@@ -33,9 +33,9 @@ struct rte_cryptodev_ops cn10k_cpt_ops = {
.queue_pair_release = cnxk_cpt_queue_pair_release,
/* Symmetric crypto ops */
- .sym_session_get_size = NULL,
- .sym_session_configure = NULL,
- .sym_session_clear = NULL,
+ .sym_session_get_size = cnxk_cpt_sym_session_get_size,
+ .sym_session_configure = cnxk_cpt_sym_session_configure,
+ .sym_session_clear = cnxk_cpt_sym_session_clear,
/* Asymmetric crypto ops */
.asym_session_get_size = NULL,
@@ -33,9 +33,9 @@ struct rte_cryptodev_ops cn9k_cpt_ops = {
.queue_pair_release = cnxk_cpt_queue_pair_release,
/* Symmetric crypto ops */
- .sym_session_get_size = NULL,
- .sym_session_configure = NULL,
- .sym_session_clear = NULL,
+ .sym_session_get_size = cnxk_cpt_sym_session_get_size,
+ .sym_session_configure = cnxk_cpt_sym_session_configure,
+ .sym_session_clear = cnxk_cpt_sym_session_clear,
/* Asymmetric crypto ops */
.asym_session_get_size = NULL,
@@ -10,6 +10,7 @@
#include "cnxk_cryptodev.h"
#include "cnxk_cryptodev_ops.h"
+#include "cnxk_se.h"
static int
cnxk_cpt_get_mlen(void)
@@ -328,3 +329,189 @@ cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
cnxk_cpt_qp_destroy(dev, qp);
return ret;
}
+
+unsigned int
+cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
+{
+ return sizeof(struct cnxk_se_sess);
+}
+
+static int
+sym_xform_verify(struct rte_crypto_sym_xform *xform)
+{
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->auth.algo == RTE_CRYPTO_AUTH_NULL &&
+ xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+ return -ENOTSUP;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL)
+ return CNXK_CPT_CIPHER;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
+ return CNXK_CPT_AUTH;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD && xform->next == NULL)
+ return CNXK_CPT_AEAD;
+
+ if (xform->next == NULL)
+ return -EIO;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->next->auth.algo == RTE_CRYPTO_AUTH_SHA1)
+ return -ENOTSUP;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->auth.algo == RTE_CRYPTO_AUTH_SHA1 &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->next->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC)
+ return -ENOTSUP;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->next->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+ return CNXK_CPT_CIPHER_ENC_AUTH_GEN;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT)
+ return CNXK_CPT_AUTH_VRFY_CIPHER_DEC;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
+ switch (xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ switch (xform->next->cipher.algo) {
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ return CNXK_CPT_AUTH_GEN_CIPHER_ENC;
+ default:
+ return -ENOTSUP;
+ }
+ default:
+ return -ENOTSUP;
+ }
+ }
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
+ xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ xform->next->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY) {
+ switch (xform->cipher.algo) {
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ switch (xform->next->auth.algo) {
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ return CNXK_CPT_CIPHER_DEC_AUTH_VRFY;
+ default:
+ return -ENOTSUP;
+ }
+ default:
+ return -ENOTSUP;
+ }
+ }
+
+ return -ENOTSUP;
+}
+
+static uint64_t
+cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)
+{
+ union cpt_inst_w7 inst_w7;
+
+ inst_w7.s.cptr = (uint64_t)&sess->roc_se_ctx.se_ctx;
+
+ /* Set the engine group */
+ if (sess->zsk_flag || sess->chacha_poly)
+ inst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_SE];
+ else
+ inst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
+
+ return inst_w7.u64;
+}
+
+int
+sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *pool)
+{
+ struct cnxk_se_sess *sess_priv;
+ void *priv;
+ int ret;
+
+ ret = sym_xform_verify(xform);
+ if (unlikely(ret < 0))
+ return ret;
+
+ if (unlikely(rte_mempool_get(pool, &priv))) {
+ plt_dp_err("Could not allocate session private data");
+ return -ENOMEM;
+ }
+
+ memset(priv, 0, sizeof(struct cnxk_se_sess));
+
+ sess_priv = priv;
+
+ switch (ret) {
+ default:
+ ret = -1;
+ }
+
+ if (ret)
+ goto priv_put;
+
+ sess_priv->cpt_inst_w7 = cnxk_cpt_inst_w7_get(sess_priv, roc_cpt);
+
+ set_sym_session_private_data(sess, driver_id, sess_priv);
+
+ return 0;
+
+priv_put:
+ rte_mempool_put(pool, priv);
+
+ return -ENOTSUP;
+}
+
+int
+cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *pool)
+{
+ struct cnxk_cpt_vf *vf = dev->data->dev_private;
+ struct roc_cpt *roc_cpt = &vf->cpt;
+ uint8_t driver_id;
+
+ driver_id = dev->driver_id;
+
+ return sym_session_configure(roc_cpt, driver_id, xform, sess, pool);
+}
+
+void
+sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
+{
+ void *priv = get_sym_session_private_data(sess, driver_id);
+ struct rte_mempool *pool;
+
+ if (priv == NULL)
+ return;
+
+ memset(priv, 0, cnxk_cpt_sym_session_get_size(NULL));
+
+ pool = rte_mempool_from_obj(priv);
+
+ set_sym_session_private_data(sess, driver_id, NULL);
+
+ rte_mempool_put(pool, priv);
+}
+
+void
+cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_sym_session *sess)
+{
+ return sym_session_clear(dev->driver_id, sess);
+}
@@ -16,6 +16,16 @@ struct cpt_qp_meta_info {
int mlen;
};
+enum sym_xform_type {
+ CNXK_CPT_CIPHER = 1,
+ CNXK_CPT_AUTH,
+ CNXK_CPT_AEAD,
+ CNXK_CPT_CIPHER_ENC_AUTH_GEN,
+ CNXK_CPT_AUTH_VRFY_CIPHER_DEC,
+ CNXK_CPT_AUTH_GEN_CIPHER_ENC,
+ CNXK_CPT_CIPHER_DEC_AUTH_VRFY
+};
+
struct cpt_inflight_req {
union cpt_res_s res;
struct rte_crypto_op *cop;
@@ -69,4 +79,21 @@ int cnxk_cpt_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
int cnxk_cpt_queue_pair_release(struct rte_cryptodev *dev, uint16_t qp_id);
+unsigned int cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev);
+
+int cnxk_cpt_sym_session_configure(struct rte_cryptodev *dev,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *pool);
+
+int sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *pool);
+
+void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_sym_session *sess);
+
+void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess);
+
#endif /* _CNXK_CRYPTODEV_OPS_H_ */
new file mode 100644
@@ -0,0 +1,31 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2021 Marvell.
+ */
+
+#ifndef _CNXK_SE_H_
+#define _CNXK_SE_H_
+#include <stdbool.h>
+
+#include "roc_se.h"
+
+struct cnxk_se_sess {
+ uint16_t cpt_op : 4;
+ uint16_t zsk_flag : 4;
+ uint16_t aes_gcm : 1;
+ uint16_t aes_ctr : 1;
+ uint16_t chacha_poly : 1;
+ uint16_t is_null : 1;
+ uint16_t is_gmac : 1;
+ uint16_t rsvd1 : 3;
+ uint16_t aad_length;
+ uint8_t mac_len;
+ uint8_t iv_length;
+ uint8_t auth_iv_length;
+ uint16_t iv_offset;
+ uint16_t auth_iv_offset;
+ uint32_t salt;
+ uint64_t cpt_inst_w7;
+ struct roc_se_ctx roc_se_ctx;
+} __rte_cache_aligned;
+
+#endif /*_CNXK_SE_H_ */