From patchwork Tue Aug 31 14:01:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 97607 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5B6C1A0C46; Tue, 31 Aug 2021 15:08:31 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4A04740F35; Tue, 31 Aug 2021 15:08:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0E582410DC for ; Tue, 31 Aug 2021 15:08:29 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 17VCLvol027668 for ; Tue, 31 Aug 2021 06:08:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=8xGwZYDqZYxaQeW8NKFqwwp3vNnJp7KYz8ZkLGHwv/U=; b=LcxB5vjugxcQz6ayvBUraiUubkePsGJHxL1XhGscuMFkwA9ncORJPZGSVEoJBuWtqNAC 61EZDxcWopcvsZya6Y+uzLF9417iKIMfN2qOOj97bGxuK4txHvv7QLvRMNxj6Vn62vAt gm7eRgg9XQrkAhHlNtyRAt4FbekjiPKrZilQtjwfJJQJm4msUatINGuP75/P9jfwFlHl ufHbZNr3okb0pb/KB6dOiYlDOfaaZ1wuxwi95kmFAH20ZrZhQevkMY99FzVsgXASanbX QFCHFixLs00zrqIuH9Xlqiny8LJ4hCDMv7C+o+jOWq/f9mMHbOgD9eFGMe+GgV8RURpt Gg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3asf15hhnv-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 31 Aug 2021 06:08:29 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 31 Aug 2021 06:08:26 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 31 Aug 2021 06:08:26 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 13B093F7083; Tue, 31 Aug 2021 06:08:23 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Archana Muniganti , Anoob Joseph , Ankur Dwivedi , Srujana Challa , Nithin Dabilpuram , "Jerin Jacob" , Tejasree Kondoj , Date: Tue, 31 Aug 2021 19:31:24 +0530 Message-ID: <20210831140127.31775-6-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210831140127.31775-1-ktejasree@marvell.com> References: <20210831140127.31775-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: FCpfdcvDcKwdaLod6wtSCyEMTHrjKjWA X-Proofpoint-GUID: FCpfdcvDcKwdaLod6wtSCyEMTHrjKjWA X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-31_05,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 5/8] crypto/cnxk: make IPsec verify functions common X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Archana Muniganti IPsec verify functions can be made common Signed-off-by: Archana Muniganti --- drivers/crypto/cnxk/cn10k_ipsec.c | 116 +----------------------------- drivers/crypto/cnxk/cnxk_ipsec.h | 113 +++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 115 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 98110872a3..5c57cf2818 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -17,120 +17,6 @@ #include "roc_api.h" -static int -ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *xform) -{ - if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { - switch (xform->cipher.key.length) { - case 16: - case 24: - case 32: - break; - default: - return -ENOTSUP; - } - return 0; - } - - return -ENOTSUP; -} - -static int -ipsec_xform_auth_verify(struct rte_crypto_sym_xform *xform) -{ - uint16_t keylen = xform->auth.key.length; - - if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { - if (keylen >= 20 && keylen <= 64) - return 0; - } - - return -ENOTSUP; -} - -static int -ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm, - struct rte_crypto_sym_xform *crypto_xfrm) -{ - if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && - crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) - return -EINVAL; - - if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && - crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) - return -EINVAL; - - if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { - switch (crypto_xfrm->aead.key.length) { - case ROC_CPT_AES128_KEY_LEN: - case ROC_CPT_AES192_KEY_LEN: - case ROC_CPT_AES256_KEY_LEN: - break; - default: - return -EINVAL; - } - return 0; - } - - return -ENOTSUP; -} - -static int -cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm, - struct rte_crypto_sym_xform *crypto_xfrm) -{ - struct rte_crypto_sym_xform *auth_xform, *cipher_xform; - int ret; - - if ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && - (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) - return -EINVAL; - - if ((ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) && - (ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH)) - return -EINVAL; - - if ((ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) && - (ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) - return -EINVAL; - - if ((ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && - (ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) - return -EINVAL; - - if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) - return ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm); - - if (crypto_xfrm->next == NULL) - return -EINVAL; - - if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { - /* Ingress */ - if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH || - crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) - return -EINVAL; - auth_xform = crypto_xfrm; - cipher_xform = crypto_xfrm->next; - } else { - /* Egress */ - if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER || - crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) - return -EINVAL; - cipher_xform = crypto_xfrm; - auth_xform = crypto_xfrm->next; - } - - ret = ipsec_xform_cipher_verify(cipher_xform); - if (ret) - return ret; - - ret = ipsec_xform_auth_verify(auth_xform); - if (ret) - return ret; - - return 0; -} - static uint64_t ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa) { @@ -245,7 +131,7 @@ cn10k_ipsec_session_create(void *dev, return -EPERM; } - ret = cn10k_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm); + ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm); if (ret) return ret; diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index f6897a0e14..d1eb74ebbe 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -17,4 +17,117 @@ struct cnxk_cpt_inst_tmpl { uint64_t w7; }; +static inline int +ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform) +{ + if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + switch (crypto_xform->cipher.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -ENOTSUP; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) +{ + uint16_t keylen = crypto_xform->auth.key.length; + + if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + if (keylen >= 20 && keylen <= 64) + return 0; + } else if (roc_model_is_cn9k() && + (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) { + if (keylen >= 32 && keylen <= 64) + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xform, + struct rte_crypto_sym_xform *crypto_xform) +{ + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) + return -EINVAL; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) + return -EINVAL; + + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + switch (crypto_xform->aead.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -EINVAL; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform, + struct rte_crypto_sym_xform *crypto_xform) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + int ret; + + if ((ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && + (ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) + return -EINVAL; + + if ((ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) && + (ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH)) + return -EINVAL; + + if ((ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) && + (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) + return -EINVAL; + + if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && + (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) + return -EINVAL; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + return ipsec_xform_aead_verify(ipsec_xform, crypto_xform); + + if (crypto_xform->next == NULL) + return -EINVAL; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH || + crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) + return -EINVAL; + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + } else { + /* Egress */ + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER || + crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + } + + ret = ipsec_xform_cipher_verify(cipher_xform); + if (ret) + return ret; + + return ipsec_xform_auth_verify(auth_xform); +} #endif /* __CNXK_IPSEC_H__ */