2 * ipsecmb.c - Intel IPSec Multi-buffer library Crypto Engine
4 * Copyright (c) 2019 Cisco Systemss
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 #include <intel-ipsec-mb.h>
22 #include <vnet/vnet.h>
23 #include <vnet/plugin/plugin.h>
24 #include <vpp/app/version.h>
25 #include <vnet/crypto/crypto.h>
26 #include <vppinfra/cpu.h>
32 } ipsecmb_per_thread_data_t;
34 typedef struct ipsecmb_main_t_
36 ipsecmb_per_thread_data_t *per_thread_data;
40 * AES GCM key=expansion VFT
42 typedef void (*ase_gcm_pre_t) (const void *key,
43 struct gcm_key_data * key_data);
45 typedef struct ipsecmb_gcm_pre_vft_t_
47 ase_gcm_pre_t ase_gcm_pre_128;
48 ase_gcm_pre_t ase_gcm_pre_192;
49 ase_gcm_pre_t ase_gcm_pre_256;
50 } ipsecmb_gcm_pre_vft_t;
52 static ipsecmb_gcm_pre_vft_t ipsecmb_gcm_pre_vft;
54 #define INIT_IPSEC_MB_GCM_PRE(_arch) \
55 ipsecmb_gcm_pre_vft.ase_gcm_pre_128 = aes_gcm_pre_128_##_arch; \
56 ipsecmb_gcm_pre_vft.ase_gcm_pre_192 = aes_gcm_pre_192_##_arch; \
57 ipsecmb_gcm_pre_vft.ase_gcm_pre_256 = aes_gcm_pre_256_##_arch;
59 static ipsecmb_main_t ipsecmb_main;
61 #define foreach_ipsecmb_hmac_op \
63 _(SHA256, SHA_256, sha256) \
64 _(SHA384, SHA_384, sha384) \
65 _(SHA512, SHA_512, sha512)
68 * (Alg, key-len-bits, key-len-bytes, iv-len-bytes)
70 #define foreach_ipsecmb_cbc_cipher_op \
71 _(AES_128_CBC, 128, 16, 16) \
72 _(AES_192_CBC, 192, 24, 16) \
73 _(AES_256_CBC, 256, 32, 16)
76 * (Alg, key-len-bits, key-len-bytes, iv-len-bytes)
78 #define foreach_ipsecmb_gcm_cipher_op \
79 _(AES_128_GCM, 128, 16, 12) \
80 _(AES_192_GCM, 192, 24, 12) \
81 _(AES_256_GCM, 256, 32, 12)
84 hash_expand_keys (const MB_MGR * mgr,
88 u8 ipad[256], u8 opad[256], hash_one_block_t fn)
93 if (length > block_size)
98 memset (buf, 0x36, sizeof (buf));
99 for (i = 0; i < length; i++)
105 memset (buf, 0x5c, sizeof (buf));
107 for (i = 0; i < length; i++)
115 ipsecmb_retire_hmac_job (JOB_AES_HMAC * job, u32 * n_fail)
117 vnet_crypto_op_t *op = job->user_data;
119 if (STS_COMPLETED != job->status)
121 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
122 *n_fail = *n_fail + 1;
125 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
127 if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
129 if ((memcmp (op->digest, job->auth_tag_output, op->digest_len)))
131 *n_fail = *n_fail + 1;
132 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
136 clib_memcpy_fast (op->digest, job->auth_tag_output, op->digest_len);
139 static_always_inline u32
140 ipsecmb_ops_hmac_inline (vlib_main_t * vm,
141 const ipsecmb_per_thread_data_t * ptd,
142 vnet_crypto_op_t * ops[],
145 hash_one_block_t fn, JOB_HASH_ALG alg)
149 u8 scratch[n_ops][64];
152 * queue all the jobs first ...
154 for (i = 0; i < n_ops; i++)
156 vnet_crypto_op_t *op = ops[i];
157 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
158 u8 ipad[256], opad[256];
160 hash_expand_keys (ptd->mgr, key->data, vec_len (key->data),
161 block_size, ipad, opad, fn);
163 job = IMB_GET_NEXT_JOB (ptd->mgr);
166 job->hash_start_src_offset_in_bytes = 0;
167 job->msg_len_to_hash_in_bytes = op->len;
169 job->auth_tag_output_len_in_bytes = op->digest_len;
170 job->auth_tag_output = scratch[i];
172 job->cipher_mode = NULL_CIPHER;
173 job->cipher_direction = DECRYPT;
174 job->chain_order = HASH_CIPHER;
176 job->aes_key_len_in_bytes = vec_len (key->data);
178 job->u.HMAC._hashed_auth_key_xor_ipad = ipad;
179 job->u.HMAC._hashed_auth_key_xor_opad = opad;
182 job = IMB_SUBMIT_JOB (ptd->mgr);
185 ipsecmb_retire_hmac_job (job, &n_fail);
189 * .. then flush (i.e. complete) them
190 * We will have queued enough to satisfy the 'multi' buffer
192 while ((job = IMB_FLUSH_JOB (ptd->mgr)))
194 ipsecmb_retire_hmac_job (job, &n_fail);
197 return n_ops - n_fail;
201 static_always_inline u32 \
202 ipsecmb_ops_hmac_##a (vlib_main_t * vm, \
203 vnet_crypto_op_t * ops[], \
206 ipsecmb_per_thread_data_t *ptd; \
207 ipsecmb_main_t *imbm; \
209 imbm = &ipsecmb_main; \
210 ptd = vec_elt_at_index (imbm->per_thread_data, vm->thread_index); \
212 return ipsecmb_ops_hmac_inline (vm, ptd, ops, n_ops, \
214 ptd->mgr->c##_one_block, \
217 foreach_ipsecmb_hmac_op;
220 #define EXPANDED_KEY_N_BYTES (16 * 15)
223 ipsecmb_retire_cipher_job (JOB_AES_HMAC * job, u32 * n_fail)
225 vnet_crypto_op_t *op = job->user_data;
227 if (STS_COMPLETED != job->status)
229 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
230 *n_fail = *n_fail + 1;
233 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
236 static_always_inline u32
237 ipsecmb_ops_cbc_cipher_inline (vlib_main_t * vm,
238 ipsecmb_per_thread_data_t * ptd,
239 vnet_crypto_op_t * ops[],
240 u32 n_ops, u32 key_len, u32 iv_len,
241 keyexp_t fn, JOB_CIPHER_DIRECTION direction)
247 * queue all the jobs first ...
249 for (i = 0; i < n_ops; i++)
251 u8 aes_enc_key_expanded[EXPANDED_KEY_N_BYTES];
252 u8 aes_dec_key_expanded[EXPANDED_KEY_N_BYTES];
253 vnet_crypto_op_t *op = ops[i];
254 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
257 fn (key->data, aes_enc_key_expanded, aes_dec_key_expanded);
259 job = IMB_GET_NEXT_JOB (ptd->mgr);
263 job->msg_len_to_cipher_in_bytes = op->len;
264 job->cipher_start_src_offset_in_bytes = 0;
266 job->hash_alg = NULL_HASH;
267 job->cipher_mode = CBC;
268 job->cipher_direction = direction;
269 job->chain_order = (direction == ENCRYPT ? CIPHER_HASH : HASH_CIPHER);
271 if ((direction == ENCRYPT) && (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV))
274 _mm_storeu_si128 ((__m128i *) op->iv, iv);
275 ptd->cbc_iv = _mm_aesenc_si128 (iv, iv);
278 job->aes_key_len_in_bytes = key_len;
279 job->aes_enc_key_expanded = aes_enc_key_expanded;
280 job->aes_dec_key_expanded = aes_dec_key_expanded;
282 job->iv_len_in_bytes = iv_len;
286 job = IMB_SUBMIT_JOB (ptd->mgr);
289 ipsecmb_retire_cipher_job (job, &n_fail);
293 * .. then flush (i.e. complete) them
294 * We will have queued enough to satisfy the 'multi' buffer
296 while ((job = IMB_FLUSH_JOB (ptd->mgr)))
298 ipsecmb_retire_cipher_job (job, &n_fail);
301 return n_ops - n_fail;
304 #define _(a, b, c, d) \
305 static_always_inline u32 \
306 ipsecmb_ops_cbc_cipher_enc_##a (vlib_main_t * vm, \
307 vnet_crypto_op_t * ops[], \
310 ipsecmb_per_thread_data_t *ptd; \
311 ipsecmb_main_t *imbm; \
313 imbm = &ipsecmb_main; \
314 ptd = vec_elt_at_index (imbm->per_thread_data, vm->thread_index); \
316 return ipsecmb_ops_cbc_cipher_inline (vm, ptd, ops, n_ops, c, d, \
317 ptd->mgr->keyexp_##b, \
320 foreach_ipsecmb_cbc_cipher_op;
323 #define _(a, b, c, d) \
324 static_always_inline u32 \
325 ipsecmb_ops_cbc_cipher_dec_##a (vlib_main_t * vm, \
326 vnet_crypto_op_t * ops[], \
329 ipsecmb_per_thread_data_t *ptd; \
330 ipsecmb_main_t *imbm; \
332 imbm = &ipsecmb_main; \
333 ptd = vec_elt_at_index (imbm->per_thread_data, vm->thread_index); \
335 return ipsecmb_ops_cbc_cipher_inline (vm, ptd, ops, n_ops, c, d, \
336 ptd->mgr->keyexp_##b, \
339 foreach_ipsecmb_cbc_cipher_op;
343 ipsecmb_retire_gcm_cipher_job (JOB_AES_HMAC * job,
344 u32 * n_fail, JOB_CIPHER_DIRECTION direction)
346 vnet_crypto_op_t *op = job->user_data;
348 if (STS_COMPLETED != job->status)
350 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
351 *n_fail = *n_fail + 1;
354 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
356 if (DECRYPT == direction)
358 if ((memcmp (op->tag, job->auth_tag_output, op->tag_len)))
360 *n_fail = *n_fail + 1;
361 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
366 static_always_inline u32
367 ipsecmb_ops_gcm_cipher_inline (vlib_main_t * vm,
368 ipsecmb_per_thread_data_t * ptd,
369 vnet_crypto_op_t * ops[],
370 u32 n_ops, u32 key_len, u32 iv_len,
372 JOB_CIPHER_DIRECTION direction)
376 u8 scratch[n_ops][64];
379 * queue all the jobs first ...
381 for (i = 0; i < n_ops; i++)
383 struct gcm_key_data key_data;
384 vnet_crypto_op_t *op = ops[i];
385 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
389 fn (key->data, &key_data);
391 job = IMB_GET_NEXT_JOB (ptd->mgr);
395 job->msg_len_to_cipher_in_bytes = op->len;
396 job->cipher_start_src_offset_in_bytes = 0;
398 job->hash_alg = AES_GMAC;
399 job->cipher_mode = GCM;
400 job->cipher_direction = direction;
401 job->chain_order = (direction == ENCRYPT ? CIPHER_HASH : HASH_CIPHER);
403 if (direction == ENCRYPT)
405 if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
408 // only use 8 bytes of the IV
409 clib_memcpy_fast (op->iv, &iv, 8);
410 ptd->cbc_iv = _mm_aesenc_si128 (iv, iv);
413 clib_memcpy_fast (nonce + 1, op->iv, 8);
414 job->iv = (u8 *) nonce;
419 clib_memcpy_fast (nonce + 1, op->iv, 8);
423 job->aes_key_len_in_bytes = key_len;
424 job->aes_enc_key_expanded = &key_data;
425 job->aes_dec_key_expanded = &key_data;
426 job->iv_len_in_bytes = iv_len;
428 job->u.GCM.aad = op->aad;
429 job->u.GCM.aad_len_in_bytes = op->aad_len;
430 job->auth_tag_output_len_in_bytes = op->tag_len;
431 if (DECRYPT == direction)
432 job->auth_tag_output = scratch[i];
434 job->auth_tag_output = op->tag;
437 job = IMB_SUBMIT_JOB (ptd->mgr);
440 ipsecmb_retire_gcm_cipher_job (job, &n_fail, direction);
444 * .. then flush (i.e. complete) them
445 * We will have queued enough to satisfy the 'multi' buffer
447 while ((job = IMB_FLUSH_JOB (ptd->mgr)))
449 ipsecmb_retire_gcm_cipher_job (job, &n_fail, direction);
452 return n_ops - n_fail;
455 #define _(a, b, c, d) \
456 static_always_inline u32 \
457 ipsecmb_ops_gcm_cipher_enc_##a (vlib_main_t * vm, \
458 vnet_crypto_op_t * ops[], \
461 ipsecmb_per_thread_data_t *ptd; \
462 ipsecmb_main_t *imbm; \
464 imbm = &ipsecmb_main; \
465 ptd = vec_elt_at_index (imbm->per_thread_data, vm->thread_index); \
467 return ipsecmb_ops_gcm_cipher_inline (vm, ptd, ops, n_ops, c, d, \
468 ipsecmb_gcm_pre_vft.ase_gcm_pre_##b, \
471 foreach_ipsecmb_gcm_cipher_op;
474 #define _(a, b, c, d) \
475 static_always_inline u32 \
476 ipsecmb_ops_gcm_cipher_dec_##a (vlib_main_t * vm, \
477 vnet_crypto_op_t * ops[], \
480 ipsecmb_per_thread_data_t *ptd; \
481 ipsecmb_main_t *imbm; \
483 imbm = &ipsecmb_main; \
484 ptd = vec_elt_at_index (imbm->per_thread_data, vm->thread_index); \
486 return ipsecmb_ops_gcm_cipher_inline (vm, ptd, ops, n_ops, c, d, \
487 ipsecmb_gcm_pre_vft.ase_gcm_pre_##b, \
490 foreach_ipsecmb_gcm_cipher_op;
494 crypto_ipsecmb_iv_init (ipsecmb_main_t * imbm)
496 ipsecmb_per_thread_data_t *ptd;
497 clib_error_t *err = 0;
500 if ((fd = open ("/dev/urandom", O_RDONLY)) < 0)
501 return clib_error_return_unix (0, "failed to open '/dev/urandom'");
503 vec_foreach (ptd, imbm->per_thread_data)
505 if (read (fd, &ptd->cbc_iv, sizeof (ptd->cbc_iv)) != sizeof (ptd->cbc_iv))
507 err = clib_error_return_unix (0, "'/dev/urandom' read failure");
517 static clib_error_t *
518 crypto_ipsecmb_init (vlib_main_t * vm)
520 ipsecmb_main_t *imbm = &ipsecmb_main;
521 ipsecmb_per_thread_data_t *ptd;
522 vlib_thread_main_t *tm = vlib_get_thread_main ();
527 if ((error = vlib_call_init_function (vm, vnet_crypto_init)))
531 * A priority that is better than OpenSSL but worse than VPP natvie
533 name = format (0, "Intel(R) Multi-Buffer Crypto for IPsec Library %s%c",
535 eidx = vnet_crypto_register_engine (vm, "ipsecmb", 80, (char *) name);
537 vec_validate (imbm->per_thread_data, tm->n_vlib_mains - 1);
539 if (clib_cpu_supports_avx512f ())
541 vec_foreach (ptd, imbm->per_thread_data)
543 ptd->mgr = alloc_mb_mgr (0);
544 init_mb_mgr_avx512 (ptd->mgr);
545 INIT_IPSEC_MB_GCM_PRE (avx_gen4);
548 else if (clib_cpu_supports_avx2 ())
550 vec_foreach (ptd, imbm->per_thread_data)
552 ptd->mgr = alloc_mb_mgr (0);
553 init_mb_mgr_avx2 (ptd->mgr);
554 INIT_IPSEC_MB_GCM_PRE (avx_gen2);
559 vec_foreach (ptd, imbm->per_thread_data)
561 ptd->mgr = alloc_mb_mgr (0);
562 init_mb_mgr_sse (ptd->mgr);
563 INIT_IPSEC_MB_GCM_PRE (sse);
567 if (clib_cpu_supports_x86_aes () && (error = crypto_ipsecmb_iv_init (imbm)))
572 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_HMAC, \
573 ipsecmb_ops_hmac_##a); \
575 foreach_ipsecmb_hmac_op;
577 #define _(a, b, c, d) \
578 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
579 ipsecmb_ops_cbc_cipher_enc_##a); \
581 foreach_ipsecmb_cbc_cipher_op;
583 #define _(a, b, c, d) \
584 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
585 ipsecmb_ops_cbc_cipher_dec_##a); \
587 foreach_ipsecmb_cbc_cipher_op;
589 #define _(a, b, c, d) \
590 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
591 ipsecmb_ops_gcm_cipher_enc_##a); \
593 foreach_ipsecmb_gcm_cipher_op;
595 #define _(a, b, c, d) \
596 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
597 ipsecmb_ops_gcm_cipher_dec_##a); \
599 foreach_ipsecmb_gcm_cipher_op;
605 VLIB_INIT_FUNCTION (crypto_ipsecmb_init);
608 VLIB_PLUGIN_REGISTER () =
610 .version = VPP_BUILD_VER,
611 .description = "Intel IPSEC multi-buffer",
616 * fd.io coding-style-patch-verification: ON
619 * eval: (c-set-style "gnu")