From patchwork Tue Dec 19 18:00:11 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Github ODP bot <odpbot@yandex.ru>
X-Patchwork-Id: 122402
Delivered-To: patch@linaro.org
Received: by 10.140.22.227 with SMTP id 90csp4484729qgn;
 Tue, 19 Dec 2017 10:01:41 -0800 (PST)
X-Google-Smtp-Source: ACJfBotrcQpLVjJypUmnZEc6k1xIoi0qOFJF78WUCo5vf/mkbPKA+4aX+ZoMf/uDzM4iFlG+bxW+
X-Received: by 10.55.91.70 with SMTP id p67mr6256357qkb.74.1513706501753;
 Tue, 19 Dec 2017 10:01:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1513706501; cv=none;
 d=google.com; s=arc-20160816;
 b=uSlRyJkgNA1BhqgTyZPTUqZS2MdTCHYGrixuvpxINvLhGNd88NAI+GIaKCSS+MUr/l
 5Pez6gJAf7r2f7wav6WDSbLdTZoBuE8tS+ZfFybOmNnXkmCIHsm48pAFyF6kxoinhTb/
 TcBRCRoXGnG75IyvPT5F4JgQVEF3z39V3uycLcVgn85205ydqs7il0vNu2IfTMg612gE
 dA48+CJrqAOiU1WZW5V7ggXmponliqGAcFB94pRc3fqPmmghASLfuC2R8V+9/m8+yYL9
 Bof2Y+fFkF1TKywQbs+U8lqb2X7+UL4aVg63Gv/NwF0zectisbmJBnfHPGXEn68GDRgU
 Gepg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:github-pr-num
 :references:in-reply-to:message-id:date:to:from:delivered-to
 :arc-authentication-results;
 bh=u7Sjg9s6DXDCazM8J2jWpTZp31f7WEsj06KSIJXyKIw=;
 b=FWXhmkLAOKqeht7ZDU9l6o2MiyrBSzlKw5KkDpEmajrhJq6V7bQPaIy9clcEmXkXQf
 V3mN1VRgd6gYzJ5jmd5jXhv/wIvCzq9lQzPqn0t8CeYXFeypgN8sVo99F1jYuR9RNG4w
 WqxYJH2Ohr0MRtoiZlhNseyRvwrtPOexsvQg7n46el1m4zZ4nLXt7JaHAm6Pa1jHmEg2
 oXaOR08z3XWjWFEgKG00KdRUMIo7L3Ezo1pBEb4qT2Iy8XnMgZ12XT7hoG9X1ankXrUV
 t69qy9WKPW+dKzOcshhZmNpR8qoP3o/PwhP8TNaVkSbkTCp2hki5rxy6pA1ZT3qAekA7
 enOg==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Return-Path: <lng-odp-bounces@lists.linaro.org>
Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com.
 [54.197.127.237])
 by mx.google.com with ESMTP id u23si7942706qtu.56.2017.12.19.10.01.41;
 Tue, 19 Dec 2017 10:01:41 -0800 (PST)
Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 client-ip=54.197.127.237; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org
 designates 54.197.127.237 as permitted sender)
 smtp.mailfrom=lng-odp-bounces@lists.linaro.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru
Received: by lists.linaro.org (Postfix, from userid 109)
 id 5E5C16096B; Tue, 19 Dec 2017 18:01:41 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=disabled
 version=3.4.0
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by lists.linaro.org (Postfix) with ESMTP id 02E17608DC;
 Tue, 19 Dec 2017 18:01:32 +0000 (UTC)
X-Original-To: lng-odp@lists.linaro.org
Delivered-To: lng-odp@lists.linaro.org
Received: by lists.linaro.org (Postfix, from userid 109)
 id A9C7360907; Tue, 19 Dec 2017 18:01:27 +0000 (UTC)
Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net
 [77.88.28.101])
 by lists.linaro.org (Postfix) with ESMTPS id 17515608E8
 for <lng-odp@lists.linaro.org>; Tue, 19 Dec 2017 18:01:21 +0000 (UTC)
Received: from mxback11g.mail.yandex.net (mxback11g.mail.yandex.net
 [IPv6:2a02:6b8:0:1472:2741:0:8b7:90])
 by forward101p.mail.yandex.net (Yandex) with ESMTP id 7649C6A823A1
 for <lng-odp@lists.linaro.org>; Tue, 19 Dec 2017 21:01:19 +0300 (MSK)
Received: from smtp2p.mail.yandex.net (smtp2p.mail.yandex.net
 [2a02:6b8:0:1472:2741:0:8b6:7])
 by mxback11g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id
 qXOJ0Eiznr-1JZ4G2b6; Tue, 19 Dec 2017 21:01:19 +0300
Received: by smtp2p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 0LSLb99cI8-1CSOmRRE; Tue, 19 Dec 2017 21:01:12 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
 (Client certificate not present)
From: Github ODP bot <odpbot@yandex.ru>
To: lng-odp@lists.linaro.org
Date: Tue, 19 Dec 2017 21:00:11 +0300
Message-Id: <1513706411-15615-4-git-send-email-odpbot@yandex.ru>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1513706411-15615-1-git-send-email-odpbot@yandex.ru>
References: <1513706411-15615-1-git-send-email-odpbot@yandex.ru>
Github-pr-num: 351
Subject: [lng-odp] [PATCH API-NEXT v2 3/3] linux-gen: ipsec: adapt to
 capability changes
X-BeenThere: lng-odp@lists.linaro.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "The OpenDataPlane \(ODP\) List" <lng-odp.lists.linaro.org>
List-Unsubscribe: <https://lists.linaro.org/mailman/options/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=unsubscribe>
List-Archive: <http://lists.linaro.org/pipermail/lng-odp/>
List-Post: <mailto:lng-odp@lists.linaro.org>
List-Help: <mailto:lng-odp-request@lists.linaro.org?subject=help>
List-Subscribe: <https://lists.linaro.org/mailman/listinfo/lng-odp>,
 <mailto:lng-odp-request@lists.linaro.org?subject=subscribe>
Errors-To: lng-odp-bounces@lists.linaro.org
Sender: "lng-odp" <lng-odp-bounces@lists.linaro.org>

From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
---
/** Email created from pull request 351 (lumag:ipsec_crypto_caps)
 ** https://github.com/Linaro/odp/pull/351
 ** Patch: https://github.com/Linaro/odp/pull/351.patch
 ** Base sha: 12fd3a9224a856271934986a1bad981843915d68
 ** Merge commit sha: 178b98f2e440762b31d9e91d85aafbe82829c231
 **/
 .../linux-generic/include/odp_ipsec_internal.h     |  6 ++
 platform/linux-generic/odp_ipsec.c                 | 48 ++++++++++-
 platform/linux-generic/odp_ipsec_sad.c             | 97 ++++++++++++++--------
 3 files changed, 114 insertions(+), 37 deletions(-)

diff --git a/platform/linux-generic/include/odp_ipsec_internal.h b/platform/linux-generic/include/odp_ipsec_internal.h
index c6f241fac..70a583c5b 100644
--- a/platform/linux-generic/include/odp_ipsec_internal.h
+++ b/platform/linux-generic/include/odp_ipsec_internal.h
@@ -206,6 +206,12 @@ typedef struct ODP_PACKED {
 	odp_u32be_t seq_no;  /**< Sequence Number */
 } ipsec_aad_t;
 
+/* Return IV length required for the cipher for IPsec use */
+uint32_t _odp_ipsec_cipher_iv_len(odp_cipher_alg_t cipher);
+
+/* Return digest length required for the cipher for IPsec use */
+uint32_t _odp_ipsec_auth_digest_len(odp_auth_alg_t auth);
+
 /**
  * Obtain SA reference
  */
diff --git a/platform/linux-generic/odp_ipsec.c b/platform/linux-generic/odp_ipsec.c
index 4f23eb17b..89a05acdb 100644
--- a/platform/linux-generic/odp_ipsec.c
+++ b/platform/linux-generic/odp_ipsec.c
@@ -58,15 +58,55 @@ int odp_ipsec_capability(odp_ipsec_capability_t *capa)
 }
 
 int odp_ipsec_cipher_capability(odp_cipher_alg_t cipher,
-				odp_crypto_cipher_capability_t capa[], int num)
+				odp_ipsec_cipher_capability_t capa[], int num)
 {
-	return odp_crypto_cipher_capability(cipher, capa, num);
+	int caps = odp_crypto_cipher_capability(cipher, NULL, 0);
+	odp_crypto_cipher_capability_t crypto_capa[caps];
+	uint32_t req_iv_len;
+	int rc, i, out;
+
+	rc = odp_crypto_cipher_capability(cipher, crypto_capa, caps);
+	if (rc <= 0)
+		return rc;
+
+	req_iv_len = _odp_ipsec_cipher_iv_len(cipher);
+	for (i = 0, out = 0; i < rc; i++) {
+		if (crypto_capa[i].iv_len != req_iv_len)
+			continue;
+
+		if (out < num)
+			capa[out].key_len = crypto_capa[i].key_len;
+		out ++;
+	}
+
+	return out;
 }
 
 int odp_ipsec_auth_capability(odp_auth_alg_t auth,
-			      odp_crypto_auth_capability_t capa[], int num)
+			      odp_ipsec_auth_capability_t capa[], int num)
 {
-	return odp_crypto_auth_capability(auth, capa, num);
+	int caps = odp_crypto_auth_capability(auth, NULL, 0);
+	odp_crypto_auth_capability_t crypto_capa[caps];
+	uint32_t req_digest_len;
+	int rc, i, out;
+
+	rc = odp_crypto_auth_capability(auth, crypto_capa, caps);
+	if (rc <= 0)
+		return rc;
+
+	req_digest_len = _odp_ipsec_auth_digest_len(auth);
+	for (i = 0, out = 0; i < rc; i++) {
+		if (crypto_capa[i].digest_len != req_digest_len)
+			continue;
+
+		/* FIXME: check AAD len for AES_GCM/AES128_GCM */
+
+		if (out < num)
+			capa[out].key_len = crypto_capa[i].key_len;
+		out ++;
+	}
+
+	return out;
 }
 
 void odp_ipsec_config_init(odp_ipsec_config_t *config)
diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 2d6321166..1dbfc5444 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -190,12 +190,66 @@ void odp_ipsec_sa_param_init(odp_ipsec_sa_param_t *param)
 	param->dest_queue = ODP_QUEUE_INVALID;
 }
 
+/* Return IV length required for the cipher for IPsec use */
+uint32_t _odp_ipsec_cipher_iv_len(odp_cipher_alg_t cipher)
+{
+	switch (cipher) {
+	case ODP_CIPHER_ALG_NULL:
+		return 0;
+	case ODP_CIPHER_ALG_DES:
+	case ODP_CIPHER_ALG_3DES_CBC:
+		return 8;
+#if ODP_DEPRECATED_API
+	case ODP_CIPHER_ALG_AES128_CBC:
+#endif
+	case ODP_CIPHER_ALG_AES_CBC:
+	case ODP_CIPHER_ALG_AES_CTR:
+		return 16;
+#if ODP_DEPRECATED_API
+	case ODP_CIPHER_ALG_AES128_GCM:
+#endif
+	case ODP_CIPHER_ALG_AES_GCM:
+		return 12;
+	default:
+		return (uint32_t)-1;
+	}
+}
+
+/* Return digest length required for the cipher for IPsec use */
+uint32_t _odp_ipsec_auth_digest_len(odp_auth_alg_t auth)
+{
+	switch (auth) {
+	case ODP_AUTH_ALG_NULL:
+		return 0;
+#if ODP_DEPRECATED_API
+	case ODP_AUTH_ALG_MD5_96:
+#endif
+	case ODP_AUTH_ALG_MD5_HMAC:
+	case ODP_AUTH_ALG_SHA1_HMAC:
+		return 12;
+#if ODP_DEPRECATED_API
+	case ODP_AUTH_ALG_SHA256_128:
+#endif
+	case ODP_AUTH_ALG_SHA256_HMAC:
+		return 16;
+	case ODP_AUTH_ALG_SHA512_HMAC:
+		return 32;
+#if ODP_DEPRECATED_API
+	case ODP_AUTH_ALG_AES128_GCM:
+#endif
+	case ODP_AUTH_ALG_AES_GCM:
+	case ODP_AUTH_ALG_AES_GMAC:
+		return 16;
+	default:
+		return (uint32_t)-1;
+	}
+}
+
 odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 {
 	ipsec_sa_t *ipsec_sa;
 	odp_crypto_session_param_t crypto_param;
 	odp_crypto_ses_create_err_t ses_create_rc;
-	uint32_t aad_len = 0;
 
 	ipsec_sa = ipsec_sa_reserve();
 	if (NULL == ipsec_sa) {
@@ -297,17 +351,21 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 	crypto_param.auth_alg = param->crypto.auth_alg;
 	crypto_param.auth_key = param->crypto.auth_key;
 
+	crypto_param.iv.length =
+		_odp_ipsec_cipher_iv_len(crypto_param.cipher_alg);
+
+	crypto_param.auth_digest_len =
+		_odp_ipsec_auth_digest_len(crypto_param.auth_alg);
+
 	switch (crypto_param.cipher_alg) {
 	case ODP_CIPHER_ALG_NULL:
 		ipsec_sa->esp_iv_len = 0;
 		ipsec_sa->esp_block_len = 1;
-		crypto_param.iv.length = 0;
 		break;
 	case ODP_CIPHER_ALG_DES:
 	case ODP_CIPHER_ALG_3DES_CBC:
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 8;
-		crypto_param.iv.length = 8;
 		break;
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_CBC:
@@ -315,14 +373,12 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 	case ODP_CIPHER_ALG_AES_CBC:
 		ipsec_sa->esp_iv_len = 16;
 		ipsec_sa->esp_block_len = 16;
-		crypto_param.iv.length = 16;
 		break;
 	case ODP_CIPHER_ALG_AES_CTR:
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->aes_ctr_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;
-		crypto_param.iv.length = 16;
 		break;
 #if ODP_DEPRECATED_API
 	case ODP_CIPHER_ALG_AES128_GCM:
@@ -331,40 +387,17 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;
-		crypto_param.iv.length = 12;
 		break;
 	default:
 		goto error;
 	}
 
 	switch (crypto_param.auth_alg) {
-	case ODP_AUTH_ALG_NULL:
-		ipsec_sa->icv_len = 0;
-		break;
-#if ODP_DEPRECATED_API
-	case ODP_AUTH_ALG_MD5_96:
-#endif
-	case ODP_AUTH_ALG_MD5_HMAC:
-		ipsec_sa->icv_len = 12;
-		break;
-	case ODP_AUTH_ALG_SHA1_HMAC:
-		ipsec_sa->icv_len = 12;
-		break;
-#if ODP_DEPRECATED_API
-	case ODP_AUTH_ALG_SHA256_128:
-#endif
-	case ODP_AUTH_ALG_SHA256_HMAC:
-		ipsec_sa->icv_len = 16;
-		break;
-	case ODP_AUTH_ALG_SHA512_HMAC:
-		ipsec_sa->icv_len = 32;
-		break;
 #if ODP_DEPRECATED_API
 	case ODP_AUTH_ALG_AES128_GCM:
 #endif
 	case ODP_AUTH_ALG_AES_GCM:
-		ipsec_sa->icv_len = 16;
-		aad_len = sizeof(ipsec_aad_t);
+		crypto_param.auth_aad_len = sizeof(ipsec_aad_t);
 		break;
 	case ODP_AUTH_ALG_AES_GMAC:
 		if (ODP_CIPHER_ALG_NULL != crypto_param.cipher_alg)
@@ -372,19 +405,17 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 		ipsec_sa->use_counter_iv = 1;
 		ipsec_sa->esp_iv_len = 8;
 		ipsec_sa->esp_block_len = 16;
-		ipsec_sa->icv_len = 16;
 		crypto_param.iv.length = 12;
 		break;
 	default:
-		goto error;
+		break;
 	}
 
 	if (1 == ipsec_sa->use_counter_iv &&
 	    ODP_IPSEC_DIR_OUTBOUND == param->dir)
 		odp_atomic_init_u64(&ipsec_sa->out.counter, 1);
 
-	crypto_param.auth_digest_len = ipsec_sa->icv_len;
-	crypto_param.auth_aad_len    = aad_len;
+	ipsec_sa->icv_len = crypto_param.auth_digest_len;
 
 	if (param->crypto.cipher_key_extra.length) {
 		if (param->crypto.cipher_key_extra.length >