1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2017 Intel Corporation
7 #include <rte_string_fns.h>
8 #include <rte_common.h>
9 #include <rte_malloc.h>
10 #include <rte_ether.h>
11 #include <rte_cryptodev_pmd.h>
13 #include "aesni_mb_pmd_private.h"
16 static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
18 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
20 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
22 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
39 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
41 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
43 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
60 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
62 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
64 .algo = RTE_CRYPTO_AUTH_SHA1,
81 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
83 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
85 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
102 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
104 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
106 .algo = RTE_CRYPTO_AUTH_SHA224,
123 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
125 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
127 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
144 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
146 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
148 .algo = RTE_CRYPTO_AUTH_SHA256,
165 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
167 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
169 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
186 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
188 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
190 .algo = RTE_CRYPTO_AUTH_SHA384,
207 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
209 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
211 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
228 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
230 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
232 .algo = RTE_CRYPTO_AUTH_SHA512,
248 { /* AES XCBC HMAC */
249 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
251 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
253 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
270 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
272 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
274 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
290 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
292 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
294 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
309 { /* AES DOCSIS BPI */
310 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
312 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
314 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
318 #if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
335 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
337 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
339 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
357 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
359 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
374 { /* DES DOCSIS BPI */
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
379 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
397 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
399 .algo = RTE_CRYPTO_AEAD_AES_CCM,
425 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
427 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
429 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
446 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
448 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
450 .algo = RTE_CRYPTO_AEAD_AES_GCM,
475 { /* AES GMAC (AUTH) */
476 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
478 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
480 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
500 #if IMB_VERSION(0, 53, 0) <= IMB_VERSION_NUM
502 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
504 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
506 .algo = RTE_CRYPTO_CIPHER_AES_ECB,
518 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
521 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
522 static const struct rte_cryptodev_capabilities
523 aesni_mb_pmd_security_crypto_cap[] = {
524 { /* AES DOCSIS BPI */
525 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
527 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
529 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
545 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
548 static const struct rte_security_capability aesni_mb_pmd_security_cap[] = {
549 { /* DOCSIS Uplink */
550 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
551 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
553 .direction = RTE_SECURITY_DOCSIS_UPLINK
555 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
557 { /* DOCSIS Downlink */
558 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
559 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
561 .direction = RTE_SECURITY_DOCSIS_DOWNLINK
563 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
566 .action = RTE_SECURITY_ACTION_TYPE_NONE
571 /** Configure device */
573 aesni_mb_pmd_config(__rte_unused struct rte_cryptodev *dev,
574 __rte_unused struct rte_cryptodev_config *config)
581 aesni_mb_pmd_start(__rte_unused struct rte_cryptodev *dev)
588 aesni_mb_pmd_stop(__rte_unused struct rte_cryptodev *dev)
594 aesni_mb_pmd_close(__rte_unused struct rte_cryptodev *dev)
600 /** Get device statistics */
602 aesni_mb_pmd_stats_get(struct rte_cryptodev *dev,
603 struct rte_cryptodev_stats *stats)
607 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
608 struct aesni_mb_qp *qp = dev->data->queue_pairs[qp_id];
610 stats->enqueued_count += qp->stats.enqueued_count;
611 stats->dequeued_count += qp->stats.dequeued_count;
613 stats->enqueue_err_count += qp->stats.enqueue_err_count;
614 stats->dequeue_err_count += qp->stats.dequeue_err_count;
618 /** Reset device statistics */
620 aesni_mb_pmd_stats_reset(struct rte_cryptodev *dev)
624 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
625 struct aesni_mb_qp *qp = dev->data->queue_pairs[qp_id];
627 memset(&qp->stats, 0, sizeof(qp->stats));
632 /** Get device info */
634 aesni_mb_pmd_info_get(struct rte_cryptodev *dev,
635 struct rte_cryptodev_info *dev_info)
637 struct aesni_mb_private *internals = dev->data->dev_private;
639 if (dev_info != NULL) {
640 dev_info->driver_id = dev->driver_id;
641 dev_info->feature_flags = dev->feature_flags;
642 dev_info->capabilities = aesni_mb_pmd_capabilities;
643 dev_info->max_nb_queue_pairs = internals->max_nb_queue_pairs;
644 /* No limit of number of sessions */
645 dev_info->sym.max_nb_sessions = 0;
649 /** Release queue pair */
651 aesni_mb_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
653 struct aesni_mb_qp *qp = dev->data->queue_pairs[qp_id];
654 struct rte_ring *r = NULL;
657 r = rte_ring_lookup(qp->name);
661 free_mb_mgr(qp->mb_mgr);
663 dev->data->queue_pairs[qp_id] = NULL;
668 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */
670 aesni_mb_pmd_qp_set_unique_name(struct rte_cryptodev *dev,
671 struct aesni_mb_qp *qp)
673 unsigned n = snprintf(qp->name, sizeof(qp->name),
674 "aesni_mb_pmd_%u_qp_%u",
675 dev->data->dev_id, qp->id);
677 if (n >= sizeof(qp->name))
683 /** Create a ring to place processed operations on */
684 static struct rte_ring *
685 aesni_mb_pmd_qp_create_processed_ops_ring(struct aesni_mb_qp *qp,
686 unsigned int ring_size, int socket_id)
689 char ring_name[RTE_CRYPTODEV_NAME_MAX_LEN];
691 unsigned int n = strlcpy(ring_name, qp->name, sizeof(ring_name));
693 if (n >= sizeof(ring_name))
696 r = rte_ring_lookup(ring_name);
698 if (rte_ring_get_size(r) >= ring_size) {
699 AESNI_MB_LOG(INFO, "Reusing existing ring %s for processed ops",
704 AESNI_MB_LOG(ERR, "Unable to reuse existing ring %s for processed ops",
709 return rte_ring_create(ring_name, ring_size, socket_id,
710 RING_F_SP_ENQ | RING_F_SC_DEQ);
713 /** Setup a queue pair */
715 aesni_mb_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
716 const struct rte_cryptodev_qp_conf *qp_conf,
719 struct aesni_mb_qp *qp = NULL;
720 struct aesni_mb_private *internals = dev->data->dev_private;
723 /* Free memory prior to re-allocation if needed. */
724 if (dev->data->queue_pairs[qp_id] != NULL)
725 aesni_mb_pmd_qp_release(dev, qp_id);
727 /* Allocate the queue pair data structure. */
728 qp = rte_zmalloc_socket("AES-NI PMD Queue Pair", sizeof(*qp),
729 RTE_CACHE_LINE_SIZE, socket_id);
734 dev->data->queue_pairs[qp_id] = qp;
736 if (aesni_mb_pmd_qp_set_unique_name(dev, qp))
737 goto qp_setup_cleanup;
740 qp->mb_mgr = alloc_mb_mgr(0);
741 if (qp->mb_mgr == NULL) {
743 goto qp_setup_cleanup;
746 switch (internals->vector_mode) {
747 case RTE_AESNI_MB_SSE:
748 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
749 init_mb_mgr_sse(qp->mb_mgr);
751 case RTE_AESNI_MB_AVX:
752 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
753 init_mb_mgr_avx(qp->mb_mgr);
755 case RTE_AESNI_MB_AVX2:
756 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
757 init_mb_mgr_avx2(qp->mb_mgr);
759 case RTE_AESNI_MB_AVX512:
760 dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
761 init_mb_mgr_avx512(qp->mb_mgr);
764 AESNI_MB_LOG(ERR, "Unsupported vector mode %u\n",
765 internals->vector_mode);
766 goto qp_setup_cleanup;
769 qp->ingress_queue = aesni_mb_pmd_qp_create_processed_ops_ring(qp,
770 qp_conf->nb_descriptors, socket_id);
771 if (qp->ingress_queue == NULL) {
773 goto qp_setup_cleanup;
776 qp->sess_mp = qp_conf->mp_session;
777 qp->sess_mp_priv = qp_conf->mp_session_private;
779 memset(&qp->stats, 0, sizeof(qp->stats));
781 char mp_name[RTE_MEMPOOL_NAMESIZE];
783 snprintf(mp_name, RTE_MEMPOOL_NAMESIZE,
784 "digest_mp_%u_%u", dev->data->dev_id, qp_id);
790 free_mb_mgr(qp->mb_mgr);
797 /** Returns the size of the aesni multi-buffer session structure */
799 aesni_mb_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
801 return sizeof(struct aesni_mb_session);
804 /** Configure a aesni multi-buffer session from a crypto xform chain */
806 aesni_mb_pmd_sym_session_configure(struct rte_cryptodev *dev,
807 struct rte_crypto_sym_xform *xform,
808 struct rte_cryptodev_sym_session *sess,
809 struct rte_mempool *mempool)
811 void *sess_private_data;
812 struct aesni_mb_private *internals = dev->data->dev_private;
815 if (unlikely(sess == NULL)) {
816 AESNI_MB_LOG(ERR, "invalid session struct");
820 if (rte_mempool_get(mempool, &sess_private_data)) {
822 "Couldn't get object from session mempool");
826 ret = aesni_mb_set_session_parameters(internals->mb_mgr,
827 sess_private_data, xform);
829 AESNI_MB_LOG(ERR, "failed configure session parameters");
831 /* Return session to mempool */
832 rte_mempool_put(mempool, sess_private_data);
836 set_sym_session_private_data(sess, dev->driver_id,
842 /** Clear the memory of session so it doesn't leave key material behind */
844 aesni_mb_pmd_sym_session_clear(struct rte_cryptodev *dev,
845 struct rte_cryptodev_sym_session *sess)
847 uint8_t index = dev->driver_id;
848 void *sess_priv = get_sym_session_private_data(sess, index);
850 /* Zero out the whole structure */
852 memset(sess_priv, 0, sizeof(struct aesni_mb_session));
853 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
854 set_sym_session_private_data(sess, index, NULL);
855 rte_mempool_put(sess_mp, sess_priv);
859 struct rte_cryptodev_ops aesni_mb_pmd_ops = {
860 .dev_configure = aesni_mb_pmd_config,
861 .dev_start = aesni_mb_pmd_start,
862 .dev_stop = aesni_mb_pmd_stop,
863 .dev_close = aesni_mb_pmd_close,
865 .stats_get = aesni_mb_pmd_stats_get,
866 .stats_reset = aesni_mb_pmd_stats_reset,
868 .dev_infos_get = aesni_mb_pmd_info_get,
870 .queue_pair_setup = aesni_mb_pmd_qp_setup,
871 .queue_pair_release = aesni_mb_pmd_qp_release,
873 .sym_cpu_process = aesni_mb_cpu_crypto_process_bulk,
875 .sym_session_get_size = aesni_mb_pmd_sym_session_get_size,
876 .sym_session_configure = aesni_mb_pmd_sym_session_configure,
877 .sym_session_clear = aesni_mb_pmd_sym_session_clear
880 struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
882 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
884 * Configure a aesni multi-buffer session from a security session
888 aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
889 struct rte_security_session *sess,
890 struct rte_mempool *mempool)
892 void *sess_private_data;
893 struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
896 if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
897 conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
898 AESNI_MB_LOG(ERR, "Invalid security protocol");
902 if (rte_mempool_get(mempool, &sess_private_data)) {
903 AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
907 ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
911 AESNI_MB_LOG(ERR, "Failed to configure session parameters");
913 /* Return session to mempool */
914 rte_mempool_put(mempool, sess_private_data);
918 set_sec_session_private_data(sess, sess_private_data);
923 /** Clear the memory of session so it doesn't leave key material behind */
925 aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
926 struct rte_security_session *sess)
928 void *sess_priv = get_sec_session_private_data(sess);
931 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
932 memset(sess, 0, sizeof(struct aesni_mb_session));
933 set_sec_session_private_data(sess, NULL);
934 rte_mempool_put(sess_mp, sess_priv);
939 /** Get security capabilities for aesni multi-buffer */
940 static const struct rte_security_capability *
941 aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
943 return aesni_mb_pmd_security_cap;
946 static struct rte_security_ops aesni_mb_pmd_sec_ops = {
947 .session_create = aesni_mb_pmd_sec_sess_create,
948 .session_update = NULL,
949 .session_stats_get = NULL,
950 .session_destroy = aesni_mb_pmd_sec_sess_destroy,
951 .set_pkt_metadata = NULL,
952 .capabilities_get = aesni_mb_pmd_sec_capa_get
955 struct rte_security_ops *rte_aesni_mb_pmd_sec_ops = &aesni_mb_pmd_sec_ops;