lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Nov 2022 21:48:10 +0200 From: Leon Romanovsky <leon@...nel.org> To: Simon Horman <simon.horman@...igine.com> Cc: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu <herbert@...dor.apana.org.au>, Chentian Liu <chengtian.liu@...igine.com>, Huanhuan Wang <huanhuan.wang@...igine.com>, Yinjun Zhang <yinjun.zhang@...igine.com>, Louis Peens <louis.peens@...igine.com>, netdev@...r.kernel.org, oss-drivers@...igine.com Subject: Re: [PATCH net-next v3 3/3] nfp: implement xfrm callbacks and expose ipsec offload feature to upper layer On Tue, Nov 01, 2022 at 12:02:48PM +0100, Simon Horman wrote: > From: Huanhuan Wang <huanhuan.wang@...igine.com> > > Xfrm callbacks are implemented to offload SA info into firmware > by mailbox. It supports 16K SA info in total. > > Expose ipsec offload feature to upper layer, this feature will > signal the availability of the offload. > > Based on initial work of Norm Bagley <norman.bagley@...ronome.com>. > > Signed-off-by: Huanhuan Wang <huanhuan.wang@...igine.com> > Reviewed-by: Louis Peens <louis.peens@...igine.com> > Signed-off-by: Simon Horman <simon.horman@...igine.com> > --- > .../net/ethernet/netronome/nfp/crypto/ipsec.c | 532 +++++++++++++++++- > .../ethernet/netronome/nfp/nfp_net_common.c | 6 + > .../net/ethernet/netronome/nfp/nfp_net_ctrl.h | 4 +- > 3 files changed, 538 insertions(+), 4 deletions(-) <...> > static int nfp_net_xfrm_add_state(struct xfrm_state *x) > { > - return -EOPNOTSUPP; > + struct net_device *netdev = x->xso.dev; > + struct nfp_ipsec_cfg_mssg msg = {0}; I think that I already wrote it {0} -> {}; > + int i, key_len, trunc_len, err = 0; > + struct nfp_ipsec_cfg_add_sa *cfg; > + struct nfp_net *nn; > + unsigned int saidx; > + __be32 *p; <...> > + if (trunc_len == 96) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_MD5_96; > + else if (trunc_len == 128) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_MD5_128; > + else > + trunc_len = 0; IMHO, this is better to write as switch-case in separate function. > + break; > + case SADB_AALG_SHA1HMAC: > + if (trunc_len == 96) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA1_96; > + else if (trunc_len == 80) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA1_80; > + else > + trunc_len = 0; > + break; Ditto. > + case SADB_X_AALG_SHA2_256HMAC: > + if (trunc_len == 96) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA256_96; > + else if (trunc_len == 128) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA256_128; > + else > + trunc_len = 0; > + break; > + case SADB_X_AALG_SHA2_384HMAC: > + if (trunc_len == 96) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA384_96; > + else if (trunc_len == 192) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA384_192; > + else > + trunc_len = 0; > + break; > + case SADB_X_AALG_SHA2_512HMAC: > + if (trunc_len == 96) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA512_96; > + else if (trunc_len == 256) > + cfg->ctrl_word.hash = NFP_IPSEC_HASH_SHA512_256; > + else > + trunc_len = 0; > + break; > + default: > + nn_err(nn, "Unsupported authentication algorithm\n"); > + return -EINVAL; > + } > + > + if (!trunc_len) { > + nn_err(nn, "Unsupported authentication algorithm trunc length\n"); > + return -EINVAL; > + } > + > + if (x->aalg) { > + p = (__be32 *)x->aalg->alg_key; > + key_len = DIV_ROUND_UP(x->aalg->alg_key_len, BITS_PER_BYTE); > + if (key_len > sizeof(cfg->auth_key)) { > + nn_err(nn, "Insufficient space for offloaded auth key\n"); > + return -EINVAL; > + } > + for (i = 0; i < key_len / sizeof(cfg->auth_key[0]) ; i++) > + cfg->auth_key[i] = ntohl(*p++); I wonder if you can't declare p as u32 and use memcpy here instead of u32->__be32->u32 conversions. Thanks
Powered by blists - more mailing lists