2 * ipsecmb.c - Intel IPSec Multi-buffer library Crypto Engine
4 * Copyright (c) 2019 Cisco Systemss
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 #include <intel-ipsec-mb.h>
22 #include <vnet/vnet.h>
23 #include <vnet/plugin/plugin.h>
24 #include <vpp/app/version.h>
25 #include <vnet/crypto/crypto.h>
26 #include <vppinfra/cpu.h>
28 #define HMAC_MAX_BLOCK_SIZE IMB_SHA_512_BLOCK_SIZE
29 #define EXPANDED_KEY_N_BYTES (16 * 15)
33 CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
35 #if IMB_VERSION_NUM >= IMB_VERSION(1, 3, 0)
36 IMB_JOB burst_jobs[IMB_MAX_BURST_SIZE];
38 } ipsecmb_per_thread_data_t;
44 aes_gcm_pre_t aes_gcm_pre;
46 hash_one_block_t hash_one_block;
50 typedef struct ipsecmb_main_t_
52 ipsecmb_per_thread_data_t *per_thread_data;
53 ipsecmb_alg_data_t alg_data[VNET_CRYPTO_N_ALGS];
59 u8 enc_key_exp[EXPANDED_KEY_N_BYTES];
60 u8 dec_key_exp[EXPANDED_KEY_N_BYTES];
61 } ipsecmb_aes_key_data_t;
63 static ipsecmb_main_t ipsecmb_main = { };
65 /* clang-format off */
67 * (Alg, JOB_HASH_ALG, fn, block-size-bytes, hash-size-bytes, digest-size-bytes)
69 #define foreach_ipsecmb_hmac_op \
70 _(SHA1, SHA_1, sha1, 64, 20, 20) \
71 _(SHA224, SHA_224, sha224, 64, 32, 28) \
72 _(SHA256, SHA_256, sha256, 64, 32, 32) \
73 _(SHA384, SHA_384, sha384, 128, 64, 48) \
74 _(SHA512, SHA_512, sha512, 128, 64, 64)
77 * (Alg, key-len-bits, JOB_CIPHER_MODE)
79 #define foreach_ipsecmb_cipher_op \
80 _ (AES_128_CBC, 128, CBC) \
81 _ (AES_192_CBC, 192, CBC) \
82 _ (AES_256_CBC, 256, CBC) \
83 _ (AES_128_CTR, 128, CNTR) \
84 _ (AES_192_CTR, 192, CNTR) \
85 _ (AES_256_CTR, 256, CNTR)
88 * (Alg, key-len-bytes, iv-len-bytes)
90 #define foreach_ipsecmb_gcm_cipher_op \
95 static_always_inline vnet_crypto_op_status_t
96 ipsecmb_status_job (IMB_STATUS status)
100 case IMB_STATUS_COMPLETED:
101 return VNET_CRYPTO_OP_STATUS_COMPLETED;
102 case IMB_STATUS_BEING_PROCESSED:
103 case IMB_STATUS_COMPLETED_CIPHER:
104 case IMB_STATUS_COMPLETED_AUTH:
105 return VNET_CRYPTO_OP_STATUS_WORK_IN_PROGRESS;
106 case IMB_STATUS_INVALID_ARGS:
107 case IMB_STATUS_INTERNAL_ERROR:
108 case IMB_STATUS_ERROR:
109 return VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR;
112 return VNET_CRYPTO_OP_STATUS_FAIL_ENGINE_ERR;
116 ipsecmb_retire_hmac_job (IMB_JOB *job, u32 *n_fail, u32 digest_size)
118 vnet_crypto_op_t *op = job->user_data;
119 u32 len = op->digest_len ? op->digest_len : digest_size;
121 if (PREDICT_FALSE (IMB_STATUS_COMPLETED != job->status))
123 op->status = ipsecmb_status_job (job->status);
124 *n_fail = *n_fail + 1;
128 if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
130 if ((memcmp (op->digest, job->auth_tag_output, len)))
132 *n_fail = *n_fail + 1;
133 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
137 else if (len == digest_size)
138 clib_memcpy_fast (op->digest, job->auth_tag_output, digest_size);
140 clib_memcpy_fast (op->digest, job->auth_tag_output, len);
142 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
145 #if IMB_VERSION_NUM >= IMB_VERSION(1, 3, 0)
146 static_always_inline u32
147 ipsecmb_ops_hmac_inline (vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops,
148 u32 block_size, u32 hash_size, u32 digest_size,
151 ipsecmb_main_t *imbm = &ipsecmb_main;
152 ipsecmb_per_thread_data_t *ptd =
153 vec_elt_at_index (imbm->per_thread_data, vm->thread_index);
155 u32 i, n_fail = 0, ops_index = 0;
156 u8 scratch[n_ops][digest_size];
158 (n_ops > IMB_MAX_BURST_SIZE) ? IMB_MAX_BURST_SIZE : n_ops;
162 const u32 n = (n_ops > burst_sz) ? burst_sz : n_ops;
164 * configure all the jobs first ...
166 for (i = 0; i < n; i++, ops_index++)
168 vnet_crypto_op_t *op = ops[ops_index];
169 const u8 *kd = (u8 *) imbm->key_data[op->key_index];
171 job = &ptd->burst_jobs[i];
174 job->hash_start_src_offset_in_bytes = 0;
175 job->msg_len_to_hash_in_bytes = op->len;
176 job->auth_tag_output_len_in_bytes = digest_size;
177 job->auth_tag_output = scratch[ops_index];
179 job->u.HMAC._hashed_auth_key_xor_ipad = kd;
180 job->u.HMAC._hashed_auth_key_xor_opad = kd + hash_size;
185 * submit all jobs to be processed and retire completed jobs
187 IMB_SUBMIT_HASH_BURST_NOCHECK (ptd->mgr, ptd->burst_jobs, n, alg);
189 for (i = 0; i < n; i++)
191 job = &ptd->burst_jobs[i];
192 ipsecmb_retire_hmac_job (job, &n_fail, digest_size);
198 return ops_index - n_fail;
201 static_always_inline u32
202 ipsecmb_ops_hmac_inline (vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops,
203 u32 block_size, u32 hash_size, u32 digest_size,
206 ipsecmb_main_t *imbm = &ipsecmb_main;
207 ipsecmb_per_thread_data_t *ptd =
208 vec_elt_at_index (imbm->per_thread_data, vm->thread_index);
211 u8 scratch[n_ops][digest_size];
214 * queue all the jobs first ...
216 for (i = 0; i < n_ops; i++)
218 vnet_crypto_op_t *op = ops[i];
219 u8 *kd = (u8 *) imbm->key_data[op->key_index];
221 job = IMB_GET_NEXT_JOB (ptd->mgr);
224 job->hash_start_src_offset_in_bytes = 0;
225 job->msg_len_to_hash_in_bytes = op->len;
227 job->auth_tag_output_len_in_bytes = digest_size;
228 job->auth_tag_output = scratch[i];
230 job->cipher_mode = IMB_CIPHER_NULL;
231 job->cipher_direction = IMB_DIR_DECRYPT;
232 job->chain_order = IMB_ORDER_HASH_CIPHER;
234 job->u.HMAC._hashed_auth_key_xor_ipad = kd;
235 job->u.HMAC._hashed_auth_key_xor_opad = kd + hash_size;
238 job = IMB_SUBMIT_JOB (ptd->mgr);
241 ipsecmb_retire_hmac_job (job, &n_fail, digest_size);
244 while ((job = IMB_FLUSH_JOB (ptd->mgr)))
245 ipsecmb_retire_hmac_job (job, &n_fail, digest_size);
247 return n_ops - n_fail;
251 /* clang-format off */
252 #define _(a, b, c, d, e, f) \
253 static_always_inline u32 \
254 ipsecmb_ops_hmac_##a (vlib_main_t * vm, \
255 vnet_crypto_op_t * ops[], \
257 { return ipsecmb_ops_hmac_inline (vm, ops, n_ops, d, e, f, \
258 IMB_AUTH_HMAC_##b); } \
260 foreach_ipsecmb_hmac_op;
262 /* clang-format on */
265 ipsecmb_retire_cipher_job (IMB_JOB *job, u32 *n_fail)
267 vnet_crypto_op_t *op = job->user_data;
269 if (PREDICT_FALSE (IMB_STATUS_COMPLETED != job->status))
271 op->status = ipsecmb_status_job (job->status);
272 *n_fail = *n_fail + 1;
275 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
278 #if IMB_VERSION_NUM >= IMB_VERSION(1, 3, 0)
279 static_always_inline u32
280 ipsecmb_ops_aes_cipher_inline (vlib_main_t *vm, vnet_crypto_op_t *ops[],
281 u32 n_ops, u32 key_len,
282 IMB_CIPHER_DIRECTION direction,
283 IMB_CIPHER_MODE cipher_mode)
285 ipsecmb_main_t *imbm = &ipsecmb_main;
286 ipsecmb_per_thread_data_t *ptd =
287 vec_elt_at_index (imbm->per_thread_data, vm->thread_index);
289 u32 i, n_fail = 0, ops_index = 0;
291 (n_ops > IMB_MAX_BURST_SIZE) ? IMB_MAX_BURST_SIZE : n_ops;
295 const u32 n = (n_ops > burst_sz) ? burst_sz : n_ops;
297 for (i = 0; i < n; i++)
299 ipsecmb_aes_key_data_t *kd;
300 vnet_crypto_op_t *op = ops[ops_index++];
301 kd = (ipsecmb_aes_key_data_t *) imbm->key_data[op->key_index];
303 job = &ptd->burst_jobs[i];
307 job->msg_len_to_cipher_in_bytes = op->len;
308 job->cipher_start_src_offset_in_bytes = 0;
310 job->hash_alg = IMB_AUTH_NULL;
312 job->enc_keys = kd->enc_key_exp;
313 job->dec_keys = kd->dec_key_exp;
315 job->iv_len_in_bytes = IMB_AES_BLOCK_SIZE;
320 IMB_SUBMIT_CIPHER_BURST_NOCHECK (ptd->mgr, ptd->burst_jobs, n,
321 cipher_mode, direction, key_len / 8);
322 for (i = 0; i < n; i++)
324 job = &ptd->burst_jobs[i];
325 ipsecmb_retire_cipher_job (job, &n_fail);
331 return ops_index - n_fail;
334 static_always_inline u32
335 ipsecmb_ops_aes_cipher_inline (vlib_main_t *vm, vnet_crypto_op_t *ops[],
336 u32 n_ops, u32 key_len,
337 JOB_CIPHER_DIRECTION direction,
338 JOB_CIPHER_MODE cipher_mode)
340 ipsecmb_main_t *imbm = &ipsecmb_main;
341 ipsecmb_per_thread_data_t *ptd =
342 vec_elt_at_index (imbm->per_thread_data, vm->thread_index);
346 for (i = 0; i < n_ops; i++)
348 ipsecmb_aes_key_data_t *kd;
349 vnet_crypto_op_t *op = ops[i];
350 kd = (ipsecmb_aes_key_data_t *) imbm->key_data[op->key_index];
352 job = IMB_GET_NEXT_JOB (ptd->mgr);
356 job->msg_len_to_cipher_in_bytes = op->len;
357 job->cipher_start_src_offset_in_bytes = 0;
359 job->hash_alg = IMB_AUTH_NULL;
360 job->cipher_mode = cipher_mode;
361 job->cipher_direction = direction;
363 (direction == IMB_DIR_ENCRYPT ? IMB_ORDER_CIPHER_HASH :
364 IMB_ORDER_HASH_CIPHER);
366 job->aes_key_len_in_bytes = key_len / 8;
367 job->enc_keys = kd->enc_key_exp;
368 job->dec_keys = kd->dec_key_exp;
370 job->iv_len_in_bytes = IMB_AES_BLOCK_SIZE;
374 job = IMB_SUBMIT_JOB (ptd->mgr);
377 ipsecmb_retire_cipher_job (job, &n_fail);
380 while ((job = IMB_FLUSH_JOB (ptd->mgr)))
381 ipsecmb_retire_cipher_job (job, &n_fail);
383 return n_ops - n_fail;
387 /* clang-format off */
389 static_always_inline u32 ipsecmb_ops_cipher_enc_##a ( \
390 vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops) \
392 return ipsecmb_ops_aes_cipher_inline ( \
393 vm, ops, n_ops, b, IMB_DIR_ENCRYPT, IMB_CIPHER_##c); \
396 static_always_inline u32 ipsecmb_ops_cipher_dec_##a ( \
397 vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops) \
399 return ipsecmb_ops_aes_cipher_inline ( \
400 vm, ops, n_ops, b, IMB_DIR_DECRYPT, IMB_CIPHER_##c); \
403 foreach_ipsecmb_cipher_op;
407 static_always_inline u32 \
408 ipsecmb_ops_gcm_cipher_enc_##a##_chained (vlib_main_t * vm, \
409 vnet_crypto_op_t * ops[], vnet_crypto_op_chunk_t *chunks, u32 n_ops) \
411 ipsecmb_main_t *imbm = &ipsecmb_main; \
412 ipsecmb_per_thread_data_t *ptd = vec_elt_at_index (imbm->per_thread_data, \
414 IMB_MGR *m = ptd->mgr; \
415 vnet_crypto_op_chunk_t *chp; \
418 for (i = 0; i < n_ops; i++) \
420 struct gcm_key_data *kd; \
421 struct gcm_context_data ctx; \
422 vnet_crypto_op_t *op = ops[i]; \
424 kd = (struct gcm_key_data *) imbm->key_data[op->key_index]; \
425 ASSERT (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS); \
426 IMB_AES##b##_GCM_INIT(m, kd, &ctx, op->iv, op->aad, op->aad_len); \
427 chp = chunks + op->chunk_index; \
428 for (j = 0; j < op->n_chunks; j++) \
430 IMB_AES##b##_GCM_ENC_UPDATE (m, kd, &ctx, chp->dst, chp->src, \
434 IMB_AES##b##_GCM_ENC_FINALIZE(m, kd, &ctx, op->tag, op->tag_len); \
436 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; \
442 static_always_inline u32 \
443 ipsecmb_ops_gcm_cipher_enc_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], \
446 ipsecmb_main_t *imbm = &ipsecmb_main; \
447 ipsecmb_per_thread_data_t *ptd = vec_elt_at_index (imbm->per_thread_data, \
449 IMB_MGR *m = ptd->mgr; \
452 for (i = 0; i < n_ops; i++) \
454 struct gcm_key_data *kd; \
455 struct gcm_context_data ctx; \
456 vnet_crypto_op_t *op = ops[i]; \
458 kd = (struct gcm_key_data *) imbm->key_data[op->key_index]; \
459 IMB_AES##b##_GCM_ENC (m, kd, &ctx, op->dst, op->src, op->len, op->iv, \
460 op->aad, op->aad_len, op->tag, op->tag_len); \
462 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; \
468 static_always_inline u32 \
469 ipsecmb_ops_gcm_cipher_dec_##a##_chained (vlib_main_t * vm, \
470 vnet_crypto_op_t * ops[], vnet_crypto_op_chunk_t *chunks, u32 n_ops) \
472 ipsecmb_main_t *imbm = &ipsecmb_main; \
473 ipsecmb_per_thread_data_t *ptd = vec_elt_at_index (imbm->per_thread_data, \
475 IMB_MGR *m = ptd->mgr; \
476 vnet_crypto_op_chunk_t *chp; \
477 u32 i, j, n_failed = 0; \
479 for (i = 0; i < n_ops; i++) \
481 struct gcm_key_data *kd; \
482 struct gcm_context_data ctx; \
483 vnet_crypto_op_t *op = ops[i]; \
486 kd = (struct gcm_key_data *) imbm->key_data[op->key_index]; \
487 ASSERT (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS); \
488 IMB_AES##b##_GCM_INIT(m, kd, &ctx, op->iv, op->aad, op->aad_len); \
489 chp = chunks + op->chunk_index; \
490 for (j = 0; j < op->n_chunks; j++) \
492 IMB_AES##b##_GCM_DEC_UPDATE (m, kd, &ctx, chp->dst, chp->src, \
496 IMB_AES##b##_GCM_DEC_FINALIZE(m, kd, &ctx, scratch, op->tag_len); \
498 if ((memcmp (op->tag, scratch, op->tag_len))) \
500 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC; \
504 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; \
507 return n_ops - n_failed; \
510 static_always_inline u32 \
511 ipsecmb_ops_gcm_cipher_dec_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], \
514 ipsecmb_main_t *imbm = &ipsecmb_main; \
515 ipsecmb_per_thread_data_t *ptd = vec_elt_at_index (imbm->per_thread_data, \
517 IMB_MGR *m = ptd->mgr; \
518 u32 i, n_failed = 0; \
520 for (i = 0; i < n_ops; i++) \
522 struct gcm_key_data *kd; \
523 struct gcm_context_data ctx; \
524 vnet_crypto_op_t *op = ops[i]; \
527 kd = (struct gcm_key_data *) imbm->key_data[op->key_index]; \
528 IMB_AES##b##_GCM_DEC (m, kd, &ctx, op->dst, op->src, op->len, op->iv, \
529 op->aad, op->aad_len, scratch, op->tag_len); \
531 if ((memcmp (op->tag, scratch, op->tag_len))) \
533 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC; \
537 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; \
540 return n_ops - n_failed; \
542 /* clang-format on */
543 foreach_ipsecmb_gcm_cipher_op;
546 #ifdef HAVE_IPSECMB_CHACHA_POLY
548 ipsecmb_retire_aead_job (IMB_JOB *job, u32 *n_fail)
550 vnet_crypto_op_t *op = job->user_data;
551 u32 len = op->tag_len;
553 if (PREDICT_FALSE (IMB_STATUS_COMPLETED != job->status))
555 op->status = ipsecmb_status_job (job->status);
556 *n_fail = *n_fail + 1;
560 if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
562 if (memcmp (op->tag, job->auth_tag_output, len))
564 *n_fail = *n_fail + 1;
565 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
570 clib_memcpy_fast (op->tag, job->auth_tag_output, len);
572 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
575 static_always_inline u32
576 ipsecmb_ops_chacha_poly (vlib_main_t *vm, vnet_crypto_op_t *ops[], u32 n_ops,
577 IMB_CIPHER_DIRECTION dir)
579 ipsecmb_main_t *imbm = &ipsecmb_main;
580 ipsecmb_per_thread_data_t *ptd =
581 vec_elt_at_index (imbm->per_thread_data, vm->thread_index);
583 IMB_MGR *m = ptd->mgr;
584 u32 i, n_fail = 0, last_key_index = ~0;
585 u8 scratch[VLIB_FRAME_SIZE][16];
588 for (i = 0; i < n_ops; i++)
590 vnet_crypto_op_t *op = ops[i];
592 job = IMB_GET_NEXT_JOB (m);
593 if (last_key_index != op->key_index)
595 vnet_crypto_key_t *kd = vnet_crypto_get_key (op->key_index);
598 last_key_index = op->key_index;
601 job->cipher_direction = dir;
602 job->chain_order = IMB_ORDER_HASH_CIPHER;
603 job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305;
604 job->hash_alg = IMB_AUTH_CHACHA20_POLY1305;
605 job->enc_keys = job->dec_keys = key;
606 job->key_len_in_bytes = 32;
608 job->u.CHACHA20_POLY1305.aad = op->aad;
609 job->u.CHACHA20_POLY1305.aad_len_in_bytes = op->aad_len;
614 job->iv_len_in_bytes = 12;
615 job->msg_len_to_cipher_in_bytes = job->msg_len_to_hash_in_bytes =
617 job->cipher_start_src_offset_in_bytes =
618 job->hash_start_src_offset_in_bytes = 0;
620 job->auth_tag_output = scratch[i];
621 job->auth_tag_output_len_in_bytes = 16;
625 job = IMB_SUBMIT_JOB_NOCHECK (ptd->mgr);
627 ipsecmb_retire_aead_job (job, &n_fail);
632 while ((job = IMB_FLUSH_JOB (ptd->mgr)))
633 ipsecmb_retire_aead_job (job, &n_fail);
635 return n_ops - n_fail;
638 static_always_inline u32
639 ipsecmb_ops_chacha_poly_enc (vlib_main_t *vm, vnet_crypto_op_t *ops[],
642 return ipsecmb_ops_chacha_poly (vm, ops, n_ops, IMB_DIR_ENCRYPT);
645 static_always_inline u32
646 ipsecmb_ops_chacha_poly_dec (vlib_main_t *vm, vnet_crypto_op_t *ops[],
649 return ipsecmb_ops_chacha_poly (vm, ops, n_ops, IMB_DIR_DECRYPT);
652 static_always_inline u32
653 ipsecmb_ops_chacha_poly_chained (vlib_main_t *vm, vnet_crypto_op_t *ops[],
654 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
655 IMB_CIPHER_DIRECTION dir)
657 ipsecmb_main_t *imbm = &ipsecmb_main;
658 ipsecmb_per_thread_data_t *ptd =
659 vec_elt_at_index (imbm->per_thread_data, vm->thread_index);
660 IMB_MGR *m = ptd->mgr;
661 u32 i, n_fail = 0, last_key_index = ~0;
664 if (dir == IMB_DIR_ENCRYPT)
666 for (i = 0; i < n_ops; i++)
668 vnet_crypto_op_t *op = ops[i];
669 struct chacha20_poly1305_context_data ctx;
670 vnet_crypto_op_chunk_t *chp;
673 ASSERT (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS);
675 if (last_key_index != op->key_index)
677 vnet_crypto_key_t *kd = vnet_crypto_get_key (op->key_index);
680 last_key_index = op->key_index;
683 IMB_CHACHA20_POLY1305_INIT (m, key, &ctx, op->iv, op->aad,
686 chp = chunks + op->chunk_index;
687 for (j = 0; j < op->n_chunks; j++)
689 IMB_CHACHA20_POLY1305_ENC_UPDATE (m, key, &ctx, chp->dst,
694 IMB_CHACHA20_POLY1305_ENC_FINALIZE (m, &ctx, op->tag, op->tag_len);
696 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
699 else /* dir == IMB_DIR_DECRYPT */
701 for (i = 0; i < n_ops; i++)
703 vnet_crypto_op_t *op = ops[i];
704 struct chacha20_poly1305_context_data ctx;
705 vnet_crypto_op_chunk_t *chp;
709 ASSERT (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS);
711 if (last_key_index != op->key_index)
713 vnet_crypto_key_t *kd = vnet_crypto_get_key (op->key_index);
716 last_key_index = op->key_index;
719 IMB_CHACHA20_POLY1305_INIT (m, key, &ctx, op->iv, op->aad,
722 chp = chunks + op->chunk_index;
723 for (j = 0; j < op->n_chunks; j++)
725 IMB_CHACHA20_POLY1305_DEC_UPDATE (m, key, &ctx, chp->dst,
730 IMB_CHACHA20_POLY1305_DEC_FINALIZE (m, &ctx, scratch, op->tag_len);
732 if (memcmp (op->tag, scratch, op->tag_len))
735 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
738 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
742 return n_ops - n_fail;
745 static_always_inline u32
746 ipsec_mb_ops_chacha_poly_enc_chained (vlib_main_t *vm, vnet_crypto_op_t *ops[],
747 vnet_crypto_op_chunk_t *chunks,
750 return ipsecmb_ops_chacha_poly_chained (vm, ops, chunks, n_ops,
754 static_always_inline u32
755 ipsec_mb_ops_chacha_poly_dec_chained (vlib_main_t *vm, vnet_crypto_op_t *ops[],
756 vnet_crypto_op_chunk_t *chunks,
759 return ipsecmb_ops_chacha_poly_chained (vm, ops, chunks, n_ops,
765 crypto_ipsecmb_key_handler (vlib_main_t * vm, vnet_crypto_key_op_t kop,
766 vnet_crypto_key_index_t idx)
768 ipsecmb_main_t *imbm = &ipsecmb_main;
769 vnet_crypto_key_t *key = vnet_crypto_get_key (idx);
770 ipsecmb_alg_data_t *ad = imbm->alg_data + key->alg;
774 /** TODO: add linked alg support **/
775 if (key->type == VNET_CRYPTO_KEY_TYPE_LINK)
778 if (kop == VNET_CRYPTO_KEY_OP_DEL)
780 if (idx >= vec_len (imbm->key_data))
783 if (imbm->key_data[idx] == 0)
786 clib_mem_free_s (imbm->key_data[idx]);
787 imbm->key_data[idx] = 0;
791 if (ad->data_size == 0)
794 vec_validate_aligned (imbm->key_data, idx, CLIB_CACHE_LINE_BYTES);
796 if (kop == VNET_CRYPTO_KEY_OP_MODIFY && imbm->key_data[idx])
798 clib_mem_free_s (imbm->key_data[idx]);
801 kd = imbm->key_data[idx] = clib_mem_alloc_aligned (ad->data_size,
802 CLIB_CACHE_LINE_BYTES);
804 /* AES CBC key expansion */
807 ad->keyexp (key->data, ((ipsecmb_aes_key_data_t *) kd)->enc_key_exp,
808 ((ipsecmb_aes_key_data_t *) kd)->dec_key_exp);
815 ad->aes_gcm_pre (key->data, (struct gcm_key_data *) kd);
820 if (ad->hash_one_block)
822 const int block_qw = HMAC_MAX_BLOCK_SIZE / sizeof (u64);
823 u64 pad[block_qw], key_hash[block_qw];
825 clib_memset_u8 (key_hash, 0, HMAC_MAX_BLOCK_SIZE);
826 if (vec_len (key->data) <= ad->block_size)
827 clib_memcpy_fast (key_hash, key->data, vec_len (key->data));
829 ad->hash_fn (key->data, vec_len (key->data), key_hash);
831 for (i = 0; i < block_qw; i++)
832 pad[i] = key_hash[i] ^ 0x3636363636363636;
833 ad->hash_one_block (pad, kd);
835 for (i = 0; i < block_qw; i++)
836 pad[i] = key_hash[i] ^ 0x5c5c5c5c5c5c5c5c;
837 ad->hash_one_block (pad, ((u8 *) kd) + (ad->data_size / 2));
843 static clib_error_t *
844 crypto_ipsecmb_init (vlib_main_t * vm)
846 ipsecmb_main_t *imbm = &ipsecmb_main;
847 ipsecmb_alg_data_t *ad;
848 ipsecmb_per_thread_data_t *ptd;
849 vlib_thread_main_t *tm = vlib_get_thread_main ();
854 if (!clib_cpu_supports_aes ())
858 * A priority that is better than OpenSSL but worse than VPP natvie
860 name = format (0, "Intel(R) Multi-Buffer Crypto for IPsec Library %s%c",
862 eidx = vnet_crypto_register_engine (vm, "ipsecmb", 80, (char *) name);
864 vec_validate_aligned (imbm->per_thread_data, tm->n_vlib_mains - 1,
865 CLIB_CACHE_LINE_BYTES);
868 vec_foreach (ptd, imbm->per_thread_data)
870 ptd->mgr = alloc_mb_mgr (0);
871 #if IMB_VERSION_NUM >= IMB_VERSION(1, 3, 0)
872 clib_memset_u8 (ptd->burst_jobs, 0,
873 sizeof (IMB_JOB) * IMB_MAX_BURST_SIZE);
875 if (clib_cpu_supports_avx512f ())
876 init_mb_mgr_avx512 (ptd->mgr);
877 else if (clib_cpu_supports_avx2 () && clib_cpu_supports_bmi2 ())
878 init_mb_mgr_avx2 (ptd->mgr);
880 init_mb_mgr_sse (ptd->mgr);
882 if (ptd == imbm->per_thread_data)
887 #define _(a, b, c, d, e, f) \
888 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_HMAC, \
889 ipsecmb_ops_hmac_##a); \
890 ad = imbm->alg_data + VNET_CRYPTO_ALG_HMAC_##a; \
891 ad->block_size = d; \
892 ad->data_size = e * 2; \
893 ad->hash_one_block = m-> c##_one_block; \
894 ad->hash_fn = m-> c; \
896 foreach_ipsecmb_hmac_op;
899 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
900 ipsecmb_ops_cipher_enc_##a); \
901 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
902 ipsecmb_ops_cipher_dec_##a); \
903 ad = imbm->alg_data + VNET_CRYPTO_ALG_##a; \
904 ad->data_size = sizeof (ipsecmb_aes_key_data_t); \
905 ad->keyexp = m->keyexp_##b;
907 foreach_ipsecmb_cipher_op;
910 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
911 ipsecmb_ops_gcm_cipher_enc_##a); \
912 vnet_crypto_register_ops_handler (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
913 ipsecmb_ops_gcm_cipher_dec_##a); \
914 vnet_crypto_register_chained_ops_handler \
915 (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
916 ipsecmb_ops_gcm_cipher_enc_##a##_chained); \
917 vnet_crypto_register_chained_ops_handler \
918 (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
919 ipsecmb_ops_gcm_cipher_dec_##a##_chained); \
920 ad = imbm->alg_data + VNET_CRYPTO_ALG_##a; \
921 ad->data_size = sizeof (struct gcm_key_data); \
922 ad->aes_gcm_pre = m->gcm##b##_pre; \
924 foreach_ipsecmb_gcm_cipher_op;
927 #ifdef HAVE_IPSECMB_CHACHA_POLY
928 vnet_crypto_register_ops_handler (vm, eidx,
929 VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC,
930 ipsecmb_ops_chacha_poly_enc);
931 vnet_crypto_register_ops_handler (vm, eidx,
932 VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC,
933 ipsecmb_ops_chacha_poly_dec);
934 vnet_crypto_register_chained_ops_handler (
935 vm, eidx, VNET_CRYPTO_OP_CHACHA20_POLY1305_ENC,
936 ipsec_mb_ops_chacha_poly_enc_chained);
937 vnet_crypto_register_chained_ops_handler (
938 vm, eidx, VNET_CRYPTO_OP_CHACHA20_POLY1305_DEC,
939 ipsec_mb_ops_chacha_poly_dec_chained);
940 ad = imbm->alg_data + VNET_CRYPTO_ALG_CHACHA20_POLY1305;
944 vnet_crypto_register_key_handler (vm, eidx, crypto_ipsecmb_key_handler);
949 VLIB_INIT_FUNCTION (crypto_ipsecmb_init) =
951 .runs_after = VLIB_INITS ("vnet_crypto_init"),
956 VLIB_PLUGIN_REGISTER () =
958 .version = VPP_BUILD_VER,
959 .description = "Intel IPSEC Multi-buffer Crypto Engine",
964 * fd.io coding-style-patch-verification: ON
967 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob