1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2018 Intel Corporation
8 #include <rte_cryptodev_pmd.h>
11 #include <openssl/evp.h>
13 #include "qat_common.h"
14 #include "qat_sym_session.h"
15 #include "qat_sym_pmd.h"
19 /* bpi is only used for partial blocks of DES and AES
20 * so AES block len can be assumed as max len for iv, src and dst
22 #define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ
25 * Maximum number of SGL entries
27 #define QAT_SYM_SGL_MAX_NUMBER 16
29 struct qat_sym_session
;
33 struct qat_flat_buf buffers
[QAT_SYM_SGL_MAX_NUMBER
];
34 } __rte_packed __rte_cache_aligned
;
36 struct qat_sym_op_cookie
{
37 struct qat_sym_sgl qat_sgl_src
;
38 struct qat_sym_sgl qat_sgl_dst
;
39 phys_addr_t qat_sgl_src_phys_addr
;
40 phys_addr_t qat_sgl_dst_phys_addr
;
44 qat_sym_build_request(void *in_op
, uint8_t *out_msg
,
45 void *op_cookie
, enum qat_device_gen qat_dev_gen
);
48 /** Encrypt a single partial block
49 * Depends on openssl libcrypto
50 * Uses ECB+XOR to do CFB encryption, same result, more performant
53 bpi_cipher_encrypt(uint8_t *src
, uint8_t *dst
,
54 uint8_t *iv
, int ivlen
, int srclen
,
57 EVP_CIPHER_CTX
*ctx
= (EVP_CIPHER_CTX
*)bpi_ctx
;
59 uint8_t encrypted_iv
[BPI_MAX_ENCR_IV_LEN
];
60 uint8_t *encr
= encrypted_iv
;
62 /* ECB method: encrypt the IV, then XOR this with plaintext */
63 if (EVP_EncryptUpdate(ctx
, encrypted_iv
, &encrypted_ivlen
, iv
, ivlen
)
65 goto cipher_encrypt_err
;
67 for (; srclen
!= 0; --srclen
, ++dst
, ++src
, ++encr
)
73 QAT_DP_LOG(ERR
, "libcrypto ECB cipher encrypt failed");
77 static inline uint32_t
78 qat_bpicipher_postprocess(struct qat_sym_session
*ctx
,
79 struct rte_crypto_op
*op
)
81 int block_len
= qat_cipher_get_block_size(ctx
->qat_cipher_alg
);
82 struct rte_crypto_sym_op
*sym_op
= op
->sym
;
83 uint8_t last_block_len
= block_len
> 0 ?
84 sym_op
->cipher
.data
.length
% block_len
: 0;
86 if (last_block_len
> 0 &&
87 ctx
->qat_dir
== ICP_QAT_HW_CIPHER_ENCRYPT
) {
89 /* Encrypt last block */
90 uint8_t *last_block
, *dst
, *iv
;
91 uint32_t last_block_offset
;
93 last_block_offset
= sym_op
->cipher
.data
.offset
+
94 sym_op
->cipher
.data
.length
- last_block_len
;
95 last_block
= (uint8_t *) rte_pktmbuf_mtod_offset(sym_op
->m_src
,
96 uint8_t *, last_block_offset
);
98 if (unlikely(sym_op
->m_dst
!= NULL
))
99 /* out-of-place operation (OOP) */
100 dst
= (uint8_t *) rte_pktmbuf_mtod_offset(sym_op
->m_dst
,
101 uint8_t *, last_block_offset
);
105 if (last_block_len
< sym_op
->cipher
.data
.length
)
106 /* use previous block ciphertext as IV */
107 iv
= dst
- block_len
;
109 /* runt block, i.e. less than one full block */
110 iv
= rte_crypto_op_ctod_offset(op
, uint8_t *,
111 ctx
->cipher_iv
.offset
);
113 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
114 QAT_DP_HEXDUMP_LOG(DEBUG
, "BPI: src before post-process:",
115 last_block
, last_block_len
);
116 if (sym_op
->m_dst
!= NULL
)
117 QAT_DP_HEXDUMP_LOG(DEBUG
,
118 "BPI: dst before post-process:",
119 dst
, last_block_len
);
121 bpi_cipher_encrypt(last_block
, dst
, iv
, block_len
,
122 last_block_len
, ctx
->bpi_ctx
);
123 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
124 QAT_DP_HEXDUMP_LOG(DEBUG
, "BPI: src after post-process:",
125 last_block
, last_block_len
);
126 if (sym_op
->m_dst
!= NULL
)
127 QAT_DP_HEXDUMP_LOG(DEBUG
,
128 "BPI: dst after post-process:",
129 dst
, last_block_len
);
132 return sym_op
->cipher
.data
.length
- last_block_len
;
136 qat_sym_process_response(void **op
, uint8_t *resp
)
139 struct icp_qat_fw_comn_resp
*resp_msg
=
140 (struct icp_qat_fw_comn_resp
*)resp
;
141 struct rte_crypto_op
*rx_op
= (struct rte_crypto_op
*)(uintptr_t)
142 (resp_msg
->opaque_data
);
144 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
145 QAT_DP_HEXDUMP_LOG(DEBUG
, "qat_response:", (uint8_t *)resp_msg
,
146 sizeof(struct icp_qat_fw_comn_resp
));
149 if (ICP_QAT_FW_COMN_STATUS_FLAG_OK
!=
150 ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET(
151 resp_msg
->comn_hdr
.comn_status
)) {
153 rx_op
->status
= RTE_CRYPTO_OP_STATUS_AUTH_FAILED
;
155 struct qat_sym_session
*sess
= (struct qat_sym_session
*)
156 get_sym_session_private_data(
158 cryptodev_qat_driver_id
);
162 qat_bpicipher_postprocess(sess
, rx_op
);
163 rx_op
->status
= RTE_CRYPTO_OP_STATUS_SUCCESS
;
170 qat_sym_process_response(void **op __rte_unused
, uint8_t *resp __rte_unused
)
174 #endif /* _QAT_SYM_H_ */