diff mbox series

[5/8] crypto/cnxk: make IPsec verify functions common

Message ID	20210831140127.31775-6-ktejasree@marvell.com (mailing list archive)
State	Superseded, archived
Headers	From: Tejasree Kondoj <ktejasree@marvell.com> To: Akhil Goyal <gakhil@marvell.com> CC: Archana Muniganti <marchana@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>, Srujana Challa <schalla@marvell.com>, Nithin Dabilpuram <ndabilpuram@marvell.com>, "Jerin Jacob" <jerinj@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org> Date: Tue, 31 Aug 2021 19:31:24 +0530 Message-ID: <20210831140127.31775-6-ktejasree@marvell.com> In-Reply-To: <20210831140127.31775-1-ktejasree@marvell.com> References: <20210831140127.31775-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Subject: [dpdk-dev] [PATCH 5/8] crypto/cnxk: make IPsec verify functions common Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	add lookaside IPsec additional features \| [0/8] add lookaside IPsec additional features [1/8] common/cnxk: add hash generation APIs [2/8] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA1 support [3/8] crypto/cnxk: remove redundant code [4/8] crypto/cnxk: use rlen from CPT result with lookaside [5/8] crypto/cnxk: make IPsec verify functions common [6/8] crypto/cnxk: support cn10k transport mode [7/8] crypto/cnxk: support UDP encap with lookaside IPsec [8/8] common/cnxk: make IPsec defines common

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Tejasree Kondoj Aug. 31, 2021, 2:01 p.m. UTC

  From: Archana Muniganti <marchana@marvell.com>

IPsec verify functions can be made common

Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
 drivers/crypto/cnxk/cn10k_ipsec.c | 116 +-----------------------------
 drivers/crypto/cnxk/cnxk_ipsec.h  | 113 +++++++++++++++++++++++++++++
 2 files changed, 114 insertions(+), 115 deletions(-)

diff mbox series

Patch

diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index 98110872a3..5c57cf2818 100644
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -17,120 +17,6 @@ 
 
 #include "roc_api.h"
 
-static int
-ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *xform)
-{
-	if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
-		switch (xform->cipher.key.length) {
-		case 16:
-		case 24:
-		case 32:
-			break;
-		default:
-			return -ENOTSUP;
-		}
-		return 0;
-	}
-
-	return -ENOTSUP;
-}
-
-static int
-ipsec_xform_auth_verify(struct rte_crypto_sym_xform *xform)
-{
-	uint16_t keylen = xform->auth.key.length;
-
-	if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
-		if (keylen >= 20 && keylen <= 64)
-			return 0;
-	}
-
-	return -ENOTSUP;
-}
-
-static int
-ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm,
-			struct rte_crypto_sym_xform *crypto_xfrm)
-{
-	if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
-	    crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
-		return -EINVAL;
-
-	if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
-	    crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
-		return -EINVAL;
-
-	if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
-		switch (crypto_xfrm->aead.key.length) {
-		case ROC_CPT_AES128_KEY_LEN:
-		case ROC_CPT_AES192_KEY_LEN:
-		case ROC_CPT_AES256_KEY_LEN:
-			break;
-		default:
-			return -EINVAL;
-		}
-		return 0;
-	}
-
-	return -ENOTSUP;
-}
-
-static int
-cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm,
-			 struct rte_crypto_sym_xform *crypto_xfrm)
-{
-	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
-	int ret;
-
-	if ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
-	    (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS))
-		return -EINVAL;
-
-	if ((ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) &&
-	    (ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH))
-		return -EINVAL;
-
-	if ((ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) &&
-	    (ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
-		return -EINVAL;
-
-	if ((ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
-	    (ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
-		return -EINVAL;
-
-	if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD)
-		return ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm);
-
-	if (crypto_xfrm->next == NULL)
-		return -EINVAL;
-
-	if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
-		/* Ingress */
-		if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH ||
-		    crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)
-			return -EINVAL;
-		auth_xform = crypto_xfrm;
-		cipher_xform = crypto_xfrm->next;
-	} else {
-		/* Egress */
-		if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||
-		    crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)
-			return -EINVAL;
-		cipher_xform = crypto_xfrm;
-		auth_xform = crypto_xfrm->next;
-	}
-
-	ret = ipsec_xform_cipher_verify(cipher_xform);
-	if (ret)
-		return ret;
-
-	ret = ipsec_xform_auth_verify(auth_xform);
-	if (ret)
-		return ret;
-
-	return 0;
-}
-
 static uint64_t
 ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa)
 {
@@ -245,7 +131,7 @@  cn10k_ipsec_session_create(void *dev,
 		return -EPERM;
 	}
 
-	ret = cn10k_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm);
+	ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm);
 	if (ret)
 		return ret;
 
diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index f6897a0e14..d1eb74ebbe 100644
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -17,4 +17,117 @@  struct cnxk_cpt_inst_tmpl {
 	uint64_t w7;
 };
 
+static inline int
+ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
+{
+	if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+		switch (crypto_xform->cipher.key.length) {
+		case 16:
+		case 24:
+		case 32:
+			break;
+		default:
+			return -ENOTSUP;
+		}
+		return 0;
+	}
+
+	return -ENOTSUP;
+}
+
+static inline int
+ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
+{
+	uint16_t keylen = crypto_xform->auth.key.length;
+
+	if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
+		if (keylen >= 20 && keylen <= 64)
+			return 0;
+	} else if (roc_model_is_cn9k() &&
+		   (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
+		if (keylen >= 32 && keylen <= 64)
+			return 0;
+	}
+
+	return -ENOTSUP;
+}
+
+static inline int
+ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xform,
+			struct rte_crypto_sym_xform *crypto_xform)
+{
+	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+	    crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
+		return -EINVAL;
+
+	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
+	    crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
+		return -EINVAL;
+
+	if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		switch (crypto_xform->aead.key.length) {
+		case 16:
+		case 24:
+		case 32:
+			break;
+		default:
+			return -EINVAL;
+		}
+		return 0;
+	}
+
+	return -ENOTSUP;
+}
+
+static inline int
+cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform,
+			struct rte_crypto_sym_xform *crypto_xform)
+{
+	struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+	int ret;
+
+	if ((ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
+	    (ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS))
+		return -EINVAL;
+
+	if ((ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) &&
+	    (ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH))
+		return -EINVAL;
+
+	if ((ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) &&
+	    (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
+		return -EINVAL;
+
+	if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
+	    (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
+		return -EINVAL;
+
+	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+		return ipsec_xform_aead_verify(ipsec_xform, crypto_xform);
+
+	if (crypto_xform->next == NULL)
+		return -EINVAL;
+
+	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+		/* Ingress */
+		if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH ||
+		    crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+			return -EINVAL;
+		auth_xform = crypto_xform;
+		cipher_xform = crypto_xform->next;
+	} else {
+		/* Egress */
+		if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||
+		    crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)
+			return -EINVAL;
+		cipher_xform = crypto_xform;
+		auth_xform = crypto_xform->next;
+	}
+
+	ret = ipsec_xform_cipher_verify(cipher_xform);
+	if (ret)
+		return ret;
+
+	return ipsec_xform_auth_verify(auth_xform);
+}
 #endif /* __CNXK_IPSEC_H__ */