1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2017 Marvell International Ltd.
3 * Copyright(c) 2017 Semihalf.
9 #include <rte_common.h>
10 #include <rte_malloc.h>
11 #include <cryptodev_pmd.h>
12 #include <rte_security_driver.h>
14 #include "mrvl_pmd_private.h"
17 * Capabilities list to be used in reporting to DPDK.
19 static const struct rte_cryptodev_capabilities
20 mrvl_crypto_pmd_capabilities[] = {
22 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
24 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
26 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
42 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
44 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
46 .algo = RTE_CRYPTO_AUTH_MD5,
62 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
64 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
66 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
82 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
84 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
86 .algo = RTE_CRYPTO_AUTH_SHA1,
103 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
105 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
107 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
123 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
125 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
127 .algo = RTE_CRYPTO_AUTH_SHA224,
143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
163 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
165 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
167 .algo = RTE_CRYPTO_AUTH_SHA256,
183 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
185 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
187 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
203 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
205 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
207 .algo = RTE_CRYPTO_AUTH_SHA384,
223 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
225 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
227 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
243 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
245 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
247 .algo = RTE_CRYPTO_AUTH_SHA512,
263 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
265 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
267 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
285 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
287 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
303 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
305 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
307 .algo = RTE_CRYPTO_CIPHER_AES_ECB,
323 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
325 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
327 .algo = RTE_CRYPTO_AEAD_AES_GCM,
352 { /* AES GMAC (AUTH) */
353 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
355 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
357 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
378 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
380 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
382 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
398 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
400 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
402 .algo = RTE_CRYPTO_CIPHER_3DES_CTR,
418 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
420 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
422 .algo = RTE_CRYPTO_CIPHER_3DES_ECB,
438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
440 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
442 .algo = RTE_CRYPTO_AUTH_NULL,
462 { /* NULL (CIPHER) */
463 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
465 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
467 .algo = RTE_CRYPTO_CIPHER_NULL,
483 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
488 * Configure device (PMD ops callback).
490 * @param dev Pointer to the device structure.
491 * @param config Pointer to configuration structure.
492 * @returns 0. Always.
495 mrvl_crypto_pmd_config(__rte_unused struct rte_cryptodev *dev,
496 __rte_unused struct rte_cryptodev_config *config)
502 * Start device (PMD ops callback).
504 * @param dev Pointer to the device structure.
505 * @returns 0. Always.
508 mrvl_crypto_pmd_start(__rte_unused struct rte_cryptodev *dev)
514 * Stop device (PMD ops callback).
516 * @param dev Pointer to the device structure.
517 * @returns 0. Always.
520 mrvl_crypto_pmd_stop(__rte_unused struct rte_cryptodev *dev)
525 * Get device statistics (PMD ops callback).
527 * @param dev Pointer to the device structure.
528 * @param stats Pointer to statistics structure [out].
531 mrvl_crypto_pmd_stats_get(struct rte_cryptodev *dev,
532 struct rte_cryptodev_stats *stats)
536 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
537 struct mrvl_crypto_qp *qp = dev->data->queue_pairs[qp_id];
539 stats->enqueued_count += qp->stats.enqueued_count;
540 stats->dequeued_count += qp->stats.dequeued_count;
542 stats->enqueue_err_count += qp->stats.enqueue_err_count;
543 stats->dequeue_err_count += qp->stats.dequeue_err_count;
548 * Reset device statistics (PMD ops callback).
550 * @param dev Pointer to the device structure.
553 mrvl_crypto_pmd_stats_reset(struct rte_cryptodev *dev)
557 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
558 struct mrvl_crypto_qp *qp = dev->data->queue_pairs[qp_id];
560 memset(&qp->stats, 0, sizeof(qp->stats));
565 * Get device info (PMD ops callback).
567 * @param dev Pointer to the device structure.
568 * @param dev_info Pointer to the device info structure [out].
571 mrvl_crypto_pmd_info_get(struct rte_cryptodev *dev,
572 struct rte_cryptodev_info *dev_info)
574 struct mrvl_crypto_private *internals = dev->data->dev_private;
576 if (dev_info != NULL) {
577 dev_info->driver_id = dev->driver_id;
578 dev_info->feature_flags = dev->feature_flags;
579 dev_info->capabilities = mrvl_crypto_pmd_capabilities;
580 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs;
581 dev_info->sym.max_nb_sessions = internals->max_nb_sessions;
586 * Release queue pair (PMD ops callback).
588 * @param dev Pointer to the device structure.
589 * @param qp_id ID of Queue Pair to release.
590 * @returns 0. Always.
593 mrvl_crypto_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
595 struct mrvl_crypto_qp *qp =
596 (struct mrvl_crypto_qp *)dev->data->queue_pairs[qp_id];
598 if (dev->data->queue_pairs[qp_id] != NULL) {
599 sam_cio_flush(qp->cio);
600 sam_cio_deinit(qp->cio);
601 rte_free(dev->data->queue_pairs[qp_id]);
602 dev->data->queue_pairs[qp_id] = NULL;
609 * Close device (PMD ops callback).
611 * @param dev Pointer to the device structure.
612 * @returns 0. Always.
615 mrvl_crypto_pmd_close(struct rte_cryptodev *dev)
619 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++)
620 mrvl_crypto_pmd_qp_release(dev, qp_id);
626 * Setup a queue pair (PMD ops callback).
628 * @param dev Pointer to the device structure.
629 * @param qp_id ID of the Queue Pair.
630 * @param qp_conf Queue pair configuration (nb of descriptors).
631 * @param socket_id NUMA socket to allocate memory on.
632 * @returns 0 upon success, negative value otherwise.
635 mrvl_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
636 const struct rte_cryptodev_qp_conf *qp_conf,
639 struct mrvl_crypto_qp *qp = NULL;
640 char match[RTE_CRYPTODEV_NAME_MAX_LEN];
643 /* Allocate the queue pair data structure. */
644 qp = rte_zmalloc_socket("MRVL Crypto PMD Queue Pair", sizeof(*qp),
645 RTE_CACHE_LINE_SIZE, socket_id);
649 /* Free old qp prior setup if needed. */
650 if (dev->data->queue_pairs[qp_id] != NULL)
651 mrvl_crypto_pmd_qp_release(dev, qp_id);
653 do { /* Error handling block */
656 * This extra check is necessary due to a bug in
659 int num = sam_get_num_inst();
661 MRVL_LOG(ERR, "No crypto engines detected!");
666 * In case just one engine is enabled mapping will look as
669 * cio-x:y: cio-0:0, cio-0:1, cio-0:2, cio-0:3
671 * In case two crypto engines are enabled qps will
672 * be evenly spread among them. Even and odd qps will
673 * be handled by cio-0 and cio-1 respectively. qp-cio mapping
674 * will look as follows:
677 * cio-x:y: cio-0:0, cio-1:0, cio-0:1, cio-1:1
680 * cio-x:y: cio-0:2, cio-1:2, cio-0:3, cio-1:3
682 * In case of three crypto engines are enabled qps will
683 * be mapped as following:
686 * cio-x:y: cio-0:0, cio-1:0, cio-2:0, cio-0:1
689 * cio-x:y: cio-1:1, cio-2:1, cio-0:2, cio-1:2
692 * cio-x:y: cio-2:2, cio-0:3, cio-1:3, cio-2:3
694 n = snprintf(match, sizeof(match), "cio-%u:%u",
695 qp_id % num, qp_id / num);
697 if (n >= sizeof(match))
700 qp->cio_params.match = match;
701 qp->cio_params.size = qp_conf->nb_descriptors;
703 if (sam_cio_init(&qp->cio_params, &qp->cio) < 0)
706 qp->sess_mp = qp_conf->mp_session;
707 qp->sess_mp_priv = qp_conf->mp_session_private;
709 memset(&qp->stats, 0, sizeof(qp->stats));
710 dev->data->queue_pairs[qp_id] = qp;
718 /** Returns the size of the session structure (PMD ops callback).
720 * @param dev Pointer to the device structure [Unused].
721 * @returns Size of Marvell crypto session.
724 mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
726 return sizeof(struct mrvl_crypto_session);
729 /** Configure the session from a crypto xform chain (PMD ops callback).
731 * @param dev Pointer to the device structure.
732 * @param xform Pointer to the crypto configuration structure.
733 * @param sess Pointer to the empty session structure.
734 * @returns 0 upon success, negative value otherwise.
737 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
738 struct rte_crypto_sym_xform *xform,
739 struct rte_cryptodev_sym_session *sess,
740 struct rte_mempool *mp)
742 struct mrvl_crypto_session *mrvl_sess;
743 void *sess_private_data;
747 MRVL_LOG(ERR, "Invalid session struct!");
751 if (rte_mempool_get(mp, &sess_private_data)) {
752 CDEV_LOG_ERR("Couldn't get object from session mempool.");
756 memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
758 ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
760 MRVL_LOG(ERR, "Failed to configure session parameters!");
762 /* Return session to mempool */
763 rte_mempool_put(mp, sess_private_data);
767 set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
769 mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
770 if (sam_session_create(&mrvl_sess->sam_sess_params,
771 &mrvl_sess->sam_sess) < 0) {
772 MRVL_LOG(DEBUG, "Failed to create session!");
776 /* free the keys memory allocated for session creation */
777 if (mrvl_sess->sam_sess_params.cipher_key != NULL)
778 free(mrvl_sess->sam_sess_params.cipher_key);
779 if (mrvl_sess->sam_sess_params.auth_key != NULL)
780 free(mrvl_sess->sam_sess_params.auth_key);
786 * Clear the memory of session so it doesn't leave key material behind.
788 * @param dev Pointer to the device structure.
789 * @returns 0. Always.
792 mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
793 struct rte_cryptodev_sym_session *sess)
796 uint8_t index = dev->driver_id;
797 void *sess_priv = get_sym_session_private_data(sess, index);
799 /* Zero out the whole structure */
801 struct mrvl_crypto_session *mrvl_sess =
802 (struct mrvl_crypto_session *)sess_priv;
804 if (mrvl_sess->sam_sess &&
805 sam_session_destroy(mrvl_sess->sam_sess) < 0) {
806 MRVL_LOG(ERR, "Error while destroying session!");
809 memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
810 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
811 set_sym_session_private_data(sess, index, NULL);
812 rte_mempool_put(sess_mp, sess_priv);
817 * PMD handlers for crypto ops.
819 static struct rte_cryptodev_ops mrvl_crypto_pmd_ops = {
820 .dev_configure = mrvl_crypto_pmd_config,
821 .dev_start = mrvl_crypto_pmd_start,
822 .dev_stop = mrvl_crypto_pmd_stop,
823 .dev_close = mrvl_crypto_pmd_close,
825 .dev_infos_get = mrvl_crypto_pmd_info_get,
827 .stats_get = mrvl_crypto_pmd_stats_get,
828 .stats_reset = mrvl_crypto_pmd_stats_reset,
830 .queue_pair_setup = mrvl_crypto_pmd_qp_setup,
831 .queue_pair_release = mrvl_crypto_pmd_qp_release,
833 .sym_session_get_size = mrvl_crypto_pmd_sym_session_get_size,
834 .sym_session_configure = mrvl_crypto_pmd_sym_session_configure,
835 .sym_session_clear = mrvl_crypto_pmd_sym_session_clear
838 struct rte_cryptodev_ops *rte_mrvl_crypto_pmd_ops = &mrvl_crypto_pmd_ops;
840 /* IPSEC full offloading */
842 /** Configure the session from a crypto xform chain (PMD ops callback).
844 * @param dev Pointer to the device structure.
845 * @param conf Pointer to the security session configuration structure.
846 * @param sess Pointer to the empty session structure.
847 * @param mempool Pointer to memory pool.
848 * @returns 0 upon success, negative value otherwise.
851 mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
852 struct rte_security_session_conf *conf,
853 struct rte_security_session *sess,
854 struct rte_mempool *mempool)
856 struct mrvl_crypto_session *mrvl_sess;
857 void *sess_private_data;
861 MRVL_LOG(ERR, "Invalid session struct.");
865 if (rte_mempool_get(mempool, &sess_private_data)) {
866 MRVL_LOG(ERR, "Couldn't get object from session mempool.");
870 switch (conf->protocol) {
871 case RTE_SECURITY_PROTOCOL_IPSEC:
872 mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
874 struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
875 struct rte_crypto_sym_xform *crypto_xform = conf->crypto_xform;
877 ret = mrvl_ipsec_set_session_parameters(mrvl_sess,
881 MRVL_LOG(ERR, "Failed to configure session parameters.");
883 /* Return session to mempool */
884 rte_mempool_put(mempool, sess_private_data);
888 if (mrvl_sess->sam_sess_params.cipher_mode == SAM_CIPHER_GCM) {
889 /* Nonce is must for all counter modes */
890 mrvl_sess->sam_sess_params.cipher_iv =
891 (uint8_t *)&(conf->ipsec.salt);
894 ret = sam_session_create(&mrvl_sess->sam_sess_params,
895 &mrvl_sess->sam_sess);
897 MRVL_LOG(ERR, "PMD: failed to create IPSEC session.");
898 /* Return session to mempool */
899 rte_mempool_put(mempool, sess_private_data);
903 case RTE_SECURITY_PROTOCOL_MACSEC:
909 set_sec_session_private_data(sess, sess_private_data);
914 /** Clear the memory of session so it doesn't leave key material behind */
916 mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
917 struct rte_security_session *sess)
919 void *sess_priv = get_sec_session_private_data(sess);
921 /* Zero out the whole structure */
923 struct mrvl_crypto_session *mrvl_sess =
924 (struct mrvl_crypto_session *)sess_priv;
925 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
927 if (mrvl_sess->sam_sess &&
928 sam_session_destroy(mrvl_sess->sam_sess) < 0) {
929 MRVL_LOG(ERR, "Error while destroying session!");
932 rte_free(mrvl_sess->sam_sess_params.cipher_key);
933 rte_free(mrvl_sess->sam_sess_params.auth_key);
934 rte_free(mrvl_sess->sam_sess_params.cipher_iv);
935 memset(sess, 0, sizeof(struct rte_security_session));
936 set_sec_session_private_data(sess, NULL);
937 rte_mempool_put(sess_mp, sess_priv);
943 struct rte_security_capability mrvl_crypto_pmd_sec_security_cap[] = {
944 { /* IPsec Lookaside Protocol offload ESP Tunnel Egress */
945 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
946 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
948 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
949 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
950 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
952 .replay_win_sz_max = 128
954 .crypto_capabilities = mrvl_crypto_pmd_capabilities
956 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
957 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
958 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
960 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
961 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
962 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
964 .replay_win_sz_max = 128
966 .crypto_capabilities = mrvl_crypto_pmd_capabilities
968 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
969 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
970 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
972 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
973 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
974 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
976 .replay_win_sz_max = 128
978 .crypto_capabilities = mrvl_crypto_pmd_capabilities
980 { /* IPsec Lookaside Protocol offload ESP Transport Ingress */
981 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
982 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
984 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
985 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
986 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
988 .replay_win_sz_max = 128
990 .crypto_capabilities = mrvl_crypto_pmd_capabilities
993 .action = RTE_SECURITY_ACTION_TYPE_NONE
997 static const struct rte_security_capability *
998 mrvl_crypto_pmd_security_capabilities_get(void *device __rte_unused)
1000 return mrvl_crypto_pmd_sec_security_cap;
1003 struct rte_security_ops mrvl_sec_security_pmd_ops = {
1004 .session_create = mrvl_crypto_pmd_security_session_create,
1005 .session_update = NULL,
1006 .session_stats_get = NULL,
1007 .session_destroy = mrvl_crypto_pmd_security_session_destroy,
1008 .set_pkt_metadata = NULL,
1009 .capabilities_get = mrvl_crypto_pmd_security_capabilities_get
1012 struct rte_security_ops *rte_mrvl_security_pmd_ops = &mrvl_sec_security_pmd_ops;