src/vnet/crypto/crypto.h

   1 /*
   2  * Copyright (c) 2019 Cisco and/or its affiliates.
   3  * Licensed under the Apache License, Version 2.0 (the "License");
   4  * you may not use this file except in compliance with the License.
   5  * You may obtain a copy of the License at:
   6  *
   7  *     http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  * Unless required by applicable law or agreed to in writing, software
  10  * distributed under the License is distributed on an "AS IS" BASIS,
  11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  * See the License for the specific language governing permissions and
  13  * limitations under the License.
  14  */
  15
  16 #ifndef included_vnet_crypto_crypto_h
  17 #define included_vnet_crypto_crypto_h
  18
  19 #define VNET_CRYPTO_RING_SIZE 512
  20
  21 #include <vlib/vlib.h>
  22
  23 #define foreach_crypto_cipher_alg \
  24   _(DES_CBC,     "des-cbc") \
  25   _(3DES_CBC,    "3des-cbc") \
  26   _(AES_128_CBC, "aes-128-cbc") \
  27   _(AES_192_CBC, "aes-192-cbc") \
  28   _(AES_256_CBC, "aes-256-cbc")
  29
  30 #define foreach_crypto_aead_alg \
  31   _(AES_128_GCM, "aes-128-gcm") \
  32   _(AES_192_GCM, "aes-192-gcm") \
  33   _(AES_256_GCM, "aes-256-gcm")
  34
  35 #define foreach_crypto_hmac_alg \
  36   _(MD5, "md5") \
  37   _(SHA1, "sha-1") \
  38   _(SHA224, "sha-224")  \
  39   _(SHA256, "sha-256")  \
  40   _(SHA384, "sha-384")  \
  41   _(SHA512, "sha-512")
  42
  43
  44 #define foreach_crypto_op_type \
  45   _(ENCRYPT, "encrypt") \
  46   _(DECRYPT, "decrypt") \
  47   _(AEAD_ENCRYPT, "aead-encrypt") \
  48   _(AEAD_DECRYPT, "aead-decrypt") \
  49   _(HMAC, "hmac")
  50
  51 typedef enum
  52 {
  53 #define _(n, s) VNET_CRYPTO_OP_TYPE_##n,
  54   foreach_crypto_op_type
  55 #undef _
  56     VNET_CRYPTO_OP_N_TYPES,
  57 } vnet_crypto_op_type_t;
  58
  59 #define foreach_crypto_op_status \
  60   _(PENDING, "pending") \
  61   _(COMPLETED, "completed") \
  62   _(FAIL_NO_HANDLER, "no-handler") \
  63   _(FAIL_BAD_HMAC, "bad-hmac") \
  64   _(FAIL_DECRYPT, "decrypt-fail")
  65
  66 typedef enum
  67 {
  68 #define _(n, s) VNET_CRYPTO_OP_STATUS_##n,
  69   foreach_crypto_op_status
  70 #undef _
  71     VNET_CRYPTO_OP_N_STATUS,
  72 } vnet_crypto_op_status_t;
  73
  74 /* *INDENT-OFF* */
  75 typedef enum
  76 {
  77 #define _(n, s) VNET_CRYPTO_ALG_##n,
  78   foreach_crypto_cipher_alg
  79   foreach_crypto_aead_alg
  80 #undef _
  81 #define _(n, s) VNET_CRYPTO_ALG_HMAC_##n,
  82   foreach_crypto_hmac_alg
  83 #undef _
  84   VNET_CRYPTO_N_ALGS,
  85 } vnet_crypto_alg_t;
  86
  87 typedef enum
  88 {
  89   VNET_CRYPTO_OP_NONE = 0,
  90 #define _(n, s) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC,
  91   foreach_crypto_cipher_alg
  92   foreach_crypto_aead_alg
  93 #undef _
  94 #define _(n, s) VNET_CRYPTO_OP_##n##_HMAC,
  95  foreach_crypto_hmac_alg
  96 #undef _
  97     VNET_CRYPTO_N_OP_IDS,
  98 } vnet_crypto_op_id_t;
  99 /* *INDENT-ON* */
 100
 101 typedef struct
 102 {
 103   char *name;
 104   vnet_crypto_op_id_t op_by_type[VNET_CRYPTO_OP_N_TYPES];
 105 } vnet_crypto_alg_data_t;
 106
 107 typedef struct
 108 {
 109   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
 110   vnet_crypto_op_id_t op:16;
 111   vnet_crypto_op_status_t status:8;
 112   u8 flags;
 113 #define VNET_CRYPTO_OP_FLAG_INIT_IV (1 << 0)
 114 #define VNET_CRYPTO_OP_FLAG_HMAC_CHECK (1 << 1)
 115   u32 len;
 116   u16 aad_len;
 117   u8 key_len, iv_len, digest_len, tag_len;
 118   u8 *key;
 119   u8 *iv;
 120   u8 *src;
 121   u8 *dst;
 122   u8 *aad;
 123   u8 *tag;
 124   u8 *digest;
 125   uword user_data;
 126 } vnet_crypto_op_t;
 127
 128 typedef struct
 129 {
 130   vnet_crypto_op_type_t type;
 131   vnet_crypto_alg_t alg;
 132   u32 active_engine_index;
 133 } vnet_crypto_op_data_t;
 134
 135 typedef struct
 136 {
 137   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
 138   clib_bitmap_t *act_queues;
 139 } vnet_crypto_thread_t;
 140
 141 typedef u32 (vnet_crypto_ops_handler_t) (vlib_main_t * vm,
 142                                          vnet_crypto_op_t * ops[], u32 n_ops);
 143
 144 u32 vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio,
 145                                  char *desc);
 146
 147 vlib_error_t *vnet_crypto_register_ops_handler (vlib_main_t * vm,
 148                                                 u32 provider_index,
 149                                                 vnet_crypto_op_id_t opt,
 150                                                 vnet_crypto_ops_handler_t *
 151                                                 f);
 152
 153 typedef struct
 154 {
 155   char *name;
 156   char *desc;
 157   int priority;
 158   vnet_crypto_ops_handler_t *ops_handlers[VNET_CRYPTO_N_OP_IDS];
 159 } vnet_crypto_engine_t;
 160
 161 typedef struct
 162 {
 163   vnet_crypto_alg_data_t *algs;
 164   vnet_crypto_thread_t *threads;
 165   vnet_crypto_ops_handler_t **ops_handlers;
 166   vnet_crypto_op_data_t opt_data[VNET_CRYPTO_N_OP_IDS];
 167   vnet_crypto_engine_t *engines;
 168   uword *engine_index_by_name;
 169   uword *alg_index_by_name;
 170 } vnet_crypto_main_t;
 171
 172 extern vnet_crypto_main_t crypto_main;
 173
 174 u32 vnet_crypto_submit_ops (vlib_main_t * vm, vnet_crypto_op_t ** jobs,
 175                             u32 n_jobs);
 176
 177 u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[],
 178                              u32 n_ops);
 179
 180
 181 int vnet_crypto_set_handler (char *ops_handler_name, char *engine);
 182
 183 format_function_t format_vnet_crypto_alg;
 184 format_function_t format_vnet_crypto_engine;
 185 format_function_t format_vnet_crypto_op;
 186 format_function_t format_vnet_crypto_op_type;
 187 format_function_t format_vnet_crypto_op_status;
 188
 189 static_always_inline void
 190 vnet_crypto_op_init (vnet_crypto_op_t * op, vnet_crypto_op_id_t type)
 191 {
 192   if (CLIB_DEBUG > 0)
 193     clib_memset (op, 0xfe, sizeof (*op));
 194   op->op = type;
 195   op->flags = 0;
 196 }
 197
 198 static_always_inline vnet_crypto_op_type_t
 199 vnet_crypto_get_op_type (vnet_crypto_op_id_t id)
 200 {
 201   vnet_crypto_main_t *cm = &crypto_main;
 202   vnet_crypto_op_data_t *od = vec_elt_at_index (cm->opt_data, id);
 203   return od->type;
 204 }
 205
 206 #endif /* included_vnet_crypto_crypto_h */
 207
 208 /*
 209  * fd.io coding-style-patch-verification: ON
 210  *
 211  * Local Variables:
 212  * eval: (c-set-style "gnu")
 213  * End:
 214  */