From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B9225A3160 for ; Fri, 11 Oct 2019 21:03:51 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A5B571EB5B; Fri, 11 Oct 2019 21:03:50 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 754951EB51 for ; Fri, 11 Oct 2019 21:03:49 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C244F2CD811; Fri, 11 Oct 2019 19:03:48 +0000 (UTC) Received: from dhcp-25.97.bos.redhat.com (ovpn-123-210.rdu2.redhat.com [10.10.123.210]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D26035D9CA; Fri, 11 Oct 2019 19:03:47 +0000 (UTC) From: Aaron Conole To: Hemant Agrawal Cc: dev@dpdk.org, akhil.goyal@nxp.com References: <20191011163233.31017-1-hemant.agrawal@nxp.com> <20191011163233.31017-11-hemant.agrawal@nxp.com> Date: Fri, 11 Oct 2019 15:03:46 -0400 In-Reply-To: <20191011163233.31017-11-hemant.agrawal@nxp.com> (Hemant Agrawal's message of "Fri, 11 Oct 2019 22:02:33 +0530") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 11 Oct 2019 19:03:48 +0000 (UTC) Subject: Re: [dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: code reorg for better session mgmt X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hemant Agrawal writes: > The session related parameters shall be populated during > the session create only. > At the runtime on first packet, the CDB should just reference > the session data instead of re-interpreting data again. > > Signed-off-by: Hemant Agrawal > --- As a part of this patch, a number of static functions are no longer used, and should be removed (for example is_auth_only, is_cipher_only, is_aead, is_auth_cipher, and is_proto_ipsec). You will see this if you choose to build with clang. gcc sees the functions marked as static inline, and doesn't seem to warn. > drivers/crypto/dpaa_sec/dpaa_sec.c | 612 ++++++++++++++++------------- > drivers/crypto/dpaa_sec/dpaa_sec.h | 18 +- > 2 files changed, 345 insertions(+), 285 deletions(-) > > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c > index 970cdf0cc..b932bf1cb 100644 > --- a/drivers/crypto/dpaa_sec/dpaa_sec.c > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c > @@ -290,102 +290,6 @@ static inline int is_decode(dpaa_sec_session *ses) > return ses->dir == DIR_DEC; > } > > -static inline void > -caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a) > -{ > - switch (ses->auth_alg) { > - case RTE_CRYPTO_AUTH_NULL: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_NULL : 0; > - ses->digest_length = 0; > - break; > - case RTE_CRYPTO_AUTH_MD5_HMAC: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5; > - alginfo_a->algmode = OP_ALG_AAI_HMAC; > - break; > - case RTE_CRYPTO_AUTH_SHA1_HMAC: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1; > - alginfo_a->algmode = OP_ALG_AAI_HMAC; > - break; > - case RTE_CRYPTO_AUTH_SHA224_HMAC: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224; > - alginfo_a->algmode = OP_ALG_AAI_HMAC; > - break; > - case RTE_CRYPTO_AUTH_SHA256_HMAC: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256; > - alginfo_a->algmode = OP_ALG_AAI_HMAC; > - break; > - case RTE_CRYPTO_AUTH_SHA384_HMAC: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384; > - alginfo_a->algmode = OP_ALG_AAI_HMAC; > - break; > - case RTE_CRYPTO_AUTH_SHA512_HMAC: > - alginfo_a->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512; > - alginfo_a->algmode = OP_ALG_AAI_HMAC; > - break; > - default: > - DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg); > - } > -} > - > -static inline void > -caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c) > -{ > - switch (ses->cipher_alg) { > - case RTE_CRYPTO_CIPHER_NULL: > - alginfo_c->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_NULL : 0; > - break; > - case RTE_CRYPTO_CIPHER_AES_CBC: > - alginfo_c->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES; > - alginfo_c->algmode = OP_ALG_AAI_CBC; > - break; > - case RTE_CRYPTO_CIPHER_3DES_CBC: > - alginfo_c->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES; > - alginfo_c->algmode = OP_ALG_AAI_CBC; > - break; > - case RTE_CRYPTO_CIPHER_AES_CTR: > - alginfo_c->algtype = > - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? > - OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES; > - alginfo_c->algmode = OP_ALG_AAI_CTR; > - break; > - default: > - DPAA_SEC_ERR("unsupported cipher alg %d", ses->cipher_alg); > - } > -} > - > -static inline void > -caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo) > -{ > - switch (ses->aead_alg) { > - case RTE_CRYPTO_AEAD_AES_GCM: > - alginfo->algtype = OP_ALG_ALGSEL_AES; > - alginfo->algmode = OP_ALG_AAI_GCM; > - break; > - default: > - DPAA_SEC_ERR("unsupported AEAD alg %d", ses->aead_alg); > - } > -} > - > static int > dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) > { > @@ -400,58 +304,24 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) > int swap = true; > #endif > > - switch (ses->cipher_alg) { > - case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: > - cipherdata.algtype = PDCP_CIPHER_TYPE_SNOW; > - break; > - case RTE_CRYPTO_CIPHER_ZUC_EEA3: > - cipherdata.algtype = PDCP_CIPHER_TYPE_ZUC; > - break; > - case RTE_CRYPTO_CIPHER_AES_CTR: > - cipherdata.algtype = PDCP_CIPHER_TYPE_AES; > - break; > - case RTE_CRYPTO_CIPHER_NULL: > - cipherdata.algtype = PDCP_CIPHER_TYPE_NULL; > - break; > - default: > - DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", > - ses->cipher_alg); > - return -1; > - } > - > cipherdata.key = (size_t)ses->cipher_key.data; > cipherdata.keylen = ses->cipher_key.length; > cipherdata.key_enc_flags = 0; > cipherdata.key_type = RTA_DATA_IMM; > + cipherdata.algtype = ses->cipher_key.alg; > + cipherdata.algmode = ses->cipher_key.algmode; > > cdb->sh_desc[0] = cipherdata.keylen; > cdb->sh_desc[1] = 0; > cdb->sh_desc[2] = 0; > > if (ses->auth_alg) { > - switch (ses->auth_alg) { > - case RTE_CRYPTO_AUTH_SNOW3G_UIA2: > - authdata.algtype = PDCP_AUTH_TYPE_SNOW; > - break; > - case RTE_CRYPTO_AUTH_ZUC_EIA3: > - authdata.algtype = PDCP_AUTH_TYPE_ZUC; > - break; > - case RTE_CRYPTO_AUTH_AES_CMAC: > - authdata.algtype = PDCP_AUTH_TYPE_AES; > - break; > - case RTE_CRYPTO_AUTH_NULL: > - authdata.algtype = PDCP_AUTH_TYPE_NULL; > - break; > - default: > - DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", > - ses->auth_alg); > - return -1; > - } > - > authdata.key = (size_t)ses->auth_key.data; > authdata.keylen = ses->auth_key.length; > authdata.key_enc_flags = 0; > authdata.key_type = RTA_DATA_IMM; > + authdata.algtype = ses->auth_key.alg; > + authdata.algmode = ses->auth_key.algmode; > > p_authdata = &authdata; > > @@ -541,27 +411,19 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) > int swap = true; > #endif > > - caam_cipher_alg(ses, &cipherdata); > - if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { > - DPAA_SEC_ERR("not supported cipher alg"); > - return -ENOTSUP; > - } > - > cipherdata.key = (size_t)ses->cipher_key.data; > cipherdata.keylen = ses->cipher_key.length; > cipherdata.key_enc_flags = 0; > cipherdata.key_type = RTA_DATA_IMM; > - > - caam_auth_alg(ses, &authdata); > - if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { > - DPAA_SEC_ERR("not supported auth alg"); > - return -ENOTSUP; > - } > + cipherdata.algtype = ses->cipher_key.alg; > + cipherdata.algmode = ses->cipher_key.algmode; > > authdata.key = (size_t)ses->auth_key.data; > authdata.keylen = ses->auth_key.length; > authdata.key_enc_flags = 0; > authdata.key_type = RTA_DATA_IMM; > + authdata.algtype = ses->auth_key.alg; > + authdata.algmode = ses->auth_key.algmode; > > cdb->sh_desc[0] = cipherdata.keylen; > cdb->sh_desc[1] = authdata.keylen; > @@ -625,58 +487,26 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > > memset(cdb, 0, sizeof(struct sec_cdb)); > > - if (is_proto_ipsec(ses)) { > + switch (ses->ctxt) { > + case DPAA_SEC_IPSEC: > shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses); > - } else if (is_proto_pdcp(ses)) { > + break; > + case DPAA_SEC_PDCP: > shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses); > - } else if (is_cipher_only(ses)) { > + break; > + case DPAA_SEC_CIPHER: > alginfo_c.key = (size_t)ses->cipher_key.data; > alginfo_c.keylen = ses->cipher_key.length; > alginfo_c.key_enc_flags = 0; > alginfo_c.key_type = RTA_DATA_IMM; > + alginfo_c.algtype = ses->cipher_key.alg; > + alginfo_c.algmode = ses->cipher_key.algmode; > + > switch (ses->cipher_alg) { > - case RTE_CRYPTO_CIPHER_NULL: > - alginfo_c.algtype = 0; > - shared_desc_len = cnstr_shdsc_blkcipher( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_c, > - NULL, > - ses->iv.length, > - ses->dir); > - break; > case RTE_CRYPTO_CIPHER_AES_CBC: > - alginfo_c.algtype = OP_ALG_ALGSEL_AES; > - alginfo_c.algmode = OP_ALG_AAI_CBC; > - shared_desc_len = cnstr_shdsc_blkcipher( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_c, > - NULL, > - ses->iv.length, > - ses->dir); > - break; > case RTE_CRYPTO_CIPHER_3DES_CBC: > - alginfo_c.algtype = OP_ALG_ALGSEL_3DES; > - alginfo_c.algmode = OP_ALG_AAI_CBC; > - shared_desc_len = cnstr_shdsc_blkcipher( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_c, > - NULL, > - ses->iv.length, > - ses->dir); > - break; > case RTE_CRYPTO_CIPHER_AES_CTR: > - alginfo_c.algtype = OP_ALG_ALGSEL_AES; > - alginfo_c.algmode = OP_ALG_AAI_CTR; > - shared_desc_len = cnstr_shdsc_blkcipher( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_c, > - NULL, > - ses->iv.length, > - ses->dir); > - break; > case RTE_CRYPTO_CIPHER_3DES_CTR: > - alginfo_c.algtype = OP_ALG_ALGSEL_3DES; > - alginfo_c.algmode = OP_ALG_AAI_CTR; > shared_desc_len = cnstr_shdsc_blkcipher( > cdb->sh_desc, true, > swap, SHR_NEVER, &alginfo_c, > @@ -685,14 +515,12 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > ses->dir); > break; > case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: > - alginfo_c.algtype = OP_ALG_ALGSEL_SNOW_F8; > shared_desc_len = cnstr_shdsc_snow_f8( > cdb->sh_desc, true, swap, > &alginfo_c, > ses->dir); > break; > case RTE_CRYPTO_CIPHER_ZUC_EEA3: > - alginfo_c.algtype = OP_ALG_ALGSEL_ZUCE; > shared_desc_len = cnstr_shdsc_zuce( > cdb->sh_desc, true, swap, > &alginfo_c, > @@ -703,69 +531,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > ses->cipher_alg); > return -ENOTSUP; > } > - } else if (is_auth_only(ses)) { > + break; > + case DPAA_SEC_AUTH: > alginfo_a.key = (size_t)ses->auth_key.data; > alginfo_a.keylen = ses->auth_key.length; > alginfo_a.key_enc_flags = 0; > alginfo_a.key_type = RTA_DATA_IMM; > + alginfo_a.algtype = ses->auth_key.alg; > + alginfo_a.algmode = ses->auth_key.algmode; > switch (ses->auth_alg) { > - case RTE_CRYPTO_AUTH_NULL: > - alginfo_a.algtype = 0; > - ses->digest_length = 0; > - shared_desc_len = cnstr_shdsc_hmac( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_a, > - !ses->dir, > - ses->digest_length); > - break; > case RTE_CRYPTO_AUTH_MD5_HMAC: > - alginfo_a.algtype = OP_ALG_ALGSEL_MD5; > - alginfo_a.algmode = OP_ALG_AAI_HMAC; > - shared_desc_len = cnstr_shdsc_hmac( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_a, > - !ses->dir, > - ses->digest_length); > - break; > case RTE_CRYPTO_AUTH_SHA1_HMAC: > - alginfo_a.algtype = OP_ALG_ALGSEL_SHA1; > - alginfo_a.algmode = OP_ALG_AAI_HMAC; > - shared_desc_len = cnstr_shdsc_hmac( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_a, > - !ses->dir, > - ses->digest_length); > - break; > case RTE_CRYPTO_AUTH_SHA224_HMAC: > - alginfo_a.algtype = OP_ALG_ALGSEL_SHA224; > - alginfo_a.algmode = OP_ALG_AAI_HMAC; > - shared_desc_len = cnstr_shdsc_hmac( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_a, > - !ses->dir, > - ses->digest_length); > - break; > case RTE_CRYPTO_AUTH_SHA256_HMAC: > - alginfo_a.algtype = OP_ALG_ALGSEL_SHA256; > - alginfo_a.algmode = OP_ALG_AAI_HMAC; > - shared_desc_len = cnstr_shdsc_hmac( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_a, > - !ses->dir, > - ses->digest_length); > - break; > case RTE_CRYPTO_AUTH_SHA384_HMAC: > - alginfo_a.algtype = OP_ALG_ALGSEL_SHA384; > - alginfo_a.algmode = OP_ALG_AAI_HMAC; > - shared_desc_len = cnstr_shdsc_hmac( > - cdb->sh_desc, true, > - swap, SHR_NEVER, &alginfo_a, > - !ses->dir, > - ses->digest_length); > - break; > case RTE_CRYPTO_AUTH_SHA512_HMAC: > - alginfo_a.algtype = OP_ALG_ALGSEL_SHA512; > - alginfo_a.algmode = OP_ALG_AAI_HMAC; > shared_desc_len = cnstr_shdsc_hmac( > cdb->sh_desc, true, > swap, SHR_NEVER, &alginfo_a, > @@ -773,9 +553,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > ses->digest_length); > break; > case RTE_CRYPTO_AUTH_SNOW3G_UIA2: > - alginfo_a.algtype = OP_ALG_ALGSEL_SNOW_F9; > - alginfo_a.algmode = OP_ALG_AAI_F9; > - ses->auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2; > shared_desc_len = cnstr_shdsc_snow_f9( > cdb->sh_desc, true, swap, > &alginfo_a, > @@ -783,9 +560,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > ses->digest_length); > break; > case RTE_CRYPTO_AUTH_ZUC_EIA3: > - alginfo_a.algtype = OP_ALG_ALGSEL_ZUCA; > - alginfo_a.algmode = OP_ALG_AAI_F9; > - ses->auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3; > shared_desc_len = cnstr_shdsc_zuca( > cdb->sh_desc, true, swap, > &alginfo_a, > @@ -795,8 +569,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > default: > DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg); > } > - } else if (is_aead(ses)) { > - caam_aead_alg(ses, &alginfo); > + break; > + case DPAA_SEC_AEAD: > if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { > DPAA_SEC_ERR("not supported aead alg"); > return -ENOTSUP; > @@ -805,6 +579,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > alginfo.keylen = ses->aead_key.length; > alginfo.key_enc_flags = 0; > alginfo.key_type = RTA_DATA_IMM; > + alginfo.algtype = ses->aead_key.alg; > + alginfo.algmode = ses->aead_key.algmode; > > if (ses->dir == DIR_ENC) > shared_desc_len = cnstr_shdsc_gcm_encap( > @@ -818,28 +594,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > &alginfo, > ses->iv.length, > ses->digest_length); > - } else { > - caam_cipher_alg(ses, &alginfo_c); > - if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { > - DPAA_SEC_ERR("not supported cipher alg"); > - return -ENOTSUP; > - } > - > + break; > + case DPAA_SEC_CIPHER_HASH: > alginfo_c.key = (size_t)ses->cipher_key.data; > alginfo_c.keylen = ses->cipher_key.length; > alginfo_c.key_enc_flags = 0; > alginfo_c.key_type = RTA_DATA_IMM; > - > - caam_auth_alg(ses, &alginfo_a); > - if (alginfo_a.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { > - DPAA_SEC_ERR("not supported auth alg"); > - return -ENOTSUP; > - } > + alginfo_c.algtype = ses->cipher_key.alg; > + alginfo_c.algmode = ses->cipher_key.algmode; > > alginfo_a.key = (size_t)ses->auth_key.data; > alginfo_a.keylen = ses->auth_key.length; > alginfo_a.key_enc_flags = 0; > alginfo_a.key_type = RTA_DATA_IMM; > + alginfo_a.algtype = ses->auth_key.alg; > + alginfo_a.algmode = ses->auth_key.algmode; > > cdb->sh_desc[0] = alginfo_c.keylen; > cdb->sh_desc[1] = alginfo_a.keylen; > @@ -876,6 +645,11 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) > true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a, > ses->iv.length, > ses->digest_length, ses->dir); > + break; > + case DPAA_SEC_HASH_CIPHER: > + default: > + DPAA_SEC_ERR("error: Unsupported session"); > + return -ENOTSUP; > } > > if (shared_desc_len < 0) { > @@ -2053,18 +1827,22 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, > if (rte_pktmbuf_is_contiguous(op->sym->m_src) && > ((op->sym->m_dst == NULL) || > rte_pktmbuf_is_contiguous(op->sym->m_dst))) { > - if (is_proto_ipsec(ses)) { > - cf = build_proto(op, ses); > - } else if (is_proto_pdcp(ses)) { > + switch (ses->ctxt) { > + case DPAA_SEC_PDCP: > + case DPAA_SEC_IPSEC: > cf = build_proto(op, ses); > - } else if (is_auth_only(ses)) { > + break; > + case DPAA_SEC_AUTH: > cf = build_auth_only(op, ses); > - } else if (is_cipher_only(ses)) { > + break; > + case DPAA_SEC_CIPHER: > cf = build_cipher_only(op, ses); > - } else if (is_aead(ses)) { > + break; > + case DPAA_SEC_AEAD: > cf = build_cipher_auth_gcm(op, ses); > auth_hdr_len = ses->auth_only_len; > - } else if (is_auth_cipher(ses)) { > + break; > + case DPAA_SEC_CIPHER_HASH: > auth_hdr_len = > op->sym->cipher.data.offset > - op->sym->auth.data.offset; > @@ -2073,23 +1851,30 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, > - op->sym->cipher.data.length > - auth_hdr_len; > cf = build_cipher_auth(op, ses); > - } else { > + break; > + default: > DPAA_SEC_DP_ERR("not supported ops"); > frames_to_send = loop; > nb_ops = loop; > goto send_pkts; > } > } else { > - if (is_proto_pdcp(ses) || is_proto_ipsec(ses)) { > + switch (ses->ctxt) { > + case DPAA_SEC_PDCP: > + case DPAA_SEC_IPSEC: > cf = build_proto_sg(op, ses); > - } else if (is_auth_only(ses)) { > + break; > + case DPAA_SEC_AUTH: > cf = build_auth_only_sg(op, ses); > - } else if (is_cipher_only(ses)) { > + break; > + case DPAA_SEC_CIPHER: > cf = build_cipher_only_sg(op, ses); > - } else if (is_aead(ses)) { > + break; > + case DPAA_SEC_AEAD: > cf = build_cipher_auth_gcm_sg(op, ses); > auth_hdr_len = ses->auth_only_len; > - } else if (is_auth_cipher(ses)) { > + break; > + case DPAA_SEC_CIPHER_HASH: > auth_hdr_len = > op->sym->cipher.data.offset > - op->sym->auth.data.offset; > @@ -2098,7 +1883,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, > - op->sym->cipher.data.length > - auth_hdr_len; > cf = build_cipher_auth_sg(op, ses); > - } else { > + break; > + default: > DPAA_SEC_DP_ERR("not supported ops"); > frames_to_send = loop; > nb_ops = loop; > @@ -2282,6 +2068,31 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused, > > memcpy(session->cipher_key.data, xform->cipher.key.data, > xform->cipher.key.length); > + switch (xform->cipher.algo) { > + case RTE_CRYPTO_CIPHER_AES_CBC: > + session->cipher_key.alg = OP_ALG_ALGSEL_AES; > + session->cipher_key.algmode = OP_ALG_AAI_CBC; > + break; > + case RTE_CRYPTO_CIPHER_3DES_CBC: > + session->cipher_key.alg = OP_ALG_ALGSEL_3DES; > + session->cipher_key.algmode = OP_ALG_AAI_CBC; > + break; > + case RTE_CRYPTO_CIPHER_AES_CTR: > + session->cipher_key.alg = OP_ALG_ALGSEL_AES; > + session->cipher_key.algmode = OP_ALG_AAI_CTR; > + break; > + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: > + session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8; > + break; > + case RTE_CRYPTO_CIPHER_ZUC_EEA3: > + session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE; > + break; > + default: > + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", > + xform->cipher.algo); > + rte_free(session->cipher_key.data); > + return -1; > + } > session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ? > DIR_ENC : DIR_DEC; > > @@ -2309,18 +2120,165 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused, > > memcpy(session->auth_key.data, xform->auth.key.data, > xform->auth.key.length); > + > + switch (xform->auth.algo) { > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA1; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_MD5_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_MD5; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA224; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA256_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA256; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA384_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA384; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA512_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA512; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: > + session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9; > + session->auth_key.algmode = OP_ALG_AAI_F9; > + break; > + case RTE_CRYPTO_AUTH_ZUC_EIA3: > + session->auth_key.alg = OP_ALG_ALGSEL_ZUCA; > + session->auth_key.algmode = OP_ALG_AAI_F9; > + break; > + default: > + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u", > + xform->auth.algo); > + rte_free(session->auth_key.data); > + return -1; > + } > + > session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ? > DIR_ENC : DIR_DEC; > > return 0; > } > > +static int > +dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused, > + struct rte_crypto_sym_xform *xform, > + dpaa_sec_session *session) > +{ > + > + struct rte_crypto_cipher_xform *cipher_xform; > + struct rte_crypto_auth_xform *auth_xform; > + > + if (session->auth_cipher_text) { > + cipher_xform = &xform->cipher; > + auth_xform = &xform->next->auth; > + } else { > + cipher_xform = &xform->next->cipher; > + auth_xform = &xform->auth; > + } > + > + /* Set IV parameters */ > + session->iv.offset = cipher_xform->iv.offset; > + session->iv.length = cipher_xform->iv.length; > + > + session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length, > + RTE_CACHE_LINE_SIZE); > + if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) { > + DPAA_SEC_ERR("No Memory for cipher key"); > + return -1; > + } > + session->cipher_key.length = cipher_xform->key.length; > + session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length, > + RTE_CACHE_LINE_SIZE); > + if (session->auth_key.data == NULL && auth_xform->key.length > 0) { > + DPAA_SEC_ERR("No Memory for auth key"); > + rte_free(session->cipher_key.data); > + return -ENOMEM; > + } > + session->auth_key.length = auth_xform->key.length; > + memcpy(session->cipher_key.data, cipher_xform->key.data, > + cipher_xform->key.length); > + memcpy(session->auth_key.data, auth_xform->key.data, > + auth_xform->key.length); > + > + session->digest_length = auth_xform->digest_length; > + session->auth_alg = auth_xform->algo; > + > + switch (auth_xform->algo) { > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA1; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_MD5_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_MD5; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA224; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA256_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA256; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA384_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA384; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA512_HMAC: > + session->auth_key.alg = OP_ALG_ALGSEL_SHA512; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + default: > + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u", > + auth_xform->algo); > + goto error_out; > + } > + > + session->cipher_alg = cipher_xform->algo; > + > + switch (cipher_xform->algo) { > + case RTE_CRYPTO_CIPHER_AES_CBC: > + session->cipher_key.alg = OP_ALG_ALGSEL_AES; > + session->cipher_key.algmode = OP_ALG_AAI_CBC; > + break; > + case RTE_CRYPTO_CIPHER_3DES_CBC: > + session->cipher_key.alg = OP_ALG_ALGSEL_3DES; > + session->cipher_key.algmode = OP_ALG_AAI_CBC; > + break; > + case RTE_CRYPTO_CIPHER_AES_CTR: > + session->cipher_key.alg = OP_ALG_ALGSEL_AES; > + session->cipher_key.algmode = OP_ALG_AAI_CTR; > + break; > + default: > + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", > + cipher_xform->algo); > + goto error_out; > + } > + session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ? > + DIR_ENC : DIR_DEC; > + return 0; > + > +error_out: > + rte_free(session->cipher_key.data); > + rte_free(session->auth_key.data); > + return -1; > +} > + > static int > dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused, > struct rte_crypto_sym_xform *xform, > dpaa_sec_session *session) > { > session->aead_alg = xform->aead.algo; > + session->ctxt = DPAA_SEC_AEAD; > session->iv.length = xform->aead.iv.length; > session->iv.offset = xform->aead.iv.offset; > session->auth_only_len = xform->aead.aad_length; > @@ -2335,6 +2293,18 @@ dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused, > > memcpy(session->aead_key.data, xform->aead.key.data, > xform->aead.key.length); > + > + switch (session->aead_alg) { > + case RTE_CRYPTO_AEAD_AES_GCM: > + session->aead_key.alg = OP_ALG_ALGSEL_AES; > + session->aead_key.algmode = OP_ALG_AAI_GCM; > + break; > + default: > + DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg); > + rte_free(session->aead_key.data); > + return -ENOMEM; > + } > + > session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ? > DIR_ENC : DIR_DEC; > > @@ -2422,31 +2392,34 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev, > /* Cipher Only */ > if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) { > session->auth_alg = RTE_CRYPTO_AUTH_NULL; > + session->ctxt = DPAA_SEC_CIPHER; > dpaa_sec_cipher_init(dev, xform, session); > > /* Authentication Only */ > } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && > xform->next == NULL) { > session->cipher_alg = RTE_CRYPTO_CIPHER_NULL; > + session->ctxt = DPAA_SEC_AUTH; > dpaa_sec_auth_init(dev, xform, session); > > /* Cipher then Authenticate */ > } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && > xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { > if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { > - dpaa_sec_cipher_init(dev, xform, session); > - dpaa_sec_auth_init(dev, xform->next, session); > + session->ctxt = DPAA_SEC_CIPHER_HASH; > + session->auth_cipher_text = 1; > + dpaa_sec_chain_init(dev, xform, session); > } else { > DPAA_SEC_ERR("Not supported: Auth then Cipher"); > return -EINVAL; > } > - > /* Authenticate then Cipher */ > } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && > xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { > if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { > - dpaa_sec_auth_init(dev, xform, session); > - dpaa_sec_cipher_init(dev, xform->next, session); > + session->ctxt = DPAA_SEC_CIPHER_HASH; > + session->auth_cipher_text = 0; > + dpaa_sec_chain_init(dev, xform, session); > } else { > DPAA_SEC_ERR("Not supported: Auth then Cipher"); > return -EINVAL; > @@ -2574,6 +2547,7 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, > cipher_xform = &conf->crypto_xform->next->cipher; > } > session->proto_alg = conf->protocol; > + session->ctxt = DPAA_SEC_IPSEC; > > if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) { > session->cipher_key.data = rte_zmalloc(NULL, > @@ -2589,9 +2563,20 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, > session->cipher_key.length = cipher_xform->key.length; > > switch (cipher_xform->algo) { > + case RTE_CRYPTO_CIPHER_NULL: > + session->cipher_key.alg = OP_PCL_IPSEC_NULL; > + break; > case RTE_CRYPTO_CIPHER_AES_CBC: > + session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC; > + session->cipher_key.algmode = OP_ALG_AAI_CBC; > + break; > case RTE_CRYPTO_CIPHER_3DES_CBC: > + session->cipher_key.alg = OP_PCL_IPSEC_3DES; > + session->cipher_key.algmode = OP_ALG_AAI_CBC; > + break; > case RTE_CRYPTO_CIPHER_AES_CTR: > + session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR; > + session->cipher_key.algmode = OP_ALG_AAI_CTR; > break; > default: > DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u", > @@ -2620,12 +2605,33 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, > session->auth_key.length = auth_xform->key.length; > > switch (auth_xform->algo) { > - case RTE_CRYPTO_AUTH_SHA1_HMAC: > + case RTE_CRYPTO_AUTH_NULL: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL; > + session->digest_length = 0; > + break; > case RTE_CRYPTO_AUTH_MD5_HMAC: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA1_HMAC: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > + case RTE_CRYPTO_AUTH_SHA224_HMAC: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_160; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > case RTE_CRYPTO_AUTH_SHA256_HMAC: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > case RTE_CRYPTO_AUTH_SHA384_HMAC: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > + break; > case RTE_CRYPTO_AUTH_SHA512_HMAC: > - case RTE_CRYPTO_AUTH_AES_CMAC: > + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256; > + session->auth_key.algmode = OP_ALG_AAI_HMAC; > break; > default: > DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", > @@ -2766,7 +2772,28 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, > } > > session->proto_alg = conf->protocol; > + session->ctxt = DPAA_SEC_PDCP; > + > if (cipher_xform) { > + switch (cipher_xform->algo) { > + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: > + session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW; > + break; > + case RTE_CRYPTO_CIPHER_ZUC_EEA3: > + session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC; > + break; > + case RTE_CRYPTO_CIPHER_AES_CTR: > + session->cipher_key.alg = PDCP_CIPHER_TYPE_AES; > + break; > + case RTE_CRYPTO_CIPHER_NULL: > + session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL; > + break; > + default: > + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", > + session->cipher_alg); > + return -1; > + } > + > session->cipher_key.data = rte_zmalloc(NULL, > cipher_xform->key.length, > RTE_CACHE_LINE_SIZE); > @@ -2798,6 +2825,25 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, > } > > if (auth_xform) { > + switch (auth_xform->algo) { > + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: > + session->auth_key.alg = PDCP_AUTH_TYPE_SNOW; > + break; > + case RTE_CRYPTO_AUTH_ZUC_EIA3: > + session->auth_key.alg = PDCP_AUTH_TYPE_ZUC; > + break; > + case RTE_CRYPTO_AUTH_AES_CMAC: > + session->auth_key.alg = PDCP_AUTH_TYPE_AES; > + break; > + case RTE_CRYPTO_AUTH_NULL: > + session->auth_key.alg = PDCP_AUTH_TYPE_NULL; > + break; > + default: > + DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", > + session->auth_alg); > + rte_free(session->cipher_key.data); > + return -1; > + } > session->auth_key.data = rte_zmalloc(NULL, > auth_xform->key.length, > RTE_CACHE_LINE_SIZE); > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h > index 149923aa1..a661d5a56 100644 > --- a/drivers/crypto/dpaa_sec/dpaa_sec.h > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h > @@ -38,14 +38,19 @@ enum dpaa_sec_op_type { > DPAA_SEC_NONE, /*!< No Cipher operations*/ > DPAA_SEC_CIPHER,/*!< CIPHER operations */ > DPAA_SEC_AUTH, /*!< Authentication Operations */ > - DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */ > + DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ > + DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with > + * associated data > + */ > + DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated > + * associated data > + */ > DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ > DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ > DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ > DPAA_SEC_MAX > }; > > - > #define DPAA_SEC_MAX_DESC_SIZE 64 > /* code or cmd block to caam */ > struct sec_cdb { > @@ -113,6 +118,7 @@ struct sec_pdcp_ctxt { > > typedef struct dpaa_sec_session_entry { > uint8_t dir; /*!< Operation Direction */ > + uint8_t ctxt; /*!< Session Context Type */ > enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ > enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ > enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ > @@ -121,15 +127,21 @@ typedef struct dpaa_sec_session_entry { > struct { > uint8_t *data; /**< pointer to key data */ > size_t length; /**< key length in bytes */ > + uint32_t alg; > + uint32_t algmode; > } aead_key; > struct { > struct { > uint8_t *data; /**< pointer to key data */ > size_t length; /**< key length in bytes */ > + uint32_t alg; > + uint32_t algmode; > } cipher_key; > struct { > uint8_t *data; /**< pointer to key data */ > size_t length; /**< key length in bytes */ > + uint32_t alg; > + uint32_t algmode; > } auth_key; > }; > }; > @@ -148,6 +160,8 @@ typedef struct dpaa_sec_session_entry { > struct ip ip4_hdr; > struct rte_ipv6_hdr ip6_hdr; > }; > + uint8_t auth_cipher_text; > + /**< Authenticate/cipher ordering */ > }; > struct sec_pdcp_ctxt pdcp; > };