X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fdpaa_sec%2Fdpaa_sec.c;h=e0b307cecd2cd4cbf98f6e7d4dbc05c280d2c162;hb=39b88344e36426bea97cb131fb8ff5b4348e4676;hp=ce5e031a9fe21b9ceeac2817f31db160728364dc;hpb=f7a5752e709c2e5d2f9fb46af2f5957fb74a8ef4;p=dpdk.git diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index ce5e031a9f..e0b307cecd 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -15,7 +15,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY #include +#endif #include #include #include @@ -27,16 +29,17 @@ #include #include -#include +#include /* RTA header files */ -#include -#include -#include -#include +#include +#include +#include +#include #include #include +#include #include #include @@ -61,9 +64,6 @@ dpaa_sec_op_ending(struct dpaa_sec_op_ctx *ctx) DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status); ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR; } - - /* report op status to sym->op and then free the ctx memory */ - rte_mempool_put(ctx->ctx_pool, (void *)ctx); } static inline struct dpaa_sec_op_ctx * @@ -72,7 +72,9 @@ dpaa_sec_alloc_ctx(dpaa_sec_session *ses, int sg_count) struct dpaa_sec_op_ctx *ctx; int i, retval; - retval = rte_mempool_get(ses->ctx_pool, (void **)(&ctx)); + retval = rte_mempool_get( + ses->qp[rte_lcore_id() % MAX_DPAA_CORES]->ctx_pool, + (void **)(&ctx)); if (!ctx || retval) { DPAA_SEC_DP_WARN("Alloc sec descriptor failed!"); return NULL; @@ -86,7 +88,7 @@ dpaa_sec_alloc_ctx(dpaa_sec_session *ses, int sg_count) for (i = 0; i < sg_count && i < MAX_JOB_SG_ENTRIES; i += 4) dcbz_64(&ctx->job.sg[i]); - ctx->ctx_pool = ses->ctx_pool; + ctx->ctx_pool = ses->qp[rte_lcore_id() % MAX_DPAA_CORES]->ctx_pool; ctx->vtop_offset = (size_t) ctx - rte_mempool_virt2iova(ctx); return ctx; @@ -242,43 +244,6 @@ dpaa_sec_init_tx(struct qman_fq *fq) return ret; } -static inline int is_cipher_only(dpaa_sec_session *ses) -{ - return ((ses->cipher_alg != RTE_CRYPTO_CIPHER_NULL) && - (ses->auth_alg == RTE_CRYPTO_AUTH_NULL)); -} - -static inline int is_auth_only(dpaa_sec_session *ses) -{ - return ((ses->cipher_alg == RTE_CRYPTO_CIPHER_NULL) && - (ses->auth_alg != RTE_CRYPTO_AUTH_NULL)); -} - -static inline int is_aead(dpaa_sec_session *ses) -{ - return ((ses->cipher_alg == 0) && - (ses->auth_alg == 0) && - (ses->aead_alg != 0)); -} - -static inline int is_auth_cipher(dpaa_sec_session *ses) -{ - return ((ses->cipher_alg != RTE_CRYPTO_CIPHER_NULL) && - (ses->auth_alg != RTE_CRYPTO_AUTH_NULL) && - (ses->proto_alg != RTE_SECURITY_PROTOCOL_PDCP) && - (ses->proto_alg != RTE_SECURITY_PROTOCOL_IPSEC)); -} - -static inline int is_proto_ipsec(dpaa_sec_session *ses) -{ - return (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC); -} - -static inline int is_proto_pdcp(dpaa_sec_session *ses) -{ - return (ses->proto_alg == RTE_SECURITY_PROTOCOL_PDCP); -} - static inline int is_encode(dpaa_sec_session *ses) { return ses->dir == DIR_ENC; @@ -289,102 +254,7 @@ static inline int is_decode(dpaa_sec_session *ses) return ses->dir == DIR_DEC; } -static inline void -caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a) -{ - switch (ses->auth_alg) { - case RTE_CRYPTO_AUTH_NULL: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_NULL : 0; - ses->digest_length = 0; - break; - case RTE_CRYPTO_AUTH_MD5_HMAC: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5; - alginfo_a->algmode = OP_ALG_AAI_HMAC; - break; - case RTE_CRYPTO_AUTH_SHA1_HMAC: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1; - alginfo_a->algmode = OP_ALG_AAI_HMAC; - break; - case RTE_CRYPTO_AUTH_SHA224_HMAC: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224; - alginfo_a->algmode = OP_ALG_AAI_HMAC; - break; - case RTE_CRYPTO_AUTH_SHA256_HMAC: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256; - alginfo_a->algmode = OP_ALG_AAI_HMAC; - break; - case RTE_CRYPTO_AUTH_SHA384_HMAC: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384; - alginfo_a->algmode = OP_ALG_AAI_HMAC; - break; - case RTE_CRYPTO_AUTH_SHA512_HMAC: - alginfo_a->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512; - alginfo_a->algmode = OP_ALG_AAI_HMAC; - break; - default: - DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg); - } -} - -static inline void -caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c) -{ - switch (ses->cipher_alg) { - case RTE_CRYPTO_CIPHER_NULL: - alginfo_c->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_NULL : 0; - break; - case RTE_CRYPTO_CIPHER_AES_CBC: - alginfo_c->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES; - alginfo_c->algmode = OP_ALG_AAI_CBC; - break; - case RTE_CRYPTO_CIPHER_3DES_CBC: - alginfo_c->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES; - alginfo_c->algmode = OP_ALG_AAI_CBC; - break; - case RTE_CRYPTO_CIPHER_AES_CTR: - alginfo_c->algtype = - (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? - OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES; - alginfo_c->algmode = OP_ALG_AAI_CTR; - break; - default: - DPAA_SEC_ERR("unsupported cipher alg %d", ses->cipher_alg); - } -} - -static inline void -caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo) -{ - switch (ses->aead_alg) { - case RTE_CRYPTO_AEAD_AES_GCM: - alginfo->algtype = OP_ALG_ALGSEL_AES; - alginfo->algmode = OP_ALG_AAI_GCM; - break; - default: - DPAA_SEC_ERR("unsupported AEAD alg %d", ses->aead_alg); - } -} - +#ifdef RTE_LIBRTE_SECURITY static int dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) { @@ -399,58 +269,24 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) int swap = true; #endif - switch (ses->cipher_alg) { - case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: - cipherdata.algtype = PDCP_CIPHER_TYPE_SNOW; - break; - case RTE_CRYPTO_CIPHER_ZUC_EEA3: - cipherdata.algtype = PDCP_CIPHER_TYPE_ZUC; - break; - case RTE_CRYPTO_CIPHER_AES_CTR: - cipherdata.algtype = PDCP_CIPHER_TYPE_AES; - break; - case RTE_CRYPTO_CIPHER_NULL: - cipherdata.algtype = PDCP_CIPHER_TYPE_NULL; - break; - default: - DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", - ses->cipher_alg); - return -1; - } - cipherdata.key = (size_t)ses->cipher_key.data; cipherdata.keylen = ses->cipher_key.length; cipherdata.key_enc_flags = 0; cipherdata.key_type = RTA_DATA_IMM; + cipherdata.algtype = ses->cipher_key.alg; + cipherdata.algmode = ses->cipher_key.algmode; cdb->sh_desc[0] = cipherdata.keylen; cdb->sh_desc[1] = 0; cdb->sh_desc[2] = 0; if (ses->auth_alg) { - switch (ses->auth_alg) { - case RTE_CRYPTO_AUTH_SNOW3G_UIA2: - authdata.algtype = PDCP_AUTH_TYPE_SNOW; - break; - case RTE_CRYPTO_AUTH_ZUC_EIA3: - authdata.algtype = PDCP_AUTH_TYPE_ZUC; - break; - case RTE_CRYPTO_AUTH_AES_CMAC: - authdata.algtype = PDCP_AUTH_TYPE_AES; - break; - case RTE_CRYPTO_AUTH_NULL: - authdata.algtype = PDCP_AUTH_TYPE_NULL; - break; - default: - DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", - ses->auth_alg); - return -1; - } - authdata.key = (size_t)ses->auth_key.data; authdata.keylen = ses->auth_key.length; authdata.key_enc_flags = 0; authdata.key_type = RTA_DATA_IMM; + authdata.algtype = ses->auth_key.alg; + authdata.algmode = ses->auth_key.algmode; p_authdata = &authdata; @@ -522,7 +358,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses) ses->pdcp.hfn_threshold, &cipherdata, p_authdata, 0); } - return shared_desc_len; } @@ -540,28 +375,22 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) int swap = true; #endif - caam_cipher_alg(ses, &cipherdata); - if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { - DPAA_SEC_ERR("not supported cipher alg"); - return -ENOTSUP; - } - cipherdata.key = (size_t)ses->cipher_key.data; cipherdata.keylen = ses->cipher_key.length; cipherdata.key_enc_flags = 0; cipherdata.key_type = RTA_DATA_IMM; + cipherdata.algtype = ses->cipher_key.alg; + cipherdata.algmode = ses->cipher_key.algmode; - caam_auth_alg(ses, &authdata); - if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { - DPAA_SEC_ERR("not supported auth alg"); - return -ENOTSUP; + if (ses->auth_key.length) { + authdata.key = (size_t)ses->auth_key.data; + authdata.keylen = ses->auth_key.length; + authdata.key_enc_flags = 0; + authdata.key_type = RTA_DATA_IMM; + authdata.algtype = ses->auth_key.alg; + authdata.algmode = ses->auth_key.algmode; } - authdata.key = (size_t)ses->auth_key.data; - authdata.keylen = ses->auth_key.length; - authdata.key_enc_flags = 0; - authdata.key_type = RTA_DATA_IMM; - cdb->sh_desc[0] = cipherdata.keylen; cdb->sh_desc[1] = authdata.keylen; err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, @@ -607,7 +436,7 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) } return shared_desc_len; } - +#endif /* prepare command block of the session */ static int dpaa_sec_prep_cdb(dpaa_sec_session *ses) @@ -624,46 +453,91 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) memset(cdb, 0, sizeof(struct sec_cdb)); - if (is_proto_ipsec(ses)) { + switch (ses->ctxt) { +#ifdef RTE_LIBRTE_SECURITY + case DPAA_SEC_IPSEC: shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses); - } else if (is_proto_pdcp(ses)) { + break; + case DPAA_SEC_PDCP: shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses); - } else if (is_cipher_only(ses)) { - caam_cipher_alg(ses, &alginfo_c); - if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { - DPAA_SEC_ERR("not supported cipher alg"); - return -ENOTSUP; - } - + break; +#endif + case DPAA_SEC_CIPHER: alginfo_c.key = (size_t)ses->cipher_key.data; alginfo_c.keylen = ses->cipher_key.length; alginfo_c.key_enc_flags = 0; alginfo_c.key_type = RTA_DATA_IMM; + alginfo_c.algtype = ses->cipher_key.alg; + alginfo_c.algmode = ses->cipher_key.algmode; - shared_desc_len = cnstr_shdsc_blkcipher( - cdb->sh_desc, true, - swap, SHR_NEVER, &alginfo_c, - NULL, - ses->iv.length, - ses->dir); - } else if (is_auth_only(ses)) { - caam_auth_alg(ses, &alginfo_a); - if (alginfo_a.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { - DPAA_SEC_ERR("not supported auth alg"); + switch (ses->cipher_alg) { + case RTE_CRYPTO_CIPHER_AES_CBC: + case RTE_CRYPTO_CIPHER_3DES_CBC: + case RTE_CRYPTO_CIPHER_AES_CTR: + case RTE_CRYPTO_CIPHER_3DES_CTR: + shared_desc_len = cnstr_shdsc_blkcipher( + cdb->sh_desc, true, + swap, SHR_NEVER, &alginfo_c, + ses->iv.length, + ses->dir); + break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + shared_desc_len = cnstr_shdsc_snow_f8( + cdb->sh_desc, true, swap, + &alginfo_c, + ses->dir); + break; + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + shared_desc_len = cnstr_shdsc_zuce( + cdb->sh_desc, true, swap, + &alginfo_c, + ses->dir); + break; + default: + DPAA_SEC_ERR("unsupported cipher alg %d", + ses->cipher_alg); return -ENOTSUP; } - + break; + case DPAA_SEC_AUTH: alginfo_a.key = (size_t)ses->auth_key.data; alginfo_a.keylen = ses->auth_key.length; alginfo_a.key_enc_flags = 0; alginfo_a.key_type = RTA_DATA_IMM; - - shared_desc_len = cnstr_shdsc_hmac(cdb->sh_desc, true, - swap, SHR_NEVER, &alginfo_a, - !ses->dir, - ses->digest_length); - } else if (is_aead(ses)) { - caam_aead_alg(ses, &alginfo); + alginfo_a.algtype = ses->auth_key.alg; + alginfo_a.algmode = ses->auth_key.algmode; + switch (ses->auth_alg) { + case RTE_CRYPTO_AUTH_MD5_HMAC: + case RTE_CRYPTO_AUTH_SHA1_HMAC: + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_SHA256_HMAC: + case RTE_CRYPTO_AUTH_SHA384_HMAC: + case RTE_CRYPTO_AUTH_SHA512_HMAC: + shared_desc_len = cnstr_shdsc_hmac( + cdb->sh_desc, true, + swap, SHR_NEVER, &alginfo_a, + !ses->dir, + ses->digest_length); + break; + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + shared_desc_len = cnstr_shdsc_snow_f9( + cdb->sh_desc, true, swap, + &alginfo_a, + !ses->dir, + ses->digest_length); + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + shared_desc_len = cnstr_shdsc_zuca( + cdb->sh_desc, true, swap, + &alginfo_a, + !ses->dir, + ses->digest_length); + break; + default: + DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg); + } + break; + case DPAA_SEC_AEAD: if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { DPAA_SEC_ERR("not supported aead alg"); return -ENOTSUP; @@ -672,6 +546,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) alginfo.keylen = ses->aead_key.length; alginfo.key_enc_flags = 0; alginfo.key_type = RTA_DATA_IMM; + alginfo.algtype = ses->aead_key.alg; + alginfo.algmode = ses->aead_key.algmode; if (ses->dir == DIR_ENC) shared_desc_len = cnstr_shdsc_gcm_encap( @@ -685,28 +561,21 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) &alginfo, ses->iv.length, ses->digest_length); - } else { - caam_cipher_alg(ses, &alginfo_c); - if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { - DPAA_SEC_ERR("not supported cipher alg"); - return -ENOTSUP; - } - + break; + case DPAA_SEC_CIPHER_HASH: alginfo_c.key = (size_t)ses->cipher_key.data; alginfo_c.keylen = ses->cipher_key.length; alginfo_c.key_enc_flags = 0; alginfo_c.key_type = RTA_DATA_IMM; - - caam_auth_alg(ses, &alginfo_a); - if (alginfo_a.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) { - DPAA_SEC_ERR("not supported auth alg"); - return -ENOTSUP; - } + alginfo_c.algtype = ses->cipher_key.alg; + alginfo_c.algmode = ses->cipher_key.algmode; alginfo_a.key = (size_t)ses->auth_key.data; alginfo_a.keylen = ses->auth_key.length; alginfo_a.key_enc_flags = 0; alginfo_a.key_type = RTA_DATA_IMM; + alginfo_a.algtype = ses->auth_key.alg; + alginfo_a.algmode = ses->auth_key.algmode; cdb->sh_desc[0] = alginfo_c.keylen; cdb->sh_desc[1] = alginfo_a.keylen; @@ -741,8 +610,13 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses) */ shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc, true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a, - ses->iv.length, 0, + ses->iv.length, ses->digest_length, ses->dir); + break; + case DPAA_SEC_HASH_CIPHER: + default: + DPAA_SEC_ERR("error: Unsupported session"); + return -ENOTSUP; } if (shared_desc_len < 0) { @@ -848,6 +722,21 @@ build_auth_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) struct qm_sg_entry *sg, *out_sg, *in_sg; phys_addr_t start_addr; uint8_t *old_digest, extra_segs; + int data_len, data_offset; + + data_len = sym->auth.data.length; + data_offset = sym->auth.data.offset; + + if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2 || + ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) { + if ((data_len & 7) || (data_offset & 7)) { + DPAA_SEC_ERR("AUTH: len/offset must be full bytes"); + return NULL; + } + + data_len = data_len >> 3; + data_offset = data_offset >> 3; + } if (is_decode(ses)) extra_segs = 3; @@ -878,23 +767,52 @@ build_auth_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) /* need to extend the input to a compound frame */ in_sg->extension = 1; in_sg->final = 1; - in_sg->length = sym->auth.data.length; + in_sg->length = data_len; qm_sg_entry_set64(in_sg, dpaa_mem_vtop(&cf->sg[2])); /* 1st seg */ sg = in_sg + 1; - qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); - sg->length = mbuf->data_len - sym->auth.data.offset; - sg->offset = sym->auth.data.offset; - /* Successive segs */ - mbuf = mbuf->next; - while (mbuf) { + if (ses->iv.length) { + uint8_t *iv_ptr; + + iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, + ses->iv.offset); + + if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + iv_ptr = conv_to_snow_f9_iv(iv_ptr); + sg->length = 12; + } else if (ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) { + iv_ptr = conv_to_zuc_eia_iv(iv_ptr); + sg->length = 8; + } else { + sg->length = ses->iv.length; + } + qm_sg_entry_set64(sg, dpaa_mem_vtop(iv_ptr)); + in_sg->length += sg->length; cpu_to_hw_sg(sg); sg++; - qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); - sg->length = mbuf->data_len; - mbuf = mbuf->next; + } + + qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); + sg->offset = data_offset; + + if (data_len <= (mbuf->data_len - data_offset)) { + sg->length = data_len; + } else { + sg->length = mbuf->data_len - data_offset; + + /* remaining i/p segs */ + while ((data_len = data_len - sg->length) && + (mbuf = mbuf->next)) { + cpu_to_hw_sg(sg); + sg++; + qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); + if (data_len > mbuf->data_len) + sg->length = mbuf->data_len; + else + sg->length = data_len; + } } if (is_decode(ses)) { @@ -907,9 +825,6 @@ build_auth_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) qm_sg_entry_set64(sg, start_addr); sg->length = ses->digest_length; in_sg->length += ses->digest_length; - } else { - /* Digest calculation case */ - sg->length -= ses->digest_length; } sg->final = 1; cpu_to_hw_sg(sg); @@ -933,9 +848,24 @@ build_auth_only(struct rte_crypto_op *op, dpaa_sec_session *ses) struct rte_mbuf *mbuf = sym->m_src; struct dpaa_sec_job *cf; struct dpaa_sec_op_ctx *ctx; - struct qm_sg_entry *sg; + struct qm_sg_entry *sg, *in_sg; rte_iova_t start_addr; uint8_t *old_digest; + int data_len, data_offset; + + data_len = sym->auth.data.length; + data_offset = sym->auth.data.offset; + + if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2 || + ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) { + if ((data_len & 7) || (data_offset & 7)) { + DPAA_SEC_ERR("AUTH: len/offset must be full bytes"); + return NULL; + } + + data_len = data_len >> 3; + data_offset = data_offset >> 3; + } ctx = dpaa_sec_alloc_ctx(ses, 4); if (!ctx) @@ -953,36 +883,55 @@ build_auth_only(struct rte_crypto_op *op, dpaa_sec_session *ses) cpu_to_hw_sg(sg); /* input */ - sg = &cf->sg[1]; - if (is_decode(ses)) { - /* need to extend the input to a compound frame */ - sg->extension = 1; - qm_sg_entry_set64(sg, dpaa_mem_vtop(&cf->sg[2])); - sg->length = sym->auth.data.length + ses->digest_length; - sg->final = 1; + in_sg = &cf->sg[1]; + /* need to extend the input to a compound frame */ + in_sg->extension = 1; + in_sg->final = 1; + in_sg->length = data_len; + qm_sg_entry_set64(in_sg, dpaa_mem_vtop(&cf->sg[2])); + sg = &cf->sg[2]; + + if (ses->iv.length) { + uint8_t *iv_ptr; + + iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, + ses->iv.offset); + + if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2) { + iv_ptr = conv_to_snow_f9_iv(iv_ptr); + sg->length = 12; + } else if (ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) { + iv_ptr = conv_to_zuc_eia_iv(iv_ptr); + sg->length = 8; + } else { + sg->length = ses->iv.length; + } + qm_sg_entry_set64(sg, dpaa_mem_vtop(iv_ptr)); + in_sg->length += sg->length; cpu_to_hw_sg(sg); + sg++; + } - sg = &cf->sg[2]; + qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); + sg->offset = data_offset; + sg->length = data_len; + + if (is_decode(ses)) { + /* Digest verification case */ + cpu_to_hw_sg(sg); /* hash result or digest, save digest first */ rte_memcpy(old_digest, sym->auth.digest.data, - ses->digest_length); - qm_sg_entry_set64(sg, start_addr + sym->auth.data.offset); - sg->length = sym->auth.data.length; - cpu_to_hw_sg(sg); - + ses->digest_length); /* let's check digest by hw */ start_addr = dpaa_mem_vtop(old_digest); sg++; qm_sg_entry_set64(sg, start_addr); sg->length = ses->digest_length; - sg->final = 1; - cpu_to_hw_sg(sg); - } else { - qm_sg_entry_set64(sg, start_addr + sym->auth.data.offset); - sg->length = sym->auth.data.length; - sg->final = 1; - cpu_to_hw_sg(sg); + in_sg->length += ses->digest_length; } + sg->final = 1; + cpu_to_hw_sg(sg); + cpu_to_hw_sg(in_sg); return cf; } @@ -998,6 +947,21 @@ build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) uint8_t req_segs; uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, ses->iv.offset); + int data_len, data_offset; + + data_len = sym->cipher.data.length; + data_offset = sym->cipher.data.offset; + + if (ses->cipher_alg == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 || + ses->cipher_alg == RTE_CRYPTO_CIPHER_ZUC_EEA3) { + if ((data_len & 7) || (data_offset & 7)) { + DPAA_SEC_ERR("CIPHER: len/offset must be full bytes"); + return NULL; + } + + data_len = data_len >> 3; + data_offset = data_offset >> 3; + } if (sym->m_dst) { mbuf = sym->m_dst; @@ -1006,7 +970,6 @@ build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) mbuf = sym->m_src; req_segs = mbuf->nb_segs * 2 + 3; } - if (mbuf->nb_segs > MAX_SG_ENTRIES) { DPAA_SEC_DP_ERR("Cipher: Max sec segs supported is %d", MAX_SG_ENTRIES); @@ -1023,15 +986,15 @@ build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) /* output */ out_sg = &cf->sg[0]; out_sg->extension = 1; - out_sg->length = sym->cipher.data.length; + out_sg->length = data_len; qm_sg_entry_set64(out_sg, dpaa_mem_vtop(&cf->sg[2])); cpu_to_hw_sg(out_sg); /* 1st seg */ sg = &cf->sg[2]; qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); - sg->length = mbuf->data_len - sym->cipher.data.offset; - sg->offset = sym->cipher.data.offset; + sg->length = mbuf->data_len - data_offset; + sg->offset = data_offset; /* Successive segs */ mbuf = mbuf->next; @@ -1050,7 +1013,7 @@ build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) in_sg = &cf->sg[1]; in_sg->extension = 1; in_sg->final = 1; - in_sg->length = sym->cipher.data.length + ses->iv.length; + in_sg->length = data_len + ses->iv.length; sg++; qm_sg_entry_set64(in_sg, dpaa_mem_vtop(sg)); @@ -1064,8 +1027,8 @@ build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) /* 1st seg */ sg++; qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); - sg->length = mbuf->data_len - sym->cipher.data.offset; - sg->offset = sym->cipher.data.offset; + sg->length = mbuf->data_len - data_offset; + sg->offset = data_offset; /* Successive segs */ mbuf = mbuf->next; @@ -1092,6 +1055,21 @@ build_cipher_only(struct rte_crypto_op *op, dpaa_sec_session *ses) rte_iova_t src_start_addr, dst_start_addr; uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, ses->iv.offset); + int data_len, data_offset; + + data_len = sym->cipher.data.length; + data_offset = sym->cipher.data.offset; + + if (ses->cipher_alg == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 || + ses->cipher_alg == RTE_CRYPTO_CIPHER_ZUC_EEA3) { + if ((data_len & 7) || (data_offset & 7)) { + DPAA_SEC_ERR("CIPHER: len/offset must be full bytes"); + return NULL; + } + + data_len = data_len >> 3; + data_offset = data_offset >> 3; + } ctx = dpaa_sec_alloc_ctx(ses, 4); if (!ctx) @@ -1109,8 +1087,8 @@ build_cipher_only(struct rte_crypto_op *op, dpaa_sec_session *ses) /* output */ sg = &cf->sg[0]; - qm_sg_entry_set64(sg, dst_start_addr + sym->cipher.data.offset); - sg->length = sym->cipher.data.length + ses->iv.length; + qm_sg_entry_set64(sg, dst_start_addr + data_offset); + sg->length = data_len + ses->iv.length; cpu_to_hw_sg(sg); /* input */ @@ -1119,7 +1097,7 @@ build_cipher_only(struct rte_crypto_op *op, dpaa_sec_session *ses) /* need to extend the input to a compound frame */ sg->extension = 1; sg->final = 1; - sg->length = sym->cipher.data.length + ses->iv.length; + sg->length = data_len + ses->iv.length; qm_sg_entry_set64(sg, dpaa_mem_vtop(&cf->sg[2])); cpu_to_hw_sg(sg); @@ -1129,8 +1107,8 @@ build_cipher_only(struct rte_crypto_op *op, dpaa_sec_session *ses) cpu_to_hw_sg(sg); sg++; - qm_sg_entry_set64(sg, src_start_addr + sym->cipher.data.offset); - sg->length = sym->cipher.data.length; + qm_sg_entry_set64(sg, src_start_addr + data_offset); + sg->length = data_len; sg->final = 1; cpu_to_hw_sg(sg); @@ -1179,10 +1157,9 @@ build_cipher_auth_gcm_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) out_sg = &cf->sg[0]; out_sg->extension = 1; if (is_encode(ses)) - out_sg->length = sym->aead.data.length + ses->auth_only_len - + ses->digest_length; + out_sg->length = sym->aead.data.length + ses->digest_length; else - out_sg->length = sym->aead.data.length + ses->auth_only_len; + out_sg->length = sym->aead.data.length; /* output sg entries */ sg = &cf->sg[2]; @@ -1191,9 +1168,8 @@ build_cipher_auth_gcm_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) /* 1st seg */ qm_sg_entry_set64(sg, rte_pktmbuf_mtophys(mbuf)); - sg->length = mbuf->data_len - sym->aead.data.offset + - ses->auth_only_len; - sg->offset = sym->aead.data.offset - ses->auth_only_len; + sg->length = mbuf->data_len - sym->aead.data.offset; + sg->offset = sym->aead.data.offset; /* Successive segs */ mbuf = mbuf->next; @@ -1366,8 +1342,8 @@ build_cipher_auth_gcm(struct rte_crypto_op *op, dpaa_sec_session *ses) sg++; qm_sg_entry_set64(&cf->sg[0], dpaa_mem_vtop(sg)); qm_sg_entry_set64(sg, - dst_start_addr + sym->aead.data.offset - ses->auth_only_len); - sg->length = sym->aead.data.length + ses->auth_only_len; + dst_start_addr + sym->aead.data.offset); + sg->length = sym->aead.data.length; length = sg->length; if (is_encode(ses)) { cpu_to_hw_sg(sg); @@ -1609,6 +1585,7 @@ build_cipher_auth(struct rte_crypto_op *op, dpaa_sec_session *ses) return cf; } +#ifdef RTE_LIBRTE_SECURITY static inline struct dpaa_sec_job * build_proto(struct rte_crypto_op *op, dpaa_sec_session *ses) { @@ -1740,6 +1717,7 @@ build_proto_sg(struct rte_crypto_op *op, dpaa_sec_session *ses) return cf; } +#endif static uint16_t dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, @@ -1754,7 +1732,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, struct rte_crypto_op *op; struct dpaa_sec_job *cf; dpaa_sec_session *ses; - uint32_t auth_only_len; + uint16_t auth_hdr_len, auth_tail_len; + uint32_t index, flags[DPAA_SEC_BURST] = {0}; struct qman_fq *inq[DPAA_SEC_BURST]; while (nb_ops) { @@ -1762,6 +1741,18 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, DPAA_SEC_BURST : nb_ops; for (loop = 0; loop < frames_to_send; loop++) { op = *(ops++); + if (op->sym->m_src->seqn != 0) { + index = op->sym->m_src->seqn - 1; + if (DPAA_PER_LCORE_DQRR_HELD & (1 << index)) { + /* QM_EQCR_DCA_IDXMASK = 0x0f */ + flags[loop] = ((index & 0x0f) << 8); + flags[loop] |= QMAN_ENQUEUE_FLAG_DCA; + DPAA_PER_LCORE_DQRR_SIZE--; + DPAA_PER_LCORE_DQRR_HELD &= + ~(1 << index); + } + } + switch (op->sess_type) { case RTE_CRYPTO_OP_WITH_SESSION: ses = (dpaa_sec_session *) @@ -1769,11 +1760,13 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, op->sym->session, cryptodev_driver_id); break; +#ifdef RTE_LIBRTE_SECURITY case RTE_CRYPTO_OP_SECURITY_SESSION: ses = (dpaa_sec_session *) get_sec_session_private_data( op->sym->sec_session); break; +#endif default: DPAA_SEC_DP_ERR( "sessionless crypto op not supported"); @@ -1781,6 +1774,14 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, nb_ops = loop; goto send_pkts; } + + if (!ses) { + DPAA_SEC_DP_ERR("session not available"); + frames_to_send = loop; + nb_ops = loop; + goto send_pkts; + } + if (unlikely(!ses->qp[rte_lcore_id() % MAX_DPAA_CORES])) { if (dpaa_sec_attach_sess_q(qp, ses)) { frames_to_send = loop; @@ -1798,43 +1799,75 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, goto send_pkts; } - auth_only_len = op->sym->auth.data.length - + auth_hdr_len = op->sym->auth.data.length - op->sym->cipher.data.length; + auth_tail_len = 0; + if (rte_pktmbuf_is_contiguous(op->sym->m_src) && ((op->sym->m_dst == NULL) || rte_pktmbuf_is_contiguous(op->sym->m_dst))) { - if (is_proto_ipsec(ses)) { - cf = build_proto(op, ses); - } else if (is_proto_pdcp(ses)) { + switch (ses->ctxt) { +#ifdef RTE_LIBRTE_SECURITY + case DPAA_SEC_PDCP: + case DPAA_SEC_IPSEC: cf = build_proto(op, ses); - } else if (is_auth_only(ses)) { + break; +#endif + case DPAA_SEC_AUTH: cf = build_auth_only(op, ses); - } else if (is_cipher_only(ses)) { + break; + case DPAA_SEC_CIPHER: cf = build_cipher_only(op, ses); - } else if (is_aead(ses)) { + break; + case DPAA_SEC_AEAD: cf = build_cipher_auth_gcm(op, ses); - auth_only_len = ses->auth_only_len; - } else if (is_auth_cipher(ses)) { + auth_hdr_len = ses->auth_only_len; + break; + case DPAA_SEC_CIPHER_HASH: + auth_hdr_len = + op->sym->cipher.data.offset + - op->sym->auth.data.offset; + auth_tail_len = + op->sym->auth.data.length + - op->sym->cipher.data.length + - auth_hdr_len; cf = build_cipher_auth(op, ses); - } else { + break; + default: DPAA_SEC_DP_ERR("not supported ops"); frames_to_send = loop; nb_ops = loop; goto send_pkts; } } else { - if (is_proto_pdcp(ses) || is_proto_ipsec(ses)) { + switch (ses->ctxt) { +#ifdef RTE_LIBRTE_SECURITY + case DPAA_SEC_PDCP: + case DPAA_SEC_IPSEC: cf = build_proto_sg(op, ses); - } else if (is_auth_only(ses)) { + break; +#endif + case DPAA_SEC_AUTH: cf = build_auth_only_sg(op, ses); - } else if (is_cipher_only(ses)) { + break; + case DPAA_SEC_CIPHER: cf = build_cipher_only_sg(op, ses); - } else if (is_aead(ses)) { + break; + case DPAA_SEC_AEAD: cf = build_cipher_auth_gcm_sg(op, ses); - auth_only_len = ses->auth_only_len; - } else if (is_auth_cipher(ses)) { + auth_hdr_len = ses->auth_only_len; + break; + case DPAA_SEC_CIPHER_HASH: + auth_hdr_len = + op->sym->cipher.data.offset + - op->sym->auth.data.offset; + auth_tail_len = + op->sym->auth.data.length + - op->sym->cipher.data.length + - auth_hdr_len; cf = build_cipher_auth_sg(op, ses); - } else { + break; + default: DPAA_SEC_DP_ERR("not supported ops"); frames_to_send = loop; nb_ops = loop; @@ -1854,33 +1887,37 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, qm_fd_addr_set64(fd, dpaa_mem_vtop(cf->sg)); fd->_format1 = qm_fd_compound; fd->length29 = 2 * sizeof(struct qm_sg_entry); + /* Auth_only_len is set as 0 in descriptor and it is * overwritten here in the fd.cmd which will update * the DPOVRD reg. */ - if (auth_only_len) - fd->cmd = 0x80000000 | auth_only_len; + if (auth_hdr_len || auth_tail_len) { + fd->cmd = 0x80000000; + fd->cmd |= + ((auth_tail_len << 16) | auth_hdr_len); + } +#ifdef RTE_LIBRTE_SECURITY /* In case of PDCP, per packet HFN is stored in * mbuf priv after sym_op. */ - if (is_proto_pdcp(ses) && ses->pdcp.hfn_ovd) { + if ((ses->ctxt == DPAA_SEC_PDCP) && ses->pdcp.hfn_ovd) { fd->cmd = 0x80000000 | *((uint32_t *)((uint8_t *)op + ses->pdcp.hfn_ovd_offset)); - DPAA_SEC_DP_DEBUG("Per packet HFN: %x, ovd:%u,%u\n", + DPAA_SEC_DP_DEBUG("Per packet HFN: %x, ovd:%u\n", *((uint32_t *)((uint8_t *)op + ses->pdcp.hfn_ovd_offset)), - ses->pdcp.hfn_ovd, - is_proto_pdcp(ses)); + ses->pdcp.hfn_ovd); } - +#endif } send_pkts: loop = 0; while (loop < frames_to_send) { loop += qman_enqueue_multi_fq(&inq[loop], &fds[loop], - frames_to_send - loop); + &flags[loop], frames_to_send - loop); } nb_ops -= frames_to_send; num_tx += frames_to_send; @@ -1929,6 +1966,7 @@ dpaa_sec_queue_pair_release(struct rte_cryptodev *dev, } qp = &internals->qps[qp_id]; + rte_mempool_free(qp->ctx_pool); qp->internals = NULL; dev->data->queue_pairs[qp_id] = NULL; @@ -1943,6 +1981,7 @@ dpaa_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id, { struct dpaa_sec_dev_private *internals; struct dpaa_sec_qp *qp = NULL; + char str[20]; DPAA_SEC_DEBUG("dev =%p, queue =%d, conf =%p", dev, qp_id, qp_conf); @@ -1955,11 +1994,27 @@ dpaa_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id, qp = &internals->qps[qp_id]; qp->internals = internals; - dev->data->queue_pairs[qp_id] = qp; - - return 0; -} - + snprintf(str, sizeof(str), "ctx_pool_d%d_qp%d", + dev->data->dev_id, qp_id); + if (!qp->ctx_pool) { + qp->ctx_pool = rte_mempool_create((const char *)str, + CTX_POOL_NUM_BUFS, + CTX_POOL_BUF_SIZE, + CTX_POOL_CACHE_SIZE, 0, + NULL, NULL, NULL, NULL, + SOCKET_ID_ANY, 0); + if (!qp->ctx_pool) { + DPAA_SEC_ERR("%s create failed\n", str); + return -ENOMEM; + } + } else + DPAA_SEC_INFO("mempool already created for dev_id : %d, qp: %d", + dev->data->dev_id, qp_id); + dev->data->queue_pairs[qp_id] = qp; + + return 0; +} + /** Return the number of allocated queue pairs */ static uint32_t dpaa_sec_queue_pair_count(struct rte_cryptodev *dev) @@ -1983,6 +2038,7 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused, struct rte_crypto_sym_xform *xform, dpaa_sec_session *session) { + session->ctxt = DPAA_SEC_CIPHER; session->cipher_alg = xform->cipher.algo; session->iv.length = xform->cipher.iv.length; session->iv.offset = xform->cipher.iv.offset; @@ -1996,6 +2052,31 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused, memcpy(session->cipher_key.data, xform->cipher.key.data, xform->cipher.key.length); + switch (xform->cipher.algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + session->cipher_key.alg = OP_ALG_ALGSEL_AES; + session->cipher_key.algmode = OP_ALG_AAI_CBC; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + session->cipher_key.alg = OP_ALG_ALGSEL_3DES; + session->cipher_key.algmode = OP_ALG_AAI_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + session->cipher_key.alg = OP_ALG_ALGSEL_AES; + session->cipher_key.algmode = OP_ALG_AAI_CTR; + break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8; + break; + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE; + break; + default: + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", + xform->cipher.algo); + rte_free(session->cipher_key.data); + return -1; + } session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ? DIR_ENC : DIR_DEC; @@ -2007,6 +2088,7 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused, struct rte_crypto_sym_xform *xform, dpaa_sec_session *session) { + session->ctxt = DPAA_SEC_AUTH; session->auth_alg = xform->auth.algo; session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length, RTE_CACHE_LINE_SIZE); @@ -2016,21 +2098,173 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused, } session->auth_key.length = xform->auth.key.length; session->digest_length = xform->auth.digest_length; + if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) { + session->iv.offset = xform->auth.iv.offset; + session->iv.length = xform->auth.iv.length; + } memcpy(session->auth_key.data, xform->auth.key.data, xform->auth.key.length); + + switch (xform->auth.algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA1; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_MD5; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA224; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA256; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA384; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA512; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9; + session->auth_key.algmode = OP_ALG_AAI_F9; + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + session->auth_key.alg = OP_ALG_ALGSEL_ZUCA; + session->auth_key.algmode = OP_ALG_AAI_F9; + break; + default: + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u", + xform->auth.algo); + rte_free(session->auth_key.data); + return -1; + } + session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ? DIR_ENC : DIR_DEC; return 0; } +static int +dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused, + struct rte_crypto_sym_xform *xform, + dpaa_sec_session *session) +{ + + struct rte_crypto_cipher_xform *cipher_xform; + struct rte_crypto_auth_xform *auth_xform; + + session->ctxt = DPAA_SEC_CIPHER_HASH; + if (session->auth_cipher_text) { + cipher_xform = &xform->cipher; + auth_xform = &xform->next->auth; + } else { + cipher_xform = &xform->next->cipher; + auth_xform = &xform->auth; + } + + /* Set IV parameters */ + session->iv.offset = cipher_xform->iv.offset; + session->iv.length = cipher_xform->iv.length; + + session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) { + DPAA_SEC_ERR("No Memory for cipher key"); + return -1; + } + session->cipher_key.length = cipher_xform->key.length; + session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->auth_key.data == NULL && auth_xform->key.length > 0) { + DPAA_SEC_ERR("No Memory for auth key"); + rte_free(session->cipher_key.data); + return -ENOMEM; + } + session->auth_key.length = auth_xform->key.length; + memcpy(session->cipher_key.data, cipher_xform->key.data, + cipher_xform->key.length); + memcpy(session->auth_key.data, auth_xform->key.data, + auth_xform->key.length); + + session->digest_length = auth_xform->digest_length; + session->auth_alg = auth_xform->algo; + + switch (auth_xform->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA1; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_MD5; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA224; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA256; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA384; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + session->auth_key.alg = OP_ALG_ALGSEL_SHA512; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + default: + DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u", + auth_xform->algo); + goto error_out; + } + + session->cipher_alg = cipher_xform->algo; + + switch (cipher_xform->algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + session->cipher_key.alg = OP_ALG_ALGSEL_AES; + session->cipher_key.algmode = OP_ALG_AAI_CBC; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + session->cipher_key.alg = OP_ALG_ALGSEL_3DES; + session->cipher_key.algmode = OP_ALG_AAI_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + session->cipher_key.alg = OP_ALG_ALGSEL_AES; + session->cipher_key.algmode = OP_ALG_AAI_CTR; + break; + default: + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", + cipher_xform->algo); + goto error_out; + } + session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ? + DIR_ENC : DIR_DEC; + return 0; + +error_out: + rte_free(session->cipher_key.data); + rte_free(session->auth_key.data); + return -1; +} + static int dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused, struct rte_crypto_sym_xform *xform, dpaa_sec_session *session) { session->aead_alg = xform->aead.algo; + session->ctxt = DPAA_SEC_AEAD; session->iv.length = xform->aead.iv.length; session->iv.offset = xform->aead.iv.offset; session->auth_only_len = xform->aead.aad_length; @@ -2045,6 +2279,18 @@ dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused, memcpy(session->aead_key.data, xform->aead.key.data, xform->aead.key.length); + + switch (session->aead_alg) { + case RTE_CRYPTO_AEAD_AES_GCM: + session->aead_key.alg = OP_ALG_ALGSEL_AES; + session->aead_key.algmode = OP_ALG_AAI_GCM; + break; + default: + DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg); + rte_free(session->aead_key.data); + return -ENOMEM; + } + session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ? DIR_ENC : DIR_DEC; @@ -2056,7 +2302,7 @@ dpaa_sec_attach_rxq(struct dpaa_sec_dev_private *qi) { unsigned int i; - for (i = 0; i < qi->max_nb_sessions * MAX_DPAA_CORES; i++) { + for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) { if (qi->inq_attach[i] == 0) { qi->inq_attach[i] = 1; return &qi->inq[i]; @@ -2072,9 +2318,10 @@ dpaa_sec_detach_rxq(struct dpaa_sec_dev_private *qi, struct qman_fq *fq) { unsigned int i; - for (i = 0; i < qi->max_nb_sessions; i++) { + for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) { if (&qi->inq[i] == fq) { - qman_retire_fq(fq, NULL); + if (qman_retire_fq(fq, NULL) != 0) + DPAA_SEC_WARN("Queue is not retired\n"); qman_oos_fq(fq); qi->inq_attach[i] = 0; return 0; @@ -2117,6 +2364,7 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev, struct dpaa_sec_dev_private *internals = dev->data->dev_private; dpaa_sec_session *session = sess; uint32_t i; + int ret; PMD_INIT_FUNC_TRACE(); @@ -2132,31 +2380,42 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev, /* Cipher Only */ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) { session->auth_alg = RTE_CRYPTO_AUTH_NULL; - dpaa_sec_cipher_init(dev, xform, session); + ret = dpaa_sec_cipher_init(dev, xform, session); /* Authentication Only */ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL) { session->cipher_alg = RTE_CRYPTO_CIPHER_NULL; - dpaa_sec_auth_init(dev, xform, session); + session->ctxt = DPAA_SEC_AUTH; + ret = dpaa_sec_auth_init(dev, xform, session); /* Cipher then Authenticate */ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { - dpaa_sec_cipher_init(dev, xform, session); - dpaa_sec_auth_init(dev, xform->next, session); + session->auth_cipher_text = 1; + if (xform->cipher.algo == RTE_CRYPTO_CIPHER_NULL) + ret = dpaa_sec_auth_init(dev, xform, session); + else if (xform->next->auth.algo == RTE_CRYPTO_AUTH_NULL) + ret = dpaa_sec_cipher_init(dev, xform, session); + else + ret = dpaa_sec_chain_init(dev, xform, session); } else { DPAA_SEC_ERR("Not supported: Auth then Cipher"); return -EINVAL; } - /* Authenticate then Cipher */ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { - dpaa_sec_auth_init(dev, xform, session); - dpaa_sec_cipher_init(dev, xform->next, session); + session->auth_cipher_text = 0; + if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL) + ret = dpaa_sec_cipher_init(dev, xform, session); + else if (xform->next->cipher.algo + == RTE_CRYPTO_CIPHER_NULL) + ret = dpaa_sec_auth_init(dev, xform, session); + else + ret = dpaa_sec_chain_init(dev, xform, session); } else { DPAA_SEC_ERR("Not supported: Auth then Cipher"); return -EINVAL; @@ -2165,13 +2424,17 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev, /* AEAD operation for AES-GCM kind of Algorithms */ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD && xform->next == NULL) { - dpaa_sec_aead_init(dev, xform, session); + ret = dpaa_sec_aead_init(dev, xform, session); } else { DPAA_SEC_ERR("Invalid crypto type"); return -EINVAL; } - session->ctx_pool = internals->ctx_pool; + if (ret) { + DPAA_SEC_ERR("unable to init session"); + goto err1; + } + rte_spinlock_lock(&internals->lock); for (i = 0; i < MAX_DPAA_CORES; i++) { session->inq[i] = dpaa_sec_attach_rxq(internals); @@ -2260,33 +2523,68 @@ dpaa_sec_sym_session_clear(struct rte_cryptodev *dev, } } +#ifdef RTE_LIBRTE_SECURITY static int -dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, - struct rte_security_session_conf *conf, - void *sess) +dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform, + struct rte_security_ipsec_xform *ipsec_xform, + dpaa_sec_session *session) { - struct dpaa_sec_dev_private *internals = dev->data->dev_private; - struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec; - struct rte_crypto_auth_xform *auth_xform = NULL; - struct rte_crypto_cipher_xform *cipher_xform = NULL; - dpaa_sec_session *session = (dpaa_sec_session *)sess; - uint32_t i; - PMD_INIT_FUNC_TRACE(); - memset(session, 0, sizeof(dpaa_sec_session)); - if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { - cipher_xform = &conf->crypto_xform->cipher; - if (conf->crypto_xform->next) - auth_xform = &conf->crypto_xform->next->auth; - } else { - auth_xform = &conf->crypto_xform->auth; - if (conf->crypto_xform->next) - cipher_xform = &conf->crypto_xform->next->cipher; + session->aead_key.data = rte_zmalloc(NULL, aead_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->aead_key.data == NULL && aead_xform->key.length > 0) { + DPAA_SEC_ERR("No Memory for aead key"); + return -1; } - session->proto_alg = conf->protocol; + memcpy(session->aead_key.data, aead_xform->key.data, + aead_xform->key.length); + + session->digest_length = aead_xform->digest_length; + session->aead_key.length = aead_xform->key.length; - if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) { + switch (aead_xform->algo) { + case RTE_CRYPTO_AEAD_AES_GCM: + switch (session->digest_length) { + case 8: + session->aead_key.alg = OP_PCL_IPSEC_AES_GCM8; + break; + case 12: + session->aead_key.alg = OP_PCL_IPSEC_AES_GCM12; + break; + case 16: + session->aead_key.alg = OP_PCL_IPSEC_AES_GCM16; + break; + default: + DPAA_SEC_ERR("Crypto: Undefined GCM digest %d", + session->digest_length); + return -1; + } + if (session->dir == DIR_ENC) { + memcpy(session->encap_pdb.gcm.salt, + (uint8_t *)&(ipsec_xform->salt), 4); + } else { + memcpy(session->decap_pdb.gcm.salt, + (uint8_t *)&(ipsec_xform->salt), 4); + } + session->aead_key.algmode = OP_ALG_AAI_GCM; + session->aead_alg = RTE_CRYPTO_AEAD_AES_GCM; + break; + default: + DPAA_SEC_ERR("Crypto: Undefined AEAD specified %u", + aead_xform->algo); + return -1; + } + return 0; +} + +static int +dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform, + struct rte_crypto_auth_xform *auth_xform, + struct rte_security_ipsec_xform *ipsec_xform, + dpaa_sec_session *session) +{ + if (cipher_xform) { session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length, RTE_CACHE_LINE_SIZE); @@ -2295,20 +2593,10 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, DPAA_SEC_ERR("No Memory for cipher key"); return -ENOMEM; } + + session->cipher_key.length = cipher_xform->key.length; memcpy(session->cipher_key.data, cipher_xform->key.data, cipher_xform->key.length); - session->cipher_key.length = cipher_xform->key.length; - - switch (cipher_xform->algo) { - case RTE_CRYPTO_CIPHER_AES_CBC: - case RTE_CRYPTO_CIPHER_3DES_CBC: - case RTE_CRYPTO_CIPHER_AES_CTR: - break; - default: - DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u", - cipher_xform->algo); - goto out; - } session->cipher_alg = cipher_xform->algo; } else { session->cipher_key.data = NULL; @@ -2316,46 +2604,173 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, session->cipher_alg = RTE_CRYPTO_CIPHER_NULL; } - if (auth_xform && auth_xform->algo != RTE_CRYPTO_AUTH_NULL) { + if (auth_xform) { session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length, RTE_CACHE_LINE_SIZE); if (session->auth_key.data == NULL && auth_xform->key.length > 0) { DPAA_SEC_ERR("No Memory for auth key"); - rte_free(session->cipher_key.data); return -ENOMEM; } + session->auth_key.length = auth_xform->key.length; memcpy(session->auth_key.data, auth_xform->key.data, auth_xform->key.length); - session->auth_key.length = auth_xform->key.length; - - switch (auth_xform->algo) { - case RTE_CRYPTO_AUTH_SHA1_HMAC: - case RTE_CRYPTO_AUTH_MD5_HMAC: - case RTE_CRYPTO_AUTH_SHA256_HMAC: - case RTE_CRYPTO_AUTH_SHA384_HMAC: - case RTE_CRYPTO_AUTH_SHA512_HMAC: - case RTE_CRYPTO_AUTH_AES_CMAC: - break; - default: - DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", - auth_xform->algo); - goto out; - } session->auth_alg = auth_xform->algo; + session->digest_length = auth_xform->digest_length; } else { session->auth_key.data = NULL; session->auth_key.length = 0; session->auth_alg = RTE_CRYPTO_AUTH_NULL; } + switch (session->auth_alg) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + if (session->digest_length != 16) + DPAA_SEC_WARN( + "+++Using sha256-hmac truncated len is non-standard," + "it will not work with lookaside proto"); + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256; + session->auth_key.algmode = OP_ALG_AAI_HMAC; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96; + break; + case RTE_CRYPTO_AUTH_NULL: + session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + case RTE_CRYPTO_AUTH_SHA1: + case RTE_CRYPTO_AUTH_SHA256: + case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA224: + case RTE_CRYPTO_AUTH_SHA384: + case RTE_CRYPTO_AUTH_MD5: + case RTE_CRYPTO_AUTH_AES_GMAC: + case RTE_CRYPTO_AUTH_KASUMI_F9: + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_ZUC_EIA3: + DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", + session->auth_alg); + return -1; + default: + DPAA_SEC_ERR("Crypto: Undefined Auth specified %u", + session->auth_alg); + return -1; + } + + switch (session->cipher_alg) { + case RTE_CRYPTO_CIPHER_AES_CBC: + session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC; + session->cipher_key.algmode = OP_ALG_AAI_CBC; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + session->cipher_key.alg = OP_PCL_IPSEC_3DES; + session->cipher_key.algmode = OP_ALG_AAI_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR; + session->cipher_key.algmode = OP_ALG_AAI_CTR; + if (session->dir == DIR_ENC) { + session->encap_pdb.ctr.ctr_initial = 0x00000001; + session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt; + } else { + session->decap_pdb.ctr.ctr_initial = 0x00000001; + session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt; + } + break; + case RTE_CRYPTO_CIPHER_NULL: + session->cipher_key.alg = OP_PCL_IPSEC_NULL; + break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + case RTE_CRYPTO_CIPHER_3DES_ECB: + case RTE_CRYPTO_CIPHER_AES_ECB: + case RTE_CRYPTO_CIPHER_KASUMI_F8: + DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u", + session->cipher_alg); + return -1; + default: + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", + session->cipher_alg); + return -1; + } + + return 0; +} + +static int +dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess) +{ + struct dpaa_sec_dev_private *internals = dev->data->dev_private; + struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec; + struct rte_crypto_auth_xform *auth_xform = NULL; + struct rte_crypto_cipher_xform *cipher_xform = NULL; + struct rte_crypto_aead_xform *aead_xform = NULL; + dpaa_sec_session *session = (dpaa_sec_session *)sess; + uint32_t i; + int ret; + + PMD_INIT_FUNC_TRACE(); + + memset(session, 0, sizeof(dpaa_sec_session)); + session->proto_alg = conf->protocol; + session->ctxt = DPAA_SEC_IPSEC; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + session->dir = DIR_ENC; + else + session->dir = DIR_DEC; + + if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + cipher_xform = &conf->crypto_xform->cipher; + if (conf->crypto_xform->next) + auth_xform = &conf->crypto_xform->next->auth; + ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform, + ipsec_xform, session); + } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + auth_xform = &conf->crypto_xform->auth; + if (conf->crypto_xform->next) + cipher_xform = &conf->crypto_xform->next->cipher; + ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform, + ipsec_xform, session); + } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + aead_xform = &conf->crypto_xform->aead; + ret = dpaa_sec_ipsec_aead_init(aead_xform, + ipsec_xform, session); + } else { + DPAA_SEC_ERR("XFORM not specified"); + ret = -EINVAL; + goto out; + } + if (ret) { + DPAA_SEC_ERR("Failed to process xform"); + goto out; + } + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { - memset(&session->encap_pdb, 0, - sizeof(struct ipsec_encap_pdb) + - sizeof(session->ip4_hdr)); session->ip4_hdr.ip_v = IPVERSION; session->ip4_hdr.ip_hl = 5; session->ip4_hdr.ip_len = rte_cpu_to_be_16( @@ -2378,9 +2793,6 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, session->encap_pdb.ip_hdr_len = sizeof(struct ip); } else if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) { - memset(&session->encap_pdb, 0, - sizeof(struct ipsec_encap_pdb) + - sizeof(session->ip6_hdr)); session->ip6_hdr.vtc_flow = rte_cpu_to_be_32( DPAA_IPv6_DEFAULT_VTC_FLOW | ((ipsec_xform->tunnel.ipv6.dscp << @@ -2412,10 +2824,9 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, if (ipsec_xform->options.esn) session->encap_pdb.options |= PDBOPTS_ESP_ESN; session->encap_pdb.spi = ipsec_xform->spi; - session->dir = DIR_ENC; + } else if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { - memset(&session->decap_pdb, 0, sizeof(struct ipsec_decap_pdb)); if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) session->decap_pdb.options = sizeof(struct ip) << 16; else @@ -2423,10 +2834,29 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, sizeof(struct rte_ipv6_hdr) << 16; if (ipsec_xform->options.esn) session->decap_pdb.options |= PDBOPTS_ESP_ESN; - session->dir = DIR_DEC; + if (ipsec_xform->replay_win_sz) { + uint32_t win_sz; + win_sz = rte_align32pow2(ipsec_xform->replay_win_sz); + + switch (win_sz) { + case 1: + case 2: + case 4: + case 8: + case 16: + case 32: + session->decap_pdb.options |= PDBOPTS_ESP_ARS32; + break; + case 64: + session->decap_pdb.options |= PDBOPTS_ESP_ARS64; + break; + default: + session->decap_pdb.options |= + PDBOPTS_ESP_ARS128; + } + } } else goto out; - session->ctx_pool = internals->ctx_pool; rte_spinlock_lock(&internals->lock); for (i = 0; i < MAX_DPAA_CORES; i++) { session->inq[i] = dpaa_sec_attach_rxq(internals); @@ -2478,7 +2908,28 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, } session->proto_alg = conf->protocol; + session->ctxt = DPAA_SEC_PDCP; + if (cipher_xform) { + switch (cipher_xform->algo) { + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW; + break; + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + session->cipher_key.alg = PDCP_CIPHER_TYPE_AES; + break; + case RTE_CRYPTO_CIPHER_NULL: + session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL; + break; + default: + DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u", + session->cipher_alg); + return -1; + } + session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length, RTE_CACHE_LINE_SIZE); @@ -2510,6 +2961,25 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, } if (auth_xform) { + switch (auth_xform->algo) { + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + session->auth_key.alg = PDCP_AUTH_TYPE_SNOW; + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + session->auth_key.alg = PDCP_AUTH_TYPE_ZUC; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->auth_key.alg = PDCP_AUTH_TYPE_AES; + break; + case RTE_CRYPTO_AUTH_NULL: + session->auth_key.alg = PDCP_AUTH_TYPE_NULL; + break; + default: + DPAA_SEC_ERR("Crypto: Unsupported auth alg %u", + session->auth_alg); + rte_free(session->cipher_key.data); + return -1; + } session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length, RTE_CACHE_LINE_SIZE); @@ -2537,7 +3007,6 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev, session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd; session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; - session->ctx_pool = dev_priv->ctx_pool; rte_spinlock_lock(&dev_priv->lock); for (i = 0; i < MAX_DPAA_CORES; i++) { session->inq[i] = dpaa_sec_attach_rxq(dev_priv); @@ -2612,34 +3081,13 @@ dpaa_sec_security_session_destroy(void *dev __rte_unused, } return 0; } - +#endif static int -dpaa_sec_dev_configure(struct rte_cryptodev *dev, +dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused, struct rte_cryptodev_config *config __rte_unused) { - - char str[20]; - struct dpaa_sec_dev_private *internals; - PMD_INIT_FUNC_TRACE(); - internals = dev->data->dev_private; - snprintf(str, sizeof(str), "ctx_pool_%d", dev->data->dev_id); - if (!internals->ctx_pool) { - internals->ctx_pool = rte_mempool_create((const char *)str, - CTX_POOL_NUM_BUFS, - CTX_POOL_BUF_SIZE, - CTX_POOL_CACHE_SIZE, 0, - NULL, NULL, NULL, NULL, - SOCKET_ID_ANY, 0); - if (!internals->ctx_pool) { - DPAA_SEC_ERR("%s create failed\n", str); - return -ENOMEM; - } - } else - DPAA_SEC_INFO("mempool already created for dev_id : %d", - dev->data->dev_id); - return 0; } @@ -2659,17 +3107,11 @@ dpaa_sec_dev_stop(struct rte_cryptodev *dev __rte_unused) static int dpaa_sec_dev_close(struct rte_cryptodev *dev) { - struct dpaa_sec_dev_private *internals; - PMD_INIT_FUNC_TRACE(); if (dev == NULL) return -ENOMEM; - internals = dev->data->dev_private; - rte_mempool_free(internals->ctx_pool); - internals->ctx_pool = NULL; - return 0; } @@ -2689,6 +3131,188 @@ dpaa_sec_dev_infos_get(struct rte_cryptodev *dev, } } +static enum qman_cb_dqrr_result +dpaa_sec_process_parallel_event(void *event, + struct qman_portal *qm __always_unused, + struct qman_fq *outq, + const struct qm_dqrr_entry *dqrr, + void **bufs) +{ + const struct qm_fd *fd; + struct dpaa_sec_job *job; + struct dpaa_sec_op_ctx *ctx; + struct rte_event *ev = (struct rte_event *)event; + + fd = &dqrr->fd; + + /* sg is embedded in an op ctx, + * sg[0] is for output + * sg[1] for input + */ + job = dpaa_mem_ptov(qm_fd_addr_get64(fd)); + + ctx = container_of(job, struct dpaa_sec_op_ctx, job); + ctx->fd_status = fd->status; + if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + struct qm_sg_entry *sg_out; + uint32_t len; + + sg_out = &job->sg[0]; + hw_sg_to_cpu(sg_out); + len = sg_out->length; + ctx->op->sym->m_src->pkt_len = len; + ctx->op->sym->m_src->data_len = len; + } + if (!ctx->fd_status) { + ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else { + DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status); + ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + ev->event_ptr = (void *)ctx->op; + + ev->flow_id = outq->ev.flow_id; + ev->sub_event_type = outq->ev.sub_event_type; + ev->event_type = RTE_EVENT_TYPE_CRYPTODEV; + ev->op = RTE_EVENT_OP_NEW; + ev->sched_type = outq->ev.sched_type; + ev->queue_id = outq->ev.queue_id; + ev->priority = outq->ev.priority; + *bufs = (void *)ctx->op; + + rte_mempool_put(ctx->ctx_pool, (void *)ctx); + + return qman_cb_dqrr_consume; +} + +static enum qman_cb_dqrr_result +dpaa_sec_process_atomic_event(void *event, + struct qman_portal *qm __rte_unused, + struct qman_fq *outq, + const struct qm_dqrr_entry *dqrr, + void **bufs) +{ + u8 index; + const struct qm_fd *fd; + struct dpaa_sec_job *job; + struct dpaa_sec_op_ctx *ctx; + struct rte_event *ev = (struct rte_event *)event; + + fd = &dqrr->fd; + + /* sg is embedded in an op ctx, + * sg[0] is for output + * sg[1] for input + */ + job = dpaa_mem_ptov(qm_fd_addr_get64(fd)); + + ctx = container_of(job, struct dpaa_sec_op_ctx, job); + ctx->fd_status = fd->status; + if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + struct qm_sg_entry *sg_out; + uint32_t len; + + sg_out = &job->sg[0]; + hw_sg_to_cpu(sg_out); + len = sg_out->length; + ctx->op->sym->m_src->pkt_len = len; + ctx->op->sym->m_src->data_len = len; + } + if (!ctx->fd_status) { + ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else { + DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status); + ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + ev->event_ptr = (void *)ctx->op; + ev->flow_id = outq->ev.flow_id; + ev->sub_event_type = outq->ev.sub_event_type; + ev->event_type = RTE_EVENT_TYPE_CRYPTODEV; + ev->op = RTE_EVENT_OP_NEW; + ev->sched_type = outq->ev.sched_type; + ev->queue_id = outq->ev.queue_id; + ev->priority = outq->ev.priority; + + /* Save active dqrr entries */ + index = ((uintptr_t)dqrr >> 6) & (16/*QM_DQRR_SIZE*/ - 1); + DPAA_PER_LCORE_DQRR_SIZE++; + DPAA_PER_LCORE_DQRR_HELD |= 1 << index; + DPAA_PER_LCORE_DQRR_MBUF(index) = ctx->op->sym->m_src; + ev->impl_opaque = index + 1; + ctx->op->sym->m_src->seqn = (uint32_t)index + 1; + *bufs = (void *)ctx->op; + + rte_mempool_put(ctx->ctx_pool, (void *)ctx); + + return qman_cb_dqrr_defer; +} + +int +dpaa_sec_eventq_attach(const struct rte_cryptodev *dev, + int qp_id, + uint16_t ch_id, + const struct rte_event *event) +{ + struct dpaa_sec_qp *qp = dev->data->queue_pairs[qp_id]; + struct qm_mcc_initfq opts = {0}; + + int ret; + + opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL | + QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB; + opts.fqd.dest.channel = ch_id; + + switch (event->sched_type) { + case RTE_SCHED_TYPE_ATOMIC: + opts.fqd.fq_ctrl |= QM_FQCTRL_HOLDACTIVE; + /* Reset FQCTRL_AVOIDBLOCK bit as it is unnecessary + * configuration with HOLD_ACTIVE setting + */ + opts.fqd.fq_ctrl &= (~QM_FQCTRL_AVOIDBLOCK); + qp->outq.cb.dqrr_dpdk_cb = dpaa_sec_process_atomic_event; + break; + case RTE_SCHED_TYPE_ORDERED: + DPAA_SEC_ERR("Ordered queue schedule type is not supported\n"); + return -1; + default: + opts.fqd.fq_ctrl |= QM_FQCTRL_AVOIDBLOCK; + qp->outq.cb.dqrr_dpdk_cb = dpaa_sec_process_parallel_event; + break; + } + + ret = qman_init_fq(&qp->outq, QMAN_INITFQ_FLAG_SCHED, &opts); + if (unlikely(ret)) { + DPAA_SEC_ERR("unable to init caam source fq!"); + return ret; + } + + memcpy(&qp->outq.ev, event, sizeof(struct rte_event)); + + return 0; +} + +int +dpaa_sec_eventq_detach(const struct rte_cryptodev *dev, + int qp_id) +{ + struct qm_mcc_initfq opts = {0}; + int ret; + struct dpaa_sec_qp *qp = dev->data->queue_pairs[qp_id]; + + opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL | + QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB; + qp->outq.cb.dqrr = dqrr_out_fq_cb_rx; + qp->outq.cb.ern = ern_sec_fq_handler; + qman_retire_fq(&qp->outq, NULL); + qman_oos_fq(&qp->outq); + ret = qman_init_fq(&qp->outq, 0, &opts); + if (ret) + RTE_LOG(ERR, PMD, "Error in qman_init_fq: ret: %d\n", ret); + qp->outq.cb.dqrr = NULL; + + return ret; +} + static struct rte_cryptodev_ops crypto_ops = { .dev_configure = dpaa_sec_dev_configure, .dev_start = dpaa_sec_dev_start, @@ -2703,6 +3327,7 @@ static struct rte_cryptodev_ops crypto_ops = { .sym_session_clear = dpaa_sec_sym_session_clear }; +#ifdef RTE_LIBRTE_SECURITY static const struct rte_security_capability * dpaa_sec_capabilities_get(void *device __rte_unused) { @@ -2717,7 +3342,7 @@ static const struct rte_security_ops dpaa_sec_security_ops = { .set_pkt_metadata = NULL, .capabilities_get = dpaa_sec_capabilities_get }; - +#endif static int dpaa_sec_uninit(struct rte_cryptodev *dev) { @@ -2729,8 +3354,6 @@ dpaa_sec_uninit(struct rte_cryptodev *dev) internals = dev->data->dev_private; rte_free(dev->security_ctx); - /* In case close has been called, internals->ctx_pool would be NULL */ - rte_mempool_free(internals->ctx_pool); rte_free(internals); DPAA_SEC_INFO("Closing DPAA_SEC device %s on numa socket %u", @@ -2743,7 +3366,9 @@ static int dpaa_sec_dev_init(struct rte_cryptodev *cryptodev) { struct dpaa_sec_dev_private *internals; +#ifdef RTE_LIBRTE_SECURITY struct rte_security_ctx *security_instance; +#endif struct dpaa_sec_qp *qp; uint32_t i, flags; int ret; @@ -2778,7 +3403,7 @@ dpaa_sec_dev_init(struct rte_cryptodev *cryptodev) DPAA_SEC_WARN("Device already init by primary process"); return 0; } - +#ifdef RTE_LIBRTE_SECURITY /* Initialize security_ctx only for primary process*/ security_instance = rte_malloc("rte_security_instances_ops", sizeof(struct rte_security_ctx), 0); @@ -2788,7 +3413,7 @@ dpaa_sec_dev_init(struct rte_cryptodev *cryptodev) security_instance->ops = &dpaa_sec_security_ops; security_instance->sess_cnt = 0; cryptodev->security_ctx = security_instance; - +#endif rte_spinlock_init(&internals->lock); for (i = 0; i < internals->max_nb_queue_pairs; i++) { /* init qman fq for queue pair */ @@ -2802,7 +3427,7 @@ dpaa_sec_dev_init(struct rte_cryptodev *cryptodev) flags = QMAN_FQ_FLAG_LOCKED | QMAN_FQ_FLAG_DYNAMIC_FQID | QMAN_FQ_FLAG_TO_DCPORTAL; - for (i = 0; i < MAX_DPAA_CORES * internals->max_nb_sessions; i++) { + for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) { /* create rx qman fq for sessions*/ ret = qman_create_fq(0, flags, &internals->inq[i]); if (unlikely(ret != 0)) { @@ -2830,8 +3455,7 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused, int retval; - snprintf(cryptodev_name, sizeof(cryptodev_name), "dpaa_sec-%d", - dpaa_dev->id.dev_id); + snprintf(cryptodev_name, sizeof(cryptodev_name), "%s", dpaa_dev->name); cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id()); if (cryptodev == NULL) @@ -2871,6 +3495,14 @@ cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused, } } + if (unlikely(!RTE_PER_LCORE(dpaa_io))) { + retval = rte_dpaa_portal_init((void *)1); + if (retval) { + DPAA_SEC_ERR("Unable to initialize portal"); + return retval; + } + } + /* Invoke PMD device initialization function */ retval = dpaa_sec_dev_init(cryptodev); if (retval == 0)