From patchwork Thu Jan 7 10:54:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hemant Agrawal X-Patchwork-Id: 358162 Delivered-To: patch@linaro.org Received: by 2002:a02:85a7:0:0:0:0:0 with SMTP id d36csp389325jai; Thu, 7 Jan 2021 03:05:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJx8qYhxr2K6gOFIGH/IEORDZe+UmUv7qgCvFIWYGV0EAcghywm1F+c1yC27ucYpivDjpIh7 X-Received: by 2002:a50:955b:: with SMTP id v27mr1276972eda.324.1610017507940; Thu, 07 Jan 2021 03:05:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610017507; cv=none; d=google.com; s=arc-20160816; b=J868FKP2M4DMq+hPYxOBrtIlhEwUEGX3/MxtcZXUs/VEbsG9dy3g3cl0d0iijrAjA9 sK+pK3Af5vpIzFqUjJykKlE/e91ove0WwOqVDLlHQcT/nzT/C++HgkRsel/i+SyhL6cI E8ZWEI9IhGJI9WBsAcYWer28IN24QswG4sU7Ypn/DyMbfTvbLE2NX/cAZ3iVMryIQSlb 90vcC3+4JHYXp9z6yMr7+Jm9H4BYHAj5zspGOc/pf4xxioqfBC6woDOnVQaCsMRZkVAz TH0ZjlJmzQucrBwGles0KhSOivecvkK/1Q1bd2dgUPqwTU2sScdfaH6NB+/tJbIlZ1Jm s5hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:cc:to:from; bh=GHoctLll0czpk58UmOlMF260HbPMNVjAkbc2TCLRdSA=; b=G1b7PPIL0sCxWsnykfGfsXlRCI1wG77obR1hLfZINV3ZgRKLwTjFoHdQTCB+rUKhAf Uk4/S96XcwG67pcUjojmerPWavezCYAugvS48eFVk+aZguM4UNSbjhf6LHeldEkZXeE+ gylyAVo1Hgwlw/aJKtEIyiwYoHndHEJsV6pQ/QPEFGaVBy95dKruBpT7XsA1CHKXc/og t+yvDBHyUXTOEi2i5Gy6hBacvPSZpFNWlSu9dYpvtrD4DgXFVmqVcqOBPZo60UBRGswO YowFu1lnM3xstyb3NCJ11C2sEa2WyzHGrQeKo2kDEYtnDUI694sYhdEl2M9r/bFX18ic 0l2g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from mails.dpdk.org (xvm-189-124.dc0.ghst.net. [217.70.189.124]) by mx.google.com with ESMTP id u3si1919319edy.299.2021.01.07.03.05.07; Thu, 07 Jan 2021 03:05:07 -0800 (PST) Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) client-ip=217.70.189.124; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 917FB140F50; Thu, 7 Jan 2021 12:04:50 +0100 (CET) Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21]) by mails.dpdk.org (Postfix) with ESMTP id DFF20140DFE for ; Thu, 7 Jan 2021 12:04:46 +0100 (CET) Received: from inva021.nxp.com (localhost [127.0.0.1]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id C2035200CE7; Thu, 7 Jan 2021 12:04:46 +0100 (CET) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id A03BF200CD2; Thu, 7 Jan 2021 12:04:44 +0100 (CET) Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net [10.232.133.63]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 3213C402FA; Thu, 7 Jan 2021 12:04:42 +0100 (CET) From: Hemant Agrawal To: dev@dpdk.org, akhil.goyal@nxp.com Cc: Hemant Agrawal Date: Thu, 7 Jan 2021 16:24:15 +0530 Message-Id: <20210107105416.20770-4-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210107105416.20770-1-hemant.agrawal@nxp.com> References: <20210107105416.20770-1-hemant.agrawal@nxp.com> X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add support for AES CMAC integrity check X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds support for AES_CMAC integrity in non-security mode. This patch modifies the camm flib to handles the AES CMAC without conflicting the proto ALG operations. i.e. by creating another ALG operation routine. Signed-off-by: Hemant Agrawal --- doc/guides/cryptodevs/dpaa2_sec.rst | 1 + doc/guides/cryptodevs/features/dpaa2_sec.ini | 1 + drivers/common/dpaax/caamflib/desc/algo.h | 16 ++- drivers/common/dpaax/caamflib/rta.h | 3 + .../common/dpaax/caamflib/rta/operation_cmd.h | 103 +++++++++++++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 39 ++++++- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 21 ++++ 7 files changed, 171 insertions(+), 13 deletions(-) -- 2.17.1 diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst index 275ccf28de..a7fc9cef99 100644 --- a/doc/guides/cryptodevs/dpaa2_sec.rst +++ b/doc/guides/cryptodevs/dpaa2_sec.rst @@ -122,6 +122,7 @@ Hash algorithms: * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` AEAD algorithms: diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini index 9828d1528e..a1c91821de 100644 --- a/doc/guides/cryptodevs/features/dpaa2_sec.ini +++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini @@ -48,6 +48,7 @@ SHA512 HMAC = Y SNOW3G UIA2 = Y AES XCBC MAC = Y ZUC EIA3 = Y +AES CMAC (128) = Y ; ; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver. diff --git a/drivers/common/dpaax/caamflib/desc/algo.h b/drivers/common/dpaax/caamflib/desc/algo.h index cf43d9c14c..7f66ee5fd9 100644 --- a/drivers/common/dpaax/caamflib/desc/algo.h +++ b/drivers/common/dpaax/caamflib/desc/algo.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) * * Copyright 2008-2016 Freescale Semiconductor Inc. - * Copyright 2016,2019-2020 NXP + * Copyright 2016,2019-2021 NXP * */ @@ -435,13 +435,17 @@ cnstr_shdsc_hmac(uint32_t *descbuf, bool ps, bool swap, INLINE_KEY(authdata)); /* Do operation */ - ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC, + ALG_OPERATION(p, authdata->algtype, authdata->algmode, OP_ALG_AS_INITFINAL, opicv, dir); pjmpprecomp = JUMP(p, jmpprecomp, LOCAL_JUMP, ALL_TRUE, 0); SET_LABEL(p, keyjmp); - ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP, + if (authdata->algmode == OP_ALG_AAI_HMAC) + ALG_OPERATION(p, authdata->algtype, OP_ALG_AAI_HMAC_PRECOMP, + OP_ALG_AS_INITFINAL, opicv, dir); + else + ALG_OPERATION(p, authdata->algtype, authdata->algmode, OP_ALG_AS_INITFINAL, opicv, dir); SET_LABEL(p, jmpprecomp); @@ -874,7 +878,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap, } /** - * cnstr_shdsc_aes_xcbc_mac - AES_XCBC_MAC + * cnstr_shdsc_aes_xx_mac - AES_XCBC_MAC, CMAC cases * @descbuf: pointer to descriptor-under-construction buffer * @ps: if 36/40bit addressing is desired, this parameter must be true * @swap: must be true when core endianness doesn't match SEC endianness @@ -892,7 +896,7 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap, * Return: size of descriptor written in words or negative number on error */ static inline int -cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap, +cnstr_shdsc_aes_xx_mac(uint32_t *descbuf, bool ps, bool swap, enum rta_share_type share, struct alginfo *authdata, uint8_t do_icv, uint8_t trunc_len) @@ -921,7 +925,7 @@ cnstr_shdsc_aes_xcbc_mac(uint32_t *descbuf, bool ps, bool swap, MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0); /* Do operation */ - ALG_OPERATION(p, authdata->algtype, authdata->algmode, + ALG_OPERATION_NP(p, authdata->algtype, authdata->algmode, OP_ALG_AS_INITFINAL, opicv, dir); /* Do load (variable length) */ diff --git a/drivers/common/dpaax/caamflib/rta.h b/drivers/common/dpaax/caamflib/rta.h index c4bbad0b41..e5a736346e 100644 --- a/drivers/common/dpaax/caamflib/rta.h +++ b/drivers/common/dpaax/caamflib/rta.h @@ -485,6 +485,9 @@ rta_get_sec_era(void) #define ALG_OPERATION(program, cipher_alg, aai, algo_state, icv_check, enc) \ rta_operation(program, cipher_alg, aai, algo_state, icv_check, enc) +#define ALG_OPERATION_NP(program, cipher_alg, aai, algo_state, icv_check, enc) \ + rta_operation2(program, cipher_alg, aai, algo_state, icv_check, enc) + /** * PROTOCOL - Configures PROTOCOL OPERATION command * @program: pointer to struct program diff --git a/drivers/common/dpaax/caamflib/rta/operation_cmd.h b/drivers/common/dpaax/caamflib/rta/operation_cmd.h index 04732aa3d2..f341fdcc54 100644 --- a/drivers/common/dpaax/caamflib/rta/operation_cmd.h +++ b/drivers/common/dpaax/caamflib/rta/operation_cmd.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) * * Copyright 2008-2016 Freescale Semiconductor Inc. - * Copyright 2016,2019 NXP + * Copyright 2016,2019-2021 NXP */ #ifndef __RTA_OPERATION_CMD_H__ @@ -328,6 +328,107 @@ rta_operation(struct program *program, uint32_t cipher_algo, return ret; } +/* For non-proto offload CMAC, GMAC etc cases */ +static inline int +rta_operation2(struct program *program, uint32_t cipher_algo, + uint16_t aai, uint8_t algo_state, + int icv_checking, int enc) +{ + uint32_t opcode = CMD_OPERATION; + unsigned int i, found = 0; + unsigned int start_pc = program->current_pc; + int ret; + + for (i = 0; i < alg_table_sz[rta_sec_era]; i++) { + if (alg_table[i].chipher_algo == cipher_algo) { + if ((aai == OP_ALG_AAI_XCBC_MAC) || + (aai == OP_ALG_AAI_CBC_XCBCMAC) || + (aai == OP_ALG_AAI_GCM) || + (aai == OP_ALG_AAI_CMAC) || + (aai == OP_ALG_AAI_CBC_CMAC)) + opcode |= cipher_algo | OP_TYPE_CLASS2_ALG; + else + opcode |= cipher_algo | alg_table[i].class; + /* nothing else to verify */ + if (alg_table[i].aai_func == NULL) { + found = 1; + break; + } + + aai &= OP_ALG_AAI_MASK; + + ret = (*alg_table[i].aai_func)(aai); + if (ret < 0) { + pr_err("OPERATION: Bad AAI Type. SEC Program Line: %d\n", + program->current_pc); + goto err; + } + opcode |= aai; + found = 1; + break; + } + } + if (!found) { + pr_err("OPERATION: Invalid Command. SEC Program Line: %d\n", + program->current_pc); + ret = -EINVAL; + goto err; + } + + switch (algo_state) { + case OP_ALG_AS_UPDATE: + case OP_ALG_AS_INIT: + case OP_ALG_AS_FINALIZE: + case OP_ALG_AS_INITFINAL: + opcode |= algo_state; + break; + default: + pr_err("Invalid Operation Command\n"); + ret = -EINVAL; + goto err; + } + + switch (icv_checking) { + case ICV_CHECK_DISABLE: + /* + * opcode |= OP_ALG_ICV_OFF; + * OP_ALG_ICV_OFF is 0 + */ + break; + case ICV_CHECK_ENABLE: + opcode |= OP_ALG_ICV_ON; + break; + default: + pr_err("Invalid Operation Command\n"); + ret = -EINVAL; + goto err; + } + + switch (enc) { + case DIR_DEC: + /* + * opcode |= OP_ALG_DECRYPT; + * OP_ALG_DECRYPT is 0 + */ + break; + case DIR_ENC: + opcode |= OP_ALG_ENCRYPT; + break; + default: + pr_err("Invalid Operation Command\n"); + ret = -EINVAL; + goto err; + } + + __rta_out32(program, opcode); + program->current_instruction++; + return (int)start_pc; + + err: + program->first_error_pc = start_pc; + return ret; +} + /* * OPERATION PKHA routines */ diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index a7ff5dba92..aeb77d8c7d 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved. - * Copyright 2016-2020 NXP + * Copyright 2016-2021 NXP * */ @@ -2138,15 +2138,33 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev, authdata.algtype = OP_ALG_ALGSEL_AES; authdata.algmode = OP_ALG_AAI_XCBC_MAC; session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC; - bufsize = cnstr_shdsc_aes_xcbc_mac( + bufsize = cnstr_shdsc_aes_xx_mac( priv->flc_desc[DESC_INITFINAL].desc, 1, 0, SHR_NEVER, &authdata, !session->dir, session->digest_length); break; - case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_AES_CMAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + bufsize = cnstr_shdsc_aes_xx_mac( + priv->flc_desc[DESC_INITFINAL].desc, + 1, 0, SHR_NEVER, &authdata, + !session->dir, + session->digest_length); + break; case RTE_CRYPTO_AUTH_AES_CBC_MAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC; + bufsize = cnstr_shdsc_aes_xx_mac( + priv->flc_desc[DESC_INITFINAL].desc, + 1, 0, SHR_NEVER, &authdata, + !session->dir, + session->digest_length); + break; + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_KASUMI_F9: case RTE_CRYPTO_AUTH_NULL: DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un", @@ -2419,6 +2437,17 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev, authdata.algmode = OP_ALG_AAI_XCBC_MAC; session->auth_alg = RTE_CRYPTO_AUTH_AES_XCBC_MAC; break; + case RTE_CRYPTO_AUTH_AES_CMAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + break; + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + authdata.algtype = OP_ALG_ALGSEL_AES; + authdata.algmode = OP_ALG_AAI_CBC_XCBCMAC; + session->auth_alg = RTE_CRYPTO_AUTH_AES_CBC_MAC; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_SNOW3G_UIA2: case RTE_CRYPTO_AUTH_NULL: case RTE_CRYPTO_AUTH_SHA1: @@ -2427,10 +2456,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev, case RTE_CRYPTO_AUTH_SHA224: case RTE_CRYPTO_AUTH_SHA384: case RTE_CRYPTO_AUTH_MD5: - case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_KASUMI_F9: - case RTE_CRYPTO_AUTH_AES_CMAC: - case RTE_CRYPTO_AUTH_AES_CBC_MAC: case RTE_CRYPTO_AUTH_ZUC_EIA3: DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u", auth_xform->algo); @@ -2769,6 +2795,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, break; case RTE_CRYPTO_AUTH_AES_CMAC: authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96; + authdata->algmode = OP_ALG_AAI_CCM; break; case RTE_CRYPTO_AUTH_NULL: authdata->algtype = OP_PCL_IPSEC_HMAC_NULL; diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h index bbe4ee00da..a537298473 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h @@ -525,6 +525,27 @@ static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = { }, } }, } }, + { /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .iv_size = { 0 } + }, } + }, } + }, { /* NULL (CIPHER) */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, {.sym = {