -}
> -
> static int
> dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
> {
> @@ -400,58 +304,24 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
> int swap = true;
> #endif
>
> - switch (ses->cipher_alg) {
> - case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_SNOW;
> - break;
> - case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_ZUC;
> - break;
> - case RTE_CRYPTO_CIPHER_AES_CTR:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_AES;
> - break;
> - case RTE_CRYPTO_CIPHER_NULL:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_NULL;
> - break;
> - default:
> - DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> - ses->cipher_alg);
> - return -1;
> - }
> -
> cipherdata.key = (size_t)ses->cipher_key.data;
> cipherdata.keylen = ses->cipher_key.length;
> cipherdata.key_enc_flags = 0;
> cipherdata.key_type = RTA_DATA_IMM;
> + cipherdata.algtype = ses->cipher_key.alg;
> + cipherdata.algmode = ses->cipher_key.algmode;
>
> cdb->sh_desc[0] = cipherdata.keylen;
> cdb->sh_desc[1] = 0;
> cdb->sh_desc[2] = 0;
>
> if (ses->auth_alg) {
> - switch (ses->auth_alg) {
> - case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> - authdata.algtype = PDCP_AUTH_TYPE_SNOW;
> - break;
> - case RTE_CRYPTO_AUTH_ZUC_EIA3:
> - authdata.algtype = PDCP_AUTH_TYPE_ZUC;
> - break;
> - case RTE_CRYPTO_AUTH_AES_CMAC:
> - authdata.algtype = PDCP_AUTH_TYPE_AES;
> - break;
> - case RTE_CRYPTO_AUTH_NULL:
> - authdata.algtype = PDCP_AUTH_TYPE_NULL;
> - break;
> - default:
> - DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> - ses->auth_alg);
> - return -1;
> - }
> -
> authdata.key = (size_t)ses->auth_key.data;
> authdata.keylen = ses->auth_key.length;
> authdata.key_enc_flags = 0;
> authdata.key_type = RTA_DATA_IMM;
> + authdata.algtype = ses->auth_key.alg;
> + authdata.algmode = ses->auth_key.algmode;
>
> p_authdata = &authdata;
>
> @@ -541,27 +411,19 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
> int swap = true;
> #endif
>
> - caam_cipher_alg(ses, &cipherdata);
> - if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported cipher alg");
> - return -ENOTSUP;
> - }
> -
> cipherdata.key = (size_t)ses->cipher_key.data;
> cipherdata.keylen = ses->cipher_key.length;
> cipherdata.key_enc_flags = 0;
> cipherdata.key_type = RTA_DATA_IMM;
> -
> - caam_auth_alg(ses, &authdata);
> - if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported auth alg");
> - return -ENOTSUP;
> - }
> + cipherdata.algtype = ses->cipher_key.alg;
> + cipherdata.algmode = ses->cipher_key.algmode;
>
> authdata.key = (size_t)ses->auth_key.data;
> authdata.keylen = ses->auth_key.length;
> authdata.key_enc_flags = 0;
> authdata.key_type = RTA_DATA_IMM;
> + authdata.algtype = ses->auth_key.alg;
> + authdata.algmode = ses->auth_key.algmode;
>
> cdb->sh_desc[0] = cipherdata.keylen;
> cdb->sh_desc[1] = authdata.keylen;
> @@ -625,58 +487,26 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
>
> memset(cdb, 0, sizeof(struct sec_cdb));
>
> - if (is_proto_ipsec(ses)) {
> + switch (ses->ctxt) {
> + case DPAA_SEC_IPSEC:
> shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
> - } else if (is_proto_pdcp(ses)) {
> + break;
> + case DPAA_SEC_PDCP:
> shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses);
> - } else if (is_cipher_only(ses)) {
> + break;
> + case DPAA_SEC_CIPHER:
> alginfo_c.key = (size_t)ses->cipher_key.data;
> alginfo_c.keylen = ses->cipher_key.length;
> alginfo_c.key_enc_flags = 0;
> alginfo_c.key_type = RTA_DATA_IMM;
> + alginfo_c.algtype = ses->cipher_key.alg;
> + alginfo_c.algmode = ses->cipher_key.algmode;
> +
> switch (ses->cipher_alg) {
> - case RTE_CRYPTO_CIPHER_NULL:
> - alginfo_c.algtype = 0;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_AES_CBC:
> - alginfo_c.algtype = OP_ALG_ALGSEL_AES;
> - alginfo_c.algmode = OP_ALG_AAI_CBC;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> - alginfo_c.algtype = OP_ALG_ALGSEL_3DES;
> - alginfo_c.algmode = OP_ALG_AAI_CBC;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_AES_CTR:
> - alginfo_c.algtype = OP_ALG_ALGSEL_AES;
> - alginfo_c.algmode = OP_ALG_AAI_CTR;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_3DES_CTR:
> - alginfo_c.algtype = OP_ALG_ALGSEL_3DES;
> - alginfo_c.algmode = OP_ALG_AAI_CTR;
> shared_desc_len = cnstr_shdsc_blkcipher(
> cdb->sh_desc, true,
> swap, SHR_NEVER, &alginfo_c,
> @@ -685,14 +515,12 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->dir);
> break;
> case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> - alginfo_c.algtype = OP_ALG_ALGSEL_SNOW_F8;
> shared_desc_len = cnstr_shdsc_snow_f8(
> cdb->sh_desc, true, swap,
> &alginfo_c,
> ses->dir);
> break;
> case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> - alginfo_c.algtype = OP_ALG_ALGSEL_ZUCE;
> shared_desc_len = cnstr_shdsc_zuce(
> cdb->sh_desc, true, swap,
> &alginfo_c,
> @@ -703,69 +531,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->cipher_alg);
> return -ENOTSUP;
> }
> - } else if (is_auth_only(ses)) {
> + break;
> + case DPAA_SEC_AUTH:
> alginfo_a.key = (size_t)ses->auth_key.data;
> alginfo_a.keylen = ses->auth_key.length;
> alginfo_a.key_enc_flags = 0;
> alginfo_a.key_type = RTA_DATA_IMM;
> + alginfo_a.algtype = ses->auth_key.alg;
> + alginfo_a.algmode = ses->auth_key.algmode;
> switch (ses->auth_alg) {
> - case RTE_CRYPTO_AUTH_NULL:
> - alginfo_a.algtype = 0;
> - ses->digest_length = 0;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_MD5_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_MD5;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA1_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA1;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA224_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA224;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA256;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA384_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA384;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA512;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> shared_desc_len = cnstr_shdsc_hmac(
> cdb->sh_desc, true,
> swap, SHR_NEVER, &alginfo_a,
> @@ -773,9 +553,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->digest_length);
> break;
> case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SNOW_F9;
> - alginfo_a.algmode = OP_ALG_AAI_F9;
> - ses->auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2;
> shared_desc_len = cnstr_shdsc_snow_f9(
> cdb->sh_desc, true, swap,
> &alginfo_a,
> @@ -783,9 +560,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->digest_length);
> break;
> case RTE_CRYPTO_AUTH_ZUC_EIA3:
> - alginfo_a.algtype = OP_ALG_ALGSEL_ZUCA;
> - alginfo_a.algmode = OP_ALG_AAI_F9;
> - ses->auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3;
> shared_desc_len = cnstr_shdsc_zuca(
> cdb->sh_desc, true, swap,
> &alginfo_a,
> @@ -795,8 +569,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> default:
> DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
> }
> - } else if (is_aead(ses)) {
> - caam_aead_alg(ses, &alginfo);
> + break;
> + case DPAA_SEC_AEAD:
> if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> DPAA_SEC_ERR("not supported aead alg");
> return -ENOTSUP;
> @@ -805,6 +579,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> alginfo.keylen = ses->aead_key.length;
> alginfo.key_enc_flags = 0;
> alginfo.key_type = RTA_DATA_IMM;
> + alginfo.algtype = ses->aead_key.alg;
> + alginfo.algmode = ses->aead_key.algmode;
>
> if (ses->dir == DIR_ENC)
> shared_desc_len = cnstr_shdsc_gcm_encap(
> @@ -818,28 +594,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> &alginfo,
> ses->iv.length,
> ses->digest_length);
> - } else {
> - caam_cipher_alg(ses, &alginfo_c);
> - if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported cipher alg");
> - return -ENOTSUP;
> - }
> -
> + break;
> + case DPAA_SEC_CIPHER_HASH:
> alginfo_c.key = (size_t)ses->cipher_key.data;
> alginfo_c.keylen = ses->cipher_key.length;
> alginfo_c.key_enc_flags = 0;
> alginfo_c.key_type = RTA_DATA_IMM;
> -
> - caam_auth_alg(ses, &alginfo_a);
> - if (alginfo_a.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported auth alg");
> - return -ENOTSUP;
> - }
> + alginfo_c.algtype = ses->cipher_key.alg;
> + alginfo_c.algmode = ses->cipher_key.algmode;
>
> alginfo_a.key = (size_t)ses->auth_key.data;
> alginfo_a.keylen = ses->auth_key.length;
> alginfo_a.key_enc_flags = 0;
> alginfo_a.key_type = RTA_DATA_IMM;
> + alginfo_a.algtype = ses->auth_key.alg;
> + alginfo_a.algmode = ses->auth_key.algmode;
>
> cdb->sh_desc[0] = alginfo_c.keylen;
> cdb->sh_desc[1] = alginfo_a.keylen;
> @@ -876,6 +645,11 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a,
> ses->iv.length,
> ses->digest_length, ses->dir);
> + break;
> + case DPAA_SEC_HASH_CIPHER:
> + default:
> + DPAA_SEC_ERR("error: Unsupported session");
> + return -ENOTSUP;
> }
>
> if (shared_desc_len < 0) {
> @@ -2053,18 +1827,22 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
> if (rte_pktmbuf_is_contiguous(op->sym->m_src) &&
> ((op->sym->m_dst == NULL) ||
> rte_pktmbuf_is_contiguous(op->sym->m_dst))) {
> - if (is_proto_ipsec(ses)) {
> - cf = build_proto(op, ses);
> - } else if (is_proto_pdcp(ses)) {
> + switch (ses->ctxt) {
> + case DPAA_SEC_PDCP:
> + case DPAA_SEC_IPSEC:
> cf = build_proto(op, ses);
> - } else if (is_auth_only(ses)) {
> + break;
> + case DPAA_SEC_AUTH:
> cf = build_auth_only(op, ses);
> - } else if (is_cipher_only(ses)) {
> + break;
> + case DPAA_SEC_CIPHER:
> cf = build_cipher_only(op, ses);
> - } else if (is_aead(ses)) {
> + break;
> + case DPAA_SEC_AEAD:
> cf = build_cipher_auth_gcm(op, ses);
> auth_hdr_len = ses->auth_only_len;
> - } else if (is_auth_cipher(ses)) {
> + break;
> + case DPAA_SEC_CIPHER_HASH:
> auth_hdr_len =
> op->sym->cipher.data.offset
> - op->sym->auth.data.offset;
> @@ -2073,23 +1851,30 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
> - op->sym->cipher.data.length
> - auth_hdr_len;
> cf = build_cipher_auth(op, ses);
> - } else {
> + break;
> + default:
> DPAA_SEC_DP_ERR("not supported ops");
> frames_to_send = loop;
> nb_ops = loop;
> goto send_pkts;
> }
> } else {
> - if (is_proto_pdcp(ses) || is_proto_ipsec(ses)) {
> + switch (ses->ctxt) {
> + case DPAA_SEC_PDCP:
> + case DPAA_SEC_IPSEC:
> cf = build_proto_sg(op, ses);
> - } else if (is_auth_only(ses)) {
> + break;
> + case DPAA_SEC_AUTH:
> cf = build_auth_only_sg(op, ses);
> - } else if (is_cipher_only(ses)) {
> + break;
> + case DPAA_SEC_CIPHER:
> cf = build_cipher_only_sg(op, ses);
> - } else if (is_aead(ses)) {
> + break;
> + case DPAA_SEC_AEAD:
> cf = build_cipher_auth_gcm_sg(op, ses);
> auth_hdr_len = ses->auth_only_len;
> - } else if (is_auth_cipher(ses)) {
> + break;
> + case DPAA_SEC_CIPHER_HASH:
> auth_hdr_len =
> op->sym->cipher.data.offset
> - op->sym->auth.data.offset;
> @@ -2098,7 +1883,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
> - op->sym->cipher.data.length
> - auth_hdr_len;
> cf = build_cipher_auth_sg(op, ses);
> - } else {
> + break;
> + default:
> DPAA_SEC_DP_ERR("not supported ops");
> frames_to_send = loop;
> nb_ops = loop;
> @@ -2282,6 +2068,31 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
>
> memcpy(session->cipher_key.data, xform->cipher.key.data,
> xform->cipher.key.length);
> + switch (xform->cipher.algo) {
> + case RTE_CRYPTO_CIPHER_AES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_3DES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CTR;
> + break;
> + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> + session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8;
> + break;
> + case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> + session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> + xform->cipher.algo);
> + rte_free(session->cipher_key.data);
> + return -1;
> + }
> session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
> DIR_ENC : DIR_DEC;
>
> @@ -2309,18 +2120,165 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
>
> memcpy(session->auth_key.data, xform->auth.key.data,
> xform->auth.key.length);
> +
> + switch (xform->auth.algo) {
> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_MD5_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_MD5;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA224_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA384_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA512_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> + session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9;
> + session->auth_key.algmode = OP_ALG_AAI_F9;
> + break;
> + case RTE_CRYPTO_AUTH_ZUC_EIA3:
> + session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
> + session->auth_key.algmode = OP_ALG_AAI_F9;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> + xform->auth.algo);
> + rte_free(session->auth_key.data);
> + return -1;
> + }
> +
> session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
> DIR_ENC : DIR_DEC;
>
> return 0;
> }
>
> +static int
> +dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
> + struct rte_crypto_sym_xform *xform,
> + dpaa_sec_session *session)
> +{
> +
> + struct rte_crypto_cipher_xform *cipher_xform;
> + struct rte_crypto_auth_xform *auth_xform;
> +
> + if (session->auth_cipher_text) {
> + cipher_xform = &xform->cipher;
> + auth_xform = &xform->next->auth;
> + } else {
> + cipher_xform = &xform->next->cipher;
> + auth_xform = &xform->auth;
> + }
> +
> + /* Set IV parameters */
> + session->iv.offset = cipher_xform->iv.offset;
> + session->iv.length = cipher_xform->iv.length;
> +
> + session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length,
> + RTE_CACHE_LINE_SIZE);
> + if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) {
> + DPAA_SEC_ERR("No Memory for cipher key");
> + return -1;
> + }
> + session->cipher_key.length = cipher_xform->key.length;
> + session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length,
> + RTE_CACHE_LINE_SIZE);
> + if (session->auth_key.data == NULL && auth_xform->key.length > 0) {
> + DPAA_SEC_ERR("No Memory for auth key");
> + rte_free(session->cipher_key.data);
> + return -ENOMEM;
> + }
> + session->auth_key.length = auth_xform->key.length;
> + memcpy(session->cipher_key.data, cipher_xform->key.data,
> + cipher_xform->key.length);
> + memcpy(session->auth_key.data, auth_xform->key.data,
> + auth_xform->key.length);
> +
> + session->digest_length = auth_xform->digest_length;
> + session->auth_alg = auth_xform->algo;
> +
> + switch (auth_xform->algo) {
> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_MD5_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_MD5;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA224_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA384_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA512_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> + auth_xform->algo);
> + goto error_out;
> + }
> +
> + session->cipher_alg = cipher_xform->algo;
> +
> + switch (cipher_xform->algo) {
> + case RTE_CRYPTO_CIPHER_AES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_3DES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CTR;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> + cipher_xform->algo);
> + goto error_out;
> + }
> + session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
> + DIR_ENC : DIR_DEC;
> + return 0;
> +
> +error_out:
> + rte_free(session->cipher_key.data);
> + rte_free(session->auth_key.data);
> + return -1;
> +}
> +
> static int
> dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
> struct rte_crypto_sym_xform *xform,
> dpaa_sec_session *session)
> {
> session->aead_alg = xform->aead.algo;
> + session->ctxt = DPAA_SEC_AEAD;
> session->iv.length = xform->aead.iv.length;
> session->iv.offset = xform->aead.iv.offset;
> session->auth_only_len = xform->aead.aad_length;
> @@ -2335,6 +2293,18 @@ dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
>
> memcpy(session->aead_key.data, xform->aead.key.data,
> xform->aead.key.length);
> +
> + switch (session->aead_alg) {
> + case RTE_CRYPTO_AEAD_AES_GCM:
> + session->aead_key.alg = OP_ALG_ALGSEL_AES;
> + session->aead_key.algmode = OP_ALG_AAI_GCM;
> + break;
> + default:
> + DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg);
> + rte_free(session->aead_key.data);
> + return -ENOMEM;
> + }
> +
> session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
> DIR_ENC : DIR_DEC;
>
> @@ -2422,31 +2392,34 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
> /* Cipher Only */
> if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
> session->auth_alg = RTE_CRYPTO_AUTH_NULL;
> + session->ctxt = DPAA_SEC_CIPHER;
> dpaa_sec_cipher_init(dev, xform, session);
>
> /* Authentication Only */
> } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> xform->next == NULL) {
> session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
> + session->ctxt = DPAA_SEC_AUTH;
> dpaa_sec_auth_init(dev, xform, session);
>
> /* Cipher then Authenticate */
> } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
> - dpaa_sec_cipher_init(dev, xform, session);
> - dpaa_sec_auth_init(dev, xform->next, session);
> + session->ctxt = DPAA_SEC_CIPHER_HASH;
> + session->auth_cipher_text = 1;
> + dpaa_sec_chain_init(dev, xform, session);
> } else {
> DPAA_SEC_ERR("Not supported: Auth then Cipher");
> return -EINVAL;
> }
> -
> /* Authenticate then Cipher */
> } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
> - dpaa_sec_auth_init(dev, xform, session);
> - dpaa_sec_cipher_init(dev, xform->next, session);
> + session->ctxt = DPAA_SEC_CIPHER_HASH;
> + session->auth_cipher_text = 0;
> + dpaa_sec_chain_init(dev, xform, session);
> } else {
> DPAA_SEC_ERR("Not supported: Auth then Cipher");
> return -EINVAL;
> @@ -2574,6 +2547,7 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> cipher_xform = &conf->crypto_xform->next->cipher;
> }
> session->proto_alg = conf->protocol;
> + session->ctxt = DPAA_SEC_IPSEC;
>
> if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) {
> session->cipher_key.data = rte_zmalloc(NULL,
> @@ -2589,9 +2563,20 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> session->cipher_key.length = cipher_xform->key.length;
>
> switch (cipher_xform->algo) {
> + case RTE_CRYPTO_CIPHER_NULL:
> + session->cipher_key.alg = OP_PCL_IPSEC_NULL;
> + break;
> case RTE_CRYPTO_CIPHER_AES_CBC:
> + session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> + session->cipher_key.alg = OP_PCL_IPSEC_3DES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
> + session->cipher_key.algmode = OP_ALG_AAI_CTR;
> break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
> @@ -2620,12 +2605,33 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> session->auth_key.length = auth_xform->key.length;
>
> switch (auth_xform->algo) {
> - case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + case RTE_CRYPTO_AUTH_NULL:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
> + session->digest_length = 0;
> + break;
> case RTE_CRYPTO_AUTH_MD5_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA224_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_160;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> case RTE_CRYPTO_AUTH_SHA384_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> - case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> @@ -2766,7 +2772,28 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
> }
>
> session->proto_alg = conf->protocol;
> + session->ctxt = DPAA_SEC_PDCP;
> +
> if (cipher_xform) {
> + switch (cipher_xform->algo) {
> + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW;
> + break;
> + case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC;
> + break;
> + case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_AES;
> + break;
> + case RTE_CRYPTO_CIPHER_NULL:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> + session->cipher_alg);
> + return -1;
> + }
> +
> session->cipher_key.data = rte_zmalloc(NULL,
> cipher_xform->key.length,
> RTE_CACHE_LINE_SIZE);
> @@ -2798,6 +2825,25 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
> }
>
> if (auth_xform) {
> + switch (auth_xform->algo) {
> + case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> + session->auth_key.alg = PDCP_AUTH_TYPE_SNOW;
> + break;
> + case RTE_CRYPTO_AUTH_ZUC_EIA3:
> + session->auth_key.alg = PDCP_AUTH_TYPE_ZUC;
> + break;
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = PDCP_AUTH_TYPE_AES;
> + break;
> + case RTE_CRYPTO_AUTH_NULL:
> + session->auth_key.alg = PDCP_AUTH_TYPE_NULL;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> + session->auth_alg);
> + rte_free(session->cipher_key.data);
> + return -1;
> + }
> session->auth_key.data = rte_zmalloc(NULL,
> auth_xform->key.length,
> RTE_CACHE_LINE_SIZE);
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
> index 149923aa1..a661d5a56 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.h
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
> @@ -38,14 +38,19 @@ enum dpaa_sec_op_type {
> DPAA_SEC_NONE, /*!< No Cipher operations*/
> DPAA_SEC_CIPHER,/*!< CIPHER operations */
> DPAA_SEC_AUTH, /*!< Authentication Operations */
> - DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
> + DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
> + DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
> + * associated data
> + */
> + DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
> + * associated data
> + */
> DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
> DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
> DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
> DPAA_SEC_MAX
> };
>
> -
> #define DPAA_SEC_MAX_DESC_SIZE 64
> /* code or cmd block to caam */
> struct sec_cdb {
> @@ -113,6 +118,7 @@ struct sec_pdcp_ctxt {
>
> typedef struct dpaa_sec_session_entry {
> uint8_t dir; /*!< Operation Direction */
> + uint8_t ctxt; /*!< Session Context Type */
> enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
> enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
> enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
> @@ -121,15 +127,21 @@ typedef struct dpaa_sec_session_entry {
> struct {
> uint8_t *data; /**< pointer to key data */
> size_t length; /**< key length in bytes */
> + uint32_t alg;
> + uint32_t algmode;
> } aead_key;
> struct {
> struct {
> uint8_t *data; /**< pointer to key data */
> size_t length; /**< key length in bytes */
> + uint32_t alg;
> + uint32_t algmode;
> } cipher_key;
> struct {
> uint8_t *data; /**< pointer to key data */
> size_t length; /**< key length in bytes */
> + uint32_t alg;
> + uint32_t algmode;
> } auth_key;
> };
> };
> @@ -148,6 +160,8 @@ typedef struct dpaa_sec_session_entry {
> struct ip ip4_hdr;
> struct rte_ipv6_hdr ip6_hdr;
> };
> + uint8_t auth_cipher_text;
> + /**< Authenticate/cipher ordering */
> };
> struct sec_pdcp_ctxt pdcp;
> };
Hi Aaron,
Thanks!
I will fix these comments.
Regards,
Hemant
> -----Original Message-----
> From: Aaron Conole <aconole@redhat.com>
> Sent: Saturday, October 12, 2019 12:34 AM
> To: Hemant Agrawal <hemant.agrawal@nxp.com>
> Cc: dev@dpdk.org; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: Re: [dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: code reorg for
> better session mgmt
> Importance: High
>
> Hemant Agrawal <hemant.agrawal@nxp.com> writes:
>
> > The session related parameters shall be populated during the session
> > create only.
> > At the runtime on first packet, the CDB should just reference the
> > session data instead of re-interpreting data again.
> >
> > Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> > ---
>
> As a part of this patch, a number of static functions are no longer used, and
> should be removed (for example is_auth_only, is_cipher_only, is_aead,
> is_auth_cipher, and is_proto_ipsec).
>
> You will see this if you choose to build with clang. gcc sees the functions
> marked as static inline, and doesn't seem to warn.
>
@@ -290,102 +290,6 @@ static inline int is_decode(dpaa_sec_session *ses)
return ses->dir == DIR_DEC;
}
-static inline void
-caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a)
-{
- switch (ses->auth_alg) {
- case RTE_CRYPTO_AUTH_NULL:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_NULL : 0;
- ses->digest_length = 0;
- break;
- case RTE_CRYPTO_AUTH_MD5_HMAC:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5;
- alginfo_a->algmode = OP_ALG_AAI_HMAC;
- break;
- case RTE_CRYPTO_AUTH_SHA1_HMAC:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1;
- alginfo_a->algmode = OP_ALG_AAI_HMAC;
- break;
- case RTE_CRYPTO_AUTH_SHA224_HMAC:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224;
- alginfo_a->algmode = OP_ALG_AAI_HMAC;
- break;
- case RTE_CRYPTO_AUTH_SHA256_HMAC:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256;
- alginfo_a->algmode = OP_ALG_AAI_HMAC;
- break;
- case RTE_CRYPTO_AUTH_SHA384_HMAC:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384;
- alginfo_a->algmode = OP_ALG_AAI_HMAC;
- break;
- case RTE_CRYPTO_AUTH_SHA512_HMAC:
- alginfo_a->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512;
- alginfo_a->algmode = OP_ALG_AAI_HMAC;
- break;
- default:
- DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
- }
-}
-
-static inline void
-caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c)
-{
- switch (ses->cipher_alg) {
- case RTE_CRYPTO_CIPHER_NULL:
- alginfo_c->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_NULL : 0;
- break;
- case RTE_CRYPTO_CIPHER_AES_CBC:
- alginfo_c->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES;
- alginfo_c->algmode = OP_ALG_AAI_CBC;
- break;
- case RTE_CRYPTO_CIPHER_3DES_CBC:
- alginfo_c->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES;
- alginfo_c->algmode = OP_ALG_AAI_CBC;
- break;
- case RTE_CRYPTO_CIPHER_AES_CTR:
- alginfo_c->algtype =
- (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
- OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES;
- alginfo_c->algmode = OP_ALG_AAI_CTR;
- break;
- default:
- DPAA_SEC_ERR("unsupported cipher alg %d", ses->cipher_alg);
- }
-}
-
-static inline void
-caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo)
-{
- switch (ses->aead_alg) {
- case RTE_CRYPTO_AEAD_AES_GCM:
- alginfo->algtype = OP_ALG_ALGSEL_AES;
- alginfo->algmode = OP_ALG_AAI_GCM;
- break;
- default:
- DPAA_SEC_ERR("unsupported AEAD alg %d", ses->aead_alg);
- }
-}
-
static int
dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
{
@@ -400,58 +304,24 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
int swap = true;
#endif
- switch (ses->cipher_alg) {
- case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
- cipherdata.algtype = PDCP_CIPHER_TYPE_SNOW;
- break;
- case RTE_CRYPTO_CIPHER_ZUC_EEA3:
- cipherdata.algtype = PDCP_CIPHER_TYPE_ZUC;
- break;
- case RTE_CRYPTO_CIPHER_AES_CTR:
- cipherdata.algtype = PDCP_CIPHER_TYPE_AES;
- break;
- case RTE_CRYPTO_CIPHER_NULL:
- cipherdata.algtype = PDCP_CIPHER_TYPE_NULL;
- break;
- default:
- DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
- ses->cipher_alg);
- return -1;
- }
-
cipherdata.key = (size_t)ses->cipher_key.data;
cipherdata.keylen = ses->cipher_key.length;
cipherdata.key_enc_flags = 0;
cipherdata.key_type = RTA_DATA_IMM;
+ cipherdata.algtype = ses->cipher_key.alg;
+ cipherdata.algmode = ses->cipher_key.algmode;
cdb->sh_desc[0] = cipherdata.keylen;
cdb->sh_desc[1] = 0;
cdb->sh_desc[2] = 0;
if (ses->auth_alg) {
- switch (ses->auth_alg) {
- case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
- authdata.algtype = PDCP_AUTH_TYPE_SNOW;
- break;
- case RTE_CRYPTO_AUTH_ZUC_EIA3:
- authdata.algtype = PDCP_AUTH_TYPE_ZUC;
- break;
- case RTE_CRYPTO_AUTH_AES_CMAC:
- authdata.algtype = PDCP_AUTH_TYPE_AES;
- break;
- case RTE_CRYPTO_AUTH_NULL:
- authdata.algtype = PDCP_AUTH_TYPE_NULL;
- break;
- default:
- DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
- ses->auth_alg);
- return -1;
- }
-
authdata.key = (size_t)ses->auth_key.data;
authdata.keylen = ses->auth_key.length;
authdata.key_enc_flags = 0;
authdata.key_type = RTA_DATA_IMM;
+ authdata.algtype = ses->auth_key.alg;
+ authdata.algmode = ses->auth_key.algmode;
p_authdata = &authdata;
@@ -541,27 +411,19 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
int swap = true;
#endif
- caam_cipher_alg(ses, &cipherdata);
- if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
- DPAA_SEC_ERR("not supported cipher alg");
- return -ENOTSUP;
- }
-
cipherdata.key = (size_t)ses->cipher_key.data;
cipherdata.keylen = ses->cipher_key.length;
cipherdata.key_enc_flags = 0;
cipherdata.key_type = RTA_DATA_IMM;
-
- caam_auth_alg(ses, &authdata);
- if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
- DPAA_SEC_ERR("not supported auth alg");
- return -ENOTSUP;
- }
+ cipherdata.algtype = ses->cipher_key.alg;
+ cipherdata.algmode = ses->cipher_key.algmode;
authdata.key = (size_t)ses->auth_key.data;
authdata.keylen = ses->auth_key.length;
authdata.key_enc_flags = 0;
authdata.key_type = RTA_DATA_IMM;
+ authdata.algtype = ses->auth_key.alg;
+ authdata.algmode = ses->auth_key.algmode;
cdb->sh_desc[0] = cipherdata.keylen;
cdb->sh_desc[1] = authdata.keylen;
@@ -625,58 +487,26 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
memset(cdb, 0, sizeof(struct sec_cdb));
- if (is_proto_ipsec(ses)) {
+ switch (ses->ctxt) {
+ case DPAA_SEC_IPSEC:
shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
- } else if (is_proto_pdcp(ses)) {
+ break;
+ case DPAA_SEC_PDCP:
shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses);
- } else if (is_cipher_only(ses)) {
+ break;
+ case DPAA_SEC_CIPHER:
alginfo_c.key = (size_t)ses->cipher_key.data;
alginfo_c.keylen = ses->cipher_key.length;
alginfo_c.key_enc_flags = 0;
alginfo_c.key_type = RTA_DATA_IMM;
+ alginfo_c.algtype = ses->cipher_key.alg;
+ alginfo_c.algmode = ses->cipher_key.algmode;
+
switch (ses->cipher_alg) {
- case RTE_CRYPTO_CIPHER_NULL:
- alginfo_c.algtype = 0;
- shared_desc_len = cnstr_shdsc_blkcipher(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_c,
- NULL,
- ses->iv.length,
- ses->dir);
- break;
case RTE_CRYPTO_CIPHER_AES_CBC:
- alginfo_c.algtype = OP_ALG_ALGSEL_AES;
- alginfo_c.algmode = OP_ALG_AAI_CBC;
- shared_desc_len = cnstr_shdsc_blkcipher(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_c,
- NULL,
- ses->iv.length,
- ses->dir);
- break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
- alginfo_c.algtype = OP_ALG_ALGSEL_3DES;
- alginfo_c.algmode = OP_ALG_AAI_CBC;
- shared_desc_len = cnstr_shdsc_blkcipher(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_c,
- NULL,
- ses->iv.length,
- ses->dir);
- break;
case RTE_CRYPTO_CIPHER_AES_CTR:
- alginfo_c.algtype = OP_ALG_ALGSEL_AES;
- alginfo_c.algmode = OP_ALG_AAI_CTR;
- shared_desc_len = cnstr_shdsc_blkcipher(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_c,
- NULL,
- ses->iv.length,
- ses->dir);
- break;
case RTE_CRYPTO_CIPHER_3DES_CTR:
- alginfo_c.algtype = OP_ALG_ALGSEL_3DES;
- alginfo_c.algmode = OP_ALG_AAI_CTR;
shared_desc_len = cnstr_shdsc_blkcipher(
cdb->sh_desc, true,
swap, SHR_NEVER, &alginfo_c,
@@ -685,14 +515,12 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->dir);
break;
case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
- alginfo_c.algtype = OP_ALG_ALGSEL_SNOW_F8;
shared_desc_len = cnstr_shdsc_snow_f8(
cdb->sh_desc, true, swap,
&alginfo_c,
ses->dir);
break;
case RTE_CRYPTO_CIPHER_ZUC_EEA3:
- alginfo_c.algtype = OP_ALG_ALGSEL_ZUCE;
shared_desc_len = cnstr_shdsc_zuce(
cdb->sh_desc, true, swap,
&alginfo_c,
@@ -703,69 +531,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->cipher_alg);
return -ENOTSUP;
}
- } else if (is_auth_only(ses)) {
+ break;
+ case DPAA_SEC_AUTH:
alginfo_a.key = (size_t)ses->auth_key.data;
alginfo_a.keylen = ses->auth_key.length;
alginfo_a.key_enc_flags = 0;
alginfo_a.key_type = RTA_DATA_IMM;
+ alginfo_a.algtype = ses->auth_key.alg;
+ alginfo_a.algmode = ses->auth_key.algmode;
switch (ses->auth_alg) {
- case RTE_CRYPTO_AUTH_NULL:
- alginfo_a.algtype = 0;
- ses->digest_length = 0;
- shared_desc_len = cnstr_shdsc_hmac(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_a,
- !ses->dir,
- ses->digest_length);
- break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
- alginfo_a.algtype = OP_ALG_ALGSEL_MD5;
- alginfo_a.algmode = OP_ALG_AAI_HMAC;
- shared_desc_len = cnstr_shdsc_hmac(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_a,
- !ses->dir,
- ses->digest_length);
- break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
- alginfo_a.algtype = OP_ALG_ALGSEL_SHA1;
- alginfo_a.algmode = OP_ALG_AAI_HMAC;
- shared_desc_len = cnstr_shdsc_hmac(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_a,
- !ses->dir,
- ses->digest_length);
- break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
- alginfo_a.algtype = OP_ALG_ALGSEL_SHA224;
- alginfo_a.algmode = OP_ALG_AAI_HMAC;
- shared_desc_len = cnstr_shdsc_hmac(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_a,
- !ses->dir,
- ses->digest_length);
- break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
- alginfo_a.algtype = OP_ALG_ALGSEL_SHA256;
- alginfo_a.algmode = OP_ALG_AAI_HMAC;
- shared_desc_len = cnstr_shdsc_hmac(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_a,
- !ses->dir,
- ses->digest_length);
- break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
- alginfo_a.algtype = OP_ALG_ALGSEL_SHA384;
- alginfo_a.algmode = OP_ALG_AAI_HMAC;
- shared_desc_len = cnstr_shdsc_hmac(
- cdb->sh_desc, true,
- swap, SHR_NEVER, &alginfo_a,
- !ses->dir,
- ses->digest_length);
- break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
- alginfo_a.algtype = OP_ALG_ALGSEL_SHA512;
- alginfo_a.algmode = OP_ALG_AAI_HMAC;
shared_desc_len = cnstr_shdsc_hmac(
cdb->sh_desc, true,
swap, SHR_NEVER, &alginfo_a,
@@ -773,9 +553,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
- alginfo_a.algtype = OP_ALG_ALGSEL_SNOW_F9;
- alginfo_a.algmode = OP_ALG_AAI_F9;
- ses->auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2;
shared_desc_len = cnstr_shdsc_snow_f9(
cdb->sh_desc, true, swap,
&alginfo_a,
@@ -783,9 +560,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
case RTE_CRYPTO_AUTH_ZUC_EIA3:
- alginfo_a.algtype = OP_ALG_ALGSEL_ZUCA;
- alginfo_a.algmode = OP_ALG_AAI_F9;
- ses->auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3;
shared_desc_len = cnstr_shdsc_zuca(
cdb->sh_desc, true, swap,
&alginfo_a,
@@ -795,8 +569,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
default:
DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
}
- } else if (is_aead(ses)) {
- caam_aead_alg(ses, &alginfo);
+ break;
+ case DPAA_SEC_AEAD:
if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
DPAA_SEC_ERR("not supported aead alg");
return -ENOTSUP;
@@ -805,6 +579,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
alginfo.keylen = ses->aead_key.length;
alginfo.key_enc_flags = 0;
alginfo.key_type = RTA_DATA_IMM;
+ alginfo.algtype = ses->aead_key.alg;
+ alginfo.algmode = ses->aead_key.algmode;
if (ses->dir == DIR_ENC)
shared_desc_len = cnstr_shdsc_gcm_encap(
@@ -818,28 +594,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
&alginfo,
ses->iv.length,
ses->digest_length);
- } else {
- caam_cipher_alg(ses, &alginfo_c);
- if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
- DPAA_SEC_ERR("not supported cipher alg");
- return -ENOTSUP;
- }
-
+ break;
+ case DPAA_SEC_CIPHER_HASH:
alginfo_c.key = (size_t)ses->cipher_key.data;
alginfo_c.keylen = ses->cipher_key.length;
alginfo_c.key_enc_flags = 0;
alginfo_c.key_type = RTA_DATA_IMM;
-
- caam_auth_alg(ses, &alginfo_a);
- if (alginfo_a.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
- DPAA_SEC_ERR("not supported auth alg");
- return -ENOTSUP;
- }
+ alginfo_c.algtype = ses->cipher_key.alg;
+ alginfo_c.algmode = ses->cipher_key.algmode;
alginfo_a.key = (size_t)ses->auth_key.data;
alginfo_a.keylen = ses->auth_key.length;
alginfo_a.key_enc_flags = 0;
alginfo_a.key_type = RTA_DATA_IMM;
+ alginfo_a.algtype = ses->auth_key.alg;
+ alginfo_a.algmode = ses->auth_key.algmode;
cdb->sh_desc[0] = alginfo_c.keylen;
cdb->sh_desc[1] = alginfo_a.keylen;
@@ -876,6 +645,11 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a,
ses->iv.length,
ses->digest_length, ses->dir);
+ break;
+ case DPAA_SEC_HASH_CIPHER:
+ default:
+ DPAA_SEC_ERR("error: Unsupported session");
+ return -ENOTSUP;
}
if (shared_desc_len < 0) {
@@ -2053,18 +1827,22 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
if (rte_pktmbuf_is_contiguous(op->sym->m_src) &&
((op->sym->m_dst == NULL) ||
rte_pktmbuf_is_contiguous(op->sym->m_dst))) {
- if (is_proto_ipsec(ses)) {
- cf = build_proto(op, ses);
- } else if (is_proto_pdcp(ses)) {
+ switch (ses->ctxt) {
+ case DPAA_SEC_PDCP:
+ case DPAA_SEC_IPSEC:
cf = build_proto(op, ses);
- } else if (is_auth_only(ses)) {
+ break;
+ case DPAA_SEC_AUTH:
cf = build_auth_only(op, ses);
- } else if (is_cipher_only(ses)) {
+ break;
+ case DPAA_SEC_CIPHER:
cf = build_cipher_only(op, ses);
- } else if (is_aead(ses)) {
+ break;
+ case DPAA_SEC_AEAD:
cf = build_cipher_auth_gcm(op, ses);
auth_hdr_len = ses->auth_only_len;
- } else if (is_auth_cipher(ses)) {
+ break;
+ case DPAA_SEC_CIPHER_HASH:
auth_hdr_len =
op->sym->cipher.data.offset
- op->sym->auth.data.offset;
@@ -2073,23 +1851,30 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
- op->sym->cipher.data.length
- auth_hdr_len;
cf = build_cipher_auth(op, ses);
- } else {
+ break;
+ default:
DPAA_SEC_DP_ERR("not supported ops");
frames_to_send = loop;
nb_ops = loop;
goto send_pkts;
}
} else {
- if (is_proto_pdcp(ses) || is_proto_ipsec(ses)) {
+ switch (ses->ctxt) {
+ case DPAA_SEC_PDCP:
+ case DPAA_SEC_IPSEC:
cf = build_proto_sg(op, ses);
- } else if (is_auth_only(ses)) {
+ break;
+ case DPAA_SEC_AUTH:
cf = build_auth_only_sg(op, ses);
- } else if (is_cipher_only(ses)) {
+ break;
+ case DPAA_SEC_CIPHER:
cf = build_cipher_only_sg(op, ses);
- } else if (is_aead(ses)) {
+ break;
+ case DPAA_SEC_AEAD:
cf = build_cipher_auth_gcm_sg(op, ses);
auth_hdr_len = ses->auth_only_len;
- } else if (is_auth_cipher(ses)) {
+ break;
+ case DPAA_SEC_CIPHER_HASH:
auth_hdr_len =
op->sym->cipher.data.offset
- op->sym->auth.data.offset;
@@ -2098,7 +1883,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
- op->sym->cipher.data.length
- auth_hdr_len;
cf = build_cipher_auth_sg(op, ses);
- } else {
+ break;
+ default:
DPAA_SEC_DP_ERR("not supported ops");
frames_to_send = loop;
nb_ops = loop;
@@ -2282,6 +2068,31 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
memcpy(session->cipher_key.data, xform->cipher.key.data,
xform->cipher.key.length);
+ switch (xform->cipher.algo) {
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_AES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ session->cipher_key.alg = OP_ALG_ALGSEL_AES;
+ session->cipher_key.algmode = OP_ALG_AAI_CTR;
+ break;
+ case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
+ session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8;
+ break;
+ case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+ session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE;
+ break;
+ default:
+ DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
+ xform->cipher.algo);
+ rte_free(session->cipher_key.data);
+ return -1;
+ }
session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
DIR_ENC : DIR_DEC;
@@ -2309,18 +2120,165 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
memcpy(session->auth_key.data, xform->auth.key.data,
xform->auth.key.length);
+
+ switch (xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_MD5_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_MD5;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
+ session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9;
+ session->auth_key.algmode = OP_ALG_AAI_F9;
+ break;
+ case RTE_CRYPTO_AUTH_ZUC_EIA3:
+ session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
+ session->auth_key.algmode = OP_ALG_AAI_F9;
+ break;
+ default:
+ DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
+ xform->auth.algo);
+ rte_free(session->auth_key.data);
+ return -1;
+ }
+
session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
DIR_ENC : DIR_DEC;
return 0;
}
+static int
+dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
+ struct rte_crypto_sym_xform *xform,
+ dpaa_sec_session *session)
+{
+
+ struct rte_crypto_cipher_xform *cipher_xform;
+ struct rte_crypto_auth_xform *auth_xform;
+
+ if (session->auth_cipher_text) {
+ cipher_xform = &xform->cipher;
+ auth_xform = &xform->next->auth;
+ } else {
+ cipher_xform = &xform->next->cipher;
+ auth_xform = &xform->auth;
+ }
+
+ /* Set IV parameters */
+ session->iv.offset = cipher_xform->iv.offset;
+ session->iv.length = cipher_xform->iv.length;
+
+ session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length,
+ RTE_CACHE_LINE_SIZE);
+ if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) {
+ DPAA_SEC_ERR("No Memory for cipher key");
+ return -1;
+ }
+ session->cipher_key.length = cipher_xform->key.length;
+ session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length,
+ RTE_CACHE_LINE_SIZE);
+ if (session->auth_key.data == NULL && auth_xform->key.length > 0) {
+ DPAA_SEC_ERR("No Memory for auth key");
+ rte_free(session->cipher_key.data);
+ return -ENOMEM;
+ }
+ session->auth_key.length = auth_xform->key.length;
+ memcpy(session->cipher_key.data, cipher_xform->key.data,
+ cipher_xform->key.length);
+ memcpy(session->auth_key.data, auth_xform->key.data,
+ auth_xform->key.length);
+
+ session->digest_length = auth_xform->digest_length;
+ session->auth_alg = auth_xform->algo;
+
+ switch (auth_xform->algo) {
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_MD5_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_MD5;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ default:
+ DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
+ auth_xform->algo);
+ goto error_out;
+ }
+
+ session->cipher_alg = cipher_xform->algo;
+
+ switch (cipher_xform->algo) {
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_AES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ session->cipher_key.alg = OP_ALG_ALGSEL_AES;
+ session->cipher_key.algmode = OP_ALG_AAI_CTR;
+ break;
+ default:
+ DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
+ cipher_xform->algo);
+ goto error_out;
+ }
+ session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
+ DIR_ENC : DIR_DEC;
+ return 0;
+
+error_out:
+ rte_free(session->cipher_key.data);
+ rte_free(session->auth_key.data);
+ return -1;
+}
+
static int
dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
struct rte_crypto_sym_xform *xform,
dpaa_sec_session *session)
{
session->aead_alg = xform->aead.algo;
+ session->ctxt = DPAA_SEC_AEAD;
session->iv.length = xform->aead.iv.length;
session->iv.offset = xform->aead.iv.offset;
session->auth_only_len = xform->aead.aad_length;
@@ -2335,6 +2293,18 @@ dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
memcpy(session->aead_key.data, xform->aead.key.data,
xform->aead.key.length);
+
+ switch (session->aead_alg) {
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ session->aead_key.alg = OP_ALG_ALGSEL_AES;
+ session->aead_key.algmode = OP_ALG_AAI_GCM;
+ break;
+ default:
+ DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg);
+ rte_free(session->aead_key.data);
+ return -ENOMEM;
+ }
+
session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
DIR_ENC : DIR_DEC;
@@ -2422,31 +2392,34 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
/* Cipher Only */
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
session->auth_alg = RTE_CRYPTO_AUTH_NULL;
+ session->ctxt = DPAA_SEC_CIPHER;
dpaa_sec_cipher_init(dev, xform, session);
/* Authentication Only */
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next == NULL) {
session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
+ session->ctxt = DPAA_SEC_AUTH;
dpaa_sec_auth_init(dev, xform, session);
/* Cipher then Authenticate */
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
- dpaa_sec_cipher_init(dev, xform, session);
- dpaa_sec_auth_init(dev, xform->next, session);
+ session->ctxt = DPAA_SEC_CIPHER_HASH;
+ session->auth_cipher_text = 1;
+ dpaa_sec_chain_init(dev, xform, session);
} else {
DPAA_SEC_ERR("Not supported: Auth then Cipher");
return -EINVAL;
}
-
/* Authenticate then Cipher */
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
- dpaa_sec_auth_init(dev, xform, session);
- dpaa_sec_cipher_init(dev, xform->next, session);
+ session->ctxt = DPAA_SEC_CIPHER_HASH;
+ session->auth_cipher_text = 0;
+ dpaa_sec_chain_init(dev, xform, session);
} else {
DPAA_SEC_ERR("Not supported: Auth then Cipher");
return -EINVAL;
@@ -2574,6 +2547,7 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
cipher_xform = &conf->crypto_xform->next->cipher;
}
session->proto_alg = conf->protocol;
+ session->ctxt = DPAA_SEC_IPSEC;
if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) {
session->cipher_key.data = rte_zmalloc(NULL,
@@ -2589,9 +2563,20 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
session->cipher_key.length = cipher_xform->key.length;
switch (cipher_xform->algo) {
+ case RTE_CRYPTO_CIPHER_NULL:
+ session->cipher_key.alg = OP_PCL_IPSEC_NULL;
+ break;
case RTE_CRYPTO_CIPHER_AES_CBC:
+ session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
+ session->cipher_key.alg = OP_PCL_IPSEC_3DES;
+ session->cipher_key.algmode = OP_ALG_AAI_CBC;
+ break;
case RTE_CRYPTO_CIPHER_AES_CTR:
+ session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
+ session->cipher_key.algmode = OP_ALG_AAI_CTR;
break;
default:
DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
@@ -2620,12 +2605,33 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
session->auth_key.length = auth_xform->key.length;
switch (auth_xform->algo) {
- case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ case RTE_CRYPTO_AUTH_NULL:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
+ session->digest_length = 0;
+ break;
case RTE_CRYPTO_AUTH_MD5_HMAC:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_160;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
+ break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
- case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256;
+ session->auth_key.algmode = OP_ALG_AAI_HMAC;
break;
default:
DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
@@ -2766,7 +2772,28 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
}
session->proto_alg = conf->protocol;
+ session->ctxt = DPAA_SEC_PDCP;
+
if (cipher_xform) {
+ switch (cipher_xform->algo) {
+ case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
+ session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW;
+ break;
+ case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+ session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ session->cipher_key.alg = PDCP_CIPHER_TYPE_AES;
+ break;
+ case RTE_CRYPTO_CIPHER_NULL:
+ session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL;
+ break;
+ default:
+ DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
+ session->cipher_alg);
+ return -1;
+ }
+
session->cipher_key.data = rte_zmalloc(NULL,
cipher_xform->key.length,
RTE_CACHE_LINE_SIZE);
@@ -2798,6 +2825,25 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
}
if (auth_xform) {
+ switch (auth_xform->algo) {
+ case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
+ session->auth_key.alg = PDCP_AUTH_TYPE_SNOW;
+ break;
+ case RTE_CRYPTO_AUTH_ZUC_EIA3:
+ session->auth_key.alg = PDCP_AUTH_TYPE_ZUC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ session->auth_key.alg = PDCP_AUTH_TYPE_AES;
+ break;
+ case RTE_CRYPTO_AUTH_NULL:
+ session->auth_key.alg = PDCP_AUTH_TYPE_NULL;
+ break;
+ default:
+ DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
+ session->auth_alg);
+ rte_free(session->cipher_key.data);
+ return -1;
+ }
session->auth_key.data = rte_zmalloc(NULL,
auth_xform->key.length,
RTE_CACHE_LINE_SIZE);
@@ -38,14 +38,19 @@ enum dpaa_sec_op_type {
DPAA_SEC_NONE, /*!< No Cipher operations*/
DPAA_SEC_CIPHER,/*!< CIPHER operations */
DPAA_SEC_AUTH, /*!< Authentication Operations */
- DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
+ DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
+ DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
+ * associated data
+ */
+ DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
+ * associated data
+ */
DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
DPAA_SEC_MAX
};
-
#define DPAA_SEC_MAX_DESC_SIZE 64
/* code or cmd block to caam */
struct sec_cdb {
@@ -113,6 +118,7 @@ struct sec_pdcp_ctxt {
typedef struct dpaa_sec_session_entry {
uint8_t dir; /*!< Operation Direction */
+ uint8_t ctxt; /*!< Session Context Type */
enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
@@ -121,15 +127,21 @@ typedef struct dpaa_sec_session_entry {
struct {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
+ uint32_t alg;
+ uint32_t algmode;
} aead_key;
struct {
struct {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
+ uint32_t alg;
+ uint32_t algmode;
} cipher_key;
struct {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
+ uint32_t alg;
+ uint32_t algmode;
} auth_key;
};
};
@@ -148,6 +160,8 @@ typedef struct dpaa_sec_session_entry {
struct ip ip4_hdr;
struct rte_ipv6_hdr ip6_hdr;
};
+ uint8_t auth_cipher_text;
+ /**< Authenticate/cipher ordering */
};
struct sec_pdcp_ctxt pdcp;
};