d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/bcmfs: add session handling and capabilities

Browse Source 
Add session handling and capabilities supported by crypto HW
accelerator

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
Vikas Gupta 2020-10-07 22:48:58 +05:30 committed by Akhil Goyal
parent 751dca9024
commit 4ed19f0db5
10 changed files with 1324 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MAINTAINERS
View File

@ -973,6 +973,7 @@ M: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
M: Vikas Gupta <vikas.gupta@broadcom.com> M: Vikas Gupta <vikas.gupta@broadcom.com>
F: drivers/crypto/bcmfs/ F: drivers/crypto/bcmfs/
F: doc/guides/cryptodevs/bcmfs.rst F: doc/guides/cryptodevs/bcmfs.rst
F: doc/guides/cryptodevs/features/bcmfs.ini
Cavium OCTEON TX crypto Cavium OCTEON TX crypto
M: Anoob Joseph <anoobj@marvell.com> M: Anoob Joseph <anoobj@marvell.com>

47
doc/guides/cryptodevs/bcmfs.rst
View File

@ -15,6 +15,47 @@ Supported Broadcom SoCs
* Stingray * Stingray
* Stingray2 * Stingray2
Features
--------
The BCMFS SYM PMD has support for:
Cipher algorithms:
* ``RTE_CRYPTO_CIPHER_3DES_CBC``
* ``RTE_CRYPTO_CIPHER_3DES_CTR``
* ``RTE_CRYPTO_CIPHER_AES128_CBC``
* ``RTE_CRYPTO_CIPHER_AES192_CBC``
* ``RTE_CRYPTO_CIPHER_AES256_CBC``
* ``RTE_CRYPTO_CIPHER_AES128_CTR``
* ``RTE_CRYPTO_CIPHER_AES192_CTR``
* ``RTE_CRYPTO_CIPHER_AES256_CTR``
* ``RTE_CRYPTO_CIPHER_AES_XTS``
* ``RTE_CRYPTO_CIPHER_DES_CBC``
Hash algorithms:
* ``RTE_CRYPTO_AUTH_SHA1``
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
* ``RTE_CRYPTO_AUTH_SHA224``
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
* ``RTE_CRYPTO_AUTH_SHA256``
* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
* ``RTE_CRYPTO_AUTH_SHA384``
* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
* ``RTE_CRYPTO_AUTH_SHA512``
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
* ``RTE_CRYPTO_AUTH_AES_CBC_MAC``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
* ``RTE_CRYPTO_AUTH_AES_GMAC``
* ``RTE_CRYPTO_AUTH_AES_CMAC``
Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
* ``RTE_CRYPTO_AEAD_AES_CCM``
Installation Installation
------------ ------------
Information about kernel, rootfs and toolchain can be found at Information about kernel, rootfs and toolchain can be found at
@ -49,3 +90,9 @@ For example, below commands can be run to get hold of a device node by VFIO.
io_device_name="vfio-platform" io_device_name="vfio-platform"
echo $io_device_name > /sys/bus/platform/devices/${SETUP_SYSFS_DEV_NAME}/driver_override echo $io_device_name > /sys/bus/platform/devices/${SETUP_SYSFS_DEV_NAME}/driver_override
echo ${SETUP_SYSFS_DEV_NAME} > /sys/bus/platform/drivers_probe echo ${SETUP_SYSFS_DEV_NAME} > /sys/bus/platform/drivers_probe
Limitations
-----------
* Only supports the session-oriented API implementation (session-less APIs are not supported).
* CCM is not supported on Broadcom`s SoCs having FlexSparc4 unit.

56
doc/guides/cryptodevs/features/bcmfs.ini Normal file
View File

@ -0,0 +1,56 @@
;
; Supported features of the 'bcmfs' crypto driver.
;
; Refer to default.ini for the full list of available PMD features.
;
[Features]
Symmetric crypto = Y
Sym operation chaining = Y
HW Accelerated = Y
Protocol offload = Y
OOP LB In LB Out = Y
;
; Supported crypto algorithms of the 'bcmfs' crypto driver.
;
[Cipher]
AES CBC (128) = Y
AES CBC (192) = Y
AES CBC (256) = Y
AES CTR (128) = Y
AES CTR (192) = Y
AES CTR (256) = Y
AES XTS (128) = Y
AES XTS (256) = Y
3DES CBC = Y
DES CBC = Y
;
; Supported authentication algorithms of the 'bcmfs' crypto driver.
;
[Auth]
MD5 HMAC = Y
SHA1 = Y
SHA1 HMAC = Y
SHA224 = Y
SHA224 HMAC = Y
SHA256 = Y
SHA256 HMAC = Y
SHA384 = Y
SHA384 HMAC = Y
SHA512 = Y
SHA512 HMAC = Y
AES GMAC = Y
AES CMAC (128) = Y
AES CBC MAC = Y
AES XCBC MAC = Y
;
; Supported AEAD algorithms of the 'bcmfs' crypto driver.
;
[AEAD]
AES GCM (128) = Y
AES GCM (192) = Y
AES GCM (256) = Y
AES CCM (128) = Y
AES CCM (192) = Y
AES CCM (256) = Y

764
drivers/crypto/bcmfs/bcmfs_sym_capabilities.c Normal file
View File

@ -0,0 +1,764 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2020 Broadcom
* All rights reserved.
*/
#include <rte_cryptodev.h>
#include "bcmfs_sym_capabilities.h"
static const struct rte_cryptodev_capabilities bcmfs_sym_capabilities[] = {
{
/* SHA1 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA1,
.block_size = 64,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 20,
.max = 20,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* MD5 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_MD5,
.block_size = 64,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
}, }
}, }
},
{
/* SHA224 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA224,
.block_size = 64,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 28,
.max = 28,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA256 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA256,
.block_size = 64,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 32,
.max = 32,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA384 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA384,
.block_size = 64,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 48,
.max = 48,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA512 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA512,
.block_size = 64,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 64,
.max = 64,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_224 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_224,
.block_size = 144,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 28,
.max = 28,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_256 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_256,
.block_size = 136,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 32,
.max = 32,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_384 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_384,
.block_size = 104,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 48,
.max = 48,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_512 */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_512,
.block_size = 72,
.key_size = {
.min = 0,
.max = 0,
.increment = 0
},
.digest_size = {
.min = 64,
.max = 64,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA1 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
.block_size = 64,
.key_size = {
.min = 1,
.max = 64,
.increment = 1
},
.digest_size = {
.min = 20,
.max = 20,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* MD5 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
.block_size = 64,
.key_size = {
.min = 1,
.max = 64,
.increment = 1
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
.block_size = 64,
.key_size = {
.min = 1,
.max = 64,
.increment = 1
},
.digest_size = {
.min = 28,
.max = 28,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
.block_size = 64,
.key_size = {
.min = 1,
.max = 64,
.increment = 1
},
.digest_size = {
.min = 32,
.max = 32,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
.block_size = 128,
.key_size = {
.min = 1,
.max = 128,
.increment = 1
},
.digest_size = {
.min = 48,
.max = 48,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA512 HMAC*/
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
.block_size = 128,
.key_size = {
.min = 1,
.max = 128,
.increment = 1
},
.digest_size = {
.min = 64,
.max = 64,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC,
.block_size = 144,
.key_size = {
.min = 1,
.max = 144,
.increment = 1
},
.digest_size = {
.min = 28,
.max = 28,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC,
.block_size = 136,
.key_size = {
.min = 1,
.max = 136,
.increment = 1
},
.digest_size = {
.min = 32,
.max = 32,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC,
.block_size = 104,
.key_size = {
.min = 1,
.max = 104,
.increment = 1
},
.digest_size = {
.min = 48,
.max = 48,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* SHA3_512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC,
.block_size = 72,
.key_size = {
.min = 1,
.max = 72,
.increment = 1
},
.digest_size = {
.min = 64,
.max = 64,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* AES XCBC MAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
.block_size = 16,
.key_size = {
.min = 1,
.max = 16,
.increment = 1
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* AES GMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_AES_GMAC,
.block_size = 16,
.key_size = {
.min = 16,
.max = 32,
.increment = 8
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
.aad_size = {
.min = 0,
.max = 65535,
.increment = 1
},
.iv_size = {
.min = 12,
.max = 16,
.increment = 4
},
}, }
}, }
},
{
/* AES CMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_AES_CMAC,
.block_size = 16,
.key_size = {
.min = 1,
.max = 16,
.increment = 1
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* AES CBC MAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
{.auth = {
.algo = RTE_CRYPTO_AUTH_AES_CBC_MAC,
.block_size = 16,
.key_size = {
.min = 1,
.max = 16,
.increment = 1
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
.aad_size = { 0 }
}, }
}, }
},
{
/* AES ECB */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_AES_ECB,
.block_size = 16,
.key_size = {
.min = 16,
.max = 32,
.increment = 8
},
.iv_size = {
.min = 0,
.max = 0,
.increment = 0
}
}, }
}, }
},
{
/* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_AES_CBC,
.block_size = 16,
.key_size = {
.min = 16,
.max = 32,
.increment = 8
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{
/* AES CTR */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_AES_CTR,
.block_size = 16,
.key_size = {
.min = 16,
.max = 32,
.increment = 8
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{
/* AES XTS */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_AES_XTS,
.block_size = 16,
.key_size = {
.min = 32,
.max = 64,
.increment = 32
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{
/* DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_DES_CBC,
.block_size = 8,
.key_size = {
.min = 8,
.max = 8,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{
/* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
.block_size = 8,
.key_size = {
.min = 24,
.max = 24,
.increment = 0
},
.iv_size = {
.min = 16,
.max = 16,
.increment = 0
}
}, }
}, }
},
{
/* 3DES ECB */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
{.cipher = {
.algo = RTE_CRYPTO_CIPHER_3DES_ECB,
.block_size = 8,
.key_size = {
.min = 24,
.max = 24,
.increment = 0
},
.iv_size = {
.min = 0,
.max = 0,
.increment = 0
}
}, }
}, }
},
{
/* AES GCM */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
{.aead = {
.algo = RTE_CRYPTO_AEAD_AES_GCM,
.block_size = 16,
.key_size = {
.min = 16,
.max = 32,
.increment = 8
},
.digest_size = {
.min = 16,
.max = 16,
.increment = 0
},
.aad_size = {
.min = 0,
.max = 65535,
.increment = 1
},
.iv_size = {
.min = 12,
.max = 16,
.increment = 4
},
}, }
}, }
},
{
/* AES CCM */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
{.aead = {
.algo = RTE_CRYPTO_AEAD_AES_CCM,
.block_size = 16,
.key_size = {
.min = 16,
.max = 32,
.increment = 8
},
.digest_size = {
.min = 4,
.max = 16,
.increment = 2
},
.aad_size = {
.min = 0,
.max = 65535,
.increment = 1
},
.iv_size = {
.min = 7,
.max = 13,
.increment = 1
},
}, }
}, }
},
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
const struct rte_cryptodev_capabilities *
bcmfs_sym_get_capabilities(void)
{
return bcmfs_sym_capabilities;
}

15
drivers/crypto/bcmfs/bcmfs_sym_capabilities.h Normal file
View File

@ -0,0 +1,15 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2020 Broadcom
* All rights reserved.
*/
#ifndef _BCMFS_SYM_CAPABILITIES_H_
#define _BCMFS_SYM_CAPABILITIES_H_
/*
* Get capabilities list for the device
*
*/
const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void);
#endif /* _BCMFS_SYM_CAPABILITIES_H__ */

34
drivers/crypto/bcmfs/bcmfs_sym_defs.h Normal file
View File

@ -0,0 +1,34 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2020 Broadcom
* All rights reserved.
*/
#ifndef _BCMFS_SYM_DEFS_H_
#define _BCMFS_SYM_DEFS_H_
/*
* Max block size of hash algorithm
* currently SHA3 supports max block size
* of 144 bytes
*/
#define BCMFS_MAX_KEY_SIZE 144
#define BCMFS_MAX_IV_SIZE 16
#define BCMFS_MAX_DIGEST_SIZE 64
struct bcmfs_sym_session;
struct bcmfs_sym_request;
/** Crypto Request processing successful. */
#define BCMFS_SYM_RESPONSE_SUCCESS (0)
/** Crypot Request processing protocol failure. */
#define BCMFS_SYM_RESPONSE_PROTO_FAILURE (1)
/** Crypot Request processing completion failure. */
#define BCMFS_SYM_RESPONSE_COMPL_ERROR (2)
/** Crypot Request processing hash tag check error. */
#define BCMFS_SYM_RESPONSE_HASH_TAG_ERROR (3)
int
bcmfs_process_sym_crypto_op(struct rte_crypto_op *op,
struct bcmfs_sym_session *sess,
struct bcmfs_sym_request *req);
#endif /* _BCMFS_SYM_DEFS_H_ */

13
drivers/crypto/bcmfs/bcmfs_sym_pmd.c
View File

@ -14,6 +14,8 @@
#include "bcmfs_qp.h" #include "bcmfs_qp.h"
#include "bcmfs_sym_pmd.h" #include "bcmfs_sym_pmd.h"
#include "bcmfs_sym_req.h" #include "bcmfs_sym_req.h"
#include "bcmfs_sym_session.h"
#include "bcmfs_sym_capabilities.h"
uint8_t cryptodev_bcmfs_driver_id; uint8_t cryptodev_bcmfs_driver_id;
@ -65,6 +67,7 @@ bcmfs_sym_dev_info_get(struct rte_cryptodev *dev,
dev_info->max_nb_queue_pairs = fsdev->max_hw_qps; dev_info->max_nb_queue_pairs = fsdev->max_hw_qps;
/* No limit of number of sessions */ /* No limit of number of sessions */
dev_info->sym.max_nb_sessions = 0; dev_info->sym.max_nb_sessions = 0;
dev_info->capabilities = bcmfs_sym_get_capabilities();
} }
} }
@ -228,6 +231,10 @@ static struct rte_cryptodev_ops crypto_bcmfs_ops = {
/* Queue-Pair management */ /* Queue-Pair management */
.queue_pair_setup = bcmfs_sym_qp_setup, .queue_pair_setup = bcmfs_sym_qp_setup,
.queue_pair_release = bcmfs_sym_qp_release, .queue_pair_release = bcmfs_sym_qp_release,
/* Crypto session related operations */
.sym_session_get_size = bcmfs_sym_session_get_private_size,
.sym_session_configure = bcmfs_sym_session_configure,
.sym_session_clear = bcmfs_sym_session_clear
}; };
/** Enqueue burst */ /** Enqueue burst */
@ -239,6 +246,7 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,
int i, j; int i, j;
uint16_t enq = 0; uint16_t enq = 0;
struct bcmfs_sym_request *sreq; struct bcmfs_sym_request *sreq;
struct bcmfs_sym_session *sess;
struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair; struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair;
if (nb_ops == 0) if (nb_ops == 0)
@ -252,6 +260,10 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,
nb_ops = qp->nb_descriptors - qp->nb_pending_requests; nb_ops = qp->nb_descriptors - qp->nb_pending_requests;
for (i = 0; i < nb_ops; i++) { for (i = 0; i < nb_ops; i++) {
sess = bcmfs_sym_get_session(ops[i]);
if (unlikely(sess == NULL))
goto enqueue_err;
if (rte_mempool_get(qp->sr_mp, (void **)&sreq)) if (rte_mempool_get(qp->sr_mp, (void **)&sreq))
goto enqueue_err; goto enqueue_err;
@ -356,6 +368,7 @@ bcmfs_sym_dev_create(struct bcmfs_device *fsdev)
fsdev->sym_dev = internals; fsdev->sym_dev = internals;
internals->sym_dev_id = cryptodev->data->dev_id; internals->sym_dev_id = cryptodev->data->dev_id;
internals->fsdev_capabilities = bcmfs_sym_get_capabilities();
BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d", BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d",
cryptodev->data->name, internals->sym_dev_id); cryptodev->data->name, internals->sym_dev_id);

282
drivers/crypto/bcmfs/bcmfs_sym_session.c Normal file
View File

@ -0,0 +1,282 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2020 Broadcom
* All rights reserved.
*/
#include <rte_crypto.h>
#include <rte_crypto_sym.h>
#include <rte_log.h>
#include "bcmfs_logs.h"
#include "bcmfs_sym_defs.h"
#include "bcmfs_sym_pmd.h"
#include "bcmfs_sym_session.h"
/** Configure the session from a crypto xform chain */
static enum bcmfs_sym_chain_order
crypto_get_chain_order(const struct rte_crypto_sym_xform *xform)
{
enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED;
if (xform != NULL) {
if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
res = BCMFS_SYM_CHAIN_AEAD;
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
if (xform->next == NULL)
res = BCMFS_SYM_CHAIN_ONLY_AUTH;
else if (xform->next->type ==
RTE_CRYPTO_SYM_XFORM_CIPHER)
res = BCMFS_SYM_CHAIN_AUTH_CIPHER;
}
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
if (xform->next == NULL)
res = BCMFS_SYM_CHAIN_ONLY_CIPHER;
else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
res = BCMFS_SYM_CHAIN_CIPHER_AUTH;
}
}
return res;
}
/* Get session cipher key from input cipher key */
static void
get_key(const uint8_t *input_key, int keylen, uint8_t *session_key)
{
memcpy(session_key, input_key, keylen);
}
/* Set session cipher parameters */
static int
crypto_set_session_cipher_parameters(struct bcmfs_sym_session *sess,
const struct rte_crypto_cipher_xform *cipher_xform)
{
if (cipher_xform->key.length > BCMFS_MAX_KEY_SIZE) {
BCMFS_DP_LOG(ERR, "key length not supported");
return -EINVAL;
}
sess->cipher.key.length = cipher_xform->key.length;
sess->cipher.iv.offset = cipher_xform->iv.offset;
sess->cipher.iv.length = cipher_xform->iv.length;
sess->cipher.op = cipher_xform->op;
sess->cipher.algo = cipher_xform->algo;
get_key(cipher_xform->key.data,
sess->cipher.key.length,
sess->cipher.key.data);
return 0;
}
/* Set session auth parameters */
static int
crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess,
const struct rte_crypto_auth_xform *auth_xform)
{
if (auth_xform->key.length > BCMFS_MAX_KEY_SIZE) {
BCMFS_DP_LOG(ERR, "key length not supported");
return -EINVAL;
}
sess->auth.op = auth_xform->op;
sess->auth.key.length = auth_xform->key.length;
sess->auth.digest_length = auth_xform->digest_length;
sess->auth.iv.length = auth_xform->iv.length;
sess->auth.iv.offset = auth_xform->iv.offset;
sess->auth.algo = auth_xform->algo;
get_key(auth_xform->key.data,
auth_xform->key.length,
sess->auth.key.data);
return 0;
}
/* Set session aead parameters */
static int
crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess,
const struct rte_crypto_sym_xform *aead_xform)
{
if (aead_xform->aead.key.length > BCMFS_MAX_KEY_SIZE) {
BCMFS_DP_LOG(ERR, "key length not supported");
return -EINVAL;
}
sess->aead.iv.offset = aead_xform->aead.iv.offset;
sess->aead.iv.length = aead_xform->aead.iv.length;
sess->aead.aad_length = aead_xform->aead.aad_length;
sess->aead.key.length = aead_xform->aead.key.length;
sess->aead.digest_length = aead_xform->aead.digest_length;
sess->aead.op = aead_xform->aead.op;
sess->aead.algo = aead_xform->aead.algo;
get_key(aead_xform->aead.key.data,
aead_xform->aead.key.length,
sess->aead.key.data);
return 0;
}
static struct rte_crypto_auth_xform *
crypto_get_auth_xform(struct rte_crypto_sym_xform *xform)
{
do {
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
return &xform->auth;
xform = xform->next;
} while (xform);
return NULL;
}
static struct rte_crypto_cipher_xform *
crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform)
{
do {
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
return &xform->cipher;
xform = xform->next;
} while (xform);
return NULL;
}
/** Parse crypto xform chain and set private session parameters */
static int
crypto_set_session_parameters(struct bcmfs_sym_session *sess,
struct rte_crypto_sym_xform *xform)
{
int rc = 0;
struct rte_crypto_cipher_xform *cipher_xform =
crypto_get_cipher_xform(xform);
struct rte_crypto_auth_xform *auth_xform =
crypto_get_auth_xform(xform);
sess->chain_order = crypto_get_chain_order(xform);
switch (sess->chain_order) {
case BCMFS_SYM_CHAIN_ONLY_CIPHER:
if (crypto_set_session_cipher_parameters(sess, cipher_xform))
rc = -EINVAL;
break;
case BCMFS_SYM_CHAIN_ONLY_AUTH:
if (crypto_set_session_auth_parameters(sess, auth_xform))
rc = -EINVAL;
break;
case BCMFS_SYM_CHAIN_AUTH_CIPHER:
sess->cipher_first = false;
if (crypto_set_session_auth_parameters(sess, auth_xform)) {
rc = -EINVAL;
goto error;
}
if (crypto_set_session_cipher_parameters(sess, cipher_xform))
rc = -EINVAL;
break;
case BCMFS_SYM_CHAIN_CIPHER_AUTH:
sess->cipher_first = true;
if (crypto_set_session_auth_parameters(sess, auth_xform)) {
rc = -EINVAL;
goto error;
}
if (crypto_set_session_cipher_parameters(sess, cipher_xform))
rc = -EINVAL;
break;
case BCMFS_SYM_CHAIN_AEAD:
if (crypto_set_session_aead_parameters(sess, xform))
rc = -EINVAL;
break;
default:
BCMFS_DP_LOG(ERR, "Invalid chain order\n");
rc = -EINVAL;
break;
}
error:
return rc;
}
struct bcmfs_sym_session *
bcmfs_sym_get_session(struct rte_crypto_op *op)
{
struct bcmfs_sym_session *sess = NULL;
if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
} else if (likely(op->sym->session != NULL)) {
/* get existing session */
sess = (struct bcmfs_sym_session *)
get_sym_session_private_data(op->sym->session,
cryptodev_bcmfs_driver_id);
}
if (sess == NULL)
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
return sess;
}
int
bcmfs_sym_session_configure(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
struct rte_cryptodev_sym_session *sess,
struct rte_mempool *mempool)
{
void *sess_private_data;
int ret;
if (unlikely(sess == NULL)) {
BCMFS_DP_LOG(ERR, "Invalid session struct");
return -EINVAL;
}
if (rte_mempool_get(mempool, &sess_private_data)) {
BCMFS_DP_LOG(ERR,
"Couldn't get object from session mempool");
return -ENOMEM;
}
ret = crypto_set_session_parameters(sess_private_data, xform);
if (ret != 0) {
BCMFS_DP_LOG(ERR, "Failed configure session parameters");
/* Return session to mempool */
rte_mempool_put(mempool, sess_private_data);
return ret;
}
set_sym_session_private_data(sess, dev->driver_id,
sess_private_data);
return 0;
}
/* Clear the memory of session so it doesn't leave key material behind */
void
bcmfs_sym_session_clear(struct rte_cryptodev *dev,
struct rte_cryptodev_sym_session *sess)
{
uint8_t index = dev->driver_id;
void *sess_priv = get_sym_session_private_data(sess, index);
if (sess_priv) {
struct rte_mempool *sess_mp;
memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
sess_mp = rte_mempool_from_obj(sess_priv);
set_sym_session_private_data(sess, index, NULL);
rte_mempool_put(sess_mp, sess_priv);
}
}
unsigned int
bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
{
return sizeof(struct bcmfs_sym_session);
}

109
drivers/crypto/bcmfs/bcmfs_sym_session.h Normal file
View File

@ -0,0 +1,109 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2020 Broadcom
* All rights reserved.
*/
#ifndef _BCMFS_SYM_SESSION_H_
#define _BCMFS_SYM_SESSION_H_
#include <stdbool.h>
#include <rte_crypto.h>
#include <rte_cryptodev_pmd.h>
#include "bcmfs_sym_defs.h"
#include "bcmfs_sym_req.h"
/* BCMFS_SYM operation order mode enumerator */
enum bcmfs_sym_chain_order {
BCMFS_SYM_CHAIN_ONLY_CIPHER,
BCMFS_SYM_CHAIN_ONLY_AUTH,
BCMFS_SYM_CHAIN_CIPHER_AUTH,
BCMFS_SYM_CHAIN_AUTH_CIPHER,
BCMFS_SYM_CHAIN_AEAD,
BCMFS_SYM_CHAIN_NOT_SUPPORTED
};
/* BCMFS_SYM crypto private session structure */
struct bcmfs_sym_session {
enum bcmfs_sym_chain_order chain_order;
/* Cipher Parameters */
struct {
enum rte_crypto_cipher_operation op;
/* Cipher operation */
enum rte_crypto_cipher_algorithm algo;
/* Cipher algorithm */
struct {
uint8_t data[BCMFS_MAX_KEY_SIZE];
size_t length;
} key;
struct {
uint16_t offset;
uint16_t length;
} iv;
} cipher;
/* Authentication Parameters */
struct {
enum rte_crypto_auth_operation op;
/* Auth operation */
enum rte_crypto_auth_algorithm algo;
/* Auth algorithm */
struct {
uint8_t data[BCMFS_MAX_KEY_SIZE];
size_t length;
} key;
struct {
uint16_t offset;
uint16_t length;
} iv;
uint16_t digest_length;
} auth;
/* Aead Parameters */
struct {
enum rte_crypto_aead_operation op;
/* AEAD operation */
enum rte_crypto_aead_algorithm algo;
/* AEAD algorithm */
struct {
uint8_t data[BCMFS_MAX_KEY_SIZE];
size_t length;
} key;
struct {
uint16_t offset;
uint16_t length;
} iv;
uint16_t digest_length;
uint16_t aad_length;
} aead;
bool cipher_first;
} __rte_cache_aligned;
int
bcmfs_process_crypto_op(struct rte_crypto_op *op,
struct bcmfs_sym_session *sess,
struct bcmfs_sym_request *req);
int
bcmfs_sym_session_configure(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
struct rte_cryptodev_sym_session *sess,
struct rte_mempool *mempool);
void
bcmfs_sym_session_clear(struct rte_cryptodev *dev,
struct rte_cryptodev_sym_session *sess);
unsigned int
bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused);
struct bcmfs_sym_session *
bcmfs_sym_get_session(struct rte_crypto_op *op);
#endif /* _BCMFS_SYM_SESSION_H_ */

4
drivers/crypto/bcmfs/meson.build
View File

@ -12,5 +12,7 @@ sources = files(
'hw/bcmfs4_rm.c', 'hw/bcmfs4_rm.c',
'hw/bcmfs5_rm.c', 'hw/bcmfs5_rm.c',
'hw/bcmfs_rm_common.c', 'hw/bcmfs_rm_common.c',
'bcmfs_sym_pmd.c' 'bcmfs_sym_pmd.c',
'bcmfs_sym_capabilities.c',
'bcmfs_sym_session.c'
) )