1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved. 4 * Copyright 2016,2020-2021 NXP 5 * 6 */ 7 8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_ 9 #define _DPAA2_SEC_PMD_PRIVATE_H_ 10 11 #ifdef RTE_LIB_SECURITY 12 #include <rte_security_driver.h> 13 #endif 14 15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec 16 /**< NXP DPAA2 - SEC PMD device name */ 17 18 extern uint8_t cryptodev_driver_id; 19 20 /* FLE_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 21 #define FLE_POOL_NUM_BUFS 32000 22 #define FLE_POOL_BUF_SIZE 256 23 #define FLE_POOL_CACHE_SIZE 512 24 #define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32)) 25 #define SEC_FLC_DHR_OUTBOUND -114 26 #define SEC_FLC_DHR_INBOUND 0 27 28 #define MAX_QUEUES 64 29 #define MAX_DESC_SIZE 64 30 /** private data structure for each DPAA2_SEC device */ 31 struct dpaa2_sec_dev_private { 32 void *mc_portal; /**< MC Portal for configuring this device */ 33 void *hw; /**< Hardware handle for this device.Used by NADK framework */ 34 struct rte_mempool *fle_pool; /* per device memory pool for FLE */ 35 int32_t hw_id; /**< An unique ID of this device instance */ 36 int32_t vfio_fd; /**< File descriptor received via VFIO */ 37 uint16_t token; /**< Token required by DPxxx objects */ 38 unsigned int max_nb_queue_pairs; 39 /**< Max number of queue pairs supported by device */ 40 uint8_t en_ordered; 41 uint8_t en_loose_ordered; 42 }; 43 44 struct dpaa2_sec_qp { 45 struct dpaa2_queue rx_vq; 46 struct dpaa2_queue tx_vq; 47 }; 48 49 enum shr_desc_type { 50 DESC_UPDATE, 51 DESC_FINAL, 52 DESC_INITFINAL, 53 }; 54 55 #define DIR_ENC 1 56 #define DIR_DEC 0 57 58 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000 59 60 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1) 61 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1) 62 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000) 63 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000) 64 65 /* SEC Flow Context Descriptor */ 66 struct sec_flow_context { 67 /* word 0 */ 68 uint16_t word0_sdid; /* 11-0 SDID */ 69 uint16_t word0_res; /* 31-12 reserved */ 70 71 /* word 1 */ 72 uint8_t word1_sdl; /* 5-0 SDL */ 73 /* 7-6 reserved */ 74 75 uint8_t word1_bits_15_8; /* 11-8 CRID */ 76 /* 14-12 reserved */ 77 /* 15 CRJD */ 78 79 uint8_t word1_bits23_16; /* 16 EWS */ 80 /* 17 DAC */ 81 /* 18,19,20 ? */ 82 /* 23-21 reserved */ 83 84 uint8_t word1_bits31_24; /* 24 RSC */ 85 /* 25 RBMT */ 86 /* 31-26 reserved */ 87 88 /* word 2 RFLC[31-0] */ 89 uint32_t word2_rflc_31_0; 90 91 /* word 3 RFLC[63-32] */ 92 uint32_t word3_rflc_63_32; 93 94 /* word 4 */ 95 uint16_t word4_iicid; /* 15-0 IICID */ 96 uint16_t word4_oicid; /* 31-16 OICID */ 97 98 /* word 5 */ 99 uint32_t word5_ofqid:24; /* 23-0 OFQID */ 100 uint32_t word5_31_24:8; 101 /* 24 OSC */ 102 /* 25 OBMT */ 103 /* 29-26 reserved */ 104 /* 31-30 ICR */ 105 106 /* word 6 */ 107 uint32_t word6_oflc_31_0; 108 109 /* word 7 */ 110 uint32_t word7_oflc_63_32; 111 112 /* Word 8-15 storage profiles */ 113 uint16_t dl; /**< DataLength(correction) */ 114 uint16_t reserved; /**< reserved */ 115 uint16_t dhr; /**< DataHeadRoom(correction) */ 116 uint16_t mode_bits; /**< mode bits */ 117 uint16_t bpv0; /**< buffer pool0 valid */ 118 uint16_t bpid0; /**< Bypass Memory Translation */ 119 uint16_t bpv1; /**< buffer pool1 valid */ 120 uint16_t bpid1; /**< Bypass Memory Translation */ 121 uint64_t word_12_15[2]; /**< word 12-15 are reserved */ 122 }; 123 124 struct sec_flc_desc { 125 struct sec_flow_context flc; 126 uint32_t desc[MAX_DESC_SIZE]; 127 }; 128 129 struct ctxt_priv { 130 struct rte_mempool *fle_pool; /* per device memory pool for FLE */ 131 struct sec_flc_desc flc_desc[0]; 132 }; 133 134 enum dpaa2_sec_op_type { 135 DPAA2_SEC_NONE, /*!< No Cipher operations*/ 136 DPAA2_SEC_CIPHER,/*!< CIPHER operations */ 137 DPAA2_SEC_AUTH, /*!< Authentication Operations */ 138 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 139 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 140 * associated data 141 */ 142 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 143 * associated data 144 */ 145 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/ 146 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/ 147 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */ 148 DPAA2_SEC_MAX 149 }; 150 151 struct dpaa2_sec_aead_ctxt { 152 uint16_t auth_only_len; /*!< Length of data for Auth only */ 153 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */ 154 }; 155 156 #ifdef RTE_LIB_SECURITY 157 /* 158 * The structure is to be filled by user for PDCP Protocol 159 */ 160 struct dpaa2_pdcp_ctxt { 161 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 162 int8_t bearer; /*!< PDCP bearer ID */ 163 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 164 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 165 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 166 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 167 * per packet hfn is stored 168 */ 169 uint32_t hfn; /*!< Hyper Frame Number */ 170 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 171 }; 172 #endif 173 174 typedef int (*dpaa2_sec_build_fd_t)( 175 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec, 176 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs, 177 struct rte_crypto_va_iova_ptr *iv, 178 struct rte_crypto_va_iova_ptr *digest, 179 struct rte_crypto_va_iova_ptr *aad_or_auth_iv, 180 void *user_data); 181 182 typedef int (*dpaa2_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx, 183 struct rte_crypto_sgl *sgl, 184 struct rte_crypto_sgl *dest_sgl, 185 struct rte_crypto_va_iova_ptr *iv, 186 struct rte_crypto_va_iova_ptr *digest, 187 struct rte_crypto_va_iova_ptr *auth_iv, 188 union rte_crypto_sym_ofs ofs, 189 void *userdata, 190 struct qbman_fd *fd); 191 192 typedef struct dpaa2_sec_session_entry { 193 void *ctxt; 194 uint8_t ctxt_type; 195 uint8_t dir; /*!< Operation Direction */ 196 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 197 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 198 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 199 dpaa2_sec_build_fd_t build_fd; 200 dpaa2_sec_build_raw_dp_fd_t build_raw_dp_fd; 201 union { 202 struct { 203 uint8_t *data; /**< pointer to key data */ 204 size_t length; /**< key length in bytes */ 205 } aead_key; 206 struct { 207 struct { 208 uint8_t *data; /**< pointer to key data */ 209 size_t length; /**< key length in bytes */ 210 } cipher_key; 211 struct { 212 uint8_t *data; /**< pointer to key data */ 213 size_t length; /**< key length in bytes */ 214 } auth_key; 215 }; 216 }; 217 union { 218 struct { 219 struct { 220 uint16_t length; /**< IV length in bytes */ 221 uint16_t offset; /**< IV offset in bytes */ 222 } iv; 223 uint16_t digest_length; 224 uint8_t status; 225 union { 226 struct dpaa2_sec_aead_ctxt aead_ctxt; 227 } ext_params; 228 }; 229 #ifdef RTE_LIB_SECURITY 230 struct dpaa2_pdcp_ctxt pdcp; 231 #endif 232 }; 233 } dpaa2_sec_session; 234 235 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = { 236 /* Symmetric capabilities */ 237 { /* MD5 */ 238 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 239 {.sym = { 240 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 241 {.auth = { 242 .algo = RTE_CRYPTO_AUTH_MD5, 243 .block_size = 64, 244 .key_size = { 245 .min = 0, 246 .max = 0, 247 .increment = 0 248 }, 249 .digest_size = { 250 .min = 16, 251 .max = 16, 252 .increment = 0 253 }, 254 .iv_size = { 0 } 255 }, } 256 }, } 257 }, 258 { /* MD5 HMAC */ 259 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 260 {.sym = { 261 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 262 {.auth = { 263 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 264 .block_size = 64, 265 .key_size = { 266 .min = 1, 267 .max = 64, 268 .increment = 1 269 }, 270 .digest_size = { 271 .min = 1, 272 .max = 16, 273 .increment = 1 274 }, 275 .iv_size = { 0 } 276 }, } 277 }, } 278 }, 279 { /* SHA1 */ 280 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 281 {.sym = { 282 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 283 {.auth = { 284 .algo = RTE_CRYPTO_AUTH_SHA1, 285 .block_size = 64, 286 .key_size = { 287 .min = 0, 288 .max = 0, 289 .increment = 0 290 }, 291 .digest_size = { 292 .min = 20, 293 .max = 20, 294 .increment = 0 295 }, 296 .iv_size = { 0 } 297 }, } 298 }, } 299 }, 300 { /* SHA1 HMAC */ 301 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 302 {.sym = { 303 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 304 {.auth = { 305 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 306 .block_size = 64, 307 .key_size = { 308 .min = 1, 309 .max = 64, 310 .increment = 1 311 }, 312 .digest_size = { 313 .min = 1, 314 .max = 20, 315 .increment = 1 316 }, 317 .iv_size = { 0 } 318 }, } 319 }, } 320 }, 321 { /* SHA224 */ 322 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 323 {.sym = { 324 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 325 {.auth = { 326 .algo = RTE_CRYPTO_AUTH_SHA224, 327 .block_size = 64, 328 .key_size = { 329 .min = 0, 330 .max = 0, 331 .increment = 0 332 }, 333 .digest_size = { 334 .min = 28, 335 .max = 28, 336 .increment = 0 337 }, 338 .iv_size = { 0 } 339 }, } 340 }, } 341 }, 342 { /* SHA224 HMAC */ 343 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 344 {.sym = { 345 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 346 {.auth = { 347 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 348 .block_size = 64, 349 .key_size = { 350 .min = 1, 351 .max = 64, 352 .increment = 1 353 }, 354 .digest_size = { 355 .min = 1, 356 .max = 28, 357 .increment = 1 358 }, 359 .iv_size = { 0 } 360 }, } 361 }, } 362 }, 363 { /* SHA256 */ 364 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 365 {.sym = { 366 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 367 {.auth = { 368 .algo = RTE_CRYPTO_AUTH_SHA256, 369 .block_size = 64, 370 .key_size = { 371 .min = 0, 372 .max = 0, 373 .increment = 0 374 }, 375 .digest_size = { 376 .min = 32, 377 .max = 32, 378 .increment = 0 379 }, 380 .iv_size = { 0 } 381 }, } 382 }, } 383 }, 384 { /* SHA256 HMAC */ 385 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 386 {.sym = { 387 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 388 {.auth = { 389 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 390 .block_size = 64, 391 .key_size = { 392 .min = 1, 393 .max = 64, 394 .increment = 1 395 }, 396 .digest_size = { 397 .min = 1, 398 .max = 32, 399 .increment = 1 400 }, 401 .iv_size = { 0 } 402 }, } 403 }, } 404 }, 405 { /* SHA384 */ 406 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 407 {.sym = { 408 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 409 {.auth = { 410 .algo = RTE_CRYPTO_AUTH_SHA384, 411 .block_size = 64, 412 .key_size = { 413 .min = 0, 414 .max = 0, 415 .increment = 0 416 }, 417 .digest_size = { 418 .min = 48, 419 .max = 48, 420 .increment = 0 421 }, 422 .iv_size = { 0 } 423 }, } 424 }, } 425 }, 426 { /* SHA384 HMAC */ 427 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 428 {.sym = { 429 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 430 {.auth = { 431 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 432 .block_size = 128, 433 .key_size = { 434 .min = 1, 435 .max = 128, 436 .increment = 1 437 }, 438 .digest_size = { 439 .min = 1, 440 .max = 48, 441 .increment = 1 442 }, 443 .iv_size = { 0 } 444 }, } 445 }, } 446 }, 447 { /* SHA512 */ 448 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 449 {.sym = { 450 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 451 {.auth = { 452 .algo = RTE_CRYPTO_AUTH_SHA512, 453 .block_size = 128, 454 .key_size = { 455 .min = 0, 456 .max = 0, 457 .increment = 0 458 }, 459 .digest_size = { 460 .min = 64, 461 .max = 64, 462 .increment = 0 463 }, 464 .iv_size = { 0 } 465 }, } 466 }, } 467 }, 468 { /* SHA512 HMAC */ 469 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 470 {.sym = { 471 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 472 {.auth = { 473 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 474 .block_size = 128, 475 .key_size = { 476 .min = 1, 477 .max = 128, 478 .increment = 1 479 }, 480 .digest_size = { 481 .min = 1, 482 .max = 64, 483 .increment = 1 484 }, 485 .iv_size = { 0 } 486 }, } 487 }, } 488 }, 489 { /* AES GCM */ 490 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 491 {.sym = { 492 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 493 {.aead = { 494 .algo = RTE_CRYPTO_AEAD_AES_GCM, 495 .block_size = 16, 496 .key_size = { 497 .min = 16, 498 .max = 32, 499 .increment = 8 500 }, 501 .digest_size = { 502 .min = 8, 503 .max = 16, 504 .increment = 4 505 }, 506 .aad_size = { 507 .min = 0, 508 .max = 240, 509 .increment = 1 510 }, 511 .iv_size = { 512 .min = 12, 513 .max = 12, 514 .increment = 0 515 }, 516 }, } 517 }, } 518 }, 519 { /* AES XCBC HMAC */ 520 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 521 {.sym = { 522 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 523 {.auth = { 524 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 525 .block_size = 16, 526 .key_size = { 527 .min = 1, 528 .max = 16, 529 .increment = 1 530 }, 531 .digest_size = { 532 .min = 12, 533 .max = 16, 534 .increment = 4 535 }, 536 .aad_size = { 0 }, 537 .iv_size = { 0 } 538 }, } 539 }, } 540 }, 541 { /* AES CMAC */ 542 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 543 {.sym = { 544 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 545 {.auth = { 546 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 547 .block_size = 16, 548 .key_size = { 549 .min = 1, 550 .max = 16, 551 .increment = 1 552 }, 553 .digest_size = { 554 .min = 12, 555 .max = 16, 556 .increment = 4 557 }, 558 .aad_size = { 0 }, 559 .iv_size = { 0 } 560 }, } 561 }, } 562 }, 563 { /* AES CBC */ 564 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 565 {.sym = { 566 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 567 {.cipher = { 568 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 569 .block_size = 16, 570 .key_size = { 571 .min = 16, 572 .max = 32, 573 .increment = 8 574 }, 575 .iv_size = { 576 .min = 16, 577 .max = 16, 578 .increment = 0 579 } 580 }, } 581 }, } 582 }, 583 { /* AES CTR */ 584 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 585 {.sym = { 586 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 587 {.cipher = { 588 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 589 .block_size = 16, 590 .key_size = { 591 .min = 16, 592 .max = 32, 593 .increment = 8 594 }, 595 .iv_size = { 596 .min = 16, 597 .max = 16, 598 .increment = 0 599 }, 600 }, } 601 }, } 602 }, 603 { /* DES CBC */ 604 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 605 {.sym = { 606 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 607 {.cipher = { 608 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 609 .block_size = 8, 610 .key_size = { 611 .min = 8, 612 .max = 8, 613 .increment = 0 614 }, 615 .iv_size = { 616 .min = 8, 617 .max = 8, 618 .increment = 0 619 } 620 }, } 621 }, } 622 }, 623 { /* 3DES CBC */ 624 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 625 {.sym = { 626 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 627 {.cipher = { 628 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 629 .block_size = 8, 630 .key_size = { 631 .min = 16, 632 .max = 24, 633 .increment = 8 634 }, 635 .iv_size = { 636 .min = 8, 637 .max = 8, 638 .increment = 0 639 } 640 }, } 641 }, } 642 }, 643 { /* SNOW 3G (UIA2) */ 644 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 645 {.sym = { 646 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 647 {.auth = { 648 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 649 .block_size = 16, 650 .key_size = { 651 .min = 16, 652 .max = 16, 653 .increment = 0 654 }, 655 .digest_size = { 656 .min = 4, 657 .max = 4, 658 .increment = 0 659 }, 660 .iv_size = { 661 .min = 16, 662 .max = 16, 663 .increment = 0 664 } 665 }, } 666 }, } 667 }, 668 { /* SNOW 3G (UEA2) */ 669 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 670 {.sym = { 671 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 672 {.cipher = { 673 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 674 .block_size = 16, 675 .key_size = { 676 .min = 16, 677 .max = 16, 678 .increment = 0 679 }, 680 .iv_size = { 681 .min = 16, 682 .max = 16, 683 .increment = 0 684 } 685 }, } 686 }, } 687 }, 688 { /* ZUC (EEA3) */ 689 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 690 {.sym = { 691 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 692 {.cipher = { 693 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 694 .block_size = 16, 695 .key_size = { 696 .min = 16, 697 .max = 16, 698 .increment = 0 699 }, 700 .iv_size = { 701 .min = 16, 702 .max = 16, 703 .increment = 0 704 } 705 }, } 706 }, } 707 }, 708 { /* ZUC (EIA3) */ 709 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 710 {.sym = { 711 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 712 {.auth = { 713 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 714 .block_size = 16, 715 .key_size = { 716 .min = 16, 717 .max = 16, 718 .increment = 0 719 }, 720 .digest_size = { 721 .min = 4, 722 .max = 4, 723 .increment = 0 724 }, 725 .iv_size = { 726 .min = 16, 727 .max = 16, 728 .increment = 0 729 } 730 }, } 731 }, } 732 }, 733 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 734 }; 735 736 #ifdef RTE_LIB_SECURITY 737 738 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = { 739 { /* SNOW 3G (UIA2) */ 740 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 741 {.sym = { 742 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 743 {.auth = { 744 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 745 .block_size = 16, 746 .key_size = { 747 .min = 16, 748 .max = 16, 749 .increment = 0 750 }, 751 .digest_size = { 752 .min = 4, 753 .max = 4, 754 .increment = 0 755 }, 756 .iv_size = { 757 .min = 16, 758 .max = 16, 759 .increment = 0 760 } 761 }, } 762 }, } 763 }, 764 { /* SNOW 3G (UEA2) */ 765 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 766 {.sym = { 767 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 768 {.cipher = { 769 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 770 .block_size = 16, 771 .key_size = { 772 .min = 16, 773 .max = 16, 774 .increment = 0 775 }, 776 .iv_size = { 777 .min = 16, 778 .max = 16, 779 .increment = 0 780 } 781 }, } 782 }, } 783 }, 784 { /* AES CTR */ 785 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 786 {.sym = { 787 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 788 {.cipher = { 789 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 790 .block_size = 16, 791 .key_size = { 792 .min = 16, 793 .max = 32, 794 .increment = 8 795 }, 796 .iv_size = { 797 .min = 16, 798 .max = 16, 799 .increment = 0 800 } 801 }, } 802 }, } 803 }, 804 { /* NULL (AUTH) */ 805 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 806 {.sym = { 807 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 808 {.auth = { 809 .algo = RTE_CRYPTO_AUTH_NULL, 810 .block_size = 1, 811 .key_size = { 812 .min = 0, 813 .max = 0, 814 .increment = 0 815 }, 816 .digest_size = { 817 .min = 0, 818 .max = 0, 819 .increment = 0 820 }, 821 .iv_size = { 0 } 822 }, }, 823 }, }, 824 }, 825 { /* NULL (CIPHER) */ 826 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 827 {.sym = { 828 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 829 {.cipher = { 830 .algo = RTE_CRYPTO_CIPHER_NULL, 831 .block_size = 1, 832 .key_size = { 833 .min = 0, 834 .max = 0, 835 .increment = 0 836 }, 837 .iv_size = { 838 .min = 0, 839 .max = 0, 840 .increment = 0 841 } 842 }, }, 843 }, } 844 }, 845 { /* ZUC (EEA3) */ 846 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 847 {.sym = { 848 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 849 {.cipher = { 850 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 851 .block_size = 16, 852 .key_size = { 853 .min = 16, 854 .max = 16, 855 .increment = 0 856 }, 857 .iv_size = { 858 .min = 16, 859 .max = 16, 860 .increment = 0 861 } 862 }, } 863 }, } 864 }, 865 { /* ZUC (EIA3) */ 866 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 867 {.sym = { 868 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 869 {.auth = { 870 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 871 .block_size = 16, 872 .key_size = { 873 .min = 16, 874 .max = 16, 875 .increment = 0 876 }, 877 .digest_size = { 878 .min = 4, 879 .max = 4, 880 .increment = 0 881 }, 882 .iv_size = { 883 .min = 16, 884 .max = 16, 885 .increment = 0 886 } 887 }, } 888 }, } 889 }, 890 891 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 892 }; 893 894 static const struct rte_security_capability dpaa2_sec_security_cap[] = { 895 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 896 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 897 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 898 .ipsec = { 899 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 900 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 901 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 902 .options = { 0 }, 903 .replay_win_sz_max = 128 904 }, 905 .crypto_capabilities = dpaa2_sec_capabilities 906 }, 907 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 908 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 909 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 910 .ipsec = { 911 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 912 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 913 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 914 .options = { 0 }, 915 .replay_win_sz_max = 128 916 }, 917 .crypto_capabilities = dpaa2_sec_capabilities 918 }, 919 { /* PDCP Lookaside Protocol offload Data */ 920 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 921 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 922 .pdcp = { 923 .domain = RTE_SECURITY_PDCP_MODE_DATA, 924 .capa_flags = 0 925 }, 926 .crypto_capabilities = dpaa2_pdcp_capabilities 927 }, 928 { /* PDCP Lookaside Protocol offload Control */ 929 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 930 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 931 .pdcp = { 932 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 933 .capa_flags = 0 934 }, 935 .crypto_capabilities = dpaa2_pdcp_capabilities 936 }, 937 { /* PDCP Lookaside Protocol offload Short MAC */ 938 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 939 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 940 .pdcp = { 941 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, 942 .capa_flags = 0 943 }, 944 .crypto_capabilities = dpaa2_pdcp_capabilities 945 }, 946 { 947 .action = RTE_SECURITY_ACTION_TYPE_NONE 948 } 949 }; 950 #endif 951 /** 952 * Checksum 953 * 954 * @param buffer calculate chksum for buffer 955 * @param len buffer length 956 * 957 * @return checksum value in host cpu order 958 */ 959 static inline uint16_t 960 calc_chksum(void *buffer, int len) 961 { 962 uint16_t *buf = (uint16_t *)buffer; 963 uint32_t sum = 0; 964 uint16_t result; 965 966 for (sum = 0; len > 1; len -= 2) 967 sum += *buf++; 968 969 if (len == 1) 970 sum += *(unsigned char *)buf; 971 972 sum = (sum >> 16) + (sum & 0xFFFF); 973 sum += (sum >> 16); 974 result = ~sum; 975 976 return result; 977 } 978 979 int 980 dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, 981 struct rte_crypto_raw_dp_ctx *raw_dp_ctx, 982 enum rte_crypto_op_sess_type sess_type, 983 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update); 984 985 int 986 dpaa2_sec_get_dp_ctx_size(struct rte_cryptodev *dev); 987 988 989 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */ 990