From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 22D8FA04C2; Wed, 12 Aug 2020 08:33:06 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EC0EE1C0DB; Wed, 12 Aug 2020 08:32:03 +0200 (CEST) Received: from mail-qt1-f196.google.com (mail-qt1-f196.google.com [209.85.160.196]) by dpdk.org (Postfix) with ESMTP id 4029B1C0DB for ; Wed, 12 Aug 2020 08:32:02 +0200 (CEST) Received: by mail-qt1-f196.google.com with SMTP id k18so734350qtm.10 for ; Tue, 11 Aug 2020 23:32:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=K8gOyGRBus1AJAaJ9MyRiUxt5tEiVhITnRjA0eyRWlo=; b=a3Wm6zQEpHONpIfgkkg2UggIuLM3wLyZZrfUf7QdJbPMlOPFAjOyFjtK3lmbSt+hsQ oJuQF1VgosB9+zMZ/8J2LfGHbQF3Wzgw8xvk0lE5cfCbKeJIanX4CFn/XcrYrwMlBJ18 4qlsYqimdrVlpqYGgdDur7J5Qjn692JU8e8mM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=K8gOyGRBus1AJAaJ9MyRiUxt5tEiVhITnRjA0eyRWlo=; b=WowbmfSeL6uRqKY3lg2JJ366Z6w7YeDo66jJhw01gRKgR61BswVOlEIMVUOgcWved6 iAxKJ50Ija0LraMgQGCLCPUPt2qVSHFIRrk6EZJ0LUWgf6TRMBgRZKjNVNQj2AqKHIhi 0VDXQ7ovlMeOCjJiUSyrPXUogfKQERIVJEVpXMQCe9+kV+wIwAEXMfy7+QUDMRelUdU8 iTeTasyQWTeQutP7ZZtc8/lFeyRgy6WdO86ZWUzBfnXbCrPqknHgAJfzobKMarwx1o/R h2D+7rDmZxqqDlaEov8SAwzqJ21tgr91svq7mtNkFC2cR0EKSUWrvxbx+iWrd/x7MSUQ EoXg== X-Gm-Message-State: AOAM530e/s8svRURiYcSoWPqwSq66X15SoxpiuyvXPkoStdOjdIV9mhd +miMHvB2INWaTWGTGHTO9W5yK0g8Yd1Z+MZ2znl+LPZ+fAlZETuP9ZngQdrQ+1SFBx3ybXcEZT/ SyzrSDeTfVTbd51w5jETfBUldkGbD3IGLKuLarIBKhCp91TofQIXEmsgMlShu X-Google-Smtp-Source: ABdhPJxwcFafhbadnkga58XZ8x0GYjhUWqQOAq0Zu7XefCH8y5yAB7lwSTCAR4VVnJGgfavBVMbUiQ== X-Received: by 2002:aed:3361:: with SMTP id u88mr4949567qtd.79.1597213920239; Tue, 11 Aug 2020 23:32:00 -0700 (PDT) Received: from rahul_yocto_ubuntu18.ibn.broadcom.net ([192.19.234.250]) by smtp.gmail.com with ESMTPSA id x3sm1301552qkx.3.2020.08.11.23.31.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Aug 2020 23:31:59 -0700 (PDT) From: Vikas Gupta To: dev@dpdk.org, akhil.goyal@nxp.com Cc: ajit.khaparde@broadcom.com, vikram.prakash@broadcom.com, Vikas Gupta , Raveendra Padasalagi Date: Wed, 12 Aug 2020 12:01:25 +0530 Message-Id: <20200812063127.8687-7-vikas.gupta@broadcom.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200812063127.8687-1-vikas.gupta@broadcom.com> References: <20200811145813.44754-1-vikas.gupta@broadcom.com> <20200812063127.8687-1-vikas.gupta@broadcom.com> Subject: [dpdk-dev] [PATCH v1 6/8] crypto/bcmfs: add session handling and capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add session handling and capabilities supported by crypto h/w accelerator. Signed-off-by: Vikas Gupta Signed-off-by: Raveendra Padasalagi Reviewed-by: Ajit Khaparde --- doc/guides/cryptodevs/bcmfs.rst | 46 ++ doc/guides/cryptodevs/features/bcmfs.ini | 56 ++ drivers/crypto/bcmfs/bcmfs_sym_capabilities.c | 764 ++++++++++++++++++ drivers/crypto/bcmfs/bcmfs_sym_capabilities.h | 16 + drivers/crypto/bcmfs/bcmfs_sym_defs.h | 170 ++++ drivers/crypto/bcmfs/bcmfs_sym_pmd.c | 13 + drivers/crypto/bcmfs/bcmfs_sym_session.c | 426 ++++++++++ drivers/crypto/bcmfs/bcmfs_sym_session.h | 99 +++ drivers/crypto/bcmfs/meson.build | 4 +- 9 files changed, 1593 insertions(+), 1 deletion(-) create mode 100644 doc/guides/cryptodevs/features/bcmfs.ini create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_capabilities.c create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_capabilities.h create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_defs.h create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_session.c create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_session.h diff --git a/doc/guides/cryptodevs/bcmfs.rst b/doc/guides/cryptodevs/bcmfs.rst index 752ce028a..2488b19f7 100644 --- a/doc/guides/cryptodevs/bcmfs.rst +++ b/doc/guides/cryptodevs/bcmfs.rst @@ -18,9 +18,55 @@ CONFIG_RTE_LIBRTE_PMD_BCMFS setting is set to `y` in config/common_base file. * ``CONFIG_RTE_LIBRTE_PMD_BCMFS=y`` +Features +~~~~~~~~ + +The BCMFS SYM PMD has support for: + +Cipher algorithms: + +* ``RTE_CRYPTO_CIPHER_3DES_CBC`` +* ``RTE_CRYPTO_CIPHER_3DES_CTR`` +* ``RTE_CRYPTO_CIPHER_AES128_CBC`` +* ``RTE_CRYPTO_CIPHER_AES192_CBC`` +* ``RTE_CRYPTO_CIPHER_AES256_CBC`` +* ``RTE_CRYPTO_CIPHER_AES128_CTR`` +* ``RTE_CRYPTO_CIPHER_AES192_CTR`` +* ``RTE_CRYPTO_CIPHER_AES256_CTR`` +* ``RTE_CRYPTO_CIPHER_AES_XTS`` +* ``RTE_CRYPTO_CIPHER_DES_CBC`` + +Hash algorithms: + +* ``RTE_CRYPTO_AUTH_SHA1`` +* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA224`` +* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA256`` +* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA384`` +* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` +* ``RTE_CRYPTO_AUTH_MD5_HMAC`` +* ``RTE_CRYPTO_AUTH_AES_GMAC`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` + +Supported AEAD algorithms: + +* ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_AES_CCM`` + Initialization -------------- BCMFS crypto PMD depend upon the devices present in the path /sys/bus/platform/devices/fs/ on the platform. Each cryptodev PMD instance can be attached to the nodes present in the mentioned path. + +Limitations +~~~~~~~~~~~ + +* Only supports the session-oriented API implementation (session-less APIs are not supported). +* CCM is not supported on Broadcom`s SoCs having FlexSparc4 unit. diff --git a/doc/guides/cryptodevs/features/bcmfs.ini b/doc/guides/cryptodevs/features/bcmfs.ini new file mode 100644 index 000000000..82d2c639d --- /dev/null +++ b/doc/guides/cryptodevs/features/bcmfs.ini @@ -0,0 +1,56 @@ +; +; Supported features of the 'bcmfs' crypto driver. +; +; Refer to default.ini for the full list of available PMD features. +; +[Features] +Symmetric crypto = Y +Sym operation chaining = Y +HW Accelerated = Y +Protocol offload = Y +In Place SGL = Y + +; +; Supported crypto algorithms of the 'bcmfs' crypto driver. +; +[Cipher] +AES CBC (128) = Y +AES CBC (192) = Y +AES CBC (256) = Y +AES CTR (128) = Y +AES CTR (192) = Y +AES CTR (256) = Y +AES XTS (128) = Y +AES XTS (256) = Y +3DES CBC = Y +DES CBC = Y +; +; Supported authentication algorithms of the 'bcmfs' crypto driver. +; +[Auth] +MD5 HMAC = Y +SHA1 = Y +SHA1 HMAC = Y +SHA224 = Y +SHA224 HMAC = Y +SHA256 = Y +SHA256 HMAC = Y +SHA384 = Y +SHA384 HMAC = Y +SHA512 = Y +SHA512 HMAC = Y +AES GMAC = Y +AES CMAC (128) = Y +AES CBC = Y +AES XCBC = Y + +; +; Supported AEAD algorithms of the 'bcmfs' crypto driver. +; +[AEAD] +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c new file mode 100644 index 000000000..bb8fa9f81 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c @@ -0,0 +1,764 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#include + +#include "bcmfs_sym_capabilities.h" + +static const struct rte_cryptodev_capabilities bcmfs_sym_capabilities[] = { + { + /* SHA1 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 20, + .max = 20, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* MD5 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, + { + /* SHA224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA1 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 0 + }, + .digest_size = { + .min = 20, + .max = 20, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* MD5 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 128, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA512 HMAC*/ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 128, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES XCBC MAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES GMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.aead = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + }, } + }, } + }, + { + /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES CBC MAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_ECB, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + { + /* AES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* AES CTR */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CTR, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* AES XTS */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_XTS, + .block_size = 16, + .key_size = { + .min = 32, + .max = 64, + .increment = 32 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .block_size = 8, + .key_size = { + .min = 8, + .max = 8, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* 3DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .block_size = 8, + .key_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* 3DES ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_ECB, + .block_size = 8, + .key_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + { + /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + }, } + }, } + }, + { + /* AES CCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_CCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 2 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 7, + .max = 13, + .increment = 1 + }, + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +const struct rte_cryptodev_capabilities * +bcmfs_sym_get_capabilities(void) +{ + return bcmfs_sym_capabilities; +} diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h new file mode 100644 index 000000000..3ff61b7d2 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_CAPABILITIES_H_ +#define _BCMFS_SYM_CAPABILITIES_H_ + +/* + * Get capabilities list for the device + * + */ +const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void); + +#endif /* _BCMFS_SYM_CAPABILITIES_H__ */ + diff --git a/drivers/crypto/bcmfs/bcmfs_sym_defs.h b/drivers/crypto/bcmfs/bcmfs_sym_defs.h new file mode 100644 index 000000000..b5657a9bc --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_defs.h @@ -0,0 +1,170 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_DEFS_H_ +#define _BCMFS_SYM_DEFS_H_ + +/* + * Max block size of hash algorithm + * currently SHA3 supports max block size + * of 144 bytes + */ +#define BCMFS_MAX_KEY_SIZE 144 +#define BCMFS_MAX_IV_SIZE 16 +#define BCMFS_MAX_DIGEST_SIZE 64 + +/** Symmetric Cipher Direction */ +enum bcmfs_crypto_cipher_op { + /** Encrypt cipher operation */ + BCMFS_CRYPTO_CIPHER_OP_ENCRYPT, + + /** Decrypt cipher operation */ + BCMFS_CRYPTO_CIPHER_OP_DECRYPT, +}; + +/** Symmetric Cipher Algorithms */ +enum bcmfs_crypto_cipher_algorithm { + /** NULL cipher algorithm. No mode applies to the NULL algorithm. */ + BCMFS_CRYPTO_CIPHER_NONE = 0, + + /** Triple DES algorithm in CBC mode */ + BCMFS_CRYPTO_CIPHER_DES_CBC, + + /** Triple DES algorithm in ECB mode */ + BCMFS_CRYPTO_CIPHER_DES_ECB, + + /** Triple DES algorithm in CBC mode */ + BCMFS_CRYPTO_CIPHER_3DES_CBC, + + /** Triple DES algorithm in ECB mode */ + BCMFS_CRYPTO_CIPHER_3DES_ECB, + + /** AES algorithm in CBC mode */ + BCMFS_CRYPTO_CIPHER_AES_CBC, + + /** AES algorithm in CCM mode. */ + BCMFS_CRYPTO_CIPHER_AES_CCM, + + /** AES algorithm in Counter mode */ + BCMFS_CRYPTO_CIPHER_AES_CTR, + + /** AES algorithm in ECB mode */ + BCMFS_CRYPTO_CIPHER_AES_ECB, + + /** AES algorithm in GCM mode. */ + BCMFS_CRYPTO_CIPHER_AES_GCM, + + /** AES algorithm in XTS mode */ + BCMFS_CRYPTO_CIPHER_AES_XTS, + + /** AES algorithm in OFB mode */ + BCMFS_CRYPTO_CIPHER_AES_OFB, +}; + +/** Symmetric Authentication Algorithms */ +enum bcmfs_crypto_auth_algorithm { + /** NULL hash algorithm. */ + BCMFS_CRYPTO_AUTH_NONE = 0, + + /** MD5 algorithm */ + BCMFS_CRYPTO_AUTH_MD5, + + /** MD5-HMAC algorithm */ + BCMFS_CRYPTO_AUTH_MD5_HMAC, + + /** SHA1 algorithm */ + BCMFS_CRYPTO_AUTH_SHA1, + + /** SHA1-HMAC algorithm */ + BCMFS_CRYPTO_AUTH_SHA1_HMAC, + + /** 224 bit SHA algorithm. */ + BCMFS_CRYPTO_AUTH_SHA224, + + /** 224 bit SHA-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA224_HMAC, + + /** 256 bit SHA algorithm. */ + BCMFS_CRYPTO_AUTH_SHA256, + + /** 256 bit SHA-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA256_HMAC, + + /** 384 bit SHA algorithm. */ + BCMFS_CRYPTO_AUTH_SHA384, + + /** 384 bit SHA-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA384_HMAC, + + /** 512 bit SHA algorithm. */ + BCMFS_CRYPTO_AUTH_SHA512, + + /** 512 bit SHA-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA512_HMAC, + + /** 224 bit SHA3 algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_224, + + /** 224 bit SHA-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_224_HMAC, + + /** 256 bit SHA3 algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_256, + + /** 256 bit SHA3-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_256_HMAC, + + /** 384 bit SHA3 algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_384, + + /** 384 bit SHA3-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_384_HMAC, + + /** 512 bit SHA3 algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_512, + + /** 512 bit SHA3-HMAC algorithm. */ + BCMFS_CRYPTO_AUTH_SHA3_512_HMAC, + + /** AES XCBC MAC algorithm */ + BCMFS_CRYPTO_AUTH_AES_XCBC_MAC, + + /** AES CMAC algorithm */ + BCMFS_CRYPTO_AUTH_AES_CMAC, + + /** AES CBC-MAC algorithm */ + BCMFS_CRYPTO_AUTH_AES_CBC_MAC, + + /** AES CBC-MAC algorithm */ + BCMFS_CRYPTO_AUTH_AES_GMAC, + + /** AES algorithm in GCM mode. */ + BCMFS_CRYPTO_AUTH_AES_GCM, + + /** AES algorithm in CCM mode. */ + BCMFS_CRYPTO_AUTH_AES_CCM, +}; + +/** Symmetric Authentication Operations */ +enum bcmfs_crypto_auth_op { + /** Verify authentication digest */ + BCMFS_CRYPTO_AUTH_OP_VERIFY, + + /** Generate authentication digest */ + BCMFS_CRYPTO_AUTH_OP_GENERATE, +}; + +enum bcmfs_sym_crypto_class { + /** Cipher algorithm */ + BCMFS_CRYPTO_CIPHER, + + /** Hash algorithm */ + BCMFS_CRYPTO_HASH, + + /** Authenticated Encryption with Assosciated Data algorithm */ + BCMFS_CRYPTO_AEAD, +}; + +#endif /* _BCMFS_SYM_DEFS_H_ */ diff --git a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c index 0f96915f7..381ca8ea4 100644 --- a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c +++ b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c @@ -14,6 +14,8 @@ #include "bcmfs_qp.h" #include "bcmfs_sym_pmd.h" #include "bcmfs_sym_req.h" +#include "bcmfs_sym_session.h" +#include "bcmfs_sym_capabilities.h" uint8_t cryptodev_bcmfs_driver_id; @@ -65,6 +67,7 @@ bcmfs_sym_dev_info_get(struct rte_cryptodev *dev, dev_info->max_nb_queue_pairs = fsdev->max_hw_qps; /* No limit of number of sessions */ dev_info->sym.max_nb_sessions = 0; + dev_info->capabilities = bcmfs_sym_get_capabilities(); } } @@ -228,6 +231,10 @@ static struct rte_cryptodev_ops crypto_bcmfs_ops = { /* Queue-Pair management */ .queue_pair_setup = bcmfs_sym_qp_setup, .queue_pair_release = bcmfs_sym_qp_release, + /* Crypto session related operations */ + .sym_session_get_size = bcmfs_sym_session_get_private_size, + .sym_session_configure = bcmfs_sym_session_configure, + .sym_session_clear = bcmfs_sym_session_clear }; /** Enqueue burst */ @@ -239,6 +246,7 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair, int i, j; uint16_t enq = 0; struct bcmfs_sym_request *sreq; + struct bcmfs_sym_session *sess; struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair; if (nb_ops == 0) @@ -252,6 +260,10 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair, nb_ops = qp->nb_descriptors - qp->nb_pending_requests; for (i = 0; i < nb_ops; i++) { + sess = bcmfs_sym_get_session(ops[i]); + if (unlikely(sess == NULL)) + goto enqueue_err; + if (rte_mempool_get(qp->sr_mp, (void **)&sreq)) goto enqueue_err; @@ -356,6 +368,7 @@ bcmfs_sym_dev_create(struct bcmfs_device *fsdev) fsdev->sym_dev = internals; internals->sym_dev_id = cryptodev->data->dev_id; + internals->fsdev_capabilities = bcmfs_sym_get_capabilities(); BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d", cryptodev->data->name, internals->sym_dev_id); diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c new file mode 100644 index 000000000..3d1fce629 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c @@ -0,0 +1,426 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#include +#include +#include + +#include "bcmfs_logs.h" +#include "bcmfs_sym_defs.h" +#include "bcmfs_sym_pmd.h" +#include "bcmfs_sym_session.h" + +/** Configure the session from a crypto xform chain */ +static enum bcmfs_sym_chain_order +crypto_get_chain_order(const struct rte_crypto_sym_xform *xform) +{ + enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED; + + + if (xform != NULL) { + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + res = BCMFS_SYM_CHAIN_AEAD; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + if (xform->next == NULL) + res = BCMFS_SYM_CHAIN_ONLY_AUTH; + else if (xform->next->type == + RTE_CRYPTO_SYM_XFORM_CIPHER) + res = BCMFS_SYM_CHAIN_AUTH_CIPHER; + } + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + if (xform->next == NULL) + res = BCMFS_SYM_CHAIN_ONLY_CIPHER; + else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + res = BCMFS_SYM_CHAIN_CIPHER_AUTH; + } + } + + return res; +} + +/* Get session cipher key from input cipher key */ +static void +get_key(const uint8_t *input_key, int keylen, uint8_t *session_key) +{ + memcpy(session_key, input_key, keylen); +} + +/* Set session cipher parameters */ +static int +crypto_set_session_cipher_parameters + (struct bcmfs_sym_session *sess, + const struct rte_crypto_cipher_xform *cipher_xform) +{ + int rc = 0; + + /* Select cipher direction */ + sess->cipher.direction = cipher_xform->op; + sess->cipher.key.length = cipher_xform->key.length; + sess->cipher.iv.offset = cipher_xform->iv.offset; + sess->cipher.iv.length = cipher_xform->iv.length; + + /* Select cipher algo */ + switch (cipher_xform->algo) { + case RTE_CRYPTO_CIPHER_3DES_CBC: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_3DES_CBC; + break; + case RTE_CRYPTO_CIPHER_3DES_ECB: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_3DES_ECB; + break; + case RTE_CRYPTO_CIPHER_DES_CBC: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_DES_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_ECB: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_ECB; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_CTR; + break; + case RTE_CRYPTO_CIPHER_AES_XTS: + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_XTS; + break; + default: + BCMFS_DP_LOG(ERR, "set session failed. unknown algo"); + sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL; + rc = -EINVAL; + break; + } + + if (!rc) + get_key(cipher_xform->key.data, + sess->cipher.key.length, + sess->cipher.key.data); + + return rc; +} + +/* Set session auth parameters */ +static int +crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_auth_xform + *auth_xform) +{ + int rc = 0; + + /* Select auth generate/verify */ + sess->auth.operation = auth_xform->op ? + BCMFS_CRYPTO_AUTH_OP_GENERATE : + BCMFS_CRYPTO_AUTH_OP_VERIFY; + sess->auth.key.length = auth_xform->key.length; + sess->auth.digest_length = auth_xform->digest_length; + sess->auth.iv.length = auth_xform->iv.length; + sess->auth.iv.offset = auth_xform->iv.offset; + + /* Select auth algo */ + switch (auth_xform->algo) { + case RTE_CRYPTO_AUTH_MD5: + sess->auth.algo = BCMFS_CRYPTO_AUTH_MD5; + break; + case RTE_CRYPTO_AUTH_SHA1: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA1; + break; + case RTE_CRYPTO_AUTH_SHA224: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA224; + break; + case RTE_CRYPTO_AUTH_SHA256: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA256; + break; + case RTE_CRYPTO_AUTH_SHA384: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA384; + break; + case RTE_CRYPTO_AUTH_SHA512: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA512; + break; + case RTE_CRYPTO_AUTH_SHA3_224: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_224; + break; + case RTE_CRYPTO_AUTH_SHA3_256: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_256; + break; + case RTE_CRYPTO_AUTH_SHA3_384: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_384; + break; + case RTE_CRYPTO_AUTH_SHA3_512: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_512; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_MD5_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA1_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA224_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA256_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA384_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA512_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA3_224_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_224_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA3_256_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_256_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA3_384_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_384_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA3_512_HMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_512_HMAC; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_XCBC_MAC; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_GMAC; + break; + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_CBC_MAC; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_CMAC; + break; + default: + BCMFS_DP_LOG(ERR, "Invalid Auth algorithm\n"); + rc = -EINVAL; + break; + } + + if (!rc) + get_key(auth_xform->key.data, + auth_xform->key.length, + sess->auth.key.data); + + return rc; +} + +/* Set session aead parameters */ +static int +crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_sym_xform *xform) +{ + int rc = 0; + + sess->cipher.direction = xform->aead.op; + sess->cipher.iv.offset = xform->aead.iv.offset; + sess->cipher.iv.length = xform->aead.iv.length; + sess->aead.aad_length = xform->aead.aad_length; + sess->cipher.key.length = xform->aead.key.length; + sess->auth.digest_length = xform->aead.digest_length; + + /* Select aead algo */ + switch (xform->aead.algo) { + case RTE_CRYPTO_AEAD_AES_CCM: + sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_CCM; + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_CCM; + break; + case RTE_CRYPTO_AEAD_AES_GCM: + sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_GCM; + sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_GCM; + break; + default: + BCMFS_DP_LOG(ERR, "Invalid aead algorithm\n"); + rc = -EINVAL; + break; + } + + if (!rc) + get_key(xform->aead.key.data, + xform->aead.key.length, + sess->cipher.key.data); + + return rc; +} + +static struct rte_crypto_auth_xform * +crypto_get_auth_xform(struct rte_crypto_sym_xform *xform) +{ + do { + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) + return &xform->auth; + + xform = xform->next; + } while (xform); + + return NULL; +} + +static struct rte_crypto_cipher_xform * +crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform) +{ + do { + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) + return &xform->cipher; + + xform = xform->next; + } while (xform); + + return NULL; +} + + +/** Parse crypto xform chain and set private session parameters */ +static int +crypto_set_session_parameters(struct bcmfs_sym_session *sess, + struct rte_crypto_sym_xform *xform) +{ + int rc = 0; + struct rte_crypto_cipher_xform *cipher_xform = + crypto_get_cipher_xform(xform); + struct rte_crypto_auth_xform *auth_xform = + crypto_get_auth_xform(xform); + + sess->chain_order = crypto_get_chain_order(xform); + + switch (sess->chain_order) { + case BCMFS_SYM_CHAIN_ONLY_CIPHER: + if (crypto_set_session_cipher_parameters(sess, + cipher_xform)) { + BCMFS_DP_LOG(ERR, "Invalid cipher"); + rc = -EINVAL; + } + break; + case BCMFS_SYM_CHAIN_ONLY_AUTH: + if (crypto_set_session_auth_parameters(sess, + auth_xform)) { + BCMFS_DP_LOG(ERR, "Invalid auth"); + rc = -EINVAL; + } + break; + case BCMFS_SYM_CHAIN_AUTH_CIPHER: + sess->cipher_first = false; + if (crypto_set_session_auth_parameters(sess, + auth_xform)) { + BCMFS_DP_LOG(ERR, "Invalid auth"); + rc = -EINVAL; + goto error; + } + + if (crypto_set_session_cipher_parameters(sess, + cipher_xform)) { + BCMFS_DP_LOG(ERR, "Invalid cipher"); + rc = -EINVAL; + } + break; + case BCMFS_SYM_CHAIN_CIPHER_AUTH: + sess->cipher_first = true; + if (crypto_set_session_auth_parameters(sess, + auth_xform)) { + BCMFS_DP_LOG(ERR, "Invalid auth"); + rc = -EINVAL; + goto error; + } + + if (crypto_set_session_cipher_parameters(sess, + cipher_xform)) { + BCMFS_DP_LOG(ERR, "Invalid cipher"); + rc = -EINVAL; + } + break; + case BCMFS_SYM_CHAIN_AEAD: + if (crypto_set_session_aead_parameters(sess, + xform)) { + BCMFS_DP_LOG(ERR, "Invalid aead"); + rc = -EINVAL; + } + break; + default: + BCMFS_DP_LOG(ERR, "Invalid chain order\n"); + rc = -EINVAL; + break; + } + +error: + return rc; +} + +struct bcmfs_sym_session * +bcmfs_sym_get_session(struct rte_crypto_op *op) +{ + struct bcmfs_sym_session *sess = NULL; + + if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) { + BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op); + } else if (likely(op->sym->session != NULL)) { + /* get existing session */ + sess = (struct bcmfs_sym_session *) + get_sym_session_private_data(op->sym->session, + cryptodev_bcmfs_driver_id); + } + + if (sess == NULL) + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + + return sess; +} + +int +bcmfs_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + int ret; + + if (unlikely(sess == NULL)) { + BCMFS_DP_LOG(ERR, "Invalid session struct"); + return -EINVAL; + } + + if (rte_mempool_get(mempool, &sess_private_data)) { + BCMFS_DP_LOG(ERR, + "Couldn't get object from session mempool"); + return -ENOMEM; + } + + ret = crypto_set_session_parameters(sess_private_data, xform); + + if (ret != 0) { + BCMFS_DP_LOG(ERR, "Failed configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sym_session_private_data(sess, dev->driver_id, + sess_private_data); + + return 0; +} + +/* Clear the memory of session so it doesn't leave key material behind */ +void +bcmfs_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess) +{ + uint8_t index = dev->driver_id; + void *sess_priv = get_sym_session_private_data(sess, index); + + if (sess_priv) { + struct rte_mempool *sess_mp; + + memset(sess_priv, 0, sizeof(struct bcmfs_sym_session)); + sess_mp = rte_mempool_from_obj(sess_priv); + + set_sym_session_private_data(sess, index, NULL); + rte_mempool_put(sess_mp, sess_priv); + } +} + +unsigned int +bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct bcmfs_sym_session); +} diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h new file mode 100644 index 000000000..43deedcf8 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h @@ -0,0 +1,99 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_SESSION_H_ +#define _BCMFS_SYM_SESSION_H_ + +#include +#include +#include + +#include "bcmfs_sym_defs.h" +#include "bcmfs_sym_req.h" + +/* BCMFS_SYM operation order mode enumerator */ +enum bcmfs_sym_chain_order { + BCMFS_SYM_CHAIN_ONLY_CIPHER, + BCMFS_SYM_CHAIN_ONLY_AUTH, + BCMFS_SYM_CHAIN_CIPHER_AUTH, + BCMFS_SYM_CHAIN_AUTH_CIPHER, + BCMFS_SYM_CHAIN_AEAD, + BCMFS_SYM_CHAIN_NOT_SUPPORTED +}; + +/* BCMFS_SYM crypto private session structure */ +struct bcmfs_sym_session { + enum bcmfs_sym_chain_order chain_order; + + /* Cipher Parameters */ + struct { + enum bcmfs_crypto_cipher_op direction; + /* cipher operation direction */ + enum bcmfs_crypto_cipher_algorithm algo; + /* cipher algorithm */ + + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + /* key data */ + size_t length; + /* key length in bytes */ + } key; + + struct { + uint16_t offset; + uint16_t length; + } iv; + } cipher; + + /* Authentication Parameters */ + struct { + enum bcmfs_crypto_auth_op operation; + /* auth operation generate or verify */ + enum bcmfs_crypto_auth_algorithm algo; + /* cipher algorithm */ + + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + /* key data */ + size_t length; + /* key length in bytes */ + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + + uint16_t digest_length; + } auth; + + /* aead Parameters */ + struct { + uint16_t aad_length; + } aead; + bool cipher_first; +} __rte_cache_aligned; + +int +bcmfs_process_crypto_op(struct rte_crypto_op *op, + struct bcmfs_sym_session *sess, + struct bcmfs_sym_request *req); + +int +bcmfs_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *sess, + struct rte_mempool *mempool); + +void +bcmfs_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess); + +unsigned int +bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused); + +struct bcmfs_sym_session * +bcmfs_sym_get_session(struct rte_crypto_op *op); + +#endif /* _BCMFS_SYM_SESSION_H_ */ diff --git a/drivers/crypto/bcmfs/meson.build b/drivers/crypto/bcmfs/meson.build index d9a3d73e9..2e86c733e 100644 --- a/drivers/crypto/bcmfs/meson.build +++ b/drivers/crypto/bcmfs/meson.build @@ -12,5 +12,7 @@ sources = files( 'hw/bcmfs4_rm.c', 'hw/bcmfs5_rm.c', 'hw/bcmfs_rm_common.c', - 'bcmfs_sym_pmd.c' + 'bcmfs_sym_pmd.c', + 'bcmfs_sym_capabilities.c', + 'bcmfs_sym_session.c' ) -- 2.17.1