1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2021 Intel Corporation
3 */
4
5 #ifndef _PMD_AESNI_MB_PRIV_H_
6 #define _PMD_AESNI_MB_PRIV_H_
7
8 #include <intel-ipsec-mb.h>
9
10 #if defined(RTE_LIB_SECURITY)
11 #define AESNI_MB_DOCSIS_SEC_ENABLED 1
12 #include <rte_security.h>
13 #include <rte_security_driver.h>
14 #include <rte_ether.h>
15 #endif
16
17 #include "ipsec_mb_private.h"
18
19 #define AES_CCM_DIGEST_MIN_LEN 4
20 #define AES_CCM_DIGEST_MAX_LEN 16
21 #define HMAC_MAX_BLOCK_SIZE 128
22 #define HMAC_IPAD_VALUE (0x36)
23 #define HMAC_OPAD_VALUE (0x5C)
24
25 static const struct rte_cryptodev_capabilities aesni_mb_capabilities[] = {
26 { /* MD5 HMAC */
27 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
28 {.sym = {
29 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
30 {.auth = {
31 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
32 .block_size = 64,
33 .key_size = {
34 .min = 1,
35 .max = 64,
36 .increment = 1
37 },
38 .digest_size = {
39 .min = 1,
40 .max = 16,
41 .increment = 1
42 },
43 .iv_size = { 0 }
44 }, }
45 }, }
46 },
47 { /* SHA1 HMAC */
48 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
49 {.sym = {
50 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
51 {.auth = {
52 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
53 .block_size = 64,
54 .key_size = {
55 .min = 1,
56 .max = 65535,
57 .increment = 1
58 },
59 .digest_size = {
60 .min = 1,
61 .max = 20,
62 .increment = 1
63 },
64 .iv_size = { 0 }
65 }, }
66 }, }
67 },
68 { /* SHA1 */
69 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
70 {.sym = {
71 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
72 {.auth = {
73 .algo = RTE_CRYPTO_AUTH_SHA1,
74 .block_size = 64,
75 .key_size = {
76 .min = 0,
77 .max = 0,
78 .increment = 0
79 },
80 .digest_size = {
81 .min = 1,
82 .max = 20,
83 .increment = 1
84 },
85 .iv_size = { 0 }
86 }, }
87 }, }
88 },
89 { /* SHA224 HMAC */
90 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
91 {.sym = {
92 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
93 {.auth = {
94 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
95 .block_size = 64,
96 .key_size = {
97 .min = 1,
98 .max = 65535,
99 .increment = 1
100 },
101 .digest_size = {
102 .min = 1,
103 .max = 28,
104 .increment = 1
105 },
106 .iv_size = { 0 }
107 }, }
108 }, }
109 },
110 { /* SHA224 */
111 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
112 {.sym = {
113 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
114 {.auth = {
115 .algo = RTE_CRYPTO_AUTH_SHA224,
116 .block_size = 64,
117 .key_size = {
118 .min = 0,
119 .max = 0,
120 .increment = 0
121 },
122 .digest_size = {
123 .min = 1,
124 .max = 28,
125 .increment = 1
126 },
127 .iv_size = { 0 }
128 }, }
129 }, }
130 },
131 { /* SHA256 HMAC */
132 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
133 {.sym = {
134 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
135 {.auth = {
136 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
137 .block_size = 64,
138 .key_size = {
139 .min = 1,
140 .max = 65535,
141 .increment = 1
142 },
143 .digest_size = {
144 .min = 1,
145 .max = 32,
146 .increment = 1
147 },
148 .iv_size = { 0 }
149 }, }
150 }, }
151 },
152 { /* SHA256 */
153 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
154 {.sym = {
155 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
156 {.auth = {
157 .algo = RTE_CRYPTO_AUTH_SHA256,
158 .block_size = 64,
159 .key_size = {
160 .min = 0,
161 .max = 0,
162 .increment = 0
163 },
164 .digest_size = {
165 .min = 1,
166 .max = 32,
167 .increment = 1
168 },
169 .iv_size = { 0 }
170 }, }
171 }, }
172 },
173 { /* SHA384 HMAC */
174 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
175 {.sym = {
176 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
177 {.auth = {
178 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
179 .block_size = 128,
180 .key_size = {
181 .min = 1,
182 .max = 65535,
183 .increment = 1
184 },
185 .digest_size = {
186 .min = 1,
187 .max = 48,
188 .increment = 1
189 },
190 .iv_size = { 0 }
191 }, }
192 }, }
193 },
194 { /* SHA384 */
195 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
196 {.sym = {
197 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
198 {.auth = {
199 .algo = RTE_CRYPTO_AUTH_SHA384,
200 .block_size = 128,
201 .key_size = {
202 .min = 0,
203 .max = 0,
204 .increment = 0
205 },
206 .digest_size = {
207 .min = 1,
208 .max = 48,
209 .increment = 1
210 },
211 .iv_size = { 0 }
212 }, }
213 }, }
214 },
215 { /* SHA512 HMAC */
216 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
217 {.sym = {
218 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
219 {.auth = {
220 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
221 .block_size = 128,
222 .key_size = {
223 .min = 1,
224 .max = 65535,
225 .increment = 1
226 },
227 .digest_size = {
228 .min = 1,
229 .max = 64,
230 .increment = 1
231 },
232 .iv_size = { 0 }
233 }, }
234 }, }
235 },
236 { /* SHA512 */
237 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
238 {.sym = {
239 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
240 {.auth = {
241 .algo = RTE_CRYPTO_AUTH_SHA512,
242 .block_size = 128,
243 .key_size = {
244 .min = 0,
245 .max = 0,
246 .increment = 0
247 },
248 .digest_size = {
249 .min = 1,
250 .max = 64,
251 .increment = 1
252 },
253 .iv_size = { 0 }
254 }, }
255 }, }
256 },
257 { /* AES XCBC HMAC */
258 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
259 {.sym = {
260 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
261 {.auth = {
262 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
263 .block_size = 16,
264 .key_size = {
265 .min = 16,
266 .max = 16,
267 .increment = 0
268 },
269 .digest_size = {
270 .min = 12,
271 .max = 12,
272 .increment = 0
273 },
274 .iv_size = { 0 }
275 }, }
276 }, }
277 },
278 { /* NULL (AUTH) */
279 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
280 {.sym = {
281 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
282 {.auth = {
283 .algo = RTE_CRYPTO_AUTH_NULL,
284 .block_size = 1,
285 .key_size = {
286 .min = 0,
287 .max = 0,
288 .increment = 0
289 },
290 .digest_size = {
291 .min = 0,
292 .max = 0,
293 .increment = 0
294 },
295 .iv_size = { 0 }
296 }, },
297 }, },
298 },
299 { /* NULL (CIPHER) */
300 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
301 {.sym = {
302 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
303 {.cipher = {
304 .algo = RTE_CRYPTO_CIPHER_NULL,
305 .block_size = 1,
306 .key_size = {
307 .min = 0,
308 .max = 0,
309 .increment = 0
310 },
311 .iv_size = { 0 }
312 }, },
313 }, }
314 },
315 { /* AES CBC */
316 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
317 {.sym = {
318 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
319 {.cipher = {
320 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
321 .block_size = 16,
322 .key_size = {
323 .min = 16,
324 .max = 32,
325 .increment = 8
326 },
327 .iv_size = {
328 .min = 16,
329 .max = 16,
330 .increment = 0
331 }
332 }, }
333 }, }
334 },
335 { /* AES CTR */
336 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
337 {.sym = {
338 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
339 {.cipher = {
340 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
341 .block_size = 16,
342 .key_size = {
343 .min = 16,
344 .max = 32,
345 .increment = 8
346 },
347 .iv_size = {
348 .min = 12,
349 .max = 16,
350 .increment = 4
351 }
352 }, }
353 }, }
354 },
355 { /* AES DOCSIS BPI */
356 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
357 {.sym = {
358 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
359 {.cipher = {
360 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
361 .block_size = 16,
362 .key_size = {
363 .min = 16,
364 .max = 32,
365 .increment = 16
366 },
367 .iv_size = {
368 .min = 16,
369 .max = 16,
370 .increment = 0
371 }
372 }, }
373 }, }
374 },
375 { /* DES CBC */
376 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 {.sym = {
378 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
379 {.cipher = {
380 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
381 .block_size = 8,
382 .key_size = {
383 .min = 8,
384 .max = 8,
385 .increment = 0
386 },
387 .iv_size = {
388 .min = 8,
389 .max = 8,
390 .increment = 0
391 }
392 }, }
393 }, }
394 },
395 { /* 3DES CBC */
396 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
397 {.sym = {
398 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
399 {.cipher = {
400 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
401 .block_size = 8,
402 .key_size = {
403 .min = 8,
404 .max = 24,
405 .increment = 8
406 },
407 .iv_size = {
408 .min = 8,
409 .max = 8,
410 .increment = 0
411 }
412 }, }
413 }, }
414 },
415 { /* DES DOCSIS BPI */
416 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
417 {.sym = {
418 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
419 {.cipher = {
420 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
421 .block_size = 8,
422 .key_size = {
423 .min = 8,
424 .max = 8,
425 .increment = 0
426 },
427 .iv_size = {
428 .min = 8,
429 .max = 8,
430 .increment = 0
431 }
432 }, }
433 }, }
434 },
435 { /* AES CCM */
436 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
437 {.sym = {
438 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
439 {.aead = {
440 .algo = RTE_CRYPTO_AEAD_AES_CCM,
441 .block_size = 16,
442 .key_size = {
443 .min = 16,
444 .max = 32,
445 .increment = 16
446 },
447 .digest_size = {
448 .min = 4,
449 .max = 16,
450 .increment = 2
451 },
452 .aad_size = {
453 .min = 0,
454 .max = 46,
455 .increment = 1
456 },
457 .iv_size = {
458 .min = 7,
459 .max = 13,
460 .increment = 1
461 },
462 }, }
463 }, }
464 },
465 { /* AES CMAC */
466 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
467 {.sym = {
468 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
469 {.auth = {
470 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
471 .block_size = 16,
472 .key_size = {
473 .min = 16,
474 .max = 16,
475 .increment = 0
476 },
477 .digest_size = {
478 .min = 1,
479 .max = 16,
480 .increment = 1
481 },
482 .iv_size = { 0 }
483 }, }
484 }, }
485 },
486 { /* AES GCM */
487 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
488 {.sym = {
489 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
490 {.aead = {
491 .algo = RTE_CRYPTO_AEAD_AES_GCM,
492 .block_size = 16,
493 .key_size = {
494 .min = 16,
495 .max = 32,
496 .increment = 8
497 },
498 .digest_size = {
499 .min = 1,
500 .max = 16,
501 .increment = 1
502 },
503 .aad_size = {
504 .min = 0,
505 .max = 65535,
506 .increment = 1
507 },
508 .iv_size = {
509 .min = 12,
510 .max = 12,
511 .increment = 0
512 }
513 }, }
514 }, }
515 },
516 { /* AES GMAC (AUTH) */
517 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
518 {.sym = {
519 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
520 {.auth = {
521 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
522 .block_size = 16,
523 .key_size = {
524 .min = 16,
525 .max = 32,
526 .increment = 8
527 },
528 .digest_size = {
529 .min = 1,
530 .max = 16,
531 .increment = 1
532 },
533 .iv_size = {
534 .min = 12,
535 .max = 12,
536 .increment = 0
537 }
538 }, }
539 }, }
540 },
541 { /* AES ECB */
542 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
543 {.sym = {
544 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
545 {.cipher = {
546 .algo = RTE_CRYPTO_CIPHER_AES_ECB,
547 .block_size = 16,
548 .key_size = {
549 .min = 16,
550 .max = 32,
551 .increment = 8
552 },
553 .iv_size = { 0 }
554 }, }
555 }, }
556 },
557 { /* ZUC (EIA3) */
558 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
559 {.sym = {
560 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
561 {.auth = {
562 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
563 .block_size = 16,
564 .key_size = {
565 .min = 16,
566 .max = 32,
567 .increment = 16
568 },
569 .digest_size = {
570 .min = 4,
571 .max = 4,
572 .increment = 0
573 },
574 .iv_size = {
575 .min = 16,
576 .max = 25,
577 .increment = 9
578 }
579 }, }
580 }, }
581 },
582 { /* ZUC (EEA3) */
583 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
584 {.sym = {
585 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
586 {.cipher = {
587 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
588 .block_size = 16,
589 .key_size = {
590 .min = 16,
591 .max = 32,
592 .increment = 16
593 },
594 .iv_size = {
595 .min = 16,
596 .max = 25,
597 .increment = 9
598 },
599 }, }
600 }, }
601 },
602 { /* SNOW 3G (UIA2) */
603 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
604 {.sym = {
605 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
606 {.auth = {
607 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
608 .block_size = 16,
609 .key_size = {
610 .min = 16,
611 .max = 16,
612 .increment = 0
613 },
614 .digest_size = {
615 .min = 4,
616 .max = 4,
617 .increment = 0
618 },
619 .iv_size = {
620 .min = 16,
621 .max = 16,
622 .increment = 0
623 }
624 }, }
625 }, }
626 },
627 { /* SNOW 3G (UEA2) */
628 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
629 {.sym = {
630 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
631 {.cipher = {
632 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
633 .block_size = 16,
634 .key_size = {
635 .min = 16,
636 .max = 16,
637 .increment = 0
638 },
639 .iv_size = {
640 .min = 16,
641 .max = 16,
642 .increment = 0
643 }
644 }, }
645 }, }
646 },
647 { /* KASUMI (F9) */
648 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
649 {.sym = {
650 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
651 {.auth = {
652 .algo = RTE_CRYPTO_AUTH_KASUMI_F9,
653 .block_size = 8,
654 .key_size = {
655 .min = 16,
656 .max = 16,
657 .increment = 0
658 },
659 .digest_size = {
660 .min = 4,
661 .max = 4,
662 .increment = 0
663 },
664 .iv_size = { 0 }
665 }, }
666 }, }
667 },
668 { /* KASUMI (F8) */
669 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
670 {.sym = {
671 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
672 {.cipher = {
673 .algo = RTE_CRYPTO_CIPHER_KASUMI_F8,
674 .block_size = 8,
675 .key_size = {
676 .min = 16,
677 .max = 16,
678 .increment = 0
679 },
680 .iv_size = {
681 .min = 8,
682 .max = 8,
683 .increment = 0
684 }
685 }, }
686 }, }
687 },
688 { /* CHACHA20-POLY1305 */
689 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
690 {.sym = {
691 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
692 {.aead = {
693 .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
694 .block_size = 64,
695 .key_size = {
696 .min = 32,
697 .max = 32,
698 .increment = 0
699 },
700 .digest_size = {
701 .min = 16,
702 .max = 16,
703 .increment = 0
704 },
705 .aad_size = {
706 .min = 0,
707 .max = 1024,
708 .increment = 1
709 },
710 .iv_size = {
711 .min = 12,
712 .max = 12,
713 .increment = 0
714 },
715 }, }
716 }, }
717 },
718 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
719 };
720
721 uint8_t pmd_driver_id_aesni_mb;
722
723 struct aesni_mb_qp_data {
724 uint8_t temp_digests[IMB_MAX_JOBS][DIGEST_LENGTH_MAX];
725 /* *< Buffers used to store the digest generated
726 * by the driver when verifying a digest provided
727 * by the user (using authentication verify operation)
728 */
729 };
730
731 /* Maximum length for digest */
732 #define DIGEST_LENGTH_MAX 64
733 static const unsigned int auth_blocksize[] = {
734 [IMB_AUTH_NULL] = 0,
735 [IMB_AUTH_MD5] = 64,
736 [IMB_AUTH_HMAC_SHA_1] = 64,
737 [IMB_AUTH_HMAC_SHA_224] = 64,
738 [IMB_AUTH_HMAC_SHA_256] = 64,
739 [IMB_AUTH_HMAC_SHA_384] = 128,
740 [IMB_AUTH_HMAC_SHA_512] = 128,
741 [IMB_AUTH_AES_XCBC] = 16,
742 [IMB_AUTH_AES_CCM] = 16,
743 [IMB_AUTH_AES_CMAC] = 16,
744 [IMB_AUTH_AES_GMAC] = 16,
745 [IMB_AUTH_SHA_1] = 64,
746 [IMB_AUTH_SHA_224] = 64,
747 [IMB_AUTH_SHA_256] = 64,
748 [IMB_AUTH_SHA_384] = 128,
749 [IMB_AUTH_SHA_512] = 128,
750 [IMB_AUTH_ZUC_EIA3_BITLEN] = 16,
751 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 16,
752 [IMB_AUTH_KASUMI_UIA1] = 16
753 };
754
755 /**
756 * Get the blocksize in bytes for a specified authentication algorithm
757 *
758 * @Note: this function will not return a valid value for a non-valid
759 * authentication algorithm
760 */
761 static inline unsigned int
get_auth_algo_blocksize(IMB_HASH_ALG algo)762 get_auth_algo_blocksize(IMB_HASH_ALG algo)
763 {
764 return auth_blocksize[algo];
765 }
766
767 static const unsigned int auth_truncated_digest_byte_lengths[] = {
768 [IMB_AUTH_MD5] = 12,
769 [IMB_AUTH_HMAC_SHA_1] = 12,
770 [IMB_AUTH_HMAC_SHA_224] = 14,
771 [IMB_AUTH_HMAC_SHA_256] = 16,
772 [IMB_AUTH_HMAC_SHA_384] = 24,
773 [IMB_AUTH_HMAC_SHA_512] = 32,
774 [IMB_AUTH_AES_XCBC] = 12,
775 [IMB_AUTH_AES_CMAC] = 12,
776 [IMB_AUTH_AES_CCM] = 8,
777 [IMB_AUTH_NULL] = 0,
778 [IMB_AUTH_AES_GMAC] = 12,
779 [IMB_AUTH_SHA_1] = 20,
780 [IMB_AUTH_SHA_224] = 28,
781 [IMB_AUTH_SHA_256] = 32,
782 [IMB_AUTH_SHA_384] = 48,
783 [IMB_AUTH_SHA_512] = 64,
784 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
785 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
786 [IMB_AUTH_KASUMI_UIA1] = 4
787 };
788
789 /**
790 * Get the IPsec specified truncated length in bytes of the HMAC digest for a
791 * specified authentication algorithm
792 *
793 * @Note: this function will not return a valid value for a non-valid
794 * authentication algorithm
795 */
796 static inline unsigned int
get_truncated_digest_byte_length(IMB_HASH_ALG algo)797 get_truncated_digest_byte_length(IMB_HASH_ALG algo)
798 {
799 return auth_truncated_digest_byte_lengths[algo];
800 }
801
802 static const unsigned int auth_digest_byte_lengths[] = {
803 [IMB_AUTH_MD5] = 16,
804 [IMB_AUTH_HMAC_SHA_1] = 20,
805 [IMB_AUTH_HMAC_SHA_224] = 28,
806 [IMB_AUTH_HMAC_SHA_256] = 32,
807 [IMB_AUTH_HMAC_SHA_384] = 48,
808 [IMB_AUTH_HMAC_SHA_512] = 64,
809 [IMB_AUTH_AES_XCBC] = 16,
810 [IMB_AUTH_AES_CMAC] = 16,
811 [IMB_AUTH_AES_CCM] = 16,
812 [IMB_AUTH_AES_GMAC] = 16,
813 [IMB_AUTH_NULL] = 0,
814 [IMB_AUTH_SHA_1] = 20,
815 [IMB_AUTH_SHA_224] = 28,
816 [IMB_AUTH_SHA_256] = 32,
817 [IMB_AUTH_SHA_384] = 48,
818 [IMB_AUTH_SHA_512] = 64,
819 [IMB_AUTH_ZUC_EIA3_BITLEN] = 4,
820 [IMB_AUTH_SNOW3G_UIA2_BITLEN] = 4,
821 [IMB_AUTH_KASUMI_UIA1] = 4
822 /**< Vector mode dependent pointer table of the multi-buffer APIs */
823
824 };
825
826 /**
827 * Get the full digest size in bytes for a specified authentication algorithm
828 * (if available in the Multi-buffer library)
829 *
830 * @Note: this function will not return a valid value for a non-valid
831 * authentication algorithm
832 */
833 static inline unsigned int
get_digest_byte_length(IMB_HASH_ALG algo)834 get_digest_byte_length(IMB_HASH_ALG algo)
835 {
836 return auth_digest_byte_lengths[algo];
837 }
838
839 /** AES-NI multi-buffer private session structure */
840 struct aesni_mb_session {
841 IMB_CIPHER_MODE cipher_mode;
842 IMB_CIPHER_DIRECTION cipher_direction;
843 IMB_HASH_ALG hash_alg;
844 IMB_CHAIN_ORDER chain_order;
845 /* common job fields */
846 struct {
847 uint16_t length;
848 uint16_t offset;
849 } iv;
850 struct {
851 uint16_t length;
852 uint16_t offset;
853 } auth_iv;
854 /* *< IV parameters
855 */
856
857 /* * Cipher Parameters
858 */
859 struct {
860 /* * Cipher direction - encrypt / decrypt */
861 IMB_CIPHER_DIRECTION direction;
862 /* * Cipher mode - CBC / Counter */
863 IMB_CIPHER_MODE mode;
864
865 uint64_t key_length_in_bytes;
866
867 union {
868 struct {
869 uint32_t encode[60] __rte_aligned(16);
870 /* *< encode key */
871 uint32_t decode[60] __rte_aligned(16);
872 /* *< decode key */
873 } expanded_aes_keys;
874 /* *< Expanded AES keys - Allocating space to
875 * contain the maximum expanded key size which
876 * is 240 bytes for 256 bit AES, calculate by:
877 * ((key size (bytes)) *
878 * ((number of rounds) + 1))
879 */
880 struct {
881 const void *ks_ptr[3];
882 uint64_t key[3][16];
883 } exp_3des_keys;
884 /* *< Expanded 3DES keys */
885
886 struct gcm_key_data gcm_key;
887 /* *< Expanded GCM key */
888 uint8_t zuc_cipher_key[32];
889 /* *< ZUC cipher key */
890 snow3g_key_schedule_t pKeySched_snow3g_cipher;
891 /* *< SNOW3G scheduled cipher key */
892 kasumi_key_sched_t pKeySched_kasumi_cipher;
893 /* *< KASUMI scheduled cipher key */
894 };
895 } cipher;
896
897 /* *< Authentication Parameters */
898 struct {
899 IMB_HASH_ALG algo; /* *< Authentication Algorithm */
900 enum rte_crypto_auth_operation operation;
901 /* *< auth operation generate or verify */
902 union {
903 struct {
904 uint8_t inner[128] __rte_aligned(16);
905 /* *< inner pad */
906 uint8_t outer[128] __rte_aligned(16);
907 /* *< outer pad */
908 } pads;
909 /* *< HMAC Authentication pads -
910 * allocating space for the maximum pad
911 * size supported which is 128 bytes for
912 * SHA512
913 */
914
915 struct {
916 uint32_t k1_expanded[44] __rte_aligned(16);
917 /* *< k1 (expanded key). */
918 uint8_t k2[16] __rte_aligned(16);
919 /* *< k2. */
920 uint8_t k3[16] __rte_aligned(16);
921 /* *< k3. */
922 } xcbc;
923
924 struct {
925 uint32_t expkey[60] __rte_aligned(16);
926 /* *< k1 (expanded key). */
927 uint32_t skey1[4] __rte_aligned(16);
928 /* *< k2. */
929 uint32_t skey2[4] __rte_aligned(16);
930 /* *< k3. */
931 } cmac;
932 /* *< Expanded XCBC authentication keys */
933 uint8_t zuc_auth_key[32];
934 /* *< ZUC authentication key */
935 snow3g_key_schedule_t pKeySched_snow3g_auth;
936 /* *< SNOW3G scheduled authentication key */
937 kasumi_key_sched_t pKeySched_kasumi_auth;
938 /* *< KASUMI scheduled authentication key */
939 };
940 /* * Generated digest size by the Multi-buffer library */
941 uint16_t gen_digest_len;
942 /* * Requested digest size from Cryptodev */
943 uint16_t req_digest_len;
944
945 } auth;
946 struct {
947 /* * AAD data length */
948 uint16_t aad_len;
949 } aead;
950 } __rte_cache_aligned;
951
952 typedef void (*hash_one_block_t)(const void *data, void *digest);
953 typedef void (*aes_keyexp_t)(const void *key, void *enc_exp_keys,
954 void *dec_exp_keys);
955
956 #ifdef AESNI_MB_DOCSIS_SEC_ENABLED
957 static const struct rte_cryptodev_capabilities
958 aesni_mb_pmd_security_crypto_cap[] = {
959 { /* AES DOCSIS BPI */
960 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
961 {.sym = {
962 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
963 {.cipher = {
964 .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
965 .block_size = 16,
966 .key_size = {
967 .min = 16,
968 .max = 32,
969 .increment = 16
970 },
971 .iv_size = {
972 .min = 16,
973 .max = 16,
974 .increment = 0
975 }
976 }, }
977 }, }
978 },
979
980 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
981 };
982
983 static const struct rte_security_capability aesni_mb_pmd_security_cap[] = {
984 { /* DOCSIS Uplink */
985 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
986 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
987 .docsis = {
988 .direction = RTE_SECURITY_DOCSIS_UPLINK
989 },
990 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
991 },
992 { /* DOCSIS Downlink */
993 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
994 .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
995 .docsis = {
996 .direction = RTE_SECURITY_DOCSIS_DOWNLINK
997 },
998 .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
999 },
1000 {
1001 .action = RTE_SECURITY_ACTION_TYPE_NONE
1002 }
1003 };
1004 #endif
1005
1006 #endif /* _PMD_AESNI_MB_PRIV_H_ */
1007