1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
13 uint16_t zsk_flag : 4;
16 uint16_t chacha_poly : 1;
23 uint8_t auth_iv_length;
25 uint16_t auth_iv_offset;
28 struct roc_se_ctx roc_se_ctx;
29 } __rte_cache_aligned;
31 static __rte_always_inline int
32 cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
34 uint16_t mac_len = auth->digest_length;
38 case RTE_CRYPTO_AUTH_MD5:
39 case RTE_CRYPTO_AUTH_MD5_HMAC:
40 ret = (mac_len == 16) ? 0 : -1;
42 case RTE_CRYPTO_AUTH_SHA1:
43 case RTE_CRYPTO_AUTH_SHA1_HMAC:
44 ret = (mac_len == 20) ? 0 : -1;
46 case RTE_CRYPTO_AUTH_SHA224:
47 case RTE_CRYPTO_AUTH_SHA224_HMAC:
48 ret = (mac_len == 28) ? 0 : -1;
50 case RTE_CRYPTO_AUTH_SHA256:
51 case RTE_CRYPTO_AUTH_SHA256_HMAC:
52 ret = (mac_len == 32) ? 0 : -1;
54 case RTE_CRYPTO_AUTH_SHA384:
55 case RTE_CRYPTO_AUTH_SHA384_HMAC:
56 ret = (mac_len == 48) ? 0 : -1;
58 case RTE_CRYPTO_AUTH_SHA512:
59 case RTE_CRYPTO_AUTH_SHA512_HMAC:
60 ret = (mac_len == 64) ? 0 : -1;
62 case RTE_CRYPTO_AUTH_NULL:
72 static __rte_always_inline int
73 fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
75 struct rte_crypto_aead_xform *aead_form;
76 roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
77 roc_se_auth_type auth_type = 0; /* NULL Auth type */
78 uint32_t cipher_key_len = 0;
80 aead_form = &xform->aead;
82 if (aead_form->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
83 sess->cpt_op |= ROC_SE_OP_CIPHER_ENCRYPT;
84 sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE;
85 } else if (aead_form->op == RTE_CRYPTO_AEAD_OP_DECRYPT) {
86 sess->cpt_op |= ROC_SE_OP_CIPHER_DECRYPT;
87 sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY;
89 plt_dp_err("Unknown aead operation\n");
92 switch (aead_form->algo) {
93 case RTE_CRYPTO_AEAD_AES_GCM:
94 enc_type = ROC_SE_AES_GCM;
98 case RTE_CRYPTO_AEAD_AES_CCM:
99 plt_dp_err("Crypto: Unsupported cipher algo %u",
102 case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
103 enc_type = ROC_SE_CHACHA20;
104 auth_type = ROC_SE_POLY1305;
106 sess->chacha_poly = 1;
109 plt_dp_err("Crypto: Undefined cipher algo %u specified",
113 if (aead_form->key.length < cipher_key_len) {
114 plt_dp_err("Invalid cipher params keylen %u",
115 aead_form->key.length);
119 sess->aes_gcm = aes_gcm;
120 sess->mac_len = aead_form->digest_length;
121 sess->iv_offset = aead_form->iv.offset;
122 sess->iv_length = aead_form->iv.length;
123 sess->aad_length = aead_form->aad_length;
125 if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
127 aead_form->key.length, NULL)))
130 if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
131 aead_form->digest_length)))
137 static __rte_always_inline int
138 fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
140 struct rte_crypto_cipher_xform *c_form;
141 roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
142 uint32_t cipher_key_len = 0;
143 uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
145 c_form = &xform->cipher;
147 if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
148 sess->cpt_op |= ROC_SE_OP_CIPHER_ENCRYPT;
149 else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
150 sess->cpt_op |= ROC_SE_OP_CIPHER_DECRYPT;
151 if (xform->next != NULL &&
152 xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
153 /* Perform decryption followed by auth verify */
154 sess->roc_se_ctx.template_w4.s.opcode_minor =
155 ROC_SE_FC_MINOR_OP_HMAC_FIRST;
158 plt_dp_err("Unknown cipher operation\n");
162 switch (c_form->algo) {
163 case RTE_CRYPTO_CIPHER_AES_CBC:
164 enc_type = ROC_SE_AES_CBC;
167 case RTE_CRYPTO_CIPHER_3DES_CBC:
168 enc_type = ROC_SE_DES3_CBC;
171 case RTE_CRYPTO_CIPHER_DES_CBC:
172 /* DES is implemented using 3DES in hardware */
173 enc_type = ROC_SE_DES3_CBC;
176 case RTE_CRYPTO_CIPHER_AES_CTR:
177 enc_type = ROC_SE_AES_CTR;
181 case RTE_CRYPTO_CIPHER_NULL:
185 case RTE_CRYPTO_CIPHER_KASUMI_F8:
186 enc_type = ROC_SE_KASUMI_F8_ECB;
188 zsk_flag = ROC_SE_K_F8;
190 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
191 enc_type = ROC_SE_SNOW3G_UEA2;
193 zsk_flag = ROC_SE_ZS_EA;
195 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
196 enc_type = ROC_SE_ZUC_EEA3;
198 zsk_flag = ROC_SE_ZS_EA;
200 case RTE_CRYPTO_CIPHER_AES_XTS:
201 enc_type = ROC_SE_AES_XTS;
204 case RTE_CRYPTO_CIPHER_3DES_ECB:
205 enc_type = ROC_SE_DES3_ECB;
208 case RTE_CRYPTO_CIPHER_AES_ECB:
209 enc_type = ROC_SE_AES_ECB;
212 case RTE_CRYPTO_CIPHER_3DES_CTR:
213 case RTE_CRYPTO_CIPHER_AES_F8:
214 case RTE_CRYPTO_CIPHER_ARC4:
215 plt_dp_err("Crypto: Unsupported cipher algo %u", c_form->algo);
218 plt_dp_err("Crypto: Undefined cipher algo %u specified",
223 if (c_form->key.length < cipher_key_len) {
224 plt_dp_err("Invalid cipher params keylen %u",
229 sess->zsk_flag = zsk_flag;
231 sess->aes_ctr = aes_ctr;
232 sess->iv_offset = c_form->iv.offset;
233 sess->iv_length = c_form->iv.length;
234 sess->is_null = is_null;
236 if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
237 c_form->key.data, c_form->key.length,
244 static __rte_always_inline int
245 fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
247 struct rte_crypto_auth_xform *a_form;
248 roc_se_auth_type auth_type = 0; /* NULL Auth type */
249 uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
251 if (xform->next != NULL &&
252 xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
253 xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
254 /* Perform auth followed by encryption */
255 sess->roc_se_ctx.template_w4.s.opcode_minor =
256 ROC_SE_FC_MINOR_OP_HMAC_FIRST;
259 a_form = &xform->auth;
261 if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
262 sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY;
263 else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
264 sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE;
266 plt_dp_err("Unknown auth operation");
270 switch (a_form->algo) {
271 case RTE_CRYPTO_AUTH_SHA1_HMAC:
273 case RTE_CRYPTO_AUTH_SHA1:
274 auth_type = ROC_SE_SHA1_TYPE;
276 case RTE_CRYPTO_AUTH_SHA256_HMAC:
277 case RTE_CRYPTO_AUTH_SHA256:
278 auth_type = ROC_SE_SHA2_SHA256;
280 case RTE_CRYPTO_AUTH_SHA512_HMAC:
281 case RTE_CRYPTO_AUTH_SHA512:
282 auth_type = ROC_SE_SHA2_SHA512;
284 case RTE_CRYPTO_AUTH_AES_GMAC:
285 auth_type = ROC_SE_GMAC_TYPE;
288 case RTE_CRYPTO_AUTH_SHA224_HMAC:
289 case RTE_CRYPTO_AUTH_SHA224:
290 auth_type = ROC_SE_SHA2_SHA224;
292 case RTE_CRYPTO_AUTH_SHA384_HMAC:
293 case RTE_CRYPTO_AUTH_SHA384:
294 auth_type = ROC_SE_SHA2_SHA384;
296 case RTE_CRYPTO_AUTH_MD5_HMAC:
297 case RTE_CRYPTO_AUTH_MD5:
298 auth_type = ROC_SE_MD5_TYPE;
300 case RTE_CRYPTO_AUTH_KASUMI_F9:
301 auth_type = ROC_SE_KASUMI_F9_ECB;
303 * Indicate that direction needs to be taken out
306 zsk_flag = ROC_SE_K_F9;
308 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
309 auth_type = ROC_SE_SNOW3G_UIA2;
310 zsk_flag = ROC_SE_ZS_IA;
312 case RTE_CRYPTO_AUTH_ZUC_EIA3:
313 auth_type = ROC_SE_ZUC_EIA3;
314 zsk_flag = ROC_SE_ZS_IA;
316 case RTE_CRYPTO_AUTH_NULL:
320 case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
321 case RTE_CRYPTO_AUTH_AES_CMAC:
322 case RTE_CRYPTO_AUTH_AES_CBC_MAC:
323 plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
326 plt_dp_err("Crypto: Undefined Hash algo %u specified",
331 sess->zsk_flag = zsk_flag;
332 sess->aes_gcm = aes_gcm;
333 sess->mac_len = a_form->digest_length;
334 sess->is_null = is_null;
336 sess->auth_iv_offset = a_form->iv.offset;
337 sess->auth_iv_length = a_form->iv.length;
339 if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type,
340 a_form->key.data, a_form->key.length,
341 a_form->digest_length)))
347 static __rte_always_inline int
348 fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
350 struct rte_crypto_auth_xform *a_form;
351 roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
352 roc_se_auth_type auth_type = 0; /* NULL Auth type */
354 a_form = &xform->auth;
356 if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
357 sess->cpt_op |= ROC_SE_OP_ENCODE;
358 else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
359 sess->cpt_op |= ROC_SE_OP_DECODE;
361 plt_dp_err("Unknown auth operation");
365 switch (a_form->algo) {
366 case RTE_CRYPTO_AUTH_AES_GMAC:
367 enc_type = ROC_SE_AES_GCM;
368 auth_type = ROC_SE_GMAC_TYPE;
371 plt_dp_err("Crypto: Undefined cipher algo %u specified",
379 sess->iv_offset = a_form->iv.offset;
380 sess->iv_length = a_form->iv.length;
381 sess->mac_len = a_form->digest_length;
383 if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
384 a_form->key.data, a_form->key.length,
388 if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
389 a_form->digest_length)))
395 #endif /*_CNXK_SE_H_ */