1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2017 Intel Corporation
7 #include <rte_string_fns.h>
8 #include <rte_common.h>
9 #include <rte_malloc.h>
10 #include <rte_ether.h>
11 #include <rte_cryptodev_pmd.h>
13 #include "aesni_mb_pmd_private.h"
16 static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
18 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
20 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
22 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
39 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
41 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
43 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
60 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
62 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
64 .algo = RTE_CRYPTO_AUTH_SHA1,
81 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
83 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
85 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
102 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
104 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
106 .algo = RTE_CRYPTO_AUTH_SHA224,
123 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
125 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
127 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
144 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
146 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
148 .algo = RTE_CRYPTO_AUTH_SHA256,
165 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
167 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
169 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
186 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
188 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
190 .algo = RTE_CRYPTO_AUTH_SHA384,
207 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
209 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
211 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
228 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
230 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
232 .algo = RTE_CRYPTO_AUTH_SHA512,
248 { /* AES XCBC HMAC */
249 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
251 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
253 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
270 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
272 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
274 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
290 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
292 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
294 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
309 { /* AES DOCSIS BPI */
310 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
312 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
314 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
318 #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
335 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
337 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
339 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
357 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
359 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
374 { /* DES DOCSIS BPI */
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
379 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
397 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
399 .algo = RTE_CRYPTO_AEAD_AES_CCM,
425 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
427 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
429 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
446 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
448 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
450 .algo = RTE_CRYPTO_AEAD_AES_GCM,
475 { /* AES GMAC (AUTH) */
476 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
478 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
480 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
500 #if IMB_VERSION(0, 53, 0) <= IMB_VERSION_NUM
502 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
504 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
506 .algo = RTE_CRYPTO_CIPHER_AES_ECB,
518 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
520 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
522 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
524 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
545 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
547 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
549 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
564 { /* SNOW 3G (UIA2) */
565 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
567 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
569 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
589 { /* SNOW 3G (UEA2) */
590 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
592 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
594 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
610 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
612 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
614 .algo = RTE_CRYPTO_AUTH_KASUMI_F9,
631 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
633 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
635 .algo = RTE_CRYPTO_CIPHER_KASUMI_F8,
651 #if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
652 { /* CHACHA20-POLY1305 */
653 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
655 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
657 .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
683 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
686 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
687 static const struct rte_cryptodev_capabilities
688 aesni_mb_pmd_security_crypto_cap[] = {
689 { /* AES DOCSIS BPI */
690 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
692 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
694 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
710 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
713 static const struct rte_security_capability aesni_mb_pmd_security_cap[] = {
714 { /* DOCSIS Uplink */
715 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
716 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
718 .direction = RTE_SECURITY_DOCSIS_UPLINK
720 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
722 { /* DOCSIS Downlink */
723 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
724 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
726 .direction = RTE_SECURITY_DOCSIS_DOWNLINK
728 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
731 .action = RTE_SECURITY_ACTION_TYPE_NONE
736 /** Configure device */
738 aesni_mb_pmd_config(__rte_unused struct rte_cryptodev *dev,
739 __rte_unused struct rte_cryptodev_config *config)
746 aesni_mb_pmd_start(__rte_unused struct rte_cryptodev *dev)
753 aesni_mb_pmd_stop(__rte_unused struct rte_cryptodev *dev)
759 aesni_mb_pmd_close(__rte_unused struct rte_cryptodev *dev)
765 /** Get device statistics */
767 aesni_mb_pmd_stats_get(struct rte_cryptodev *dev,
768 struct rte_cryptodev_stats *stats)
772 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
773 struct aesni_mb_qp *qp = dev->data->queue_pairs[qp_id];
775 stats->enqueued_count += qp->stats.enqueued_count;
776 stats->dequeued_count += qp->stats.dequeued_count;
778 stats->enqueue_err_count += qp->stats.enqueue_err_count;
779 stats->dequeue_err_count += qp->stats.dequeue_err_count;
783 /** Reset device statistics */
785 aesni_mb_pmd_stats_reset(struct rte_cryptodev *dev)
789 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
790 struct aesni_mb_qp *qp = dev->data->queue_pairs[qp_id];
792 memset(&qp->stats, 0, sizeof(qp->stats));
797 /** Get device info */
799 aesni_mb_pmd_info_get(struct rte_cryptodev *dev,
800 struct rte_cryptodev_info *dev_info)
802 struct aesni_mb_private *internals = dev->data->dev_private;
804 if (dev_info != NULL) {
805 dev_info->driver_id = dev->driver_id;
806 dev_info->feature_flags = dev->feature_flags;
807 dev_info->capabilities = aesni_mb_pmd_capabilities;
808 dev_info->max_nb_queue_pairs = internals->max_nb_queue_pairs;
809 /* No limit of number of sessions */
810 dev_info->sym.max_nb_sessions = 0;
814 /** Release queue pair */
816 aesni_mb_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
818 struct aesni_mb_qp *qp = dev->data->queue_pairs[qp_id];
819 struct rte_ring *r = NULL;
822 r = rte_ring_lookup(qp->name);
826 free_mb_mgr(qp->mb_mgr);
828 dev->data->queue_pairs[qp_id] = NULL;
833 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */
835 aesni_mb_pmd_qp_set_unique_name(struct rte_cryptodev *dev,
836 struct aesni_mb_qp *qp)
838 unsigned n = snprintf(qp->name, sizeof(qp->name),
839 "aesni_mb_pmd_%u_qp_%u",
840 dev->data->dev_id, qp->id);
842 if (n >= sizeof(qp->name))
848 /** Create a ring to place processed operations on */
849 static struct rte_ring *
850 aesni_mb_pmd_qp_create_processed_ops_ring(struct aesni_mb_qp *qp,
851 unsigned int ring_size, int socket_id)
854 char ring_name[RTE_CRYPTODEV_NAME_MAX_LEN];
856 unsigned int n = strlcpy(ring_name, qp->name, sizeof(ring_name));
858 if (n >= sizeof(ring_name))
861 r = rte_ring_lookup(ring_name);
863 if (rte_ring_get_size(r) >= ring_size) {
864 AESNI_MB_LOG(INFO, "Reusing existing ring %s for processed ops",
869 AESNI_MB_LOG(ERR, "Unable to reuse existing ring %s for processed ops",
874 return rte_ring_create(ring_name, ring_size, socket_id,
875 RING_F_SP_ENQ | RING_F_SC_DEQ);
878 /** Setup a queue pair */
880 aesni_mb_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
881 const struct rte_cryptodev_qp_conf *qp_conf,
884 struct aesni_mb_qp *qp = NULL;
885 struct aesni_mb_private *internals = dev->data->dev_private;
888 /* Free memory prior to re-allocation if needed. */
889 if (dev->data->queue_pairs[qp_id] != NULL)
890 aesni_mb_pmd_qp_release(dev, qp_id);
892 /* Allocate the queue pair data structure. */
893 qp = rte_zmalloc_socket("AES-NI PMD Queue Pair", sizeof(*qp),
894 RTE_CACHE_LINE_SIZE, socket_id);
899 dev->data->queue_pairs[qp_id] = qp;
901 if (aesni_mb_pmd_qp_set_unique_name(dev, qp))
902 goto qp_setup_cleanup;
905 qp->mb_mgr = alloc_mb_mgr(0);
906 if (qp->mb_mgr == NULL) {
908 goto qp_setup_cleanup;
911 switch (internals->vector_mode) {
912 case RTE_AESNI_MB_SSE:
913 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
914 init_mb_mgr_sse(qp->mb_mgr);
916 case RTE_AESNI_MB_AVX:
917 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
918 init_mb_mgr_avx(qp->mb_mgr);
920 case RTE_AESNI_MB_AVX2:
921 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
922 init_mb_mgr_avx2(qp->mb_mgr);
924 case RTE_AESNI_MB_AVX512:
925 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
926 init_mb_mgr_avx512(qp->mb_mgr);
929 AESNI_MB_LOG(ERR, "Unsupported vector mode %u\n",
930 internals->vector_mode);
931 goto qp_setup_cleanup;
934 qp->ingress_queue = aesni_mb_pmd_qp_create_processed_ops_ring(qp,
935 qp_conf->nb_descriptors, socket_id);
936 if (qp->ingress_queue == NULL) {
938 goto qp_setup_cleanup;
941 qp->sess_mp = qp_conf->mp_session;
942 qp->sess_mp_priv = qp_conf->mp_session_private;
944 memset(&qp->stats, 0, sizeof(qp->stats));
946 char mp_name[RTE_MEMPOOL_NAMESIZE];
948 snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
949 "digest_mp_%u_%u", dev->data->dev_id, qp_id);
955 free_mb_mgr(qp->mb_mgr);
962 /** Returns the size of the aesni multi-buffer session structure */
964 aesni_mb_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
966 return sizeof(struct aesni_mb_session);
969 /** Configure a aesni multi-buffer session from a crypto xform chain */
971 aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
972 struct rte_crypto_sym_xform *xform,
973 struct rte_cryptodev_sym_session *sess,
974 struct rte_mempool *mempool)
976 void *sess_private_data;
977 struct aesni_mb_private *internals = dev->data->dev_private;
980 if (unlikely(sess == NULL)) {
981 AESNI_MB_LOG(ERR, "invalid session struct");
985 if (rte_mempool_get(mempool, &sess_private_data)) {
987 "Couldn't get object from session mempool");
991 ret = aesni_mb_set_session_parameters(internals->mb_mgr,
992 sess_private_data, xform);
994 AESNI_MB_LOG(ERR, "failed configure session parameters");
996 /* Return session to mempool */
997 rte_mempool_put(mempool, sess_private_data);
1001 set_sym_session_private_data(sess, dev->driver_id,
1007 /** Clear the memory of session so it doesn't leave key material behind */
1009 aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev,
1010 struct rte_cryptodev_sym_session *sess)
1012 uint8_t index = dev->driver_id;
1013 void *sess_priv = get_sym_session_private_data(sess, index);
1015 /* Zero out the whole structure */
1017 memset(sess_priv, 0, sizeof(struct aesni_mb_session));
1018 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1019 set_sym_session_private_data(sess, index, NULL);
1020 rte_mempool_put(sess_mp, sess_priv);
1024 struct rte_cryptodev_ops aesni_mb_pmd_ops = {
1025 .dev_configure = aesni_mb_pmd_config,
1026 .dev_start = aesni_mb_pmd_start,
1027 .dev_stop = aesni_mb_pmd_stop,
1028 .dev_close = aesni_mb_pmd_close,
1030 .stats_get = aesni_mb_pmd_stats_get,
1031 .stats_reset = aesni_mb_pmd_stats_reset,
1033 .dev_infos_get = aesni_mb_pmd_info_get,
1035 .queue_pair_setup = aesni_mb_pmd_qp_setup,
1036 .queue_pair_release = aesni_mb_pmd_qp_release,
1038 .sym_cpu_process = aesni_mb_cpu_crypto_process_bulk,
1040 .sym_session_get_size = aesni_mb_pmd_sym_session_get_size,
1041 .sym_session_configure = aesni_mb_pmd_sym_session_configure,
1042 .sym_session_clear = aesni_mb_pmd_sym_session_clear
1045 struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
1047 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
1049 * Configure a aesni multi-buffer session from a security session
1053 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
1054 struct rte_security_session *sess,
1055 struct rte_mempool *mempool)
1057 void *sess_private_data;
1058 struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
1061 if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
1062 conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
1063 AESNI_MB_LOG(ERR, "Invalid security protocol");
1067 if (rte_mempool_get(mempool, &sess_private_data)) {
1068 AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
1072 ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
1076 AESNI_MB_LOG(ERR, "Failed to configure session parameters");
1078 /* Return session to mempool */
1079 rte_mempool_put(mempool, sess_private_data);
1083 set_sec_session_private_data(sess, sess_private_data);
1088 /** Clear the memory of session so it doesn't leave key material behind */
1090 aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
1091 struct rte_security_session *sess)
1093 void *sess_priv = get_sec_session_private_data(sess);
1096 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1097 memset(sess_priv, 0, sizeof(struct aesni_mb_session));
1098 set_sec_session_private_data(sess, NULL);
1099 rte_mempool_put(sess_mp, sess_priv);
1104 /** Get security capabilities for aesni multi-buffer */
1105 static const struct rte_security_capability *
1106 aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
1108 return aesni_mb_pmd_security_cap;
1111 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
1112 .session_create = aesni_mb_pmd_sec_sess_create,
1113 .session_update = NULL,
1114 .session_stats_get = NULL,
1115 .session_destroy = aesni_mb_pmd_sec_sess_destroy,
1116 .set_pkt_metadata = NULL,
1117 .capabilities_get = aesni_mb_pmd_sec_capa_get
1120 struct rte_security_ops *rte_aesni_mb_pmd_sec_ops = &aesni_mb_pmd_sec_ops;