[dpdk-dev] [PATCH v2 13/13] crypto/dpaa_sec: enable ipsec aes-ctr to use nonce
Hemant Agrawal
hemant.agrawal at nxp.com
Fri Nov 1 18:51:41 CET 2019
From: Vakul Garg <vakul.garg at nxp.com>
The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.
Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
Signed-off-by: Vakul Garg <vakul.garg at nxp.com>
---
drivers/common/dpaax/caamflib/desc/ipsec.h | 18 ++++++++----------
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 8 ++++++++
drivers/crypto/dpaa_sec/dpaa_sec.c | 12 ++++++++++--
3 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index f33c68cc9..cf6fa4252 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -256,14 +256,14 @@ struct ipsec_encap_cbc {
/**
* struct ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
* @ctr_initial: initial count constant
* @iv: initialization vector
*/
struct ipsec_encap_ctr {
- uint8_t ctr_nonce[4];
+ uint32_t ctr_nonce;
uint32_t ctr_initial;
- uint64_t iv;
+ uint8_t iv[8];
};
/**
@@ -346,10 +346,9 @@ __rta_copy_ipsec_encap_pdb(struct program *program,
break;
case OP_PCL_IPSEC_AES_CTR:
- rta_copy_data(program, pdb->ctr.ctr_nonce,
- sizeof(pdb->ctr.ctr_nonce));
+ rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
__rta_out32(program, pdb->ctr.ctr_initial);
- __rta_out64(program, true, pdb->ctr.iv);
+ rta_copy_data(program, pdb->ctr.iv, sizeof(pdb->ctr.iv));
break;
case OP_PCL_IPSEC_AES_CCM8:
@@ -386,11 +385,11 @@ struct ipsec_decap_cbc {
/**
* struct ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
* @ctr_initial: initial count constant
*/
struct ipsec_decap_ctr {
- uint8_t ctr_nonce[4];
+ uint32_t ctr_nonce;
uint32_t ctr_initial;
};
@@ -464,8 +463,7 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
break;
case OP_PCL_IPSEC_AES_CTR:
- rta_copy_data(program, pdb->ctr.ctr_nonce,
- sizeof(pdb->ctr.ctr_nonce));
+ rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
__rta_out32(program, pdb->ctr.ctr_initial);
break;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 7368fc248..e774b379a 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2814,6 +2814,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
/* copy algo specific data to PDB */
switch (cipherdata.algtype) {
+ case OP_PCL_IPSEC_AES_CTR:
+ encap_pdb.ctr.ctr_initial = 0x00000001;
+ encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ break;
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
@@ -2899,6 +2903,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
memset(&decap_pdb, 0, sizeof(struct ipsec_decap_pdb));
/* copy algo specific data to PDB */
switch (cipherdata.algtype) {
+ case OP_PCL_IPSEC_AES_CTR:
+ decap_pdb.ctr.ctr_initial = 0x00000001;
+ decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ break;
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index c52593746..59f6097bb 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2614,6 +2614,7 @@ dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
static int
dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
struct rte_crypto_auth_xform *auth_xform,
+ struct rte_security_ipsec_xform *ipsec_xform,
dpaa_sec_session *session)
{
if (cipher_xform) {
@@ -2720,6 +2721,13 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_CIPHER_AES_CTR:
session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
session->cipher_key.algmode = OP_ALG_AAI_CTR;
+ if (session->dir == DIR_ENC) {
+ session->encap_pdb.ctr.ctr_initial = 0x00000001;
+ session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ } else {
+ session->decap_pdb.ctr.ctr_initial = 0x00000001;
+ session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ }
break;
case RTE_CRYPTO_CIPHER_NULL:
session->cipher_key.alg = OP_PCL_IPSEC_NULL;
@@ -2771,13 +2779,13 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
if (conf->crypto_xform->next)
auth_xform = &conf->crypto_xform->next->auth;
ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
- session);
+ ipsec_xform, session);
} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &conf->crypto_xform->auth;
if (conf->crypto_xform->next)
cipher_xform = &conf->crypto_xform->next->cipher;
ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
- session);
+ ipsec_xform, session);
} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
aead_xform = &conf->crypto_xform->aead;
ret = dpaa_sec_ipsec_aead_init(aead_xform,
--
2.17.1
More information about the dev
mailing list