From: Vikas Gupta Date: Wed, 7 Oct 2020 17:18:58 +0000 (+0530) Subject: crypto/bcmfs: add session handling and capabilities X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=4ed19f0db5d970af39f6cb9a70fd690d0e62646b;p=dpdk.git crypto/bcmfs: add session handling and capabilities Add session handling and capabilities supported by crypto HW accelerator Signed-off-by: Vikas Gupta Signed-off-by: Raveendra Padasalagi Reviewed-by: Ajit Khaparde Acked-by: Akhil Goyal --- diff --git a/MAINTAINERS b/MAINTAINERS index 9d4b0ae184..f7ecb53052 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -973,6 +973,7 @@ M: Raveendra Padasalagi M: Vikas Gupta F: drivers/crypto/bcmfs/ F: doc/guides/cryptodevs/bcmfs.rst +F: doc/guides/cryptodevs/features/bcmfs.ini Cavium OCTEON TX crypto M: Anoob Joseph diff --git a/doc/guides/cryptodevs/bcmfs.rst b/doc/guides/cryptodevs/bcmfs.rst index 0ed1a062b3..24ff23c287 100644 --- a/doc/guides/cryptodevs/bcmfs.rst +++ b/doc/guides/cryptodevs/bcmfs.rst @@ -15,6 +15,47 @@ Supported Broadcom SoCs * Stingray * Stingray2 +Features +-------- + +The BCMFS SYM PMD has support for: + +Cipher algorithms: + +* ``RTE_CRYPTO_CIPHER_3DES_CBC`` +* ``RTE_CRYPTO_CIPHER_3DES_CTR`` +* ``RTE_CRYPTO_CIPHER_AES128_CBC`` +* ``RTE_CRYPTO_CIPHER_AES192_CBC`` +* ``RTE_CRYPTO_CIPHER_AES256_CBC`` +* ``RTE_CRYPTO_CIPHER_AES128_CTR`` +* ``RTE_CRYPTO_CIPHER_AES192_CTR`` +* ``RTE_CRYPTO_CIPHER_AES256_CTR`` +* ``RTE_CRYPTO_CIPHER_AES_XTS`` +* ``RTE_CRYPTO_CIPHER_DES_CBC`` + +Hash algorithms: + +* ``RTE_CRYPTO_AUTH_SHA1`` +* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA224`` +* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA256`` +* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA384`` +* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` +* ``RTE_CRYPTO_AUTH_AES_CBC_MAC`` +* ``RTE_CRYPTO_AUTH_MD5_HMAC`` +* ``RTE_CRYPTO_AUTH_AES_GMAC`` +* ``RTE_CRYPTO_AUTH_AES_CMAC`` + +Supported AEAD algorithms: + +* ``RTE_CRYPTO_AEAD_AES_GCM`` +* ``RTE_CRYPTO_AEAD_AES_CCM`` + Installation ------------ Information about kernel, rootfs and toolchain can be found at @@ -49,3 +90,9 @@ For example, below commands can be run to get hold of a device node by VFIO. io_device_name="vfio-platform" echo $io_device_name > /sys/bus/platform/devices/${SETUP_SYSFS_DEV_NAME}/driver_override echo ${SETUP_SYSFS_DEV_NAME} > /sys/bus/platform/drivers_probe + +Limitations +----------- + +* Only supports the session-oriented API implementation (session-less APIs are not supported). +* CCM is not supported on Broadcom`s SoCs having FlexSparc4 unit. diff --git a/doc/guides/cryptodevs/features/bcmfs.ini b/doc/guides/cryptodevs/features/bcmfs.ini new file mode 100644 index 0000000000..6a718856b9 --- /dev/null +++ b/doc/guides/cryptodevs/features/bcmfs.ini @@ -0,0 +1,56 @@ +; +; Supported features of the 'bcmfs' crypto driver. +; +; Refer to default.ini for the full list of available PMD features. +; +[Features] +Symmetric crypto = Y +Sym operation chaining = Y +HW Accelerated = Y +Protocol offload = Y +OOP LB In LB Out = Y + +; +; Supported crypto algorithms of the 'bcmfs' crypto driver. +; +[Cipher] +AES CBC (128) = Y +AES CBC (192) = Y +AES CBC (256) = Y +AES CTR (128) = Y +AES CTR (192) = Y +AES CTR (256) = Y +AES XTS (128) = Y +AES XTS (256) = Y +3DES CBC = Y +DES CBC = Y +; +; Supported authentication algorithms of the 'bcmfs' crypto driver. +; +[Auth] +MD5 HMAC = Y +SHA1 = Y +SHA1 HMAC = Y +SHA224 = Y +SHA224 HMAC = Y +SHA256 = Y +SHA256 HMAC = Y +SHA384 = Y +SHA384 HMAC = Y +SHA512 = Y +SHA512 HMAC = Y +AES GMAC = Y +AES CMAC (128) = Y +AES CBC MAC = Y +AES XCBC MAC = Y + +; +; Supported AEAD algorithms of the 'bcmfs' crypto driver. +; +[AEAD] +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c new file mode 100644 index 0000000000..afed7696a6 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c @@ -0,0 +1,764 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#include + +#include "bcmfs_sym_capabilities.h" + +static const struct rte_cryptodev_capabilities bcmfs_sym_capabilities[] = { + { + /* SHA1 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 20, + .max = 20, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* MD5 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, + { + /* SHA224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512, + .block_size = 64, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_224 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224, + .block_size = 144, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_256 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256, + .block_size = 136, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_384 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384, + .block_size = 104, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_512 */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512, + .block_size = 72, + .key_size = { + .min = 0, + .max = 0, + .increment = 0 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA1 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 20, + .max = 20, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* MD5 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_MD5_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 128, + .increment = 1 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA512 HMAC*/ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 128, + .increment = 1 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_224 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC, + .block_size = 144, + .key_size = { + .min = 1, + .max = 144, + .increment = 1 + }, + .digest_size = { + .min = 28, + .max = 28, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC, + .block_size = 136, + .key_size = { + .min = 1, + .max = 136, + .increment = 1 + }, + .digest_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC, + .block_size = 104, + .key_size = { + .min = 1, + .max = 104, + .increment = 1 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* SHA3_512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC, + .block_size = 72, + .key_size = { + .min = 1, + .max = 72, + .increment = 1 + }, + .digest_size = { + .min = 64, + .max = 64, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES XCBC MAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES GMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + }, } + }, } + }, + { + /* AES CMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CMAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES CBC MAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_CBC_MAC, + .block_size = 16, + .key_size = { + .min = 1, + .max = 16, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { 0 } + }, } + }, } + }, + { + /* AES ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_ECB, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + { + /* AES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* AES CTR */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CTR, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* AES XTS */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_XTS, + .block_size = 16, + .key_size = { + .min = 32, + .max = 64, + .increment = 32 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_DES_CBC, + .block_size = 8, + .key_size = { + .min = 8, + .max = 8, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* 3DES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_CBC, + .block_size = 8, + .key_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { + /* 3DES ECB */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_3DES_ECB, + .block_size = 8, + .key_size = { + .min = 24, + .max = 24, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + { + /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 16, + .increment = 4 + }, + }, } + }, } + }, + { + /* AES CCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_CCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 4, + .max = 16, + .increment = 2 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 7, + .max = 13, + .increment = 1 + }, + }, } + }, } + }, + + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +const struct rte_cryptodev_capabilities * +bcmfs_sym_get_capabilities(void) +{ + return bcmfs_sym_capabilities; +} diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h new file mode 100644 index 0000000000..f77a54b152 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_CAPABILITIES_H_ +#define _BCMFS_SYM_CAPABILITIES_H_ + +/* + * Get capabilities list for the device + * + */ +const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void); + +#endif /* _BCMFS_SYM_CAPABILITIES_H__ */ diff --git a/drivers/crypto/bcmfs/bcmfs_sym_defs.h b/drivers/crypto/bcmfs/bcmfs_sym_defs.h new file mode 100644 index 0000000000..aea1f281e4 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_defs.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_DEFS_H_ +#define _BCMFS_SYM_DEFS_H_ + +/* + * Max block size of hash algorithm + * currently SHA3 supports max block size + * of 144 bytes + */ +#define BCMFS_MAX_KEY_SIZE 144 +#define BCMFS_MAX_IV_SIZE 16 +#define BCMFS_MAX_DIGEST_SIZE 64 + +struct bcmfs_sym_session; +struct bcmfs_sym_request; + +/** Crypto Request processing successful. */ +#define BCMFS_SYM_RESPONSE_SUCCESS (0) +/** Crypot Request processing protocol failure. */ +#define BCMFS_SYM_RESPONSE_PROTO_FAILURE (1) +/** Crypot Request processing completion failure. */ +#define BCMFS_SYM_RESPONSE_COMPL_ERROR (2) +/** Crypot Request processing hash tag check error. */ +#define BCMFS_SYM_RESPONSE_HASH_TAG_ERROR (3) + +int +bcmfs_process_sym_crypto_op(struct rte_crypto_op *op, + struct bcmfs_sym_session *sess, + struct bcmfs_sym_request *req); +#endif /* _BCMFS_SYM_DEFS_H_ */ diff --git a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c index 0f96915f70..381ca8ea48 100644 --- a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c +++ b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c @@ -14,6 +14,8 @@ #include "bcmfs_qp.h" #include "bcmfs_sym_pmd.h" #include "bcmfs_sym_req.h" +#include "bcmfs_sym_session.h" +#include "bcmfs_sym_capabilities.h" uint8_t cryptodev_bcmfs_driver_id; @@ -65,6 +67,7 @@ bcmfs_sym_dev_info_get(struct rte_cryptodev *dev, dev_info->max_nb_queue_pairs = fsdev->max_hw_qps; /* No limit of number of sessions */ dev_info->sym.max_nb_sessions = 0; + dev_info->capabilities = bcmfs_sym_get_capabilities(); } } @@ -228,6 +231,10 @@ static struct rte_cryptodev_ops crypto_bcmfs_ops = { /* Queue-Pair management */ .queue_pair_setup = bcmfs_sym_qp_setup, .queue_pair_release = bcmfs_sym_qp_release, + /* Crypto session related operations */ + .sym_session_get_size = bcmfs_sym_session_get_private_size, + .sym_session_configure = bcmfs_sym_session_configure, + .sym_session_clear = bcmfs_sym_session_clear }; /** Enqueue burst */ @@ -239,6 +246,7 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair, int i, j; uint16_t enq = 0; struct bcmfs_sym_request *sreq; + struct bcmfs_sym_session *sess; struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair; if (nb_ops == 0) @@ -252,6 +260,10 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair, nb_ops = qp->nb_descriptors - qp->nb_pending_requests; for (i = 0; i < nb_ops; i++) { + sess = bcmfs_sym_get_session(ops[i]); + if (unlikely(sess == NULL)) + goto enqueue_err; + if (rte_mempool_get(qp->sr_mp, (void **)&sreq)) goto enqueue_err; @@ -356,6 +368,7 @@ bcmfs_sym_dev_create(struct bcmfs_device *fsdev) fsdev->sym_dev = internals; internals->sym_dev_id = cryptodev->data->dev_id; + internals->fsdev_capabilities = bcmfs_sym_get_capabilities(); BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d", cryptodev->data->name, internals->sym_dev_id); diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c b/drivers/crypto/bcmfs/bcmfs_sym_session.c new file mode 100644 index 0000000000..675ed0ad55 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c @@ -0,0 +1,282 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#include +#include +#include + +#include "bcmfs_logs.h" +#include "bcmfs_sym_defs.h" +#include "bcmfs_sym_pmd.h" +#include "bcmfs_sym_session.h" + +/** Configure the session from a crypto xform chain */ +static enum bcmfs_sym_chain_order +crypto_get_chain_order(const struct rte_crypto_sym_xform *xform) +{ + enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED; + + if (xform != NULL) { + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + res = BCMFS_SYM_CHAIN_AEAD; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + if (xform->next == NULL) + res = BCMFS_SYM_CHAIN_ONLY_AUTH; + else if (xform->next->type == + RTE_CRYPTO_SYM_XFORM_CIPHER) + res = BCMFS_SYM_CHAIN_AUTH_CIPHER; + } + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + if (xform->next == NULL) + res = BCMFS_SYM_CHAIN_ONLY_CIPHER; + else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) + res = BCMFS_SYM_CHAIN_CIPHER_AUTH; + } + } + + return res; +} + +/* Get session cipher key from input cipher key */ +static void +get_key(const uint8_t *input_key, int keylen, uint8_t *session_key) +{ + memcpy(session_key, input_key, keylen); +} + +/* Set session cipher parameters */ +static int +crypto_set_session_cipher_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_cipher_xform *cipher_xform) +{ + if (cipher_xform->key.length > BCMFS_MAX_KEY_SIZE) { + BCMFS_DP_LOG(ERR, "key length not supported"); + return -EINVAL; + } + + sess->cipher.key.length = cipher_xform->key.length; + sess->cipher.iv.offset = cipher_xform->iv.offset; + sess->cipher.iv.length = cipher_xform->iv.length; + sess->cipher.op = cipher_xform->op; + sess->cipher.algo = cipher_xform->algo; + + get_key(cipher_xform->key.data, + sess->cipher.key.length, + sess->cipher.key.data); + + return 0; +} + +/* Set session auth parameters */ +static int +crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_auth_xform *auth_xform) +{ + if (auth_xform->key.length > BCMFS_MAX_KEY_SIZE) { + BCMFS_DP_LOG(ERR, "key length not supported"); + return -EINVAL; + } + + sess->auth.op = auth_xform->op; + sess->auth.key.length = auth_xform->key.length; + sess->auth.digest_length = auth_xform->digest_length; + sess->auth.iv.length = auth_xform->iv.length; + sess->auth.iv.offset = auth_xform->iv.offset; + sess->auth.algo = auth_xform->algo; + + get_key(auth_xform->key.data, + auth_xform->key.length, + sess->auth.key.data); + + return 0; +} + +/* Set session aead parameters */ +static int +crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess, + const struct rte_crypto_sym_xform *aead_xform) +{ + if (aead_xform->aead.key.length > BCMFS_MAX_KEY_SIZE) { + BCMFS_DP_LOG(ERR, "key length not supported"); + return -EINVAL; + } + + sess->aead.iv.offset = aead_xform->aead.iv.offset; + sess->aead.iv.length = aead_xform->aead.iv.length; + sess->aead.aad_length = aead_xform->aead.aad_length; + sess->aead.key.length = aead_xform->aead.key.length; + sess->aead.digest_length = aead_xform->aead.digest_length; + sess->aead.op = aead_xform->aead.op; + sess->aead.algo = aead_xform->aead.algo; + + get_key(aead_xform->aead.key.data, + aead_xform->aead.key.length, + sess->aead.key.data); + + return 0; +} + +static struct rte_crypto_auth_xform * +crypto_get_auth_xform(struct rte_crypto_sym_xform *xform) +{ + do { + if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) + return &xform->auth; + + xform = xform->next; + } while (xform); + + return NULL; +} + +static struct rte_crypto_cipher_xform * +crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform) +{ + do { + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) + return &xform->cipher; + + xform = xform->next; + } while (xform); + + return NULL; +} + +/** Parse crypto xform chain and set private session parameters */ +static int +crypto_set_session_parameters(struct bcmfs_sym_session *sess, + struct rte_crypto_sym_xform *xform) +{ + int rc = 0; + struct rte_crypto_cipher_xform *cipher_xform = + crypto_get_cipher_xform(xform); + struct rte_crypto_auth_xform *auth_xform = + crypto_get_auth_xform(xform); + + sess->chain_order = crypto_get_chain_order(xform); + + switch (sess->chain_order) { + case BCMFS_SYM_CHAIN_ONLY_CIPHER: + if (crypto_set_session_cipher_parameters(sess, cipher_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_ONLY_AUTH: + if (crypto_set_session_auth_parameters(sess, auth_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_AUTH_CIPHER: + sess->cipher_first = false; + if (crypto_set_session_auth_parameters(sess, auth_xform)) { + rc = -EINVAL; + goto error; + } + + if (crypto_set_session_cipher_parameters(sess, cipher_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_CIPHER_AUTH: + sess->cipher_first = true; + if (crypto_set_session_auth_parameters(sess, auth_xform)) { + rc = -EINVAL; + goto error; + } + + if (crypto_set_session_cipher_parameters(sess, cipher_xform)) + rc = -EINVAL; + break; + case BCMFS_SYM_CHAIN_AEAD: + if (crypto_set_session_aead_parameters(sess, xform)) + rc = -EINVAL; + break; + default: + BCMFS_DP_LOG(ERR, "Invalid chain order\n"); + rc = -EINVAL; + break; + } + +error: + return rc; +} + +struct bcmfs_sym_session * +bcmfs_sym_get_session(struct rte_crypto_op *op) +{ + struct bcmfs_sym_session *sess = NULL; + + if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) { + BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op); + } else if (likely(op->sym->session != NULL)) { + /* get existing session */ + sess = (struct bcmfs_sym_session *) + get_sym_session_private_data(op->sym->session, + cryptodev_bcmfs_driver_id); + } + + if (sess == NULL) + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + + return sess; +} + +int +bcmfs_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + int ret; + + if (unlikely(sess == NULL)) { + BCMFS_DP_LOG(ERR, "Invalid session struct"); + return -EINVAL; + } + + if (rte_mempool_get(mempool, &sess_private_data)) { + BCMFS_DP_LOG(ERR, + "Couldn't get object from session mempool"); + return -ENOMEM; + } + + ret = crypto_set_session_parameters(sess_private_data, xform); + + if (ret != 0) { + BCMFS_DP_LOG(ERR, "Failed configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sym_session_private_data(sess, dev->driver_id, + sess_private_data); + + return 0; +} + +/* Clear the memory of session so it doesn't leave key material behind */ +void +bcmfs_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess) +{ + uint8_t index = dev->driver_id; + void *sess_priv = get_sym_session_private_data(sess, index); + + if (sess_priv) { + struct rte_mempool *sess_mp; + + memset(sess_priv, 0, sizeof(struct bcmfs_sym_session)); + sess_mp = rte_mempool_from_obj(sess_priv); + + set_sym_session_private_data(sess, index, NULL); + rte_mempool_put(sess_mp, sess_priv); + } +} + +unsigned int +bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct bcmfs_sym_session); +} diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h b/drivers/crypto/bcmfs/bcmfs_sym_session.h new file mode 100644 index 0000000000..8240c6fc25 --- /dev/null +++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h @@ -0,0 +1,109 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2020 Broadcom + * All rights reserved. + */ + +#ifndef _BCMFS_SYM_SESSION_H_ +#define _BCMFS_SYM_SESSION_H_ + +#include +#include +#include + +#include "bcmfs_sym_defs.h" +#include "bcmfs_sym_req.h" + +/* BCMFS_SYM operation order mode enumerator */ +enum bcmfs_sym_chain_order { + BCMFS_SYM_CHAIN_ONLY_CIPHER, + BCMFS_SYM_CHAIN_ONLY_AUTH, + BCMFS_SYM_CHAIN_CIPHER_AUTH, + BCMFS_SYM_CHAIN_AUTH_CIPHER, + BCMFS_SYM_CHAIN_AEAD, + BCMFS_SYM_CHAIN_NOT_SUPPORTED +}; + +/* BCMFS_SYM crypto private session structure */ +struct bcmfs_sym_session { + enum bcmfs_sym_chain_order chain_order; + + /* Cipher Parameters */ + struct { + enum rte_crypto_cipher_operation op; + /* Cipher operation */ + enum rte_crypto_cipher_algorithm algo; + /* Cipher algorithm */ + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + size_t length; + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + } cipher; + + /* Authentication Parameters */ + struct { + enum rte_crypto_auth_operation op; + /* Auth operation */ + enum rte_crypto_auth_algorithm algo; + /* Auth algorithm */ + + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + size_t length; + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + + uint16_t digest_length; + } auth; + + /* Aead Parameters */ + struct { + enum rte_crypto_aead_operation op; + /* AEAD operation */ + enum rte_crypto_aead_algorithm algo; + /* AEAD algorithm */ + struct { + uint8_t data[BCMFS_MAX_KEY_SIZE]; + size_t length; + } key; + struct { + uint16_t offset; + uint16_t length; + } iv; + + uint16_t digest_length; + + uint16_t aad_length; + } aead; + + bool cipher_first; +} __rte_cache_aligned; + +int +bcmfs_process_crypto_op(struct rte_crypto_op *op, + struct bcmfs_sym_session *sess, + struct bcmfs_sym_request *req); + +int +bcmfs_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *sess, + struct rte_mempool *mempool); + +void +bcmfs_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess); + +unsigned int +bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused); + +struct bcmfs_sym_session * +bcmfs_sym_get_session(struct rte_crypto_op *op); + +#endif /* _BCMFS_SYM_SESSION_H_ */ diff --git a/drivers/crypto/bcmfs/meson.build b/drivers/crypto/bcmfs/meson.build index d9a3d73e99..2e86c733e1 100644 --- a/drivers/crypto/bcmfs/meson.build +++ b/drivers/crypto/bcmfs/meson.build @@ -12,5 +12,7 @@ sources = files( 'hw/bcmfs4_rm.c', 'hw/bcmfs5_rm.c', 'hw/bcmfs_rm_common.c', - 'bcmfs_sym_pmd.c' + 'bcmfs_sym_pmd.c', + 'bcmfs_sym_capabilities.c', + 'bcmfs_sym_session.c' )