2 * Copyright (c) 2016 Intel and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #ifndef __DPDK_ESP_H__
16 #define __DPDK_ESP_H__
18 #include <dpdk/ipsec/ipsec.h>
19 #include <vnet/ipsec/ipsec.h>
20 #include <vnet/ipsec/esp.h>
24 enum rte_crypto_cipher_algorithm algo;
27 } dpdk_esp_crypto_alg_t;
31 enum rte_crypto_auth_algorithm algo;
33 } dpdk_esp_integ_alg_t;
37 dpdk_esp_crypto_alg_t *esp_crypto_algs;
38 dpdk_esp_integ_alg_t *esp_integ_algs;
41 dpdk_esp_main_t dpdk_esp_main;
43 static_always_inline void
46 dpdk_esp_main_t *em = &dpdk_esp_main;
47 dpdk_esp_integ_alg_t *i;
48 dpdk_esp_crypto_alg_t *c;
50 vec_validate (em->esp_crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
52 c = &em->esp_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128];
53 c->algo = RTE_CRYPTO_CIPHER_AES_CBC;
57 c = &em->esp_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_192];
58 c->algo = RTE_CRYPTO_CIPHER_AES_CBC;
62 c = &em->esp_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_256];
63 c->algo = RTE_CRYPTO_CIPHER_AES_CBC;
67 c = &em->esp_crypto_algs[IPSEC_CRYPTO_ALG_AES_GCM_128];
68 c->algo = RTE_CRYPTO_CIPHER_AES_GCM;
72 vec_validate (em->esp_integ_algs, IPSEC_INTEG_N_ALG - 1);
74 i = &em->esp_integ_algs[IPSEC_INTEG_ALG_SHA1_96];
75 i->algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
78 i = &em->esp_integ_algs[IPSEC_INTEG_ALG_SHA_256_96];
79 i->algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
82 i = &em->esp_integ_algs[IPSEC_INTEG_ALG_SHA_256_128];
83 i->algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
86 i = &em->esp_integ_algs[IPSEC_INTEG_ALG_SHA_384_192];
87 i->algo = RTE_CRYPTO_AUTH_SHA384_HMAC;
90 i = &em->esp_integ_algs[IPSEC_INTEG_ALG_SHA_512_256];
91 i->algo = RTE_CRYPTO_AUTH_SHA512_HMAC;
94 i = &em->esp_integ_algs[IPSEC_INTEG_ALG_AES_GCM_128];
95 i->algo = RTE_CRYPTO_AUTH_AES_GCM;
99 static_always_inline int
100 translate_crypto_algo (ipsec_crypto_alg_t crypto_algo,
101 struct rte_crypto_sym_xform *cipher_xform)
105 case IPSEC_CRYPTO_ALG_NONE:
106 cipher_xform->cipher.algo = RTE_CRYPTO_CIPHER_NULL;
108 case IPSEC_CRYPTO_ALG_AES_CBC_128:
109 case IPSEC_CRYPTO_ALG_AES_CBC_192:
110 case IPSEC_CRYPTO_ALG_AES_CBC_256:
111 cipher_xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
113 case IPSEC_CRYPTO_ALG_AES_GCM_128:
114 cipher_xform->cipher.algo = RTE_CRYPTO_CIPHER_AES_GCM;
120 cipher_xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
125 static_always_inline int
126 translate_integ_algo (ipsec_integ_alg_t integ_alg,
127 struct rte_crypto_sym_xform *auth_xform, int use_esn)
131 case IPSEC_INTEG_ALG_NONE:
132 auth_xform->auth.algo = RTE_CRYPTO_AUTH_NULL;
133 auth_xform->auth.digest_length = 0;
135 case IPSEC_INTEG_ALG_SHA1_96:
136 auth_xform->auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
137 auth_xform->auth.digest_length = 12;
139 case IPSEC_INTEG_ALG_SHA_256_96:
140 auth_xform->auth.algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
141 auth_xform->auth.digest_length = 12;
143 case IPSEC_INTEG_ALG_SHA_256_128:
144 auth_xform->auth.algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
145 auth_xform->auth.digest_length = 16;
147 case IPSEC_INTEG_ALG_SHA_384_192:
148 auth_xform->auth.algo = RTE_CRYPTO_AUTH_SHA384_HMAC;
149 auth_xform->auth.digest_length = 24;
151 case IPSEC_INTEG_ALG_SHA_512_256:
152 auth_xform->auth.algo = RTE_CRYPTO_AUTH_SHA512_HMAC;
153 auth_xform->auth.digest_length = 32;
155 case IPSEC_INTEG_ALG_AES_GCM_128:
156 auth_xform->auth.algo = RTE_CRYPTO_AUTH_AES_GCM;
157 auth_xform->auth.digest_length = 16;
158 auth_xform->auth.add_auth_data_length = use_esn ? 12 : 8;
164 auth_xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
169 static_always_inline int
170 create_sym_sess (ipsec_sa_t * sa, crypto_sa_session_t * sa_sess,
173 u32 thread_index = vlib_get_thread_index ();
174 dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
175 crypto_worker_main_t *cwm = &dcm->workers_main[thread_index];
176 struct rte_crypto_sym_xform cipher_xform = { 0 };
177 struct rte_crypto_sym_xform auth_xform = { 0 };
178 struct rte_crypto_sym_xform *xfs;
179 uword key = 0, *data;
180 crypto_worker_qp_key_t *p_key = (crypto_worker_qp_key_t *) & key;
182 if (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128)
184 sa->crypto_key_len -= 4;
185 clib_memcpy (&sa->salt, &sa->crypto_key[sa->crypto_key_len], 4);
189 u32 seed = (u32) clib_cpu_time_now ();
190 sa->salt = random_u32 (&seed);
193 cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
194 cipher_xform.cipher.key.data = sa->crypto_key;
195 cipher_xform.cipher.key.length = sa->crypto_key_len;
197 auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
198 auth_xform.auth.key.data = sa->integ_key;
199 auth_xform.auth.key.length = sa->integ_key_len;
201 if (translate_crypto_algo (sa->crypto_alg, &cipher_xform) < 0)
203 p_key->cipher_algo = cipher_xform.cipher.algo;
205 if (translate_integ_algo (sa->integ_alg, &auth_xform, sa->use_esn) < 0)
207 p_key->auth_algo = auth_xform.auth.algo;
211 cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
212 auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
213 cipher_xform.next = &auth_xform;
218 cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
219 auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
220 auth_xform.next = &cipher_xform;
224 p_key->is_outbound = is_outbound;
226 data = hash_get (cwm->algo_qp_map, key);
231 rte_cryptodev_sym_session_create (cwm->qp_data[*data].dev_id, xfs);
236 sa_sess->qp_index = (u8) * data;
241 #endif /* __DPDK_ESP_H__ */
244 * fd.io coding-style-patch-verification: ON
247 * eval: (c-set-style "gnu")