1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2019 Marvell International Ltd.
7 #include <rte_cryptodev_pmd.h>
8 #include <rte_crypto.h>
10 #include "nitrox_sym.h"
11 #include "nitrox_device.h"
12 #include "nitrox_sym_capabilities.h"
13 #include "nitrox_qp.h"
14 #include "nitrox_sym_reqmgr.h"
15 #include "nitrox_sym_ctx.h"
16 #include "nitrox_logs.h"
18 #define CRYPTODEV_NAME_NITROX_PMD crypto_nitrox_sym
19 #define MC_MAC_MISMATCH_ERR_CODE 0x4c
20 #define NPS_PKT_IN_INSTR_SIZE 64
21 #define IV_FROM_DPTR 1
22 #define FLEXI_CRYPTO_ENCRYPT_HMAC 0x33
23 #define FLEXI_CRYPTO_MAX_AAD_LEN 512
24 #define AES_KEYSIZE_128 16
25 #define AES_KEYSIZE_192 24
26 #define AES_KEYSIZE_256 32
29 struct nitrox_sym_device {
30 struct rte_cryptodev *cdev;
31 struct nitrox_device *ndev;
64 uint8_t nitrox_sym_drv_id;
65 static const char nitrox_sym_drv_name[] = RTE_STR(CRYPTODEV_NAME_NITROX_PMD);
66 static const struct rte_driver nitrox_rte_sym_drv = {
67 .name = nitrox_sym_drv_name,
68 .alias = nitrox_sym_drv_name
71 static int nitrox_sym_dev_qp_release(struct rte_cryptodev *cdev,
75 nitrox_sym_dev_config(struct rte_cryptodev *cdev,
76 struct rte_cryptodev_config *config)
78 struct nitrox_sym_device *sym_dev = cdev->data->dev_private;
79 struct nitrox_device *ndev = sym_dev->ndev;
81 if (config->nb_queue_pairs > ndev->nr_queues) {
82 NITROX_LOG(ERR, "Invalid queue pairs, max supported %d\n",
91 nitrox_sym_dev_start(struct rte_cryptodev *cdev)
93 /* SE cores initialization is done in PF */
99 nitrox_sym_dev_stop(struct rte_cryptodev *cdev)
101 /* SE cores cleanup is done in PF */
106 nitrox_sym_dev_close(struct rte_cryptodev *cdev)
110 for (i = 0; i < cdev->data->nb_queue_pairs; i++) {
111 ret = nitrox_sym_dev_qp_release(cdev, i);
120 nitrox_sym_dev_info_get(struct rte_cryptodev *cdev,
121 struct rte_cryptodev_info *info)
123 struct nitrox_sym_device *sym_dev = cdev->data->dev_private;
124 struct nitrox_device *ndev = sym_dev->ndev;
129 info->max_nb_queue_pairs = ndev->nr_queues;
130 info->feature_flags = cdev->feature_flags;
131 info->capabilities = nitrox_get_sym_capabilities();
132 info->driver_id = nitrox_sym_drv_id;
133 info->sym.max_nb_sessions = 0;
137 nitrox_sym_dev_stats_get(struct rte_cryptodev *cdev,
138 struct rte_cryptodev_stats *stats)
142 for (qp_id = 0; qp_id < cdev->data->nb_queue_pairs; qp_id++) {
143 struct nitrox_qp *qp = cdev->data->queue_pairs[qp_id];
148 stats->enqueued_count += qp->stats.enqueued_count;
149 stats->dequeued_count += qp->stats.dequeued_count;
150 stats->enqueue_err_count += qp->stats.enqueue_err_count;
151 stats->dequeue_err_count += qp->stats.dequeue_err_count;
156 nitrox_sym_dev_stats_reset(struct rte_cryptodev *cdev)
160 for (qp_id = 0; qp_id < cdev->data->nb_queue_pairs; qp_id++) {
161 struct nitrox_qp *qp = cdev->data->queue_pairs[qp_id];
166 memset(&qp->stats, 0, sizeof(qp->stats));
171 nitrox_sym_dev_qp_setup(struct rte_cryptodev *cdev, uint16_t qp_id,
172 const struct rte_cryptodev_qp_conf *qp_conf,
175 struct nitrox_sym_device *sym_dev = cdev->data->dev_private;
176 struct nitrox_device *ndev = sym_dev->ndev;
177 struct nitrox_qp *qp = NULL;
180 NITROX_LOG(DEBUG, "queue %d\n", qp_id);
181 if (qp_id >= ndev->nr_queues) {
182 NITROX_LOG(ERR, "queue %u invalid, max queues supported %d\n",
183 qp_id, ndev->nr_queues);
187 if (cdev->data->queue_pairs[qp_id]) {
188 err = nitrox_sym_dev_qp_release(cdev, qp_id);
193 qp = rte_zmalloc_socket("nitrox PMD qp", sizeof(*qp),
197 NITROX_LOG(ERR, "Failed to allocate nitrox qp\n");
202 err = nitrox_qp_setup(qp, ndev->bar_addr, cdev->data->name,
203 qp_conf->nb_descriptors, NPS_PKT_IN_INSTR_SIZE,
208 qp->sr_mp = nitrox_sym_req_pool_create(cdev, qp->count, qp_id,
210 if (unlikely(!qp->sr_mp))
213 cdev->data->queue_pairs[qp_id] = qp;
214 NITROX_LOG(DEBUG, "queue %d setup done\n", qp_id);
218 nitrox_qp_release(qp, ndev->bar_addr);
225 nitrox_sym_dev_qp_release(struct rte_cryptodev *cdev, uint16_t qp_id)
227 struct nitrox_sym_device *sym_dev = cdev->data->dev_private;
228 struct nitrox_device *ndev = sym_dev->ndev;
229 struct nitrox_qp *qp;
232 NITROX_LOG(DEBUG, "queue %d\n", qp_id);
233 if (qp_id >= ndev->nr_queues) {
234 NITROX_LOG(ERR, "queue %u invalid, max queues supported %d\n",
235 qp_id, ndev->nr_queues);
239 qp = cdev->data->queue_pairs[qp_id];
241 NITROX_LOG(DEBUG, "queue %u already freed\n", qp_id);
245 if (!nitrox_qp_is_empty(qp)) {
246 NITROX_LOG(ERR, "queue %d not empty\n", qp_id);
250 cdev->data->queue_pairs[qp_id] = NULL;
251 err = nitrox_qp_release(qp, ndev->bar_addr);
252 nitrox_sym_req_pool_free(qp->sr_mp);
254 NITROX_LOG(DEBUG, "queue %d release done\n", qp_id);
259 nitrox_sym_dev_sess_get_size(__rte_unused struct rte_cryptodev *cdev)
261 return sizeof(struct nitrox_crypto_ctx);
264 static enum nitrox_chain
265 get_crypto_chain_order(const struct rte_crypto_sym_xform *xform)
267 enum nitrox_chain res = NITROX_CHAIN_NOT_SUPPORTED;
269 if (unlikely(xform == NULL))
272 switch (xform->type) {
273 case RTE_CRYPTO_SYM_XFORM_AUTH:
274 if (xform->next == NULL) {
275 res = NITROX_CHAIN_NOT_SUPPORTED;
276 } else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
277 if (xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY &&
278 xform->next->cipher.op ==
279 RTE_CRYPTO_CIPHER_OP_DECRYPT) {
280 res = NITROX_CHAIN_AUTH_CIPHER;
282 NITROX_LOG(ERR, "auth op %d, cipher op %d\n",
283 xform->auth.op, xform->next->cipher.op);
287 case RTE_CRYPTO_SYM_XFORM_CIPHER:
288 if (xform->next == NULL) {
289 res = NITROX_CHAIN_CIPHER_ONLY;
290 } else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
291 if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
292 xform->next->auth.op ==
293 RTE_CRYPTO_AUTH_OP_GENERATE) {
294 res = NITROX_CHAIN_CIPHER_AUTH;
296 NITROX_LOG(ERR, "cipher op %d, auth op %d\n",
297 xform->cipher.op, xform->next->auth.op);
301 case RTE_CRYPTO_SYM_XFORM_AEAD:
302 res = NITROX_CHAIN_COMBINED;
311 static enum flexi_cipher
312 get_flexi_cipher_type(enum rte_crypto_cipher_algorithm algo, bool *is_aes)
314 enum flexi_cipher type;
317 case RTE_CRYPTO_CIPHER_AES_CBC:
318 type = CIPHER_AES_CBC;
321 case RTE_CRYPTO_CIPHER_3DES_CBC:
322 type = CIPHER_3DES_CBC;
326 type = CIPHER_INVALID;
327 NITROX_LOG(ERR, "Algorithm not supported %d\n", algo);
335 flexi_aes_keylen(size_t keylen, bool is_aes)
343 case AES_KEYSIZE_128:
346 case AES_KEYSIZE_192:
349 case AES_KEYSIZE_256:
353 NITROX_LOG(ERR, "Invalid keylen %zu\n", keylen);
354 aes_keylen = -EINVAL;
362 crypto_key_is_valid(struct rte_crypto_cipher_xform *xform,
363 struct flexi_crypto_context *fctx)
365 if (unlikely(xform->key.length > sizeof(fctx->crypto.key))) {
366 NITROX_LOG(ERR, "Invalid crypto key length %d\n",
375 configure_cipher_ctx(struct rte_crypto_cipher_xform *xform,
376 struct nitrox_crypto_ctx *ctx)
378 enum flexi_cipher type;
379 bool cipher_is_aes = false;
381 struct flexi_crypto_context *fctx = &ctx->fctx;
383 type = get_flexi_cipher_type(xform->algo, &cipher_is_aes);
384 if (unlikely(type == CIPHER_INVALID))
387 aes_keylen = flexi_aes_keylen(xform->key.length, cipher_is_aes);
388 if (unlikely(aes_keylen < 0))
391 if (unlikely(!cipher_is_aes && !crypto_key_is_valid(xform, fctx)))
394 if (unlikely(xform->iv.length > MAX_IV_LEN))
397 fctx->flags = rte_be_to_cpu_64(fctx->flags);
398 fctx->w0.cipher_type = type;
399 fctx->w0.aes_keylen = aes_keylen;
400 fctx->w0.iv_source = IV_FROM_DPTR;
401 fctx->flags = rte_cpu_to_be_64(fctx->flags);
402 memset(fctx->crypto.key, 0, sizeof(fctx->crypto.key));
403 memcpy(fctx->crypto.key, xform->key.data, xform->key.length);
405 ctx->opcode = FLEXI_CRYPTO_ENCRYPT_HMAC;
406 ctx->req_op = (xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
407 NITROX_OP_ENCRYPT : NITROX_OP_DECRYPT;
408 ctx->iv.offset = xform->iv.offset;
409 ctx->iv.length = xform->iv.length;
413 static enum flexi_auth
414 get_flexi_auth_type(enum rte_crypto_auth_algorithm algo)
416 enum flexi_auth type;
419 case RTE_CRYPTO_AUTH_SHA1_HMAC:
422 case RTE_CRYPTO_AUTH_SHA224_HMAC:
423 type = AUTH_SHA2_SHA224;
425 case RTE_CRYPTO_AUTH_SHA256_HMAC:
426 type = AUTH_SHA2_SHA256;
429 NITROX_LOG(ERR, "Algorithm not supported %d\n", algo);
438 auth_key_is_valid(const uint8_t *data, uint16_t length,
439 struct flexi_crypto_context *fctx)
441 if (unlikely(!data && length)) {
442 NITROX_LOG(ERR, "Invalid auth key\n");
446 if (unlikely(length > sizeof(fctx->auth.opad))) {
447 NITROX_LOG(ERR, "Invalid auth key length %d\n",
456 configure_auth_ctx(struct rte_crypto_auth_xform *xform,
457 struct nitrox_crypto_ctx *ctx)
459 enum flexi_auth type;
460 struct flexi_crypto_context *fctx = &ctx->fctx;
462 type = get_flexi_auth_type(xform->algo);
463 if (unlikely(type == AUTH_INVALID))
466 if (unlikely(!auth_key_is_valid(xform->key.data, xform->key.length,
470 ctx->digest_length = xform->digest_length;
472 fctx->flags = rte_be_to_cpu_64(fctx->flags);
473 fctx->w0.hash_type = type;
474 fctx->w0.auth_input_type = 1;
475 fctx->w0.mac_len = xform->digest_length;
476 fctx->flags = rte_cpu_to_be_64(fctx->flags);
477 memset(&fctx->auth, 0, sizeof(fctx->auth));
478 memcpy(fctx->auth.opad, xform->key.data, xform->key.length);
483 configure_aead_ctx(struct rte_crypto_aead_xform *xform,
484 struct nitrox_crypto_ctx *ctx)
487 struct flexi_crypto_context *fctx = &ctx->fctx;
489 if (unlikely(xform->aad_length > FLEXI_CRYPTO_MAX_AAD_LEN)) {
490 NITROX_LOG(ERR, "AAD length %d not supported\n",
495 if (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM))
498 aes_keylen = flexi_aes_keylen(xform->key.length, true);
499 if (unlikely(aes_keylen < 0))
502 if (unlikely(!auth_key_is_valid(xform->key.data, xform->key.length,
506 if (unlikely(xform->iv.length > MAX_IV_LEN))
509 fctx->flags = rte_be_to_cpu_64(fctx->flags);
510 fctx->w0.cipher_type = CIPHER_AES_GCM;
511 fctx->w0.aes_keylen = aes_keylen;
512 fctx->w0.iv_source = IV_FROM_DPTR;
513 fctx->w0.hash_type = AUTH_NULL;
514 fctx->w0.auth_input_type = 1;
515 fctx->w0.mac_len = xform->digest_length;
516 fctx->flags = rte_cpu_to_be_64(fctx->flags);
517 memset(fctx->crypto.key, 0, sizeof(fctx->crypto.key));
518 memcpy(fctx->crypto.key, xform->key.data, xform->key.length);
519 memset(&fctx->auth, 0, sizeof(fctx->auth));
520 memcpy(fctx->auth.opad, xform->key.data, xform->key.length);
522 ctx->opcode = FLEXI_CRYPTO_ENCRYPT_HMAC;
523 ctx->req_op = (xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
524 NITROX_OP_ENCRYPT : NITROX_OP_DECRYPT;
525 ctx->iv.offset = xform->iv.offset;
526 ctx->iv.length = xform->iv.length;
527 ctx->digest_length = xform->digest_length;
528 ctx->aad_length = xform->aad_length;
533 nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
534 struct rte_crypto_sym_xform *xform,
535 struct rte_cryptodev_sym_session *sess,
536 struct rte_mempool *mempool)
539 struct nitrox_crypto_ctx *ctx;
540 struct rte_crypto_cipher_xform *cipher_xform = NULL;
541 struct rte_crypto_auth_xform *auth_xform = NULL;
542 struct rte_crypto_aead_xform *aead_xform = NULL;
545 if (rte_mempool_get(mempool, &mp_obj)) {
546 NITROX_LOG(ERR, "Couldn't allocate context\n");
551 ctx->nitrox_chain = get_crypto_chain_order(xform);
552 switch (ctx->nitrox_chain) {
553 case NITROX_CHAIN_CIPHER_AUTH:
554 cipher_xform = &xform->cipher;
555 auth_xform = &xform->next->auth;
557 case NITROX_CHAIN_AUTH_CIPHER:
558 auth_xform = &xform->auth;
559 cipher_xform = &xform->next->cipher;
561 case NITROX_CHAIN_COMBINED:
562 aead_xform = &xform->aead;
565 NITROX_LOG(ERR, "Crypto chain not supported\n");
570 if (cipher_xform && unlikely(configure_cipher_ctx(cipher_xform, ctx))) {
571 NITROX_LOG(ERR, "Failed to configure cipher ctx\n");
575 if (auth_xform && unlikely(configure_auth_ctx(auth_xform, ctx))) {
576 NITROX_LOG(ERR, "Failed to configure auth ctx\n");
580 if (aead_xform && unlikely(configure_aead_ctx(aead_xform, ctx))) {
581 NITROX_LOG(ERR, "Failed to configure aead ctx\n");
585 ctx->iova = rte_mempool_virt2iova(ctx);
586 set_sym_session_private_data(sess, cdev->driver_id, ctx);
589 rte_mempool_put(mempool, mp_obj);
594 nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
595 struct rte_cryptodev_sym_session *sess)
597 struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
599 struct rte_mempool *sess_mp;
604 memset(ctx, 0, sizeof(*ctx));
605 sess_mp = rte_mempool_from_obj(ctx);
606 set_sym_session_private_data(sess, cdev->driver_id, NULL);
607 rte_mempool_put(sess_mp, ctx);
610 static struct nitrox_crypto_ctx *
611 get_crypto_ctx(struct rte_crypto_op *op)
613 if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
614 if (likely(op->sym->session))
615 return get_sym_session_private_data(op->sym->session,
623 nitrox_enq_single_op(struct nitrox_qp *qp, struct rte_crypto_op *op)
625 struct nitrox_crypto_ctx *ctx;
626 struct nitrox_softreq *sr;
629 op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
630 ctx = get_crypto_ctx(op);
631 if (unlikely(!ctx)) {
632 op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
636 if (unlikely(rte_mempool_get(qp->sr_mp, (void **)&sr)))
639 err = nitrox_process_se_req(qp->qno, op, ctx, sr);
641 rte_mempool_put(qp->sr_mp, sr);
642 op->status = RTE_CRYPTO_OP_STATUS_ERROR;
646 nitrox_qp_enqueue(qp, nitrox_sym_instr_addr(sr), sr);
651 nitrox_sym_dev_enq_burst(void *queue_pair, struct rte_crypto_op **ops,
654 struct nitrox_qp *qp = queue_pair;
655 uint16_t free_slots = 0;
659 free_slots = nitrox_qp_free_count(qp);
660 if (nb_ops > free_slots)
663 for (cnt = 0; cnt < nb_ops; cnt++) {
664 if (unlikely(nitrox_enq_single_op(qp, ops[cnt]))) {
670 nitrox_ring_dbell(qp, cnt);
671 qp->stats.enqueued_count += cnt;
673 qp->stats.enqueue_err_count++;
679 nitrox_deq_single_op(struct nitrox_qp *qp, struct rte_crypto_op **op_ptr)
681 struct nitrox_softreq *sr;
683 struct rte_crypto_op *op;
685 sr = nitrox_qp_get_softreq(qp);
686 ret = nitrox_check_se_req(sr, op_ptr);
691 nitrox_qp_dequeue(qp);
692 rte_mempool_put(qp->sr_mp, sr);
694 op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
695 qp->stats.dequeued_count++;
700 if (ret == MC_MAC_MISMATCH_ERR_CODE)
701 op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
703 op->status = RTE_CRYPTO_OP_STATUS_ERROR;
705 qp->stats.dequeue_err_count++;
710 nitrox_sym_dev_deq_burst(void *queue_pair, struct rte_crypto_op **ops,
713 struct nitrox_qp *qp = queue_pair;
714 uint16_t filled_slots = nitrox_qp_used_count(qp);
717 if (nb_ops > filled_slots)
718 nb_ops = filled_slots;
720 for (cnt = 0; cnt < nb_ops; cnt++)
721 if (nitrox_deq_single_op(qp, &ops[cnt]))
727 static struct rte_cryptodev_ops nitrox_cryptodev_ops = {
728 .dev_configure = nitrox_sym_dev_config,
729 .dev_start = nitrox_sym_dev_start,
730 .dev_stop = nitrox_sym_dev_stop,
731 .dev_close = nitrox_sym_dev_close,
732 .dev_infos_get = nitrox_sym_dev_info_get,
733 .stats_get = nitrox_sym_dev_stats_get,
734 .stats_reset = nitrox_sym_dev_stats_reset,
735 .queue_pair_setup = nitrox_sym_dev_qp_setup,
736 .queue_pair_release = nitrox_sym_dev_qp_release,
737 .sym_session_get_size = nitrox_sym_dev_sess_get_size,
738 .sym_session_configure = nitrox_sym_dev_sess_configure,
739 .sym_session_clear = nitrox_sym_dev_sess_clear
743 nitrox_sym_pmd_create(struct nitrox_device *ndev)
745 char name[RTE_CRYPTODEV_NAME_MAX_LEN];
746 struct rte_cryptodev_pmd_init_params init_params = {
748 .socket_id = ndev->pdev->device.numa_node,
749 .private_data_size = sizeof(struct nitrox_sym_device)
751 struct rte_cryptodev *cdev;
753 rte_pci_device_name(&ndev->pdev->addr, name, sizeof(name));
754 snprintf(name + strlen(name), RTE_CRYPTODEV_NAME_MAX_LEN - strlen(name),
756 ndev->rte_sym_dev.driver = &nitrox_rte_sym_drv;
757 ndev->rte_sym_dev.numa_node = ndev->pdev->device.numa_node;
758 ndev->rte_sym_dev.devargs = NULL;
759 cdev = rte_cryptodev_pmd_create(name, &ndev->rte_sym_dev,
762 NITROX_LOG(ERR, "Cryptodev '%s' creation failed\n", name);
766 ndev->rte_sym_dev.name = cdev->data->name;
767 cdev->driver_id = nitrox_sym_drv_id;
768 cdev->dev_ops = &nitrox_cryptodev_ops;
769 cdev->enqueue_burst = nitrox_sym_dev_enq_burst;
770 cdev->dequeue_burst = nitrox_sym_dev_deq_burst;
771 cdev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
772 RTE_CRYPTODEV_FF_HW_ACCELERATED |
773 RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
774 RTE_CRYPTODEV_FF_IN_PLACE_SGL |
775 RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
776 RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
777 RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
778 RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
780 ndev->sym_dev = cdev->data->dev_private;
781 ndev->sym_dev->cdev = cdev;
782 ndev->sym_dev->ndev = ndev;
783 NITROX_LOG(DEBUG, "Created cryptodev '%s', dev_id %d, drv_id %d\n",
784 cdev->data->name, cdev->data->dev_id, nitrox_sym_drv_id);
789 nitrox_sym_pmd_destroy(struct nitrox_device *ndev)
791 return rte_cryptodev_pmd_destroy(ndev->sym_dev->cdev);
794 static struct cryptodev_driver nitrox_crypto_drv;
795 RTE_PMD_REGISTER_CRYPTO_DRIVER(nitrox_crypto_drv,