M: Vikas Gupta <vikas.gupta@broadcom.com>
F: drivers/crypto/bcmfs/
F: doc/guides/cryptodevs/bcmfs.rst
+F: doc/guides/cryptodevs/features/bcmfs.ini
Cavium OCTEON TX crypto
M: Anoob Joseph <anoobj@marvell.com>
* Stingray
* Stingray2
+Features
+--------
+
+The BCMFS SYM PMD has support for:
+
+Cipher algorithms:
+
+* ``RTE_CRYPTO_CIPHER_3DES_CBC``
+* ``RTE_CRYPTO_CIPHER_3DES_CTR``
+* ``RTE_CRYPTO_CIPHER_AES128_CBC``
+* ``RTE_CRYPTO_CIPHER_AES192_CBC``
+* ``RTE_CRYPTO_CIPHER_AES256_CBC``
+* ``RTE_CRYPTO_CIPHER_AES128_CTR``
+* ``RTE_CRYPTO_CIPHER_AES192_CTR``
+* ``RTE_CRYPTO_CIPHER_AES256_CTR``
+* ``RTE_CRYPTO_CIPHER_AES_XTS``
+* ``RTE_CRYPTO_CIPHER_DES_CBC``
+
+Hash algorithms:
+
+* ``RTE_CRYPTO_AUTH_SHA1``
+* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA224``
+* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA256``
+* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA384``
+* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA512``
+* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_AES_CBC_MAC``
+* ``RTE_CRYPTO_AUTH_MD5_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_GMAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
+
+Supported AEAD algorithms:
+
+* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
+
Installation
------------
Information about kernel, rootfs and toolchain can be found at
io_device_name="vfio-platform"
echo $io_device_name > /sys/bus/platform/devices/${SETUP_SYSFS_DEV_NAME}/driver_override
echo ${SETUP_SYSFS_DEV_NAME} > /sys/bus/platform/drivers_probe
+
+Limitations
+-----------
+
+* Only supports the session-oriented API implementation (session-less APIs are not supported).
+* CCM is not supported on Broadcom`s SoCs having FlexSparc4 unit.
--- /dev/null
+;
+; Supported features of the 'bcmfs' crypto driver.
+;
+; Refer to default.ini for the full list of available PMD features.
+;
+[Features]
+Symmetric crypto = Y
+Sym operation chaining = Y
+HW Accelerated = Y
+Protocol offload = Y
+OOP LB In LB Out = Y
+
+;
+; Supported crypto algorithms of the 'bcmfs' crypto driver.
+;
+[Cipher]
+AES CBC (128) = Y
+AES CBC (192) = Y
+AES CBC (256) = Y
+AES CTR (128) = Y
+AES CTR (192) = Y
+AES CTR (256) = Y
+AES XTS (128) = Y
+AES XTS (256) = Y
+3DES CBC = Y
+DES CBC = Y
+;
+; Supported authentication algorithms of the 'bcmfs' crypto driver.
+;
+[Auth]
+MD5 HMAC = Y
+SHA1 = Y
+SHA1 HMAC = Y
+SHA224 = Y
+SHA224 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+AES GMAC = Y
+AES CMAC (128) = Y
+AES CBC MAC = Y
+AES XCBC MAC = Y
+
+;
+; Supported AEAD algorithms of the 'bcmfs' crypto driver.
+;
+[AEAD]
+AES GCM (128) = Y
+AES GCM (192) = Y
+AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#include <rte_cryptodev.h>
+
+#include "bcmfs_sym_capabilities.h"
+
+static const struct rte_cryptodev_capabilities bcmfs_sym_capabilities[] = {
+ {
+ /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+ {
+ /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_224,
+ .block_size = 144,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_256,
+ .block_size = 136,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_384,
+ .block_size = 104,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_512,
+ .block_size = 72,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA1 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* MD5 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA224 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA256 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA384 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .block_size = 128,
+ .key_size = {
+ .min = 1,
+ .max = 128,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA512 HMAC*/
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .block_size = 128,
+ .key_size = {
+ .min = 1,
+ .max = 128,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_224 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC,
+ .block_size = 144,
+ .key_size = {
+ .min = 1,
+ .max = 144,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_256 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC,
+ .block_size = 136,
+ .key_size = {
+ .min = 1,
+ .max = 136,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_384 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC,
+ .block_size = 104,
+ .key_size = {
+ .min = 1,
+ .max = 104,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_512 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC,
+ .block_size = 72,
+ .key_size = {
+ .min = 1,
+ .max = 72,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES XCBC MAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES GMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ }, }
+ }, }
+ },
+ {
+ /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES CBC MAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES XTS */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_XTS,
+ .block_size = 16,
+ .key_size = {
+ .min = 32,
+ .max = 64,
+ .increment = 32
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* 3DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 24,
+ .max = 24,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* 3DES ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_ECB,
+ .block_size = 8,
+ .key_size = {
+ .min = 24,
+ .max = 24,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ }, }
+ }, }
+ },
+ {
+ /* AES CCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 2
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 7,
+ .max = 13,
+ .increment = 1
+ },
+ }, }
+ }, }
+ },
+
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+const struct rte_cryptodev_capabilities *
+bcmfs_sym_get_capabilities(void)
+{
+ return bcmfs_sym_capabilities;
+}
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#ifndef _BCMFS_SYM_CAPABILITIES_H_
+#define _BCMFS_SYM_CAPABILITIES_H_
+
+/*
+ * Get capabilities list for the device
+ *
+ */
+const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void);
+
+#endif /* _BCMFS_SYM_CAPABILITIES_H__ */
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#ifndef _BCMFS_SYM_DEFS_H_
+#define _BCMFS_SYM_DEFS_H_
+
+/*
+ * Max block size of hash algorithm
+ * currently SHA3 supports max block size
+ * of 144 bytes
+ */
+#define BCMFS_MAX_KEY_SIZE 144
+#define BCMFS_MAX_IV_SIZE 16
+#define BCMFS_MAX_DIGEST_SIZE 64
+
+struct bcmfs_sym_session;
+struct bcmfs_sym_request;
+
+/** Crypto Request processing successful. */
+#define BCMFS_SYM_RESPONSE_SUCCESS (0)
+/** Crypot Request processing protocol failure. */
+#define BCMFS_SYM_RESPONSE_PROTO_FAILURE (1)
+/** Crypot Request processing completion failure. */
+#define BCMFS_SYM_RESPONSE_COMPL_ERROR (2)
+/** Crypot Request processing hash tag check error. */
+#define BCMFS_SYM_RESPONSE_HASH_TAG_ERROR (3)
+
+int
+bcmfs_process_sym_crypto_op(struct rte_crypto_op *op,
+ struct bcmfs_sym_session *sess,
+ struct bcmfs_sym_request *req);
+#endif /* _BCMFS_SYM_DEFS_H_ */
#include "bcmfs_qp.h"
#include "bcmfs_sym_pmd.h"
#include "bcmfs_sym_req.h"
+#include "bcmfs_sym_session.h"
+#include "bcmfs_sym_capabilities.h"
uint8_t cryptodev_bcmfs_driver_id;
dev_info->max_nb_queue_pairs = fsdev->max_hw_qps;
/* No limit of number of sessions */
dev_info->sym.max_nb_sessions = 0;
+ dev_info->capabilities = bcmfs_sym_get_capabilities();
}
}
/* Queue-Pair management */
.queue_pair_setup = bcmfs_sym_qp_setup,
.queue_pair_release = bcmfs_sym_qp_release,
+ /* Crypto session related operations */
+ .sym_session_get_size = bcmfs_sym_session_get_private_size,
+ .sym_session_configure = bcmfs_sym_session_configure,
+ .sym_session_clear = bcmfs_sym_session_clear
};
/** Enqueue burst */
int i, j;
uint16_t enq = 0;
struct bcmfs_sym_request *sreq;
+ struct bcmfs_sym_session *sess;
struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair;
if (nb_ops == 0)
nb_ops = qp->nb_descriptors - qp->nb_pending_requests;
for (i = 0; i < nb_ops; i++) {
+ sess = bcmfs_sym_get_session(ops[i]);
+ if (unlikely(sess == NULL))
+ goto enqueue_err;
+
if (rte_mempool_get(qp->sr_mp, (void **)&sreq))
goto enqueue_err;
fsdev->sym_dev = internals;
internals->sym_dev_id = cryptodev->data->dev_id;
+ internals->fsdev_capabilities = bcmfs_sym_get_capabilities();
BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d",
cryptodev->data->name, internals->sym_dev_id);
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#include <rte_crypto.h>
+#include <rte_crypto_sym.h>
+#include <rte_log.h>
+
+#include "bcmfs_logs.h"
+#include "bcmfs_sym_defs.h"
+#include "bcmfs_sym_pmd.h"
+#include "bcmfs_sym_session.h"
+
+/** Configure the session from a crypto xform chain */
+static enum bcmfs_sym_chain_order
+crypto_get_chain_order(const struct rte_crypto_sym_xform *xform)
+{
+ enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED;
+
+ if (xform != NULL) {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ res = BCMFS_SYM_CHAIN_AEAD;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ if (xform->next == NULL)
+ res = BCMFS_SYM_CHAIN_ONLY_AUTH;
+ else if (xform->next->type ==
+ RTE_CRYPTO_SYM_XFORM_CIPHER)
+ res = BCMFS_SYM_CHAIN_AUTH_CIPHER;
+ }
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ if (xform->next == NULL)
+ res = BCMFS_SYM_CHAIN_ONLY_CIPHER;
+ else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ res = BCMFS_SYM_CHAIN_CIPHER_AUTH;
+ }
+ }
+
+ return res;
+}
+
+/* Get session cipher key from input cipher key */
+static void
+get_key(const uint8_t *input_key, int keylen, uint8_t *session_key)
+{
+ memcpy(session_key, input_key, keylen);
+}
+
+/* Set session cipher parameters */
+static int
+crypto_set_session_cipher_parameters(struct bcmfs_sym_session *sess,
+ const struct rte_crypto_cipher_xform *cipher_xform)
+{
+ if (cipher_xform->key.length > BCMFS_MAX_KEY_SIZE) {
+ BCMFS_DP_LOG(ERR, "key length not supported");
+ return -EINVAL;
+ }
+
+ sess->cipher.key.length = cipher_xform->key.length;
+ sess->cipher.iv.offset = cipher_xform->iv.offset;
+ sess->cipher.iv.length = cipher_xform->iv.length;
+ sess->cipher.op = cipher_xform->op;
+ sess->cipher.algo = cipher_xform->algo;
+
+ get_key(cipher_xform->key.data,
+ sess->cipher.key.length,
+ sess->cipher.key.data);
+
+ return 0;
+}
+
+/* Set session auth parameters */
+static int
+crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess,
+ const struct rte_crypto_auth_xform *auth_xform)
+{
+ if (auth_xform->key.length > BCMFS_MAX_KEY_SIZE) {
+ BCMFS_DP_LOG(ERR, "key length not supported");
+ return -EINVAL;
+ }
+
+ sess->auth.op = auth_xform->op;
+ sess->auth.key.length = auth_xform->key.length;
+ sess->auth.digest_length = auth_xform->digest_length;
+ sess->auth.iv.length = auth_xform->iv.length;
+ sess->auth.iv.offset = auth_xform->iv.offset;
+ sess->auth.algo = auth_xform->algo;
+
+ get_key(auth_xform->key.data,
+ auth_xform->key.length,
+ sess->auth.key.data);
+
+ return 0;
+}
+
+/* Set session aead parameters */
+static int
+crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess,
+ const struct rte_crypto_sym_xform *aead_xform)
+{
+ if (aead_xform->aead.key.length > BCMFS_MAX_KEY_SIZE) {
+ BCMFS_DP_LOG(ERR, "key length not supported");
+ return -EINVAL;
+ }
+
+ sess->aead.iv.offset = aead_xform->aead.iv.offset;
+ sess->aead.iv.length = aead_xform->aead.iv.length;
+ sess->aead.aad_length = aead_xform->aead.aad_length;
+ sess->aead.key.length = aead_xform->aead.key.length;
+ sess->aead.digest_length = aead_xform->aead.digest_length;
+ sess->aead.op = aead_xform->aead.op;
+ sess->aead.algo = aead_xform->aead.algo;
+
+ get_key(aead_xform->aead.key.data,
+ aead_xform->aead.key.length,
+ sess->aead.key.data);
+
+ return 0;
+}
+
+static struct rte_crypto_auth_xform *
+crypto_get_auth_xform(struct rte_crypto_sym_xform *xform)
+{
+ do {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ return &xform->auth;
+
+ xform = xform->next;
+ } while (xform);
+
+ return NULL;
+}
+
+static struct rte_crypto_cipher_xform *
+crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform)
+{
+ do {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+ return &xform->cipher;
+
+ xform = xform->next;
+ } while (xform);
+
+ return NULL;
+}
+
+/** Parse crypto xform chain and set private session parameters */
+static int
+crypto_set_session_parameters(struct bcmfs_sym_session *sess,
+ struct rte_crypto_sym_xform *xform)
+{
+ int rc = 0;
+ struct rte_crypto_cipher_xform *cipher_xform =
+ crypto_get_cipher_xform(xform);
+ struct rte_crypto_auth_xform *auth_xform =
+ crypto_get_auth_xform(xform);
+
+ sess->chain_order = crypto_get_chain_order(xform);
+
+ switch (sess->chain_order) {
+ case BCMFS_SYM_CHAIN_ONLY_CIPHER:
+ if (crypto_set_session_cipher_parameters(sess, cipher_xform))
+ rc = -EINVAL;
+ break;
+ case BCMFS_SYM_CHAIN_ONLY_AUTH:
+ if (crypto_set_session_auth_parameters(sess, auth_xform))
+ rc = -EINVAL;
+ break;
+ case BCMFS_SYM_CHAIN_AUTH_CIPHER:
+ sess->cipher_first = false;
+ if (crypto_set_session_auth_parameters(sess, auth_xform)) {
+ rc = -EINVAL;
+ goto error;
+ }
+
+ if (crypto_set_session_cipher_parameters(sess, cipher_xform))
+ rc = -EINVAL;
+ break;
+ case BCMFS_SYM_CHAIN_CIPHER_AUTH:
+ sess->cipher_first = true;
+ if (crypto_set_session_auth_parameters(sess, auth_xform)) {
+ rc = -EINVAL;
+ goto error;
+ }
+
+ if (crypto_set_session_cipher_parameters(sess, cipher_xform))
+ rc = -EINVAL;
+ break;
+ case BCMFS_SYM_CHAIN_AEAD:
+ if (crypto_set_session_aead_parameters(sess, xform))
+ rc = -EINVAL;
+ break;
+ default:
+ BCMFS_DP_LOG(ERR, "Invalid chain order\n");
+ rc = -EINVAL;
+ break;
+ }
+
+error:
+ return rc;
+}
+
+struct bcmfs_sym_session *
+bcmfs_sym_get_session(struct rte_crypto_op *op)
+{
+ struct bcmfs_sym_session *sess = NULL;
+
+ if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
+ BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
+ } else if (likely(op->sym->session != NULL)) {
+ /* get existing session */
+ sess = (struct bcmfs_sym_session *)
+ get_sym_session_private_data(op->sym->session,
+ cryptodev_bcmfs_driver_id);
+ }
+
+ if (sess == NULL)
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+
+ return sess;
+}
+
+int
+bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *mempool)
+{
+ void *sess_private_data;
+ int ret;
+
+ if (unlikely(sess == NULL)) {
+ BCMFS_DP_LOG(ERR, "Invalid session struct");
+ return -EINVAL;
+ }
+
+ if (rte_mempool_get(mempool, &sess_private_data)) {
+ BCMFS_DP_LOG(ERR,
+ "Couldn't get object from session mempool");
+ return -ENOMEM;
+ }
+
+ ret = crypto_set_session_parameters(sess_private_data, xform);
+
+ if (ret != 0) {
+ BCMFS_DP_LOG(ERR, "Failed configure session parameters");
+ /* Return session to mempool */
+ rte_mempool_put(mempool, sess_private_data);
+ return ret;
+ }
+
+ set_sym_session_private_data(sess, dev->driver_id,
+ sess_private_data);
+
+ return 0;
+}
+
+/* Clear the memory of session so it doesn't leave key material behind */
+void
+bcmfs_sym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_sym_session *sess)
+{
+ uint8_t index = dev->driver_id;
+ void *sess_priv = get_sym_session_private_data(sess, index);
+
+ if (sess_priv) {
+ struct rte_mempool *sess_mp;
+
+ memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
+ sess_mp = rte_mempool_from_obj(sess_priv);
+
+ set_sym_session_private_data(sess, index, NULL);
+ rte_mempool_put(sess_mp, sess_priv);
+ }
+}
+
+unsigned int
+bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
+{
+ return sizeof(struct bcmfs_sym_session);
+}
--- /dev/null
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#ifndef _BCMFS_SYM_SESSION_H_
+#define _BCMFS_SYM_SESSION_H_
+
+#include <stdbool.h>
+#include <rte_crypto.h>
+#include <rte_cryptodev_pmd.h>
+
+#include "bcmfs_sym_defs.h"
+#include "bcmfs_sym_req.h"
+
+/* BCMFS_SYM operation order mode enumerator */
+enum bcmfs_sym_chain_order {
+ BCMFS_SYM_CHAIN_ONLY_CIPHER,
+ BCMFS_SYM_CHAIN_ONLY_AUTH,
+ BCMFS_SYM_CHAIN_CIPHER_AUTH,
+ BCMFS_SYM_CHAIN_AUTH_CIPHER,
+ BCMFS_SYM_CHAIN_AEAD,
+ BCMFS_SYM_CHAIN_NOT_SUPPORTED
+};
+
+/* BCMFS_SYM crypto private session structure */
+struct bcmfs_sym_session {
+ enum bcmfs_sym_chain_order chain_order;
+
+ /* Cipher Parameters */
+ struct {
+ enum rte_crypto_cipher_operation op;
+ /* Cipher operation */
+ enum rte_crypto_cipher_algorithm algo;
+ /* Cipher algorithm */
+ struct {
+ uint8_t data[BCMFS_MAX_KEY_SIZE];
+ size_t length;
+ } key;
+ struct {
+ uint16_t offset;
+ uint16_t length;
+ } iv;
+ } cipher;
+
+ /* Authentication Parameters */
+ struct {
+ enum rte_crypto_auth_operation op;
+ /* Auth operation */
+ enum rte_crypto_auth_algorithm algo;
+ /* Auth algorithm */
+
+ struct {
+ uint8_t data[BCMFS_MAX_KEY_SIZE];
+ size_t length;
+ } key;
+ struct {
+ uint16_t offset;
+ uint16_t length;
+ } iv;
+
+ uint16_t digest_length;
+ } auth;
+
+ /* Aead Parameters */
+ struct {
+ enum rte_crypto_aead_operation op;
+ /* AEAD operation */
+ enum rte_crypto_aead_algorithm algo;
+ /* AEAD algorithm */
+ struct {
+ uint8_t data[BCMFS_MAX_KEY_SIZE];
+ size_t length;
+ } key;
+ struct {
+ uint16_t offset;
+ uint16_t length;
+ } iv;
+
+ uint16_t digest_length;
+
+ uint16_t aad_length;
+ } aead;
+
+ bool cipher_first;
+} __rte_cache_aligned;
+
+int
+bcmfs_process_crypto_op(struct rte_crypto_op *op,
+ struct bcmfs_sym_session *sess,
+ struct bcmfs_sym_request *req);
+
+int
+bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *mempool);
+
+void
+bcmfs_sym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_sym_session *sess);
+
+unsigned int
+bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused);
+
+struct bcmfs_sym_session *
+bcmfs_sym_get_session(struct rte_crypto_op *op);
+
+#endif /* _BCMFS_SYM_SESSION_H_ */
'hw/bcmfs4_rm.c',
'hw/bcmfs5_rm.c',
'hw/bcmfs_rm_common.c',
- 'bcmfs_sym_pmd.c'
+ 'bcmfs_sym_pmd.c',
+ 'bcmfs_sym_capabilities.c',
+ 'bcmfs_sym_session.c'
)
git.droids-corp.org / dpdk.git / commitdiff