From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 64264A04BA; Wed, 7 Oct 2020 19:22:04 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 965D21BBEA; Wed, 7 Oct 2020 19:19:32 +0200 (CEST) Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) by dpdk.org (Postfix) with ESMTP id 77B081BB09 for ; Wed, 7 Oct 2020 19:19:28 +0200 (CEST) Received: by mail-pf1-f194.google.com with SMTP id k8so1700556pfk.2 for ; Wed, 07 Oct 2020 10:19:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VNjd6NPQNcixPMLVyGkr5jFuG2od4g3xxiH2drPiKxg=; b=Ghu7lvNADRdgm5zW8OgXRNJf54OfmtjSFzVfdTmaI4bjeDSDU/g6xX7z9C8dwTS1EJ YYHZlxetOKU9zaRp01noOZy4cNIKCI5OtJi0lcAlTRkfugou1fB0DtzbTI320y2Lz5nQ FWFG5tjdPObd1FkrjgfrOgyMCjbZReSrRSMZ8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VNjd6NPQNcixPMLVyGkr5jFuG2od4g3xxiH2drPiKxg=; b=EpB5CGBkHAzhMThHWgzsyyKkIwe9CJrI1pEcX21DMYRtFYhRuitHDmG+P7GYyhBcP2 X2ZJh23/lJzfDFTOry6IEYIZFEZMzOxngaaweEZR46TXZcIVArKRu+W+DjkheF3ETXQ5 OAvR8rAv646xSm0ySNmyrxGh3rd/o/DsIOR2ky/zI/B7oRKJ4B7n5wQPpYHiuodNMAU+ NPm0iJdZDMVPYEZo21OQruS9U76G/AL2N5C3On6OjEh8T9hhZ/9tupNoK0ox5iAdbrWn Qe9AUjH8C5xKWFblZPb6sbxBMc6NaNXLcaT7oj4bnmO0KsvdUMApZa9DGWiRdIwPRPpF +UWw== X-Gm-Message-State: AOAM533xUb74UYFgU0FlyzfaurM0iLHq495LXxxd/4G7qrklrcTKtL9U Ukdf4xIDXMmVSwGv7Puy+uoafNAZ/fjCxKui9WgQoIe+AGhLw0dyiW4ri5EGODg8Fk8p1oWt92a g2XcTC82AS8TYVFBcT4kl+4z/I7xCdzuX2bPuxJEuFWIPUlWTjBq4gscNqm38 X-Google-Smtp-Source: ABdhPJwKYGQ0dAJcryHHk/8U7xVVjEoyvAekly/jUXHYRIaclRhy1l3ypUSdKgQbA/i4qLycU/GQbQ== X-Received: by 2002:a62:be0a:0:b029:142:2501:35de with SMTP id l10-20020a62be0a0000b0290142250135demr4092356pff.62.1602091165742; Wed, 07 Oct 2020 10:19:25 -0700 (PDT) Received: from rahul_yocto_ubuntu18.ibn.broadcom.net ([192.19.234.250]) by smtp.gmail.com with ESMTPSA id t13sm3846367pfc.1.2020.10.07.10.19.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 10:19:25 -0700 (PDT) From: Vikas Gupta To: dev@dpdk.org, akhil.goyal@nxp.com Cc: vikram.prakash@broadcom.com, Vikas Gupta , Raveendra Padasalagi Date: Wed, 7 Oct 2020 22:48:58 +0530 Message-Id: <20201007171900.605-7-vikas.gupta@broadcom.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201007171900.605-1-vikas.gupta@broadcom.com> References: <20201007164539.45097-1-vikas.gupta@broadcom.com> <20201007171900.605-1-vikas.gupta@broadcom.com> Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [dpdk-dev] [PATCH v5 6/8] crypto/bcmfs: add session handling and capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add session handling and capabilities supported by crypto HW accelerator Signed-off-by: Vikas Gupta Signed-off-by: Raveendra Padasalagi Reviewed-by: Ajit Khaparde --- doc/guides/cryptodevs/bcmfs.rst | 47 ++ doc/guides/cryptodevs/features/bcmfs.ini | 56 ++ drivers/crypto/bcmfs/bcmfs_sym_capabilities.c | 764 ++++++++++++++++++ drivers/crypto/bcmfs/bcmfs_sym_capabilities.h | 16 + drivers/crypto/bcmfs/bcmfs_sym_defs.h | 34 + drivers/crypto/bcmfs/bcmfs_sym_pmd.c | 13 + drivers/crypto/bcmfs/bcmfs_sym_session.c | 282 +++++++ drivers/crypto/bcmfs/bcmfs_sym_session.h | 109 +++ drivers/crypto/bcmfs/meson.build | 4 +- 9 files changed, 1324 insertions(+), 1 deletion(-) create mode 100644 doc/guides/cryptodevs/features/bcmfs.ini create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_capabilities.c create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_capabilities.h create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_defs.h create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_session.c create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_session.h diff --git a/doc/guides/cryptodevs/bcmfs.rst b/doc/guides/cryptodevs/bcmfs.rst index 6b68673df0..f7e15f4cfb 100644 --- a/doc/guides/cryptodevs/bcmfs.rst +++ b/doc/guides/cryptodevs/bcmfs.rst @@ -15,6 +15,47 @@ Supported Broadcom SoCs * Stingray * Stingray2 +Features +-------- + +The BCMFS SYM PMD has support for: + +Cipher algorithms: + +* ``RTE_CRYPTO_CIPHER_3DES_CBC`` +* ``RTE_CRYPTO_CIPHER_3DES_CTR`` +* ``RTE_CRYPTO_CIPHER_AES128_CBC`` +* ``RTE_CRYPTO_CIPHER_AES192_CBC`` +* ``RTE_CRYPTO_CIPHER_AES256_CBC`` +* ``RTE_CRYPTO_CIPHER_AES128_CTR`` +* ``RTE_CRYPTO_CIPHER_AES192_CTR`` +* ``RTE_CRYPTO_CIPHER_AES256_CTR`` +* ``RTE_CRYPTO_CIPHER_AES_XTS`` +* ``RTE_CRYPTO_CIPHER_DES_CBC`` + +Hash algorithms: + +* ``RTE_CRYPTO_AUTH_SHA1`` +* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA224`` +* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA256`` +* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA384`` +* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` +* ``RTE_CRYPTO_AUTH_AES_CBC_MAC`` +* ``RTE_CRYPTO_AUTH_MD5_HMAC`` +* ``RTE_CRYPTO_AUTH_AES_GMAC`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` + +Supported AEAD algorithms: + +* ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_AES_CCM`` + Installation ------------ Information about kernel, rootfs and toolchain can be found at @@ -49,3 +90,9 @@ For example, below commands can be run to get hold of a device node by VFIO. io_device_name="vfio-platform" echo $io_device_name > /sys/bus/platform/devices/${SETUP_SYSFS_DEV_NAME}/driver_override echo ${SETUP_SYSFS_DEV_NAME} > /sys/bus/platform/drivers_probe + +Limitations +----------- + +* Only supports the session-oriented API implementation (session-less APIs are not supported). +* CCM is not supported on Broadcom`s SoCs having FlexSparc4 unit. diff --git a/doc/guides/cryptodevs/features/bcmfs.ini b/doc/guides/cryptodevs/features/bcmfs.ini new file mode 100644 index 0000000000..6a718856b9 --- /dev/null +++ b/doc/guides/cryptodevs/features/bcmfs.ini @@ -0,0 +1,56 @@ +; +; Supported features of the 'bcmfs' crypto driver. +; +; Refer to default.ini for the full list of available PMD features. +; +[Features] +Symmetric crypto = Y +Sym operation chaining = Y +HW Accelerated = Y +Protocol offload = Y +OOP LB In LB Out = Y + +; +; Supported crypto algorithms of the 'bcmfs' crypto driver. +; +[Cipher] +AES CBC (128) = Y +AES CBC (192) = Y +AES CBC (256) = Y +AES CTR (128) = Y +AES CTR (192) = Y +AES CTR (256) = Y +AES XTS (128) = Y +AES XTS (256) = Y +3DES CBC = Y +DES CBC = Y +; +; Supported authentication algorithms of the 'bcmfs' crypto driver. +; +[Auth] +MD5 HMAC = Y +SHA1 = Y +SHA1 HMAC = Y +SHA224 = Y +SHA224 HMAC = Y +SHA256 = Y +SHA256 HMAC = Y +SHA384 = Y +SHA384 HMAC = Y +SHA512 = Y +SHA512 HMAC = Y +AES GMAC = Y +AES CMAC (128) = Y +AES CBC MAC = Y +AES XCBC MAC = Y + +; +; Supported AEAD algorithms of the 'bcmfs' crypto driver. +; +[AEAD] +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c new file mode 100644 index 0000000000..afed7696a6 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c @@ -0,0 +1,764 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#include + +#include "bcmfs_sym_capabilities.h" + +static const struct rte_cryptodev_capabilities bcmfs_sym_capabilities[] = { + { + /* SHA1 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 20, + .max = 20, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* MD5 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, + { + /* SHA224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA1 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 20, + .max = 20, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* MD5 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 128, + .increment = 1 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA512 HMAC*/ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 128, + .increment = 1 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES XCBC MAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES GMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + }, } + }, } + }, + { + /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES CBC MAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_ECB, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + { + /* AES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* AES CTR */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CTR, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* AES XTS */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_XTS, + .block_size = 16, + .key_size = { + .min = 32, + .max = 64, + .increment = 32 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .block_size = 8, + .key_size = { + .min = 8, + .max = 8, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* 3DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .block_size = 8, + .key_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* 3DES ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_ECB, + .block_size = 8, + .key_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + { + /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + }, } + }, } + }, + { + /* AES CCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_CCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 2 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 7, + .max = 13, + .increment = 1 + }, + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +const struct rte_cryptodev_capabilities * +bcmfs_sym_get_capabilities(void) +{ + return bcmfs_sym_capabilities; +} diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h new file mode 100644 index 0000000000..3ff61b7d29 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_CAPABILITIES_H_ +#define _BCMFS_SYM_CAPABILITIES_H_ + +/* + * Get capabilities list for the device + * + */ +const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void); + +#endif /* _BCMFS_SYM_CAPABILITIES_H__ */ + diff --git a/drivers/crypto/bcmfs/bcmfs_sym_defs.h b/drivers/crypto/bcmfs/bcmfs_sym_defs.h new file mode 100644 index 0000000000..aea1f281e4 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_defs.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_DEFS_H_ +#define _BCMFS_SYM_DEFS_H_ + +/* + * Max block size of hash algorithm + * currently SHA3 supports max block size + * of 144 bytes + */ +#define BCMFS_MAX_KEY_SIZE 144 +#define BCMFS_MAX_IV_SIZE 16 +#define BCMFS_MAX_DIGEST_SIZE 64 + +struct bcmfs_sym_session; +struct bcmfs_sym_request; + +/** Crypto Request processing successful. */ +#define BCMFS_SYM_RESPONSE_SUCCESS (0) +/** Crypot Request processing protocol failure. */ +#define BCMFS_SYM_RESPONSE_PROTO_FAILURE (1) +/** Crypot Request processing completion failure. */ +#define BCMFS_SYM_RESPONSE_COMPL_ERROR (2) +/** Crypot Request processing hash tag check error. */ +#define BCMFS_SYM_RESPONSE_HASH_TAG_ERROR (3) + +int +bcmfs_process_sym_crypto_op(struct rte_crypto_op *op, + struct bcmfs_sym_session *sess, + struct bcmfs_sym_request *req); +#endif /* _BCMFS_SYM_DEFS_H_ */ diff --git a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c index 0f96915f70..381ca8ea48 100644 --- a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c +++ b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c @@ -14,6 +14,8 @@ #include "bcmfs_qp.h" #include "bcmfs_sym_pmd.h" #include "bcmfs_sym_req.h" +#include "bcmfs_sym_session.h" +#include "bcmfs_sym_capabilities.h" uint8_t cryptodev_bcmfs_driver_id; @@ -65,6 +67,7 @@ bcmfs_sym_dev_info_get(struct rte_cryptodev *dev, dev_info->max_nb_queue_pairs = fsdev->max_hw_qps; /* No limit of number of sessions */ dev_info->sym.max_nb_sessions = 0; + dev_info->capabilities = bcmfs_sym_get_capabilities(); } } @@ -228,6 +231,10 @@ static struct rte_cryptodev_ops crypto_bcmfs_ops = { /* Queue-Pair management */ .queue_pair_setup = bcmfs_sym_qp_setup, .queue_pair_release = bcmfs_sym_qp_release, + /* Crypto session related operations */ + .sym_session_get_size = bcmfs_sym_session_get_private_size, + .sym_session_configure = bcmfs_sym_session_configure, + .sym_session_clear = bcmfs_sym_session_clear }; /** Enqueue burst */ @@ -239,6 +246,7 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair, int i, j; uint16_t enq = 0; struct bcmfs_sym_request *sreq; + struct bcmfs_sym_session *sess; struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair; if (nb_ops == 0) @@ -252,6 +260,10 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair, nb_ops = qp->nb_descriptors - qp->nb_pending_requests; for (i = 0; i < nb_ops; i++) { + sess = bcmfs_sym_get_session(ops[i]); + if (unlikely(sess == NULL)) + goto enqueue_err; + if (rte_mempool_get(qp->sr_mp, (void **)&sreq)) goto enqueue_err; @@ -356,6 +368,7 @@ bcmfs_sym_dev_create(struct bcmfs_device *fsdev) fsdev->sym_dev = internals; internals->sym_dev_id = cryptodev->data->dev_id; + internals->fsdev_capabilities = bcmfs_sym_get_capabilities(); BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d", cryptodev->data->name, internals->sym_dev_id); diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c new file mode 100644 index 0000000000..675ed0ad55 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c @@ -0,0 +1,282 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#include +#include +#include + +#include "bcmfs_logs.h" +#include "bcmfs_sym_defs.h" +#include "bcmfs_sym_pmd.h" +#include "bcmfs_sym_session.h" + +/** Configure the session from a crypto xform chain */ +static enum bcmfs_sym_chain_order +crypto_get_chain_order(const struct rte_crypto_sym_xform *xform) +{ + enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED; + + if (xform != NULL) { + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + res = BCMFS_SYM_CHAIN_AEAD; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + if (xform->next == NULL) + res = BCMFS_SYM_CHAIN_ONLY_AUTH; + else if (xform->next->type == + RTE_CRYPTO_SYM_XFORM_CIPHER) + res = BCMFS_SYM_CHAIN_AUTH_CIPHER; + } + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + if (xform->next == NULL) + res = BCMFS_SYM_CHAIN_ONLY_CIPHER; + else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + res = BCMFS_SYM_CHAIN_CIPHER_AUTH; + } + } + + return res; +} + +/* Get session cipher key from input cipher key */ +static void +get_key(const uint8_t *input_key, int keylen, uint8_t *session_key) +{ + memcpy(session_key, input_key, keylen); +} + +/* Set session cipher parameters */ +static int +crypto_set_session_cipher_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_cipher_xform *cipher_xform) +{ + if (cipher_xform->key.length > BCMFS_MAX_KEY_SIZE) { + BCMFS_DP_LOG(ERR, "key length not supported"); + return -EINVAL; + } + + sess->cipher.key.length = cipher_xform->key.length; + sess->cipher.iv.offset = cipher_xform->iv.offset; + sess->cipher.iv.length = cipher_xform->iv.length; + sess->cipher.op = cipher_xform->op; + sess->cipher.algo = cipher_xform->algo; + + get_key(cipher_xform->key.data, + sess->cipher.key.length, + sess->cipher.key.data); + + return 0; +} + +/* Set session auth parameters */ +static int +crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_auth_xform *auth_xform) +{ + if (auth_xform->key.length > BCMFS_MAX_KEY_SIZE) { + BCMFS_DP_LOG(ERR, "key length not supported"); + return -EINVAL; + } + + sess->auth.op = auth_xform->op; + sess->auth.key.length = auth_xform->key.length; + sess->auth.digest_length = auth_xform->digest_length; + sess->auth.iv.length = auth_xform->iv.length; + sess->auth.iv.offset = auth_xform->iv.offset; + sess->auth.algo = auth_xform->algo; + + get_key(auth_xform->key.data, + auth_xform->key.length, + sess->auth.key.data); + + return 0; +} + +/* Set session aead parameters */ +static int +crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_sym_xform *aead_xform) +{ + if (aead_xform->aead.key.length > BCMFS_MAX_KEY_SIZE) { + BCMFS_DP_LOG(ERR, "key length not supported"); + return -EINVAL; + } + + sess->aead.iv.offset = aead_xform->aead.iv.offset; + sess->aead.iv.length = aead_xform->aead.iv.length; + sess->aead.aad_length = aead_xform->aead.aad_length; + sess->aead.key.length = aead_xform->aead.key.length; + sess->aead.digest_length = aead_xform->aead.digest_length; + sess->aead.op = aead_xform->aead.op; + sess->aead.algo = aead_xform->aead.algo; + + get_key(aead_xform->aead.key.data, + aead_xform->aead.key.length, + sess->aead.key.data); + + return 0; +} + +static struct rte_crypto_auth_xform * +crypto_get_auth_xform(struct rte_crypto_sym_xform *xform) +{ + do { + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) + return &xform->auth; + + xform = xform->next; + } while (xform); + + return NULL; +} + +static struct rte_crypto_cipher_xform * +crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform) +{ + do { + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) + return &xform->cipher; + + xform = xform->next; + } while (xform); + + return NULL; +} + +/** Parse crypto xform chain and set private session parameters */ +static int +crypto_set_session_parameters(struct bcmfs_sym_session *sess, + struct rte_crypto_sym_xform *xform) +{ + int rc = 0; + struct rte_crypto_cipher_xform *cipher_xform = + crypto_get_cipher_xform(xform); + struct rte_crypto_auth_xform *auth_xform = + crypto_get_auth_xform(xform); + + sess->chain_order = crypto_get_chain_order(xform); + + switch (sess->chain_order) { + case BCMFS_SYM_CHAIN_ONLY_CIPHER: + if (crypto_set_session_cipher_parameters(sess, cipher_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_ONLY_AUTH: + if (crypto_set_session_auth_parameters(sess, auth_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_AUTH_CIPHER: + sess->cipher_first = false; + if (crypto_set_session_auth_parameters(sess, auth_xform)) { + rc = -EINVAL; + goto error; + } + + if (crypto_set_session_cipher_parameters(sess, cipher_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_CIPHER_AUTH: + sess->cipher_first = true; + if (crypto_set_session_auth_parameters(sess, auth_xform)) { + rc = -EINVAL; + goto error; + } + + if (crypto_set_session_cipher_parameters(sess, cipher_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_AEAD: + if (crypto_set_session_aead_parameters(sess, xform)) + rc = -EINVAL; + break; + default: + BCMFS_DP_LOG(ERR, "Invalid chain order\n"); + rc = -EINVAL; + break; + } + +error: + return rc; +} + +struct bcmfs_sym_session * +bcmfs_sym_get_session(struct rte_crypto_op *op) +{ + struct bcmfs_sym_session *sess = NULL; + + if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) { + BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op); + } else if (likely(op->sym->session != NULL)) { + /* get existing session */ + sess = (struct bcmfs_sym_session *) + get_sym_session_private_data(op->sym->session, + cryptodev_bcmfs_driver_id); + } + + if (sess == NULL) + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + + return sess; +} + +int +bcmfs_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + int ret; + + if (unlikely(sess == NULL)) { + BCMFS_DP_LOG(ERR, "Invalid session struct"); + return -EINVAL; + } + + if (rte_mempool_get(mempool, &sess_private_data)) { + BCMFS_DP_LOG(ERR, + "Couldn't get object from session mempool"); + return -ENOMEM; + } + + ret = crypto_set_session_parameters(sess_private_data, xform); + + if (ret != 0) { + BCMFS_DP_LOG(ERR, "Failed configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sym_session_private_data(sess, dev->driver_id, + sess_private_data); + + return 0; +} + +/* Clear the memory of session so it doesn't leave key material behind */ +void +bcmfs_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess) +{ + uint8_t index = dev->driver_id; + void *sess_priv = get_sym_session_private_data(sess, index); + + if (sess_priv) { + struct rte_mempool *sess_mp; + + memset(sess_priv, 0, sizeof(struct bcmfs_sym_session)); + sess_mp = rte_mempool_from_obj(sess_priv); + + set_sym_session_private_data(sess, index, NULL); + rte_mempool_put(sess_mp, sess_priv); + } +} + +unsigned int +bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct bcmfs_sym_session); +} diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h new file mode 100644 index 0000000000..8240c6fc25 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h @@ -0,0 +1,109 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_SESSION_H_ +#define _BCMFS_SYM_SESSION_H_ + +#include +#include +#include + +#include "bcmfs_sym_defs.h" +#include "bcmfs_sym_req.h" + +/* BCMFS_SYM operation order mode enumerator */ +enum bcmfs_sym_chain_order { + BCMFS_SYM_CHAIN_ONLY_CIPHER, + BCMFS_SYM_CHAIN_ONLY_AUTH, + BCMFS_SYM_CHAIN_CIPHER_AUTH, + BCMFS_SYM_CHAIN_AUTH_CIPHER, + BCMFS_SYM_CHAIN_AEAD, + BCMFS_SYM_CHAIN_NOT_SUPPORTED +}; + +/* BCMFS_SYM crypto private session structure */ +struct bcmfs_sym_session { + enum bcmfs_sym_chain_order chain_order; + + /* Cipher Parameters */ + struct { + enum rte_crypto_cipher_operation op; + /* Cipher operation */ + enum rte_crypto_cipher_algorithm algo; + /* Cipher algorithm */ + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + size_t length; + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + } cipher; + + /* Authentication Parameters */ + struct { + enum rte_crypto_auth_operation op; + /* Auth operation */ + enum rte_crypto_auth_algorithm algo; + /* Auth algorithm */ + + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + size_t length; + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + + uint16_t digest_length; + } auth; + + /* Aead Parameters */ + struct { + enum rte_crypto_aead_operation op; + /* AEAD operation */ + enum rte_crypto_aead_algorithm algo; + /* AEAD algorithm */ + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + size_t length; + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + + uint16_t digest_length; + + uint16_t aad_length; + } aead; + + bool cipher_first; +} __rte_cache_aligned; + +int +bcmfs_process_crypto_op(struct rte_crypto_op *op, + struct bcmfs_sym_session *sess, + struct bcmfs_sym_request *req); + +int +bcmfs_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *sess, + struct rte_mempool *mempool); + +void +bcmfs_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess); + +unsigned int +bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused); + +struct bcmfs_sym_session * +bcmfs_sym_get_session(struct rte_crypto_op *op); + +#endif /* _BCMFS_SYM_SESSION_H_ */ diff --git a/drivers/crypto/bcmfs/meson.build b/drivers/crypto/bcmfs/meson.build index d9a3d73e99..2e86c733e1 100644 --- a/drivers/crypto/bcmfs/meson.build +++ b/drivers/crypto/bcmfs/meson.build @@ -12,5 +12,7 @@ sources = files( 'hw/bcmfs4_rm.c', 'hw/bcmfs5_rm.c', 'hw/bcmfs_rm_common.c', - 'bcmfs_sym_pmd.c' + 'bcmfs_sym_pmd.c', + 'bcmfs_sym_capabilities.c', + 'bcmfs_sym_session.c' ) -- 2.17.1