diff options
author | Andrei Varvara <andrei.varvara@freescale.com> | 2013-07-18 12:10:16 (GMT) |
---|---|---|
committer | Fleming Andrew-AFLEMING <AFLEMING@freescale.com> | 2013-07-23 21:45:55 (GMT) |
commit | 911920d5dad001f2a06df3a320275747614227ae (patch) | |
tree | addf685d6eba97b2cde0bb0078d64c6345b3dac8 /drivers/staging | |
parent | d15aae0559a88724731003c89175ca02835b6d68 (diff) | |
download | linux-fsl-qoriq-911920d5dad001f2a06df3a320275747614227ae.tar.xz |
dpa_offload: dpa_ipsec - Add support for NULL encryption
The dpa ipsec component was not supporting ESP with
NULL encryption. The patch is adding this suport.
Signed-off-by: Andrei Varvara <andrei.varvara@freescale.com>
Change-Id: I89111367e60c4592289687b0a13d84ac2911d23c
Reviewed-on: http://git.am.freescale.net:8181/3473
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Fleming Andrew-AFLEMING <AFLEMING@freescale.com>
Diffstat (limited to 'drivers/staging')
-rw-r--r-- | drivers/staging/fsl_dpa_offload/dpa_ipsec.c | 22 | ||||
-rw-r--r-- | drivers/staging/fsl_dpa_offload/dpa_ipsec.h | 16 |
2 files changed, 21 insertions, 17 deletions
diff --git a/drivers/staging/fsl_dpa_offload/dpa_ipsec.c b/drivers/staging/fsl_dpa_offload/dpa_ipsec.c index fb076f4..63f067f 100644 --- a/drivers/staging/fsl_dpa_offload/dpa_ipsec.c +++ b/drivers/staging/fsl_dpa_offload/dpa_ipsec.c @@ -808,7 +808,7 @@ static int init_sa_manager(struct dpa_ipsec *dpa_ipsec) return -ENOMEM; } - /* fill with ids */ + /* fill with IDs */ for (i = 0; i < sa_mng->max_num_sa; i++) if (cq_put_4bytes(sa_mng->sa_id_cq, i) < 0) { pr_err("Could not fill SA ID management CQ\n"); @@ -865,7 +865,8 @@ static int init_sa_manager(struct dpa_ipsec *dpa_ipsec) return -ENOMEM; } - /* Allocate space for the SEC descriptor which is holding the + /* + * Allocate space for the SEC descriptor which is holding the * preheader information and the share descriptor. * Required 64 byte align. */ @@ -2310,7 +2311,7 @@ static int create_sa_fq_pair(struct dpa_ipsec_sa *sa, } static inline int set_cipher_auth_alg(enum dpa_ipsec_cipher_alg alg_suite, - uint16_t *cipher, uint16_t *auth) + uint16_t *cipher, uint16_t *auth) { *cipher = ipsec_algs[alg_suite].enc_alg; *auth = ipsec_algs[alg_suite].auth_alg; @@ -2969,7 +2970,7 @@ static int check_sa_params(struct dpa_ipsec_sa_params *sa_params) /* * check crypto params: * - an authentication key must always be provided - * - a cipher key must be provided if alg != NULL encryption + * - a cipher key must be provided if algorithm != NULL encryption */ err = set_cipher_auth_alg(sa_params->crypto_params.alg_suite, @@ -2977,20 +2978,23 @@ static int check_sa_params(struct dpa_ipsec_sa_params *sa_params) if (err < 0) return err; - if (sa_params->crypto_params.auth_key == NULL) { + if (!sa_params->crypto_params.auth_key || + sa_params->crypto_params.auth_key_len == 0) { pr_err("A valid authentication key must be provided\n"); return -EINVAL; } - /* TODO: check cipher_key ONLY if alg != null encryption */ - if (sa_params->crypto_params.cipher_key == NULL) { + /* Check cipher_key only if the cipher algorithm isn't NULL encryption*/ + if (cipher_alg != OP_PCL_IPSEC_NULL_ENC && + (!sa_params->crypto_params.cipher_key || + sa_params->crypto_params.cipher_key_len == 0)) { pr_err("A valid cipher key must be provided\n"); return -EINVAL; } if (sa_params->sa_dir == DPA_IPSEC_OUTBOUND) { - if ((sa_params->sa_out_params.ip_hdr_size == 0) || - (sa_params->sa_out_params.outer_ip_header == NULL)) { + if (sa_params->sa_out_params.ip_hdr_size == 0 || + !sa_params->sa_out_params.outer_ip_header) { pr_err("Transport mode is not currently supported." "Specify a valid encapsulation header\n"); return -EINVAL; diff --git a/drivers/staging/fsl_dpa_offload/dpa_ipsec.h b/drivers/staging/fsl_dpa_offload/dpa_ipsec.h index c08419f..25eca88 100644 --- a/drivers/staging/fsl_dpa_offload/dpa_ipsec.h +++ b/drivers/staging/fsl_dpa_offload/dpa_ipsec.h @@ -76,21 +76,21 @@ /* DPA_IPSEC_CIPHER_ALG_3DES_CBC_HMAC_SHA_512_256 */ \ IPSEC_ALGS_ENTRY(3DES, HMAC_SHA2_512_256), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_96_MD5_128 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_MD5_96), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_MD5_96), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_96_SHA_160 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_SHA1_96), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_SHA1_96), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_AES_XCBC_MAC_96 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, AES_XCBC_MAC_96), \ + IPSEC_ALGS_ENTRY(NULL_ENC, AES_XCBC_MAC_96), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_MD5_128 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_MD5_128), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_MD5_128), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_SHA_160 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_SHA1_160), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_SHA1_160), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_SHA_256_128 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_SHA2_256_128), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_SHA2_256_128), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_SHA_384_192 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_SHA2_384_192), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_SHA2_384_192), \ /* DPA_IPSEC_CIPHER_ALG_NULL_ENC_HMAC_SHA_512_256 */ \ - IPSEC_ALGS_ENTRY(INVALID_ALG_ID, HMAC_SHA2_512_256), \ + IPSEC_ALGS_ENTRY(NULL_ENC, HMAC_SHA2_512_256), \ /* DPA_IPSEC_CIPHER_ALG_AES_CBC_HMAC_96_MD5_128 */ \ IPSEC_ALGS_ENTRY(AES_CBC, HMAC_MD5_96), \ /* DPA_IPSEC_CIPHER_ALG_AES_CBC_HMAC_96_SHA_160 */ \ |