DPDK patches and discussions
 help / color / mirror / Atom feed
From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: dev@dpdk.org, akhil.goyal@nxp.com
Subject: [dpdk-dev] [PATCH v2 13/13] crypto/dpaa_sec: enable ipsec aes-ctr to use nonce
Date: Fri,  1 Nov 2019 23:21:41 +0530	[thread overview]
Message-ID: <20191101175141.4663-13-hemant.agrawal@nxp.com> (raw)
In-Reply-To: <20191101175141.4663-1-hemant.agrawal@nxp.com>

From: Vakul Garg <vakul.garg@nxp.com>

The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/ipsec.h  | 18 ++++++++----------
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  8 ++++++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 12 ++++++++++--
 3 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index f33c68cc9..cf6fa4252 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -256,14 +256,14 @@ struct ipsec_encap_cbc {
 
 /**
  * struct ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
  * @ctr_initial: initial count constant
  * @iv: initialization vector
  */
 struct ipsec_encap_ctr {
-	uint8_t ctr_nonce[4];
+	uint32_t ctr_nonce;
 	uint32_t ctr_initial;
-	uint64_t iv;
+	uint8_t iv[8];
 };
 
 /**
@@ -346,10 +346,9 @@ __rta_copy_ipsec_encap_pdb(struct program *program,
 		break;
 
 	case OP_PCL_IPSEC_AES_CTR:
-		rta_copy_data(program, pdb->ctr.ctr_nonce,
-			      sizeof(pdb->ctr.ctr_nonce));
+		rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
 		__rta_out32(program, pdb->ctr.ctr_initial);
-		__rta_out64(program, true, pdb->ctr.iv);
+		rta_copy_data(program, pdb->ctr.iv, sizeof(pdb->ctr.iv));
 		break;
 
 	case OP_PCL_IPSEC_AES_CCM8:
@@ -386,11 +385,11 @@ struct ipsec_decap_cbc {
 
 /**
  * struct ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
  * @ctr_initial: initial count constant
  */
 struct ipsec_decap_ctr {
-	uint8_t ctr_nonce[4];
+	uint32_t ctr_nonce;
 	uint32_t ctr_initial;
 };
 
@@ -464,8 +463,7 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
 		break;
 
 	case OP_PCL_IPSEC_AES_CTR:
-		rta_copy_data(program, pdb->ctr.ctr_nonce,
-			      sizeof(pdb->ctr.ctr_nonce));
+		rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
 		__rta_out32(program, pdb->ctr.ctr_initial);
 		break;
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 7368fc248..e774b379a 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2814,6 +2814,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 
 		/* copy algo specific data to PDB */
 		switch (cipherdata.algtype) {
+		case OP_PCL_IPSEC_AES_CTR:
+			encap_pdb.ctr.ctr_initial = 0x00000001;
+			encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+			break;
 		case OP_PCL_IPSEC_AES_GCM8:
 		case OP_PCL_IPSEC_AES_GCM12:
 		case OP_PCL_IPSEC_AES_GCM16:
@@ -2899,6 +2903,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		memset(&decap_pdb, 0, sizeof(struct ipsec_decap_pdb));
 		/* copy algo specific data to PDB */
 		switch (cipherdata.algtype) {
+		case OP_PCL_IPSEC_AES_CTR:
+			decap_pdb.ctr.ctr_initial = 0x00000001;
+			decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+			break;
 		case OP_PCL_IPSEC_AES_GCM8:
 		case OP_PCL_IPSEC_AES_GCM12:
 		case OP_PCL_IPSEC_AES_GCM16:
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index c52593746..59f6097bb 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2614,6 +2614,7 @@ dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
 static int
 dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	struct rte_crypto_auth_xform *auth_xform,
+	struct rte_security_ipsec_xform *ipsec_xform,
 	dpaa_sec_session *session)
 {
 	if (cipher_xform) {
@@ -2720,6 +2721,13 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 		session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
 		session->cipher_key.algmode = OP_ALG_AAI_CTR;
+		if (session->dir == DIR_ENC) {
+			session->encap_pdb.ctr.ctr_initial = 0x00000001;
+			session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+		} else {
+			session->decap_pdb.ctr.ctr_initial = 0x00000001;
+			session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+		}
 		break;
 	case RTE_CRYPTO_CIPHER_NULL:
 		session->cipher_key.alg = OP_PCL_IPSEC_NULL;
@@ -2771,13 +2779,13 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 		if (conf->crypto_xform->next)
 			auth_xform = &conf->crypto_xform->next->auth;
 		ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
-					session);
+					ipsec_xform, session);
 	} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = &conf->crypto_xform->auth;
 		if (conf->crypto_xform->next)
 			cipher_xform = &conf->crypto_xform->next->cipher;
 		ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
-					session);
+					ipsec_xform, session);
 	} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		aead_xform = &conf->crypto_xform->aead;
 		ret = dpaa_sec_ipsec_aead_init(aead_xform,
-- 
2.17.1


  parent reply	other threads:[~2019-11-01 17:56 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-25  8:33 [dpdk-dev] [PATCH 1/8] crypto/dpaa_sec: fix to set PDCP capability flags Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 2/8] crypto/dpaa2_sec: add check for the session validity Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 3/8] crypto/dpaa_sec: " Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 4/8] crypto/dpaa2_sec: adding NULL cipher or NULL auth Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 5/8] crypto/dpaa_sec: " Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 6/8] crypto/dpaa2_sec: add AES-GCM support for lookaside case Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 7/8] crypto/dpaa_sec: " Hemant Agrawal
2019-10-25  8:33 ` [dpdk-dev] [PATCH 8/8] test/cryptodev: enable additional cases for dpaax Hemant Agrawal
2019-11-01 17:51 ` [dpdk-dev] [PATCH v2 01/13] crypto/dpaa_sec: fix to set PDCP capability flags Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 02/13] crypto/dpaa2_sec: add check for the session validity Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 03/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 04/13] crypto/dpaa2_sec: adding NULL cipher or NULL auth Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 05/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 06/13] crypto/dpaa2_sec: add AES-GCM support for lookaside case Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 07/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 08/13] test/cryptodev: enable additional cases for dpaax Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 09/13] crypto/dpaa2_sec: enable warning with truncated sha256 Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 10/13] crypto/dpaa2_sec: remove unwanted context type check Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 11/13] crypto/dpaa_sec: use macros in queue attach and detach Hemant Agrawal
2019-11-01 17:51   ` [dpdk-dev] [PATCH v2 12/13] crypto/dpaa2_sec: use aes-ctr initial counter as 1 Hemant Agrawal
2019-11-01 17:51   ` Hemant Agrawal [this message]
2019-11-06  5:17   ` [dpdk-dev] [PATCH v3 01/13] crypto/dpaa_sec: fix to set PDCP capability flags Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 02/13] crypto/dpaa2_sec: add check for the session validity Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 03/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 04/13] crypto/dpaa2_sec: adding NULL cipher or NULL auth Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 05/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 06/13] crypto/dpaa2_sec: add AES-GCM support for lookaside case Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 07/13] crypto/dpaa_sec: " Hemant Agrawal
2019-11-07  8:48       ` Hemant Agrawal
2019-11-07 10:07         ` Akhil Goyal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 08/13] test/cryptodev: enable additional cases for dpaax Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 09/13] crypto/dpaa2_sec: enable warning with truncated sha256 Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 10/13] crypto/dpaa2_sec: remove unwanted context type check Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 11/13] crypto/dpaa_sec: use macros in queue attach and detach Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 12/13] crypto/dpaa2_sec: use aes-ctr initial counter as 1 Hemant Agrawal
2019-11-06  5:17     ` [dpdk-dev] [PATCH v3 13/13] crypto/dpaa_sec: enable ipsec aes-ctr to use nonce Hemant Agrawal
2019-11-06 13:09     ` [dpdk-dev] [PATCH v3 01/13] crypto/dpaa_sec: fix to set PDCP capability flags Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191101175141.4663-13-hemant.agrawal@nxp.com \
    --to=hemant.agrawal@nxp.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).