1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
3 */
4
5 #include <cryptodev_pmd.h>
6 #include <rte_security.h>
7
8 #include "roc_api.h"
9
10 #include "cnxk_cryptodev.h"
11 #include "cnxk_cryptodev_capabilities.h"
12 #include "cnxk_security_ar.h"
13
14 #define CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name) \
15 do { \
16 if ((hw_caps[CPT_ENG_TYPE_SE].name) || \
17 (hw_caps[CPT_ENG_TYPE_IE].name) || \
18 (hw_caps[CPT_ENG_TYPE_AE].name)) \
19 cpt_caps_add(cnxk_caps, cur_pos, caps_##name, \
20 RTE_DIM(caps_##name)); \
21 } while (0)
22
23 #define SEC_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name) \
24 do { \
25 if ((hw_caps[CPT_ENG_TYPE_SE].name) || \
26 (hw_caps[CPT_ENG_TYPE_IE].name) || \
27 (hw_caps[CPT_ENG_TYPE_AE].name)) \
28 sec_caps_add(cnxk_caps, cur_pos, sec_caps_##name, \
29 RTE_DIM(sec_caps_##name)); \
30 } while (0)
31
32 static const struct rte_cryptodev_capabilities caps_mul[] = {
33 { /* RSA */
34 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
35 {.asym = {
36 .xform_capa = {
37 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
38 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
39 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
40 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
41 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
42 {.modlen = {
43 .min = 17,
44 .max = 1024,
45 .increment = 1
46 }, }
47 }
48 }, }
49 },
50 { /* MOD_EXP */
51 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
52 {.asym = {
53 .xform_capa = {
54 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
55 .op_types = 0,
56 {.modlen = {
57 .min = 17,
58 .max = 1024,
59 .increment = 1
60 }, }
61 }
62 }, }
63 },
64 { /* ECDSA */
65 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
66 {.asym = {
67 .xform_capa = {
68 .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
69 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
70 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
71 }
72 },
73 }
74 },
75 { /* ECPM */
76 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
77 {.asym = {
78 .xform_capa = {
79 .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
80 .op_types = 0
81 }
82 },
83 }
84 },
85 };
86
87 static const struct rte_cryptodev_capabilities caps_sha1_sha2[] = {
88 { /* SHA1 */
89 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
90 {.sym = {
91 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
92 {.auth = {
93 .algo = RTE_CRYPTO_AUTH_SHA1,
94 .block_size = 64,
95 .key_size = {
96 .min = 0,
97 .max = 0,
98 .increment = 0
99 },
100 .digest_size = {
101 .min = 20,
102 .max = 20,
103 .increment = 0
104 },
105 }, }
106 }, }
107 },
108 { /* SHA1 HMAC */
109 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
110 {.sym = {
111 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
112 {.auth = {
113 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
114 .block_size = 64,
115 .key_size = {
116 .min = 1,
117 .max = 1024,
118 .increment = 1
119 },
120 .digest_size = {
121 .min = 12,
122 .max = 20,
123 .increment = 8
124 },
125 }, }
126 }, }
127 },
128 { /* SHA224 */
129 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
130 {.sym = {
131 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
132 {.auth = {
133 .algo = RTE_CRYPTO_AUTH_SHA224,
134 .block_size = 64,
135 .key_size = {
136 .min = 0,
137 .max = 0,
138 .increment = 0
139 },
140 .digest_size = {
141 .min = 28,
142 .max = 28,
143 .increment = 0
144 },
145 }, }
146 }, }
147 },
148 { /* SHA224 HMAC */
149 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
150 {.sym = {
151 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
152 {.auth = {
153 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
154 .block_size = 64,
155 .key_size = {
156 .min = 1,
157 .max = 1024,
158 .increment = 1
159 },
160 .digest_size = {
161 .min = 28,
162 .max = 28,
163 .increment = 0
164 },
165 }, }
166 }, }
167 },
168 { /* SHA256 */
169 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
170 {.sym = {
171 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
172 {.auth = {
173 .algo = RTE_CRYPTO_AUTH_SHA256,
174 .block_size = 64,
175 .key_size = {
176 .min = 0,
177 .max = 0,
178 .increment = 0
179 },
180 .digest_size = {
181 .min = 32,
182 .max = 32,
183 .increment = 0
184 },
185 }, }
186 }, }
187 },
188 { /* SHA256 HMAC */
189 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
190 {.sym = {
191 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
192 {.auth = {
193 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
194 .block_size = 64,
195 .key_size = {
196 .min = 1,
197 .max = 1024,
198 .increment = 1
199 },
200 .digest_size = {
201 .min = 16,
202 .max = 32,
203 .increment = 16
204 },
205 }, }
206 }, }
207 },
208 { /* SHA384 */
209 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
210 {.sym = {
211 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
212 {.auth = {
213 .algo = RTE_CRYPTO_AUTH_SHA384,
214 .block_size = 64,
215 .key_size = {
216 .min = 0,
217 .max = 0,
218 .increment = 0
219 },
220 .digest_size = {
221 .min = 48,
222 .max = 48,
223 .increment = 0
224 },
225 }, }
226 }, }
227 },
228 { /* SHA384 HMAC */
229 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
230 {.sym = {
231 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
232 {.auth = {
233 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
234 .block_size = 64,
235 .key_size = {
236 .min = 1,
237 .max = 1024,
238 .increment = 1
239 },
240 .digest_size = {
241 .min = 24,
242 .max = 48,
243 .increment = 24
244 },
245 }, }
246 }, }
247 },
248 { /* SHA512 */
249 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
250 {.sym = {
251 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
252 {.auth = {
253 .algo = RTE_CRYPTO_AUTH_SHA512,
254 .block_size = 128,
255 .key_size = {
256 .min = 0,
257 .max = 0,
258 .increment = 0
259 },
260 .digest_size = {
261 .min = 64,
262 .max = 64,
263 .increment = 0
264 },
265 }, }
266 }, }
267 },
268 { /* SHA512 HMAC */
269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
270 {.sym = {
271 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
272 {.auth = {
273 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
274 .block_size = 128,
275 .key_size = {
276 .min = 1,
277 .max = 1024,
278 .increment = 1
279 },
280 .digest_size = {
281 .min = 32,
282 .max = 64,
283 .increment = 32
284 },
285 }, }
286 }, }
287 },
288 { /* MD5 */
289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
290 {.sym = {
291 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
292 {.auth = {
293 .algo = RTE_CRYPTO_AUTH_MD5,
294 .block_size = 64,
295 .key_size = {
296 .min = 0,
297 .max = 0,
298 .increment = 0
299 },
300 .digest_size = {
301 .min = 16,
302 .max = 16,
303 .increment = 0
304 },
305 }, }
306 }, }
307 },
308 { /* MD5 HMAC */
309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
310 {.sym = {
311 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
312 {.auth = {
313 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
314 .block_size = 64,
315 .key_size = {
316 .min = 8,
317 .max = 64,
318 .increment = 8
319 },
320 .digest_size = {
321 .min = 12,
322 .max = 16,
323 .increment = 4
324 },
325 }, }
326 }, }
327 },
328 };
329
330 static const struct rte_cryptodev_capabilities caps_chacha20[] = {
331 { /* Chacha20-Poly1305 */
332 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
333 {.sym = {
334 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
335 {.aead = {
336 .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
337 .block_size = 64,
338 .key_size = {
339 .min = 32,
340 .max = 32,
341 .increment = 0
342 },
343 .digest_size = {
344 .min = 16,
345 .max = 16,
346 .increment = 0
347 },
348 .aad_size = {
349 .min = 0,
350 .max = 1024,
351 .increment = 1
352 },
353 .iv_size = {
354 .min = 12,
355 .max = 12,
356 .increment = 0
357 },
358 }, }
359 }, }
360 }
361 };
362
363 static const struct rte_cryptodev_capabilities caps_zuc_snow3g[] = {
364 { /* SNOW 3G (UEA2) */
365 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
366 {.sym = {
367 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
368 {.cipher = {
369 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
370 .block_size = 16,
371 .key_size = {
372 .min = 16,
373 .max = 16,
374 .increment = 0
375 },
376 .iv_size = {
377 .min = 16,
378 .max = 16,
379 .increment = 0
380 }
381 }, }
382 }, }
383 },
384 { /* ZUC (EEA3) */
385 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
386 {.sym = {
387 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
388 {.cipher = {
389 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
390 .block_size = 16,
391 .key_size = {
392 .min = 16,
393 .max = 16,
394 .increment = 0
395 },
396 .iv_size = {
397 .min = 16,
398 .max = 16,
399 .increment = 0
400 }
401 }, }
402 }, }
403 },
404 { /* SNOW 3G (UIA2) */
405 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
406 {.sym = {
407 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
408 {.auth = {
409 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
410 .block_size = 16,
411 .key_size = {
412 .min = 16,
413 .max = 16,
414 .increment = 0
415 },
416 .digest_size = {
417 .min = 4,
418 .max = 4,
419 .increment = 0
420 },
421 .iv_size = {
422 .min = 16,
423 .max = 16,
424 .increment = 0
425 }
426 }, }
427 }, }
428 },
429 { /* ZUC (EIA3) */
430 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
431 {.sym = {
432 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
433 {.auth = {
434 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
435 .block_size = 16,
436 .key_size = {
437 .min = 16,
438 .max = 16,
439 .increment = 0
440 },
441 .digest_size = {
442 .min = 4,
443 .max = 4,
444 .increment = 0
445 },
446 .iv_size = {
447 .min = 16,
448 .max = 16,
449 .increment = 0
450 }
451 }, }
452 }, }
453 },
454 };
455
456 static const struct rte_cryptodev_capabilities caps_aes[] = {
457 { /* AES GMAC (AUTH) */
458 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
459 {.sym = {
460 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
461 {.auth = {
462 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
463 .block_size = 16,
464 .key_size = {
465 .min = 16,
466 .max = 32,
467 .increment = 8
468 },
469 .digest_size = {
470 .min = 8,
471 .max = 16,
472 .increment = 4
473 },
474 .iv_size = {
475 .min = 12,
476 .max = 12,
477 .increment = 0
478 }
479 }, }
480 }, }
481 },
482 { /* AES CBC */
483 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
484 {.sym = {
485 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
486 {.cipher = {
487 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
488 .block_size = 16,
489 .key_size = {
490 .min = 16,
491 .max = 32,
492 .increment = 8
493 },
494 .iv_size = {
495 .min = 16,
496 .max = 16,
497 .increment = 0
498 }
499 }, }
500 }, }
501 },
502 { /* AES CTR */
503 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
504 {.sym = {
505 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
506 {.cipher = {
507 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
508 .block_size = 16,
509 .key_size = {
510 .min = 16,
511 .max = 32,
512 .increment = 8
513 },
514 .iv_size = {
515 .min = 12,
516 .max = 16,
517 .increment = 4
518 }
519 }, }
520 }, }
521 },
522 { /* AES XTS */
523 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
524 {.sym = {
525 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
526 {.cipher = {
527 .algo = RTE_CRYPTO_CIPHER_AES_XTS,
528 .block_size = 16,
529 .key_size = {
530 .min = 32,
531 .max = 64,
532 .increment = 32
533 },
534 .iv_size = {
535 .min = 16,
536 .max = 16,
537 .increment = 0
538 }
539 }, }
540 }, }
541 },
542 { /* AES GCM */
543 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
544 {.sym = {
545 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
546 {.aead = {
547 .algo = RTE_CRYPTO_AEAD_AES_GCM,
548 .block_size = 16,
549 .key_size = {
550 .min = 16,
551 .max = 32,
552 .increment = 8
553 },
554 .digest_size = {
555 .min = 4,
556 .max = 16,
557 .increment = 1
558 },
559 .aad_size = {
560 .min = 0,
561 .max = 1024,
562 .increment = 1
563 },
564 .iv_size = {
565 .min = 12,
566 .max = 12,
567 .increment = 0
568 }
569 }, }
570 }, }
571 },
572 { /* AES CMAC */
573 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
574 {.sym = {
575 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
576 {.auth = {
577 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
578 .block_size = 16,
579 .key_size = {
580 .min = 16,
581 .max = 32,
582 .increment = 8
583 },
584 .digest_size = {
585 .min = 4,
586 .max = 4,
587 .increment = 0
588 },
589 }, }
590 }, }
591 },
592 };
593
594 static const struct rte_cryptodev_capabilities caps_kasumi[] = {
595 { /* KASUMI (F8) */
596 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
597 {.sym = {
598 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
599 {.cipher = {
600 .algo = RTE_CRYPTO_CIPHER_KASUMI_F8,
601 .block_size = 8,
602 .key_size = {
603 .min = 16,
604 .max = 16,
605 .increment = 0
606 },
607 .iv_size = {
608 .min = 8,
609 .max = 8,
610 .increment = 0
611 }
612 }, }
613 }, }
614 },
615 { /* KASUMI (F9) */
616 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
617 {.sym = {
618 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
619 {.auth = {
620 .algo = RTE_CRYPTO_AUTH_KASUMI_F9,
621 .block_size = 8,
622 .key_size = {
623 .min = 16,
624 .max = 16,
625 .increment = 0
626 },
627 .digest_size = {
628 .min = 4,
629 .max = 4,
630 .increment = 0
631 },
632 }, }
633 }, }
634 },
635 };
636
637 static const struct rte_cryptodev_capabilities caps_des[] = {
638 { /* 3DES CBC */
639 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
640 {.sym = {
641 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
642 {.cipher = {
643 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
644 .block_size = 8,
645 .key_size = {
646 .min = 24,
647 .max = 24,
648 .increment = 0
649 },
650 .iv_size = {
651 .min = 8,
652 .max = 16,
653 .increment = 8
654 }
655 }, }
656 }, }
657 },
658 { /* 3DES ECB */
659 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
660 {.sym = {
661 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
662 {.cipher = {
663 .algo = RTE_CRYPTO_CIPHER_3DES_ECB,
664 .block_size = 8,
665 .key_size = {
666 .min = 24,
667 .max = 24,
668 .increment = 0
669 },
670 .iv_size = {
671 .min = 0,
672 .max = 0,
673 .increment = 0
674 }
675 }, }
676 }, }
677 },
678 { /* DES CBC */
679 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
680 {.sym = {
681 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
682 {.cipher = {
683 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
684 .block_size = 8,
685 .key_size = {
686 .min = 8,
687 .max = 8,
688 .increment = 0
689 },
690 .iv_size = {
691 .min = 8,
692 .max = 8,
693 .increment = 0
694 }
695 }, }
696 }, }
697 },
698 };
699
700 static const struct rte_cryptodev_capabilities caps_null[] = {
701 { /* NULL (AUTH) */
702 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
703 {.sym = {
704 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
705 {.auth = {
706 .algo = RTE_CRYPTO_AUTH_NULL,
707 .block_size = 1,
708 .key_size = {
709 .min = 0,
710 .max = 0,
711 .increment = 0
712 },
713 .digest_size = {
714 .min = 0,
715 .max = 0,
716 .increment = 0
717 },
718 }, },
719 }, },
720 },
721 { /* NULL (CIPHER) */
722 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
723 {.sym = {
724 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
725 {.cipher = {
726 .algo = RTE_CRYPTO_CIPHER_NULL,
727 .block_size = 1,
728 .key_size = {
729 .min = 0,
730 .max = 0,
731 .increment = 0
732 },
733 .iv_size = {
734 .min = 0,
735 .max = 0,
736 .increment = 0
737 }
738 }, },
739 }, }
740 },
741 };
742
743 static const struct rte_cryptodev_capabilities caps_end[] = {
744 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
745 };
746
747 static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
748 { /* AES GCM */
749 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
750 {.sym = {
751 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
752 {.aead = {
753 .algo = RTE_CRYPTO_AEAD_AES_GCM,
754 .block_size = 16,
755 .key_size = {
756 .min = 16,
757 .max = 32,
758 .increment = 8
759 },
760 .digest_size = {
761 .min = 16,
762 .max = 16,
763 .increment = 0
764 },
765 .aad_size = {
766 .min = 8,
767 .max = 12,
768 .increment = 4
769 },
770 .iv_size = {
771 .min = 12,
772 .max = 12,
773 .increment = 0
774 }
775 }, }
776 }, }
777 },
778 { /* AES CTR */
779 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
780 {.sym = {
781 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
782 {.cipher = {
783 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
784 .block_size = 16,
785 .key_size = {
786 .min = 16,
787 .max = 32,
788 .increment = 8
789 },
790 .iv_size = {
791 .min = 12,
792 .max = 16,
793 .increment = 4
794 }
795 }, }
796 }, }
797 },
798 { /* AES CBC */
799 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
800 {.sym = {
801 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
802 {.cipher = {
803 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
804 .block_size = 16,
805 .key_size = {
806 .min = 16,
807 .max = 32,
808 .increment = 8
809 },
810 .iv_size = {
811 .min = 16,
812 .max = 16,
813 .increment = 0
814 }
815 }, }
816 }, }
817 },
818 { /* AES-XCBC */
819 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
820 { .sym = {
821 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
822 {.auth = {
823 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
824 .block_size = 16,
825 .key_size = {
826 .min = 16,
827 .max = 16,
828 .increment = 0
829 },
830 .digest_size = {
831 .min = 12,
832 .max = 12,
833 .increment = 0,
834 },
835 }, }
836 }, }
837 },
838 { /* AES GMAC (AUTH) */
839 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
840 {.sym = {
841 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
842 {.auth = {
843 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
844 .block_size = 16,
845 .key_size = {
846 .min = 16,
847 .max = 32,
848 .increment = 8
849 },
850 .digest_size = {
851 .min = 8,
852 .max = 16,
853 .increment = 4
854 },
855 .iv_size = {
856 .min = 12,
857 .max = 12,
858 .increment = 0
859 }
860 }, }
861 }, }
862 },
863 };
864
865 static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {
866 { /* SHA1 HMAC */
867 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
868 {.sym = {
869 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
870 {.auth = {
871 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
872 .block_size = 64,
873 .key_size = {
874 .min = 20,
875 .max = 64,
876 .increment = 1
877 },
878 .digest_size = {
879 .min = 12,
880 .max = 12,
881 .increment = 0
882 },
883 }, }
884 }, }
885 },
886 { /* SHA256 HMAC */
887 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
888 {.sym = {
889 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
890 {.auth = {
891 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
892 .block_size = 64,
893 .key_size = {
894 .min = 1,
895 .max = 1024,
896 .increment = 1
897 },
898 .digest_size = {
899 .min = 16,
900 .max = 16,
901 .increment = 0
902 },
903 }, }
904 }, }
905 },
906 { /* SHA384 HMAC */
907 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
908 {.sym = {
909 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
910 {.auth = {
911 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
912 .block_size = 64,
913 .key_size = {
914 .min = 48,
915 .max = 48,
916 .increment = 0
917 },
918 .digest_size = {
919 .min = 24,
920 .max = 24,
921 .increment = 0
922 },
923 }, }
924 }, }
925 },
926 { /* SHA512 HMAC */
927 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
928 {.sym = {
929 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
930 {.auth = {
931 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
932 .block_size = 128,
933 .key_size = {
934 .min = 64,
935 .max = 64,
936 .increment = 0
937 },
938 .digest_size = {
939 .min = 32,
940 .max = 32,
941 .increment = 0
942 },
943 }, }
944 }, }
945 },
946 };
947
948 static const struct rte_cryptodev_capabilities sec_caps_null[] = {
949 { /* NULL (CIPHER) */
950 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
951 {.sym = {
952 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
953 {.cipher = {
954 .algo = RTE_CRYPTO_CIPHER_NULL,
955 .block_size = 1,
956 .key_size = {
957 .min = 0,
958 .max = 0,
959 .increment = 0
960 },
961 .iv_size = {
962 .min = 0,
963 .max = 0,
964 .increment = 0
965 }
966 }, },
967 }, }
968 },
969 };
970
971 static const struct rte_security_capability sec_caps_templ[] = {
972 { /* IPsec Lookaside Protocol ESP Tunnel Ingress */
973 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
974 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
975 .ipsec = {
976 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
977 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
978 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
979 .options = { 0 },
980 },
981 .crypto_capabilities = NULL,
982 },
983 { /* IPsec Lookaside Protocol ESP Tunnel Egress */
984 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
985 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
986 .ipsec = {
987 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
988 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
989 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
990 .options = { 0 },
991 },
992 .crypto_capabilities = NULL,
993 },
994 { /* IPsec Lookaside Protocol ESP Transport Ingress */
995 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
996 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
997 .ipsec = {
998 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
999 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
1000 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
1001 .options = { 0 },
1002 },
1003 .crypto_capabilities = NULL,
1004 },
1005 { /* IPsec Lookaside Protocol ESP Transport Egress */
1006 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1007 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
1008 .ipsec = {
1009 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
1010 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
1011 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
1012 .options = { 0 },
1013 },
1014 .crypto_capabilities = NULL,
1015 },
1016 { /* IPsec Lookaside Protocol AH Tunnel Ingress */
1017 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1018 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
1019 .ipsec = {
1020 .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
1021 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
1022 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
1023 .options = { 0 },
1024 },
1025 .crypto_capabilities = NULL,
1026 },
1027 { /* IPsec Lookaside Protocol AH Tunnel Egress */
1028 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1029 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
1030 .ipsec = {
1031 .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
1032 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
1033 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
1034 .options = { 0 },
1035 },
1036 .crypto_capabilities = NULL,
1037 },
1038 { /* IPsec Lookaside Protocol AH Transport Ingress */
1039 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1040 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
1041 .ipsec = {
1042 .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
1043 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
1044 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
1045 .options = { 0 },
1046 },
1047 .crypto_capabilities = NULL,
1048 },
1049 { /* IPsec Lookaside Protocol AH Transport Egress */
1050 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
1051 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
1052 .ipsec = {
1053 .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH,
1054 .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
1055 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
1056 .options = { 0 },
1057 },
1058 .crypto_capabilities = NULL,
1059 },
1060 {
1061 .action = RTE_SECURITY_ACTION_TYPE_NONE
1062 }
1063 };
1064
1065 static void
cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],int * cur_pos,const struct rte_cryptodev_capabilities * caps,int nb_caps)1066 cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
1067 const struct rte_cryptodev_capabilities *caps, int nb_caps)
1068 {
1069 if (*cur_pos + nb_caps > CNXK_CPT_MAX_CAPS)
1070 return;
1071
1072 memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));
1073 *cur_pos += nb_caps;
1074 }
1075
1076 static void
cn10k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])1077 cn10k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
1078 {
1079
1080 struct rte_cryptodev_capabilities *caps;
1081 int i = 0;
1082
1083 while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1084 if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
1085 (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
1086 (caps->sym.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)) {
1087
1088 caps->sym.cipher.key_size.max = 32;
1089 caps->sym.cipher.key_size.increment = 16;
1090 caps->sym.cipher.iv_size.max = 25;
1091 caps->sym.cipher.iv_size.increment = 1;
1092 }
1093
1094 if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
1095 (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
1096 (caps->sym.auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3)) {
1097
1098 caps->sym.auth.key_size.max = 32;
1099 caps->sym.auth.key_size.increment = 16;
1100 caps->sym.auth.digest_size.max = 16;
1101 caps->sym.auth.digest_size.increment = 4;
1102 caps->sym.auth.iv_size.max = 25;
1103 caps->sym.auth.iv_size.increment = 1;
1104 }
1105 }
1106 }
1107
1108 static void
crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],union cpt_eng_caps * hw_caps)1109 crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
1110 union cpt_eng_caps *hw_caps)
1111 {
1112 int cur_pos = 0;
1113
1114 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, mul);
1115 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);
1116 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, chacha20);
1117 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, zuc_snow3g);
1118 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);
1119 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, kasumi);
1120 CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, des);
1121
1122 cpt_caps_add(cnxk_caps, &cur_pos, caps_null, RTE_DIM(caps_null));
1123 cpt_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
1124
1125 if (roc_model_is_cn10k())
1126 cn10k_crypto_caps_update(cnxk_caps);
1127 }
1128
1129 const struct rte_cryptodev_capabilities *
cnxk_crypto_capabilities_get(struct cnxk_cpt_vf * vf)1130 cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf)
1131 {
1132 return vf->crypto_caps;
1133 }
1134
1135 static void
sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],int * cur_pos,const struct rte_cryptodev_capabilities * caps,int nb_caps)1136 sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
1137 const struct rte_cryptodev_capabilities *caps, int nb_caps)
1138 {
1139 if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS) {
1140 rte_panic("Could not add sec crypto caps");
1141 return;
1142 }
1143
1144 memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));
1145 *cur_pos += nb_caps;
1146 }
1147
1148 static void
cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[],int * cur_pos)1149 cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[],
1150 int *cur_pos)
1151 {
1152 const struct rte_cryptodev_capabilities *cap;
1153 unsigned int i;
1154
1155 if ((CNXK_SEC_CRYPTO_MAX_CAPS - *cur_pos) < 1) {
1156 rte_panic("Could not add sec crypto caps");
1157 return;
1158 }
1159
1160 /* NULL auth */
1161 for (i = 0; i < RTE_DIM(caps_null); i++) {
1162 cap = &caps_null[i];
1163 if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH &&
1164 cap->sym.auth.algo == RTE_CRYPTO_AUTH_NULL) {
1165 cnxk_caps[*cur_pos] = caps_null[i];
1166 *cur_pos += 1;
1167 }
1168 }
1169 }
1170
1171 static void
cn9k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])1172 cn9k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
1173 {
1174
1175 struct rte_cryptodev_capabilities *caps;
1176 int i = 0;
1177
1178 while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
1179 if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
1180 (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
1181 (caps->sym.auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
1182 caps->sym.auth.key_size.min = 32;
1183 caps->sym.auth.key_size.max = 64;
1184 caps->sym.auth.key_size.increment = 1;
1185
1186 break;
1187 }
1188 }
1189 }
1190
1191 static void
sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],union cpt_eng_caps * hw_caps)1192 sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
1193 union cpt_eng_caps *hw_caps)
1194 {
1195 int cur_pos = 0;
1196
1197 SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);
1198 SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);
1199
1200 if (roc_model_is_cn10k())
1201 cn10k_sec_crypto_caps_update(cnxk_caps, &cur_pos);
1202 else
1203 cn9k_sec_crypto_caps_update(cnxk_caps);
1204
1205 sec_caps_add(cnxk_caps, &cur_pos, sec_caps_null,
1206 RTE_DIM(sec_caps_null));
1207 sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
1208 }
1209
1210 static void
cnxk_sec_caps_update(struct rte_security_capability * sec_cap)1211 cnxk_sec_caps_update(struct rte_security_capability *sec_cap)
1212 {
1213 sec_cap->ipsec.options.udp_encap = 1;
1214 sec_cap->ipsec.options.copy_df = 1;
1215 sec_cap->ipsec.options.copy_dscp = 1;
1216 }
1217
1218 static void
cn10k_sec_caps_update(struct rte_security_capability * sec_cap)1219 cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
1220 {
1221 if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
1222 #ifdef LA_IPSEC_DEBUG
1223 sec_cap->ipsec.options.iv_gen_disable = 1;
1224 #endif
1225 } else {
1226 sec_cap->ipsec.options.udp_ports_verify = 1;
1227 if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
1228 sec_cap->ipsec.options.tunnel_hdr_verify =
1229 RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
1230 }
1231 sec_cap->ipsec.options.dec_ttl = 1;
1232 sec_cap->ipsec.options.ip_csum_enable = 1;
1233 sec_cap->ipsec.options.l4_csum_enable = 1;
1234 sec_cap->ipsec.options.stats = 1;
1235 sec_cap->ipsec.options.esn = 1;
1236 sec_cap->ipsec.replay_win_sz_max = ROC_AR_WIN_SIZE_MAX;
1237 }
1238
1239 static void
cn9k_sec_caps_update(struct rte_security_capability * sec_cap)1240 cn9k_sec_caps_update(struct rte_security_capability *sec_cap)
1241 {
1242 if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
1243 #ifdef LA_IPSEC_DEBUG
1244 sec_cap->ipsec.options.iv_gen_disable = 1;
1245 #endif
1246 }
1247 sec_cap->ipsec.replay_win_sz_max = CNXK_ON_AR_WIN_SIZE_MAX;
1248 }
1249
1250 void
cnxk_cpt_caps_populate(struct cnxk_cpt_vf * vf)1251 cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
1252 {
1253 unsigned long i;
1254
1255 crypto_caps_populate(vf->crypto_caps, vf->cpt.hw_caps);
1256 sec_crypto_caps_populate(vf->sec_crypto_caps, vf->cpt.hw_caps);
1257
1258 PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));
1259 memcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ));
1260
1261 for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++) {
1262 vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps;
1263
1264 cnxk_sec_caps_update(&vf->sec_caps[i]);
1265
1266 if (roc_model_is_cn10k())
1267 cn10k_sec_caps_update(&vf->sec_caps[i]);
1268
1269 if (roc_model_is_cn9k())
1270 cn9k_sec_caps_update(&vf->sec_caps[i]);
1271
1272 }
1273 }
1274
1275 const struct rte_security_capability *
cnxk_crypto_sec_capabilities_get(void * device)1276 cnxk_crypto_sec_capabilities_get(void *device)
1277 {
1278 struct rte_cryptodev *dev = device;
1279 struct cnxk_cpt_vf *vf;
1280
1281 vf = dev->data->dev_private;
1282 return vf->sec_caps;
1283 }
1284