Add session handling and capabilities supported by crypto h/w
accelerator.
Signed-off-by: Vikas Gupta <vikas.gu...@broadcom.com>
---
doc/guides/cryptodevs/bcmfs.rst | 46 ++
doc/guides/cryptodevs/features/bcmfs.ini | 56 ++
drivers/crypto/bcmfs/bcmfs_sym_capabilities.c | 764 ++++++++++++++++++
drivers/crypto/bcmfs/bcmfs_sym_capabilities.h | 16 +
drivers/crypto/bcmfs/bcmfs_sym_defs.h | 170 ++++
drivers/crypto/bcmfs/bcmfs_sym_pmd.c | 13 +
drivers/crypto/bcmfs/bcmfs_sym_session.c | 426 ++++++++++
drivers/crypto/bcmfs/bcmfs_sym_session.h | 99 +++
drivers/crypto/bcmfs/meson.build | 4 +-
9 files changed, 1593 insertions(+), 1 deletion(-)
create mode 100644 doc/guides/cryptodevs/features/bcmfs.ini
create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_capabilities.c
create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_defs.h
create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_session.c
create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_session.h
diff --git a/doc/guides/cryptodevs/bcmfs.rst b/doc/guides/cryptodevs/bcmfs.rst
index 752ce028a..2488b19f7 100644
--- a/doc/guides/cryptodevs/bcmfs.rst
+++ b/doc/guides/cryptodevs/bcmfs.rst
@@ -18,9 +18,55 @@ CONFIG_RTE_LIBRTE_PMD_BCMFS setting is set to `y` in
config/common_base file.
* ``CONFIG_RTE_LIBRTE_PMD_BCMFS=y``
+Features
+~~~~~~~~
+
+The BCMFS SYM PMD has support for:
+
+Cipher algorithms:
+
+* ``RTE_CRYPTO_CIPHER_3DES_CBC``
+* ``RTE_CRYPTO_CIPHER_3DES_CTR``
+* ``RTE_CRYPTO_CIPHER_AES128_CBC``
+* ``RTE_CRYPTO_CIPHER_AES192_CBC``
+* ``RTE_CRYPTO_CIPHER_AES256_CBC``
+* ``RTE_CRYPTO_CIPHER_AES128_CTR``
+* ``RTE_CRYPTO_CIPHER_AES192_CTR``
+* ``RTE_CRYPTO_CIPHER_AES256_CTR``
+* ``RTE_CRYPTO_CIPHER_AES_XTS``
+* ``RTE_CRYPTO_CIPHER_DES_CBC``
+
+Hash algorithms:
+
+* ``RTE_CRYPTO_AUTH_SHA1``
+* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA224``
+* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA256``
+* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA384``
+* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
+* ``RTE_CRYPTO_AUTH_SHA512``
+* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_XCBC_MAC``
+* ``RTE_CRYPTO_AUTH_MD5_HMAC``
+* ``RTE_CRYPTO_AUTH_AES_GMAC``
+* ``RTE_CRYPTO_AUTH_AES_CMAC``
+
+Supported AEAD algorithms:
+
+* ``RTE_CRYPTO_AEAD_AES_GCM``
+* ``RTE_CRYPTO_AEAD_AES_CCM``
+
Initialization
--------------
BCMFS crypto PMD depend upon the devices present in the path
/sys/bus/platform/devices/fs<version>/<dev_name> on the platform.
Each cryptodev PMD instance can be attached to the nodes present
in the mentioned path.
+
+Limitations
+~~~~~~~~~~~
+
+* Only supports the session-oriented API implementation (session-less APIs are
not supported).
+* CCM is not supported on Broadcom`s SoCs having FlexSparc4 unit.
diff --git a/doc/guides/cryptodevs/features/bcmfs.ini
b/doc/guides/cryptodevs/features/bcmfs.ini
new file mode 100644
index 000000000..82d2c639d
--- /dev/null
+++ b/doc/guides/cryptodevs/features/bcmfs.ini
@@ -0,0 +1,56 @@
+;
+; Supported features of the 'bcmfs' crypto driver.
+;
+; Refer to default.ini for the full list of available PMD features.
+;
+[Features]
+Symmetric crypto = Y
+Sym operation chaining = Y
+HW Accelerated = Y
+Protocol offload = Y
+In Place SGL = Y
+
+;
+; Supported crypto algorithms of the 'bcmfs' crypto driver.
+;
+[Cipher]
+AES CBC (128) = Y
+AES CBC (192) = Y
+AES CBC (256) = Y
+AES CTR (128) = Y
+AES CTR (192) = Y
+AES CTR (256) = Y
+AES XTS (128) = Y
+AES XTS (256) = Y
+3DES CBC = Y
+DES CBC = Y
+;
+; Supported authentication algorithms of the 'bcmfs' crypto driver.
+;
+[Auth]
+MD5 HMAC = Y
+SHA1 = Y
+SHA1 HMAC = Y
+SHA224 = Y
+SHA224 HMAC = Y
+SHA256 = Y
+SHA256 HMAC = Y
+SHA384 = Y
+SHA384 HMAC = Y
+SHA512 = Y
+SHA512 HMAC = Y
+AES GMAC = Y
+AES CMAC (128) = Y
+AES CBC = Y
+AES XCBC = Y
+
+;
+; Supported AEAD algorithms of the 'bcmfs' crypto driver.
+;
+[AEAD]
+AES GCM (128) = Y
+AES GCM (192) = Y
+AES GCM (256) = Y
+AES CCM (128) = Y
+AES CCM (192) = Y
+AES CCM (256) = Y
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c
b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c
new file mode 100644
index 000000000..bb8fa9f81
--- /dev/null
+++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.c
@@ -0,0 +1,764 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#include <rte_cryptodev.h>
+
+#include "bcmfs_sym_capabilities.h"
+
+static const struct rte_cryptodev_capabilities bcmfs_sym_capabilities[] = {
+ {
+ /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+ {
+ /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_224,
+ .block_size = 144,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_256,
+ .block_size = 136,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_384,
+ .block_size = 104,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_512,
+ .block_size = 72,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA1 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* MD5 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA224 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA256 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 64,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA384 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .block_size = 128,
+ .key_size = {
+ .min = 1,
+ .max = 128,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA512 HMAC*/
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .block_size = 128,
+ .key_size = {
+ .min = 1,
+ .max = 128,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_224 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_224_HMAC,
+ .block_size = 144,
+ .key_size = {
+ .min = 1,
+ .max = 144,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_256 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_256_HMAC,
+ .block_size = 136,
+ .key_size = {
+ .min = 1,
+ .max = 136,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_384 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_384_HMAC,
+ .block_size = 104,
+ .key_size = {
+ .min = 1,
+ .max = 104,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* SHA3_512 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA3_512_HMAC,
+ .block_size = 72,
+ .key_size = {
+ .min = 1,
+ .max = 72,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES XCBC MAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES GMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.aead = {
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ }, }
+ }, }
+ },
+ {
+ /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES CBC MAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
+ {
+ /* AES ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES XTS */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_XTS,
+ .block_size = 16,
+ .key_size = {
+ .min = 32,
+ .max = 64,
+ .increment = 32
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* 3DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 24,
+ .max = 24,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* 3DES ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_ECB,
+ .block_size = 8,
+ .key_size = {
+ .min = 24,
+ .max = 24,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ {
+ /* AES GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ }, }
+ }, }
+ },
+ {
+ /* AES CCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_CCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 16,
+ .increment = 2
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 65535,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 7,
+ .max = 13,
+ .increment = 1
+ },
+ }, }
+ }, }
+ },
+
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+const struct rte_cryptodev_capabilities *
+bcmfs_sym_get_capabilities(void)
+{
+ return bcmfs_sym_capabilities;
+}
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
new file mode 100644
index 000000000..3ff61b7d2
--- /dev/null
+++ b/drivers/crypto/bcmfs/bcmfs_sym_capabilities.h
@@ -0,0 +1,16 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#ifndef _BCMFS_SYM_CAPABILITIES_H_
+#define _BCMFS_SYM_CAPABILITIES_H_
+
+/*
+ * Get capabilities list for the device
+ *
+ */
+const struct rte_cryptodev_capabilities *bcmfs_sym_get_capabilities(void);
+
+#endif /* _BCMFS_SYM_CAPABILITIES_H__ */
+
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_defs.h
b/drivers/crypto/bcmfs/bcmfs_sym_defs.h
new file mode 100644
index 000000000..b5657a9bc
--- /dev/null
+++ b/drivers/crypto/bcmfs/bcmfs_sym_defs.h
@@ -0,0 +1,170 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#ifndef _BCMFS_SYM_DEFS_H_
+#define _BCMFS_SYM_DEFS_H_
+
+/*
+ * Max block size of hash algorithm
+ * currently SHA3 supports max block size
+ * of 144 bytes
+ */
+#define BCMFS_MAX_KEY_SIZE 144
+#define BCMFS_MAX_IV_SIZE 16
+#define BCMFS_MAX_DIGEST_SIZE 64
+
+/** Symmetric Cipher Direction */
+enum bcmfs_crypto_cipher_op {
+ /** Encrypt cipher operation */
+ BCMFS_CRYPTO_CIPHER_OP_ENCRYPT,
+
+ /** Decrypt cipher operation */
+ BCMFS_CRYPTO_CIPHER_OP_DECRYPT,
+};
+
+/** Symmetric Cipher Algorithms */
+enum bcmfs_crypto_cipher_algorithm {
+ /** NULL cipher algorithm. No mode applies to the NULL algorithm. */
+ BCMFS_CRYPTO_CIPHER_NONE = 0,
+
+ /** Triple DES algorithm in CBC mode */
+ BCMFS_CRYPTO_CIPHER_DES_CBC,
+
+ /** Triple DES algorithm in ECB mode */
+ BCMFS_CRYPTO_CIPHER_DES_ECB,
+
+ /** Triple DES algorithm in CBC mode */
+ BCMFS_CRYPTO_CIPHER_3DES_CBC,
+
+ /** Triple DES algorithm in ECB mode */
+ BCMFS_CRYPTO_CIPHER_3DES_ECB,
+
+ /** AES algorithm in CBC mode */
+ BCMFS_CRYPTO_CIPHER_AES_CBC,
+
+ /** AES algorithm in CCM mode. */
+ BCMFS_CRYPTO_CIPHER_AES_CCM,
+
+ /** AES algorithm in Counter mode */
+ BCMFS_CRYPTO_CIPHER_AES_CTR,
+
+ /** AES algorithm in ECB mode */
+ BCMFS_CRYPTO_CIPHER_AES_ECB,
+
+ /** AES algorithm in GCM mode. */
+ BCMFS_CRYPTO_CIPHER_AES_GCM,
+
+ /** AES algorithm in XTS mode */
+ BCMFS_CRYPTO_CIPHER_AES_XTS,
+
+ /** AES algorithm in OFB mode */
+ BCMFS_CRYPTO_CIPHER_AES_OFB,
+};
+
+/** Symmetric Authentication Algorithms */
+enum bcmfs_crypto_auth_algorithm {
+ /** NULL hash algorithm. */
+ BCMFS_CRYPTO_AUTH_NONE = 0,
+
+ /** MD5 algorithm */
+ BCMFS_CRYPTO_AUTH_MD5,
+
+ /** MD5-HMAC algorithm */
+ BCMFS_CRYPTO_AUTH_MD5_HMAC,
+
+ /** SHA1 algorithm */
+ BCMFS_CRYPTO_AUTH_SHA1,
+
+ /** SHA1-HMAC algorithm */
+ BCMFS_CRYPTO_AUTH_SHA1_HMAC,
+
+ /** 224 bit SHA algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA224,
+
+ /** 224 bit SHA-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA224_HMAC,
+
+ /** 256 bit SHA algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA256,
+
+ /** 256 bit SHA-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA256_HMAC,
+
+ /** 384 bit SHA algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA384,
+
+ /** 384 bit SHA-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA384_HMAC,
+
+ /** 512 bit SHA algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA512,
+
+ /** 512 bit SHA-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA512_HMAC,
+
+ /** 224 bit SHA3 algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_224,
+
+ /** 224 bit SHA-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_224_HMAC,
+
+ /** 256 bit SHA3 algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_256,
+
+ /** 256 bit SHA3-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_256_HMAC,
+
+ /** 384 bit SHA3 algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_384,
+
+ /** 384 bit SHA3-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_384_HMAC,
+
+ /** 512 bit SHA3 algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_512,
+
+ /** 512 bit SHA3-HMAC algorithm. */
+ BCMFS_CRYPTO_AUTH_SHA3_512_HMAC,
+
+ /** AES XCBC MAC algorithm */
+ BCMFS_CRYPTO_AUTH_AES_XCBC_MAC,
+
+ /** AES CMAC algorithm */
+ BCMFS_CRYPTO_AUTH_AES_CMAC,
+
+ /** AES CBC-MAC algorithm */
+ BCMFS_CRYPTO_AUTH_AES_CBC_MAC,
+
+ /** AES CBC-MAC algorithm */
+ BCMFS_CRYPTO_AUTH_AES_GMAC,
+
+ /** AES algorithm in GCM mode. */
+ BCMFS_CRYPTO_AUTH_AES_GCM,
+
+ /** AES algorithm in CCM mode. */
+ BCMFS_CRYPTO_AUTH_AES_CCM,
+};
+
+/** Symmetric Authentication Operations */
+enum bcmfs_crypto_auth_op {
+ /** Verify authentication digest */
+ BCMFS_CRYPTO_AUTH_OP_VERIFY,
+
+ /** Generate authentication digest */
+ BCMFS_CRYPTO_AUTH_OP_GENERATE,
+};
+
+enum bcmfs_sym_crypto_class {
+ /** Cipher algorithm */
+ BCMFS_CRYPTO_CIPHER,
+
+ /** Hash algorithm */
+ BCMFS_CRYPTO_HASH,
+
+ /** Authenticated Encryption with Assosciated Data algorithm */
+ BCMFS_CRYPTO_AEAD,
+};
+
+#endif /* _BCMFS_SYM_DEFS_H_ */
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c
b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c
index 0f96915f7..381ca8ea4 100644
--- a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c
+++ b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c
@@ -14,6 +14,8 @@
#include "bcmfs_qp.h"
#include "bcmfs_sym_pmd.h"
#include "bcmfs_sym_req.h"
+#include "bcmfs_sym_session.h"
+#include "bcmfs_sym_capabilities.h"
uint8_t cryptodev_bcmfs_driver_id;
@@ -65,6 +67,7 @@ bcmfs_sym_dev_info_get(struct rte_cryptodev *dev,
dev_info->max_nb_queue_pairs = fsdev->max_hw_qps;
/* No limit of number of sessions */
dev_info->sym.max_nb_sessions = 0;
+ dev_info->capabilities = bcmfs_sym_get_capabilities();
}
}
@@ -228,6 +231,10 @@ static struct rte_cryptodev_ops crypto_bcmfs_ops = {
/* Queue-Pair management */
.queue_pair_setup = bcmfs_sym_qp_setup,
.queue_pair_release = bcmfs_sym_qp_release,
+ /* Crypto session related operations */
+ .sym_session_get_size = bcmfs_sym_session_get_private_size,
+ .sym_session_configure = bcmfs_sym_session_configure,
+ .sym_session_clear = bcmfs_sym_session_clear
};
/** Enqueue burst */
@@ -239,6 +246,7 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,
int i, j;
uint16_t enq = 0;
struct bcmfs_sym_request *sreq;
+ struct bcmfs_sym_session *sess;
struct bcmfs_qp *qp = (struct bcmfs_qp *)queue_pair;
if (nb_ops == 0)
@@ -252,6 +260,10 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,
nb_ops = qp->nb_descriptors - qp->nb_pending_requests;
for (i = 0; i < nb_ops; i++) {
+ sess = bcmfs_sym_get_session(ops[i]);
+ if (unlikely(sess == NULL))
+ goto enqueue_err;
+
if (rte_mempool_get(qp->sr_mp, (void **)&sreq))
goto enqueue_err;
@@ -356,6 +368,7 @@ bcmfs_sym_dev_create(struct bcmfs_device *fsdev)
fsdev->sym_dev = internals;
internals->sym_dev_id = cryptodev->data->dev_id;
+ internals->fsdev_capabilities = bcmfs_sym_get_capabilities();
BCMFS_LOG(DEBUG, "Created bcmfs-sym device %s as cryptodev instance %d",
cryptodev->data->name, internals->sym_dev_id);
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.c
b/drivers/crypto/bcmfs/bcmfs_sym_session.c
new file mode 100644
index 000000000..3d1fce629
--- /dev/null
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.c
@@ -0,0 +1,426 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#include <rte_crypto.h>
+#include <rte_crypto_sym.h>
+#include <rte_log.h>
+
+#include "bcmfs_logs.h"
+#include "bcmfs_sym_defs.h"
+#include "bcmfs_sym_pmd.h"
+#include "bcmfs_sym_session.h"
+
+/** Configure the session from a crypto xform chain */
+static enum bcmfs_sym_chain_order
+crypto_get_chain_order(const struct rte_crypto_sym_xform *xform)
+{
+ enum bcmfs_sym_chain_order res = BCMFS_SYM_CHAIN_NOT_SUPPORTED;
+
+
+ if (xform != NULL) {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ res = BCMFS_SYM_CHAIN_AEAD;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+ if (xform->next == NULL)
+ res = BCMFS_SYM_CHAIN_ONLY_AUTH;
+ else if (xform->next->type ==
+ RTE_CRYPTO_SYM_XFORM_CIPHER)
+ res = BCMFS_SYM_CHAIN_AUTH_CIPHER;
+ }
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ if (xform->next == NULL)
+ res = BCMFS_SYM_CHAIN_ONLY_CIPHER;
+ else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ res = BCMFS_SYM_CHAIN_CIPHER_AUTH;
+ }
+ }
+
+ return res;
+}
+
+/* Get session cipher key from input cipher key */
+static void
+get_key(const uint8_t *input_key, int keylen, uint8_t *session_key)
+{
+ memcpy(session_key, input_key, keylen);
+}
+
+/* Set session cipher parameters */
+static int
+crypto_set_session_cipher_parameters
+ (struct bcmfs_sym_session *sess,
+ const struct rte_crypto_cipher_xform *cipher_xform)
+{
+ int rc = 0;
+
+ /* Select cipher direction */
+ sess->cipher.direction = cipher_xform->op;
+ sess->cipher.key.length = cipher_xform->key.length;
+ sess->cipher.iv.offset = cipher_xform->iv.offset;
+ sess->cipher.iv.length = cipher_xform->iv.length;
+
+ /* Select cipher algo */
+ switch (cipher_xform->algo) {
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_3DES_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_3DES_ECB:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_3DES_ECB;
+ break;
+ case RTE_CRYPTO_CIPHER_DES_CBC:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_DES_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CBC:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_CBC;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_ECB:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_ECB;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_CTR;
+ break;
+ case RTE_CRYPTO_CIPHER_AES_XTS:
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_XTS;
+ break;
+ default:
+ BCMFS_DP_LOG(ERR, "set session failed. unknown algo");
+ sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL;
+ rc = -EINVAL;
+ break;
+ }
+
+ if (!rc)
+ get_key(cipher_xform->key.data,
+ sess->cipher.key.length,
+ sess->cipher.key.data);
+
+ return rc;
+}
+
+/* Set session auth parameters */
+static int
+crypto_set_session_auth_parameters(struct bcmfs_sym_session *sess,
+ const struct rte_crypto_auth_xform
+ *auth_xform)
+{
+ int rc = 0;
+
+ /* Select auth generate/verify */
+ sess->auth.operation = auth_xform->op ?
+ BCMFS_CRYPTO_AUTH_OP_GENERATE :
+ BCMFS_CRYPTO_AUTH_OP_VERIFY;
+ sess->auth.key.length = auth_xform->key.length;
+ sess->auth.digest_length = auth_xform->digest_length;
+ sess->auth.iv.length = auth_xform->iv.length;
+ sess->auth.iv.offset = auth_xform->iv.offset;
+
+ /* Select auth algo */
+ switch (auth_xform->algo) {
+ case RTE_CRYPTO_AUTH_MD5:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_MD5;
+ break;
+ case RTE_CRYPTO_AUTH_SHA1:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA224;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA256;
+ break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA384;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA512;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_224:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_224;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_256:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_256;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_384:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_384;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_512:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_512;
+ break;
+ case RTE_CRYPTO_AUTH_MD5_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_MD5_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA1_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA224_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA256_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA384_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA512_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_224_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_224_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_256_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_256_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_384_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_384_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_SHA3_512_HMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_SHA3_512_HMAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_XCBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_GMAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_CBC_MAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_CMAC:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_CMAC;
+ break;
+ default:
+ BCMFS_DP_LOG(ERR, "Invalid Auth algorithm\n");
+ rc = -EINVAL;
+ break;
+ }
+
+ if (!rc)
+ get_key(auth_xform->key.data,
+ auth_xform->key.length,
+ sess->auth.key.data);
+
+ return rc;
+}
+
+/* Set session aead parameters */
+static int
+crypto_set_session_aead_parameters(struct bcmfs_sym_session *sess,
+ const struct rte_crypto_sym_xform *xform)
+{
+ int rc = 0;
+
+ sess->cipher.direction = xform->aead.op;
+ sess->cipher.iv.offset = xform->aead.iv.offset;
+ sess->cipher.iv.length = xform->aead.iv.length;
+ sess->aead.aad_length = xform->aead.aad_length;
+ sess->cipher.key.length = xform->aead.key.length;
+ sess->auth.digest_length = xform->aead.digest_length;
+
+ /* Select aead algo */
+ switch (xform->aead.algo) {
+ case RTE_CRYPTO_AEAD_AES_CCM:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_CCM;
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_CCM;
+ break;
+ case RTE_CRYPTO_AEAD_AES_GCM:
+ sess->auth.algo = BCMFS_CRYPTO_AUTH_AES_GCM;
+ sess->cipher.algo = BCMFS_CRYPTO_CIPHER_AES_GCM;
+ break;
+ default:
+ BCMFS_DP_LOG(ERR, "Invalid aead algorithm\n");
+ rc = -EINVAL;
+ break;
+ }
+
+ if (!rc)
+ get_key(xform->aead.key.data,
+ xform->aead.key.length,
+ sess->cipher.key.data);
+
+ return rc;
+}
+
+static struct rte_crypto_auth_xform *
+crypto_get_auth_xform(struct rte_crypto_sym_xform *xform)
+{
+ do {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+ return &xform->auth;
+
+ xform = xform->next;
+ } while (xform);
+
+ return NULL;
+}
+
+static struct rte_crypto_cipher_xform *
+crypto_get_cipher_xform(struct rte_crypto_sym_xform *xform)
+{
+ do {
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+ return &xform->cipher;
+
+ xform = xform->next;
+ } while (xform);
+
+ return NULL;
+}
+
+
+/** Parse crypto xform chain and set private session parameters */
+static int
+crypto_set_session_parameters(struct bcmfs_sym_session *sess,
+ struct rte_crypto_sym_xform *xform)
+{
+ int rc = 0;
+ struct rte_crypto_cipher_xform *cipher_xform =
+ crypto_get_cipher_xform(xform);
+ struct rte_crypto_auth_xform *auth_xform =
+ crypto_get_auth_xform(xform);
+
+ sess->chain_order = crypto_get_chain_order(xform);
+
+ switch (sess->chain_order) {
+ case BCMFS_SYM_CHAIN_ONLY_CIPHER:
+ if (crypto_set_session_cipher_parameters(sess,
+ cipher_xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid cipher");
+ rc = -EINVAL;
+ }
+ break;
+ case BCMFS_SYM_CHAIN_ONLY_AUTH:
+ if (crypto_set_session_auth_parameters(sess,
+ auth_xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid auth");
+ rc = -EINVAL;
+ }
+ break;
+ case BCMFS_SYM_CHAIN_AUTH_CIPHER:
+ sess->cipher_first = false;
+ if (crypto_set_session_auth_parameters(sess,
+ auth_xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid auth");
+ rc = -EINVAL;
+ goto error;
+ }
+
+ if (crypto_set_session_cipher_parameters(sess,
+ cipher_xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid cipher");
+ rc = -EINVAL;
+ }
+ break;
+ case BCMFS_SYM_CHAIN_CIPHER_AUTH:
+ sess->cipher_first = true;
+ if (crypto_set_session_auth_parameters(sess,
+ auth_xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid auth");
+ rc = -EINVAL;
+ goto error;
+ }
+
+ if (crypto_set_session_cipher_parameters(sess,
+ cipher_xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid cipher");
+ rc = -EINVAL;
+ }
+ break;
+ case BCMFS_SYM_CHAIN_AEAD:
+ if (crypto_set_session_aead_parameters(sess,
+ xform)) {
+ BCMFS_DP_LOG(ERR, "Invalid aead");
+ rc = -EINVAL;
+ }
+ break;
+ default:
+ BCMFS_DP_LOG(ERR, "Invalid chain order\n");
+ rc = -EINVAL;
+ break;
+ }
+
+error:
+ return rc;
+}
+
+struct bcmfs_sym_session *
+bcmfs_sym_get_session(struct rte_crypto_op *op)
+{
+ struct bcmfs_sym_session *sess = NULL;
+
+ if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
+ BCMFS_DP_LOG(ERR, "operations op(%p) is sessionless", op);
+ } else if (likely(op->sym->session != NULL)) {
+ /* get existing session */
+ sess = (struct bcmfs_sym_session *)
+ get_sym_session_private_data(op->sym->session,
+
cryptodev_bcmfs_driver_id);
+ }
+
+ if (sess == NULL)
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+
+ return sess;
+}
+
+int
+bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *mempool)
+{
+ void *sess_private_data;
+ int ret;
+
+ if (unlikely(sess == NULL)) {
+ BCMFS_DP_LOG(ERR, "Invalid session struct");
+ return -EINVAL;
+ }
+
+ if (rte_mempool_get(mempool, &sess_private_data)) {
+ BCMFS_DP_LOG(ERR,
+ "Couldn't get object from session mempool");
+ return -ENOMEM;
+ }
+
+ ret = crypto_set_session_parameters(sess_private_data, xform);
+
+ if (ret != 0) {
+ BCMFS_DP_LOG(ERR, "Failed configure session parameters");
+ /* Return session to mempool */
+ rte_mempool_put(mempool, sess_private_data);
+ return ret;
+ }
+
+ set_sym_session_private_data(sess, dev->driver_id,
+ sess_private_data);
+
+ return 0;
+}
+
+/* Clear the memory of session so it doesn't leave key material behind */
+void
+bcmfs_sym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_sym_session *sess)
+{
+ uint8_t index = dev->driver_id;
+ void *sess_priv = get_sym_session_private_data(sess, index);
+
+ if (sess_priv) {
+ struct rte_mempool *sess_mp;
+
+ memset(sess_priv, 0, sizeof(struct bcmfs_sym_session));
+ sess_mp = rte_mempool_from_obj(sess_priv);
+
+ set_sym_session_private_data(sess, index, NULL);
+ rte_mempool_put(sess_mp, sess_priv);
+ }
+}
+
+unsigned int
+bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
+{
+ return sizeof(struct bcmfs_sym_session);
+}
diff --git a/drivers/crypto/bcmfs/bcmfs_sym_session.h
b/drivers/crypto/bcmfs/bcmfs_sym_session.h
new file mode 100644
index 000000000..43deedcf8
--- /dev/null
+++ b/drivers/crypto/bcmfs/bcmfs_sym_session.h
@@ -0,0 +1,99 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2020 Broadcom
+ * All rights reserved.
+ */
+
+#ifndef _BCMFS_SYM_SESSION_H_
+#define _BCMFS_SYM_SESSION_H_
+
+#include <stdbool.h>
+#include <rte_crypto.h>
+#include <rte_cryptodev_pmd.h>
+
+#include "bcmfs_sym_defs.h"
+#include "bcmfs_sym_req.h"
+
+/* BCMFS_SYM operation order mode enumerator */
+enum bcmfs_sym_chain_order {
+ BCMFS_SYM_CHAIN_ONLY_CIPHER,
+ BCMFS_SYM_CHAIN_ONLY_AUTH,
+ BCMFS_SYM_CHAIN_CIPHER_AUTH,
+ BCMFS_SYM_CHAIN_AUTH_CIPHER,
+ BCMFS_SYM_CHAIN_AEAD,
+ BCMFS_SYM_CHAIN_NOT_SUPPORTED
+};
+
+/* BCMFS_SYM crypto private session structure */
+struct bcmfs_sym_session {
+ enum bcmfs_sym_chain_order chain_order;
+
+ /* Cipher Parameters */
+ struct {
+ enum bcmfs_crypto_cipher_op direction;
+ /* cipher operation direction */
+ enum bcmfs_crypto_cipher_algorithm algo;
+ /* cipher algorithm */
+
+ struct {
+ uint8_t data[BCMFS_MAX_KEY_SIZE];
+ /* key data */
+ size_t length;
+ /* key length in bytes */
+ } key;
+
+ struct {
+ uint16_t offset;
+ uint16_t length;
+ } iv;
+ } cipher;
+
+ /* Authentication Parameters */
+ struct {
+ enum bcmfs_crypto_auth_op operation;
+ /* auth operation generate or verify */
+ enum bcmfs_crypto_auth_algorithm algo;
+ /* cipher algorithm */
+
+ struct {
+ uint8_t data[BCMFS_MAX_KEY_SIZE];
+ /* key data */
+ size_t length;
+ /* key length in bytes */
+ } key;
+ struct {
+ uint16_t offset;
+ uint16_t length;
+ } iv;
+
+ uint16_t digest_length;
+ } auth;
+
+ /* aead Parameters */
+ struct {
+ uint16_t aad_length;
+ } aead;
+ bool cipher_first;
+} __rte_cache_aligned;
+
+int
+bcmfs_process_crypto_op(struct rte_crypto_op *op,
+ struct bcmfs_sym_session *sess,
+ struct bcmfs_sym_request *req);
+
+int
+bcmfs_sym_session_configure(struct rte_cryptodev *dev,
+ struct rte_crypto_sym_xform *xform,
+ struct rte_cryptodev_sym_session *sess,
+ struct rte_mempool *mempool);
+
+void
+bcmfs_sym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_sym_session *sess);
+
+unsigned int
+bcmfs_sym_session_get_private_size(struct rte_cryptodev *dev __rte_unused);
+
+struct bcmfs_sym_session *
+bcmfs_sym_get_session(struct rte_crypto_op *op);
+
+#endif /* _BCMFS_SYM_SESSION_H_ */
diff --git a/drivers/crypto/bcmfs/meson.build b/drivers/crypto/bcmfs/meson.build
index d9a3d73e9..2e86c733e 100644
--- a/drivers/crypto/bcmfs/meson.build
+++ b/drivers/crypto/bcmfs/meson.build
@@ -12,5 +12,7 @@ sources = files(
'hw/bcmfs4_rm.c',
'hw/bcmfs5_rm.c',
'hw/bcmfs_rm_common.c',
- 'bcmfs_sym_pmd.c'
+ 'bcmfs_sym_pmd.c',
+ 'bcmfs_sym_capabilities.c',
+ 'bcmfs_sym_session.c'
)
--
2.17.1
