The patchset adds support for wqe configuration of encrypto and decrypto, preliminary verification of results and preparation of checksums. Signed-off-by: Hanxiao Li <li.hanxiao@zte.com.cn> --- drivers/common/zsda/meson.build | 2 +- drivers/crypto/zsda/zsda_sym.c | 273 ++++++++++++++++++++++++++++++++ drivers/crypto/zsda/zsda_sym.h | 50 ++++++ 3 files changed, 324 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/zsda/zsda_sym.c create mode 100644 drivers/crypto/zsda/zsda_sym.h diff --git a/drivers/common/zsda/meson.build b/drivers/common/zsda/meson.build index 7030b5f05a..59fd7a12ae 100644 --- a/drivers/common/zsda/meson.build +++ b/drivers/common/zsda/meson.build @@ -30,7 +30,7 @@ zsda_crypto_path = 'crypto/zsda' zsda_crypto_relpath = '../../' + zsda_crypto_path if zsda_crypto libcrypto = dependency('libcrypto', required: false, method: 'pkg-config') - foreach f: ['zsda_sym_session.c'] + foreach f: ['zsda_sym_session.c', 'zsda_sym.c'] sources += files(join_paths(zsda_crypto_relpath, f)) endforeach deps += ['security'] diff --git a/drivers/crypto/zsda/zsda_sym.c b/drivers/crypto/zsda/zsda_sym.c new file mode 100644 index 0000000000..a27234eb4e --- /dev/null +++ b/drivers/crypto/zsda/zsda_sym.c @@ -0,0 +1,273 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2024 ZTE Corporation + */ + +#include "cryptodev_pmd.h" + +#include "zsda_logs.h" +#include "zsda_sym.h" + +#define choose_dst_mbuf(mbuf_src, mbuf_dst) ((mbuf_dst) == NULL ? (mbuf_src) : (mbuf_dst)) +#define LBADS_MAX_REMAINDER (16 - 1) + +static uint8_t +zsda_get_opcode_hash(struct zsda_sym_session *sess) +{ + switch (sess->auth.algo) { + case RTE_CRYPTO_AUTH_SHA1: + return ZSDA_OPC_HASH_SHA1; + + case RTE_CRYPTO_AUTH_SHA224: + return ZSDA_OPC_HASH_SHA2_224; + + case RTE_CRYPTO_AUTH_SHA256: + return ZSDA_OPC_HASH_SHA2_256; + + case RTE_CRYPTO_AUTH_SHA384: + return ZSDA_OPC_HASH_SHA2_384; + + case RTE_CRYPTO_AUTH_SHA512: + return ZSDA_OPC_HASH_SHA2_512; + + case RTE_CRYPTO_AUTH_SM3: + return ZSDA_OPC_HASH_SM3; + default: + break; + } + + return ZSDA_OPC_INVALID; +} + +static uint8_t +zsda_get_opcode_crypto(struct zsda_sym_session *sess) +{ + if (sess->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { + if (sess->cipher.algo == RTE_CRYPTO_CIPHER_AES_XTS && + sess->cipher.key_encry.length == 32) + return ZSDA_OPC_EC_AES_XTS_256; + else if (sess->cipher.algo == RTE_CRYPTO_CIPHER_AES_XTS && + sess->cipher.key_encry.length == 64) + return ZSDA_OPC_EC_AES_XTS_512; + else if (sess->cipher.algo == RTE_CRYPTO_CIPHER_SM4_XTS) + return ZSDA_OPC_EC_SM4_XTS_256; + } else if (sess->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) { + if (sess->cipher.algo == RTE_CRYPTO_CIPHER_AES_XTS && + sess->cipher.key_decry.length == 32) + return ZSDA_OPC_DC_AES_XTS_256; + else if (sess->cipher.algo == RTE_CRYPTO_CIPHER_AES_XTS && + sess->cipher.key_decry.length == 64) + return ZSDA_OPC_DC_AES_XTS_512; + else if (sess->cipher.algo == RTE_CRYPTO_CIPHER_SM4_XTS) + return ZSDA_OPC_DC_SM4_XTS_256; + } + return ZSDA_OPC_INVALID; +} + +int +zsda_encry_match(const void *op_in) +{ + const struct rte_crypto_op *op = op_in; + struct rte_cryptodev_sym_session *session = op->sym->session; + struct zsda_sym_session *sess = + (struct zsda_sym_session *)session->driver_priv_data; + + if (sess->chain_order == ZSDA_SYM_CHAIN_ONLY_CIPHER && + sess->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + return 1; + else + return 0; +} + +int +zsda_decry_match(const void *op_in) +{ + const struct rte_crypto_op *op = op_in; + struct rte_cryptodev_sym_session *session = op->sym->session; + struct zsda_sym_session *sess = + (struct zsda_sym_session *)session->driver_priv_data; + + if (sess->chain_order == ZSDA_SYM_CHAIN_ONLY_CIPHER && + sess->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) + return 1; + else + return 0; +} + +int +zsda_hash_match(const void *op_in) +{ + const struct rte_crypto_op *op = op_in; + struct rte_cryptodev_sym_session *session = op->sym->session; + struct zsda_sym_session *sess = + (struct zsda_sym_session *)session->driver_priv_data; + + if (sess->chain_order == ZSDA_SYM_CHAIN_ONLY_AUTH) + return 1; + else + return 0; +} + +static int +zsda_check_len_lbads(uint32_t data_len, uint32_t lbads_size) +{ + if (data_len < 16) { + ZSDA_LOG(ERR, "data_len wrong!"); + return ZSDA_FAILED; + } + if (lbads_size != 0) { + if (!(((data_len % lbads_size) == 0) || + ((data_len % lbads_size) > LBADS_MAX_REMAINDER))) { + ZSDA_LOG(ERR, "data_len wrong!"); + return ZSDA_FAILED; + } + } + + return 0; +} + +int +zsda_build_cipher_request(void *op_in, const struct zsda_queue *queue, + void **op_cookies, const uint16_t new_tail) +{ + struct rte_crypto_op *op = op_in; + + struct rte_cryptodev_sym_session *session = op->sym->session; + struct zsda_sym_session *sess = + (struct zsda_sym_session *)session->driver_priv_data; + + struct zsda_wqe_crpt *wqe = + (struct zsda_wqe_crpt *)(queue->base_addr + + (new_tail * queue->msg_size)); + struct zsda_op_cookie *cookie = op_cookies[new_tail]; + struct zsda_sgl *sgl_src = (struct zsda_sgl *)&cookie->sgl_src; + struct zsda_sgl *sgl_dst = (struct zsda_sgl *)&cookie->sgl_dst; + struct rte_mbuf *mbuf; + + int ret = 0; + uint32_t op_offset; + uint32_t op_src_len; + uint32_t op_dst_len; + const uint8_t *iv_addr = NULL; + uint8_t iv_len = 0; + + ret = zsda_check_len_lbads(op->sym->cipher.data.length, + sess->cipher.dataunit_len); + if (ret) + return ZSDA_FAILED; + + op_offset = op->sym->cipher.data.offset; + op_src_len = op->sym->cipher.data.length; + mbuf = op->sym->m_src; + ret = zsda_fill_sgl(mbuf, op_offset, sgl_src, cookie->sgl_src_phys_addr, + op_src_len, NULL); + + mbuf = choose_dst_mbuf(op->sym->m_src, op->sym->m_dst); + op_dst_len = mbuf->pkt_len - op_offset; + ret |= zsda_fill_sgl(mbuf, op_offset, sgl_dst, + cookie->sgl_dst_phys_addr, op_dst_len, NULL); + + if (ret) { + ZSDA_LOG(ERR, E_FUNC); + return ret; + } + + cookie->used = true; + cookie->sid = new_tail; + cookie->op = op; + + memset(wqe, 0, sizeof(struct zsda_wqe_crpt)); + wqe->rx_length = op_src_len; + wqe->tx_length = op_dst_len; + wqe->valid = queue->valid; + wqe->op_code = zsda_get_opcode_crypto(sess); + wqe->sid = cookie->sid; + wqe->rx_sgl_type = SGL_ELM_TYPE_LIST; + wqe->tx_sgl_type = SGL_ELM_TYPE_LIST; + wqe->rx_addr = cookie->sgl_src_phys_addr; + wqe->tx_addr = cookie->sgl_dst_phys_addr; + wqe->cfg.lbads = sess->cipher.lbads; + + if (sess->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + memcpy((uint8_t *)wqe->cfg.key, sess->cipher.key_encry.data, + ZSDA_CIPHER_KEY_MAX_LEN); + else + memcpy((uint8_t *)wqe->cfg.key, sess->cipher.key_decry.data, + ZSDA_CIPHER_KEY_MAX_LEN); + + iv_addr = (const uint8_t *)rte_crypto_op_ctod_offset( + op, char *, sess->cipher.iv.offset); + iv_len = sess->cipher.iv.length; + zsda_reverse_memcpy((uint8_t *)wqe->cfg.slba_H, iv_addr, iv_len / 2); + zsda_reverse_memcpy((uint8_t *)wqe->cfg.slba_L, iv_addr + 8, iv_len / 2); + + return ret; +} + +int +zsda_build_hash_request(void *op_in, const struct zsda_queue *queue, + void **op_cookies, const uint16_t new_tail) +{ + struct rte_crypto_op *op = op_in; + + struct rte_cryptodev_sym_session *session = op->sym->session; + struct zsda_sym_session *sess = + (struct zsda_sym_session *)session->driver_priv_data; + + struct zsda_wqe_crpt *wqe = + (struct zsda_wqe_crpt *)(queue->base_addr + + (new_tail * queue->msg_size)); + struct zsda_op_cookie *cookie = op_cookies[new_tail]; + struct zsda_sgl *sgl_src = &cookie->sgl_src; + uint8_t opcode; + uint32_t op_offset; + uint32_t op_src_len; + int ret = 0; + + memset(wqe, 0, sizeof(struct zsda_wqe_crpt)); + wqe->rx_length = op->sym->auth.data.length; + wqe->tx_length = sess->auth.digest_length; + + opcode = zsda_get_opcode_hash(sess); + if (opcode == ZSDA_OPC_INVALID) { + ZSDA_LOG(ERR, E_FUNC); + return ZSDA_FAILED; + } + + op_offset = op->sym->auth.data.offset; + op_src_len = op->sym->auth.data.length; + ret = zsda_fill_sgl(op->sym->m_src, op_offset, sgl_src, + cookie->sgl_src_phys_addr, op_src_len, NULL); + if (ret) { + ZSDA_LOG(ERR, E_FUNC); + return ret; + } + + cookie->used = true; + cookie->sid = new_tail; + cookie->op = op; + wqe->valid = queue->valid; + wqe->op_code = opcode; + wqe->sid = cookie->sid; + wqe->rx_sgl_type = SGL_ELM_TYPE_LIST; + wqe->tx_sgl_type = SGL_ELM_TYPE_PHYS_ADDR; + wqe->rx_addr = cookie->sgl_src_phys_addr; + wqe->tx_addr = op->sym->auth.digest.phys_addr; + + return ret; +} + +int +zsda_crypto_callback(void *cookie_in, struct zsda_cqe *cqe) +{ + struct zsda_op_cookie *tmp_cookie = cookie_in; + struct rte_crypto_op *op = tmp_cookie->op; + + if (!(CQE_ERR0(cqe->err0) || CQE_ERR1(cqe->err1))) + op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + else { + op->status = RTE_CRYPTO_OP_STATUS_ERROR; + return ZSDA_FAILED; + } + + return ZSDA_SUCCESS; +} diff --git a/drivers/crypto/zsda/zsda_sym.h b/drivers/crypto/zsda/zsda_sym.h new file mode 100644 index 0000000000..252adf2256 --- /dev/null +++ b/drivers/crypto/zsda/zsda_sym.h @@ -0,0 +1,50 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2024 ZTE Corporation + */ + +#ifndef _ZSDA_SYM_H_ +#define _ZSDA_SYM_H_ + +#include "zsda_common.h" +#include "zsda_qp.h" + +#include "zsda_sym_session.h" + +struct crypto_cfg { + uint8_t slba_L[8]; + uint8_t key[ZSDA_CIPHER_KEY_MAX_LEN]; + uint8_t lbads : 4; + uint8_t resv1 : 4; + uint8_t resv2[7]; + uint8_t slba_H[8]; + uint8_t resv3[8]; +} __rte_packed; + +struct zsda_wqe_crpt { + uint8_t valid; + uint8_t op_code; + uint16_t sid; + uint8_t resv[3]; + uint8_t rx_sgl_type : 4; + uint8_t tx_sgl_type : 4; + uint64_t rx_addr; + uint32_t rx_length; + uint64_t tx_addr; + uint32_t tx_length; + struct crypto_cfg cfg; +} __rte_packed; + +int zsda_build_cipher_request(void *op_in, const struct zsda_queue *queue, + void **op_cookies, const uint16_t new_tail); + +int zsda_build_hash_request(void *op_in, const struct zsda_queue *queue, + void **op_cookies, const uint16_t new_tail); + +int zsda_encry_match(const void *op_in); +int zsda_decry_match(const void *op_in); +int zsda_hash_match(const void *op_in); + + +int zsda_crypto_callback(void *cookie_in, struct zsda_cqe *cqe); + +#endif /* _ZSDA_SYM_H_ */ -- 2.27.0