1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2016 Intel Corporation
5 #ifndef _AESNI_MB_PMD_PRIVATE_H_
6 #define _AESNI_MB_PMD_PRIVATE_H_
8 #include <intel-ipsec-mb.h>
10 #if defined(RTE_LIBRTE_SECURITY) && (IMB_VERSION_NUM) >= IMB_VERSION(0, 54, 0)
11 #define AESNI_MB_DOCSIS_SEC_ENABLED 1
12 #include <rte_security.h>
13 #include <rte_security_driver.h>
16 enum aesni_mb_vector_mode {
17 RTE_AESNI_MB_NOT_SUPPORTED = 0,
24 #define CRYPTODEV_NAME_AESNI_MB_PMD crypto_aesni_mb
25 /**< AES-NI Multi buffer PMD device name */
27 /** AESNI_MB PMD LOGTYPE DRIVER */
28 extern int aesni_mb_logtype_driver;
30 #define AESNI_MB_LOG(level, fmt, ...) \
31 rte_log(RTE_LOG_ ## level, aesni_mb_logtype_driver, \
32 "%s() line %u: " fmt "\n", __func__, __LINE__, \
36 #define HMAC_IPAD_VALUE (0x36)
37 #define HMAC_OPAD_VALUE (0x5C)
39 /* Maximum length for digest */
40 #define DIGEST_LENGTH_MAX 64
41 static const unsigned auth_blocksize[] = {
56 [PLAIN_SHA_384] = 128,
57 [PLAIN_SHA_512] = 128,
58 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
59 [IMB_AUTH_ZUC_EIA3_BITLEN] = 16,
60 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16
65 * Get the blocksize in bytes for a specified authentication algorithm
67 * @Note: this function will not return a valid value for a non-valid
68 * authentication algorithm
70 static inline unsigned
71 get_auth_algo_blocksize(JOB_HASH_ALG algo)
73 return auth_blocksize[algo];
76 static const unsigned auth_truncated_digest_byte_lengths[] = {
93 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
94 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
95 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4
100 * Get the IPsec specified truncated length in bytes of the HMAC digest for a
101 * specified authentication algorithm
103 * @Note: this function will not return a valid value for a non-valid
104 * authentication algorithm
106 static inline unsigned
107 get_truncated_digest_byte_length(JOB_HASH_ALG algo)
109 return auth_truncated_digest_byte_lengths[algo];
112 static const unsigned auth_digest_byte_lengths[] = {
125 [PLAIN_SHA_224] = 28,
126 [PLAIN_SHA_256] = 32,
127 [PLAIN_SHA_384] = 48,
128 [PLAIN_SHA_512] = 64,
129 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
130 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
131 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4
133 /**< Vector mode dependent pointer table of the multi-buffer APIs */
138 * Get the full digest size in bytes for a specified authentication algorithm
139 * (if available in the Multi-buffer library)
141 * @Note: this function will not return a valid value for a non-valid
142 * authentication algorithm
144 static inline unsigned
145 get_digest_byte_length(JOB_HASH_ALG algo)
147 return auth_digest_byte_lengths[algo];
150 enum aesni_mb_operation {
151 AESNI_MB_OP_HASH_CIPHER,
152 AESNI_MB_OP_CIPHER_HASH,
153 AESNI_MB_OP_HASH_ONLY,
154 AESNI_MB_OP_CIPHER_ONLY,
155 AESNI_MB_OP_AEAD_HASH_CIPHER,
156 AESNI_MB_OP_AEAD_CIPHER_HASH,
157 AESNI_MB_OP_NOT_SUPPORTED
160 /** private data structure for each virtual AESNI device */
161 struct aesni_mb_private {
162 enum aesni_mb_vector_mode vector_mode;
163 /**< CPU vector instruction set mode */
164 unsigned max_nb_queue_pairs;
165 /**< Max number of queue pairs supported by device */
167 /**< Multi-buffer instance */
170 /** AESNI Multi buffer queue pair */
173 /**< Queue Pair Identifier */
174 char name[RTE_CRYPTODEV_NAME_MAX_LEN];
175 /**< Unique Queue Pair Name */
177 /**< Multi-buffer instance */
178 struct rte_ring *ingress_queue;
179 /**< Ring for placing operations ready for processing */
180 struct rte_mempool *sess_mp;
181 /**< Session Mempool */
182 struct rte_mempool *sess_mp_priv;
183 /**< Session Private Data Mempool */
184 struct rte_cryptodev_stats stats;
185 /**< Queue pair statistics */
187 /**< Index of the next slot to be used in temp_digests,
188 * to store the digest for a given operation
190 uint8_t temp_digests[MAX_JOBS][DIGEST_LENGTH_MAX];
191 /**< Buffers used to store the digest generated
192 * by the driver when verifying a digest provided
193 * by the user (using authentication verify operation)
195 } __rte_cache_aligned;
197 /** AES-NI multi-buffer private session structure */
198 struct aesni_mb_session {
199 JOB_CHAIN_ORDER chain_order;
208 /**< IV parameters */
210 /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns;
211 /**< Vector mode dependent pointer table of the multi-buffer APIs */
214 /** Cipher direction - encrypt / decrypt */
215 JOB_CIPHER_DIRECTION direction;
216 /** Cipher mode - CBC / Counter */
217 JOB_CIPHER_MODE mode;
219 uint64_t key_length_in_bytes;
223 uint32_t encode[60] __rte_aligned(16);
225 uint32_t decode[60] __rte_aligned(16);
228 /**< Expanded AES keys - Allocating space to
229 * contain the maximum expanded key size which
230 * is 240 bytes for 256 bit AES, calculate by:
231 * ((key size (bytes)) *
232 * ((number of rounds) + 1))
235 const void *ks_ptr[3];
238 /**< Expanded 3DES keys */
240 struct gcm_key_data gcm_key;
241 /**< Expanded GCM key */
242 uint8_t zuc_cipher_key[16];
243 /**< ZUC cipher key */
244 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
245 snow3g_key_schedule_t pKeySched_snow3g_cipher;
246 /**< SNOW3G scheduled cipher key */
251 /** Authentication Parameters */
253 JOB_HASH_ALG algo; /**< Authentication Algorithm */
254 enum rte_crypto_auth_operation operation;
255 /**< auth operation generate or verify */
258 uint8_t inner[128] __rte_aligned(16);
260 uint8_t outer[128] __rte_aligned(16);
263 /**< HMAC Authentication pads -
264 * allocating space for the maximum pad
265 * size supported which is 128 bytes for
270 uint32_t k1_expanded[44] __rte_aligned(16);
271 /**< k1 (expanded key). */
272 uint8_t k2[16] __rte_aligned(16);
274 uint8_t k3[16] __rte_aligned(16);
279 uint32_t expkey[60] __rte_aligned(16);
280 /**< k1 (expanded key). */
281 uint32_t skey1[4] __rte_aligned(16);
283 uint32_t skey2[4] __rte_aligned(16);
286 /**< Expanded XCBC authentication keys */
287 uint8_t zuc_auth_key[16];
288 /**< ZUC authentication key */
289 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
290 snow3g_key_schedule_t pKeySched_snow3g_auth;
291 /**< SNOW3G scheduled authentication key */
294 /** Generated digest size by the Multi-buffer library */
295 uint16_t gen_digest_len;
296 /** Requested digest size from Cryptodev */
297 uint16_t req_digest_len;
301 /** AAD data length */
304 } __rte_cache_aligned;
307 aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
308 struct aesni_mb_session *sess,
309 const struct rte_crypto_sym_xform *xform);
311 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
313 aesni_mb_set_docsis_sec_session_parameters(
314 __rte_unused struct rte_cryptodev *dev,
315 struct rte_security_session_conf *conf,
319 /** device specific operations function pointer structures */
320 extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops;
321 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
322 extern struct rte_security_ops *rte_aesni_mb_pmd_sec_ops;
326 aesni_mb_cpu_crypto_process_bulk(struct rte_cryptodev *dev,
327 struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs sofs,
328 struct rte_crypto_sym_vec *vec);
330 #endif /* _AESNI_MB_PMD_PRIVATE_H_ */