1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2017 Marvell International Ltd.
3 * Copyright(c) 2017 Semihalf.
9 #include <rte_common.h>
10 #include <rte_malloc.h>
11 #include <cryptodev_pmd.h>
12 #include <rte_security_driver.h>
14 #include "mrvl_pmd_private.h"
17 * Capabilities list to be used in reporting to DPDK.
19 static const struct rte_cryptodev_capabilities
20 mrvl_crypto_pmd_capabilities[] = {
22 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
24 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
26 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
42 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
44 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
46 .algo = RTE_CRYPTO_AUTH_MD5,
62 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
64 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
66 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
82 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
84 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
86 .algo = RTE_CRYPTO_AUTH_SHA1,
103 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
105 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
107 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
123 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
125 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
127 .algo = RTE_CRYPTO_AUTH_SHA224,
143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
163 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
165 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
167 .algo = RTE_CRYPTO_AUTH_SHA256,
183 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
185 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
187 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
203 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
205 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
207 .algo = RTE_CRYPTO_AUTH_SHA384,
223 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
225 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
227 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
243 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
245 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
247 .algo = RTE_CRYPTO_AUTH_SHA512,
263 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
265 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
267 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
285 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
287 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
303 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
305 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
307 .algo = RTE_CRYPTO_CIPHER_AES_ECB,
323 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
325 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
327 .algo = RTE_CRYPTO_AEAD_AES_GCM,
352 { /* AES GMAC (AUTH) */
353 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
355 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
357 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
378 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
380 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
382 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
398 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
400 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
402 .algo = RTE_CRYPTO_CIPHER_3DES_CTR,
418 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
420 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
422 .algo = RTE_CRYPTO_CIPHER_3DES_ECB,
438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
440 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
442 .algo = RTE_CRYPTO_AUTH_NULL,
462 { /* NULL (CIPHER) */
463 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
465 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
467 .algo = RTE_CRYPTO_CIPHER_NULL,
483 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
488 * Configure device (PMD ops callback).
490 * @param dev Pointer to the device structure.
491 * @param config Pointer to configuration structure.
492 * @returns 0. Always.
495 mrvl_crypto_pmd_config(__rte_unused struct rte_cryptodev *dev,
496 __rte_unused struct rte_cryptodev_config *config)
502 * Start device (PMD ops callback).
504 * @param dev Pointer to the device structure.
505 * @returns 0. Always.
508 mrvl_crypto_pmd_start(__rte_unused struct rte_cryptodev *dev)
514 * Stop device (PMD ops callback).
516 * @param dev Pointer to the device structure.
517 * @returns 0. Always.
520 mrvl_crypto_pmd_stop(__rte_unused struct rte_cryptodev *dev)
525 * Get device statistics (PMD ops callback).
527 * @param dev Pointer to the device structure.
528 * @param stats Pointer to statistics structure [out].
531 mrvl_crypto_pmd_stats_get(struct rte_cryptodev *dev,
532 struct rte_cryptodev_stats *stats)
536 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
537 struct mrvl_crypto_qp *qp = dev->data->queue_pairs[qp_id];
539 stats->enqueued_count += qp->stats.enqueued_count;
540 stats->dequeued_count += qp->stats.dequeued_count;
542 stats->enqueue_err_count += qp->stats.enqueue_err_count;
543 stats->dequeue_err_count += qp->stats.dequeue_err_count;
548 * Reset device statistics (PMD ops callback).
550 * @param dev Pointer to the device structure.
553 mrvl_crypto_pmd_stats_reset(struct rte_cryptodev *dev)
557 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
558 struct mrvl_crypto_qp *qp = dev->data->queue_pairs[qp_id];
560 memset(&qp->stats, 0, sizeof(qp->stats));
565 * Get device info (PMD ops callback).
567 * @param dev Pointer to the device structure.
568 * @param dev_info Pointer to the device info structure [out].
571 mrvl_crypto_pmd_info_get(struct rte_cryptodev *dev,
572 struct rte_cryptodev_info *dev_info)
574 struct mrvl_crypto_private *internals = dev->data->dev_private;
576 if (dev_info != NULL) {
577 dev_info->driver_id = dev->driver_id;
578 dev_info->feature_flags = dev->feature_flags;
579 dev_info->capabilities = mrvl_crypto_pmd_capabilities;
580 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs;
581 dev_info->sym.max_nb_sessions = internals->max_nb_sessions;
586 * Release queue pair (PMD ops callback).
588 * @param dev Pointer to the device structure.
589 * @param qp_id ID of Queue Pair to release.
590 * @returns 0. Always.
593 mrvl_crypto_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
595 struct mrvl_crypto_qp *qp =
596 (struct mrvl_crypto_qp *)dev->data->queue_pairs[qp_id];
598 if (dev->data->queue_pairs[qp_id] != NULL) {
599 sam_cio_flush(qp->cio);
600 sam_cio_deinit(qp->cio);
601 rte_free(dev->data->queue_pairs[qp_id]);
602 dev->data->queue_pairs[qp_id] = NULL;
609 * Close device (PMD ops callback).
611 * @param dev Pointer to the device structure.
612 * @returns 0. Always.
615 mrvl_crypto_pmd_close(struct rte_cryptodev *dev)
619 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++)
620 mrvl_crypto_pmd_qp_release(dev, qp_id);
626 * Setup a queue pair (PMD ops callback).
628 * @param dev Pointer to the device structure.
629 * @param qp_id ID of the Queue Pair.
630 * @param qp_conf Queue pair configuration (nb of descriptors).
631 * @param socket_id NUMA socket to allocate memory on.
632 * @returns 0 upon success, negative value otherwise.
635 mrvl_crypto_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
636 const struct rte_cryptodev_qp_conf *qp_conf,
639 struct mrvl_crypto_qp *qp = NULL;
640 char match[RTE_CRYPTODEV_NAME_MAX_LEN];
643 /* Allocate the queue pair data structure. */
644 qp = rte_zmalloc_socket("MRVL Crypto PMD Queue Pair", sizeof(*qp),
645 RTE_CACHE_LINE_SIZE, socket_id);
649 /* Free old qp prior setup if needed. */
650 if (dev->data->queue_pairs[qp_id] != NULL)
651 mrvl_crypto_pmd_qp_release(dev, qp_id);
653 do { /* Error handling block */
656 * This extra check is necessary due to a bug in
659 int num = sam_get_num_inst();
661 MRVL_LOG(ERR, "No crypto engines detected!");
666 * In case just one engine is enabled mapping will look as
669 * cio-x:y: cio-0:0, cio-0:1, cio-0:2, cio-0:3
671 * In case two crypto engines are enabled qps will
672 * be evenly spread among them. Even and odd qps will
673 * be handled by cio-0 and cio-1 respectively. qp-cio mapping
674 * will look as follows:
677 * cio-x:y: cio-0:0, cio-1:0, cio-0:1, cio-1:1
680 * cio-x:y: cio-0:2, cio-1:2, cio-0:3, cio-1:3
682 * In case of three crypto engines are enabled qps will
683 * be mapped as following:
686 * cio-x:y: cio-0:0, cio-1:0, cio-2:0, cio-0:1
689 * cio-x:y: cio-1:1, cio-2:1, cio-0:2, cio-1:2
692 * cio-x:y: cio-2:2, cio-0:3, cio-1:3, cio-2:3
694 n = snprintf(match, sizeof(match), "cio-%u:%u",
695 qp_id % num, qp_id / num);
697 if (n >= sizeof(match))
700 qp->cio_params.match = match;
701 qp->cio_params.size = qp_conf->nb_descriptors;
703 if (sam_cio_init(&qp->cio_params, &qp->cio) < 0)
706 qp->sess_mp = qp_conf->mp_session;
707 qp->sess_mp_priv = qp_conf->mp_session_private;
709 memset(&qp->stats, 0, sizeof(qp->stats));
710 dev->data->queue_pairs[qp_id] = qp;
718 /** Returns the size of the session structure (PMD ops callback).
720 * @param dev Pointer to the device structure [Unused].
721 * @returns Size of Marvell crypto session.
724 mrvl_crypto_pmd_sym_session_get_size(__rte_unused struct rte_cryptodev *dev)
726 return sizeof(struct mrvl_crypto_session);
729 /** Configure the session from a crypto xform chain (PMD ops callback).
731 * @param dev Pointer to the device structure.
732 * @param xform Pointer to the crypto configuration structure.
733 * @param sess Pointer to the empty session structure.
734 * @returns 0 upon success, negative value otherwise.
737 mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
738 struct rte_crypto_sym_xform *xform,
739 struct rte_cryptodev_sym_session *sess,
740 struct rte_mempool *mp)
742 struct mrvl_crypto_session *mrvl_sess;
743 void *sess_private_data;
747 MRVL_LOG(ERR, "Invalid session struct!");
751 if (rte_mempool_get(mp, &sess_private_data)) {
752 CDEV_LOG_ERR("Couldn't get object from session mempool.");
756 memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
758 ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
760 MRVL_LOG(ERR, "Failed to configure session parameters!");
762 /* Return session to mempool */
763 rte_mempool_put(mp, sess_private_data);
767 set_sym_session_private_data(sess, dev->driver_id, sess_private_data);
769 mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
770 if (sam_session_create(&mrvl_sess->sam_sess_params,
771 &mrvl_sess->sam_sess) < 0) {
772 MRVL_LOG(DEBUG, "Failed to create session!");
776 /* free the keys memory allocated for session creation */
777 free(mrvl_sess->sam_sess_params.cipher_key);
778 free(mrvl_sess->sam_sess_params.auth_key);
784 * Clear the memory of session so it doesn't leave key material behind.
786 * @param dev Pointer to the device structure.
787 * @returns 0. Always.
790 mrvl_crypto_pmd_sym_session_clear(struct rte_cryptodev *dev,
791 struct rte_cryptodev_sym_session *sess)
794 uint8_t index = dev->driver_id;
795 void *sess_priv = get_sym_session_private_data(sess, index);
797 /* Zero out the whole structure */
799 struct mrvl_crypto_session *mrvl_sess =
800 (struct mrvl_crypto_session *)sess_priv;
802 if (mrvl_sess->sam_sess &&
803 sam_session_destroy(mrvl_sess->sam_sess) < 0) {
804 MRVL_LOG(ERR, "Error while destroying session!");
807 memset(mrvl_sess, 0, sizeof(struct mrvl_crypto_session));
808 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
809 set_sym_session_private_data(sess, index, NULL);
810 rte_mempool_put(sess_mp, sess_priv);
815 * PMD handlers for crypto ops.
817 static struct rte_cryptodev_ops mrvl_crypto_pmd_ops = {
818 .dev_configure = mrvl_crypto_pmd_config,
819 .dev_start = mrvl_crypto_pmd_start,
820 .dev_stop = mrvl_crypto_pmd_stop,
821 .dev_close = mrvl_crypto_pmd_close,
823 .dev_infos_get = mrvl_crypto_pmd_info_get,
825 .stats_get = mrvl_crypto_pmd_stats_get,
826 .stats_reset = mrvl_crypto_pmd_stats_reset,
828 .queue_pair_setup = mrvl_crypto_pmd_qp_setup,
829 .queue_pair_release = mrvl_crypto_pmd_qp_release,
831 .sym_session_get_size = mrvl_crypto_pmd_sym_session_get_size,
832 .sym_session_configure = mrvl_crypto_pmd_sym_session_configure,
833 .sym_session_clear = mrvl_crypto_pmd_sym_session_clear
836 struct rte_cryptodev_ops *rte_mrvl_crypto_pmd_ops = &mrvl_crypto_pmd_ops;
838 /* IPSEC full offloading */
840 /** Configure the session from a crypto xform chain (PMD ops callback).
842 * @param dev Pointer to the device structure.
843 * @param conf Pointer to the security session configuration structure.
844 * @param sess Pointer to the empty session structure.
845 * @param mempool Pointer to memory pool.
846 * @returns 0 upon success, negative value otherwise.
849 mrvl_crypto_pmd_security_session_create(__rte_unused void *dev,
850 struct rte_security_session_conf *conf,
851 struct rte_security_session *sess,
852 struct rte_mempool *mempool)
854 struct mrvl_crypto_session *mrvl_sess;
855 void *sess_private_data;
859 MRVL_LOG(ERR, "Invalid session struct.");
863 if (rte_mempool_get(mempool, &sess_private_data)) {
864 MRVL_LOG(ERR, "Couldn't get object from session mempool.");
868 switch (conf->protocol) {
869 case RTE_SECURITY_PROTOCOL_IPSEC:
870 mrvl_sess = (struct mrvl_crypto_session *)sess_private_data;
872 struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
873 struct rte_crypto_sym_xform *crypto_xform = conf->crypto_xform;
875 ret = mrvl_ipsec_set_session_parameters(mrvl_sess,
879 MRVL_LOG(ERR, "Failed to configure session parameters.");
881 /* Return session to mempool */
882 rte_mempool_put(mempool, sess_private_data);
886 if (mrvl_sess->sam_sess_params.cipher_mode == SAM_CIPHER_GCM) {
887 /* Nonce is must for all counter modes */
888 mrvl_sess->sam_sess_params.cipher_iv =
889 (uint8_t *)&(conf->ipsec.salt);
892 ret = sam_session_create(&mrvl_sess->sam_sess_params,
893 &mrvl_sess->sam_sess);
895 MRVL_LOG(ERR, "PMD: failed to create IPSEC session.");
896 /* Return session to mempool */
897 rte_mempool_put(mempool, sess_private_data);
901 case RTE_SECURITY_PROTOCOL_MACSEC:
907 set_sec_session_private_data(sess, sess_private_data);
912 /** Clear the memory of session so it doesn't leave key material behind */
914 mrvl_crypto_pmd_security_session_destroy(void *dev __rte_unused,
915 struct rte_security_session *sess)
917 void *sess_priv = get_sec_session_private_data(sess);
919 /* Zero out the whole structure */
921 struct mrvl_crypto_session *mrvl_sess =
922 (struct mrvl_crypto_session *)sess_priv;
923 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
925 if (mrvl_sess->sam_sess &&
926 sam_session_destroy(mrvl_sess->sam_sess) < 0) {
927 MRVL_LOG(ERR, "Error while destroying session!");
930 rte_free(mrvl_sess->sam_sess_params.cipher_key);
931 rte_free(mrvl_sess->sam_sess_params.auth_key);
932 rte_free(mrvl_sess->sam_sess_params.cipher_iv);
933 memset(sess, 0, sizeof(struct rte_security_session));
934 set_sec_session_private_data(sess, NULL);
935 rte_mempool_put(sess_mp, sess_priv);
941 struct rte_security_capability mrvl_crypto_pmd_sec_security_cap[] = {
942 { /* IPsec Lookaside Protocol offload ESP Tunnel Egress */
943 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
944 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
946 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
947 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
948 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
950 .replay_win_sz_max = 128
952 .crypto_capabilities = mrvl_crypto_pmd_capabilities
954 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
955 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
956 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
958 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
959 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
960 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
962 .replay_win_sz_max = 128
964 .crypto_capabilities = mrvl_crypto_pmd_capabilities
966 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
967 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
968 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
970 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
971 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
972 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
974 .replay_win_sz_max = 128
976 .crypto_capabilities = mrvl_crypto_pmd_capabilities
978 { /* IPsec Lookaside Protocol offload ESP Transport Ingress */
979 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
980 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
982 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
983 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
984 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
986 .replay_win_sz_max = 128
988 .crypto_capabilities = mrvl_crypto_pmd_capabilities
991 .action = RTE_SECURITY_ACTION_TYPE_NONE
995 static const struct rte_security_capability *
996 mrvl_crypto_pmd_security_capabilities_get(void *device __rte_unused)
998 return mrvl_crypto_pmd_sec_security_cap;
1001 struct rte_security_ops mrvl_sec_security_pmd_ops = {
1002 .session_create = mrvl_crypto_pmd_security_session_create,
1003 .session_update = NULL,
1004 .session_stats_get = NULL,
1005 .session_destroy = mrvl_crypto_pmd_security_session_destroy,
1006 .set_pkt_metadata = NULL,
1007 .capabilities_get = mrvl_crypto_pmd_security_capabilities_get
1010 struct rte_security_ops *rte_mrvl_security_pmd_ops = &mrvl_sec_security_pmd_ops;