1// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
2// Copyright (c) 2019 Mellanox Technologies.
3
4#include <linux/debugfs.h>
5#include "en.h"
6#include "lib/mlx5.h"
7#include "lib/crypto.h"
8#include "en_accel/ktls.h"
9#include "en_accel/ktls_utils.h"
10#include "en_accel/fs_tcp.h"
11
12struct mlx5_crypto_dek *mlx5_ktls_create_key(struct mlx5_crypto_dek_pool *dek_pool,
13					     struct tls_crypto_info *crypto_info)
14{
15	const void *key;
16	u32 sz_bytes;
17
18	switch (crypto_info->cipher_type) {
19	case TLS_CIPHER_AES_GCM_128: {
20		struct tls12_crypto_info_aes_gcm_128 *info =
21			(struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
22
23		key      = info->key;
24		sz_bytes = sizeof(info->key);
25		break;
26	}
27	case TLS_CIPHER_AES_GCM_256: {
28		struct tls12_crypto_info_aes_gcm_256 *info =
29			(struct tls12_crypto_info_aes_gcm_256 *)crypto_info;
30
31		key      = info->key;
32		sz_bytes = sizeof(info->key);
33		break;
34	}
35	default:
36		return ERR_PTR(-EINVAL);
37	}
38
39	return mlx5_crypto_dek_create(dek_pool, key, sz_bytes);
40}
41
42void mlx5_ktls_destroy_key(struct mlx5_crypto_dek_pool *dek_pool,
43			   struct mlx5_crypto_dek *dek)
44{
45	mlx5_crypto_dek_destroy(dek_pool, dek);
46}
47
48static int mlx5e_ktls_add(struct net_device *netdev, struct sock *sk,
49			  enum tls_offload_ctx_dir direction,
50			  struct tls_crypto_info *crypto_info,
51			  u32 start_offload_tcp_sn)
52{
53	struct mlx5e_priv *priv = netdev_priv(netdev);
54	struct mlx5_core_dev *mdev = priv->mdev;
55	int err;
56
57	if (!mlx5e_ktls_type_check(mdev, crypto_info))
58		return -EOPNOTSUPP;
59
60	if (direction == TLS_OFFLOAD_CTX_DIR_TX)
61		err = mlx5e_ktls_add_tx(netdev, sk, crypto_info, start_offload_tcp_sn);
62	else
63		err = mlx5e_ktls_add_rx(netdev, sk, crypto_info, start_offload_tcp_sn);
64
65	return err;
66}
67
68static void mlx5e_ktls_del(struct net_device *netdev,
69			   struct tls_context *tls_ctx,
70			   enum tls_offload_ctx_dir direction)
71{
72	if (direction == TLS_OFFLOAD_CTX_DIR_TX)
73		mlx5e_ktls_del_tx(netdev, tls_ctx);
74	else
75		mlx5e_ktls_del_rx(netdev, tls_ctx);
76}
77
78static int mlx5e_ktls_resync(struct net_device *netdev,
79			     struct sock *sk, u32 seq, u8 *rcd_sn,
80			     enum tls_offload_ctx_dir direction)
81{
82	if (unlikely(direction != TLS_OFFLOAD_CTX_DIR_RX))
83		return -EOPNOTSUPP;
84
85	mlx5e_ktls_rx_resync(netdev, sk, seq, rcd_sn);
86	return 0;
87}
88
89static const struct tlsdev_ops mlx5e_ktls_ops = {
90	.tls_dev_add = mlx5e_ktls_add,
91	.tls_dev_del = mlx5e_ktls_del,
92	.tls_dev_resync = mlx5e_ktls_resync,
93};
94
95bool mlx5e_is_ktls_rx(struct mlx5_core_dev *mdev)
96{
97	u8 max_sq_wqebbs = mlx5e_get_max_sq_wqebbs(mdev);
98
99	if (is_kdump_kernel() || !MLX5_CAP_GEN(mdev, tls_rx) || mlx5_get_sd(mdev))
100		return false;
101
102	/* Check the possibility to post the required ICOSQ WQEs. */
103	if (WARN_ON_ONCE(max_sq_wqebbs < MLX5E_TLS_SET_STATIC_PARAMS_WQEBBS))
104		return false;
105	if (WARN_ON_ONCE(max_sq_wqebbs < MLX5E_TLS_SET_PROGRESS_PARAMS_WQEBBS))
106		return false;
107	if (WARN_ON_ONCE(max_sq_wqebbs < MLX5E_KTLS_GET_PROGRESS_WQEBBS))
108		return false;
109
110	return true;
111}
112
113void mlx5e_ktls_build_netdev(struct mlx5e_priv *priv)
114{
115	struct net_device *netdev = priv->netdev;
116	struct mlx5_core_dev *mdev = priv->mdev;
117
118	if (!mlx5e_is_ktls_tx(mdev) && !mlx5e_is_ktls_rx(mdev))
119		return;
120
121	if (mlx5e_is_ktls_tx(mdev)) {
122		netdev->hw_features |= NETIF_F_HW_TLS_TX;
123		netdev->features    |= NETIF_F_HW_TLS_TX;
124	}
125
126	if (mlx5e_is_ktls_rx(mdev))
127		netdev->hw_features |= NETIF_F_HW_TLS_RX;
128
129	netdev->tlsdev_ops = &mlx5e_ktls_ops;
130}
131
132int mlx5e_ktls_set_feature_rx(struct net_device *netdev, bool enable)
133{
134	struct mlx5e_priv *priv = netdev_priv(netdev);
135	int err = 0;
136
137	mutex_lock(&priv->state_lock);
138	if (enable)
139		err = mlx5e_accel_fs_tcp_create(priv->fs);
140	else
141		mlx5e_accel_fs_tcp_destroy(priv->fs);
142	mutex_unlock(&priv->state_lock);
143
144	return err;
145}
146
147int mlx5e_ktls_init_rx(struct mlx5e_priv *priv)
148{
149	int err;
150
151	if (!mlx5e_is_ktls_rx(priv->mdev))
152		return 0;
153
154	priv->tls->rx_wq = create_singlethread_workqueue("mlx5e_tls_rx");
155	if (!priv->tls->rx_wq)
156		return -ENOMEM;
157
158	if (priv->netdev->features & NETIF_F_HW_TLS_RX) {
159		err = mlx5e_accel_fs_tcp_create(priv->fs);
160		if (err) {
161			destroy_workqueue(priv->tls->rx_wq);
162			return err;
163		}
164	}
165
166	return 0;
167}
168
169void mlx5e_ktls_cleanup_rx(struct mlx5e_priv *priv)
170{
171	if (!mlx5e_is_ktls_rx(priv->mdev))
172		return;
173
174	if (priv->netdev->features & NETIF_F_HW_TLS_RX)
175		mlx5e_accel_fs_tcp_destroy(priv->fs);
176
177	destroy_workqueue(priv->tls->rx_wq);
178}
179
180static void mlx5e_tls_debugfs_init(struct mlx5e_tls *tls,
181				   struct dentry *dfs_root)
182{
183	if (IS_ERR_OR_NULL(dfs_root))
184		return;
185
186	tls->debugfs.dfs = debugfs_create_dir("tls", dfs_root);
187}
188
189int mlx5e_ktls_init(struct mlx5e_priv *priv)
190{
191	struct mlx5e_tls *tls;
192
193	if (!mlx5e_is_ktls_device(priv->mdev))
194		return 0;
195
196	tls = kzalloc(sizeof(*tls), GFP_KERNEL);
197	if (!tls)
198		return -ENOMEM;
199	tls->mdev = priv->mdev;
200
201	priv->tls = tls;
202
203	mlx5e_tls_debugfs_init(tls, priv->dfs_root);
204
205	return 0;
206}
207
208void mlx5e_ktls_cleanup(struct mlx5e_priv *priv)
209{
210	struct mlx5e_tls *tls = priv->tls;
211
212	if (!mlx5e_is_ktls_device(priv->mdev))
213		return;
214
215	debugfs_remove_recursive(tls->debugfs.dfs);
216	tls->debugfs.dfs = NULL;
217
218	kfree(priv->tls);
219	priv->tls = NULL;
220}
221