From patchwork Thu Jan 14 07:05:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hemant Agrawal X-Patchwork-Id: 362818 Delivered-To: patch@linaro.org Received: by 2002:a02:ccad:0:0:0:0:0 with SMTP id t13csp237298jap; Wed, 13 Jan 2021 23:16:16 -0800 (PST) X-Google-Smtp-Source: ABdhPJxTN4lMOXtc3Jx7O7qP0UE2CMdKNLVOf4/OJX/Ku2uG1qPulzMZtxzDZUGkfG94B3JFIrrL X-Received: by 2002:a17:906:dfda:: with SMTP id jt26mr4193818ejc.240.1610608576220; Wed, 13 Jan 2021 23:16:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610608576; cv=none; d=google.com; s=arc-20160816; b=D+snHv/gEcOE8SfR6SEMcOOYuWjtlNJkuaW2iWw/ENRHJWIyGkpv67c78URHb1NXX6 GYLzn3hrwdhrIGYXOH+dKL7btnY2RiTBUiajwJACYk40IC+O+BX5NiMK2syzujbVMdNQ O6Sf5T22RnD7GgK5teSRGKTm6sqFY+WwhO5aitn88GyH+1S5bDMJn/MSjAAovBMSwzg7 2frsE7F0xhXMjoRSiqjTw9txM/tYwYv5T3VfeQu56K1RZ4VFOSpSwSX6WVaF2OHIn51h uMUqHKBHvu/Fwid7gqH16Tgb8SNFggVwkgOdGV+TakAkAWuwS113og7jk0V/jNxeNR0v fZxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from; bh=mFN2mXxfdt4u+G8+NY1d+t9vR1R02Sbh1RSmkwDyPnc=; b=pWTlvnLGDYheaRIWThGm0FleCBfpFEl1SjpzI7wv2tE+N3ALnRg6bpfWFk7E7474YG SQMHU9pQLat8V/aAw0hyWrhaU97z6Q5oWZBMPg2lM+fEsHyxcNjXayCZCdBQgsEOG7c1 dHATQ296i9HUxaWxlh/0qtzA0k+qXew1b2UdJLt8UUiLtlT2YhrdrGxvriZUW2BqZ1IC hFFe4CcyycbZRjd058L95CCp9iH69Vhv/0MKqctANzhtbRl0ghTWwHHBya+xiskZODqy yq8gb2vjZ8sUlQZGd/L8TzEkUKxD7Qd1U0bL1cLUjdrc/cKX7+gTioBDfZoRvMahObSo FKfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from mails.dpdk.org (mails.dpdk.org. [217.70.189.124]) by mx.google.com with ESMTP id s7si2098320edx.227.2021.01.13.23.16.16; Wed, 13 Jan 2021 23:16:16 -0800 (PST) Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) client-ip=217.70.189.124; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F1095140F83; Thu, 14 Jan 2021 08:15:50 +0100 (CET) Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21]) by mails.dpdk.org (Postfix) with ESMTP id D8729140F6D for ; Thu, 14 Jan 2021 08:15:45 +0100 (CET) Received: from inva021.nxp.com (localhost [127.0.0.1]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id B7DDC2011E9; Thu, 14 Jan 2021 08:15:45 +0100 (CET) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 4A2B62006C0; Thu, 14 Jan 2021 08:15:44 +0100 (CET) Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net [10.232.133.63]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 4FAC940323; Thu, 14 Jan 2021 08:15:42 +0100 (CET) From: Hemant Agrawal To: dev@dpdk.org, akhil.goyal@nxp.com Date: Thu, 14 Jan 2021 12:35:02 +0530 Message-Id: <20210114070502.16033-5-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210114070502.16033-1-hemant.agrawal@nxp.com> References: <20210107105416.20770-1-hemant.agrawal@nxp.com> <20210114070502.16033-1-hemant.agrawal@nxp.com> X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH v2 5/5] crypto/dpaa2_sec: add support for AES CMAC integrity check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds support for AES_CMAC integrity in non-security mode. This patch modifies the camm flib to handles the AES CMAC without conflicting the proto ALG operations. i.e. by creating another ALG operation routine. Signed-off-by: Hemant Agrawal --- doc/guides/cryptodevs/dpaa2_sec.rst | 1 + doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 + drivers/common/dpaax/caamflib/desc/algo.h | 8 +- drivers/common/dpaax/caamflib/rta.h | 5 +- .../common/dpaax/caamflib/rta/operation_cmd.h | 101 +++++++++++++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 26 +++-- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 23 +++- 7 files changed, 152 insertions(+), 13 deletions(-) -- 2.17.1 diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst index 275ccf28de..a7fc9cef99 100644 --- a/doc/guides/cryptodevs/dpaa2_sec.rst +++ b/doc/guides/cryptodevs/dpaa2_sec.rst @@ -122,6 +122,7 @@ Hash algorithms: * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini index 9828d1528e..a1c91821de 100644 --- a/doc/guides/cryptodevs/features/dpaa2_sec.ini +++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini @@ -48,6 +48,7 @@ SHA512 HMAC = Y SNOW3G UIA2 = Y AES XCBC MAC = Y ZUC EIA3 = Y +AES CMAC (128) = Y ; ; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver. diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h index cf43d9c14c..6bb915054a 100644 --- a/drivers/common/dpaax/caamflib/desc/algo.h +++ b/drivers/common/dpaax/caamflib/desc/algo.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) * * Copyright 2008-2016 Freescale Semiconductor Inc. - * Copyright 2016,2019-2020 NXP + * Copyright 2016,2019-2021 NXP * */ @@ -874,7 +874,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap, } /** - * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC + * cnstr_shdsc_aes_mac - AES_XCBC_MAC, CMAC cases * @descbuf: pointer to descriptor-under-construction buffer * @ps: if 36/40bit addressing is desired, this parameter must be true * @swap: must be true when core endianness doesn't match SEC endianness @@ -892,7 +892,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap, * Return: size of descriptor written in words or negative number on error */ static inline int -cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap, +cnstr_shdsc_aes_mac(uint32_t *descbuf, bool ps, bool swap, enum rta_share_type share, struct alginfo *authdata, uint8_t do_icv, uint8_t trunc_len) @@ -921,7 +921,7 @@ cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap, MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0); /* Do operation */ - ALG_OPERATION(p, authdata->algtype, authdata->algmode, + ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode, OP_ALG_AS_INITFINAL, opicv, dir); /* Do load (variable length) */ diff --git a/drivers/common/dpaax/caamflib/rta.h b/drivers/common/dpaax/caamflib/rta.h index c4bbad0b41..3817314812 100644 --- a/drivers/common/dpaax/caamflib/rta.h +++ b/drivers/common/dpaax/caamflib/rta.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) * * Copyright 2008-2016 Freescale Semiconductor Inc. - * Copyright 2016 NXP + * Copyright 2016,2021 NXP * */ @@ -485,6 +485,9 @@ rta_get_sec_era(void) #define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \ rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc) +#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \ + rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc) + /** * PROTOCOL - Configures PROTOCOL OPERATION command * @program: pointer to struct program diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h index 04732aa3d2..3d339cb0a0 100644 --- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h +++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) * * Copyright 2008-2016 Freescale Semiconductor Inc. - * Copyright 2016,2019 NXP + * Copyright 2016,2019-2021 NXP */ #ifndef __RTA_OPERATION_CMD_H__ @@ -328,6 +328,105 @@ rta_operation(struct program *program, uint32_t cipher_algo, return ret; } +/* For non-proto offload CMAC, GMAC etc cases */ +static inline int +rta_operation2(struct program *program, uint32_t cipher_algo, + uint16_t aai, uint8_t algo_state, + int icv_checking, int enc) +{ + uint32_t opcode = CMD_OPERATION; + unsigned int i, found = 0; + unsigned int start_pc = program->current_pc; + int ret; + + for (i = 0; i < alg_table_sz[rta_sec_era]; i++) { + if (alg_table[i].chipher_algo == cipher_algo) { + if ((aai == OP_ALG_AAI_XCBC_MAC) || + (aai == OP_ALG_AAI_CBC_XCBCMAC) || + (aai == OP_ALG_AAI_CMAC)) + opcode |= cipher_algo | OP_TYPE_CLASS2_ALG; + else + opcode |= cipher_algo | alg_table[i].class; + /* nothing else to verify */ + if (alg_table[i].aai_func == NULL) { + found = 1; + break; + } + + aai &= OP_ALG_AAI_MASK; + + ret = (*alg_table[i].aai_func)(aai); + if (ret < 0) { + pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n", + program->current_pc); + goto err; + } + opcode |= aai; + found = 1; + break; + } + } + if (!found) { + pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n", + program->current_pc); + ret = -EINVAL; + goto err; + } + + switch (algo_state) { + case OP_ALG_AS_UPDATE: + case OP_ALG_AS_INIT: + case OP_ALG_AS_FINALIZE: + case OP_ALG_AS_INITFINAL: + opcode |= algo_state; + break; + default: + pr_err("Invalid Operation Command\n"); + ret = -EINVAL; + goto err; + } + + switch (icv_checking) { + case ICV_CHECK_DISABLE: + /* + * opcode |= OP_ALG_ICV_OFF; + * OP_ALG_ICV_OFF is 0 + */ + break; + case ICV_CHECK_ENABLE: + opcode |= OP_ALG_ICV_ON; + break; + default: + pr_err("Invalid Operation Command\n"); + ret = -EINVAL; + goto err; + } + + switch (enc) { + case DIR_DEC: + /* + * opcode |= OP_ALG_DECRYPT; + * OP_ALG_DECRYPT is 0 + */ + break; + case DIR_ENC: + opcode |= OP_ALG_ENCRYPT; + break; + default: + pr_err("Invalid Operation Command\n"); + ret = -EINVAL; + goto err; + } + + __rta_out32(program, opcode); + program->current_instruction++; + return (int)start_pc; + + err: + program->first_error_pc = start_pc; + return ret; +} + /* * OPERATION PKHA routines */ diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index a7ff5dba92..cab79db3dc 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved. - * Copyright 2016-2020 NXP + * Copyright 2016-2021 NXP * */ @@ -2138,15 +2138,24 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev, authdata.algtype = OP_ALG_ALGSEL_AES; authdata.algmode = OP_ALG_AAI_XCBC_MAC; session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC; - bufsize = cnstr_shdsc_aes_xcbc_mac( + bufsize = cnstr_shdsc_aes_mac( priv->flc_desc[DESC_INITFINAL].desc, 1, 0, SHR_NEVER, &authdata, !session->dir, session->digest_length); break; - case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_AES_CMAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + bufsize = cnstr_shdsc_aes_mac( + priv->flc_desc[DESC_INITFINAL].desc, + 1, 0, SHR_NEVER, &authdata, + !session->dir, + session->digest_length); + break; case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_KASUMI_F9: case RTE_CRYPTO_AUTH_NULL: DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un", @@ -2419,6 +2428,13 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev, authdata.algmode = OP_ALG_AAI_XCBC_MAC; session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC; break; + case RTE_CRYPTO_AUTH_AES_CMAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + break; + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_SNOW3G_UIA2: case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1: @@ -2427,10 +2443,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev, case RTE_CRYPTO_AUTH_SHA224: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_MD5: - case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_KASUMI_F9: - case RTE_CRYPTO_AUTH_AES_CMAC: - case RTE_CRYPTO_AUTH_AES_CBC_MAC: case RTE_CRYPTO_AUTH_ZUC_EIA3: DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u", auth_xform->algo); @@ -2769,6 +2782,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, break; case RTE_CRYPTO_AUTH_AES_CMAC: authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96; + authdata->algmode = OP_ALG_AAI_CMAC; break; case RTE_CRYPTO_AUTH_NULL: authdata->algtype = OP_PCL_IPSEC_HMAC_NULL; diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h index 35cf5b5dad..7dbc69f6cb 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved. - * Copyright 2016,2020 NXP + * Copyright 2016,2020-2021 NXP * */ @@ -526,6 +526,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = { }, } }, } }, + { /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 4 + }, + .aad_size = { 0 } + }, } + }, } + }, { /* NULL (CIPHER) */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = {