xref: /openbmc/linux/drivers/net/ethernet/fungible/funeth/funeth_ktls.c (revision 4f2c0a4acffbec01079c28f839422e64ddeff004) 
1*a3662007SDimitris Michailidis // SPDX-License-Identifier: (GPL-2.0-only OR BSD-3-Clause)
2*a3662007SDimitris Michailidis 
3*a3662007SDimitris Michailidis #include "funeth.h"
4*a3662007SDimitris Michailidis #include "funeth_ktls.h"
5*a3662007SDimitris Michailidis 
fun_admin_ktls_create(struct funeth_priv * fp,unsigned int id)6*a3662007SDimitris Michailidis static int fun_admin_ktls_create(struct funeth_priv *fp, unsigned int id)
7*a3662007SDimitris Michailidis {
8*a3662007SDimitris Michailidis 	struct fun_admin_ktls_create_req req = {
9*a3662007SDimitris Michailidis 		.common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
10*a3662007SDimitris Michailidis 						     sizeof(req)),
11*a3662007SDimitris Michailidis 		.subop = FUN_ADMIN_SUBOP_CREATE,
12*a3662007SDimitris Michailidis 		.id = cpu_to_be32(id),
13*a3662007SDimitris Michailidis 	};
14*a3662007SDimitris Michailidis 
15*a3662007SDimitris Michailidis 	return fun_submit_admin_sync_cmd(fp->fdev, &req.common, NULL, 0, 0);
16*a3662007SDimitris Michailidis }
17*a3662007SDimitris Michailidis 
fun_ktls_add(struct net_device * netdev,struct sock * sk,enum tls_offload_ctx_dir direction,struct tls_crypto_info * crypto_info,u32 start_offload_tcp_sn)18*a3662007SDimitris Michailidis static int fun_ktls_add(struct net_device *netdev, struct sock *sk,
19*a3662007SDimitris Michailidis 			enum tls_offload_ctx_dir direction,
20*a3662007SDimitris Michailidis 			struct tls_crypto_info *crypto_info,
21*a3662007SDimitris Michailidis 			u32 start_offload_tcp_sn)
22*a3662007SDimitris Michailidis {
23*a3662007SDimitris Michailidis 	struct funeth_priv *fp = netdev_priv(netdev);
24*a3662007SDimitris Michailidis 	struct fun_admin_ktls_modify_req req = {
25*a3662007SDimitris Michailidis 		.common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
26*a3662007SDimitris Michailidis 						     sizeof(req)),
27*a3662007SDimitris Michailidis 		.subop = FUN_ADMIN_SUBOP_MODIFY,
28*a3662007SDimitris Michailidis 		.id = cpu_to_be32(fp->ktls_id),
29*a3662007SDimitris Michailidis 		.tcp_seq = cpu_to_be32(start_offload_tcp_sn),
30*a3662007SDimitris Michailidis 	};
31*a3662007SDimitris Michailidis 	struct fun_admin_ktls_modify_rsp rsp;
32*a3662007SDimitris Michailidis 	struct fun_ktls_tx_ctx *tx_ctx;
33*a3662007SDimitris Michailidis 	int rc;
34*a3662007SDimitris Michailidis 
35*a3662007SDimitris Michailidis 	if (direction != TLS_OFFLOAD_CTX_DIR_TX)
36*a3662007SDimitris Michailidis 		return -EOPNOTSUPP;
37*a3662007SDimitris Michailidis 
38*a3662007SDimitris Michailidis 	if (crypto_info->version == TLS_1_2_VERSION)
39*a3662007SDimitris Michailidis 		req.version = FUN_KTLS_TLSV2;
40*a3662007SDimitris Michailidis 	else
41*a3662007SDimitris Michailidis 		return -EOPNOTSUPP;
42*a3662007SDimitris Michailidis 
43*a3662007SDimitris Michailidis 	switch (crypto_info->cipher_type) {
44*a3662007SDimitris Michailidis 	case TLS_CIPHER_AES_GCM_128: {
45*a3662007SDimitris Michailidis 		struct tls12_crypto_info_aes_gcm_128 *c = (void *)crypto_info;
46*a3662007SDimitris Michailidis 
47*a3662007SDimitris Michailidis 		req.cipher = FUN_KTLS_CIPHER_AES_GCM_128;
48*a3662007SDimitris Michailidis 		memcpy(req.key, c->key, sizeof(c->key));
49*a3662007SDimitris Michailidis 		memcpy(req.iv, c->iv, sizeof(c->iv));
50*a3662007SDimitris Michailidis 		memcpy(req.salt, c->salt, sizeof(c->salt));
51*a3662007SDimitris Michailidis 		memcpy(req.record_seq, c->rec_seq, sizeof(c->rec_seq));
52*a3662007SDimitris Michailidis 		break;
53*a3662007SDimitris Michailidis 	}
54*a3662007SDimitris Michailidis 	default:
55*a3662007SDimitris Michailidis 		return -EOPNOTSUPP;
56*a3662007SDimitris Michailidis 	}
57*a3662007SDimitris Michailidis 
58*a3662007SDimitris Michailidis 	rc = fun_submit_admin_sync_cmd(fp->fdev, &req.common, &rsp,
59*a3662007SDimitris Michailidis 				       sizeof(rsp), 0);
60*a3662007SDimitris Michailidis 	memzero_explicit(&req, sizeof(req));
61*a3662007SDimitris Michailidis 	if (rc)
62*a3662007SDimitris Michailidis 		return rc;
63*a3662007SDimitris Michailidis 
64*a3662007SDimitris Michailidis 	tx_ctx = tls_driver_ctx(sk, direction);
65*a3662007SDimitris Michailidis 	tx_ctx->tlsid = rsp.tlsid;
66*a3662007SDimitris Michailidis 	tx_ctx->next_seq = start_offload_tcp_sn;
67*a3662007SDimitris Michailidis 	atomic64_inc(&fp->tx_tls_add);
68*a3662007SDimitris Michailidis 	return 0;
69*a3662007SDimitris Michailidis }
70*a3662007SDimitris Michailidis 
fun_ktls_del(struct net_device * netdev,struct tls_context * tls_ctx,enum tls_offload_ctx_dir direction)71*a3662007SDimitris Michailidis static void fun_ktls_del(struct net_device *netdev,
72*a3662007SDimitris Michailidis 			 struct tls_context *tls_ctx,
73*a3662007SDimitris Michailidis 			 enum tls_offload_ctx_dir direction)
74*a3662007SDimitris Michailidis {
75*a3662007SDimitris Michailidis 	struct funeth_priv *fp = netdev_priv(netdev);
76*a3662007SDimitris Michailidis 	struct fun_admin_ktls_modify_req req;
77*a3662007SDimitris Michailidis 	struct fun_ktls_tx_ctx *tx_ctx;
78*a3662007SDimitris Michailidis 
79*a3662007SDimitris Michailidis 	if (direction != TLS_OFFLOAD_CTX_DIR_TX)
80*a3662007SDimitris Michailidis 		return;
81*a3662007SDimitris Michailidis 
82*a3662007SDimitris Michailidis 	tx_ctx = __tls_driver_ctx(tls_ctx, direction);
83*a3662007SDimitris Michailidis 
84*a3662007SDimitris Michailidis 	req.common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
85*a3662007SDimitris Michailidis 			offsetof(struct fun_admin_ktls_modify_req, tcp_seq));
86*a3662007SDimitris Michailidis 	req.subop = FUN_ADMIN_SUBOP_MODIFY;
87*a3662007SDimitris Michailidis 	req.flags = cpu_to_be16(FUN_KTLS_MODIFY_REMOVE);
88*a3662007SDimitris Michailidis 	req.id = cpu_to_be32(fp->ktls_id);
89*a3662007SDimitris Michailidis 	req.tlsid = tx_ctx->tlsid;
90*a3662007SDimitris Michailidis 
91*a3662007SDimitris Michailidis 	fun_submit_admin_sync_cmd(fp->fdev, &req.common, NULL, 0, 0);
92*a3662007SDimitris Michailidis 	atomic64_inc(&fp->tx_tls_del);
93*a3662007SDimitris Michailidis }
94*a3662007SDimitris Michailidis 
fun_ktls_resync(struct net_device * netdev,struct sock * sk,u32 seq,u8 * rcd_sn,enum tls_offload_ctx_dir direction)95*a3662007SDimitris Michailidis static int fun_ktls_resync(struct net_device *netdev, struct sock *sk, u32 seq,
96*a3662007SDimitris Michailidis 			   u8 *rcd_sn, enum tls_offload_ctx_dir direction)
97*a3662007SDimitris Michailidis {
98*a3662007SDimitris Michailidis 	struct funeth_priv *fp = netdev_priv(netdev);
99*a3662007SDimitris Michailidis 	struct fun_admin_ktls_modify_req req;
100*a3662007SDimitris Michailidis 	struct fun_ktls_tx_ctx *tx_ctx;
101*a3662007SDimitris Michailidis 	int rc;
102*a3662007SDimitris Michailidis 
103*a3662007SDimitris Michailidis 	if (direction != TLS_OFFLOAD_CTX_DIR_TX)
104*a3662007SDimitris Michailidis 		return -EOPNOTSUPP;
105*a3662007SDimitris Michailidis 
106*a3662007SDimitris Michailidis 	tx_ctx = tls_driver_ctx(sk, direction);
107*a3662007SDimitris Michailidis 
108*a3662007SDimitris Michailidis 	req.common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
109*a3662007SDimitris Michailidis 			offsetof(struct fun_admin_ktls_modify_req, key));
110*a3662007SDimitris Michailidis 	req.subop = FUN_ADMIN_SUBOP_MODIFY;
111*a3662007SDimitris Michailidis 	req.flags = 0;
112*a3662007SDimitris Michailidis 	req.id = cpu_to_be32(fp->ktls_id);
113*a3662007SDimitris Michailidis 	req.tlsid = tx_ctx->tlsid;
114*a3662007SDimitris Michailidis 	req.tcp_seq = cpu_to_be32(seq);
115*a3662007SDimitris Michailidis 	req.version = 0;
116*a3662007SDimitris Michailidis 	req.cipher = 0;
117*a3662007SDimitris Michailidis 	memcpy(req.record_seq, rcd_sn, sizeof(req.record_seq));
118*a3662007SDimitris Michailidis 
119*a3662007SDimitris Michailidis 	atomic64_inc(&fp->tx_tls_resync);
120*a3662007SDimitris Michailidis 	rc = fun_submit_admin_sync_cmd(fp->fdev, &req.common, NULL, 0, 0);
121*a3662007SDimitris Michailidis 	if (!rc)
122*a3662007SDimitris Michailidis 		tx_ctx->next_seq = seq;
123*a3662007SDimitris Michailidis 	return rc;
124*a3662007SDimitris Michailidis }
125*a3662007SDimitris Michailidis 
126*a3662007SDimitris Michailidis static const struct tlsdev_ops fun_ktls_ops = {
127*a3662007SDimitris Michailidis 	.tls_dev_add = fun_ktls_add,
128*a3662007SDimitris Michailidis 	.tls_dev_del = fun_ktls_del,
129*a3662007SDimitris Michailidis 	.tls_dev_resync = fun_ktls_resync,
130*a3662007SDimitris Michailidis };
131*a3662007SDimitris Michailidis 
fun_ktls_init(struct net_device * netdev)132*a3662007SDimitris Michailidis int fun_ktls_init(struct net_device *netdev)
133*a3662007SDimitris Michailidis {
134*a3662007SDimitris Michailidis 	struct funeth_priv *fp = netdev_priv(netdev);
135*a3662007SDimitris Michailidis 	int rc;
136*a3662007SDimitris Michailidis 
137*a3662007SDimitris Michailidis 	rc = fun_admin_ktls_create(fp, netdev->dev_port);
138*a3662007SDimitris Michailidis 	if (rc)
139*a3662007SDimitris Michailidis 		return rc;
140*a3662007SDimitris Michailidis 
141*a3662007SDimitris Michailidis 	fp->ktls_id = netdev->dev_port;
142*a3662007SDimitris Michailidis 	netdev->tlsdev_ops = &fun_ktls_ops;
143*a3662007SDimitris Michailidis 	netdev->hw_features |= NETIF_F_HW_TLS_TX;
144*a3662007SDimitris Michailidis 	netdev->features |= NETIF_F_HW_TLS_TX;
145*a3662007SDimitris Michailidis 	return 0;
146*a3662007SDimitris Michailidis }
147*a3662007SDimitris Michailidis 
fun_ktls_cleanup(struct funeth_priv * fp)148*a3662007SDimitris Michailidis void fun_ktls_cleanup(struct funeth_priv *fp)
149*a3662007SDimitris Michailidis {
150*a3662007SDimitris Michailidis 	if (fp->ktls_id == FUN_HCI_ID_INVALID)
151*a3662007SDimitris Michailidis 		return;
152*a3662007SDimitris Michailidis 
153*a3662007SDimitris Michailidis 	fun_res_destroy(fp->fdev, FUN_ADMIN_OP_KTLS, 0, fp->ktls_id);
154*a3662007SDimitris Michailidis 	fp->ktls_id = FUN_HCI_ID_INVALID;
155*a3662007SDimitris Michailidis }
156