/** Set session authentication parameters */
static int
aesni_mb_set_session_auth_parameters(const struct aesni_mb_ops *mb_ops,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform)
{
hash_one_block_t hash_oneblock_fn;
if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
MB_LOG_ERR("Crypto xform struct not of type auth");
return -1;
}
/* Set Authentication Parameters */
if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {
sess->auth.algo = AES_XCBC;
(*mb_ops->aux.keyexp.aes_xcbc)(xform->auth.key.data,
sess->auth.xcbc.k1_expanded,
sess->auth.xcbc.k2, sess->auth.xcbc.k3);
return 0;
}
switch (xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
sess->auth.algo = MD5;
hash_oneblock_fn = mb_ops->aux.one_block.md5;
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
sess->auth.algo = SHA1;
hash_oneblock_fn = mb_ops->aux.one_block.sha1;
break;
case RTE_CRYPTO_AUTH_SHA224_HMAC:
sess->auth.algo = SHA_224;
hash_oneblock_fn = mb_ops->aux.one_block.sha224;
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
sess->auth.algo = SHA_256;
hash_oneblock_fn = mb_ops->aux.one_block.sha256;
break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
sess->auth.algo = SHA_384;
hash_oneblock_fn = mb_ops->aux.one_block.sha384;
break;
case RTE_CRYPTO_AUTH_SHA512_HMAC:
sess->auth.algo = SHA_512;
hash_oneblock_fn = mb_ops->aux.one_block.sha512;
break;
default:
MB_LOG_ERR("Unsupported authentication algorithm selection");
return -1;
}
/* Calculate Authentication precomputes */
calculate_auth_precomputes(hash_oneblock_fn,
sess->auth.pads.inner, sess->auth.pads.outer,
xform->auth.key.data,
xform->auth.key.length,
get_auth_algo_blocksize(sess->auth.algo));
return 0;
}
/**
* Process a crypto operation and complete a JOB_AES_HMAC job structure for
* submission to the multi buffer library for processing.
*
* @param qp queue pair
* @param job JOB_AES_HMAC structure to fill
* @param m mbuf to process
*
* @return
* - Completed JOB_AES_HMAC structure pointer on success
* - NULL pointer if completion of JOB_AES_HMAC structure isn't possible
*/
static JOB_AES_HMAC *
process_crypto_op(struct aesni_mb_qp *qp, struct rte_crypto_op *op,
struct aesni_mb_session *session)
{
JOB_AES_HMAC *job;
struct rte_mbuf *m_src = op->sym->m_src, *m_dst;
uint16_t m_offset = 0;
job = (*qp->ops->job.get_next)(&qp->mb_mgr);
if (unlikely(job == NULL))
return job;
/* Set crypto operation */
job->chain_order = session->chain_order;
/* Set cipher parameters */
job->cipher_direction = session->cipher.direction;
job->cipher_mode = session->cipher.mode;
job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes;
job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode;
job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode;
/* Set authentication parameters */
job->hash_alg = session->auth.algo;
if (job->hash_alg == AES_XCBC) {
job->_k1_expanded = session->auth.xcbc.k1_expanded;
job->_k2 = session->auth.xcbc.k2;
job->_k3 = session->auth.xcbc.k3;
} else {
job->hashed_auth_key_xor_ipad = session->auth.pads.inner;
job->hashed_auth_key_xor_opad = session->auth.pads.outer;
}
/* Mutable crypto operation parameters */
if (op->sym->m_dst) {
m_src = m_dst = op->sym->m_dst;
/* append space for output data to mbuf */
char *odata = rte_pktmbuf_append(m_dst,
rte_pktmbuf_data_len(op->sym->m_src));
if (odata == NULL) {
MB_LOG_ERR("failed to allocate space in destination "
"mbuf for source data");
return NULL;
}
memcpy(odata, rte_pktmbuf_mtod(op->sym->m_src, void*),
rte_pktmbuf_data_len(op->sym->m_src));
} else {
/** Parse crypto xform chain and set private session parameters */
int
aesni_mb_set_session_parameters(const struct aesni_mb_ops *mb_ops,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform)
{
const struct rte_crypto_sym_xform *auth_xform = NULL;
const struct rte_crypto_sym_xform *cipher_xform = NULL;
/* Select Crypto operation - hash then cipher / cipher then hash */
switch (aesni_mb_get_chain_order(xform)) {
case HASH_CIPHER:
sess->chain_order = HASH_CIPHER;
auth_xform = xform;
cipher_xform = xform->next;
break;
case CIPHER_HASH:
sess->chain_order = CIPHER_HASH;
auth_xform = xform->next;
cipher_xform = xform;
break;
default:
MB_LOG_ERR("Unsupported operation chain order parameter");
return -1;
}
if (aesni_mb_set_session_auth_parameters(mb_ops, sess, auth_xform)) {
MB_LOG_ERR("Invalid/unsupported authentication parameters");
return -1;
}
if (aesni_mb_set_session_cipher_parameters(mb_ops, sess,
cipher_xform)) {
MB_LOG_ERR("Invalid/unsupported cipher parameters");
return -1;
}
return 0;
}
/** Set session cipher parameters */
static int
aesni_mb_set_session_cipher_parameters(const struct aesni_mb_ops *mb_ops,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform)
{
aes_keyexp_t aes_keyexp_fn;
if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
MB_LOG_ERR("Crypto xform struct not of type cipher");
return -1;
}
/* Select cipher direction */
switch (xform->cipher.op) {
case RTE_CRYPTO_CIPHER_OP_ENCRYPT:
sess->cipher.direction = ENCRYPT;
break;
case RTE_CRYPTO_CIPHER_OP_DECRYPT:
sess->cipher.direction = DECRYPT;
break;
default:
MB_LOG_ERR("Unsupported cipher operation parameter");
return -1;
}
/* Select cipher mode */
switch (xform->cipher.algo) {
case RTE_CRYPTO_CIPHER_AES_CBC:
sess->cipher.mode = CBC;
break;
case RTE_CRYPTO_CIPHER_AES_CTR:
sess->cipher.mode = CNTR;
break;
default:
MB_LOG_ERR("Unsupported cipher mode parameter");
return -1;
}
/* Check key length and choose key expansion function */
switch (xform->cipher.key.length) {
case AES_128_BYTES:
sess->cipher.key_length_in_bytes = AES_128_BYTES;
aes_keyexp_fn = mb_ops->aux.keyexp.aes128;
break;
case AES_192_BYTES:
sess->cipher.key_length_in_bytes = AES_192_BYTES;
aes_keyexp_fn = mb_ops->aux.keyexp.aes192;
break;
case AES_256_BYTES:
sess->cipher.key_length_in_bytes = AES_256_BYTES;
aes_keyexp_fn = mb_ops->aux.keyexp.aes256;
break;
default:
MB_LOG_ERR("Unsupported cipher key length");
return -1;
}
/* Expanded cipher keys */
(*aes_keyexp_fn)(xform->cipher.key.data,
sess->cipher.expanded_aes_keys.encode,
sess->cipher.expanded_aes_keys.decode);
return 0;
}
static int
cryptodev_aesni_mb_create(const char *name, unsigned socket_id)
{
struct rte_cryptodev *dev;
char crypto_dev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
struct aesni_mb_private *internals;
enum aesni_mb_vector_mode vector_mode;
/* Check CPU for support for AES instruction set */
if (!rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) {
MB_LOG_ERR("AES instructions not supported by CPU");
return -EFAULT;
}
/* Check CPU for supported vector instruction set */
if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2))
vector_mode = RTE_AESNI_MB_AVX2;
else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
vector_mode = RTE_AESNI_MB_AVX;
else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_SSE4_1))
vector_mode = RTE_AESNI_MB_SSE;
else {
MB_LOG_ERR("Vector instructions are not supported by CPU");
return -EFAULT;
}
/* create a unique device name */
if (create_unique_device_name(crypto_dev_name,
RTE_CRYPTODEV_NAME_MAX_LEN) != 0) {
MB_LOG_ERR("failed to create unique cryptodev name");
return -EINVAL;
}
dev = rte_cryptodev_pmd_virtual_dev_init(crypto_dev_name,
sizeof(struct aesni_mb_private), socket_id);
if (dev == NULL) {
MB_LOG_ERR("failed to create cryptodev vdev");
goto init_error;
}
dev->dev_type = RTE_CRYPTODEV_AESNI_MB_PMD;
dev->dev_ops = rte_aesni_mb_pmd_ops;
/* register rx/tx burst functions for data path */
dev->dequeue_burst = aesni_mb_pmd_dequeue_burst;
dev->enqueue_burst = aesni_mb_pmd_enqueue_burst;
/* Set vector instructions mode supported */
internals = dev->data->dev_private;
internals->vector_mode = vector_mode;
internals->max_nb_queue_pairs = RTE_AESNI_MB_PMD_MAX_NB_QUEUE_PAIRS;
internals->max_nb_sessions = RTE_AESNI_MB_PMD_MAX_NB_SESSIONS;
return dev->data->dev_id;
init_error:
MB_LOG_ERR("driver %s: cryptodev_aesni_create failed", name);
cryptodev_aesni_mb_uninit(crypto_dev_name);
return -EFAULT;
}
