[2/2] crypto/dpaa2_sec: support non-HMAC auth algo versions
diff mbox series

Message ID 20200903163308.4759-2-akhil.goyal@nxp.com
State Accepted
Delegated to: akhil goyal
Headers show
Series
  • [1/2] crypto/dpaa2_sec: support DES-CBC
Related show

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK
ci/travis-robot success Travis build: passed
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-testing success Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS

Commit Message

Akhil Goyal Sept. 3, 2020, 4:33 p.m. UTC
From: Akhil Goyal <akhil.goyal@nxp.com>

added support for non-HMAC for auth algorithms
(SHA1, SHA2, MD5).
Corresponding capabilities are enabled so that test
application can enable those test cases.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/cryptodevs/features/dpaa2_sec.ini |   6 +
 drivers/common/dpaax/caamflib/desc/algo.h    |  86 +++++++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  |  82 +++++++++---
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h    | 131 ++++++++++++++++++-
 4 files changed, 286 insertions(+), 19 deletions(-)

Patch
diff mbox series

diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index c31321d5d..02c1bf418 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -33,11 +33,17 @@  ZUC EEA3      = Y
 ; Supported authentication algorithms of the 'dpaa2_sec' crypto driver.
 ;
 [Auth]
+MD5          = Y
 MD5 HMAC     = Y
+SHA1         = Y
 SHA1 HMAC    = Y
+SHA224       = Y
 SHA224 HMAC  = Y
+SHA256       = Y
 SHA256 HMAC  = Y
+SHA384       = Y
 SHA384 HMAC  = Y
+SHA512       = Y
 SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
 ZUC EIA3     = Y
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index 345bb5b3f..41cac5abd 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -1,7 +1,7 @@ 
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2020 NXP
  *
  */
 
@@ -466,6 +466,90 @@  cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
 	return PROGRAM_FINALIZE(p);
 }
 
+/**
+ * cnstr_shdsc_hash - HASH shared
+ * @descbuf: pointer to descriptor-under-construction buffer
+ * @ps: if 36/40bit addressing is desired, this parameter must be true
+ * @swap: must be true when core endianness doesn't match SEC endianness
+ * @share: sharing type of shared descriptor
+ * @authdata: pointer to authentication transform definitions;
+ *            message digest algorithm: OP_ALG_ALGSEL_MD5/ SHA1-512.
+ * @do_icv: 0 if ICV checking is not desired, any other value if ICV checking
+ *          is needed for all the packets processed by this shared descriptor
+ * @trunc_len: Length of the truncated ICV to be written in the output buffer, 0
+ *             if no truncation is needed
+ *
+ * Note: There's no support for keys longer than the block size of the
+ * underlying hash function, according to the selected algorithm.
+ *
+ * Return: size of descriptor written in words or negative number on error
+ */
+static inline int
+cnstr_shdsc_hash(uint32_t *descbuf, bool ps, bool swap,
+		 enum rta_share_type share,
+		 struct alginfo *authdata, uint8_t do_icv,
+		 uint8_t trunc_len)
+{
+	struct program prg;
+	struct program *p = &prg;
+	uint8_t storelen, opicv, dir;
+
+	/* Compute fixed-size store based on alg selection */
+	switch (authdata->algtype) {
+	case OP_ALG_ALGSEL_MD5:
+		storelen = 16;
+		break;
+	case OP_ALG_ALGSEL_SHA1:
+		storelen = 20;
+		break;
+	case OP_ALG_ALGSEL_SHA224:
+		storelen = 28;
+		break;
+	case OP_ALG_ALGSEL_SHA256:
+		storelen = 32;
+		break;
+	case OP_ALG_ALGSEL_SHA384:
+		storelen = 48;
+		break;
+	case OP_ALG_ALGSEL_SHA512:
+		storelen = 64;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	trunc_len = trunc_len && (trunc_len < storelen) ? trunc_len : storelen;
+
+	opicv = do_icv ? ICV_CHECK_ENABLE : ICV_CHECK_DISABLE;
+	dir = do_icv ? DIR_DEC : DIR_ENC;
+
+	PROGRAM_CNTXT_INIT(p, descbuf, 0);
+	if (swap)
+		PROGRAM_SET_BSWAP(p);
+	if (ps)
+		PROGRAM_SET_36BIT_ADDR(p);
+	SHR_HDR(p, share, 1, SC);
+
+	/* Do operation */
+	/* compute sequences */
+	if (opicv == ICV_CHECK_ENABLE)
+		MATHB(p, SEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);
+	else
+		MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
+
+	ALG_OPERATION(p, authdata->algtype,
+		      OP_ALG_AAI_HASH,
+		      OP_ALG_AS_INITFINAL, opicv, dir);
+	SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
+
+	if (opicv == ICV_CHECK_ENABLE)
+		SEQFIFOLOAD(p, ICV2, trunc_len, LAST2);
+	else
+		SEQSTORE(p, CONTEXT2, 0, trunc_len, 0);
+
+	return PROGRAM_FINALIZE(p);
+}
+
 /**
  * cnstr_shdsc_kasumi_f8 - KASUMI F8 (Confidentiality) as a shared descriptor
  *                         (ETSI "Document 1: f8 and f9 specification")
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 69040ec6c..195c7d894 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1979,21 +1979,23 @@  dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	flc = &priv->flc_desc[DESC_INITFINAL].flc;
 
 	session->ctxt_type = DPAA2_SEC_AUTH;
-	session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
+	session->auth_key.length = xform->auth.key.length;
+	if (xform->auth.key.length) {
+		session->auth_key.data = rte_zmalloc(NULL,
+			xform->auth.key.length,
 			RTE_CACHE_LINE_SIZE);
-	if (session->auth_key.data == NULL) {
-		DPAA2_SEC_ERR("Unable to allocate memory for auth key");
-		rte_free(priv);
-		return -ENOMEM;
+		if (session->auth_key.data == NULL) {
+			DPAA2_SEC_ERR("Unable to allocate memory for auth key");
+			rte_free(priv);
+			return -ENOMEM;
+		}
+		memcpy(session->auth_key.data, xform->auth.key.data,
+		       xform->auth.key.length);
+		authdata.key = (size_t)session->auth_key.data;
+		authdata.key_enc_flags = 0;
+		authdata.key_type = RTA_DATA_IMM;
 	}
-	session->auth_key.length = xform->auth.key.length;
-
-	memcpy(session->auth_key.data, xform->auth.key.data,
-	       xform->auth.key.length);
-	authdata.key = (size_t)session->auth_key.data;
 	authdata.keylen = session->auth_key.length;
-	authdata.key_enc_flags = 0;
-	authdata.key_type = RTA_DATA_IMM;
 
 	session->digest_length = xform->auth.digest_length;
 	session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
@@ -2076,18 +2078,66 @@  dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 					   !session->dir,
 					   session->digest_length);
 		break;
-	case RTE_CRYPTO_AUTH_KASUMI_F9:
-	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
+		authdata.algtype = OP_ALG_ALGSEL_SHA1;
+		authdata.algmode = OP_ALG_AAI_HASH;
+		session->auth_alg = RTE_CRYPTO_AUTH_SHA1;
+		bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
+	case RTE_CRYPTO_AUTH_MD5:
+		authdata.algtype = OP_ALG_ALGSEL_MD5;
+		authdata.algmode = OP_ALG_AAI_HASH;
+		session->auth_alg = RTE_CRYPTO_AUTH_MD5;
+		bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_SHA256:
+		authdata.algtype = OP_ALG_ALGSEL_SHA256;
+		authdata.algmode = OP_ALG_AAI_HASH;
+		session->auth_alg = RTE_CRYPTO_AUTH_SHA256;
+		bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
+	case RTE_CRYPTO_AUTH_SHA384:
+		authdata.algtype = OP_ALG_ALGSEL_SHA384;
+		authdata.algmode = OP_ALG_AAI_HASH;
+		session->auth_alg = RTE_CRYPTO_AUTH_SHA384;
+		bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_SHA512:
+		authdata.algtype = OP_ALG_ALGSEL_SHA512;
+		authdata.algmode = OP_ALG_AAI_HASH;
+		session->auth_alg = RTE_CRYPTO_AUTH_SHA512;
+		bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_SHA224:
-	case RTE_CRYPTO_AUTH_SHA384:
-	case RTE_CRYPTO_AUTH_MD5:
+		authdata.algtype = OP_ALG_ALGSEL_SHA224;
+		authdata.algmode = OP_ALG_AAI_HASH;
+		session->auth_alg = RTE_CRYPTO_AUTH_SHA224;
+		bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+	case RTE_CRYPTO_AUTH_KASUMI_F9:
+	case RTE_CRYPTO_AUTH_NULL:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
 			      xform->auth.algo);
 		ret = -ENOTSUP;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index c1f95f280..310ef6a5b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -200,6 +200,7 @@  typedef struct dpaa2_sec_session_entry {
 } dpaa2_sec_session;
 
 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
+	/* Symmetric capabilities */
 	{	/* NULL (AUTH) */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -221,6 +222,27 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, },
 		}, },
 	},
+	{	/* MD5 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_MD5,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* MD5 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -242,6 +264,27 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA1 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA1,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 20,
+					.max = 20,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA1 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -263,6 +306,27 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA224 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA224,
+				.block_size = 64,
+					.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 28,
+					.max = 28,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA224 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -284,6 +348,27 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA256 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA256,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA256 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -302,9 +387,30 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 					.increment = 1
 				},
 				.iv_size = { 0 }
-				}, }
 			}, }
-		},
+		}, }
+	},
+	{	/* SHA384 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA384,
+				.block_size = 64,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 48,
+					.max = 48,
+					.increment = 0
+					},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA384 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
@@ -326,6 +432,27 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA512 */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA512,
+				.block_size = 128,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 64,
+					.max = 64,
+					.increment = 0
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* SHA512 HMAC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {