1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright (C) 2019 Marvell International Ltd.
7 #include <rte_cryptodev_pmd.h>
9 #include <rte_ethdev.h>
11 #include "otx2_cryptodev.h"
12 #include "otx2_cryptodev_capabilities.h"
13 #include "otx2_cryptodev_hw_access.h"
14 #include "otx2_cryptodev_mbox.h"
15 #include "otx2_cryptodev_ops.h"
16 #include "otx2_ipsec_po_ops.h"
17 #include "otx2_mbox.h"
18 #include "otx2_sec_idev.h"
19 #include "otx2_security.h"
21 #include "cpt_hw_types.h"
22 #include "cpt_pmd_logs.h"
23 #include "cpt_pmd_ops_helper.h"
24 #include "cpt_ucode.h"
25 #include "cpt_ucode_asym.h"
27 #define METABUF_POOL_CACHE_SIZE 512
29 static uint64_t otx2_fpm_iova[CPT_EC_ID_PMAX];
31 /* Forward declarations */
34 otx2_cpt_queue_pair_release(struct rte_cryptodev *dev, uint16_t qp_id);
37 qp_memzone_name_get(char *name, int size, int dev_id, int qp_id)
39 snprintf(name, size, "otx2_cpt_lf_mem_%u:%u", dev_id, qp_id);
43 otx2_cpt_metabuf_mempool_create(const struct rte_cryptodev *dev,
44 struct otx2_cpt_qp *qp, uint8_t qp_id,
47 char mempool_name[RTE_MEMPOOL_NAMESIZE];
48 struct cpt_qp_meta_info *meta_info;
49 struct rte_mempool *pool;
55 if (dev->feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) {
57 /* Get meta len for scatter gather mode */
58 sg_mlen = cpt_pmd_ops_helper_get_mlen_sg_mode();
60 /* Extra 32B saved for future considerations */
61 sg_mlen += 4 * sizeof(uint64_t);
63 /* Get meta len for linear buffer (direct) mode */
64 lb_mlen = cpt_pmd_ops_helper_get_mlen_direct_mode();
66 /* Extra 32B saved for future considerations */
67 lb_mlen += 4 * sizeof(uint64_t);
70 if (dev->feature_flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO) {
72 /* Get meta len required for asymmetric operations */
73 asym_mlen = cpt_pmd_ops_helper_asym_get_mlen();
77 * Check max requirement for meta buffer to
78 * support crypto op of any type (sym/asym).
80 max_mlen = RTE_MAX(RTE_MAX(lb_mlen, sg_mlen), asym_mlen);
82 /* Allocate mempool */
84 snprintf(mempool_name, RTE_MEMPOOL_NAMESIZE, "otx2_cpt_mb_%u:%u",
85 dev->data->dev_id, qp_id);
87 pool = rte_mempool_create_empty(mempool_name, nb_elements, max_mlen,
88 METABUF_POOL_CACHE_SIZE, 0,
92 CPT_LOG_ERR("Could not create mempool for metabuf");
96 ret = rte_mempool_set_ops_byname(pool, RTE_MBUF_DEFAULT_MEMPOOL_OPS,
99 CPT_LOG_ERR("Could not set mempool ops");
103 ret = rte_mempool_populate_default(pool);
105 CPT_LOG_ERR("Could not populate metabuf pool");
109 meta_info = &qp->meta_info;
111 meta_info->pool = pool;
112 meta_info->lb_mlen = lb_mlen;
113 meta_info->sg_mlen = sg_mlen;
118 rte_mempool_free(pool);
123 otx2_cpt_metabuf_mempool_destroy(struct otx2_cpt_qp *qp)
125 struct cpt_qp_meta_info *meta_info = &qp->meta_info;
127 rte_mempool_free(meta_info->pool);
129 meta_info->pool = NULL;
130 meta_info->lb_mlen = 0;
131 meta_info->sg_mlen = 0;
135 otx2_cpt_qp_inline_cfg(const struct rte_cryptodev *dev, struct otx2_cpt_qp *qp)
137 static rte_atomic16_t port_offset = RTE_ATOMIC16_INIT(-1);
138 uint16_t port_id, nb_ethport = rte_eth_dev_count_avail();
141 for (i = 0; i < nb_ethport; i++) {
142 port_id = rte_atomic16_add_return(&port_offset, 1) % nb_ethport;
143 if (otx2_eth_dev_is_sec_capable(&rte_eth_devices[port_id]))
150 ret = otx2_cpt_qp_ethdev_bind(dev, qp, port_id);
154 /* Publish inline Tx QP to eth dev security */
155 ret = otx2_sec_idev_tx_cpt_qp_add(port_id, qp);
162 static struct otx2_cpt_qp *
163 otx2_cpt_qp_create(const struct rte_cryptodev *dev, uint16_t qp_id,
166 struct otx2_cpt_vf *vf = dev->data->dev_private;
167 uint64_t pg_sz = sysconf(_SC_PAGESIZE);
168 const struct rte_memzone *lf_mem;
169 uint32_t len, iq_len, size_div40;
170 char name[RTE_MEMZONE_NAMESIZE];
171 uint64_t used_len, iova;
172 struct otx2_cpt_qp *qp;
177 /* Allocate queue pair */
178 qp = rte_zmalloc_socket("OCTEON TX2 Crypto PMD Queue Pair", sizeof(*qp),
181 CPT_LOG_ERR("Could not allocate queue pair");
185 iq_len = OTX2_CPT_IQ_LEN;
188 * Queue size must be a multiple of 40 and effective queue size to
189 * software is (size_div40 - 1) * 40
191 size_div40 = (iq_len + 40 - 1) / 40 + 1;
193 /* For pending queue */
194 len = iq_len * RTE_ALIGN(sizeof(struct rid), 8);
196 /* Space for instruction group memory */
197 len += size_div40 * 16;
199 /* So that instruction queues start as pg size aligned */
200 len = RTE_ALIGN(len, pg_sz);
202 /* For instruction queues */
203 len += OTX2_CPT_IQ_LEN * sizeof(union cpt_inst_s);
205 /* Wastage after instruction queues */
206 len = RTE_ALIGN(len, pg_sz);
208 qp_memzone_name_get(name, RTE_MEMZONE_NAMESIZE, dev->data->dev_id,
211 lf_mem = rte_memzone_reserve_aligned(name, len, vf->otx2_dev.node,
212 RTE_MEMZONE_SIZE_HINT_ONLY | RTE_MEMZONE_256MB,
213 RTE_CACHE_LINE_SIZE);
214 if (lf_mem == NULL) {
215 CPT_LOG_ERR("Could not allocate reserved memzone");
224 ret = otx2_cpt_metabuf_mempool_create(dev, qp, qp_id, iq_len);
226 CPT_LOG_ERR("Could not create mempool for metabuf");
230 /* Initialize pending queue */
231 qp->pend_q.rid_queue = (struct rid *)va;
232 qp->pend_q.enq_tail = 0;
233 qp->pend_q.deq_head = 0;
234 qp->pend_q.pending_count = 0;
236 used_len = iq_len * RTE_ALIGN(sizeof(struct rid), 8);
237 used_len += size_div40 * 16;
238 used_len = RTE_ALIGN(used_len, pg_sz);
241 qp->iq_dma_addr = iova;
243 qp->base = OTX2_CPT_LF_BAR2(vf, qp_id);
245 lmtline = vf->otx2_dev.bar2 +
246 (RVU_BLOCK_ADDR_LMT << 20 | qp_id << 12) +
247 OTX2_LMT_LF_LMTLINE(0);
249 qp->lmtline = (void *)lmtline;
251 qp->lf_nq_reg = qp->base + OTX2_CPT_LF_NQ(0);
253 ret = otx2_sec_idev_tx_cpt_qp_remove(qp);
254 if (ret && (ret != -ENOENT)) {
255 CPT_LOG_ERR("Could not delete inline configuration");
256 goto mempool_destroy;
259 otx2_cpt_iq_disable(qp);
261 ret = otx2_cpt_qp_inline_cfg(dev, qp);
263 CPT_LOG_ERR("Could not configure queue for inline IPsec");
264 goto mempool_destroy;
267 ret = otx2_cpt_iq_enable(dev, qp, group, OTX2_CPT_QUEUE_HI_PRIO,
270 CPT_LOG_ERR("Could not enable instruction queue");
271 goto mempool_destroy;
277 otx2_cpt_metabuf_mempool_destroy(qp);
279 rte_memzone_free(lf_mem);
286 otx2_cpt_qp_destroy(const struct rte_cryptodev *dev, struct otx2_cpt_qp *qp)
288 const struct rte_memzone *lf_mem;
289 char name[RTE_MEMZONE_NAMESIZE];
292 ret = otx2_sec_idev_tx_cpt_qp_remove(qp);
293 if (ret && (ret != -ENOENT)) {
294 CPT_LOG_ERR("Could not delete inline configuration");
298 otx2_cpt_iq_disable(qp);
300 otx2_cpt_metabuf_mempool_destroy(qp);
302 qp_memzone_name_get(name, RTE_MEMZONE_NAMESIZE, dev->data->dev_id,
305 lf_mem = rte_memzone_lookup(name);
307 ret = rte_memzone_free(lf_mem);
317 sym_xform_verify(struct rte_crypto_sym_xform *xform)
320 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
321 xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
322 xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
325 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
326 xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
327 xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
330 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
331 xform->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC &&
332 xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
333 xform->next->auth.algo == RTE_CRYPTO_AUTH_SHA1)
336 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
337 xform->auth.algo == RTE_CRYPTO_AUTH_SHA1 &&
338 xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
339 xform->next->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC)
343 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
344 xform->auth.algo == RTE_CRYPTO_AUTH_NULL &&
345 xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
352 sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
353 struct rte_cryptodev_sym_session *sess,
354 struct rte_mempool *pool)
356 struct rte_crypto_sym_xform *temp_xform = xform;
357 struct cpt_sess_misc *misc;
361 ret = sym_xform_verify(xform);
365 if (unlikely(rte_mempool_get(pool, &priv))) {
366 CPT_LOG_ERR("Could not allocate session private data");
370 memset(priv, 0, sizeof(struct cpt_sess_misc) +
371 offsetof(struct cpt_ctx, fctx));
375 for ( ; xform != NULL; xform = xform->next) {
376 switch (xform->type) {
377 case RTE_CRYPTO_SYM_XFORM_AEAD:
378 ret = fill_sess_aead(xform, misc);
380 case RTE_CRYPTO_SYM_XFORM_CIPHER:
381 ret = fill_sess_cipher(xform, misc);
383 case RTE_CRYPTO_SYM_XFORM_AUTH:
384 if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)
385 ret = fill_sess_gmac(xform, misc);
387 ret = fill_sess_auth(xform, misc);
397 if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
398 cpt_mac_len_verify(&temp_xform->auth)) {
399 CPT_LOG_ERR("MAC length is not supported");
404 set_sym_session_private_data(sess, driver_id, misc);
406 misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
407 sizeof(struct cpt_sess_misc);
410 * IE engines support IPsec operations
411 * SE engines support IPsec operations, Chacha-Poly and
412 * Air-Crypto operations
414 if (misc->zsk_flag || misc->chacha_poly)
415 misc->egrp = OTX2_CPT_EGRP_SE;
417 misc->egrp = OTX2_CPT_EGRP_SE_IE;
422 rte_mempool_put(pool, priv);
428 sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
430 void *priv = get_sym_session_private_data(sess, driver_id);
431 struct rte_mempool *pool;
436 memset(priv, 0, cpt_get_session_size());
438 pool = rte_mempool_from_obj(priv);
440 set_sym_session_private_data(sess, driver_id, NULL);
442 rte_mempool_put(pool, priv);
445 static __rte_always_inline int32_t __rte_hot
446 otx2_cpt_enqueue_req(const struct otx2_cpt_qp *qp,
447 struct pending_queue *pend_q,
448 struct cpt_request_info *req)
450 void *lmtline = qp->lmtline;
451 union cpt_inst_s inst;
454 if (unlikely(pend_q->pending_count >= OTX2_CPT_DEFAULT_CMD_QLEN))
458 inst.s9x.res_addr = req->comp_baddr;
462 inst.s9x.ei0 = req->ist.ei0;
463 inst.s9x.ei1 = req->ist.ei1;
464 inst.s9x.ei2 = req->ist.ei2;
465 inst.s9x.ei3 = req->ist.ei3;
467 req->time_out = rte_get_timer_cycles() +
468 DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
471 /* Copy CPT command to LMTLINE */
472 memcpy(lmtline, &inst, sizeof(inst));
475 * Make sure compiler does not reorder memcpy and ldeor.
476 * LMTST transactions are always flushed from the write
477 * buffer immediately, a DMB is not required to push out
481 lmt_status = otx2_lmt_submit(qp->lf_nq_reg);
482 } while (lmt_status == 0);
484 pend_q->rid_queue[pend_q->enq_tail].rid = (uintptr_t)req;
486 /* We will use soft queue length here to limit requests */
487 MOD_INC(pend_q->enq_tail, OTX2_CPT_DEFAULT_CMD_QLEN);
488 pend_q->pending_count += 1;
493 static __rte_always_inline int32_t __rte_hot
494 otx2_cpt_enqueue_asym(struct otx2_cpt_qp *qp,
495 struct rte_crypto_op *op,
496 struct pending_queue *pend_q)
498 struct cpt_qp_meta_info *minfo = &qp->meta_info;
499 struct rte_crypto_asym_op *asym_op = op->asym;
500 struct asym_op_params params = {0};
501 struct cpt_asym_sess_misc *sess;
507 if (unlikely(rte_mempool_get(minfo->pool, &mdata) < 0)) {
508 CPT_LOG_ERR("Could not allocate meta buffer for request");
512 sess = get_asym_session_private_data(asym_op->session,
513 otx2_cryptodev_driver_id);
515 /* Store IO address of the mdata to meta_buf */
516 params.meta_buf = rte_mempool_virt2iova(mdata);
519 cop[0] = (uintptr_t)mdata;
520 cop[1] = (uintptr_t)op;
521 cop[2] = cop[3] = 0ULL;
523 params.req = RTE_PTR_ADD(cop, 4 * sizeof(uintptr_t));
524 params.req->op = cop;
526 /* Adjust meta_buf to point to end of cpt_request_info structure */
527 params.meta_buf += (4 * sizeof(uintptr_t)) +
528 sizeof(struct cpt_request_info);
529 switch (sess->xfrm_type) {
530 case RTE_CRYPTO_ASYM_XFORM_MODEX:
531 ret = cpt_modex_prep(¶ms, &sess->mod_ctx);
535 case RTE_CRYPTO_ASYM_XFORM_RSA:
536 ret = cpt_enqueue_rsa_op(op, ¶ms, sess);
540 case RTE_CRYPTO_ASYM_XFORM_ECDSA:
541 ret = cpt_enqueue_ecdsa_op(op, ¶ms, sess, otx2_fpm_iova);
545 case RTE_CRYPTO_ASYM_XFORM_ECPM:
546 ret = cpt_ecpm_prep(&asym_op->ecpm, ¶ms,
547 sess->ec_ctx.curveid);
552 op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
557 /* Set engine group of AE */
558 w3 = (vq_cmd_word3_t *)¶ms.req->ist.ei3;
559 w3->s.grp = OTX2_CPT_EGRP_AE;
561 ret = otx2_cpt_enqueue_req(qp, pend_q, params.req);
564 CPT_LOG_DP_ERR("Could not enqueue crypto req");
571 free_op_meta(mdata, minfo->pool);
576 static __rte_always_inline int __rte_hot
577 otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
578 struct pending_queue *pend_q)
580 struct rte_crypto_sym_op *sym_op = op->sym;
581 struct cpt_request_info *req;
582 struct cpt_sess_misc *sess;
588 sess = get_sym_session_private_data(sym_op->session,
589 otx2_cryptodev_driver_id);
591 cpt_op = sess->cpt_op;
593 if (cpt_op & CPT_OP_CIPHER_MASK)
594 ret = fill_fc_params(op, sess, &qp->meta_info, &mdata,
597 ret = fill_digest_params(op, sess, &qp->meta_info, &mdata,
601 CPT_LOG_DP_ERR("Crypto req : op %p, cpt_op 0x%x ret 0x%x",
602 op, (unsigned int)cpt_op, ret);
606 w3 = ((vq_cmd_word3_t *)(&req->ist.ei3));
607 w3->s.grp = sess->egrp;
609 ret = otx2_cpt_enqueue_req(qp, pend_q, req);
612 /* Free buffer allocated by fill params routines */
613 free_op_meta(mdata, qp->meta_info.pool);
619 static __rte_always_inline int __rte_hot
620 otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
621 struct pending_queue *pend_q)
623 struct otx2_sec_session_ipsec_lp *sess;
624 struct otx2_ipsec_po_sa_ctl *ctl_wrd;
625 struct otx2_sec_session *priv;
626 struct cpt_request_info *req;
629 priv = get_sec_session_private_data(op->sym->sec_session);
630 sess = &priv->ipsec.lp;
632 ctl_wrd = &sess->in_sa.ctl;
634 if (ctl_wrd->direction == OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND)
635 ret = process_outb_sa(op, sess, &qp->meta_info, (void **)&req);
637 ret = process_inb_sa(op, sess, &qp->meta_info, (void **)&req);
640 otx2_err("Crypto req : op %p, ret 0x%x", op, ret);
644 ret = otx2_cpt_enqueue_req(qp, pend_q, req);
649 static __rte_always_inline int __rte_hot
650 otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
651 struct pending_queue *pend_q)
653 const int driver_id = otx2_cryptodev_driver_id;
654 struct rte_crypto_sym_op *sym_op = op->sym;
655 struct rte_cryptodev_sym_session *sess;
658 /* Create temporary session */
659 sess = rte_cryptodev_sym_session_create(qp->sess_mp);
663 ret = sym_session_configure(driver_id, sym_op->xform, sess,
668 sym_op->session = sess;
670 ret = otx2_cpt_enqueue_sym(qp, op, pend_q);
678 sym_session_clear(driver_id, sess);
680 rte_mempool_put(qp->sess_mp, sess);
685 otx2_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
687 uint16_t nb_allowed, count = 0;
688 struct otx2_cpt_qp *qp = qptr;
689 struct pending_queue *pend_q;
690 struct rte_crypto_op *op;
693 pend_q = &qp->pend_q;
695 nb_allowed = OTX2_CPT_DEFAULT_CMD_QLEN - pend_q->pending_count;
696 if (nb_ops > nb_allowed)
699 for (count = 0; count < nb_ops; count++) {
701 if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
702 if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
703 ret = otx2_cpt_enqueue_sec(qp, op, pend_q);
704 else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
705 ret = otx2_cpt_enqueue_sym(qp, op, pend_q);
707 ret = otx2_cpt_enqueue_sym_sessless(qp, op,
709 } else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
710 if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
711 ret = otx2_cpt_enqueue_asym(qp, op, pend_q);
724 static __rte_always_inline void
725 otx2_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req,
726 struct rte_crypto_rsa_xform *rsa_ctx)
728 struct rte_crypto_rsa_op_param *rsa = &cop->asym->rsa;
730 switch (rsa->op_type) {
731 case RTE_CRYPTO_ASYM_OP_ENCRYPT:
732 rsa->cipher.length = rsa_ctx->n.length;
733 memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length);
735 case RTE_CRYPTO_ASYM_OP_DECRYPT:
736 if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) {
737 rsa->message.length = rsa_ctx->n.length;
738 memcpy(rsa->message.data, req->rptr,
739 rsa->message.length);
741 /* Get length of decrypted output */
742 rsa->message.length = rte_cpu_to_be_16
743 (*((uint16_t *)req->rptr));
745 * Offset output data pointer by length field
746 * (2 bytes) and copy decrypted data.
748 memcpy(rsa->message.data, req->rptr + 2,
749 rsa->message.length);
752 case RTE_CRYPTO_ASYM_OP_SIGN:
753 rsa->sign.length = rsa_ctx->n.length;
754 memcpy(rsa->sign.data, req->rptr, rsa->sign.length);
756 case RTE_CRYPTO_ASYM_OP_VERIFY:
757 if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) {
758 rsa->sign.length = rsa_ctx->n.length;
759 memcpy(rsa->sign.data, req->rptr, rsa->sign.length);
761 /* Get length of signed output */
762 rsa->sign.length = rte_cpu_to_be_16
763 (*((uint16_t *)req->rptr));
765 * Offset output data pointer by length field
766 * (2 bytes) and copy signed data.
768 memcpy(rsa->sign.data, req->rptr + 2,
771 if (memcmp(rsa->sign.data, rsa->message.data,
772 rsa->message.length)) {
773 CPT_LOG_DP_ERR("RSA verification failed");
774 cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
778 CPT_LOG_DP_DEBUG("Invalid RSA operation type");
779 cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
784 static __rte_always_inline void
785 otx2_cpt_asym_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa,
786 struct cpt_request_info *req,
787 struct cpt_asym_ec_ctx *ec)
789 int prime_len = ec_grp[ec->curveid].prime.length;
791 if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
794 /* Separate out sign r and s components */
795 memcpy(ecdsa->r.data, req->rptr, prime_len);
796 memcpy(ecdsa->s.data, req->rptr + ROUNDUP8(prime_len), prime_len);
797 ecdsa->r.length = prime_len;
798 ecdsa->s.length = prime_len;
801 static __rte_always_inline void
802 otx2_cpt_asym_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm,
803 struct cpt_request_info *req,
804 struct cpt_asym_ec_ctx *ec)
806 int prime_len = ec_grp[ec->curveid].prime.length;
808 memcpy(ecpm->r.x.data, req->rptr, prime_len);
809 memcpy(ecpm->r.y.data, req->rptr + ROUNDUP8(prime_len), prime_len);
810 ecpm->r.x.length = prime_len;
811 ecpm->r.y.length = prime_len;
815 otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
816 struct cpt_request_info *req)
818 struct rte_crypto_asym_op *op = cop->asym;
819 struct cpt_asym_sess_misc *sess;
821 sess = get_asym_session_private_data(op->session,
822 otx2_cryptodev_driver_id);
824 switch (sess->xfrm_type) {
825 case RTE_CRYPTO_ASYM_XFORM_RSA:
826 otx2_cpt_asym_rsa_op(cop, req, &sess->rsa_ctx);
828 case RTE_CRYPTO_ASYM_XFORM_MODEX:
829 op->modex.result.length = sess->mod_ctx.modulus.length;
830 memcpy(op->modex.result.data, req->rptr,
831 op->modex.result.length);
833 case RTE_CRYPTO_ASYM_XFORM_ECDSA:
834 otx2_cpt_asym_dequeue_ecdsa_op(&op->ecdsa, req, &sess->ec_ctx);
836 case RTE_CRYPTO_ASYM_XFORM_ECPM:
837 otx2_cpt_asym_dequeue_ecpm_op(&op->ecpm, req, &sess->ec_ctx);
840 CPT_LOG_DP_DEBUG("Invalid crypto xform type");
841 cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
847 otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
849 struct cpt_request_info *req = (struct cpt_request_info *)rsp[2];
850 vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
851 struct rte_crypto_sym_op *sym_op = cop->sym;
852 struct rte_mbuf *m = sym_op->m_src;
853 struct rte_ipv6_hdr *ip6;
854 struct rte_ipv4_hdr *ip;
859 mdata_len = (int)rsp[3];
860 rte_pktmbuf_trim(m, mdata_len);
862 if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
863 data = rte_pktmbuf_mtod(m, char *);
865 if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
866 ip = (struct rte_ipv4_hdr *)(data +
867 OTX2_IPSEC_PO_INB_RPTR_HDR);
868 m_len = rte_be_to_cpu_16(ip->total_length);
870 ip6 = (struct rte_ipv6_hdr *)(data +
871 OTX2_IPSEC_PO_INB_RPTR_HDR);
872 m_len = rte_be_to_cpu_16(ip6->payload_len) +
873 sizeof(struct rte_ipv6_hdr);
878 m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR;
883 otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
884 uintptr_t *rsp, uint8_t cc)
888 if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
889 if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
890 if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) {
891 otx2_cpt_sec_post_process(cop, rsp);
892 cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
894 cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
899 if (likely(cc == NO_ERR)) {
900 /* Verify authentication data if required */
901 if (unlikely(rsp[2]))
902 compl_auth_verify(cop, (uint8_t *)rsp[2],
905 cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
907 if (cc == ERR_GC_ICV_MISCOMPARE)
908 cop->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
910 cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
913 if (unlikely(cop->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
914 sym_session_clear(otx2_cryptodev_driver_id,
916 sz = rte_cryptodev_sym_get_existing_header_session_size(
918 memset(cop->sym->session, 0, sz);
919 rte_mempool_put(qp->sess_mp, cop->sym->session);
920 cop->sym->session = NULL;
924 if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
925 if (likely(cc == NO_ERR)) {
926 cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
928 * Pass cpt_req_info stored in metabuf during
931 rsp = RTE_PTR_ADD(rsp, 4 * sizeof(uintptr_t));
932 otx2_cpt_asym_post_process(cop,
933 (struct cpt_request_info *)rsp);
935 cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
939 static __rte_always_inline uint8_t
940 otx2_cpt_compcode_get(struct cpt_request_info *req)
942 volatile struct cpt_res_s_9s *res;
945 res = (volatile struct cpt_res_s_9s *)req->completion_addr;
947 if (unlikely(res->compcode == CPT_9X_COMP_E_NOTDONE)) {
948 if (rte_get_timer_cycles() < req->time_out)
949 return ERR_REQ_PENDING;
951 CPT_LOG_DP_ERR("Request timed out");
952 return ERR_REQ_TIMEOUT;
955 if (likely(res->compcode == CPT_9X_COMP_E_GOOD)) {
957 if (unlikely(res->uc_compcode)) {
958 ret = res->uc_compcode;
959 CPT_LOG_DP_DEBUG("Request failed with microcode error");
960 CPT_LOG_DP_DEBUG("MC completion code 0x%x",
964 CPT_LOG_DP_DEBUG("HW completion code 0x%x", res->compcode);
967 switch (res->compcode) {
968 case CPT_9X_COMP_E_INSTERR:
969 CPT_LOG_DP_ERR("Request failed with instruction error");
971 case CPT_9X_COMP_E_FAULT:
972 CPT_LOG_DP_ERR("Request failed with DMA fault");
974 case CPT_9X_COMP_E_HWERR:
975 CPT_LOG_DP_ERR("Request failed with hardware error");
978 CPT_LOG_DP_ERR("Request failed with unknown completion code");
986 otx2_cpt_dequeue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
988 int i, nb_pending, nb_completed;
989 struct otx2_cpt_qp *qp = qptr;
990 struct pending_queue *pend_q;
991 struct cpt_request_info *req;
992 struct rte_crypto_op *cop;
998 pend_q = &qp->pend_q;
1000 nb_pending = pend_q->pending_count;
1002 if (nb_ops > nb_pending)
1003 nb_ops = nb_pending;
1005 for (i = 0; i < nb_ops; i++) {
1006 rid = &pend_q->rid_queue[pend_q->deq_head];
1007 req = (struct cpt_request_info *)(rid->rid);
1009 cc[i] = otx2_cpt_compcode_get(req);
1011 if (unlikely(cc[i] == ERR_REQ_PENDING))
1016 MOD_INC(pend_q->deq_head, OTX2_CPT_DEFAULT_CMD_QLEN);
1017 pend_q->pending_count -= 1;
1022 for (i = 0; i < nb_completed; i++) {
1023 rsp = (void *)ops[i];
1025 metabuf = (void *)rsp[0];
1026 cop = (void *)rsp[1];
1030 otx2_cpt_dequeue_post_process(qp, cop, rsp, cc[i]);
1032 free_op_meta(metabuf, qp->meta_info.pool);
1035 return nb_completed;
1041 otx2_cpt_dev_config(struct rte_cryptodev *dev,
1042 struct rte_cryptodev_config *conf)
1044 struct otx2_cpt_vf *vf = dev->data->dev_private;
1047 if (conf->nb_queue_pairs > vf->max_queues) {
1048 CPT_LOG_ERR("Invalid number of queue pairs requested");
1052 dev->feature_flags &= ~conf->ff_disable;
1054 if (dev->feature_flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO) {
1055 /* Initialize shared FPM table */
1056 ret = cpt_fpm_init(otx2_fpm_iova);
1061 /* Unregister error interrupts */
1062 if (vf->err_intr_registered)
1063 otx2_cpt_err_intr_unregister(dev);
1066 if (vf->nb_queues) {
1067 ret = otx2_cpt_queues_detach(dev);
1069 CPT_LOG_ERR("Could not detach CPT queues");
1075 ret = otx2_cpt_queues_attach(dev, conf->nb_queue_pairs);
1077 CPT_LOG_ERR("Could not attach CPT queues");
1081 ret = otx2_cpt_msix_offsets_get(dev);
1083 CPT_LOG_ERR("Could not get MSI-X offsets");
1087 /* Register error interrupts */
1088 ret = otx2_cpt_err_intr_register(dev);
1090 CPT_LOG_ERR("Could not register error interrupts");
1094 ret = otx2_cpt_inline_init(dev);
1096 CPT_LOG_ERR("Could not enable inline IPsec");
1097 goto intr_unregister;
1100 dev->enqueue_burst = otx2_cpt_enqueue_burst;
1101 dev->dequeue_burst = otx2_cpt_dequeue_burst;
1107 otx2_cpt_err_intr_unregister(dev);
1109 otx2_cpt_queues_detach(dev);
1114 otx2_cpt_dev_start(struct rte_cryptodev *dev)
1118 CPT_PMD_INIT_FUNC_TRACE();
1124 otx2_cpt_dev_stop(struct rte_cryptodev *dev)
1126 CPT_PMD_INIT_FUNC_TRACE();
1128 if (dev->feature_flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO)
1133 otx2_cpt_dev_close(struct rte_cryptodev *dev)
1135 struct otx2_cpt_vf *vf = dev->data->dev_private;
1138 for (i = 0; i < dev->data->nb_queue_pairs; i++) {
1139 ret = otx2_cpt_queue_pair_release(dev, i);
1144 /* Unregister error interrupts */
1145 if (vf->err_intr_registered)
1146 otx2_cpt_err_intr_unregister(dev);
1149 if (vf->nb_queues) {
1150 ret = otx2_cpt_queues_detach(dev);
1152 CPT_LOG_ERR("Could not detach CPT queues");
1159 otx2_cpt_dev_info_get(struct rte_cryptodev *dev,
1160 struct rte_cryptodev_info *info)
1162 struct otx2_cpt_vf *vf = dev->data->dev_private;
1165 info->max_nb_queue_pairs = vf->max_queues;
1166 info->feature_flags = dev->feature_flags;
1167 info->capabilities = otx2_cpt_capabilities_get();
1168 info->sym.max_nb_sessions = 0;
1169 info->driver_id = otx2_cryptodev_driver_id;
1170 info->min_mbuf_headroom_req = OTX2_CPT_MIN_HEADROOM_REQ;
1171 info->min_mbuf_tailroom_req = OTX2_CPT_MIN_TAILROOM_REQ;
1176 otx2_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
1177 const struct rte_cryptodev_qp_conf *conf,
1178 int socket_id __rte_unused)
1180 uint8_t grp_mask = OTX2_CPT_ENG_GRPS_MASK;
1181 struct rte_pci_device *pci_dev;
1182 struct otx2_cpt_qp *qp;
1184 CPT_PMD_INIT_FUNC_TRACE();
1186 if (dev->data->queue_pairs[qp_id] != NULL)
1187 otx2_cpt_queue_pair_release(dev, qp_id);
1189 if (conf->nb_descriptors > OTX2_CPT_DEFAULT_CMD_QLEN) {
1190 CPT_LOG_ERR("Could not setup queue pair for %u descriptors",
1191 conf->nb_descriptors);
1195 pci_dev = RTE_DEV_TO_PCI(dev->device);
1197 if (pci_dev->mem_resource[2].addr == NULL) {
1198 CPT_LOG_ERR("Invalid PCI mem address");
1202 qp = otx2_cpt_qp_create(dev, qp_id, grp_mask);
1204 CPT_LOG_ERR("Could not create queue pair %d", qp_id);
1208 qp->sess_mp = conf->mp_session;
1209 qp->sess_mp_priv = conf->mp_session_private;
1210 dev->data->queue_pairs[qp_id] = qp;
1216 otx2_cpt_queue_pair_release(struct rte_cryptodev *dev, uint16_t qp_id)
1218 struct otx2_cpt_qp *qp = dev->data->queue_pairs[qp_id];
1221 CPT_PMD_INIT_FUNC_TRACE();
1226 CPT_LOG_INFO("Releasing queue pair %d", qp_id);
1228 ret = otx2_cpt_qp_destroy(dev, qp);
1230 CPT_LOG_ERR("Could not destroy queue pair %d", qp_id);
1234 dev->data->queue_pairs[qp_id] = NULL;
1240 otx2_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
1242 return cpt_get_session_size();
1246 otx2_cpt_sym_session_configure(struct rte_cryptodev *dev,
1247 struct rte_crypto_sym_xform *xform,
1248 struct rte_cryptodev_sym_session *sess,
1249 struct rte_mempool *pool)
1251 CPT_PMD_INIT_FUNC_TRACE();
1253 return sym_session_configure(dev->driver_id, xform, sess, pool);
1257 otx2_cpt_sym_session_clear(struct rte_cryptodev *dev,
1258 struct rte_cryptodev_sym_session *sess)
1260 CPT_PMD_INIT_FUNC_TRACE();
1262 return sym_session_clear(dev->driver_id, sess);
1266 otx2_cpt_asym_session_size_get(struct rte_cryptodev *dev __rte_unused)
1268 return sizeof(struct cpt_asym_sess_misc);
1272 otx2_cpt_asym_session_cfg(struct rte_cryptodev *dev,
1273 struct rte_crypto_asym_xform *xform,
1274 struct rte_cryptodev_asym_session *sess,
1275 struct rte_mempool *pool)
1277 struct cpt_asym_sess_misc *priv;
1280 CPT_PMD_INIT_FUNC_TRACE();
1282 if (rte_mempool_get(pool, (void **)&priv)) {
1283 CPT_LOG_ERR("Could not allocate session_private_data");
1287 memset(priv, 0, sizeof(struct cpt_asym_sess_misc));
1289 ret = cpt_fill_asym_session_parameters(priv, xform);
1291 CPT_LOG_ERR("Could not configure session parameters");
1293 /* Return session to mempool */
1294 rte_mempool_put(pool, priv);
1298 set_asym_session_private_data(sess, dev->driver_id, priv);
1303 otx2_cpt_asym_session_clear(struct rte_cryptodev *dev,
1304 struct rte_cryptodev_asym_session *sess)
1306 struct cpt_asym_sess_misc *priv;
1307 struct rte_mempool *sess_mp;
1309 CPT_PMD_INIT_FUNC_TRACE();
1311 priv = get_asym_session_private_data(sess, dev->driver_id);
1315 /* Free resources allocated in session_cfg */
1316 cpt_free_asym_session_parameters(priv);
1318 /* Reset and free object back to pool */
1319 memset(priv, 0, otx2_cpt_asym_session_size_get(dev));
1320 sess_mp = rte_mempool_from_obj(priv);
1321 set_asym_session_private_data(sess, dev->driver_id, NULL);
1322 rte_mempool_put(sess_mp, priv);
1325 struct rte_cryptodev_ops otx2_cpt_ops = {
1326 /* Device control ops */
1327 .dev_configure = otx2_cpt_dev_config,
1328 .dev_start = otx2_cpt_dev_start,
1329 .dev_stop = otx2_cpt_dev_stop,
1330 .dev_close = otx2_cpt_dev_close,
1331 .dev_infos_get = otx2_cpt_dev_info_get,
1334 .stats_reset = NULL,
1335 .queue_pair_setup = otx2_cpt_queue_pair_setup,
1336 .queue_pair_release = otx2_cpt_queue_pair_release,
1338 /* Symmetric crypto ops */
1339 .sym_session_get_size = otx2_cpt_sym_session_get_size,
1340 .sym_session_configure = otx2_cpt_sym_session_configure,
1341 .sym_session_clear = otx2_cpt_sym_session_clear,
1343 /* Asymmetric crypto ops */
1344 .asym_session_get_size = otx2_cpt_asym_session_size_get,
1345 .asym_session_configure = otx2_cpt_asym_session_cfg,
1346 .asym_session_clear = otx2_cpt_asym_session_clear,