[dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: code reorg for better session mgmt
Aaron Conole
aconole at redhat.com
Fri Oct 11 21:03:46 CEST 2019
Hemant Agrawal <hemant.agrawal at nxp.com> writes:
> The session related parameters shall be populated during
> the session create only.
> At the runtime on first packet, the CDB should just reference
> the session data instead of re-interpreting data again.
>
> Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
> ---
As a part of this patch, a number of static functions are no longer
used, and should be removed (for example is_auth_only, is_cipher_only,
is_aead, is_auth_cipher, and is_proto_ipsec).
You will see this if you choose to build with clang. gcc sees the
functions marked as static inline, and doesn't seem to warn.
> drivers/crypto/dpaa_sec/dpaa_sec.c | 612 ++++++++++++++++-------------
> drivers/crypto/dpaa_sec/dpaa_sec.h | 18 +-
> 2 files changed, 345 insertions(+), 285 deletions(-)
>
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index 970cdf0cc..b932bf1cb 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -290,102 +290,6 @@ static inline int is_decode(dpaa_sec_session *ses)
> return ses->dir == DIR_DEC;
> }
>
> -static inline void
> -caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a)
> -{
> - switch (ses->auth_alg) {
> - case RTE_CRYPTO_AUTH_NULL:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_NULL : 0;
> - ses->digest_length = 0;
> - break;
> - case RTE_CRYPTO_AUTH_MD5_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA1_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA224_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA256_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA384_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - case RTE_CRYPTO_AUTH_SHA512_HMAC:
> - alginfo_a->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512;
> - alginfo_a->algmode = OP_ALG_AAI_HMAC;
> - break;
> - default:
> - DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
> - }
> -}
> -
> -static inline void
> -caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c)
> -{
> - switch (ses->cipher_alg) {
> - case RTE_CRYPTO_CIPHER_NULL:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_NULL : 0;
> - break;
> - case RTE_CRYPTO_CIPHER_AES_CBC:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES;
> - alginfo_c->algmode = OP_ALG_AAI_CBC;
> - break;
> - case RTE_CRYPTO_CIPHER_3DES_CBC:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES;
> - alginfo_c->algmode = OP_ALG_AAI_CBC;
> - break;
> - case RTE_CRYPTO_CIPHER_AES_CTR:
> - alginfo_c->algtype =
> - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
> - OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES;
> - alginfo_c->algmode = OP_ALG_AAI_CTR;
> - break;
> - default:
> - DPAA_SEC_ERR("unsupported cipher alg %d", ses->cipher_alg);
> - }
> -}
> -
> -static inline void
> -caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo)
> -{
> - switch (ses->aead_alg) {
> - case RTE_CRYPTO_AEAD_AES_GCM:
> - alginfo->algtype = OP_ALG_ALGSEL_AES;
> - alginfo->algmode = OP_ALG_AAI_GCM;
> - break;
> - default:
> - DPAA_SEC_ERR("unsupported AEAD alg %d", ses->aead_alg);
> - }
> -}
> -
> static int
> dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
> {
> @@ -400,58 +304,24 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
> int swap = true;
> #endif
>
> - switch (ses->cipher_alg) {
> - case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_SNOW;
> - break;
> - case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_ZUC;
> - break;
> - case RTE_CRYPTO_CIPHER_AES_CTR:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_AES;
> - break;
> - case RTE_CRYPTO_CIPHER_NULL:
> - cipherdata.algtype = PDCP_CIPHER_TYPE_NULL;
> - break;
> - default:
> - DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> - ses->cipher_alg);
> - return -1;
> - }
> -
> cipherdata.key = (size_t)ses->cipher_key.data;
> cipherdata.keylen = ses->cipher_key.length;
> cipherdata.key_enc_flags = 0;
> cipherdata.key_type = RTA_DATA_IMM;
> + cipherdata.algtype = ses->cipher_key.alg;
> + cipherdata.algmode = ses->cipher_key.algmode;
>
> cdb->sh_desc[0] = cipherdata.keylen;
> cdb->sh_desc[1] = 0;
> cdb->sh_desc[2] = 0;
>
> if (ses->auth_alg) {
> - switch (ses->auth_alg) {
> - case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> - authdata.algtype = PDCP_AUTH_TYPE_SNOW;
> - break;
> - case RTE_CRYPTO_AUTH_ZUC_EIA3:
> - authdata.algtype = PDCP_AUTH_TYPE_ZUC;
> - break;
> - case RTE_CRYPTO_AUTH_AES_CMAC:
> - authdata.algtype = PDCP_AUTH_TYPE_AES;
> - break;
> - case RTE_CRYPTO_AUTH_NULL:
> - authdata.algtype = PDCP_AUTH_TYPE_NULL;
> - break;
> - default:
> - DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> - ses->auth_alg);
> - return -1;
> - }
> -
> authdata.key = (size_t)ses->auth_key.data;
> authdata.keylen = ses->auth_key.length;
> authdata.key_enc_flags = 0;
> authdata.key_type = RTA_DATA_IMM;
> + authdata.algtype = ses->auth_key.alg;
> + authdata.algmode = ses->auth_key.algmode;
>
> p_authdata = &authdata;
>
> @@ -541,27 +411,19 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
> int swap = true;
> #endif
>
> - caam_cipher_alg(ses, &cipherdata);
> - if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported cipher alg");
> - return -ENOTSUP;
> - }
> -
> cipherdata.key = (size_t)ses->cipher_key.data;
> cipherdata.keylen = ses->cipher_key.length;
> cipherdata.key_enc_flags = 0;
> cipherdata.key_type = RTA_DATA_IMM;
> -
> - caam_auth_alg(ses, &authdata);
> - if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported auth alg");
> - return -ENOTSUP;
> - }
> + cipherdata.algtype = ses->cipher_key.alg;
> + cipherdata.algmode = ses->cipher_key.algmode;
>
> authdata.key = (size_t)ses->auth_key.data;
> authdata.keylen = ses->auth_key.length;
> authdata.key_enc_flags = 0;
> authdata.key_type = RTA_DATA_IMM;
> + authdata.algtype = ses->auth_key.alg;
> + authdata.algmode = ses->auth_key.algmode;
>
> cdb->sh_desc[0] = cipherdata.keylen;
> cdb->sh_desc[1] = authdata.keylen;
> @@ -625,58 +487,26 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
>
> memset(cdb, 0, sizeof(struct sec_cdb));
>
> - if (is_proto_ipsec(ses)) {
> + switch (ses->ctxt) {
> + case DPAA_SEC_IPSEC:
> shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
> - } else if (is_proto_pdcp(ses)) {
> + break;
> + case DPAA_SEC_PDCP:
> shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses);
> - } else if (is_cipher_only(ses)) {
> + break;
> + case DPAA_SEC_CIPHER:
> alginfo_c.key = (size_t)ses->cipher_key.data;
> alginfo_c.keylen = ses->cipher_key.length;
> alginfo_c.key_enc_flags = 0;
> alginfo_c.key_type = RTA_DATA_IMM;
> + alginfo_c.algtype = ses->cipher_key.alg;
> + alginfo_c.algmode = ses->cipher_key.algmode;
> +
> switch (ses->cipher_alg) {
> - case RTE_CRYPTO_CIPHER_NULL:
> - alginfo_c.algtype = 0;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_AES_CBC:
> - alginfo_c.algtype = OP_ALG_ALGSEL_AES;
> - alginfo_c.algmode = OP_ALG_AAI_CBC;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> - alginfo_c.algtype = OP_ALG_ALGSEL_3DES;
> - alginfo_c.algmode = OP_ALG_AAI_CBC;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_AES_CTR:
> - alginfo_c.algtype = OP_ALG_ALGSEL_AES;
> - alginfo_c.algmode = OP_ALG_AAI_CTR;
> - shared_desc_len = cnstr_shdsc_blkcipher(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_c,
> - NULL,
> - ses->iv.length,
> - ses->dir);
> - break;
> case RTE_CRYPTO_CIPHER_3DES_CTR:
> - alginfo_c.algtype = OP_ALG_ALGSEL_3DES;
> - alginfo_c.algmode = OP_ALG_AAI_CTR;
> shared_desc_len = cnstr_shdsc_blkcipher(
> cdb->sh_desc, true,
> swap, SHR_NEVER, &alginfo_c,
> @@ -685,14 +515,12 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->dir);
> break;
> case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> - alginfo_c.algtype = OP_ALG_ALGSEL_SNOW_F8;
> shared_desc_len = cnstr_shdsc_snow_f8(
> cdb->sh_desc, true, swap,
> &alginfo_c,
> ses->dir);
> break;
> case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> - alginfo_c.algtype = OP_ALG_ALGSEL_ZUCE;
> shared_desc_len = cnstr_shdsc_zuce(
> cdb->sh_desc, true, swap,
> &alginfo_c,
> @@ -703,69 +531,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->cipher_alg);
> return -ENOTSUP;
> }
> - } else if (is_auth_only(ses)) {
> + break;
> + case DPAA_SEC_AUTH:
> alginfo_a.key = (size_t)ses->auth_key.data;
> alginfo_a.keylen = ses->auth_key.length;
> alginfo_a.key_enc_flags = 0;
> alginfo_a.key_type = RTA_DATA_IMM;
> + alginfo_a.algtype = ses->auth_key.alg;
> + alginfo_a.algmode = ses->auth_key.algmode;
> switch (ses->auth_alg) {
> - case RTE_CRYPTO_AUTH_NULL:
> - alginfo_a.algtype = 0;
> - ses->digest_length = 0;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_MD5_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_MD5;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA1_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA1;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA224_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA224;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA256;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA384_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA384;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> - shared_desc_len = cnstr_shdsc_hmac(
> - cdb->sh_desc, true,
> - swap, SHR_NEVER, &alginfo_a,
> - !ses->dir,
> - ses->digest_length);
> - break;
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SHA512;
> - alginfo_a.algmode = OP_ALG_AAI_HMAC;
> shared_desc_len = cnstr_shdsc_hmac(
> cdb->sh_desc, true,
> swap, SHR_NEVER, &alginfo_a,
> @@ -773,9 +553,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->digest_length);
> break;
> case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> - alginfo_a.algtype = OP_ALG_ALGSEL_SNOW_F9;
> - alginfo_a.algmode = OP_ALG_AAI_F9;
> - ses->auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2;
> shared_desc_len = cnstr_shdsc_snow_f9(
> cdb->sh_desc, true, swap,
> &alginfo_a,
> @@ -783,9 +560,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> ses->digest_length);
> break;
> case RTE_CRYPTO_AUTH_ZUC_EIA3:
> - alginfo_a.algtype = OP_ALG_ALGSEL_ZUCA;
> - alginfo_a.algmode = OP_ALG_AAI_F9;
> - ses->auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3;
> shared_desc_len = cnstr_shdsc_zuca(
> cdb->sh_desc, true, swap,
> &alginfo_a,
> @@ -795,8 +569,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> default:
> DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
> }
> - } else if (is_aead(ses)) {
> - caam_aead_alg(ses, &alginfo);
> + break;
> + case DPAA_SEC_AEAD:
> if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> DPAA_SEC_ERR("not supported aead alg");
> return -ENOTSUP;
> @@ -805,6 +579,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> alginfo.keylen = ses->aead_key.length;
> alginfo.key_enc_flags = 0;
> alginfo.key_type = RTA_DATA_IMM;
> + alginfo.algtype = ses->aead_key.alg;
> + alginfo.algmode = ses->aead_key.algmode;
>
> if (ses->dir == DIR_ENC)
> shared_desc_len = cnstr_shdsc_gcm_encap(
> @@ -818,28 +594,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> &alginfo,
> ses->iv.length,
> ses->digest_length);
> - } else {
> - caam_cipher_alg(ses, &alginfo_c);
> - if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported cipher alg");
> - return -ENOTSUP;
> - }
> -
> + break;
> + case DPAA_SEC_CIPHER_HASH:
> alginfo_c.key = (size_t)ses->cipher_key.data;
> alginfo_c.keylen = ses->cipher_key.length;
> alginfo_c.key_enc_flags = 0;
> alginfo_c.key_type = RTA_DATA_IMM;
> -
> - caam_auth_alg(ses, &alginfo_a);
> - if (alginfo_a.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
> - DPAA_SEC_ERR("not supported auth alg");
> - return -ENOTSUP;
> - }
> + alginfo_c.algtype = ses->cipher_key.alg;
> + alginfo_c.algmode = ses->cipher_key.algmode;
>
> alginfo_a.key = (size_t)ses->auth_key.data;
> alginfo_a.keylen = ses->auth_key.length;
> alginfo_a.key_enc_flags = 0;
> alginfo_a.key_type = RTA_DATA_IMM;
> + alginfo_a.algtype = ses->auth_key.alg;
> + alginfo_a.algmode = ses->auth_key.algmode;
>
> cdb->sh_desc[0] = alginfo_c.keylen;
> cdb->sh_desc[1] = alginfo_a.keylen;
> @@ -876,6 +645,11 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
> true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a,
> ses->iv.length,
> ses->digest_length, ses->dir);
> + break;
> + case DPAA_SEC_HASH_CIPHER:
> + default:
> + DPAA_SEC_ERR("error: Unsupported session");
> + return -ENOTSUP;
> }
>
> if (shared_desc_len < 0) {
> @@ -2053,18 +1827,22 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
> if (rte_pktmbuf_is_contiguous(op->sym->m_src) &&
> ((op->sym->m_dst == NULL) ||
> rte_pktmbuf_is_contiguous(op->sym->m_dst))) {
> - if (is_proto_ipsec(ses)) {
> - cf = build_proto(op, ses);
> - } else if (is_proto_pdcp(ses)) {
> + switch (ses->ctxt) {
> + case DPAA_SEC_PDCP:
> + case DPAA_SEC_IPSEC:
> cf = build_proto(op, ses);
> - } else if (is_auth_only(ses)) {
> + break;
> + case DPAA_SEC_AUTH:
> cf = build_auth_only(op, ses);
> - } else if (is_cipher_only(ses)) {
> + break;
> + case DPAA_SEC_CIPHER:
> cf = build_cipher_only(op, ses);
> - } else if (is_aead(ses)) {
> + break;
> + case DPAA_SEC_AEAD:
> cf = build_cipher_auth_gcm(op, ses);
> auth_hdr_len = ses->auth_only_len;
> - } else if (is_auth_cipher(ses)) {
> + break;
> + case DPAA_SEC_CIPHER_HASH:
> auth_hdr_len =
> op->sym->cipher.data.offset
> - op->sym->auth.data.offset;
> @@ -2073,23 +1851,30 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
> - op->sym->cipher.data.length
> - auth_hdr_len;
> cf = build_cipher_auth(op, ses);
> - } else {
> + break;
> + default:
> DPAA_SEC_DP_ERR("not supported ops");
> frames_to_send = loop;
> nb_ops = loop;
> goto send_pkts;
> }
> } else {
> - if (is_proto_pdcp(ses) || is_proto_ipsec(ses)) {
> + switch (ses->ctxt) {
> + case DPAA_SEC_PDCP:
> + case DPAA_SEC_IPSEC:
> cf = build_proto_sg(op, ses);
> - } else if (is_auth_only(ses)) {
> + break;
> + case DPAA_SEC_AUTH:
> cf = build_auth_only_sg(op, ses);
> - } else if (is_cipher_only(ses)) {
> + break;
> + case DPAA_SEC_CIPHER:
> cf = build_cipher_only_sg(op, ses);
> - } else if (is_aead(ses)) {
> + break;
> + case DPAA_SEC_AEAD:
> cf = build_cipher_auth_gcm_sg(op, ses);
> auth_hdr_len = ses->auth_only_len;
> - } else if (is_auth_cipher(ses)) {
> + break;
> + case DPAA_SEC_CIPHER_HASH:
> auth_hdr_len =
> op->sym->cipher.data.offset
> - op->sym->auth.data.offset;
> @@ -2098,7 +1883,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
> - op->sym->cipher.data.length
> - auth_hdr_len;
> cf = build_cipher_auth_sg(op, ses);
> - } else {
> + break;
> + default:
> DPAA_SEC_DP_ERR("not supported ops");
> frames_to_send = loop;
> nb_ops = loop;
> @@ -2282,6 +2068,31 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
>
> memcpy(session->cipher_key.data, xform->cipher.key.data,
> xform->cipher.key.length);
> + switch (xform->cipher.algo) {
> + case RTE_CRYPTO_CIPHER_AES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_3DES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CTR;
> + break;
> + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> + session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8;
> + break;
> + case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> + session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> + xform->cipher.algo);
> + rte_free(session->cipher_key.data);
> + return -1;
> + }
> session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
> DIR_ENC : DIR_DEC;
>
> @@ -2309,18 +2120,165 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
>
> memcpy(session->auth_key.data, xform->auth.key.data,
> xform->auth.key.length);
> +
> + switch (xform->auth.algo) {
> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_MD5_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_MD5;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA224_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA384_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA512_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> + session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9;
> + session->auth_key.algmode = OP_ALG_AAI_F9;
> + break;
> + case RTE_CRYPTO_AUTH_ZUC_EIA3:
> + session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
> + session->auth_key.algmode = OP_ALG_AAI_F9;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> + xform->auth.algo);
> + rte_free(session->auth_key.data);
> + return -1;
> + }
> +
> session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
> DIR_ENC : DIR_DEC;
>
> return 0;
> }
>
> +static int
> +dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
> + struct rte_crypto_sym_xform *xform,
> + dpaa_sec_session *session)
> +{
> +
> + struct rte_crypto_cipher_xform *cipher_xform;
> + struct rte_crypto_auth_xform *auth_xform;
> +
> + if (session->auth_cipher_text) {
> + cipher_xform = &xform->cipher;
> + auth_xform = &xform->next->auth;
> + } else {
> + cipher_xform = &xform->next->cipher;
> + auth_xform = &xform->auth;
> + }
> +
> + /* Set IV parameters */
> + session->iv.offset = cipher_xform->iv.offset;
> + session->iv.length = cipher_xform->iv.length;
> +
> + session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length,
> + RTE_CACHE_LINE_SIZE);
> + if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) {
> + DPAA_SEC_ERR("No Memory for cipher key");
> + return -1;
> + }
> + session->cipher_key.length = cipher_xform->key.length;
> + session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length,
> + RTE_CACHE_LINE_SIZE);
> + if (session->auth_key.data == NULL && auth_xform->key.length > 0) {
> + DPAA_SEC_ERR("No Memory for auth key");
> + rte_free(session->cipher_key.data);
> + return -ENOMEM;
> + }
> + session->auth_key.length = auth_xform->key.length;
> + memcpy(session->cipher_key.data, cipher_xform->key.data,
> + cipher_xform->key.length);
> + memcpy(session->auth_key.data, auth_xform->key.data,
> + auth_xform->key.length);
> +
> + session->digest_length = auth_xform->digest_length;
> + session->auth_alg = auth_xform->algo;
> +
> + switch (auth_xform->algo) {
> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_MD5_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_MD5;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA224_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA384_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA512_HMAC:
> + session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
> + auth_xform->algo);
> + goto error_out;
> + }
> +
> + session->cipher_alg = cipher_xform->algo;
> +
> + switch (cipher_xform->algo) {
> + case RTE_CRYPTO_CIPHER_AES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_3DES_CBC:
> + session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> + case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = OP_ALG_ALGSEL_AES;
> + session->cipher_key.algmode = OP_ALG_AAI_CTR;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> + cipher_xform->algo);
> + goto error_out;
> + }
> + session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
> + DIR_ENC : DIR_DEC;
> + return 0;
> +
> +error_out:
> + rte_free(session->cipher_key.data);
> + rte_free(session->auth_key.data);
> + return -1;
> +}
> +
> static int
> dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
> struct rte_crypto_sym_xform *xform,
> dpaa_sec_session *session)
> {
> session->aead_alg = xform->aead.algo;
> + session->ctxt = DPAA_SEC_AEAD;
> session->iv.length = xform->aead.iv.length;
> session->iv.offset = xform->aead.iv.offset;
> session->auth_only_len = xform->aead.aad_length;
> @@ -2335,6 +2293,18 @@ dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
>
> memcpy(session->aead_key.data, xform->aead.key.data,
> xform->aead.key.length);
> +
> + switch (session->aead_alg) {
> + case RTE_CRYPTO_AEAD_AES_GCM:
> + session->aead_key.alg = OP_ALG_ALGSEL_AES;
> + session->aead_key.algmode = OP_ALG_AAI_GCM;
> + break;
> + default:
> + DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg);
> + rte_free(session->aead_key.data);
> + return -ENOMEM;
> + }
> +
> session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
> DIR_ENC : DIR_DEC;
>
> @@ -2422,31 +2392,34 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
> /* Cipher Only */
> if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
> session->auth_alg = RTE_CRYPTO_AUTH_NULL;
> + session->ctxt = DPAA_SEC_CIPHER;
> dpaa_sec_cipher_init(dev, xform, session);
>
> /* Authentication Only */
> } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> xform->next == NULL) {
> session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
> + session->ctxt = DPAA_SEC_AUTH;
> dpaa_sec_auth_init(dev, xform, session);
>
> /* Cipher then Authenticate */
> } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
> - dpaa_sec_cipher_init(dev, xform, session);
> - dpaa_sec_auth_init(dev, xform->next, session);
> + session->ctxt = DPAA_SEC_CIPHER_HASH;
> + session->auth_cipher_text = 1;
> + dpaa_sec_chain_init(dev, xform, session);
> } else {
> DPAA_SEC_ERR("Not supported: Auth then Cipher");
> return -EINVAL;
> }
> -
> /* Authenticate then Cipher */
> } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
> - dpaa_sec_auth_init(dev, xform, session);
> - dpaa_sec_cipher_init(dev, xform->next, session);
> + session->ctxt = DPAA_SEC_CIPHER_HASH;
> + session->auth_cipher_text = 0;
> + dpaa_sec_chain_init(dev, xform, session);
> } else {
> DPAA_SEC_ERR("Not supported: Auth then Cipher");
> return -EINVAL;
> @@ -2574,6 +2547,7 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> cipher_xform = &conf->crypto_xform->next->cipher;
> }
> session->proto_alg = conf->protocol;
> + session->ctxt = DPAA_SEC_IPSEC;
>
> if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) {
> session->cipher_key.data = rte_zmalloc(NULL,
> @@ -2589,9 +2563,20 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> session->cipher_key.length = cipher_xform->key.length;
>
> switch (cipher_xform->algo) {
> + case RTE_CRYPTO_CIPHER_NULL:
> + session->cipher_key.alg = OP_PCL_IPSEC_NULL;
> + break;
> case RTE_CRYPTO_CIPHER_AES_CBC:
> + session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> + session->cipher_key.alg = OP_PCL_IPSEC_3DES;
> + session->cipher_key.algmode = OP_ALG_AAI_CBC;
> + break;
> case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
> + session->cipher_key.algmode = OP_ALG_AAI_CTR;
> break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
> @@ -2620,12 +2605,33 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> session->auth_key.length = auth_xform->key.length;
>
> switch (auth_xform->algo) {
> - case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + case RTE_CRYPTO_AUTH_NULL:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
> + session->digest_length = 0;
> + break;
> case RTE_CRYPTO_AUTH_MD5_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> + case RTE_CRYPTO_AUTH_SHA224_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_160;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> case RTE_CRYPTO_AUTH_SHA384_HMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> + break;
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> - case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256;
> + session->auth_key.algmode = OP_ALG_AAI_HMAC;
> break;
> default:
> DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> @@ -2766,7 +2772,28 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
> }
>
> session->proto_alg = conf->protocol;
> + session->ctxt = DPAA_SEC_PDCP;
> +
> if (cipher_xform) {
> + switch (cipher_xform->algo) {
> + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW;
> + break;
> + case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC;
> + break;
> + case RTE_CRYPTO_CIPHER_AES_CTR:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_AES;
> + break;
> + case RTE_CRYPTO_CIPHER_NULL:
> + session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> + session->cipher_alg);
> + return -1;
> + }
> +
> session->cipher_key.data = rte_zmalloc(NULL,
> cipher_xform->key.length,
> RTE_CACHE_LINE_SIZE);
> @@ -2798,6 +2825,25 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
> }
>
> if (auth_xform) {
> + switch (auth_xform->algo) {
> + case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> + session->auth_key.alg = PDCP_AUTH_TYPE_SNOW;
> + break;
> + case RTE_CRYPTO_AUTH_ZUC_EIA3:
> + session->auth_key.alg = PDCP_AUTH_TYPE_ZUC;
> + break;
> + case RTE_CRYPTO_AUTH_AES_CMAC:
> + session->auth_key.alg = PDCP_AUTH_TYPE_AES;
> + break;
> + case RTE_CRYPTO_AUTH_NULL:
> + session->auth_key.alg = PDCP_AUTH_TYPE_NULL;
> + break;
> + default:
> + DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> + session->auth_alg);
> + rte_free(session->cipher_key.data);
> + return -1;
> + }
> session->auth_key.data = rte_zmalloc(NULL,
> auth_xform->key.length,
> RTE_CACHE_LINE_SIZE);
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
> index 149923aa1..a661d5a56 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.h
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
> @@ -38,14 +38,19 @@ enum dpaa_sec_op_type {
> DPAA_SEC_NONE, /*!< No Cipher operations*/
> DPAA_SEC_CIPHER,/*!< CIPHER operations */
> DPAA_SEC_AUTH, /*!< Authentication Operations */
> - DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
> + DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
> + DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
> + * associated data
> + */
> + DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
> + * associated data
> + */
> DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
> DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
> DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
> DPAA_SEC_MAX
> };
>
> -
> #define DPAA_SEC_MAX_DESC_SIZE 64
> /* code or cmd block to caam */
> struct sec_cdb {
> @@ -113,6 +118,7 @@ struct sec_pdcp_ctxt {
>
> typedef struct dpaa_sec_session_entry {
> uint8_t dir; /*!< Operation Direction */
> + uint8_t ctxt; /*!< Session Context Type */
> enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
> enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
> enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
> @@ -121,15 +127,21 @@ typedef struct dpaa_sec_session_entry {
> struct {
> uint8_t *data; /**< pointer to key data */
> size_t length; /**< key length in bytes */
> + uint32_t alg;
> + uint32_t algmode;
> } aead_key;
> struct {
> struct {
> uint8_t *data; /**< pointer to key data */
> size_t length; /**< key length in bytes */
> + uint32_t alg;
> + uint32_t algmode;
> } cipher_key;
> struct {
> uint8_t *data; /**< pointer to key data */
> size_t length; /**< key length in bytes */
> + uint32_t alg;
> + uint32_t algmode;
> } auth_key;
> };
> };
> @@ -148,6 +160,8 @@ typedef struct dpaa_sec_session_entry {
> struct ip ip4_hdr;
> struct rte_ipv6_hdr ip6_hdr;
> };
> + uint8_t auth_cipher_text;
> + /**< Authenticate/cipher ordering */
> };
> struct sec_pdcp_ctxt pdcp;
> };
More information about the dev
mailing list