1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2016 Intel Corporation
5 #ifndef _AESNI_MB_PMD_PRIVATE_H_
6 #define _AESNI_MB_PMD_PRIVATE_H_
8 #include <intel-ipsec-mb.h>
10 #if defined(RTE_LIBRTE_SECURITY) && (IMB_VERSION_NUM) >= IMB_VERSION(0, 54, 0)
11 #define AESNI_MB_DOCSIS_SEC_ENABLED 1
12 #include <rte_security.h>
13 #include <rte_security_driver.h>
16 enum aesni_mb_vector_mode {
17 RTE_AESNI_MB_NOT_SUPPORTED = 0,
24 #define CRYPTODEV_NAME_AESNI_MB_PMD crypto_aesni_mb
25 /**< AES-NI Multi buffer PMD device name */
27 /** AESNI_MB PMD LOGTYPE DRIVER */
28 extern int aesni_mb_logtype_driver;
30 #define AESNI_MB_LOG(level, fmt, ...) \
31 rte_log(RTE_LOG_ ## level, aesni_mb_logtype_driver, \
32 "%s() line %u: " fmt "\n", __func__, __LINE__, \
36 #define HMAC_IPAD_VALUE (0x36)
37 #define HMAC_OPAD_VALUE (0x5C)
39 /* Maximum length for digest */
40 #define DIGEST_LENGTH_MAX 64
41 static const unsigned auth_blocksize[] = {
56 [PLAIN_SHA_384] = 128,
57 [PLAIN_SHA_512] = 128,
58 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
59 [IMB_AUTH_ZUC_EIA3_BITLEN] = 16
64 * Get the blocksize in bytes for a specified authentication algorithm
66 * @Note: this function will not return a valid value for a non-valid
67 * authentication algorithm
69 static inline unsigned
70 get_auth_algo_blocksize(JOB_HASH_ALG algo)
72 return auth_blocksize[algo];
75 static const unsigned auth_truncated_digest_byte_lengths[] = {
92 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
93 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4
98 * Get the IPsec specified truncated length in bytes of the HMAC digest for a
99 * specified authentication algorithm
101 * @Note: this function will not return a valid value for a non-valid
102 * authentication algorithm
104 static inline unsigned
105 get_truncated_digest_byte_length(JOB_HASH_ALG algo)
107 return auth_truncated_digest_byte_lengths[algo];
110 static const unsigned auth_digest_byte_lengths[] = {
123 [PLAIN_SHA_224] = 28,
124 [PLAIN_SHA_256] = 32,
125 [PLAIN_SHA_384] = 48,
126 [PLAIN_SHA_512] = 64,
127 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
128 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4
130 /**< Vector mode dependent pointer table of the multi-buffer APIs */
135 * Get the full digest size in bytes for a specified authentication algorithm
136 * (if available in the Multi-buffer library)
138 * @Note: this function will not return a valid value for a non-valid
139 * authentication algorithm
141 static inline unsigned
142 get_digest_byte_length(JOB_HASH_ALG algo)
144 return auth_digest_byte_lengths[algo];
147 enum aesni_mb_operation {
148 AESNI_MB_OP_HASH_CIPHER,
149 AESNI_MB_OP_CIPHER_HASH,
150 AESNI_MB_OP_HASH_ONLY,
151 AESNI_MB_OP_CIPHER_ONLY,
152 AESNI_MB_OP_AEAD_HASH_CIPHER,
153 AESNI_MB_OP_AEAD_CIPHER_HASH,
154 AESNI_MB_OP_NOT_SUPPORTED
157 /** private data structure for each virtual AESNI device */
158 struct aesni_mb_private {
159 enum aesni_mb_vector_mode vector_mode;
160 /**< CPU vector instruction set mode */
161 unsigned max_nb_queue_pairs;
162 /**< Max number of queue pairs supported by device */
164 /**< Multi-buffer instance */
167 /** AESNI Multi buffer queue pair */
170 /**< Queue Pair Identifier */
171 char name[RTE_CRYPTODEV_NAME_MAX_LEN];
172 /**< Unique Queue Pair Name */
174 /**< Multi-buffer instance */
175 struct rte_ring *ingress_queue;
176 /**< Ring for placing operations ready for processing */
177 struct rte_mempool *sess_mp;
178 /**< Session Mempool */
179 struct rte_mempool *sess_mp_priv;
180 /**< Session Private Data Mempool */
181 struct rte_cryptodev_stats stats;
182 /**< Queue pair statistics */
184 /**< Index of the next slot to be used in temp_digests,
185 * to store the digest for a given operation
187 uint8_t temp_digests[MAX_JOBS][DIGEST_LENGTH_MAX];
188 /**< Buffers used to store the digest generated
189 * by the driver when verifying a digest provided
190 * by the user (using authentication verify operation)
192 } __rte_cache_aligned;
194 /** AES-NI multi-buffer private session structure */
195 struct aesni_mb_session {
196 JOB_CHAIN_ORDER chain_order;
205 /**< IV parameters */
207 /** Cipher Parameters */const struct aesni_mb_op_fns *op_fns;
208 /**< Vector mode dependent pointer table of the multi-buffer APIs */
211 /** Cipher direction - encrypt / decrypt */
212 JOB_CIPHER_DIRECTION direction;
213 /** Cipher mode - CBC / Counter */
214 JOB_CIPHER_MODE mode;
216 uint64_t key_length_in_bytes;
220 uint32_t encode[60] __rte_aligned(16);
222 uint32_t decode[60] __rte_aligned(16);
225 /**< Expanded AES keys - Allocating space to
226 * contain the maximum expanded key size which
227 * is 240 bytes for 256 bit AES, calculate by:
228 * ((key size (bytes)) *
229 * ((number of rounds) + 1))
232 const void *ks_ptr[3];
235 /**< Expanded 3DES keys */
237 struct gcm_key_data gcm_key;
238 /**< Expanded GCM key */
239 uint8_t zuc_cipher_key[16];
240 /**< ZUC cipher key */
244 /** Authentication Parameters */
246 JOB_HASH_ALG algo; /**< Authentication Algorithm */
247 enum rte_crypto_auth_operation operation;
248 /**< auth operation generate or verify */
251 uint8_t inner[128] __rte_aligned(16);
253 uint8_t outer[128] __rte_aligned(16);
256 /**< HMAC Authentication pads -
257 * allocating space for the maximum pad
258 * size supported which is 128 bytes for
263 uint32_t k1_expanded[44] __rte_aligned(16);
264 /**< k1 (expanded key). */
265 uint8_t k2[16] __rte_aligned(16);
267 uint8_t k3[16] __rte_aligned(16);
272 uint32_t expkey[60] __rte_aligned(16);
273 /**< k1 (expanded key). */
274 uint32_t skey1[4] __rte_aligned(16);
276 uint32_t skey2[4] __rte_aligned(16);
279 /**< Expanded XCBC authentication keys */
280 uint8_t zuc_auth_key[16];
281 /**< ZUC authentication key */
283 /** Generated digest size by the Multi-buffer library */
284 uint16_t gen_digest_len;
285 /** Requested digest size from Cryptodev */
286 uint16_t req_digest_len;
290 /** AAD data length */
293 } __rte_cache_aligned;
296 aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
297 struct aesni_mb_session *sess,
298 const struct rte_crypto_sym_xform *xform);
300 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
302 aesni_mb_set_docsis_sec_session_parameters(
303 __rte_unused struct rte_cryptodev *dev,
304 struct rte_security_session_conf *conf,
308 /** device specific operations function pointer structures */
309 extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops;
310 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
311 extern struct rte_security_ops *rte_aesni_mb_pmd_sec_ops;
315 aesni_mb_cpu_crypto_process_bulk(struct rte_cryptodev *dev,
316 struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs sofs,
317 struct rte_crypto_sym_vec *vec);
319 #endif /* _AESNI_MB_PMD_PRIVATE_H_ */