From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: dev@dpdk.org, akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v2 13/13] crypto/dpaa_sec: enable ipsec aes-ctr to use nonce
Date: Fri, 1 Nov 2019 23:21:41 +0530 [thread overview]
Message-ID: <20191101175141.4663-13-hemant.agrawal@nxp.com> (raw)
In-Reply-To: <20191101175141.4663-1-hemant.agrawal@nxp.com>
From: Vakul Garg <vakul.garg@nxp.com>
The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
---
drivers/common/dpaax/caamflib/desc/ipsec.h | 18 ++++++++----------
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 8 ++++++++
drivers/crypto/dpaa_sec/dpaa_sec.c | 12 ++++++++++--
3 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index f33c68cc9..cf6fa4252 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -256,14 +256,14 @@ struct ipsec_encap_cbc {
/**
* struct ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
* @ctr_initial: initial count constant
* @iv: initialization vector
*/
struct ipsec_encap_ctr {
- uint8_t ctr_nonce[4];
+ uint32_t ctr_nonce;
uint32_t ctr_initial;
- uint64_t iv;
+ uint8_t iv[8];
};
/**
@@ -346,10 +346,9 @@ __rta_copy_ipsec_encap_pdb(struct program *program,
break;
case OP_PCL_IPSEC_AES_CTR:
- rta_copy_data(program, pdb->ctr.ctr_nonce,
- sizeof(pdb->ctr.ctr_nonce));
+ rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
__rta_out32(program, pdb->ctr.ctr_initial);
- __rta_out64(program, true, pdb->ctr.iv);
+ rta_copy_data(program, pdb->ctr.iv, sizeof(pdb->ctr.iv));
break;
case OP_PCL_IPSEC_AES_CCM8:
@@ -386,11 +385,11 @@ struct ipsec_decap_cbc {
/**
* struct ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
* @ctr_initial: initial count constant
*/
struct ipsec_decap_ctr {
- uint8_t ctr_nonce[4];
+ uint32_t ctr_nonce;
uint32_t ctr_initial;
};
@@ -464,8 +463,7 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
break;
case OP_PCL_IPSEC_AES_CTR:
- rta_copy_data(program, pdb->ctr.ctr_nonce,
- sizeof(pdb->ctr.ctr_nonce));
+ rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
__rta_out32(program, pdb->ctr.ctr_initial);
break;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 7368fc248..e774b379a 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2814,6 +2814,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
/* copy algo specific data to PDB */
switch (cipherdata.algtype) {
+ case OP_PCL_IPSEC_AES_CTR:
+ encap_pdb.ctr.ctr_initial = 0x00000001;
+ encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ break;
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
@@ -2899,6 +2903,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
memset(&decap_pdb, 0, sizeof(struct ipsec_decap_pdb));
/* copy algo specific data to PDB */
switch (cipherdata.algtype) {
+ case OP_PCL_IPSEC_AES_CTR:
+ decap_pdb.ctr.ctr_initial = 0x00000001;
+ decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ break;
case OP_PCL_IPSEC_AES_GCM8:
case OP_PCL_IPSEC_AES_GCM12:
case OP_PCL_IPSEC_AES_GCM16:
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index c52593746..59f6097bb 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2614,6 +2614,7 @@ dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
static int
dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
struct rte_crypto_auth_xform *auth_xform,
+ struct rte_security_ipsec_xform *ipsec_xform,
dpaa_sec_session *session)
{
if (cipher_xform) {
@@ -2720,6 +2721,13 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_CIPHER_AES_CTR:
session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
session->cipher_key.algmode = OP_ALG_AAI_CTR;
+ if (session->dir == DIR_ENC) {
+ session->encap_pdb.ctr.ctr_initial = 0x00000001;
+ session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ } else {
+ session->decap_pdb.ctr.ctr_initial = 0x00000001;
+ session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ }
break;
case RTE_CRYPTO_CIPHER_NULL:
session->cipher_key.alg = OP_PCL_IPSEC_NULL;
@@ -2771,13 +2779,13 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
if (conf->crypto_xform->next)
auth_xform = &conf->crypto_xform->next->auth;
ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
- session);
+ ipsec_xform, session);
} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &conf->crypto_xform->auth;
if (conf->crypto_xform->next)
cipher_xform = &conf->crypto_xform->next->cipher;
ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
- session);
+ ipsec_xform, session);
} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
aead_xform = &conf->crypto_xform->aead;
ret = dpaa_sec_ipsec_aead_init(aead_xform,
--
2.17.1
next prev parent reply other threads:[~2019-11-01 17:56 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-25 8:33 [dpdk-dev] [PATCH 1/8] crypto/dpaa_sec: fix to set PDCP capability flags Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 2/8] crypto/dpaa2_sec: add check for the session validity Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 3/8] crypto/dpaa_sec: " Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 4/8] crypto/dpaa2_sec: adding NULL cipher or NULL auth Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 5/8] crypto/dpaa_sec: " Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 6/8] crypto/dpaa2_sec: add AES-GCM support for lookaside case Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 7/8] crypto/dpaa_sec: " Hemant Agrawal
2019-10-25 8:33 ` [dpdk-dev] [PATCH 8/8] test/cryptodev: enable additional cases for dpaax Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 01/13] crypto/dpaa_sec: fix to set PDCP capability flags Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 02/13] crypto/dpaa2_sec: add check for the session validity Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 03/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 04/13] crypto/dpaa2_sec: adding NULL cipher or NULL auth Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 05/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 06/13] crypto/dpaa2_sec: add AES-GCM support for lookaside case Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 07/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 08/13] test/cryptodev: enable additional cases for dpaax Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 09/13] crypto/dpaa2_sec: enable warning with truncated sha256 Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 10/13] crypto/dpaa2_sec: remove unwanted context type check Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 11/13] crypto/dpaa_sec: use macros in queue attach and detach Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 12/13] crypto/dpaa2_sec: use aes-ctr initial counter as 1 Hemant Agrawal
2019-11-01 17:51 ` Hemant Agrawal [this message]
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 01/13] crypto/dpaa_sec: fix to set PDCP capability flags Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 02/13] crypto/dpaa2_sec: add check for the session validity Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 03/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 04/13] crypto/dpaa2_sec: adding NULL cipher or NULL auth Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 05/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 06/13] crypto/dpaa2_sec: add AES-GCM support for lookaside case Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 07/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-07 8:48 ` Hemant Agrawal
2019-11-07 10:07 ` Akhil Goyal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 08/13] test/cryptodev: enable additional cases for dpaax Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 09/13] crypto/dpaa2_sec: enable warning with truncated sha256 Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 10/13] crypto/dpaa2_sec: remove unwanted context type check Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 11/13] crypto/dpaa_sec: use macros in queue attach and detach Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 12/13] crypto/dpaa2_sec: use aes-ctr initial counter as 1 Hemant Agrawal
2019-11-06 5:17 ` [dpdk-dev] [PATCH v3 13/13] crypto/dpaa_sec: enable ipsec aes-ctr to use nonce Hemant Agrawal
2019-11-06 13:09 ` [dpdk-dev] [PATCH v3 01/13] crypto/dpaa_sec: fix to set PDCP capability flags Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191101175141.4663-13-hemant.agrawal@nxp.com \
--to=hemant.agrawal@nxp.com \
--cc=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).