diff mbox series

[4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check

Message ID 20210107105416.20770-4-hemant.agrawal@nxp.com
State Superseded
Headers show
Series [1/5] crypto/dpaa2_sec: support AES-XCBC-MAC | expand

Commit Message

Hemant Agrawal Jan. 7, 2021, 10:54 a.m. UTC
This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>

---
 doc/guides/cryptodevs/dpaa2_sec.rst           |   1 +
 doc/guides/cryptodevs/features/dpaa2_sec.ini  |   1 +
 drivers/common/dpaax/caamflib/desc/algo.h     |  16 ++-
 drivers/common/dpaax/caamflib/rta.h           |   3 +
 .../common/dpaax/caamflib/rta/operation_cmd.h | 103 +++++++++++++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  39 ++++++-
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |  21 ++++
 7 files changed, 171 insertions(+), 13 deletions(-)

-- 
2.17.1
diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst
index 275ccf28de..a7fc9cef99 100644
--- a/doc/guides/cryptodevs/dpaa2_sec.rst
+++ b/doc/guides/cryptodevs/dpaa2_sec.rst
@@ -122,6 +122,7 @@  Hash algorithms:
 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
 * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
 
 AEAD algorithms:
 
diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini
index 9828d1528e..a1c91821de 100644
--- a/doc/guides/cryptodevs/features/dpaa2_sec.ini
+++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini
@@ -48,6 +48,7 @@  SHA512 HMAC  = Y
 SNOW3G UIA2  = Y
 AES XCBC MAC = Y
 ZUC EIA3     = Y
+AES CMAC (128) = Y
 
 ;
 ; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver.
diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h
index cf43d9c14c..7f66ee5fd9 100644
--- a/drivers/common/dpaax/caamflib/desc/algo.h
+++ b/drivers/common/dpaax/caamflib/desc/algo.h
@@ -1,7 +1,7 @@ 
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019-2020 NXP
+ * Copyright 2016,2019-2021 NXP
  *
  */
 
@@ -435,13 +435,17 @@  cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap,
 	    INLINE_KEY(authdata));
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC,
+	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL, opicv, dir);
 
 	pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0);
 	SET_LABEL(p, keyjmp);
 
-	ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+	if (authdata->algmode == OP_ALG_AAI_HMAC)
+		ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP,
+		      OP_ALG_AS_INITFINAL, opicv, dir);
+	else
+		ALG_OPERATION(p, authdata->algtype, authdata->algmode,
 		      OP_ALG_AS_INITFINAL, opicv, dir);
 
 	SET_LABEL(p, jmpprecomp);
@@ -874,7 +878,7 @@  cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
 }
 
 /**
- * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC
+ * cnstr_shdsc_aes_xx_mac - AES_XCBC_MAC, CMAC cases
  * @descbuf: pointer to descriptor-under-construction buffer
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: must be true when core endianness doesn't match SEC endianness
@@ -892,7 +896,7 @@  cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
  * Return: size of descriptor written in words or negative number on error
  */
 static inline int
-cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
+cnstr_shdsc_aes_xx_mac(uint32_t *descbuf, bool ps, bool swap,
 		enum rta_share_type share,
 		struct alginfo *authdata, uint8_t do_icv,
 		uint8_t trunc_len)
@@ -921,7 +925,7 @@  cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap,
 		MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
 
 	/* Do operation */
-	ALG_OPERATION(p, authdata->algtype, authdata->algmode,
+	ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode,
 		OP_ALG_AS_INITFINAL, opicv, dir);
 
 	/* Do load (variable length) */
diff --git a/drivers/common/dpaax/caamflib/rta.h b/drivers/common/dpaax/caamflib/rta.h
index c4bbad0b41..e5a736346e 100644
--- a/drivers/common/dpaax/caamflib/rta.h
+++ b/drivers/common/dpaax/caamflib/rta.h
@@ -485,6 +485,9 @@  rta_get_sec_era(void)
 #define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \
 	rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc)
 
+#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \
+	rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc)
+
 /**
  * PROTOCOL - Configures PROTOCOL OPERATION command
  * @program: pointer to struct program
diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
index 04732aa3d2..f341fdcc54 100644
--- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h
+++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h
@@ -1,7 +1,7 @@ 
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2021 NXP
  */
 
 #ifndef __RTA_OPERATION_CMD_H__
@@ -328,6 +328,107 @@  rta_operation(struct program *program, uint32_t cipher_algo,
 	return ret;
 }
 
+/* For non-proto offload CMAC, GMAC etc cases */
+static inline int
+rta_operation2(struct program *program, uint32_t cipher_algo,
+	      uint16_t aai, uint8_t algo_state,
+	      int icv_checking, int enc)
+{
+	uint32_t opcode = CMD_OPERATION;
+	unsigned int i, found = 0;
+	unsigned int start_pc = program->current_pc;
+	int ret;
+
+	for (i = 0; i < alg_table_sz[rta_sec_era]; i++) {
+		if (alg_table[i].chipher_algo == cipher_algo) {
+			if ((aai ==  OP_ALG_AAI_XCBC_MAC) ||
+					(aai == OP_ALG_AAI_CBC_XCBCMAC) ||
+					(aai == OP_ALG_AAI_GCM) ||
+					(aai == OP_ALG_AAI_CMAC) ||
+					(aai == OP_ALG_AAI_CBC_CMAC))
+				opcode |= cipher_algo | OP_TYPE_CLASS2_ALG;
+			else
+				opcode |= cipher_algo | alg_table[i].class;
+			/* nothing else to verify */
+			if (alg_table[i].aai_func == NULL) {
+				found = 1;
+				break;
+			}
+
+			aai &= OP_ALG_AAI_MASK;
+
+			ret = (*alg_table[i].aai_func)(aai);
+			if (ret < 0) {
+				pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n",
+				       program->current_pc);
+				goto err;
+			}
+			opcode |= aai;
+			found = 1;
+			break;
+		}
+	}
+	if (!found) {
+		pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n",
+		       program->current_pc);
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (algo_state) {
+	case OP_ALG_AS_UPDATE:
+	case OP_ALG_AS_INIT:
+	case OP_ALG_AS_FINALIZE:
+	case OP_ALG_AS_INITFINAL:
+		opcode |= algo_state;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (icv_checking) {
+	case ICV_CHECK_DISABLE:
+		/*
+		 * opcode |= OP_ALG_ICV_OFF;
+		 * OP_ALG_ICV_OFF is 0
+		 */
+		break;
+	case ICV_CHECK_ENABLE:
+		opcode |= OP_ALG_ICV_ON;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	switch (enc) {
+	case DIR_DEC:
+		/*
+		 * opcode |= OP_ALG_DECRYPT;
+		 * OP_ALG_DECRYPT is 0
+		 */
+		break;
+	case DIR_ENC:
+		opcode |= OP_ALG_ENCRYPT;
+		break;
+	default:
+		pr_err("Invalid Operation Command\n");
+		ret = -EINVAL;
+		goto err;
+	}
+
+	__rta_out32(program, opcode);
+	program->current_instruction++;
+	return (int)start_pc;
+
+ err:
+	program->first_error_pc = start_pc;
+	return ret;
+}
+
 /*
  * OPERATION PKHA routines
  */
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a7ff5dba92..aeb77d8c7d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1,7 +1,7 @@ 
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  *   Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -2138,15 +2138,33 @@  dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 		authdata.algtype = OP_ALG_ALGSEL_AES;
 		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
 		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
-		bufsize = cnstr_shdsc_aes_xcbc_mac(
+		bufsize = cnstr_shdsc_aes_xx_mac(
 					priv->flc_desc[DESC_INITFINAL].desc,
 					1, 0, SHR_NEVER, &authdata,
 					!session->dir,
 					session->digest_length);
 		break;
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_AES_CMAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		bufsize = cnstr_shdsc_aes_xx_mac(
+					   priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC;
+		bufsize = cnstr_shdsc_aes_xx_mac(
+					   priv->flc_desc[DESC_INITFINAL].desc,
+					   1, 0, SHR_NEVER, &authdata,
+					   !session->dir,
+					   session->digest_length);
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
 	case RTE_CRYPTO_AUTH_NULL:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
@@ -2419,6 +2437,17 @@  dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 		authdata.algmode = OP_ALG_AAI_XCBC_MAC;
 		session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC;
 		break;
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		break;
+	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+		authdata.algtype = OP_ALG_ALGSEL_AES;
+		authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC;
+		session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC;
+		break;
+	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 	case RTE_CRYPTO_AUTH_NULL:
 	case RTE_CRYPTO_AUTH_SHA1:
@@ -2427,10 +2456,7 @@  dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_SHA224:
 	case RTE_CRYPTO_AUTH_SHA384:
 	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_GMAC:
 	case RTE_CRYPTO_AUTH_KASUMI_F9:
-	case RTE_CRYPTO_AUTH_AES_CMAC:
-	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_ZUC_EIA3:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
 			      auth_xform->algo);
@@ -2769,6 +2795,7 @@  dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		break;
 	case RTE_CRYPTO_AUTH_AES_CMAC:
 		authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
+		authdata->algmode = OP_ALG_AAI_CCM;
 		break;
 	case RTE_CRYPTO_AUTH_NULL:
 		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index bbe4ee00da..a537298473 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -525,6 +525,27 @@  static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 1,
+					.max = 16,
+					.increment = 1
+				},
+				.iv_size = { 0 }
+			}, }
+		}, }
+	},
 	{	/* NULL (CIPHER) */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {