| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jul 2023 11:18:30 +0200
From: Louis Peens <louis.peens@...igine.com>
To: David Miller <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Cc: Steffen Klassert <steffen.klassert@...unet.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
Leon Romanovsky <leon@...nel.org>,
Simon Horman <simon.horman@...igine.com>,
Shihong Wang <shihong.wang@...igine.com>,
netdev@...r.kernel.org,
oss-drivers@...igine.com
Subject: [PATCH net-next 2/2] nfp: add support CHACHA20-POLY1305 offload for ipsec
From: Shihong Wang <shihong.wang@...igine.com>
Add the configuration of CHACHA20-POLY1305 to the driver and send the
message to hardware so that the NIC supports the algorithm.
Signed-off-by: Shihong Wang <shihong.wang@...igine.com>
Acked-by: Simon Horman <simon.horman@...igine.com>
Signed-off-by: Louis Peens <louis.peens@...igine.com>
---
.../net/ethernet/netronome/nfp/crypto/ipsec.c | 42 +++++++++++++++++--
1 file changed, 39 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
index b1f026b81dea..6b8a1874e4fc 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/ipsec.c
@@ -421,12 +421,38 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
return -EINVAL;
}
break;
+ case SADB_X_EALG_CHACHA20_POLY1305:
+ if (nn->pdev->device != PCI_DEVICE_ID_NFP3800) {
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported encryption algorithm for offload");
+ return -EINVAL;
+ }
+ if (!x->aead) {
+ NL_SET_ERR_MSG_MOD(extack, "Invalid CHACHA20 key data");
+ return -EINVAL;
+ }
+ if (x->aead->alg_icv_len != 128) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "ICV must be 128bit with SADB_X_EALG_CHACHA20_POLY1305");
+ return -EINVAL;
+ }
+
+ /* Aead->alg_key_len includes 32-bit salt */
+ if (x->aead->alg_key_len - 32 != 256) {
+ NL_SET_ERR_MSG_MOD(extack, "Unsupported CHACHA20 key length");
+ return -EINVAL;
+ }
+
+ /* The CHACHA20's mode is not configured */
+ cfg->ctrl_word.hash = NFP_IPSEC_HASH_POLY1305_128;
+ cfg->ctrl_word.cipher = NFP_IPSEC_CIPHER_CHACHA20;
+ break;
default:
NL_SET_ERR_MSG_MOD(extack, "Unsupported encryption algorithm for offload");
return -EINVAL;
}
if (x->aead) {
+ int key_offset = 0;
int salt_len = 4;
key_len = DIV_ROUND_UP(x->aead->alg_key_len, BITS_PER_BYTE);
@@ -437,9 +463,19 @@ static int nfp_net_xfrm_add_state(struct xfrm_state *x,
return -EINVAL;
}
- for (i = 0; i < key_len / sizeof(cfg->ciph_key[0]) ; i++)
- cfg->ciph_key[i] = get_unaligned_be32(x->aead->alg_key +
- sizeof(cfg->ciph_key[0]) * i);
+ /* The CHACHA20's key order needs to be adjusted based on hardware design.
+ * Other's key order: {K0, K1, K2, K3, K4, K5, K6, K7}
+ * CHACHA20's key order: {K4, K5, K6, K7, K0, K1, K2, K3}
+ */
+ if (x->props.ealgo == SADB_X_EALG_CHACHA20_POLY1305)
+ key_offset = key_len / sizeof(cfg->ciph_key[0]) >> 1;
+
+ for (i = 0; i < key_len / sizeof(cfg->ciph_key[0]); i++) {
+ int index = (i + key_offset) % (key_len / sizeof(cfg->ciph_key[0]));
+
+ cfg->ciph_key[index] = get_unaligned_be32(x->aead->alg_key +
+ sizeof(cfg->ciph_key[0]) * i);
+ }
/* Load up the salt */
cfg->aesgcm_fields.salt = get_unaligned_be32(x->aead->alg_key + key_len);
--
2.34.1
Powered by blists - more mailing lists