1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2020 Broadcom
6 #include <rte_crypto.h>
7 #include <rte_crypto_sym.h>
10 #include "bcmfs_logs.h"
11 #include "bcmfs_sym_defs.h"
12 #include "bcmfs_sym_pmd.h"
13 #include "bcmfs_sym_session.h"
15 /** Configure the session from a crypto xform chain */
16 static enum bcmfs_sym_chain_order
17 crypto_get_chain_order(const struct rte_crypto_sym_xform *xform)
19 enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED;
22 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
23 res = BCMFS_SYM_CHAIN_AEAD;
25 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
26 if (xform->next == NULL)
27 res = BCMFS_SYM_CHAIN_ONLY_AUTH;
28 else if (xform->next->type ==
29 RTE_CRYPTO_SYM_XFORM_CIPHER)
30 res = BCMFS_SYM_CHAIN_AUTH_CIPHER;
32 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
33 if (xform->next == NULL)
34 res = BCMFS_SYM_CHAIN_ONLY_CIPHER;
35 else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
36 res = BCMFS_SYM_CHAIN_CIPHER_AUTH;
43 /* Get session cipher key from input cipher key */
45 get_key(const uint8_t *input_key, int keylen, uint8_t *session_key)
47 memcpy(session_key, input_key, keylen);
50 /* Set session cipher parameters */
52 crypto_set_session_cipher_parameters(struct bcmfs_sym_session *sess,
53 const struct rte_crypto_cipher_xform *cipher_xform)
55 if (cipher_xform->key.length > BCMFS_MAX_KEY_SIZE) {
56 BCMFS_DP_LOG(ERR, "key length not supported");
60 sess->cipher.key.length = cipher_xform->key.length;
61 sess->cipher.iv.offset = cipher_xform->iv.offset;
62 sess->cipher.iv.length = cipher_xform->iv.length;
63 sess->cipher.op = cipher_xform->op;
64 sess->cipher.algo = cipher_xform->algo;
66 get_key(cipher_xform->key.data,
67 sess->cipher.key.length,
68 sess->cipher.key.data);
73 /* Set session auth parameters */
75 crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess,
76 const struct rte_crypto_auth_xform *auth_xform)
78 if (auth_xform->key.length > BCMFS_MAX_KEY_SIZE) {
79 BCMFS_DP_LOG(ERR, "key length not supported");
83 sess->auth.op = auth_xform->op;
84 sess->auth.key.length = auth_xform->key.length;
85 sess->auth.digest_length = auth_xform->digest_length;
86 sess->auth.iv.length = auth_xform->iv.length;
87 sess->auth.iv.offset = auth_xform->iv.offset;
88 sess->auth.algo = auth_xform->algo;
90 get_key(auth_xform->key.data,
91 auth_xform->key.length,
97 /* Set session aead parameters */
99 crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess,
100 const struct rte_crypto_sym_xform *aead_xform)
102 if (aead_xform->aead.key.length > BCMFS_MAX_KEY_SIZE) {
103 BCMFS_DP_LOG(ERR, "key length not supported");
107 sess->aead.iv.offset = aead_xform->aead.iv.offset;
108 sess->aead.iv.length = aead_xform->aead.iv.length;
109 sess->aead.aad_length = aead_xform->aead.aad_length;
110 sess->aead.key.length = aead_xform->aead.key.length;
111 sess->aead.digest_length = aead_xform->aead.digest_length;
112 sess->aead.op = aead_xform->aead.op;
113 sess->aead.algo = aead_xform->aead.algo;
115 get_key(aead_xform->aead.key.data,
116 aead_xform->aead.key.length,
117 sess->aead.key.data);
122 static struct rte_crypto_auth_xform *
123 crypto_get_auth_xform(struct rte_crypto_sym_xform *xform)
126 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
135 static struct rte_crypto_cipher_xform *
136 crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform)
139 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
140 return &xform->cipher;
148 /** Parse crypto xform chain and set private session parameters */
150 crypto_set_session_parameters(struct bcmfs_sym_session *sess,
151 struct rte_crypto_sym_xform *xform)
154 struct rte_crypto_cipher_xform *cipher_xform =
155 crypto_get_cipher_xform(xform);
156 struct rte_crypto_auth_xform *auth_xform =
157 crypto_get_auth_xform(xform);
159 sess->chain_order = crypto_get_chain_order(xform);
161 switch (sess->chain_order) {
162 case BCMFS_SYM_CHAIN_ONLY_CIPHER:
163 if (crypto_set_session_cipher_parameters(sess, cipher_xform))
166 case BCMFS_SYM_CHAIN_ONLY_AUTH:
167 if (crypto_set_session_auth_parameters(sess, auth_xform))
170 case BCMFS_SYM_CHAIN_AUTH_CIPHER:
171 sess->cipher_first = false;
172 if (crypto_set_session_auth_parameters(sess, auth_xform)) {
177 if (crypto_set_session_cipher_parameters(sess, cipher_xform))
180 case BCMFS_SYM_CHAIN_CIPHER_AUTH:
181 sess->cipher_first = true;
182 if (crypto_set_session_auth_parameters(sess, auth_xform)) {
187 if (crypto_set_session_cipher_parameters(sess, cipher_xform))
190 case BCMFS_SYM_CHAIN_AEAD:
191 if (crypto_set_session_aead_parameters(sess, xform))
195 BCMFS_DP_LOG(ERR, "Invalid chain order\n");
204 struct bcmfs_sym_session *
205 bcmfs_sym_get_session(struct rte_crypto_op *op)
207 struct bcmfs_sym_session *sess = NULL;
209 if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
210 BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
211 } else if (likely(op->sym->session != NULL)) {
212 /* get existing session */
213 sess = (struct bcmfs_sym_session *)
214 get_sym_session_private_data(op->sym->session,
215 cryptodev_bcmfs_driver_id);
219 op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
225 bcmfs_sym_session_configure(struct rte_cryptodev *dev,
226 struct rte_crypto_sym_xform *xform,
227 struct rte_cryptodev_sym_session *sess,
228 struct rte_mempool *mempool)
230 void *sess_private_data;
233 if (unlikely(sess == NULL)) {
234 BCMFS_DP_LOG(ERR, "Invalid session struct");
238 if (rte_mempool_get(mempool, &sess_private_data)) {
240 "Couldn't get object from session mempool");
244 ret = crypto_set_session_parameters(sess_private_data, xform);
247 BCMFS_DP_LOG(ERR, "Failed configure session parameters");
248 /* Return session to mempool */
249 rte_mempool_put(mempool, sess_private_data);
253 set_sym_session_private_data(sess, dev->driver_id,
259 /* Clear the memory of session so it doesn't leave key material behind */
261 bcmfs_sym_session_clear(struct rte_cryptodev *dev,
262 struct rte_cryptodev_sym_session *sess)
264 uint8_t index = dev->driver_id;
265 void *sess_priv = get_sym_session_private_data(sess, index);
268 struct rte_mempool *sess_mp;
270 memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
271 sess_mp = rte_mempool_from_obj(sess_priv);
273 set_sym_session_private_data(sess, index, NULL);
274 rte_mempool_put(sess_mp, sess_priv);
279 bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
281 return sizeof(struct bcmfs_sym_session);