1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2017 Marvell International Ltd.
3 * Copyright(c) 2017 Semihalf.
7 #include <rte_common.h>
8 #include <rte_hexdump.h>
9 #include <rte_cryptodev.h>
10 #include <cryptodev_pmd.h>
11 #include <rte_security_driver.h>
12 #include <rte_bus_vdev.h>
13 #include <rte_malloc.h>
14 #include <rte_cpuflags.h>
15 #include <rte_kvargs.h>
16 #include <rte_mvep_common.h>
18 #include "mrvl_pmd_private.h"
20 #define MRVL_PMD_MAX_NB_SESS_ARG ("max_nb_sessions")
21 #define MRVL_PMD_DEFAULT_MAX_NB_SESSIONS 2048
23 static uint8_t cryptodev_driver_id;
25 struct mrvl_pmd_init_params {
26 struct rte_cryptodev_pmd_init_params common;
27 uint32_t max_nb_sessions;
30 const char *mrvl_pmd_valid_params[] = {
31 RTE_CRYPTODEV_PMD_NAME_ARG,
32 RTE_CRYPTODEV_PMD_MAX_NB_QP_ARG,
33 RTE_CRYPTODEV_PMD_SOCKET_ID_ARG,
34 MRVL_PMD_MAX_NB_SESS_ARG
38 * Flag if particular crypto algorithm is supported by PMD/MUSDK.
40 * The idea is to have Not Supported value as default (0).
41 * This way we need only to define proper map sizes,
42 * non-initialized entries will be by default not supported.
45 ALGO_NOT_SUPPORTED = 0,
49 /** Map elements for cipher mapping.*/
50 struct cipher_params_mapping {
51 enum algo_supported supported; /**< On/Off switch */
52 enum sam_cipher_alg cipher_alg; /**< Cipher algorithm */
53 enum sam_cipher_mode cipher_mode; /**< Cipher mode */
54 unsigned int max_key_len; /**< Maximum key length (in bytes)*/
56 /* We want to squeeze in multiple maps into the cache line. */
59 /** Map elements for auth mapping.*/
60 struct auth_params_mapping {
61 enum algo_supported supported; /**< On/off switch */
62 enum sam_auth_alg auth_alg; /**< Auth algorithm */
64 /* We want to squeeze in multiple maps into the cache line. */
68 * Map of supported cipher algorithms.
71 struct cipher_params_mapping cipher_map[] = {
72 [RTE_CRYPTO_CIPHER_NULL] = {
73 .supported = ALGO_SUPPORTED,
74 .cipher_alg = SAM_CIPHER_NONE },
75 [RTE_CRYPTO_CIPHER_3DES_CBC] = {
76 .supported = ALGO_SUPPORTED,
77 .cipher_alg = SAM_CIPHER_3DES,
78 .cipher_mode = SAM_CIPHER_CBC,
79 .max_key_len = BITS2BYTES(192) },
80 [RTE_CRYPTO_CIPHER_3DES_CTR] = {
81 .supported = ALGO_SUPPORTED,
82 .cipher_alg = SAM_CIPHER_3DES,
83 .cipher_mode = SAM_CIPHER_CTR,
84 .max_key_len = BITS2BYTES(192) },
85 [RTE_CRYPTO_CIPHER_3DES_ECB] = {
86 .supported = ALGO_SUPPORTED,
87 .cipher_alg = SAM_CIPHER_3DES,
88 .cipher_mode = SAM_CIPHER_ECB,
89 .max_key_len = BITS2BYTES(192) },
90 [RTE_CRYPTO_CIPHER_AES_CBC] = {
91 .supported = ALGO_SUPPORTED,
92 .cipher_alg = SAM_CIPHER_AES,
93 .cipher_mode = SAM_CIPHER_CBC,
94 .max_key_len = BITS2BYTES(256) },
95 [RTE_CRYPTO_CIPHER_AES_CTR] = {
96 .supported = ALGO_SUPPORTED,
97 .cipher_alg = SAM_CIPHER_AES,
98 .cipher_mode = SAM_CIPHER_CTR,
99 .max_key_len = BITS2BYTES(256) },
100 [RTE_CRYPTO_CIPHER_AES_ECB] = {
101 .supported = ALGO_SUPPORTED,
102 .cipher_alg = SAM_CIPHER_AES,
103 .cipher_mode = SAM_CIPHER_ECB,
104 .max_key_len = BITS2BYTES(256) },
108 * Map of supported auth algorithms.
111 struct auth_params_mapping auth_map[] = {
112 [RTE_CRYPTO_AUTH_NULL] = {
113 .supported = ALGO_SUPPORTED,
114 .auth_alg = SAM_AUTH_NONE },
115 [RTE_CRYPTO_AUTH_MD5_HMAC] = {
116 .supported = ALGO_SUPPORTED,
117 .auth_alg = SAM_AUTH_HMAC_MD5 },
118 [RTE_CRYPTO_AUTH_MD5] = {
119 .supported = ALGO_SUPPORTED,
120 .auth_alg = SAM_AUTH_HASH_MD5 },
121 [RTE_CRYPTO_AUTH_SHA1_HMAC] = {
122 .supported = ALGO_SUPPORTED,
123 .auth_alg = SAM_AUTH_HMAC_SHA1 },
124 [RTE_CRYPTO_AUTH_SHA1] = {
125 .supported = ALGO_SUPPORTED,
126 .auth_alg = SAM_AUTH_HASH_SHA1 },
127 [RTE_CRYPTO_AUTH_SHA224_HMAC] = {
128 .supported = ALGO_SUPPORTED,
129 .auth_alg = SAM_AUTH_HMAC_SHA2_224 },
130 [RTE_CRYPTO_AUTH_SHA224] = {
131 .supported = ALGO_SUPPORTED,
132 .auth_alg = SAM_AUTH_HASH_SHA2_224 },
133 [RTE_CRYPTO_AUTH_SHA256_HMAC] = {
134 .supported = ALGO_SUPPORTED,
135 .auth_alg = SAM_AUTH_HMAC_SHA2_256 },
136 [RTE_CRYPTO_AUTH_SHA256] = {
137 .supported = ALGO_SUPPORTED,
138 .auth_alg = SAM_AUTH_HASH_SHA2_256 },
139 [RTE_CRYPTO_AUTH_SHA384_HMAC] = {
140 .supported = ALGO_SUPPORTED,
141 .auth_alg = SAM_AUTH_HMAC_SHA2_384 },
142 [RTE_CRYPTO_AUTH_SHA384] = {
143 .supported = ALGO_SUPPORTED,
144 .auth_alg = SAM_AUTH_HASH_SHA2_384 },
145 [RTE_CRYPTO_AUTH_SHA512_HMAC] = {
146 .supported = ALGO_SUPPORTED,
147 .auth_alg = SAM_AUTH_HMAC_SHA2_512 },
148 [RTE_CRYPTO_AUTH_SHA512] = {
149 .supported = ALGO_SUPPORTED,
150 .auth_alg = SAM_AUTH_HASH_SHA2_512 },
151 [RTE_CRYPTO_AUTH_AES_GMAC] = {
152 .supported = ALGO_SUPPORTED,
153 .auth_alg = SAM_AUTH_AES_GMAC },
157 * Map of supported aead algorithms.
160 struct cipher_params_mapping aead_map[] = {
161 [RTE_CRYPTO_AEAD_AES_GCM] = {
162 .supported = ALGO_SUPPORTED,
163 .cipher_alg = SAM_CIPHER_AES,
164 .cipher_mode = SAM_CIPHER_GCM,
165 .max_key_len = BITS2BYTES(256) },
169 *-----------------------------------------------------------------------------
170 * Forward declarations.
171 *-----------------------------------------------------------------------------
173 static int cryptodev_mrvl_crypto_uninit(struct rte_vdev_device *vdev);
176 *-----------------------------------------------------------------------------
177 * Session Preparation.
178 *-----------------------------------------------------------------------------
182 * Get xform chain order.
184 * @param xform Pointer to configuration structure chain for crypto operations.
185 * @returns Order of crypto operations.
187 static enum mrvl_crypto_chain_order
188 mrvl_crypto_get_chain_order(const struct rte_crypto_sym_xform *xform)
190 /* Currently, Marvell supports max 2 operations in chain */
191 if (xform->next != NULL && xform->next->next != NULL)
192 return MRVL_CRYPTO_CHAIN_NOT_SUPPORTED;
194 if (xform->next != NULL) {
195 if ((xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
196 (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER))
197 return MRVL_CRYPTO_CHAIN_AUTH_CIPHER;
199 if ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
200 (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH))
201 return MRVL_CRYPTO_CHAIN_CIPHER_AUTH;
203 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
204 return MRVL_CRYPTO_CHAIN_AUTH_ONLY;
206 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
207 return MRVL_CRYPTO_CHAIN_CIPHER_ONLY;
209 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
210 return MRVL_CRYPTO_CHAIN_COMBINED;
212 return MRVL_CRYPTO_CHAIN_NOT_SUPPORTED;
216 * Set session parameters for cipher part.
218 * @param sess Crypto session pointer.
219 * @param cipher_xform Pointer to configuration structure for cipher operations.
220 * @returns 0 in case of success, negative value otherwise.
223 mrvl_crypto_set_cipher_session_parameters(struct mrvl_crypto_session *sess,
224 const struct rte_crypto_sym_xform *cipher_xform)
228 /* Make sure we've got proper struct */
229 if (cipher_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
230 MRVL_LOG(ERR, "Wrong xform struct provided!");
234 /* See if map data is present and valid */
235 if ((cipher_xform->cipher.algo > RTE_DIM(cipher_map)) ||
236 (cipher_map[cipher_xform->cipher.algo].supported
237 != ALGO_SUPPORTED)) {
238 MRVL_LOG(ERR, "Cipher algorithm not supported!");
242 sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
244 sess->sam_sess_params.dir =
245 (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
246 SAM_DIR_ENCRYPT : SAM_DIR_DECRYPT;
247 sess->sam_sess_params.cipher_alg =
248 cipher_map[cipher_xform->cipher.algo].cipher_alg;
249 sess->sam_sess_params.cipher_mode =
250 cipher_map[cipher_xform->cipher.algo].cipher_mode;
252 /* Assume IV will be passed together with data. */
253 sess->sam_sess_params.cipher_iv = NULL;
255 /* Get max key length. */
256 if (cipher_xform->cipher.key.length >
257 cipher_map[cipher_xform->cipher.algo].max_key_len) {
258 MRVL_LOG(ERR, "Wrong key length!");
262 cipher_key = malloc(cipher_xform->cipher.key.length);
263 if (cipher_key == NULL) {
264 MRVL_LOG(ERR, "Insufficient memory!");
268 memcpy(cipher_key, cipher_xform->cipher.key.data,
269 cipher_xform->cipher.key.length);
271 sess->sam_sess_params.cipher_key_len = cipher_xform->cipher.key.length;
272 sess->sam_sess_params.cipher_key = cipher_key;
278 * Set session parameters for authentication part.
280 * @param sess Crypto session pointer.
281 * @param auth_xform Pointer to configuration structure for auth operations.
282 * @returns 0 in case of success, negative value otherwise.
285 mrvl_crypto_set_auth_session_parameters(struct mrvl_crypto_session *sess,
286 const struct rte_crypto_sym_xform *auth_xform)
288 uint8_t *auth_key = NULL;
290 /* Make sure we've got proper struct */
291 if (auth_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
292 MRVL_LOG(ERR, "Wrong xform struct provided!");
296 /* See if map data is present and valid */
297 if ((auth_xform->auth.algo > RTE_DIM(auth_map)) ||
298 (auth_map[auth_xform->auth.algo].supported != ALGO_SUPPORTED)) {
299 MRVL_LOG(ERR, "Auth algorithm not supported!");
303 sess->sam_sess_params.dir =
304 (auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
305 SAM_DIR_ENCRYPT : SAM_DIR_DECRYPT;
306 sess->sam_sess_params.auth_alg =
307 auth_map[auth_xform->auth.algo].auth_alg;
308 sess->sam_sess_params.u.basic.auth_icv_len =
309 auth_xform->auth.digest_length;
311 if (auth_xform->auth.key.length > 0) {
312 auth_key = malloc(auth_xform->auth.key.length);
313 if (auth_key == NULL) {
314 MRVL_LOG(ERR, "Not enough memory!");
318 memcpy(auth_key, auth_xform->auth.key.data,
319 auth_xform->auth.key.length);
322 /* auth_key must be NULL if auth algorithm does not use HMAC */
323 sess->sam_sess_params.auth_key = auth_key;
324 sess->sam_sess_params.auth_key_len = auth_xform->auth.key.length;
330 * Set session parameters for aead part.
332 * @param sess Crypto session pointer.
333 * @param aead_xform Pointer to configuration structure for aead operations.
334 * @returns 0 in case of success, negative value otherwise.
337 mrvl_crypto_set_aead_session_parameters(struct mrvl_crypto_session *sess,
338 const struct rte_crypto_sym_xform *aead_xform)
342 /* Make sure we've got proper struct */
343 if (aead_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
344 MRVL_LOG(ERR, "Wrong xform struct provided!");
348 /* See if map data is present and valid */
349 if ((aead_xform->aead.algo > RTE_DIM(aead_map)) ||
350 (aead_map[aead_xform->aead.algo].supported
351 != ALGO_SUPPORTED)) {
352 MRVL_LOG(ERR, "AEAD algorithm not supported!");
356 sess->sam_sess_params.dir =
357 (aead_xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
358 SAM_DIR_ENCRYPT : SAM_DIR_DECRYPT;
359 sess->sam_sess_params.cipher_alg =
360 aead_map[aead_xform->aead.algo].cipher_alg;
361 sess->sam_sess_params.cipher_mode =
362 aead_map[aead_xform->aead.algo].cipher_mode;
364 if (sess->sam_sess_params.cipher_mode == SAM_CIPHER_GCM) {
365 /* IV must include nonce for all counter modes */
366 sess->cipher_iv_offset = aead_xform->cipher.iv.offset;
368 /* Set order of authentication then encryption to 0 in GCM */
369 sess->sam_sess_params.u.basic.auth_then_encrypt = 0;
372 /* Assume IV will be passed together with data. */
373 sess->sam_sess_params.cipher_iv = NULL;
375 /* Get max key length. */
376 if (aead_xform->aead.key.length >
377 aead_map[aead_xform->aead.algo].max_key_len) {
378 MRVL_LOG(ERR, "Wrong key length!");
382 aead_key = malloc(aead_xform->aead.key.length);
383 if (aead_key == NULL) {
384 MRVL_LOG(ERR, "Insufficient memory!");
388 memcpy(aead_key, aead_xform->aead.key.data,
389 aead_xform->aead.key.length);
391 sess->sam_sess_params.cipher_key = aead_key;
392 sess->sam_sess_params.cipher_key_len = aead_xform->aead.key.length;
394 if (sess->sam_sess_params.cipher_mode == SAM_CIPHER_GCM)
395 sess->sam_sess_params.auth_alg = SAM_AUTH_AES_GCM;
397 sess->sam_sess_params.u.basic.auth_icv_len =
398 aead_xform->aead.digest_length;
400 sess->sam_sess_params.u.basic.auth_aad_len =
401 aead_xform->aead.aad_length;
407 * Parse crypto transform chain and setup session parameters.
409 * @param dev Pointer to crypto device
410 * @param sess Pointer to crypto session
411 * @param xform Pointer to configuration structure chain for crypto operations.
412 * @returns 0 in case of success, negative value otherwise.
415 mrvl_crypto_set_session_parameters(struct mrvl_crypto_session *sess,
416 const struct rte_crypto_sym_xform *xform)
418 const struct rte_crypto_sym_xform *cipher_xform = NULL;
419 const struct rte_crypto_sym_xform *auth_xform = NULL;
420 const struct rte_crypto_sym_xform *aead_xform = NULL;
422 /* Filter out spurious/broken requests */
426 sess->chain_order = mrvl_crypto_get_chain_order(xform);
427 switch (sess->chain_order) {
428 case MRVL_CRYPTO_CHAIN_CIPHER_AUTH:
429 cipher_xform = xform;
430 auth_xform = xform->next;
432 case MRVL_CRYPTO_CHAIN_AUTH_CIPHER:
434 cipher_xform = xform->next;
436 case MRVL_CRYPTO_CHAIN_CIPHER_ONLY:
437 cipher_xform = xform;
439 case MRVL_CRYPTO_CHAIN_AUTH_ONLY:
442 case MRVL_CRYPTO_CHAIN_COMBINED:
449 if ((cipher_xform != NULL) &&
450 (mrvl_crypto_set_cipher_session_parameters(
451 sess, cipher_xform) < 0)) {
452 MRVL_LOG(ERR, "Invalid/unsupported cipher parameters!");
456 if ((auth_xform != NULL) &&
457 (mrvl_crypto_set_auth_session_parameters(
458 sess, auth_xform) < 0)) {
459 MRVL_LOG(ERR, "Invalid/unsupported auth parameters!");
463 if ((aead_xform != NULL) &&
464 (mrvl_crypto_set_aead_session_parameters(
465 sess, aead_xform) < 0)) {
466 MRVL_LOG(ERR, "Invalid/unsupported aead parameters!");
474 replay_wsz_to_mask(uint32_t replay_win_sz)
478 switch (replay_win_sz) {
480 mask = SAM_ANTI_REPLY_MASK_NONE;
483 mask = SAM_ANTI_REPLY_MASK_32B;
486 mask = SAM_ANTI_REPLY_MASK_64B;
489 mask = SAM_ANTI_REPLY_MASK_128B;
492 MRVL_LOG(ERR, "Invalid antireplay window size");
500 * Parse IPSEC session parameters.
502 * @param sess Pointer to security session
503 * @param ipsec_xform Pointer to configuration structure IPSEC operations.
504 * @param crypto_xform Pointer to chain for crypto operations.
505 * @returns 0 in case of success, negative value otherwise.
508 mrvl_ipsec_set_session_parameters(struct mrvl_crypto_session *sess,
509 struct rte_security_ipsec_xform *ipsec_xform,
510 struct rte_crypto_sym_xform *crypto_xform)
514 /* Filter out spurious/broken requests */
515 if (ipsec_xform == NULL || crypto_xform == NULL)
518 /* Crypto parameters handling */
519 if (mrvl_crypto_set_session_parameters(sess, crypto_xform))
522 seq_mask_size = replay_wsz_to_mask(ipsec_xform->replay_win_sz);
523 if (seq_mask_size < 0)
526 /* IPSEC protocol parameters handling */
527 sess->sam_sess_params.proto = SAM_PROTO_IPSEC;
528 sess->sam_sess_params.u.ipsec.is_esp =
529 (ipsec_xform->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
531 sess->sam_sess_params.u.ipsec.is_ip6 = 0;
532 sess->sam_sess_params.u.ipsec.is_tunnel =
533 (ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) ?
535 sess->sam_sess_params.u.ipsec.is_esn = ipsec_xform->options.esn;
536 sess->sam_sess_params.u.ipsec.seq_mask_size = seq_mask_size;
538 sess->sam_sess_params.u.ipsec.tunnel.u.ipv4.sip =
539 (uint8_t *)(&ipsec_xform->tunnel.ipv4.src_ip.s_addr);
540 sess->sam_sess_params.u.ipsec.tunnel.u.ipv4.dip =
541 (uint8_t *)&(ipsec_xform->tunnel.ipv4.dst_ip.s_addr);
543 sess->sam_sess_params.u.ipsec.tunnel.u.ipv4.dscp =
544 ipsec_xform->tunnel.ipv4.dscp;
545 sess->sam_sess_params.u.ipsec.tunnel.u.ipv4.ttl =
546 ipsec_xform->tunnel.ipv4.ttl;
547 sess->sam_sess_params.u.ipsec.tunnel.u.ipv4.df =
548 ipsec_xform->tunnel.ipv4.df;
549 sess->sam_sess_params.u.ipsec.tunnel.copy_dscp =
550 ipsec_xform->options.copy_dscp;
551 sess->sam_sess_params.u.ipsec.tunnel.copy_flabel =
552 ipsec_xform->options.copy_flabel;
553 sess->sam_sess_params.u.ipsec.tunnel.copy_df =
554 ipsec_xform->options.copy_df;
556 sess->sam_sess_params.u.ipsec.is_natt = 0;
557 sess->sam_sess_params.u.ipsec.spi = ipsec_xform->spi;
558 sess->sam_sess_params.u.ipsec.seq = 0;
564 *-----------------------------------------------------------------------------
566 *-----------------------------------------------------------------------------
570 * Prepare a single request.
572 * This function basically translates DPDK crypto request into one
573 * understandable by MUDSK's SAM. If this is a first request in a session,
574 * it starts the session.
576 * @param request Pointer to pre-allocated && reset request buffer [Out].
577 * @param src_bd Pointer to pre-allocated source descriptor [Out].
578 * @param dst_bd Pointer to pre-allocated destination descriptor [Out].
579 * @param op Pointer to DPDK crypto operation struct [In].
582 mrvl_request_prepare_crp(struct sam_cio_op_params *request,
583 struct sam_buf_info *src_bd,
584 struct sam_buf_info *dst_bd,
585 struct rte_crypto_op *op)
587 struct mrvl_crypto_session *sess;
588 struct rte_mbuf *src_mbuf, *dst_mbuf;
589 uint16_t segments_nb;
593 if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
594 MRVL_LOG(ERR, "MRVL CRYPTO PMD only supports session "
595 "oriented requests, op (%p) is sessionless!",
600 sess = (struct mrvl_crypto_session *)get_sym_session_private_data(
602 cryptodev_driver_id);
603 if (unlikely(sess == NULL)) {
604 MRVL_LOG(ERR, "Session was not created for this device!");
608 request->sa = sess->sam_sess;
609 request->cookie = op;
611 src_mbuf = op->sym->m_src;
612 segments_nb = src_mbuf->nb_segs;
613 /* The following conditions must be met:
614 * - Destination buffer is required when segmented source buffer
615 * - Segmented destination buffer is not supported
617 if ((segments_nb > 1) && (!op->sym->m_dst)) {
618 MRVL_LOG(ERR, "op->sym->m_dst = NULL!");
622 * If application delivered us null dst buffer, it means it expects
623 * us to deliver the result in src buffer.
625 dst_mbuf = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src;
627 if (!rte_pktmbuf_is_contiguous(dst_mbuf)) {
628 MRVL_LOG(ERR, "Segmented destination buffer not supported!");
632 request->num_bufs = segments_nb;
633 for (i = 0; i < segments_nb; i++) {
635 if (rte_pktmbuf_data_len(src_mbuf) == 0) {
636 /* EIP does not support 0 length buffers. */
637 MRVL_LOG(ERR, "Buffer length == 0 not supported!");
640 src_bd[i].vaddr = rte_pktmbuf_mtod(src_mbuf, void *);
641 src_bd[i].paddr = rte_pktmbuf_iova(src_mbuf);
642 src_bd[i].len = rte_pktmbuf_data_len(src_mbuf);
644 src_mbuf = src_mbuf->next;
646 request->src = src_bd;
648 /* Empty destination. */
649 if (rte_pktmbuf_data_len(dst_mbuf) == 0) {
650 /* Make dst buffer fit at least source data. */
651 if (rte_pktmbuf_append(dst_mbuf,
652 rte_pktmbuf_data_len(op->sym->m_src)) == NULL) {
653 MRVL_LOG(ERR, "Unable to set big enough dst buffer!");
658 request->dst = dst_bd;
659 dst_bd->vaddr = rte_pktmbuf_mtod(dst_mbuf, void *);
660 dst_bd->paddr = rte_pktmbuf_iova(dst_mbuf);
663 * We can use all available space in dst_mbuf,
664 * not only what's used currently.
666 dst_bd->len = dst_mbuf->buf_len - rte_pktmbuf_headroom(dst_mbuf);
668 if (sess->chain_order == MRVL_CRYPTO_CHAIN_COMBINED) {
669 request->cipher_len = op->sym->aead.data.length;
670 request->cipher_offset = op->sym->aead.data.offset;
671 request->cipher_iv = rte_crypto_op_ctod_offset(op, uint8_t *,
672 sess->cipher_iv_offset);
674 request->auth_aad = op->sym->aead.aad.data;
675 request->auth_offset = request->cipher_offset;
676 request->auth_len = request->cipher_len;
678 request->cipher_len = op->sym->cipher.data.length;
679 request->cipher_offset = op->sym->cipher.data.offset;
680 request->cipher_iv = rte_crypto_op_ctod_offset(op, uint8_t *,
681 sess->cipher_iv_offset);
683 request->auth_offset = op->sym->auth.data.offset;
684 request->auth_len = op->sym->auth.data.length;
687 digest = sess->chain_order == MRVL_CRYPTO_CHAIN_COMBINED ?
688 op->sym->aead.digest.data : op->sym->auth.digest.data;
689 if (digest == NULL) {
690 /* No auth - no worry. */
694 request->auth_icv_offset = request->auth_offset + request->auth_len;
697 * EIP supports only scenarios where ICV(digest buffer) is placed at
700 if (sess->sam_sess_params.dir == SAM_DIR_ENCRYPT) {
702 * This should be the most common case anyway,
703 * EIP will overwrite DST buffer at auth_icv_offset.
705 if (rte_pktmbuf_mtod_offset(
707 request->auth_icv_offset) == digest)
709 } else {/* sess->sam_sess_params.dir == SAM_DIR_DECRYPT */
711 * EIP will look for digest at auth_icv_offset
712 * offset in SRC buffer. It must be placed in the last
713 * segment and the offset must be set to reach digest
714 * in the last segment
716 struct rte_mbuf *last_seg = op->sym->m_src;
717 uint32_t d_offset = request->auth_icv_offset;
718 u32 d_size = sess->sam_sess_params.u.basic.auth_icv_len;
719 unsigned char *d_ptr;
721 /* Find the last segment and the offset for the last segment */
722 while ((last_seg->next != NULL) &&
723 (d_offset >= last_seg->data_len)) {
724 d_offset -= last_seg->data_len;
725 last_seg = last_seg->next;
728 if (rte_pktmbuf_mtod_offset(last_seg, uint8_t *,
732 /* copy digest to last segment */
733 if (last_seg->buf_len >= (d_size + d_offset)) {
734 d_ptr = (unsigned char *)last_seg->buf_addr +
736 rte_memcpy(d_ptr, digest, d_size);
742 * If we landed here it means that digest pointer is
743 * at different than expected place.
749 * Prepare a single security protocol request.
751 * This function basically translates DPDK security request into one
752 * understandable by MUDSK's SAM. If this is a first request in a session,
753 * it starts the session.
755 * @param request Pointer to pre-allocated && reset request buffer [Out].
756 * @param src_bd Pointer to pre-allocated source descriptor [Out].
757 * @param dst_bd Pointer to pre-allocated destination descriptor [Out].
758 * @param op Pointer to DPDK crypto operation struct [In].
761 mrvl_request_prepare_sec(struct sam_cio_ipsec_params *request,
762 struct sam_buf_info *src_bd,
763 struct sam_buf_info *dst_bd,
764 struct rte_crypto_op *op)
766 struct mrvl_crypto_session *sess;
767 struct rte_mbuf *src_mbuf, *dst_mbuf;
768 uint16_t segments_nb;
771 if (unlikely(op->sess_type != RTE_CRYPTO_OP_SECURITY_SESSION)) {
772 MRVL_LOG(ERR, "MRVL SECURITY: sess_type is not SECURITY_SESSION");
776 sess = (struct mrvl_crypto_session *)get_sec_session_private_data(
777 op->sym->sec_session);
778 if (unlikely(sess == NULL)) {
779 MRVL_LOG(ERR, "Session was not created for this device! %d",
780 cryptodev_driver_id);
784 request->sa = sess->sam_sess;
785 request->cookie = op;
786 src_mbuf = op->sym->m_src;
787 segments_nb = src_mbuf->nb_segs;
788 /* The following conditions must be met:
789 * - Destination buffer is required when segmented source buffer
790 * - Segmented destination buffer is not supported
792 if ((segments_nb > 1) && (!op->sym->m_dst)) {
793 MRVL_LOG(ERR, "op->sym->m_dst = NULL!");
797 * If application delivered us null dst buffer, it means it expects
798 * us to deliver the result in src buffer.
800 dst_mbuf = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src;
802 if (!rte_pktmbuf_is_contiguous(dst_mbuf)) {
803 MRVL_LOG(ERR, "Segmented destination buffer not supported!");
807 request->num_bufs = segments_nb;
808 for (i = 0; i < segments_nb; i++) {
810 if (rte_pktmbuf_data_len(src_mbuf) == 0) {
811 /* EIP does not support 0 length buffers. */
812 MRVL_LOG(ERR, "Buffer length == 0 not supported!");
815 src_bd[i].vaddr = rte_pktmbuf_mtod(src_mbuf, void *);
816 src_bd[i].paddr = rte_pktmbuf_iova(src_mbuf);
817 src_bd[i].len = rte_pktmbuf_data_len(src_mbuf);
819 src_mbuf = src_mbuf->next;
821 request->src = src_bd;
823 /* Empty destination. */
824 if (rte_pktmbuf_data_len(dst_mbuf) == 0) {
825 /* Make dst buffer fit at least source data. */
826 if (rte_pktmbuf_append(dst_mbuf,
827 rte_pktmbuf_data_len(op->sym->m_src)) == NULL) {
828 MRVL_LOG(ERR, "Unable to set big enough dst buffer!");
833 request->dst = dst_bd;
834 dst_bd->vaddr = rte_pktmbuf_mtod(dst_mbuf, void *);
835 dst_bd->paddr = rte_pktmbuf_iova(dst_mbuf);
838 * We can use all available space in dst_mbuf,
839 * not only what's used currently.
841 dst_bd->len = dst_mbuf->buf_len - rte_pktmbuf_headroom(dst_mbuf);
844 request->l3_offset = 0;
845 request->pkt_size = rte_pktmbuf_pkt_len(op->sym->m_src);
851 *-----------------------------------------------------------------------------
852 * PMD Framework handlers
853 *-----------------------------------------------------------------------------
859 * @param queue_pair Pointer to queue pair.
860 * @param ops Pointer to ops requests array.
861 * @param nb_ops Number of elements in ops requests array.
862 * @returns Number of elements consumed from ops.
865 mrvl_crypto_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
868 uint16_t iter_ops = 0;
869 uint16_t to_enq_crp = 0;
870 uint16_t to_enq_sec = 0;
871 uint16_t consumed = 0;
874 struct sam_cio_op_params requests_crp[nb_ops];
875 struct sam_cio_ipsec_params requests_sec[nb_ops];
876 uint16_t indx_map_crp[nb_ops];
877 uint16_t indx_map_sec[nb_ops];
880 * SAM does not store bd pointers, so on-stack scope will be enough.
882 struct mrvl_crypto_src_table src_bd[nb_ops];
883 struct sam_buf_info dst_bd[nb_ops];
884 struct mrvl_crypto_qp *qp = (struct mrvl_crypto_qp *)queue_pair;
889 /* Prepare the burst. */
890 memset(&requests_crp, 0, sizeof(requests_crp));
891 memset(&requests_sec, 0, sizeof(requests_sec));
892 memset(&src_bd, 0, sizeof(src_bd));
894 /* Iterate through */
895 for (; iter_ops < nb_ops; ++iter_ops) {
896 /* store the op id for debug */
897 if (ops[iter_ops]->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
898 src_bd[iter_ops].iter_ops = to_enq_crp;
899 indx_map_crp[to_enq_crp] = iter_ops;
901 if (mrvl_request_prepare_crp(&requests_crp[to_enq_crp],
902 src_bd[iter_ops].src_bd,
904 ops[iter_ops]) < 0) {
906 "Error while preparing parameters!");
907 qp->stats.enqueue_err_count++;
908 ops[iter_ops]->status =
909 RTE_CRYPTO_OP_STATUS_ERROR;
911 * Number of handled ops is increased
912 * (even if the result of handling is error).
918 /* Increase the number of ops to enqueue. */
921 src_bd[iter_ops].iter_ops = to_enq_sec;
922 indx_map_sec[to_enq_sec] = iter_ops;
923 if (mrvl_request_prepare_sec(&requests_sec[to_enq_sec],
924 src_bd[iter_ops].src_bd,
926 ops[iter_ops]) < 0) {
928 "Error while preparing parameters!");
929 qp->stats.enqueue_err_count++;
930 ops[iter_ops]->status =
931 RTE_CRYPTO_OP_STATUS_ERROR;
933 * Number of handled ops is increased
934 * (even if the result of handling is error).
940 /* Increase the number of ops to enqueue. */
944 ops[iter_ops]->status =
945 RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
947 } /* for (; iter_ops < nb_ops;... */
949 if (to_enq_crp > 0) {
951 ret = sam_cio_enq(qp->cio, requests_crp, &to_enq_crp);
952 consumed += to_enq_crp;
955 * Trust SAM that in this case returned value will be at
956 * some point correct (now it is returned unmodified).
958 qp->stats.enqueue_err_count += to_enq_crp;
959 for (iter = 0; iter < to_enq_crp; ++iter)
960 ops[indx_map_crp[iter]]->status =
961 RTE_CRYPTO_OP_STATUS_ERROR;
965 if (to_enq_sec > 0) {
967 ret = sam_cio_enq_ipsec(qp->cio, requests_sec, &to_enq_sec);
968 consumed += to_enq_sec;
971 * Trust SAM that in this case returned value will be at
972 * some point correct (now it is returned unmodified).
974 qp->stats.enqueue_err_count += to_enq_sec;
975 for (iter = 0; iter < to_enq_crp; ++iter)
976 ops[indx_map_sec[iter]]->status =
977 RTE_CRYPTO_OP_STATUS_ERROR;
981 qp->stats.enqueued_count += to_enq_sec + to_enq_crp;
988 * @param queue_pair Pointer to queue pair.
989 * @param ops Pointer to ops requests array.
990 * @param nb_ops Number of elements in ops requests array.
991 * @returns Number of elements dequeued.
994 mrvl_crypto_pmd_dequeue_burst(void *queue_pair,
995 struct rte_crypto_op **ops,
999 struct mrvl_crypto_qp *qp = queue_pair;
1000 struct sam_cio *cio = qp->cio;
1001 struct sam_cio_op_result results[nb_ops];
1003 struct rte_mbuf *dst;
1005 ret = sam_cio_deq(cio, results, &nb_ops);
1007 /* Count all dequeued as error. */
1008 qp->stats.dequeue_err_count += nb_ops;
1010 /* But act as they were dequeued anyway*/
1011 qp->stats.dequeued_count += nb_ops;
1016 /* Unpack and check results. */
1017 for (i = 0; i < nb_ops; ++i) {
1018 ops[i] = results[i].cookie;
1020 switch (results[i].status) {
1022 ops[i]->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
1023 if (ops[i]->sess_type ==
1024 RTE_CRYPTO_OP_SECURITY_SESSION) {
1026 if (ops[i]->sym->m_dst)
1027 dst = ops[i]->sym->m_dst;
1029 dst = ops[i]->sym->m_src;
1030 dst->pkt_len = results[i].out_len;
1031 dst->data_len = results[i].out_len;
1034 case SAM_CIO_ERR_ICV:
1035 MRVL_LOG(DEBUG, "CIO returned SAM_CIO_ERR_ICV.");
1036 ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
1040 "CIO returned Error: %d.", results[i].status);
1041 ops[i]->status = RTE_CRYPTO_OP_STATUS_ERROR;
1046 qp->stats.dequeued_count += nb_ops;
1051 * Create a new crypto device.
1053 * @param name Driver name.
1054 * @param vdev Pointer to device structure.
1055 * @param init_params Pointer to initialization parameters.
1056 * @returns 0 in case of success, negative value otherwise.
1059 cryptodev_mrvl_crypto_create(const char *name,
1060 struct rte_vdev_device *vdev,
1061 struct mrvl_pmd_init_params *init_params)
1063 struct rte_cryptodev *dev;
1064 struct mrvl_crypto_private *internals;
1065 struct sam_init_params sam_params;
1066 struct rte_security_ctx *security_instance;
1069 dev = rte_cryptodev_pmd_create(name, &vdev->device,
1070 &init_params->common);
1072 MRVL_LOG(ERR, "Failed to create cryptodev vdev!");
1076 dev->driver_id = cryptodev_driver_id;
1077 dev->dev_ops = rte_mrvl_crypto_pmd_ops;
1079 /* Register rx/tx burst functions for data path. */
1080 dev->enqueue_burst = mrvl_crypto_pmd_enqueue_burst;
1081 dev->dequeue_burst = mrvl_crypto_pmd_dequeue_burst;
1083 dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
1084 RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
1085 RTE_CRYPTODEV_FF_HW_ACCELERATED |
1086 RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
1087 RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
1088 RTE_CRYPTODEV_FF_SECURITY;
1090 internals = dev->data->dev_private;
1092 internals->max_nb_qpairs = init_params->common.max_nb_queue_pairs;
1093 internals->max_nb_sessions = init_params->max_nb_sessions;
1095 ret = rte_mvep_init(MVEP_MOD_T_SAM, NULL);
1099 sam_params.max_num_sessions = internals->max_nb_sessions;
1101 /* Initialize security_ctx only for primary process*/
1102 security_instance = rte_malloc("rte_security_instances_ops",
1103 sizeof(struct rte_security_ctx), 0);
1104 if (security_instance == NULL)
1106 security_instance->device = (void *)dev;
1107 security_instance->ops = rte_mrvl_security_pmd_ops;
1108 security_instance->sess_cnt = 0;
1109 dev->security_ctx = security_instance;
1111 /*sam_set_debug_flags(3);*/
1113 ret = sam_init(&sam_params);
1117 rte_cryptodev_pmd_probing_finish(dev);
1123 "Driver %s: %s failed!", init_params->common.name, __func__);
1125 cryptodev_mrvl_crypto_uninit(vdev);
1129 /** Parse integer from integer argument */
1131 parse_integer_arg(const char *key __rte_unused,
1132 const char *value, void *extra_args)
1134 int *i = (int *) extra_args;
1138 MRVL_LOG(ERR, "Argument has to be positive!");
1147 parse_name_arg(const char *key __rte_unused,
1148 const char *value, void *extra_args)
1150 struct rte_cryptodev_pmd_init_params *params = extra_args;
1152 if (strlen(value) >= RTE_CRYPTODEV_NAME_MAX_LEN - 1) {
1153 MRVL_LOG(ERR, "Invalid name %s, should be less than %u bytes!",
1154 value, RTE_CRYPTODEV_NAME_MAX_LEN - 1);
1158 strncpy(params->name, value, RTE_CRYPTODEV_NAME_MAX_LEN);
1164 mrvl_pmd_parse_input_args(struct mrvl_pmd_init_params *params,
1165 const char *input_args)
1167 struct rte_kvargs *kvlist = NULL;
1174 kvlist = rte_kvargs_parse(input_args,
1175 mrvl_pmd_valid_params);
1179 /* Common VDEV parameters */
1180 ret = rte_kvargs_process(kvlist,
1181 RTE_CRYPTODEV_PMD_MAX_NB_QP_ARG,
1183 ¶ms->common.max_nb_queue_pairs);
1187 ret = rte_kvargs_process(kvlist,
1188 RTE_CRYPTODEV_PMD_SOCKET_ID_ARG,
1190 ¶ms->common.socket_id);
1194 ret = rte_kvargs_process(kvlist,
1195 RTE_CRYPTODEV_PMD_NAME_ARG,
1197 ¶ms->common.name);
1201 ret = rte_kvargs_process(kvlist,
1202 MRVL_PMD_MAX_NB_SESS_ARG,
1204 ¶ms->max_nb_sessions);
1211 rte_kvargs_free(kvlist);
1216 * Initialize the crypto device.
1218 * @param vdev Pointer to device structure.
1219 * @returns 0 in case of success, negative value otherwise.
1222 cryptodev_mrvl_crypto_init(struct rte_vdev_device *vdev)
1224 struct mrvl_pmd_init_params init_params = {
1227 .private_data_size =
1228 sizeof(struct mrvl_crypto_private),
1229 .max_nb_queue_pairs =
1230 sam_get_num_inst() * sam_get_num_cios(0),
1231 .socket_id = rte_socket_id()
1233 .max_nb_sessions = MRVL_PMD_DEFAULT_MAX_NB_SESSIONS
1236 const char *name, *args;
1239 name = rte_vdev_device_name(vdev);
1242 args = rte_vdev_device_args(vdev);
1244 ret = mrvl_pmd_parse_input_args(&init_params, args);
1246 MRVL_LOG(ERR, "Failed to parse initialisation arguments[%s]!",
1251 return cryptodev_mrvl_crypto_create(name, vdev, &init_params);
1255 * Uninitialize the crypto device
1257 * @param vdev Pointer to device structure.
1258 * @returns 0 in case of success, negative value otherwise.
1261 cryptodev_mrvl_crypto_uninit(struct rte_vdev_device *vdev)
1263 struct rte_cryptodev *cryptodev;
1264 const char *name = rte_vdev_device_name(vdev);
1269 MRVL_LOG(INFO, "Closing Marvell crypto device %s on numa socket %u.",
1270 name, rte_socket_id());
1273 rte_mvep_deinit(MVEP_MOD_T_SAM);
1275 cryptodev = rte_cryptodev_pmd_get_named_dev(name);
1276 if (cryptodev == NULL)
1279 return rte_cryptodev_pmd_destroy(cryptodev);
1283 * Basic driver handlers for use in the constructor.
1285 static struct rte_vdev_driver cryptodev_mrvl_pmd_drv = {
1286 .probe = cryptodev_mrvl_crypto_init,
1287 .remove = cryptodev_mrvl_crypto_uninit
1290 static struct cryptodev_driver mrvl_crypto_drv;
1292 /* Register the driver in constructor. */
1293 RTE_PMD_REGISTER_VDEV(CRYPTODEV_NAME_MRVL_PMD, cryptodev_mrvl_pmd_drv);
1294 RTE_PMD_REGISTER_PARAM_STRING(CRYPTODEV_NAME_MRVL_PMD,
1295 "max_nb_queue_pairs=<int> "
1296 "max_nb_sessions=<int> "
1298 RTE_PMD_REGISTER_CRYPTO_DRIVER(mrvl_crypto_drv, cryptodev_mrvl_pmd_drv.driver,
1299 cryptodev_driver_id);
1300 RTE_LOG_REGISTER_DEFAULT(mrvl_logtype_driver, NOTICE);