1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2021 Intel Corporation
5 #ifndef _PMD_AESNI_MB_PRIV_H_
6 #define _PMD_AESNI_MB_PRIV_H_
8 #include <intel-ipsec-mb.h>
10 #if defined(RTE_LIB_SECURITY)
11 #define AESNI_MB_DOCSIS_SEC_ENABLED 1
12 #include <rte_security.h>
13 #include <rte_security_driver.h>
14 #include <rte_ether.h>
17 #include "ipsec_mb_private.h"
19 #define AES_CCM_DIGEST_MIN_LEN 4
20 #define AES_CCM_DIGEST_MAX_LEN 16
21 #define HMAC_MAX_BLOCK_SIZE 128
22 #define HMAC_IPAD_VALUE (0x36)
23 #define HMAC_OPAD_VALUE (0x5C)
25 static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
27 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
29 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
31 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
48 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
50 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
52 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
69 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
71 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
73 .algo = RTE_CRYPTO_AUTH_SHA1,
90 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
92 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
94 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
111 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
113 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
115 .algo = RTE_CRYPTO_AUTH_SHA224,
132 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
134 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
136 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
153 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
155 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
157 .algo = RTE_CRYPTO_AUTH_SHA256,
174 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
176 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
178 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
195 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
197 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
199 .algo = RTE_CRYPTO_AUTH_SHA384,
216 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
218 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
220 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
237 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
239 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
241 .algo = RTE_CRYPTO_AUTH_SHA512,
257 { /* AES XCBC HMAC */
258 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
260 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
262 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
279 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
281 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
283 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
299 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
301 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
303 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
318 { /* AES DOCSIS BPI */
319 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
321 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
323 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
341 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
343 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
359 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
361 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
363 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
378 { /* DES DOCSIS BPI */
379 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
381 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
383 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
399 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
401 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
403 .algo = RTE_CRYPTO_AEAD_AES_CCM,
429 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
431 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
433 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
450 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
452 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
454 .algo = RTE_CRYPTO_AEAD_AES_GCM,
479 { /* AES GMAC (AUTH) */
480 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
482 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
484 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
505 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
507 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
509 .algo = RTE_CRYPTO_CIPHER_AES_ECB,
521 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
523 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
525 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
546 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
548 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
550 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
565 { /* SNOW 3G (UIA2) */
566 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
568 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
570 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
590 { /* SNOW 3G (UEA2) */
591 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
593 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
595 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
611 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
613 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
615 .algo = RTE_CRYPTO_AUTH_KASUMI_F9,
632 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
634 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
636 .algo = RTE_CRYPTO_CIPHER_KASUMI_F8,
651 { /* CHACHA20-POLY1305 */
652 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
654 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
656 .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
681 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
684 uint8_t pmd_driver_id_aesni_mb;
686 struct aesni_mb_qp_data {
687 uint8_t temp_digests[IMB_MAX_JOBS][DIGEST_LENGTH_MAX];
688 /* *< Buffers used to store the digest generated
689 * by the driver when verifying a digest provided
690 * by the user (using authentication verify operation)
694 /* Maximum length for digest */
695 #define DIGEST_LENGTH_MAX 64
696 static const unsigned int auth_blocksize[] = {
699 [IMB_AUTH_HMAC_SHA_1] = 64,
700 [IMB_AUTH_HMAC_SHA_224] = 64,
701 [IMB_AUTH_HMAC_SHA_256] = 64,
702 [IMB_AUTH_HMAC_SHA_384] = 128,
703 [IMB_AUTH_HMAC_SHA_512] = 128,
704 [IMB_AUTH_AES_XCBC] = 16,
705 [IMB_AUTH_AES_CCM] = 16,
706 [IMB_AUTH_AES_CMAC] = 16,
707 [IMB_AUTH_AES_GMAC] = 16,
708 [IMB_AUTH_SHA_1] = 64,
709 [IMB_AUTH_SHA_224] = 64,
710 [IMB_AUTH_SHA_256] = 64,
711 [IMB_AUTH_SHA_384] = 128,
712 [IMB_AUTH_SHA_512] = 128,
713 [IMB_AUTH_ZUC_EIA3_BITLEN] = 16,
714 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16,
715 [IMB_AUTH_KASUMI_UIA1] = 16
719 * Get the blocksize in bytes for a specified authentication algorithm
721 * @Note: this function will not return a valid value for a non-valid
722 * authentication algorithm
724 static inline unsigned int
725 get_auth_algo_blocksize(IMB_HASH_ALG algo)
727 return auth_blocksize[algo];
730 static const unsigned int auth_truncated_digest_byte_lengths[] = {
732 [IMB_AUTH_HMAC_SHA_1] = 12,
733 [IMB_AUTH_HMAC_SHA_224] = 14,
734 [IMB_AUTH_HMAC_SHA_256] = 16,
735 [IMB_AUTH_HMAC_SHA_384] = 24,
736 [IMB_AUTH_HMAC_SHA_512] = 32,
737 [IMB_AUTH_AES_XCBC] = 12,
738 [IMB_AUTH_AES_CMAC] = 12,
739 [IMB_AUTH_AES_CCM] = 8,
741 [IMB_AUTH_AES_GMAC] = 12,
742 [IMB_AUTH_SHA_1] = 20,
743 [IMB_AUTH_SHA_224] = 28,
744 [IMB_AUTH_SHA_256] = 32,
745 [IMB_AUTH_SHA_384] = 48,
746 [IMB_AUTH_SHA_512] = 64,
747 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
748 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
749 [IMB_AUTH_KASUMI_UIA1] = 4
753 * Get the IPsec specified truncated length in bytes of the HMAC digest for a
754 * specified authentication algorithm
756 * @Note: this function will not return a valid value for a non-valid
757 * authentication algorithm
759 static inline unsigned int
760 get_truncated_digest_byte_length(IMB_HASH_ALG algo)
762 return auth_truncated_digest_byte_lengths[algo];
765 static const unsigned int auth_digest_byte_lengths[] = {
767 [IMB_AUTH_HMAC_SHA_1] = 20,
768 [IMB_AUTH_HMAC_SHA_224] = 28,
769 [IMB_AUTH_HMAC_SHA_256] = 32,
770 [IMB_AUTH_HMAC_SHA_384] = 48,
771 [IMB_AUTH_HMAC_SHA_512] = 64,
772 [IMB_AUTH_AES_XCBC] = 16,
773 [IMB_AUTH_AES_CMAC] = 16,
774 [IMB_AUTH_AES_CCM] = 16,
775 [IMB_AUTH_AES_GMAC] = 16,
777 [IMB_AUTH_SHA_1] = 20,
778 [IMB_AUTH_SHA_224] = 28,
779 [IMB_AUTH_SHA_256] = 32,
780 [IMB_AUTH_SHA_384] = 48,
781 [IMB_AUTH_SHA_512] = 64,
782 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
783 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
784 [IMB_AUTH_KASUMI_UIA1] = 4
785 /**< Vector mode dependent pointer table of the multi-buffer APIs */
790 * Get the full digest size in bytes for a specified authentication algorithm
791 * (if available in the Multi-buffer library)
793 * @Note: this function will not return a valid value for a non-valid
794 * authentication algorithm
796 static inline unsigned int
797 get_digest_byte_length(IMB_HASH_ALG algo)
799 return auth_digest_byte_lengths[algo];
802 /** AES-NI multi-buffer private session structure */
803 struct aesni_mb_session {
804 IMB_CIPHER_MODE cipher_mode;
805 IMB_CIPHER_DIRECTION cipher_direction;
806 IMB_HASH_ALG hash_alg;
807 IMB_CHAIN_ORDER chain_order;
808 /* common job fields */
820 /* * Cipher Parameters
823 /* * Cipher direction - encrypt / decrypt */
824 IMB_CIPHER_DIRECTION direction;
825 /* * Cipher mode - CBC / Counter */
826 IMB_CIPHER_MODE mode;
828 uint64_t key_length_in_bytes;
832 uint32_t encode[60] __rte_aligned(16);
834 uint32_t decode[60] __rte_aligned(16);
837 /* *< Expanded AES keys - Allocating space to
838 * contain the maximum expanded key size which
839 * is 240 bytes for 256 bit AES, calculate by:
840 * ((key size (bytes)) *
841 * ((number of rounds) + 1))
844 const void *ks_ptr[3];
847 /* *< Expanded 3DES keys */
849 struct gcm_key_data gcm_key;
850 /* *< Expanded GCM key */
851 uint8_t zuc_cipher_key[16];
852 /* *< ZUC cipher key */
853 snow3g_key_schedule_t pKeySched_snow3g_cipher;
854 /* *< SNOW3G scheduled cipher key */
855 kasumi_key_sched_t pKeySched_kasumi_cipher;
856 /* *< KASUMI scheduled cipher key */
860 /* *< Authentication Parameters */
862 IMB_HASH_ALG algo; /* *< Authentication Algorithm */
863 enum rte_crypto_auth_operation operation;
864 /* *< auth operation generate or verify */
867 uint8_t inner[128] __rte_aligned(16);
869 uint8_t outer[128] __rte_aligned(16);
872 /* *< HMAC Authentication pads -
873 * allocating space for the maximum pad
874 * size supported which is 128 bytes for
879 uint32_t k1_expanded[44] __rte_aligned(16);
880 /* *< k1 (expanded key). */
881 uint8_t k2[16] __rte_aligned(16);
883 uint8_t k3[16] __rte_aligned(16);
888 uint32_t expkey[60] __rte_aligned(16);
889 /* *< k1 (expanded key). */
890 uint32_t skey1[4] __rte_aligned(16);
892 uint32_t skey2[4] __rte_aligned(16);
895 /* *< Expanded XCBC authentication keys */
896 uint8_t zuc_auth_key[16];
897 /* *< ZUC authentication key */
898 snow3g_key_schedule_t pKeySched_snow3g_auth;
899 /* *< SNOW3G scheduled authentication key */
900 kasumi_key_sched_t pKeySched_kasumi_auth;
901 /* *< KASUMI scheduled authentication key */
903 /* * Generated digest size by the Multi-buffer library */
904 uint16_t gen_digest_len;
905 /* * Requested digest size from Cryptodev */
906 uint16_t req_digest_len;
910 /* * AAD data length */
913 } __rte_cache_aligned;
915 typedef void (*hash_one_block_t)(const void *data, void *digest);
916 typedef void (*aes_keyexp_t)(const void *key, void *enc_exp_keys,
919 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
920 static const struct rte_cryptodev_capabilities
921 aesni_mb_pmd_security_crypto_cap[] = {
922 { /* AES DOCSIS BPI */
923 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
925 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
927 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
943 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
946 static const struct rte_security_capability aesni_mb_pmd_security_cap[] = {
947 { /* DOCSIS Uplink */
948 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
949 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
951 .direction = RTE_SECURITY_DOCSIS_UPLINK
953 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
955 { /* DOCSIS Downlink */
956 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
957 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
959 .direction = RTE_SECURITY_DOCSIS_DOWNLINK
961 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
964 .action = RTE_SECURITY_ACTION_TYPE_NONE
969 #endif /* _PMD_AESNI_MB_PRIV_H_ */