2 *------------------------------------------------------------------
3 * Copyright (c) 2019 - 2021 Intel and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *------------------------------------------------------------------
17 #ifndef included_cryptodev_h
18 #define included_cryptodev_h
20 #include <vnet/crypto/crypto.h>
22 #include <rte_cryptodev.h>
24 #define CRYPTODEV_NB_CRYPTO_OPS 1024
25 #define CRYPTODEV_CACHE_QUEUE_SIZE VNET_CRYPTO_FRAME_POOL_SIZE
26 #define CRYPTODEV_CACHE_QUEUE_MASK (VNET_CRYPTO_FRAME_POOL_SIZE - 1)
27 #define CRYPTODEV_MAX_INFLIGHT (CRYPTODEV_NB_CRYPTO_OPS - 1)
28 #define CRYPTODEV_AAD_MASK (CRYPTODEV_NB_CRYPTO_OPS - 1)
29 #define CRYPTODEV_DEQ_CACHE_SZ 32
30 #define CRYPTODEV_NB_SESSION 10240
31 #define CRYPTODEV_MAX_IV_SIZE 16
32 #define CRYPTODEV_MAX_AAD_SIZE 16
33 #define CRYPTODEV_MAX_N_SGL 8 /**< maximum number of segments */
35 #define CRYPTODEV_IV_OFFSET (offsetof (cryptodev_op_t, iv))
36 #define CRYPTODEV_AAD_OFFSET (offsetof (cryptodev_op_t, aad))
38 /* VNET_CRYPTO_ALGO, TYPE, DPDK_CRYPTO_ALGO, IV_LEN, TAG_LEN, AAD_LEN, KEY_LEN
40 #define foreach_vnet_aead_crypto_conversion \
41 _ (AES_128_GCM, AEAD, AES_GCM, 12, 16, 8, 16) \
42 _ (AES_128_GCM, AEAD, AES_GCM, 12, 16, 12, 16) \
43 _ (AES_192_GCM, AEAD, AES_GCM, 12, 16, 8, 24) \
44 _ (AES_192_GCM, AEAD, AES_GCM, 12, 16, 12, 24) \
45 _ (AES_256_GCM, AEAD, AES_GCM, 12, 16, 8, 32) \
46 _ (AES_256_GCM, AEAD, AES_GCM, 12, 16, 12, 32)
49 * crypto (alg, cryptodev_alg, key_size), hash (alg, digest-size)
51 #define foreach_cryptodev_link_async_alg \
52 _ (AES_128_CBC, AES_CBC, 16, MD5, 12) \
53 _ (AES_192_CBC, AES_CBC, 24, MD5, 12) \
54 _ (AES_256_CBC, AES_CBC, 32, MD5, 12) \
55 _ (AES_128_CBC, AES_CBC, 16, SHA1, 12) \
56 _ (AES_192_CBC, AES_CBC, 24, SHA1, 12) \
57 _ (AES_256_CBC, AES_CBC, 32, SHA1, 12) \
58 _ (AES_128_CBC, AES_CBC, 16, SHA224, 14) \
59 _ (AES_192_CBC, AES_CBC, 24, SHA224, 14) \
60 _ (AES_256_CBC, AES_CBC, 32, SHA224, 14) \
61 _ (AES_128_CBC, AES_CBC, 16, SHA256, 16) \
62 _ (AES_192_CBC, AES_CBC, 24, SHA256, 16) \
63 _ (AES_256_CBC, AES_CBC, 32, SHA256, 16) \
64 _ (AES_128_CBC, AES_CBC, 16, SHA384, 24) \
65 _ (AES_192_CBC, AES_CBC, 24, SHA384, 24) \
66 _ (AES_256_CBC, AES_CBC, 32, SHA384, 24) \
67 _ (AES_128_CBC, AES_CBC, 16, SHA512, 32) \
68 _ (AES_192_CBC, AES_CBC, 24, SHA512, 32) \
69 _ (AES_256_CBC, AES_CBC, 32, SHA512, 32)
73 CRYPTODEV_OP_TYPE_ENCRYPT = 0,
74 CRYPTODEV_OP_TYPE_DECRYPT,
76 } cryptodev_op_type_t;
78 /* Cryptodev session data, one data per direction per numa */
81 struct rte_cryptodev_sym_session ***keys;
84 /* Replicate DPDK rte_cryptodev_sym_capability structure with key size ranges
85 * in favor of vpp vector */
88 enum rte_crypto_sym_xform_type xform_type;
93 enum rte_crypto_auth_algorithm algo; /*auth algo */
94 u32 *digest_sizes; /* vector of auth digest sizes */
98 enum rte_crypto_cipher_algorithm algo; /* cipher algo */
99 u32 *key_sizes; /* vector of cipher key sizes */
103 enum rte_crypto_aead_algorithm algo; /* aead algo */
104 u32 *key_sizes; /*vector of aead key sizes */
105 u32 *aad_sizes; /*vector of aad sizes */
106 u32 *digest_sizes; /* vector of aead digest sizes */
109 } cryptodev_capability_t;
111 /* Cryptodev instance data */
121 struct rte_mempool *sess_pool;
122 struct rte_mempool *sess_priv_pool;
123 } cryptodev_numa_data_t;
127 CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
128 struct rte_crypto_op op;
129 struct rte_crypto_sym_op sop;
130 u8 iv[CRYPTODEV_MAX_IV_SIZE];
131 u8 aad[CRYPTODEV_MAX_AAD_SIZE];
132 vnet_crypto_async_frame_t *frame;
138 CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
139 vlib_buffer_t *b[VNET_CRYPTO_FRAME_SIZE];
144 cryptodev_op_t **cops;
145 struct rte_mempool *cop_pool;
146 struct rte_ring *ring;
150 struct rte_crypto_raw_dp_ctx *ctx;
151 struct rte_ring *cached_frame;
155 struct rte_cryptodev_sym_session *reset_sess;
161 } cryptodev_engine_thread_t;
165 cryptodev_numa_data_t *per_numa_data;
166 cryptodev_key_t *keys;
167 cryptodev_engine_thread_t *per_thread_data;
168 enum rte_iova_mode iova_mode;
169 cryptodev_inst_t *cryptodev_inst;
170 clib_bitmap_t *active_cdev_inst_mask;
171 clib_spinlock_t tlock;
172 cryptodev_capability_t *supported_caps;
176 extern cryptodev_main_t cryptodev_main;
178 static_always_inline void
179 cryptodev_mark_frame_err_status (vnet_crypto_async_frame_t *f,
180 vnet_crypto_op_status_t s)
182 u32 n_elts = f->n_elts, i;
184 for (i = 0; i < n_elts; i++)
185 f->elts[i].status = s;
186 f->state = VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED;
189 int cryptodev_session_create (vlib_main_t *vm, vnet_crypto_key_index_t idx,
192 void cryptodev_sess_handler (vlib_main_t *vm, vnet_crypto_key_op_t kop,
193 vnet_crypto_key_index_t idx, u32 aad_len);
195 int cryptodev_check_cap_support (struct rte_cryptodev_sym_capability_idx *idx,
196 u32 key_size, u32 digest_size, u32 aad_size);
198 clib_error_t *cryptodev_register_cop_hdl (vlib_main_t *vm, u32 eidx);
200 clib_error_t *__clib_weak cryptodev_register_raw_hdl (vlib_main_t *vm,
204 dpdk_cryptodev_init (vlib_main_t * vm);