drivers/crypto/qat/qat_sym.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(c) 2015-2018 Intel Corporation
   3  */
   4
   5 #ifndef _QAT_SYM_H_
   6 #define _QAT_SYM_H_
   7
   8 #include <rte_cryptodev_pmd.h>
   9
  10 #ifdef BUILD_QAT_SYM
  11 #include <openssl/evp.h>
  12
  13 #include "qat_common.h"
  14 #include "qat_sym_session.h"
  15 #include "qat_sym_pmd.h"
  16 #include "qat_logs.h"
  17
  18 #define BYTE_LENGTH    8
  19 /* bpi is only used for partial blocks of DES and AES
  20  * so AES block len can be assumed as max len for iv, src and dst
  21  */
  22 #define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ
  23
  24 /*
  25  * Maximum number of SGL entries
  26  */
  27 #define QAT_SYM_SGL_MAX_NUMBER  16
  28
  29 struct qat_sym_session;
  30
  31 struct qat_sym_sgl {
  32         qat_sgl_hdr;
  33         struct qat_flat_buf buffers[QAT_SYM_SGL_MAX_NUMBER];
  34 } __rte_packed __rte_cache_aligned;
  35
  36 struct qat_sym_op_cookie {
  37         struct qat_sym_sgl qat_sgl_src;
  38         struct qat_sym_sgl qat_sgl_dst;
  39         phys_addr_t qat_sgl_src_phys_addr;
  40         phys_addr_t qat_sgl_dst_phys_addr;
  41 };
  42
  43 int
  44 qat_sym_build_request(void *in_op, uint8_t *out_msg,
  45                 void *op_cookie, enum qat_device_gen qat_dev_gen);
  46
  47
  48 /** Encrypt a single partial block
  49  *  Depends on openssl libcrypto
  50  *  Uses ECB+XOR to do CFB encryption, same result, more performant
  51  */
  52 static inline int
  53 bpi_cipher_encrypt(uint8_t *src, uint8_t *dst,
  54                 uint8_t *iv, int ivlen, int srclen,
  55                 void *bpi_ctx)
  56 {
  57         EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx;
  58         int encrypted_ivlen;
  59         uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN];
  60         uint8_t *encr = encrypted_iv;
  61
  62         /* ECB method: encrypt the IV, then XOR this with plaintext */
  63         if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen)
  64                                                                 <= 0)
  65                 goto cipher_encrypt_err;
  66
  67         for (; srclen != 0; --srclen, ++dst, ++src, ++encr)
  68                 *dst = *src ^ *encr;
  69
  70         return 0;
  71
  72 cipher_encrypt_err:
  73         QAT_DP_LOG(ERR, "libcrypto ECB cipher encrypt failed");
  74         return -EINVAL;
  75 }
  76
  77 static inline uint32_t
  78 qat_bpicipher_postprocess(struct qat_sym_session *ctx,
  79                                 struct rte_crypto_op *op)
  80 {
  81         int block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
  82         struct rte_crypto_sym_op *sym_op = op->sym;
  83         uint8_t last_block_len = block_len > 0 ?
  84                         sym_op->cipher.data.length % block_len : 0;
  85
  86         if (last_block_len > 0 &&
  87                         ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) {
  88
  89                 /* Encrypt last block */
  90                 uint8_t *last_block, *dst, *iv;
  91                 uint32_t last_block_offset;
  92
  93                 last_block_offset = sym_op->cipher.data.offset +
  94                                 sym_op->cipher.data.length - last_block_len;
  95                 last_block = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_src,
  96                                 uint8_t *, last_block_offset);
  97
  98                 if (unlikely(sym_op->m_dst != NULL))
  99                         /* out-of-place operation (OOP) */
 100                         dst = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_dst,
 101                                                 uint8_t *, last_block_offset);
 102                 else
 103                         dst = last_block;
 104
 105                 if (last_block_len < sym_op->cipher.data.length)
 106                         /* use previous block ciphertext as IV */
 107                         iv = dst - block_len;
 108                 else
 109                         /* runt block, i.e. less than one full block */
 110                         iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 111                                         ctx->cipher_iv.offset);
 112
 113 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 114                 QAT_DP_HEXDUMP_LOG(DEBUG, "BPI: src before post-process:",
 115                         last_block, last_block_len);
 116                 if (sym_op->m_dst != NULL)
 117                         QAT_DP_HEXDUMP_LOG(DEBUG,
 118                                 "BPI: dst before post-process:",
 119                                 dst, last_block_len);
 120 #endif
 121                 bpi_cipher_encrypt(last_block, dst, iv, block_len,
 122                                 last_block_len, ctx->bpi_ctx);
 123 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 124                 QAT_DP_HEXDUMP_LOG(DEBUG, "BPI: src after post-process:",
 125                                 last_block, last_block_len);
 126                 if (sym_op->m_dst != NULL)
 127                         QAT_DP_HEXDUMP_LOG(DEBUG,
 128                                 "BPI: dst after post-process:",
 129                                 dst, last_block_len);
 130 #endif
 131         }
 132         return sym_op->cipher.data.length - last_block_len;
 133 }
 134
 135 static inline void
 136 qat_sym_process_response(void **op, uint8_t *resp)
 137 {
 138
 139         struct icp_qat_fw_comn_resp *resp_msg =
 140                         (struct icp_qat_fw_comn_resp *)resp;
 141         struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t)
 142                         (resp_msg->opaque_data);
 143
 144 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 145         QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg,
 146                         sizeof(struct icp_qat_fw_comn_resp));
 147 #endif
 148
 149         if (ICP_QAT_FW_COMN_STATUS_FLAG_OK !=
 150                         ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET(
 151                         resp_msg->comn_hdr.comn_status)) {
 152
 153                 rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
 154         } else {
 155                 struct qat_sym_session *sess = (struct qat_sym_session *)
 156                                                 get_sym_session_private_data(
 157                                                 rx_op->sym->session,
 158                                                 cryptodev_qat_driver_id);
 159
 160
 161                 if (sess->bpi_ctx)
 162                         qat_bpicipher_postprocess(sess, rx_op);
 163                 rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 164         }
 165         *op = (void *)rx_op;
 166 }
 167 #else
 168
 169 static inline void
 170 qat_sym_process_response(void **op __rte_unused, uint8_t *resp __rte_unused)
 171 {
 172 }
 173 #endif
 174 #endif /* _QAT_SYM_H_ */