1 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
2 * Copyright(c) 2015-2019 Intel Corporation
5 #include <openssl/sha.h> /* Needed to calculate pre-compute values */
6 #include <openssl/aes.h> /* Needed to calculate pre-compute values */
7 #include <openssl/md5.h> /* Needed to calculate pre-compute values */
8 #include <openssl/evp.h> /* Needed for bpi runt block processing */
10 #include <rte_memcpy.h>
11 #include <rte_common.h>
12 #include <rte_spinlock.h>
13 #include <rte_byteorder.h>
15 #include <rte_malloc.h>
16 #include <rte_crypto_sym.h>
17 #ifdef RTE_LIB_SECURITY
18 #include <rte_security.h>
22 #include "qat_sym_session.h"
23 #include "qat_sym_pmd.h"
25 /* SHA1 - 20 bytes - Initialiser state can be found in FIPS stds 180-2 */
26 static const uint8_t sha1InitialState[] = {
27 0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba,
28 0xdc, 0xfe, 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0};
30 /* SHA 224 - 32 bytes - Initialiser state can be found in FIPS stds 180-2 */
31 static const uint8_t sha224InitialState[] = {
32 0xc1, 0x05, 0x9e, 0xd8, 0x36, 0x7c, 0xd5, 0x07, 0x30, 0x70, 0xdd,
33 0x17, 0xf7, 0x0e, 0x59, 0x39, 0xff, 0xc0, 0x0b, 0x31, 0x68, 0x58,
34 0x15, 0x11, 0x64, 0xf9, 0x8f, 0xa7, 0xbe, 0xfa, 0x4f, 0xa4};
36 /* SHA 256 - 32 bytes - Initialiser state can be found in FIPS stds 180-2 */
37 static const uint8_t sha256InitialState[] = {
38 0x6a, 0x09, 0xe6, 0x67, 0xbb, 0x67, 0xae, 0x85, 0x3c, 0x6e, 0xf3,
39 0x72, 0xa5, 0x4f, 0xf5, 0x3a, 0x51, 0x0e, 0x52, 0x7f, 0x9b, 0x05,
40 0x68, 0x8c, 0x1f, 0x83, 0xd9, 0xab, 0x5b, 0xe0, 0xcd, 0x19};
42 /* SHA 384 - 64 bytes - Initialiser state can be found in FIPS stds 180-2 */
43 static const uint8_t sha384InitialState[] = {
44 0xcb, 0xbb, 0x9d, 0x5d, 0xc1, 0x05, 0x9e, 0xd8, 0x62, 0x9a, 0x29,
45 0x2a, 0x36, 0x7c, 0xd5, 0x07, 0x91, 0x59, 0x01, 0x5a, 0x30, 0x70,
46 0xdd, 0x17, 0x15, 0x2f, 0xec, 0xd8, 0xf7, 0x0e, 0x59, 0x39, 0x67,
47 0x33, 0x26, 0x67, 0xff, 0xc0, 0x0b, 0x31, 0x8e, 0xb4, 0x4a, 0x87,
48 0x68, 0x58, 0x15, 0x11, 0xdb, 0x0c, 0x2e, 0x0d, 0x64, 0xf9, 0x8f,
49 0xa7, 0x47, 0xb5, 0x48, 0x1d, 0xbe, 0xfa, 0x4f, 0xa4};
51 /* SHA 512 - 64 bytes - Initialiser state can be found in FIPS stds 180-2 */
52 static const uint8_t sha512InitialState[] = {
53 0x6a, 0x09, 0xe6, 0x67, 0xf3, 0xbc, 0xc9, 0x08, 0xbb, 0x67, 0xae,
54 0x85, 0x84, 0xca, 0xa7, 0x3b, 0x3c, 0x6e, 0xf3, 0x72, 0xfe, 0x94,
55 0xf8, 0x2b, 0xa5, 0x4f, 0xf5, 0x3a, 0x5f, 0x1d, 0x36, 0xf1, 0x51,
56 0x0e, 0x52, 0x7f, 0xad, 0xe6, 0x82, 0xd1, 0x9b, 0x05, 0x68, 0x8c,
57 0x2b, 0x3e, 0x6c, 0x1f, 0x1f, 0x83, 0xd9, 0xab, 0xfb, 0x41, 0xbd,
58 0x6b, 0x5b, 0xe0, 0xcd, 0x19, 0x13, 0x7e, 0x21, 0x79};
61 qat_sym_cd_cipher_set(struct qat_sym_session *cd,
62 const uint8_t *enckey,
66 qat_sym_cd_auth_set(struct qat_sym_session *cdesc,
67 const uint8_t *authkey,
71 unsigned int operation);
73 /** Frees a context previously created
74 * Depends on openssl libcrypto
77 bpi_cipher_ctx_free(void *bpi_ctx)
80 EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)bpi_ctx);
83 /** Creates a context in either AES or DES in ECB mode
84 * Depends on openssl libcrypto
87 bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,
88 enum rte_crypto_cipher_operation direction __rte_unused,
89 const uint8_t *key, uint16_t key_length, void **ctx)
91 const EVP_CIPHER *algo = NULL;
93 *ctx = EVP_CIPHER_CTX_new();
100 if (cryptodev_algo == RTE_CRYPTO_CIPHER_DES_DOCSISBPI)
101 algo = EVP_des_ecb();
103 if (key_length == ICP_QAT_HW_AES_128_KEY_SZ)
104 algo = EVP_aes_128_ecb();
106 algo = EVP_aes_256_ecb();
108 /* IV will be ECB encrypted whether direction is encrypt or decrypt*/
109 if (EVP_EncryptInit_ex(*ctx, algo, NULL, key, 0) != 1) {
118 EVP_CIPHER_CTX_free(*ctx);
123 qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo,
124 struct qat_sym_dev_private *internals)
127 const struct rte_cryptodev_capabilities *capability;
129 while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
130 RTE_CRYPTO_OP_TYPE_UNDEFINED) {
131 if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
134 if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
137 if (capability->sym.cipher.algo == algo)
144 qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
145 struct qat_sym_dev_private *internals)
148 const struct rte_cryptodev_capabilities *capability;
150 while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
151 RTE_CRYPTO_OP_TYPE_UNDEFINED) {
152 if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
155 if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
158 if (capability->sym.auth.algo == algo)
165 qat_sym_session_clear(struct rte_cryptodev *dev,
166 struct rte_cryptodev_sym_session *sess)
168 uint8_t index = dev->driver_id;
169 void *sess_priv = get_sym_session_private_data(sess, index);
170 struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
174 bpi_cipher_ctx_free(s->bpi_ctx);
175 memset(s, 0, qat_sym_session_get_private_size(dev));
176 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
178 set_sym_session_private_data(sess, index, NULL);
179 rte_mempool_put(sess_mp, sess_priv);
184 qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
187 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL)
188 return ICP_QAT_FW_LA_CMD_CIPHER;
190 /* Authentication Only */
191 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
192 return ICP_QAT_FW_LA_CMD_AUTH;
195 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
196 /* AES-GCM and AES-CCM works with different direction
197 * GCM first encrypts and generate hash where AES-CCM
198 * first generate hash and encrypts. Similar relation
199 * applies to decryption.
201 if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
202 if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
203 return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
205 return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
207 if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
208 return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
210 return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
213 if (xform->next == NULL)
216 /* Cipher then Authenticate */
217 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
218 xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
219 return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
221 /* Authenticate then Cipher */
222 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
223 xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
224 return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
229 static struct rte_crypto_auth_xform *
230 qat_get_auth_xform(struct rte_crypto_sym_xform *xform)
233 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
242 static struct rte_crypto_cipher_xform *
243 qat_get_cipher_xform(struct rte_crypto_sym_xform *xform)
246 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
247 return &xform->cipher;
256 qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
257 struct rte_crypto_sym_xform *xform,
258 struct qat_sym_session *session)
260 struct qat_sym_dev_private *internals = dev->data->dev_private;
261 struct rte_crypto_cipher_xform *cipher_xform = NULL;
262 enum qat_device_gen qat_dev_gen =
263 internals->qat_dev->qat_dev_gen;
266 /* Get cipher xform from crypto xform chain */
267 cipher_xform = qat_get_cipher_xform(xform);
269 session->cipher_iv.offset = cipher_xform->iv.offset;
270 session->cipher_iv.length = cipher_xform->iv.length;
272 switch (cipher_xform->algo) {
273 case RTE_CRYPTO_CIPHER_AES_CBC:
274 if (qat_sym_validate_aes_key(cipher_xform->key.length,
275 &session->qat_cipher_alg) != 0) {
276 QAT_LOG(ERR, "Invalid AES cipher key size");
280 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
282 case RTE_CRYPTO_CIPHER_AES_CTR:
283 if (qat_sym_validate_aes_key(cipher_xform->key.length,
284 &session->qat_cipher_alg) != 0) {
285 QAT_LOG(ERR, "Invalid AES cipher key size");
289 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
290 if (qat_dev_gen == QAT_GEN4)
293 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
294 if (qat_sym_validate_snow3g_key(cipher_xform->key.length,
295 &session->qat_cipher_alg) != 0) {
296 QAT_LOG(ERR, "Invalid SNOW 3G cipher key size");
300 session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
302 case RTE_CRYPTO_CIPHER_NULL:
303 session->qat_cipher_alg = ICP_QAT_HW_CIPHER_ALGO_NULL;
304 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
306 case RTE_CRYPTO_CIPHER_KASUMI_F8:
307 if (qat_sym_validate_kasumi_key(cipher_xform->key.length,
308 &session->qat_cipher_alg) != 0) {
309 QAT_LOG(ERR, "Invalid KASUMI cipher key size");
313 session->qat_mode = ICP_QAT_HW_CIPHER_F8_MODE;
315 case RTE_CRYPTO_CIPHER_3DES_CBC:
316 if (qat_sym_validate_3des_key(cipher_xform->key.length,
317 &session->qat_cipher_alg) != 0) {
318 QAT_LOG(ERR, "Invalid 3DES cipher key size");
322 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
324 case RTE_CRYPTO_CIPHER_DES_CBC:
325 if (qat_sym_validate_des_key(cipher_xform->key.length,
326 &session->qat_cipher_alg) != 0) {
327 QAT_LOG(ERR, "Invalid DES cipher key size");
331 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
333 case RTE_CRYPTO_CIPHER_3DES_CTR:
334 if (qat_sym_validate_3des_key(cipher_xform->key.length,
335 &session->qat_cipher_alg) != 0) {
336 QAT_LOG(ERR, "Invalid 3DES cipher key size");
340 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
342 case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
343 ret = bpi_cipher_ctx_init(
346 cipher_xform->key.data,
347 cipher_xform->key.length,
350 QAT_LOG(ERR, "failed to create DES BPI ctx");
353 if (qat_sym_validate_des_key(cipher_xform->key.length,
354 &session->qat_cipher_alg) != 0) {
355 QAT_LOG(ERR, "Invalid DES cipher key size");
359 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
361 case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
362 ret = bpi_cipher_ctx_init(
365 cipher_xform->key.data,
366 cipher_xform->key.length,
369 QAT_LOG(ERR, "failed to create AES BPI ctx");
372 if (qat_sym_validate_aes_docsisbpi_key(cipher_xform->key.length,
373 &session->qat_cipher_alg) != 0) {
374 QAT_LOG(ERR, "Invalid AES DOCSISBPI key size");
378 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
380 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
381 if (!qat_is_cipher_alg_supported(
382 cipher_xform->algo, internals)) {
383 QAT_LOG(ERR, "%s not supported on this device",
384 rte_crypto_cipher_algorithm_strings
385 [cipher_xform->algo]);
389 if (qat_sym_validate_zuc_key(cipher_xform->key.length,
390 &session->qat_cipher_alg) != 0) {
391 QAT_LOG(ERR, "Invalid ZUC cipher key size");
395 session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
397 case RTE_CRYPTO_CIPHER_AES_XTS:
398 if ((cipher_xform->key.length/2) == ICP_QAT_HW_AES_192_KEY_SZ) {
399 QAT_LOG(ERR, "AES-XTS-192 not supported");
403 if (qat_sym_validate_aes_key((cipher_xform->key.length/2),
404 &session->qat_cipher_alg) != 0) {
405 QAT_LOG(ERR, "Invalid AES-XTS cipher key size");
409 session->qat_mode = ICP_QAT_HW_CIPHER_XTS_MODE;
411 case RTE_CRYPTO_CIPHER_3DES_ECB:
412 case RTE_CRYPTO_CIPHER_AES_ECB:
413 case RTE_CRYPTO_CIPHER_AES_F8:
414 case RTE_CRYPTO_CIPHER_ARC4:
415 QAT_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u",
420 QAT_LOG(ERR, "Crypto: Undefined Cipher specified %u\n",
426 if (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
427 session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
429 session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
431 if (qat_sym_cd_cipher_set(session,
432 cipher_xform->key.data,
433 cipher_xform->key.length)) {
441 if (session->bpi_ctx) {
442 bpi_cipher_ctx_free(session->bpi_ctx);
443 session->bpi_ctx = NULL;
449 qat_sym_session_configure(struct rte_cryptodev *dev,
450 struct rte_crypto_sym_xform *xform,
451 struct rte_cryptodev_sym_session *sess,
452 struct rte_mempool *mempool)
454 void *sess_private_data;
457 if (rte_mempool_get(mempool, &sess_private_data)) {
459 "Couldn't get object from session mempool");
463 ret = qat_sym_session_set_parameters(dev, xform, sess_private_data);
466 "Crypto QAT PMD: failed to configure session parameters");
468 /* Return session to mempool */
469 rte_mempool_put(mempool, sess_private_data);
473 set_sym_session_private_data(sess, dev->driver_id,
480 qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session,
483 struct icp_qat_fw_comn_req_hdr *header = &session->fw_req.comn_hdr;
484 struct icp_qat_fw_cipher_auth_cd_ctrl_hdr *cd_ctrl =
485 (struct icp_qat_fw_cipher_auth_cd_ctrl_hdr *)
486 session->fw_req.cd_ctrl.content_desc_ctrl_lw;
488 /* Set the Use Extended Protocol Flags bit in LW 1 */
489 QAT_FIELD_SET(header->comn_req_flags,
490 QAT_COMN_EXT_FLAGS_USED,
491 QAT_COMN_EXT_FLAGS_BITPOS,
492 QAT_COMN_EXT_FLAGS_MASK);
494 /* Set Hash Flags in LW 28 */
495 cd_ctrl->hash_flags |= hash_flag;
497 /* Set proto flags in LW 1 */
498 switch (session->qat_cipher_alg) {
499 case ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2:
500 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
501 ICP_QAT_FW_LA_SNOW_3G_PROTO);
502 ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET(
503 header->serv_specif_flags, 0);
505 case ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3:
506 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
507 ICP_QAT_FW_LA_NO_PROTO);
508 ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET(
509 header->serv_specif_flags,
510 ICP_QAT_FW_LA_ZUC_3G_PROTO);
513 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
514 ICP_QAT_FW_LA_NO_PROTO);
515 ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET(
516 header->serv_specif_flags, 0);
522 qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
523 struct qat_sym_session *session)
525 const struct qat_sym_dev_private *qat_private = dev->data->dev_private;
526 enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities &
527 QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3;
529 if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 &&
530 session->qat_cipher_alg !=
531 ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
532 session->min_qat_dev_gen = min_dev_gen;
533 qat_sym_session_set_ext_hash_flags(session,
534 1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS);
535 } else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 &&
536 session->qat_cipher_alg !=
537 ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
538 session->min_qat_dev_gen = min_dev_gen;
539 qat_sym_session_set_ext_hash_flags(session,
540 1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS);
541 } else if ((session->aes_cmac ||
542 session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) &&
543 (session->qat_cipher_alg ==
544 ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
545 session->qat_cipher_alg ==
546 ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) {
547 session->min_qat_dev_gen = min_dev_gen;
548 qat_sym_session_set_ext_hash_flags(session, 0);
553 qat_sym_session_set_parameters(struct rte_cryptodev *dev,
554 struct rte_crypto_sym_xform *xform, void *session_private)
556 struct qat_sym_session *session = session_private;
557 struct qat_sym_dev_private *internals = dev->data->dev_private;
558 enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
562 /* Verify the session physical address is known */
563 rte_iova_t session_paddr = rte_mempool_virt2iova(session);
564 if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
566 "Session physical address unknown. Bad memory pool.");
570 memset(session, 0, sizeof(*session));
571 /* Set context descriptor physical address */
572 session->cd_paddr = session_paddr +
573 offsetof(struct qat_sym_session, cd);
575 session->min_qat_dev_gen = QAT_GEN1;
578 /* Get requested QAT command id */
579 qat_cmd_id = qat_get_cmd_id(xform);
580 if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
581 QAT_LOG(ERR, "Unsupported xform chain requested");
584 session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
585 switch (session->qat_cmd) {
586 case ICP_QAT_FW_LA_CMD_CIPHER:
587 ret = qat_sym_session_configure_cipher(dev, xform, session);
591 case ICP_QAT_FW_LA_CMD_AUTH:
592 ret = qat_sym_session_configure_auth(dev, xform, session);
595 session->is_single_pass_gmac =
596 qat_dev_gen == QAT_GEN3 &&
597 xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC &&
598 xform->auth.iv.length == QAT_AES_GCM_SPC_IV_SIZE;
600 case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
601 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
602 ret = qat_sym_session_configure_aead(dev, xform,
607 ret = qat_sym_session_configure_cipher(dev,
611 ret = qat_sym_session_configure_auth(dev,
615 /* Special handling of mixed hash+cipher algorithms */
616 qat_sym_session_handle_mixed(dev, session);
619 case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
620 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
621 ret = qat_sym_session_configure_aead(dev, xform,
626 ret = qat_sym_session_configure_auth(dev,
630 ret = qat_sym_session_configure_cipher(dev,
634 /* Special handling of mixed hash+cipher algorithms */
635 qat_sym_session_handle_mixed(dev, session);
638 case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
639 case ICP_QAT_FW_LA_CMD_TRNG_TEST:
640 case ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE:
641 case ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE:
642 case ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE:
643 case ICP_QAT_FW_LA_CMD_MGF1:
644 case ICP_QAT_FW_LA_CMD_AUTH_PRE_COMP:
645 case ICP_QAT_FW_LA_CMD_CIPHER_PRE_COMP:
646 case ICP_QAT_FW_LA_CMD_DELIMITER:
647 QAT_LOG(ERR, "Unsupported Service %u",
651 QAT_LOG(ERR, "Unsupported Service %u",
660 qat_sym_session_handle_single_pass(struct qat_sym_session *session,
661 struct rte_crypto_aead_xform *aead_xform)
663 struct icp_qat_fw_la_cipher_req_params *cipher_param =
664 (void *) &session->fw_req.serv_specif_rqpars;
666 session->is_single_pass = 1;
667 session->min_qat_dev_gen = QAT_GEN3;
668 session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER;
669 if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) {
670 session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE;
671 ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
672 session->fw_req.comn_hdr.serv_specif_flags,
673 ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
675 /* Chacha-Poly is special case that use QAT CTR mode */
676 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
678 session->cipher_iv.offset = aead_xform->iv.offset;
679 session->cipher_iv.length = aead_xform->iv.length;
680 if (qat_sym_cd_cipher_set(session,
681 aead_xform->key.data, aead_xform->key.length))
683 session->aad_len = aead_xform->aad_length;
684 session->digest_length = aead_xform->digest_length;
685 if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
686 session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
687 session->auth_op = ICP_QAT_HW_AUTH_GENERATE;
688 ICP_QAT_FW_LA_RET_AUTH_SET(
689 session->fw_req.comn_hdr.serv_specif_flags,
690 ICP_QAT_FW_LA_RET_AUTH_RES);
692 session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
693 session->auth_op = ICP_QAT_HW_AUTH_VERIFY;
694 ICP_QAT_FW_LA_CMP_AUTH_SET(
695 session->fw_req.comn_hdr.serv_specif_flags,
696 ICP_QAT_FW_LA_CMP_AUTH_RES);
698 ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(
699 session->fw_req.comn_hdr.serv_specif_flags,
700 ICP_QAT_FW_LA_SINGLE_PASS_PROTO);
701 ICP_QAT_FW_LA_PROTO_SET(
702 session->fw_req.comn_hdr.serv_specif_flags,
703 ICP_QAT_FW_LA_NO_PROTO);
704 session->fw_req.comn_hdr.service_cmd_id =
705 ICP_QAT_FW_LA_CMD_CIPHER;
706 session->cd.cipher.cipher_config.val =
707 ICP_QAT_HW_CIPHER_CONFIG_BUILD(
708 ICP_QAT_HW_CIPHER_AEAD_MODE,
709 session->qat_cipher_alg,
710 ICP_QAT_HW_CIPHER_NO_CONVERT,
712 QAT_FIELD_SET(session->cd.cipher.cipher_config.val,
713 aead_xform->digest_length,
714 QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS,
715 QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK);
716 session->cd.cipher.cipher_config.reserved =
717 ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(
718 aead_xform->aad_length);
719 cipher_param->spc_aad_sz = aead_xform->aad_length;
720 cipher_param->spc_auth_res_sz = aead_xform->digest_length;
726 qat_sym_session_configure_auth(struct rte_cryptodev *dev,
727 struct rte_crypto_sym_xform *xform,
728 struct qat_sym_session *session)
730 struct rte_crypto_auth_xform *auth_xform = qat_get_auth_xform(xform);
731 struct qat_sym_dev_private *internals = dev->data->dev_private;
732 const uint8_t *key_data = auth_xform->key.data;
733 uint8_t key_length = auth_xform->key.length;
735 session->aes_cmac = 0;
736 session->auth_key_length = auth_xform->key.length;
737 session->auth_iv.offset = auth_xform->iv.offset;
738 session->auth_iv.length = auth_xform->iv.length;
739 session->auth_mode = ICP_QAT_HW_AUTH_MODE1;
741 switch (auth_xform->algo) {
742 case RTE_CRYPTO_AUTH_SHA1:
743 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA1;
744 session->auth_mode = ICP_QAT_HW_AUTH_MODE0;
746 case RTE_CRYPTO_AUTH_SHA224:
747 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA224;
748 session->auth_mode = ICP_QAT_HW_AUTH_MODE0;
750 case RTE_CRYPTO_AUTH_SHA256:
751 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA256;
752 session->auth_mode = ICP_QAT_HW_AUTH_MODE0;
754 case RTE_CRYPTO_AUTH_SHA384:
755 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA384;
756 session->auth_mode = ICP_QAT_HW_AUTH_MODE0;
758 case RTE_CRYPTO_AUTH_SHA512:
759 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA512;
760 session->auth_mode = ICP_QAT_HW_AUTH_MODE0;
762 case RTE_CRYPTO_AUTH_SHA1_HMAC:
763 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA1;
765 case RTE_CRYPTO_AUTH_SHA224_HMAC:
766 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA224;
768 case RTE_CRYPTO_AUTH_SHA256_HMAC:
769 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA256;
771 case RTE_CRYPTO_AUTH_SHA384_HMAC:
772 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA384;
774 case RTE_CRYPTO_AUTH_SHA512_HMAC:
775 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA512;
777 case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
778 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
780 case RTE_CRYPTO_AUTH_AES_CMAC:
781 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
782 session->aes_cmac = 1;
784 case RTE_CRYPTO_AUTH_AES_GMAC:
785 if (qat_sym_validate_aes_key(auth_xform->key.length,
786 &session->qat_cipher_alg) != 0) {
787 QAT_LOG(ERR, "Invalid AES key size");
790 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
791 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
792 if (session->auth_iv.length == 0)
793 session->auth_iv.length = AES_GCM_J0_LEN;
795 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
796 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
798 case RTE_CRYPTO_AUTH_MD5_HMAC:
799 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_MD5;
801 case RTE_CRYPTO_AUTH_NULL:
802 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_NULL;
804 case RTE_CRYPTO_AUTH_KASUMI_F9:
805 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_KASUMI_F9;
807 case RTE_CRYPTO_AUTH_ZUC_EIA3:
808 if (!qat_is_auth_alg_supported(auth_xform->algo, internals)) {
809 QAT_LOG(ERR, "%s not supported on this device",
810 rte_crypto_auth_algorithm_strings
814 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3;
816 case RTE_CRYPTO_AUTH_MD5:
817 case RTE_CRYPTO_AUTH_AES_CBC_MAC:
818 QAT_LOG(ERR, "Crypto: Unsupported hash alg %u",
822 QAT_LOG(ERR, "Crypto: Undefined Hash algo %u specified",
827 if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
828 if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
829 session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
830 session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
832 * It needs to create cipher desc content first,
833 * then authentication
836 if (qat_sym_cd_cipher_set(session,
837 auth_xform->key.data,
838 auth_xform->key.length))
841 if (qat_sym_cd_auth_set(session,
845 auth_xform->digest_length,
849 session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
850 session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
852 * It needs to create authentication desc content first,
856 if (qat_sym_cd_auth_set(session,
860 auth_xform->digest_length,
864 if (qat_sym_cd_cipher_set(session,
865 auth_xform->key.data,
866 auth_xform->key.length))
869 /* Restore to authentication only only */
870 session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
872 if (qat_sym_cd_auth_set(session,
876 auth_xform->digest_length,
881 session->digest_length = auth_xform->digest_length;
886 qat_sym_session_configure_aead(struct rte_cryptodev *dev,
887 struct rte_crypto_sym_xform *xform,
888 struct qat_sym_session *session)
890 struct rte_crypto_aead_xform *aead_xform = &xform->aead;
891 enum rte_crypto_auth_operation crypto_operation;
892 struct qat_sym_dev_private *internals =
893 dev->data->dev_private;
894 enum qat_device_gen qat_dev_gen =
895 internals->qat_dev->qat_dev_gen;
898 * Store AEAD IV parameters as cipher IV,
899 * to avoid unnecessary memory usage
901 session->cipher_iv.offset = xform->aead.iv.offset;
902 session->cipher_iv.length = xform->aead.iv.length;
904 session->auth_mode = ICP_QAT_HW_AUTH_MODE1;
906 session->is_single_pass = 0;
907 switch (aead_xform->algo) {
908 case RTE_CRYPTO_AEAD_AES_GCM:
909 if (qat_sym_validate_aes_key(aead_xform->key.length,
910 &session->qat_cipher_alg) != 0) {
911 QAT_LOG(ERR, "Invalid AES key size");
914 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
915 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
916 if (qat_dev_gen == QAT_GEN3 && aead_xform->iv.length ==
917 QAT_AES_GCM_SPC_IV_SIZE) {
918 return qat_sym_session_handle_single_pass(session,
921 if (session->cipher_iv.length == 0)
922 session->cipher_iv.length = AES_GCM_J0_LEN;
923 if (qat_dev_gen == QAT_GEN4)
926 case RTE_CRYPTO_AEAD_AES_CCM:
927 if (qat_sym_validate_aes_key(aead_xform->key.length,
928 &session->qat_cipher_alg) != 0) {
929 QAT_LOG(ERR, "Invalid AES key size");
932 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
933 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC;
934 if (qat_dev_gen == QAT_GEN4)
937 case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
938 if (aead_xform->key.length != ICP_QAT_HW_CHACHAPOLY_KEY_SZ)
940 session->qat_cipher_alg =
941 ICP_QAT_HW_CIPHER_ALGO_CHACHA20_POLY1305;
942 return qat_sym_session_handle_single_pass(session,
945 QAT_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
950 if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT &&
951 aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ||
952 (aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT &&
953 aead_xform->algo == RTE_CRYPTO_AEAD_AES_CCM)) {
954 session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
956 * It needs to create cipher desc content first,
957 * then authentication
959 crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
960 RTE_CRYPTO_AUTH_OP_GENERATE : RTE_CRYPTO_AUTH_OP_VERIFY;
962 if (qat_sym_cd_cipher_set(session,
963 aead_xform->key.data,
964 aead_xform->key.length))
967 if (qat_sym_cd_auth_set(session,
968 aead_xform->key.data,
969 aead_xform->key.length,
970 aead_xform->aad_length,
971 aead_xform->digest_length,
975 session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
977 * It needs to create authentication desc content first,
981 crypto_operation = aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ?
982 RTE_CRYPTO_AUTH_OP_VERIFY : RTE_CRYPTO_AUTH_OP_GENERATE;
984 if (qat_sym_cd_auth_set(session,
985 aead_xform->key.data,
986 aead_xform->key.length,
987 aead_xform->aad_length,
988 aead_xform->digest_length,
992 if (qat_sym_cd_cipher_set(session,
993 aead_xform->key.data,
994 aead_xform->key.length))
998 session->digest_length = aead_xform->digest_length;
1002 unsigned int qat_sym_session_get_private_size(
1003 struct rte_cryptodev *dev __rte_unused)
1005 return RTE_ALIGN_CEIL(sizeof(struct qat_sym_session), 8);
1008 /* returns block size in bytes per cipher algo */
1009 int qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg)
1011 switch (qat_cipher_alg) {
1012 case ICP_QAT_HW_CIPHER_ALGO_DES:
1013 return ICP_QAT_HW_DES_BLK_SZ;
1014 case ICP_QAT_HW_CIPHER_ALGO_3DES:
1015 return ICP_QAT_HW_3DES_BLK_SZ;
1016 case ICP_QAT_HW_CIPHER_ALGO_AES128:
1017 case ICP_QAT_HW_CIPHER_ALGO_AES192:
1018 case ICP_QAT_HW_CIPHER_ALGO_AES256:
1019 return ICP_QAT_HW_AES_BLK_SZ;
1021 QAT_LOG(ERR, "invalid block cipher alg %u", qat_cipher_alg);
1028 * Returns size in bytes per hash algo for state1 size field in cd_ctrl
1029 * This is digest size rounded up to nearest quadword
1031 static int qat_hash_get_state1_size(enum icp_qat_hw_auth_algo qat_hash_alg)
1033 switch (qat_hash_alg) {
1034 case ICP_QAT_HW_AUTH_ALGO_SHA1:
1035 return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA1_STATE1_SZ,
1036 QAT_HW_DEFAULT_ALIGNMENT);
1037 case ICP_QAT_HW_AUTH_ALGO_SHA224:
1038 return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA224_STATE1_SZ,
1039 QAT_HW_DEFAULT_ALIGNMENT);
1040 case ICP_QAT_HW_AUTH_ALGO_SHA256:
1041 return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA256_STATE1_SZ,
1042 QAT_HW_DEFAULT_ALIGNMENT);
1043 case ICP_QAT_HW_AUTH_ALGO_SHA384:
1044 return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA384_STATE1_SZ,
1045 QAT_HW_DEFAULT_ALIGNMENT);
1046 case ICP_QAT_HW_AUTH_ALGO_SHA512:
1047 return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA512_STATE1_SZ,
1048 QAT_HW_DEFAULT_ALIGNMENT);
1049 case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC:
1050 return QAT_HW_ROUND_UP(ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ,
1051 QAT_HW_DEFAULT_ALIGNMENT);
1052 case ICP_QAT_HW_AUTH_ALGO_GALOIS_128:
1053 case ICP_QAT_HW_AUTH_ALGO_GALOIS_64:
1054 return QAT_HW_ROUND_UP(ICP_QAT_HW_GALOIS_128_STATE1_SZ,
1055 QAT_HW_DEFAULT_ALIGNMENT);
1056 case ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3:
1057 return QAT_HW_ROUND_UP(ICP_QAT_HW_ZUC_3G_EIA3_STATE1_SZ,
1058 QAT_HW_DEFAULT_ALIGNMENT);
1059 case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
1060 return QAT_HW_ROUND_UP(ICP_QAT_HW_SNOW_3G_UIA2_STATE1_SZ,
1061 QAT_HW_DEFAULT_ALIGNMENT);
1062 case ICP_QAT_HW_AUTH_ALGO_MD5:
1063 return QAT_HW_ROUND_UP(ICP_QAT_HW_MD5_STATE1_SZ,
1064 QAT_HW_DEFAULT_ALIGNMENT);
1065 case ICP_QAT_HW_AUTH_ALGO_KASUMI_F9:
1066 return QAT_HW_ROUND_UP(ICP_QAT_HW_KASUMI_F9_STATE1_SZ,
1067 QAT_HW_DEFAULT_ALIGNMENT);
1068 case ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC:
1069 return QAT_HW_ROUND_UP(ICP_QAT_HW_AES_CBC_MAC_STATE1_SZ,
1070 QAT_HW_DEFAULT_ALIGNMENT);
1071 case ICP_QAT_HW_AUTH_ALGO_NULL:
1072 return QAT_HW_ROUND_UP(ICP_QAT_HW_NULL_STATE1_SZ,
1073 QAT_HW_DEFAULT_ALIGNMENT);
1074 case ICP_QAT_HW_AUTH_ALGO_DELIMITER:
1075 /* return maximum state1 size in this case */
1076 return QAT_HW_ROUND_UP(ICP_QAT_HW_SHA512_STATE1_SZ,
1077 QAT_HW_DEFAULT_ALIGNMENT);
1079 QAT_LOG(ERR, "invalid hash alg %u", qat_hash_alg);
1085 /* returns digest size in bytes per hash algo */
1086 static int qat_hash_get_digest_size(enum icp_qat_hw_auth_algo qat_hash_alg)
1088 switch (qat_hash_alg) {
1089 case ICP_QAT_HW_AUTH_ALGO_SHA1:
1090 return ICP_QAT_HW_SHA1_STATE1_SZ;
1091 case ICP_QAT_HW_AUTH_ALGO_SHA224:
1092 return ICP_QAT_HW_SHA224_STATE1_SZ;
1093 case ICP_QAT_HW_AUTH_ALGO_SHA256:
1094 return ICP_QAT_HW_SHA256_STATE1_SZ;
1095 case ICP_QAT_HW_AUTH_ALGO_SHA384:
1096 return ICP_QAT_HW_SHA384_STATE1_SZ;
1097 case ICP_QAT_HW_AUTH_ALGO_SHA512:
1098 return ICP_QAT_HW_SHA512_STATE1_SZ;
1099 case ICP_QAT_HW_AUTH_ALGO_MD5:
1100 return ICP_QAT_HW_MD5_STATE1_SZ;
1101 case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC:
1102 return ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
1103 case ICP_QAT_HW_AUTH_ALGO_DELIMITER:
1104 /* return maximum digest size in this case */
1105 return ICP_QAT_HW_SHA512_STATE1_SZ;
1107 QAT_LOG(ERR, "invalid hash alg %u", qat_hash_alg);
1113 /* returns block size in byes per hash algo */
1114 static int qat_hash_get_block_size(enum icp_qat_hw_auth_algo qat_hash_alg)
1116 switch (qat_hash_alg) {
1117 case ICP_QAT_HW_AUTH_ALGO_SHA1:
1119 case ICP_QAT_HW_AUTH_ALGO_SHA224:
1120 return SHA256_CBLOCK;
1121 case ICP_QAT_HW_AUTH_ALGO_SHA256:
1122 return SHA256_CBLOCK;
1123 case ICP_QAT_HW_AUTH_ALGO_SHA384:
1124 return SHA512_CBLOCK;
1125 case ICP_QAT_HW_AUTH_ALGO_SHA512:
1126 return SHA512_CBLOCK;
1127 case ICP_QAT_HW_AUTH_ALGO_GALOIS_128:
1129 case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC:
1130 return ICP_QAT_HW_AES_BLK_SZ;
1131 case ICP_QAT_HW_AUTH_ALGO_MD5:
1133 case ICP_QAT_HW_AUTH_ALGO_DELIMITER:
1134 /* return maximum block size in this case */
1135 return SHA512_CBLOCK;
1137 QAT_LOG(ERR, "invalid hash alg %u", qat_hash_alg);
1143 static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)
1147 if (!SHA1_Init(&ctx))
1149 SHA1_Transform(&ctx, data_in);
1150 rte_memcpy(data_out, &ctx, SHA_DIGEST_LENGTH);
1154 static int partial_hash_sha224(uint8_t *data_in, uint8_t *data_out)
1158 if (!SHA224_Init(&ctx))
1160 SHA256_Transform(&ctx, data_in);
1161 rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
1165 static int partial_hash_sha256(uint8_t *data_in, uint8_t *data_out)
1169 if (!SHA256_Init(&ctx))
1171 SHA256_Transform(&ctx, data_in);
1172 rte_memcpy(data_out, &ctx, SHA256_DIGEST_LENGTH);
1176 static int partial_hash_sha384(uint8_t *data_in, uint8_t *data_out)
1180 if (!SHA384_Init(&ctx))
1182 SHA512_Transform(&ctx, data_in);
1183 rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
1187 static int partial_hash_sha512(uint8_t *data_in, uint8_t *data_out)
1191 if (!SHA512_Init(&ctx))
1193 SHA512_Transform(&ctx, data_in);
1194 rte_memcpy(data_out, &ctx, SHA512_DIGEST_LENGTH);
1198 static int partial_hash_md5(uint8_t *data_in, uint8_t *data_out)
1202 if (!MD5_Init(&ctx))
1204 MD5_Transform(&ctx, data_in);
1205 rte_memcpy(data_out, &ctx, MD5_DIGEST_LENGTH);
1210 static int partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,
1215 uint8_t digest[qat_hash_get_digest_size(
1216 ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
1217 uint32_t *hash_state_out_be32;
1218 uint64_t *hash_state_out_be64;
1221 /* Initialize to avoid gcc warning */
1222 memset(digest, 0, sizeof(digest));
1224 digest_size = qat_hash_get_digest_size(hash_alg);
1225 if (digest_size <= 0)
1228 hash_state_out_be32 = (uint32_t *)data_out;
1229 hash_state_out_be64 = (uint64_t *)data_out;
1232 case ICP_QAT_HW_AUTH_ALGO_SHA1:
1233 if (partial_hash_sha1(data_in, digest))
1235 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
1236 *hash_state_out_be32 =
1237 rte_bswap32(*(((uint32_t *)digest)+i));
1239 case ICP_QAT_HW_AUTH_ALGO_SHA224:
1240 if (partial_hash_sha224(data_in, digest))
1242 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
1243 *hash_state_out_be32 =
1244 rte_bswap32(*(((uint32_t *)digest)+i));
1246 case ICP_QAT_HW_AUTH_ALGO_SHA256:
1247 if (partial_hash_sha256(data_in, digest))
1249 for (i = 0; i < digest_size >> 2; i++, hash_state_out_be32++)
1250 *hash_state_out_be32 =
1251 rte_bswap32(*(((uint32_t *)digest)+i));
1253 case ICP_QAT_HW_AUTH_ALGO_SHA384:
1254 if (partial_hash_sha384(data_in, digest))
1256 for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
1257 *hash_state_out_be64 =
1258 rte_bswap64(*(((uint64_t *)digest)+i));
1260 case ICP_QAT_HW_AUTH_ALGO_SHA512:
1261 if (partial_hash_sha512(data_in, digest))
1263 for (i = 0; i < digest_size >> 3; i++, hash_state_out_be64++)
1264 *hash_state_out_be64 =
1265 rte_bswap64(*(((uint64_t *)digest)+i));
1267 case ICP_QAT_HW_AUTH_ALGO_MD5:
1268 if (partial_hash_md5(data_in, data_out))
1272 QAT_LOG(ERR, "invalid hash alg %u", hash_alg);
1278 #define HMAC_IPAD_VALUE 0x36
1279 #define HMAC_OPAD_VALUE 0x5c
1280 #define HASH_XCBC_PRECOMP_KEY_NUM 3
1282 static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ];
1284 static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived)
1288 derived[0] = base[0] << 1;
1289 for (i = 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) {
1290 derived[i] = base[i] << 1;
1291 derived[i - 1] |= base[i] >> 7;
1295 derived[ICP_QAT_HW_AES_BLK_SZ - 1] ^= QAT_AES_CMAC_CONST_RB;
1298 static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
1299 const uint8_t *auth_key,
1300 uint16_t auth_keylen,
1301 uint8_t *p_state_buf,
1302 uint16_t *p_state_len,
1306 uint8_t ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
1307 uint8_t opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
1310 if (hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC) {
1316 uint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ];
1319 auth_keylen = ICP_QAT_HW_AES_128_KEY_SZ;
1321 in = rte_zmalloc("AES CMAC K1",
1322 ICP_QAT_HW_AES_128_KEY_SZ, 16);
1325 QAT_LOG(ERR, "Failed to alloc memory");
1329 rte_memcpy(in, AES_CMAC_SEED,
1330 ICP_QAT_HW_AES_128_KEY_SZ);
1331 rte_memcpy(p_state_buf, auth_key, auth_keylen);
1333 if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
1339 AES_encrypt(in, k0, &enc_key);
1341 k1 = p_state_buf + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
1342 k2 = k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
1344 aes_cmac_key_derive(k0, k1);
1345 aes_cmac_key_derive(k1, k2);
1347 memset(k0, 0, ICP_QAT_HW_AES_128_KEY_SZ);
1348 *p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;
1352 static uint8_t qat_aes_xcbc_key_seed[
1353 ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ] = {
1354 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1355 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1356 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1357 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
1358 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
1359 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
1363 uint8_t *out = p_state_buf;
1367 in = rte_zmalloc("working mem for key",
1368 ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16);
1370 QAT_LOG(ERR, "Failed to alloc memory");
1374 rte_memcpy(in, qat_aes_xcbc_key_seed,
1375 ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
1376 for (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {
1377 if (AES_set_encrypt_key(auth_key,
1381 (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ));
1383 (x * ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),
1384 0, ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
1387 AES_encrypt(in, out, &enc_key);
1388 in += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;
1389 out += ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;
1391 *p_state_len = ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;
1392 rte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ);
1396 } else if ((hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
1397 (hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) {
1399 uint8_t *out = p_state_buf;
1402 memset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +
1403 ICP_QAT_HW_GALOIS_LEN_A_SZ +
1404 ICP_QAT_HW_GALOIS_E_CTR0_SZ);
1405 in = rte_zmalloc("working mem for key",
1406 ICP_QAT_HW_GALOIS_H_SZ, 16);
1408 QAT_LOG(ERR, "Failed to alloc memory");
1412 memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);
1413 if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
1417 AES_encrypt(in, out, &enc_key);
1418 *p_state_len = ICP_QAT_HW_GALOIS_H_SZ +
1419 ICP_QAT_HW_GALOIS_LEN_A_SZ +
1420 ICP_QAT_HW_GALOIS_E_CTR0_SZ;
1425 block_size = qat_hash_get_block_size(hash_alg);
1428 /* init ipad and opad from key and xor with fixed values */
1429 memset(ipad, 0, block_size);
1430 memset(opad, 0, block_size);
1432 if (auth_keylen > (unsigned int)block_size) {
1433 QAT_LOG(ERR, "invalid keylen %u", auth_keylen);
1436 rte_memcpy(ipad, auth_key, auth_keylen);
1437 rte_memcpy(opad, auth_key, auth_keylen);
1439 for (i = 0; i < block_size; i++) {
1440 uint8_t *ipad_ptr = ipad + i;
1441 uint8_t *opad_ptr = opad + i;
1442 *ipad_ptr ^= HMAC_IPAD_VALUE;
1443 *opad_ptr ^= HMAC_OPAD_VALUE;
1446 /* do partial hash of ipad and copy to state1 */
1447 if (partial_hash_compute(hash_alg, ipad, p_state_buf)) {
1448 memset(ipad, 0, block_size);
1449 memset(opad, 0, block_size);
1450 QAT_LOG(ERR, "ipad precompute failed");
1455 * State len is a multiple of 8, so may be larger than the digest.
1456 * Put the partial hash of opad state_len bytes after state1
1458 *p_state_len = qat_hash_get_state1_size(hash_alg);
1459 if (partial_hash_compute(hash_alg, opad, p_state_buf + *p_state_len)) {
1460 memset(ipad, 0, block_size);
1461 memset(opad, 0, block_size);
1462 QAT_LOG(ERR, "opad precompute failed");
1466 /* don't leave data lying around */
1467 memset(ipad, 0, block_size);
1468 memset(opad, 0, block_size);
1473 qat_sym_session_init_common_hdr(struct qat_sym_session *session,
1474 struct icp_qat_fw_comn_req_hdr *header,
1475 enum qat_sym_proto_flag proto_flags)
1478 ICP_QAT_FW_COMN_HDR_FLAGS_BUILD(ICP_QAT_FW_COMN_REQ_FLAG_SET);
1479 header->service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_LA;
1480 header->comn_req_flags =
1481 ICP_QAT_FW_COMN_FLAGS_BUILD(QAT_COMN_CD_FLD_TYPE_64BIT_ADR,
1482 QAT_COMN_PTR_TYPE_FLAT);
1483 ICP_QAT_FW_LA_PARTIAL_SET(header->serv_specif_flags,
1484 ICP_QAT_FW_LA_PARTIAL_NONE);
1485 ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(header->serv_specif_flags,
1486 ICP_QAT_FW_CIPH_IV_16BYTE_DATA);
1488 switch (proto_flags) {
1489 case QAT_CRYPTO_PROTO_FLAG_NONE:
1490 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
1491 ICP_QAT_FW_LA_NO_PROTO);
1493 case QAT_CRYPTO_PROTO_FLAG_CCM:
1494 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
1495 ICP_QAT_FW_LA_CCM_PROTO);
1497 case QAT_CRYPTO_PROTO_FLAG_GCM:
1498 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
1499 ICP_QAT_FW_LA_GCM_PROTO);
1501 case QAT_CRYPTO_PROTO_FLAG_SNOW3G:
1502 ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags,
1503 ICP_QAT_FW_LA_SNOW_3G_PROTO);
1505 case QAT_CRYPTO_PROTO_FLAG_ZUC:
1506 ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET(header->serv_specif_flags,
1507 ICP_QAT_FW_LA_ZUC_3G_PROTO);
1511 ICP_QAT_FW_LA_UPDATE_STATE_SET(header->serv_specif_flags,
1512 ICP_QAT_FW_LA_NO_UPDATE_STATE);
1513 ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(header->serv_specif_flags,
1514 ICP_QAT_FW_LA_NO_DIGEST_IN_BUFFER);
1516 if (session->is_ucs) {
1517 ICP_QAT_FW_LA_SLICE_TYPE_SET(
1518 session->fw_req.comn_hdr.serv_specif_flags,
1519 ICP_QAT_FW_LA_USE_UCS_SLICE_TYPE);
1524 * Snow3G and ZUC should never use this function
1525 * and set its protocol flag in both cipher and auth part of content
1526 * descriptor building function
1528 static enum qat_sym_proto_flag
1529 qat_get_crypto_proto_flag(uint16_t flags)
1531 int proto = ICP_QAT_FW_LA_PROTO_GET(flags);
1532 enum qat_sym_proto_flag qat_proto_flag =
1533 QAT_CRYPTO_PROTO_FLAG_NONE;
1536 case ICP_QAT_FW_LA_GCM_PROTO:
1537 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_GCM;
1539 case ICP_QAT_FW_LA_CCM_PROTO:
1540 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_CCM;
1544 return qat_proto_flag;
1547 int qat_sym_cd_cipher_set(struct qat_sym_session *cdesc,
1548 const uint8_t *cipherkey,
1549 uint32_t cipherkeylen)
1551 struct icp_qat_hw_cipher_algo_blk *cipher;
1552 struct icp_qat_hw_cipher_algo_blk20 *cipher20;
1553 struct icp_qat_fw_la_bulk_req *req_tmpl = &cdesc->fw_req;
1554 struct icp_qat_fw_comn_req_hdr_cd_pars *cd_pars = &req_tmpl->cd_pars;
1555 struct icp_qat_fw_comn_req_hdr *header = &req_tmpl->comn_hdr;
1556 void *ptr = &req_tmpl->cd_ctrl;
1557 struct icp_qat_fw_cipher_cd_ctrl_hdr *cipher_cd_ctrl = ptr;
1558 struct icp_qat_fw_auth_cd_ctrl_hdr *hash_cd_ctrl = ptr;
1559 enum icp_qat_hw_cipher_convert key_convert;
1560 enum qat_sym_proto_flag qat_proto_flag =
1561 QAT_CRYPTO_PROTO_FLAG_NONE;
1562 uint32_t total_key_size;
1563 uint16_t cipher_offset, cd_size;
1564 uint32_t wordIndex = 0;
1565 uint32_t *temp_key = NULL;
1567 if (cdesc->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER) {
1568 cd_pars->u.s.content_desc_addr = cdesc->cd_paddr;
1569 ICP_QAT_FW_COMN_CURR_ID_SET(cipher_cd_ctrl,
1570 ICP_QAT_FW_SLICE_CIPHER);
1571 ICP_QAT_FW_COMN_NEXT_ID_SET(cipher_cd_ctrl,
1572 ICP_QAT_FW_SLICE_DRAM_WR);
1573 ICP_QAT_FW_LA_RET_AUTH_SET(header->serv_specif_flags,
1574 ICP_QAT_FW_LA_NO_RET_AUTH_RES);
1575 ICP_QAT_FW_LA_CMP_AUTH_SET(header->serv_specif_flags,
1576 ICP_QAT_FW_LA_NO_CMP_AUTH_RES);
1577 cdesc->cd_cur_ptr = (uint8_t *)&cdesc->cd;
1578 } else if (cdesc->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
1579 cd_pars->u.s.content_desc_addr = cdesc->cd_paddr;
1580 ICP_QAT_FW_COMN_CURR_ID_SET(cipher_cd_ctrl,
1581 ICP_QAT_FW_SLICE_CIPHER);
1582 ICP_QAT_FW_COMN_NEXT_ID_SET(cipher_cd_ctrl,
1583 ICP_QAT_FW_SLICE_AUTH);
1584 ICP_QAT_FW_COMN_CURR_ID_SET(hash_cd_ctrl,
1585 ICP_QAT_FW_SLICE_AUTH);
1586 ICP_QAT_FW_COMN_NEXT_ID_SET(hash_cd_ctrl,
1587 ICP_QAT_FW_SLICE_DRAM_WR);
1588 cdesc->cd_cur_ptr = (uint8_t *)&cdesc->cd;
1589 } else if (cdesc->qat_cmd != ICP_QAT_FW_LA_CMD_HASH_CIPHER) {
1590 QAT_LOG(ERR, "Invalid param, must be a cipher command.");
1594 if (cdesc->qat_mode == ICP_QAT_HW_CIPHER_CTR_MODE) {
1596 * CTR Streaming ciphers are a special case. Decrypt = encrypt
1597 * Overriding default values previously set
1599 cdesc->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
1600 key_convert = ICP_QAT_HW_CIPHER_NO_CONVERT;
1601 } else if (cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2
1602 || cdesc->qat_cipher_alg ==
1603 ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)
1604 key_convert = ICP_QAT_HW_CIPHER_KEY_CONVERT;
1605 else if (cdesc->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT)
1606 key_convert = ICP_QAT_HW_CIPHER_NO_CONVERT;
1608 key_convert = ICP_QAT_HW_CIPHER_KEY_CONVERT;
1610 if (cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
1611 total_key_size = ICP_QAT_HW_SNOW_3G_UEA2_KEY_SZ +
1612 ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ;
1613 cipher_cd_ctrl->cipher_state_sz =
1614 ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ >> 3;
1615 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
1617 } else if (cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_KASUMI) {
1618 total_key_size = ICP_QAT_HW_KASUMI_F8_KEY_SZ;
1619 cipher_cd_ctrl->cipher_state_sz = ICP_QAT_HW_KASUMI_BLK_SZ >> 3;
1620 cipher_cd_ctrl->cipher_padding_sz =
1621 (2 * ICP_QAT_HW_KASUMI_BLK_SZ) >> 3;
1622 } else if (cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_3DES) {
1623 total_key_size = ICP_QAT_HW_3DES_KEY_SZ;
1624 cipher_cd_ctrl->cipher_state_sz = ICP_QAT_HW_3DES_BLK_SZ >> 3;
1626 qat_get_crypto_proto_flag(header->serv_specif_flags);
1627 } else if (cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_DES) {
1628 total_key_size = ICP_QAT_HW_DES_KEY_SZ;
1629 cipher_cd_ctrl->cipher_state_sz = ICP_QAT_HW_DES_BLK_SZ >> 3;
1631 qat_get_crypto_proto_flag(header->serv_specif_flags);
1632 } else if (cdesc->qat_cipher_alg ==
1633 ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
1634 total_key_size = ICP_QAT_HW_ZUC_3G_EEA3_KEY_SZ +
1635 ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ;
1636 cipher_cd_ctrl->cipher_state_sz =
1637 ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ >> 3;
1638 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_ZUC;
1639 cdesc->min_qat_dev_gen = QAT_GEN2;
1641 total_key_size = cipherkeylen;
1642 cipher_cd_ctrl->cipher_state_sz = ICP_QAT_HW_AES_BLK_SZ >> 3;
1644 qat_get_crypto_proto_flag(header->serv_specif_flags);
1646 cipher_offset = cdesc->cd_cur_ptr-((uint8_t *)&cdesc->cd);
1647 cipher_cd_ctrl->cipher_cfg_offset = cipher_offset >> 3;
1649 header->service_cmd_id = cdesc->qat_cmd;
1650 qat_sym_session_init_common_hdr(cdesc, header, qat_proto_flag);
1652 cipher = (struct icp_qat_hw_cipher_algo_blk *)cdesc->cd_cur_ptr;
1653 cipher20 = (struct icp_qat_hw_cipher_algo_blk20 *)cdesc->cd_cur_ptr;
1654 cipher->cipher_config.val =
1655 ICP_QAT_HW_CIPHER_CONFIG_BUILD(cdesc->qat_mode,
1656 cdesc->qat_cipher_alg, key_convert,
1659 if (cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_KASUMI) {
1660 temp_key = (uint32_t *)(cdesc->cd_cur_ptr +
1661 sizeof(struct icp_qat_hw_cipher_config)
1663 memcpy(cipher->key, cipherkey, cipherkeylen);
1664 memcpy(temp_key, cipherkey, cipherkeylen);
1666 /* XOR Key with KASUMI F8 key modifier at 4 bytes level */
1667 for (wordIndex = 0; wordIndex < (cipherkeylen >> 2);
1669 temp_key[wordIndex] ^= KASUMI_F8_KEY_MODIFIER_4_BYTES;
1671 cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_cipher_config) +
1672 cipherkeylen + cipherkeylen;
1673 } else if (cdesc->is_ucs) {
1674 const uint8_t *final_key = cipherkey;
1676 total_key_size = RTE_ALIGN_CEIL(cipherkeylen,
1677 ICP_QAT_HW_AES_128_KEY_SZ);
1678 cipher20->cipher_config.reserved[0] = 0;
1679 cipher20->cipher_config.reserved[1] = 0;
1680 cipher20->cipher_config.reserved[2] = 0;
1682 rte_memcpy(cipher20->key, final_key, cipherkeylen);
1683 cdesc->cd_cur_ptr +=
1684 sizeof(struct icp_qat_hw_ucs_cipher_config) +
1687 memcpy(cipher->key, cipherkey, cipherkeylen);
1688 cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_cipher_config) +
1692 if (total_key_size > cipherkeylen) {
1693 uint32_t padding_size = total_key_size-cipherkeylen;
1694 if ((cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_3DES)
1695 && (cipherkeylen == QAT_3DES_KEY_SZ_OPT2)) {
1696 /* K3 not provided so use K1 = K3*/
1697 memcpy(cdesc->cd_cur_ptr, cipherkey, padding_size);
1698 } else if ((cdesc->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_3DES)
1699 && (cipherkeylen == QAT_3DES_KEY_SZ_OPT3)) {
1700 /* K2 and K3 not provided so use K1 = K2 = K3*/
1701 memcpy(cdesc->cd_cur_ptr, cipherkey,
1703 memcpy(cdesc->cd_cur_ptr+cipherkeylen,
1704 cipherkey, cipherkeylen);
1706 memset(cdesc->cd_cur_ptr, 0, padding_size);
1708 cdesc->cd_cur_ptr += padding_size;
1710 cd_size = cdesc->cd_cur_ptr-(uint8_t *)&cdesc->cd;
1711 cd_pars->u.s.content_desc_params_sz = RTE_ALIGN_CEIL(cd_size, 8) >> 3;
1712 cipher_cd_ctrl->cipher_key_sz = total_key_size >> 3;
1717 int qat_sym_cd_auth_set(struct qat_sym_session *cdesc,
1718 const uint8_t *authkey,
1719 uint32_t authkeylen,
1720 uint32_t aad_length,
1721 uint32_t digestsize,
1722 unsigned int operation)
1724 struct icp_qat_hw_auth_setup *hash;
1725 struct icp_qat_hw_cipher_algo_blk *cipherconfig;
1726 struct icp_qat_fw_la_bulk_req *req_tmpl = &cdesc->fw_req;
1727 struct icp_qat_fw_comn_req_hdr_cd_pars *cd_pars = &req_tmpl->cd_pars;
1728 struct icp_qat_fw_comn_req_hdr *header = &req_tmpl->comn_hdr;
1729 void *ptr = &req_tmpl->cd_ctrl;
1730 struct icp_qat_fw_cipher_cd_ctrl_hdr *cipher_cd_ctrl = ptr;
1731 struct icp_qat_fw_auth_cd_ctrl_hdr *hash_cd_ctrl = ptr;
1732 struct icp_qat_fw_la_auth_req_params *auth_param =
1733 (struct icp_qat_fw_la_auth_req_params *)
1734 ((char *)&req_tmpl->serv_specif_rqpars +
1735 ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
1736 uint16_t state1_size = 0, state2_size = 0, cd_extra_size = 0;
1737 uint16_t hash_offset, cd_size;
1738 uint32_t *aad_len = NULL;
1739 uint32_t wordIndex = 0;
1741 enum qat_sym_proto_flag qat_proto_flag =
1742 QAT_CRYPTO_PROTO_FLAG_NONE;
1744 if (cdesc->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {
1745 ICP_QAT_FW_COMN_CURR_ID_SET(hash_cd_ctrl,
1746 ICP_QAT_FW_SLICE_AUTH);
1747 ICP_QAT_FW_COMN_NEXT_ID_SET(hash_cd_ctrl,
1748 ICP_QAT_FW_SLICE_DRAM_WR);
1749 cdesc->cd_cur_ptr = (uint8_t *)&cdesc->cd;
1750 } else if (cdesc->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER) {
1751 ICP_QAT_FW_COMN_CURR_ID_SET(hash_cd_ctrl,
1752 ICP_QAT_FW_SLICE_AUTH);
1753 ICP_QAT_FW_COMN_NEXT_ID_SET(hash_cd_ctrl,
1754 ICP_QAT_FW_SLICE_CIPHER);
1755 ICP_QAT_FW_COMN_CURR_ID_SET(cipher_cd_ctrl,
1756 ICP_QAT_FW_SLICE_CIPHER);
1757 ICP_QAT_FW_COMN_NEXT_ID_SET(cipher_cd_ctrl,
1758 ICP_QAT_FW_SLICE_DRAM_WR);
1759 cdesc->cd_cur_ptr = (uint8_t *)&cdesc->cd;
1760 } else if (cdesc->qat_cmd != ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
1761 QAT_LOG(ERR, "Invalid param, must be a hash command.");
1765 if (operation == RTE_CRYPTO_AUTH_OP_VERIFY) {
1766 ICP_QAT_FW_LA_RET_AUTH_SET(header->serv_specif_flags,
1767 ICP_QAT_FW_LA_NO_RET_AUTH_RES);
1768 ICP_QAT_FW_LA_CMP_AUTH_SET(header->serv_specif_flags,
1769 ICP_QAT_FW_LA_CMP_AUTH_RES);
1770 cdesc->auth_op = ICP_QAT_HW_AUTH_VERIFY;
1772 ICP_QAT_FW_LA_RET_AUTH_SET(header->serv_specif_flags,
1773 ICP_QAT_FW_LA_RET_AUTH_RES);
1774 ICP_QAT_FW_LA_CMP_AUTH_SET(header->serv_specif_flags,
1775 ICP_QAT_FW_LA_NO_CMP_AUTH_RES);
1776 cdesc->auth_op = ICP_QAT_HW_AUTH_GENERATE;
1780 * Setup the inner hash config
1782 hash_offset = cdesc->cd_cur_ptr-((uint8_t *)&cdesc->cd);
1783 hash = (struct icp_qat_hw_auth_setup *)cdesc->cd_cur_ptr;
1784 hash->auth_config.reserved = 0;
1785 hash->auth_config.config =
1786 ICP_QAT_HW_AUTH_CONFIG_BUILD(cdesc->auth_mode,
1787 cdesc->qat_hash_alg, digestsize);
1789 if (cdesc->auth_mode == ICP_QAT_HW_AUTH_MODE0
1790 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2
1791 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_KASUMI_F9
1792 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3
1793 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC
1794 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC
1795 || cdesc->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL
1797 hash->auth_counter.counter = 0;
1799 int block_size = qat_hash_get_block_size(cdesc->qat_hash_alg);
1803 hash->auth_counter.counter = rte_bswap32(block_size);
1806 cdesc->cd_cur_ptr += sizeof(struct icp_qat_hw_auth_setup);
1809 * cd_cur_ptr now points at the state1 information.
1811 switch (cdesc->qat_hash_alg) {
1812 case ICP_QAT_HW_AUTH_ALGO_SHA1:
1813 if (cdesc->auth_mode == ICP_QAT_HW_AUTH_MODE0) {
1815 rte_memcpy(cdesc->cd_cur_ptr, sha1InitialState,
1816 sizeof(sha1InitialState));
1817 state1_size = qat_hash_get_state1_size(
1818 cdesc->qat_hash_alg);
1822 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey,
1823 authkeylen, cdesc->cd_cur_ptr, &state1_size,
1825 QAT_LOG(ERR, "(SHA)precompute failed");
1828 state2_size = RTE_ALIGN_CEIL(ICP_QAT_HW_SHA1_STATE2_SZ, 8);
1830 case ICP_QAT_HW_AUTH_ALGO_SHA224:
1831 if (cdesc->auth_mode == ICP_QAT_HW_AUTH_MODE0) {
1833 rte_memcpy(cdesc->cd_cur_ptr, sha224InitialState,
1834 sizeof(sha224InitialState));
1835 state1_size = qat_hash_get_state1_size(
1836 cdesc->qat_hash_alg);
1840 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey,
1841 authkeylen, cdesc->cd_cur_ptr, &state1_size,
1843 QAT_LOG(ERR, "(SHA)precompute failed");
1846 state2_size = ICP_QAT_HW_SHA224_STATE2_SZ;
1848 case ICP_QAT_HW_AUTH_ALGO_SHA256:
1849 if (cdesc->auth_mode == ICP_QAT_HW_AUTH_MODE0) {
1851 rte_memcpy(cdesc->cd_cur_ptr, sha256InitialState,
1852 sizeof(sha256InitialState));
1853 state1_size = qat_hash_get_state1_size(
1854 cdesc->qat_hash_alg);
1858 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey,
1859 authkeylen, cdesc->cd_cur_ptr, &state1_size,
1861 QAT_LOG(ERR, "(SHA)precompute failed");
1864 state2_size = ICP_QAT_HW_SHA256_STATE2_SZ;
1866 case ICP_QAT_HW_AUTH_ALGO_SHA384:
1867 if (cdesc->auth_mode == ICP_QAT_HW_AUTH_MODE0) {
1869 rte_memcpy(cdesc->cd_cur_ptr, sha384InitialState,
1870 sizeof(sha384InitialState));
1871 state1_size = qat_hash_get_state1_size(
1872 cdesc->qat_hash_alg);
1876 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey,
1877 authkeylen, cdesc->cd_cur_ptr, &state1_size,
1879 QAT_LOG(ERR, "(SHA)precompute failed");
1882 state2_size = ICP_QAT_HW_SHA384_STATE2_SZ;
1884 case ICP_QAT_HW_AUTH_ALGO_SHA512:
1885 if (cdesc->auth_mode == ICP_QAT_HW_AUTH_MODE0) {
1887 rte_memcpy(cdesc->cd_cur_ptr, sha512InitialState,
1888 sizeof(sha512InitialState));
1889 state1_size = qat_hash_get_state1_size(
1890 cdesc->qat_hash_alg);
1894 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey,
1895 authkeylen, cdesc->cd_cur_ptr, &state1_size,
1897 QAT_LOG(ERR, "(SHA)precompute failed");
1900 state2_size = ICP_QAT_HW_SHA512_STATE2_SZ;
1902 case ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC:
1903 state1_size = ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
1905 if (cdesc->aes_cmac)
1906 memset(cdesc->cd_cur_ptr, 0, state1_size);
1907 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,
1908 authkey, authkeylen, cdesc->cd_cur_ptr + state1_size,
1909 &state2_size, cdesc->aes_cmac)) {
1910 cdesc->aes_cmac ? QAT_LOG(ERR,
1911 "(CMAC)precompute failed")
1913 "(XCBC)precompute failed");
1917 case ICP_QAT_HW_AUTH_ALGO_GALOIS_128:
1918 case ICP_QAT_HW_AUTH_ALGO_GALOIS_64:
1919 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_GCM;
1920 state1_size = ICP_QAT_HW_GALOIS_128_STATE1_SZ;
1921 if (qat_sym_do_precomputes(cdesc->qat_hash_alg, authkey,
1922 authkeylen, cdesc->cd_cur_ptr + state1_size,
1923 &state2_size, cdesc->aes_cmac)) {
1924 QAT_LOG(ERR, "(GCM)precompute failed");
1928 * Write (the length of AAD) into bytes 16-19 of state2
1929 * in big-endian format. This field is 8 bytes
1931 auth_param->u2.aad_sz =
1932 RTE_ALIGN_CEIL(aad_length, 16);
1933 auth_param->hash_state_sz = (auth_param->u2.aad_sz) >> 3;
1935 aad_len = (uint32_t *)(cdesc->cd_cur_ptr +
1936 ICP_QAT_HW_GALOIS_128_STATE1_SZ +
1937 ICP_QAT_HW_GALOIS_H_SZ);
1938 *aad_len = rte_bswap32(aad_length);
1939 cdesc->aad_len = aad_length;
1941 case ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2:
1942 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_SNOW3G;
1943 state1_size = qat_hash_get_state1_size(
1944 ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2);
1945 state2_size = ICP_QAT_HW_SNOW_3G_UIA2_STATE2_SZ;
1946 memset(cdesc->cd_cur_ptr, 0, state1_size + state2_size);
1948 cipherconfig = (struct icp_qat_hw_cipher_algo_blk *)
1949 (cdesc->cd_cur_ptr + state1_size + state2_size);
1950 cipherconfig->cipher_config.val =
1951 ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_ECB_MODE,
1952 ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2,
1953 ICP_QAT_HW_CIPHER_KEY_CONVERT,
1954 ICP_QAT_HW_CIPHER_ENCRYPT);
1955 memcpy(cipherconfig->key, authkey, authkeylen);
1956 memset(cipherconfig->key + authkeylen,
1957 0, ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ);
1958 cd_extra_size += sizeof(struct icp_qat_hw_cipher_config) +
1959 authkeylen + ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ;
1960 auth_param->hash_state_sz = ICP_QAT_HW_SNOW_3G_UEA2_IV_SZ >> 3;
1962 case ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3:
1963 hash->auth_config.config =
1964 ICP_QAT_HW_AUTH_CONFIG_BUILD(ICP_QAT_HW_AUTH_MODE0,
1965 cdesc->qat_hash_alg, digestsize);
1966 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_ZUC;
1967 state1_size = qat_hash_get_state1_size(
1968 ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3);
1969 state2_size = ICP_QAT_HW_ZUC_3G_EIA3_STATE2_SZ;
1970 memset(cdesc->cd_cur_ptr, 0, state1_size + state2_size
1971 + ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ);
1973 memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
1974 cd_extra_size += ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ;
1975 auth_param->hash_state_sz = ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ >> 3;
1976 cdesc->min_qat_dev_gen = QAT_GEN2;
1979 case ICP_QAT_HW_AUTH_ALGO_MD5:
1980 if (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey,
1981 authkeylen, cdesc->cd_cur_ptr, &state1_size,
1983 QAT_LOG(ERR, "(MD5)precompute failed");
1986 state2_size = ICP_QAT_HW_MD5_STATE2_SZ;
1988 case ICP_QAT_HW_AUTH_ALGO_NULL:
1989 state1_size = qat_hash_get_state1_size(
1990 ICP_QAT_HW_AUTH_ALGO_NULL);
1991 state2_size = ICP_QAT_HW_NULL_STATE2_SZ;
1993 case ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC:
1994 qat_proto_flag = QAT_CRYPTO_PROTO_FLAG_CCM;
1995 state1_size = qat_hash_get_state1_size(
1996 ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC);
1997 state2_size = ICP_QAT_HW_AES_CBC_MAC_KEY_SZ +
1998 ICP_QAT_HW_AES_CCM_CBC_E_CTR0_SZ;
2000 if (aad_length > 0) {
2001 aad_length += ICP_QAT_HW_CCM_AAD_B0_LEN +
2002 ICP_QAT_HW_CCM_AAD_LEN_INFO;
2003 auth_param->u2.aad_sz =
2004 RTE_ALIGN_CEIL(aad_length,
2005 ICP_QAT_HW_CCM_AAD_ALIGNMENT);
2007 auth_param->u2.aad_sz = ICP_QAT_HW_CCM_AAD_B0_LEN;
2009 cdesc->aad_len = aad_length;
2010 hash->auth_counter.counter = 0;
2012 hash_cd_ctrl->outer_prefix_sz = digestsize;
2013 auth_param->hash_state_sz = digestsize;
2015 memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
2017 case ICP_QAT_HW_AUTH_ALGO_KASUMI_F9:
2018 state1_size = qat_hash_get_state1_size(
2019 ICP_QAT_HW_AUTH_ALGO_KASUMI_F9);
2020 state2_size = ICP_QAT_HW_KASUMI_F9_STATE2_SZ;
2021 memset(cdesc->cd_cur_ptr, 0, state1_size + state2_size);
2022 pTempKey = (uint32_t *)(cdesc->cd_cur_ptr + state1_size
2025 * The Inner Hash Initial State2 block must contain IK
2026 * (Initialisation Key), followed by IK XOR-ed with KM
2027 * (Key Modifier): IK||(IK^KM).
2029 /* write the auth key */
2030 memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
2031 /* initialise temp key with auth key */
2032 memcpy(pTempKey, authkey, authkeylen);
2033 /* XOR Key with KASUMI F9 key modifier at 4 bytes level */
2034 for (wordIndex = 0; wordIndex < (authkeylen >> 2); wordIndex++)
2035 pTempKey[wordIndex] ^= KASUMI_F9_KEY_MODIFIER_4_BYTES;
2038 QAT_LOG(ERR, "Invalid HASH alg %u", cdesc->qat_hash_alg);
2042 /* Request template setup */
2043 qat_sym_session_init_common_hdr(cdesc, header, qat_proto_flag);
2044 header->service_cmd_id = cdesc->qat_cmd;
2046 /* Auth CD config setup */
2047 hash_cd_ctrl->hash_cfg_offset = hash_offset >> 3;
2048 hash_cd_ctrl->hash_flags = ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED;
2049 hash_cd_ctrl->inner_res_sz = digestsize;
2050 hash_cd_ctrl->final_sz = digestsize;
2051 hash_cd_ctrl->inner_state1_sz = state1_size;
2052 auth_param->auth_res_sz = digestsize;
2054 hash_cd_ctrl->inner_state2_sz = state2_size;
2055 hash_cd_ctrl->inner_state2_offset = hash_cd_ctrl->hash_cfg_offset +
2056 ((sizeof(struct icp_qat_hw_auth_setup) +
2057 RTE_ALIGN_CEIL(hash_cd_ctrl->inner_state1_sz, 8))
2060 cdesc->cd_cur_ptr += state1_size + state2_size + cd_extra_size;
2061 cd_size = cdesc->cd_cur_ptr-(uint8_t *)&cdesc->cd;
2063 cd_pars->u.s.content_desc_addr = cdesc->cd_paddr;
2064 cd_pars->u.s.content_desc_params_sz = RTE_ALIGN_CEIL(cd_size, 8) >> 3;
2069 int qat_sym_validate_aes_key(int key_len, enum icp_qat_hw_cipher_algo *alg)
2072 case ICP_QAT_HW_AES_128_KEY_SZ:
2073 *alg = ICP_QAT_HW_CIPHER_ALGO_AES128;
2075 case ICP_QAT_HW_AES_192_KEY_SZ:
2076 *alg = ICP_QAT_HW_CIPHER_ALGO_AES192;
2078 case ICP_QAT_HW_AES_256_KEY_SZ:
2079 *alg = ICP_QAT_HW_CIPHER_ALGO_AES256;
2087 int qat_sym_validate_aes_docsisbpi_key(int key_len,
2088 enum icp_qat_hw_cipher_algo *alg)
2091 case ICP_QAT_HW_AES_128_KEY_SZ:
2092 *alg = ICP_QAT_HW_CIPHER_ALGO_AES128;
2094 case ICP_QAT_HW_AES_256_KEY_SZ:
2095 *alg = ICP_QAT_HW_CIPHER_ALGO_AES256;
2103 int qat_sym_validate_snow3g_key(int key_len, enum icp_qat_hw_cipher_algo *alg)
2106 case ICP_QAT_HW_SNOW_3G_UEA2_KEY_SZ:
2107 *alg = ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2;
2115 int qat_sym_validate_kasumi_key(int key_len, enum icp_qat_hw_cipher_algo *alg)
2118 case ICP_QAT_HW_KASUMI_KEY_SZ:
2119 *alg = ICP_QAT_HW_CIPHER_ALGO_KASUMI;
2127 int qat_sym_validate_des_key(int key_len, enum icp_qat_hw_cipher_algo *alg)
2130 case ICP_QAT_HW_DES_KEY_SZ:
2131 *alg = ICP_QAT_HW_CIPHER_ALGO_DES;
2139 int qat_sym_validate_3des_key(int key_len, enum icp_qat_hw_cipher_algo *alg)
2142 case QAT_3DES_KEY_SZ_OPT1:
2143 case QAT_3DES_KEY_SZ_OPT2:
2144 case QAT_3DES_KEY_SZ_OPT3:
2145 *alg = ICP_QAT_HW_CIPHER_ALGO_3DES;
2153 int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg)
2156 case ICP_QAT_HW_ZUC_3G_EEA3_KEY_SZ:
2157 *alg = ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3;
2165 #ifdef RTE_LIB_SECURITY
2167 qat_sec_session_check_docsis(struct rte_security_session_conf *conf)
2169 struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform;
2170 struct rte_security_docsis_xform *docsis = &conf->docsis;
2172 /* CRC generate -> Cipher encrypt */
2173 if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) {
2175 if (crypto_sym != NULL &&
2176 crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
2177 crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
2178 crypto_sym->cipher.algo ==
2179 RTE_CRYPTO_CIPHER_AES_DOCSISBPI &&
2180 (crypto_sym->cipher.key.length ==
2181 ICP_QAT_HW_AES_128_KEY_SZ ||
2182 crypto_sym->cipher.key.length ==
2183 ICP_QAT_HW_AES_256_KEY_SZ) &&
2184 crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ &&
2185 crypto_sym->next == NULL) {
2188 /* Cipher decrypt -> CRC verify */
2189 } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) {
2191 if (crypto_sym != NULL &&
2192 crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
2193 crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
2194 crypto_sym->cipher.algo ==
2195 RTE_CRYPTO_CIPHER_AES_DOCSISBPI &&
2196 (crypto_sym->cipher.key.length ==
2197 ICP_QAT_HW_AES_128_KEY_SZ ||
2198 crypto_sym->cipher.key.length ==
2199 ICP_QAT_HW_AES_256_KEY_SZ) &&
2200 crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ &&
2201 crypto_sym->next == NULL) {
2210 qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev,
2211 struct rte_security_session_conf *conf, void *session_private)
2215 struct rte_crypto_sym_xform *xform = NULL;
2216 struct qat_sym_session *session = session_private;
2218 /* Clear the session */
2219 memset(session, 0, qat_sym_session_get_private_size(dev));
2221 ret = qat_sec_session_check_docsis(conf);
2223 QAT_LOG(ERR, "Unsupported DOCSIS security configuration");
2227 xform = conf->crypto_xform;
2229 /* Verify the session physical address is known */
2230 rte_iova_t session_paddr = rte_mempool_virt2iova(session);
2231 if (session_paddr == 0 || session_paddr == RTE_BAD_IOVA) {
2233 "Session physical address unknown. Bad memory pool.");
2237 /* Set context descriptor physical address */
2238 session->cd_paddr = session_paddr +
2239 offsetof(struct qat_sym_session, cd);
2241 session->min_qat_dev_gen = QAT_GEN1;
2243 /* Get requested QAT command id - should be cipher */
2244 qat_cmd_id = qat_get_cmd_id(xform);
2245 if (qat_cmd_id != ICP_QAT_FW_LA_CMD_CIPHER) {
2246 QAT_LOG(ERR, "Unsupported xform chain requested");
2249 session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
2251 ret = qat_sym_session_configure_cipher(dev, xform, session);
2259 qat_security_session_create(void *dev,
2260 struct rte_security_session_conf *conf,
2261 struct rte_security_session *sess,
2262 struct rte_mempool *mempool)
2264 void *sess_private_data;
2265 struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
2268 if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL ||
2269 conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
2270 QAT_LOG(ERR, "Invalid security protocol");
2274 if (rte_mempool_get(mempool, &sess_private_data)) {
2275 QAT_LOG(ERR, "Couldn't get object from session mempool");
2279 ret = qat_sec_session_set_docsis_parameters(cdev, conf,
2282 QAT_LOG(ERR, "Failed to configure session parameters");
2283 /* Return session to mempool */
2284 rte_mempool_put(mempool, sess_private_data);
2288 set_sec_session_private_data(sess, sess_private_data);
2294 qat_security_session_destroy(void *dev __rte_unused,
2295 struct rte_security_session *sess)
2297 void *sess_priv = get_sec_session_private_data(sess);
2298 struct qat_sym_session *s = (struct qat_sym_session *)sess_priv;
2302 bpi_cipher_ctx_free(s->bpi_ctx);
2303 memset(s, 0, qat_sym_session_get_private_size(dev));
2304 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
2306 set_sec_session_private_data(sess, NULL);
2307 rte_mempool_put(sess_mp, sess_priv);
git.droids-corp.org / dpdk.git / blob