drivers/net/ethernet/fungible/funeth/funeth_ktls.c

   1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-3-Clause)
   2
   3 #include "funeth.h"
   4 #include "funeth_ktls.h"
   5
   6 static int fun_admin_ktls_create(struct funeth_priv *fp, unsigned int id)
   7 {
   8         struct fun_admin_ktls_create_req req = {
   9                 .common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
  10                                                      sizeof(req)),
  11                 .subop = FUN_ADMIN_SUBOP_CREATE,
  12                 .id = cpu_to_be32(id),
  13         };
  14
  15         return fun_submit_admin_sync_cmd(fp->fdev, &req.common, NULL, 0, 0);
  16 }
  17
  18 static int fun_ktls_add(struct net_device *netdev, struct sock *sk,
  19                         enum tls_offload_ctx_dir direction,
  20                         struct tls_crypto_info *crypto_info,
  21                         u32 start_offload_tcp_sn)
  22 {
  23         struct funeth_priv *fp = netdev_priv(netdev);
  24         struct fun_admin_ktls_modify_req req = {
  25                 .common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
  26                                                      sizeof(req)),
  27                 .subop = FUN_ADMIN_SUBOP_MODIFY,
  28                 .id = cpu_to_be32(fp->ktls_id),
  29                 .tcp_seq = cpu_to_be32(start_offload_tcp_sn),
  30         };
  31         struct fun_admin_ktls_modify_rsp rsp;
  32         struct fun_ktls_tx_ctx *tx_ctx;
  33         int rc;
  34
  35         if (direction != TLS_OFFLOAD_CTX_DIR_TX)
  36                 return -EOPNOTSUPP;
  37
  38         if (crypto_info->version == TLS_1_2_VERSION)
  39                 req.version = FUN_KTLS_TLSV2;
  40         else
  41                 return -EOPNOTSUPP;
  42
  43         switch (crypto_info->cipher_type) {
  44         case TLS_CIPHER_AES_GCM_128: {
  45                 struct tls12_crypto_info_aes_gcm_128 *c = (void *)crypto_info;
  46
  47                 req.cipher = FUN_KTLS_CIPHER_AES_GCM_128;
  48                 memcpy(req.key, c->key, sizeof(c->key));
  49                 memcpy(req.iv, c->iv, sizeof(c->iv));
  50                 memcpy(req.salt, c->salt, sizeof(c->salt));
  51                 memcpy(req.record_seq, c->rec_seq, sizeof(c->rec_seq));
  52                 break;
  53         }
  54         default:
  55                 return -EOPNOTSUPP;
  56         }
  57
  58         rc = fun_submit_admin_sync_cmd(fp->fdev, &req.common, &rsp,
  59                                        sizeof(rsp), 0);
  60         memzero_explicit(&req, sizeof(req));
  61         if (rc)
  62                 return rc;
  63
  64         tx_ctx = tls_driver_ctx(sk, direction);
  65         tx_ctx->tlsid = rsp.tlsid;
  66         tx_ctx->next_seq = start_offload_tcp_sn;
  67         atomic64_inc(&fp->tx_tls_add);
  68         return 0;
  69 }
  70
  71 static void fun_ktls_del(struct net_device *netdev,
  72                          struct tls_context *tls_ctx,
  73                          enum tls_offload_ctx_dir direction)
  74 {
  75         struct funeth_priv *fp = netdev_priv(netdev);
  76         struct fun_admin_ktls_modify_req req;
  77         struct fun_ktls_tx_ctx *tx_ctx;
  78
  79         if (direction != TLS_OFFLOAD_CTX_DIR_TX)
  80                 return;
  81
  82         tx_ctx = __tls_driver_ctx(tls_ctx, direction);
  83
  84         req.common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
  85                         offsetof(struct fun_admin_ktls_modify_req, tcp_seq));
  86         req.subop = FUN_ADMIN_SUBOP_MODIFY;
  87         req.flags = cpu_to_be16(FUN_KTLS_MODIFY_REMOVE);
  88         req.id = cpu_to_be32(fp->ktls_id);
  89         req.tlsid = tx_ctx->tlsid;
  90
  91         fun_submit_admin_sync_cmd(fp->fdev, &req.common, NULL, 0, 0);
  92         atomic64_inc(&fp->tx_tls_del);
  93 }
  94
  95 static int fun_ktls_resync(struct net_device *netdev, struct sock *sk, u32 seq,
  96                            u8 *rcd_sn, enum tls_offload_ctx_dir direction)
  97 {
  98         struct funeth_priv *fp = netdev_priv(netdev);
  99         struct fun_admin_ktls_modify_req req;
 100         struct fun_ktls_tx_ctx *tx_ctx;
 101         int rc;
 102
 103         if (direction != TLS_OFFLOAD_CTX_DIR_TX)
 104                 return -EOPNOTSUPP;
 105
 106         tx_ctx = tls_driver_ctx(sk, direction);
 107
 108         req.common = FUN_ADMIN_REQ_COMMON_INIT2(FUN_ADMIN_OP_KTLS,
 109                         offsetof(struct fun_admin_ktls_modify_req, key));
 110         req.subop = FUN_ADMIN_SUBOP_MODIFY;
 111         req.flags = 0;
 112         req.id = cpu_to_be32(fp->ktls_id);
 113         req.tlsid = tx_ctx->tlsid;
 114         req.tcp_seq = cpu_to_be32(seq);
 115         req.version = 0;
 116         req.cipher = 0;
 117         memcpy(req.record_seq, rcd_sn, sizeof(req.record_seq));
 118
 119         atomic64_inc(&fp->tx_tls_resync);
 120         rc = fun_submit_admin_sync_cmd(fp->fdev, &req.common, NULL, 0, 0);
 121         if (!rc)
 122                 tx_ctx->next_seq = seq;
 123         return rc;
 124 }
 125
 126 static const struct tlsdev_ops fun_ktls_ops = {
 127         .tls_dev_add = fun_ktls_add,
 128         .tls_dev_del = fun_ktls_del,
 129         .tls_dev_resync = fun_ktls_resync,
 130 };
 131
 132 int fun_ktls_init(struct net_device *netdev)
 133 {
 134         struct funeth_priv *fp = netdev_priv(netdev);
 135         int rc;
 136
 137         rc = fun_admin_ktls_create(fp, netdev->dev_port);
 138         if (rc)
 139                 return rc;
 140
 141         fp->ktls_id = netdev->dev_port;
 142         netdev->tlsdev_ops = &fun_ktls_ops;
 143         netdev->hw_features |= NETIF_F_HW_TLS_TX;
 144         netdev->features |= NETIF_F_HW_TLS_TX;
 145         return 0;
 146 }
 147
 148 void fun_ktls_cleanup(struct funeth_priv *fp)
 149 {
 150         if (fp->ktls_id == FUN_HCI_ID_INVALID)
 151                 return;
 152
 153         fun_res_destroy(fp->fdev, FUN_ADMIN_OP_KTLS, 0, fp->ktls_id);
 154         fp->ktls_id = FUN_HCI_ID_INVALID;
 155 }