1 /* SPDX-License-Identifier: BSD-3-Clause
2 *
3 * Copyright 2016-2022 NXP
4 *
5 */
6
7 #ifndef _DPAA_SEC_H_
8 #define _DPAA_SEC_H_
9
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
12
13 #define SEC_BASE_ADDR 0x1700000
14 #define MAP_SIZE 0x100000
15 #define BLOCK_OFFSET 0x10000
16 #define CMD_REG 0x4
17 #define QICTL_DQEN 0x01
18 #define QI_BLOCK_NUMBER 7
19 #define MAX_DPAA_CORES 4
20 #define NUM_POOL_CHANNELS 4
21 #define DPAA_SEC_BURST 7
22 #define DPAA_SEC_ALG_UNSUPPORT (-1)
23 #define TDES_CBC_IV_LEN 8
24 #define AES_CBC_IV_LEN 16
25 #define AES_CTR_IV_LEN 16
26 #define AES_GCM_IV_LEN 12
27
28 extern uint8_t dpaa_cryptodev_driver_id;
29
30 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
31
32 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
33 * a pointer to the shared descriptor.
34 */
35 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
36 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
37 #define CTX_POOL_NUM_BUFS 32000
38 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
39 #define CTX_POOL_CACHE_SIZE 512
40 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
41
42 #define DIR_ENC 1
43 #define DIR_DEC 0
44
45 enum dpaa_sec_op_type {
46 DPAA_SEC_NONE, /*!< No Cipher operations*/
47 DPAA_SEC_CIPHER,/*!< CIPHER operations */
48 DPAA_SEC_AUTH, /*!< Authentication Operations */
49 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
50 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
51 * associated data
52 */
53 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
54 * associated data
55 */
56 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
57 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
58 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
59 DPAA_SEC_MAX
60 };
61
62 #define DPAA_SEC_MAX_DESC_SIZE 64
63 /* code or cmd block to caam */
64 struct sec_cdb {
65 struct {
66 union {
67 uint32_t word;
68 struct {
69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
70 uint16_t rsvd63_48;
71 unsigned int rsvd47_39:9;
72 unsigned int idlen:7;
73 #else
74 unsigned int idlen:7;
75 unsigned int rsvd47_39:9;
76 uint16_t rsvd63_48;
77 #endif
78 } field;
79 } __packed hi;
80
81 union {
82 uint32_t word;
83 struct {
84 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
85 unsigned int rsvd31_30:2;
86 unsigned int fsgt:1;
87 unsigned int lng:1;
88 unsigned int offset:2;
89 unsigned int abs:1;
90 unsigned int add_buf:1;
91 uint8_t pool_id;
92 uint16_t pool_buffer_size;
93 #else
94 uint16_t pool_buffer_size;
95 uint8_t pool_id;
96 unsigned int add_buf:1;
97 unsigned int abs:1;
98 unsigned int offset:2;
99 unsigned int lng:1;
100 unsigned int fsgt:1;
101 unsigned int rsvd31_30:2;
102 #endif
103 } field;
104 } __packed lo;
105 } __packed sh_hdr;
106
107 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
108 };
109 #ifdef RTE_LIB_SECURITY
110 /*!
111 * The structure is to be filled by user as a part of
112 * dpaa_sec_proto_ctxt for PDCP Protocol
113 */
114 struct sec_pdcp_ctxt {
115 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
116 int8_t bearer; /*!< PDCP bearer ID */
117 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
118 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
119 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
120 uint8_t sdap_enabled; /*!< SDAP header is enabled */
121 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
122 * per packet hfn is stored
123 */
124 uint32_t hfn; /*!< Hyper Frame Number */
125 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
126 };
127 #endif
128
129 typedef int (*dpaa_sec_build_fd_t)(
130 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
131 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
132 struct rte_crypto_va_iova_ptr *iv,
133 struct rte_crypto_va_iova_ptr *digest,
134 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
135 void *user_data);
136
137 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
138 struct rte_crypto_sgl *sgl,
139 struct rte_crypto_sgl *dest_sgl,
140 struct rte_crypto_va_iova_ptr *iv,
141 struct rte_crypto_va_iova_ptr *digest,
142 struct rte_crypto_va_iova_ptr *auth_iv,
143 union rte_crypto_sym_ofs ofs,
144 void *userdata,
145 struct qm_fd *fd);
146
147 typedef struct dpaa_sec_session_entry {
148 struct sec_cdb cdb; /**< cmd block associated with qp */
149 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
150 struct qman_fq *inq[MAX_DPAA_CORES];
151 uint8_t dir; /*!< Operation Direction */
152 uint8_t ctxt; /*!< Session Context Type */
153 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
154 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
155 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
156 #ifdef RTE_LIB_SECURITY
157 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
158 #endif
159 dpaa_sec_build_fd_t build_fd;
160 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd;
161 union {
162 struct {
163 uint8_t *data; /**< pointer to key data */
164 size_t length; /**< key length in bytes */
165 uint32_t alg;
166 uint32_t algmode;
167 } aead_key;
168 struct {
169 struct {
170 uint8_t *data; /**< pointer to key data */
171 size_t length; /**< key length in bytes */
172 uint32_t alg;
173 uint32_t algmode;
174 } cipher_key;
175 struct {
176 uint8_t *data; /**< pointer to key data */
177 size_t length; /**< key length in bytes */
178 uint32_t alg;
179 uint32_t algmode;
180 } auth_key;
181 };
182 };
183 union {
184 struct {
185 struct {
186 uint16_t length;
187 uint16_t offset;
188 } iv; /**< Initialisation vector parameters */
189 uint16_t auth_only_len;
190 /*!< Length of data for Auth only */
191 uint32_t digest_length;
192 struct ipsec_decap_pdb decap_pdb;
193 struct ipsec_encap_pdb encap_pdb;
194 union {
195 struct ip ip4_hdr;
196 struct rte_ipv6_hdr ip6_hdr;
197 };
198 uint8_t auth_cipher_text;
199 /**< Authenticate/cipher ordering */
200 };
201 #ifdef RTE_LIB_SECURITY
202 struct sec_pdcp_ctxt pdcp;
203 #endif
204 };
205 } dpaa_sec_session;
206
207 struct dpaa_sec_qp {
208 struct dpaa_sec_dev_private *internals;
209 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
210 struct qman_fq outq;
211 int rx_pkts;
212 int rx_errs;
213 int tx_pkts;
214 int tx_errs;
215 };
216
217 #define RTE_DPAA_MAX_NB_SEC_QPS 2
218 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
219 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
220
221 /* internal sec queue interface */
222 struct dpaa_sec_dev_private {
223 void *sec_hw;
224 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
225 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
226 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
227 unsigned int max_nb_queue_pairs;
228 unsigned int max_nb_sessions;
229 rte_spinlock_t lock;
230 };
231
232 #define MAX_SG_ENTRIES 16
233 #define MAX_JOB_SG_ENTRIES 36
234
235 struct dpaa_sec_job {
236 /* sg[0] output, sg[1] input, others are possible sub frames */
237 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
238 };
239
240 #define DPAA_MAX_NB_MAX_DIGEST 64
241 struct dpaa_sec_op_ctx {
242 struct dpaa_sec_job job;
243 union {
244 struct rte_crypto_op *op;
245 void *userdata;
246 };
247 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
248 uint32_t fd_status;
249 int64_t vtop_offset;
250 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
251 };
252
253 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
254 { /* NULL (AUTH) */
255 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
256 {.sym = {
257 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
258 {.auth = {
259 .algo = RTE_CRYPTO_AUTH_NULL,
260 .block_size = 1,
261 .key_size = {
262 .min = 0,
263 .max = 0,
264 .increment = 0
265 },
266 .digest_size = {
267 .min = 0,
268 .max = 0,
269 .increment = 0
270 },
271 .iv_size = { 0 }
272 }, },
273 }, },
274 },
275 { /* MD5 */
276 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
277 {.sym = {
278 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
279 {.auth = {
280 .algo = RTE_CRYPTO_AUTH_MD5,
281 .block_size = 64,
282 .key_size = {
283 .min = 0,
284 .max = 0,
285 .increment = 0
286 },
287 .digest_size = {
288 .min = 16,
289 .max = 16,
290 .increment = 0
291 },
292 .iv_size = { 0 }
293 }, }
294 }, }
295 },
296 { /* MD5 HMAC */
297 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
298 {.sym = {
299 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
300 {.auth = {
301 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
302 .block_size = 64,
303 .key_size = {
304 .min = 1,
305 .max = 64,
306 .increment = 1
307 },
308 .digest_size = {
309 .min = 1,
310 .max = 16,
311 .increment = 1
312 },
313 .iv_size = { 0 }
314 }, }
315 }, }
316 },
317 { /* SHA1 */
318 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
319 {.sym = {
320 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
321 {.auth = {
322 .algo = RTE_CRYPTO_AUTH_SHA1,
323 .block_size = 64,
324 .key_size = {
325 .min = 0,
326 .max = 0,
327 .increment = 0
328 },
329 .digest_size = {
330 .min = 20,
331 .max = 20,
332 .increment = 0
333 },
334 .iv_size = { 0 }
335 }, }
336 }, }
337 },
338 { /* SHA1 HMAC */
339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
340 {.sym = {
341 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
342 {.auth = {
343 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
344 .block_size = 64,
345 .key_size = {
346 .min = 1,
347 .max = 64,
348 .increment = 1
349 },
350 .digest_size = {
351 .min = 1,
352 .max = 20,
353 .increment = 1
354 },
355 .iv_size = { 0 }
356 }, }
357 }, }
358 },
359 { /* SHA224 */
360 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
361 {.sym = {
362 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
363 {.auth = {
364 .algo = RTE_CRYPTO_AUTH_SHA224,
365 .block_size = 64,
366 .key_size = {
367 .min = 0,
368 .max = 0,
369 .increment = 0
370 },
371 .digest_size = {
372 .min = 28,
373 .max = 28,
374 .increment = 0
375 },
376 .iv_size = { 0 }
377 }, }
378 }, }
379 },
380 { /* SHA224 HMAC */
381 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
382 {.sym = {
383 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
384 {.auth = {
385 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
386 .block_size = 64,
387 .key_size = {
388 .min = 1,
389 .max = 64,
390 .increment = 1
391 },
392 .digest_size = {
393 .min = 1,
394 .max = 28,
395 .increment = 1
396 },
397 .iv_size = { 0 }
398 }, }
399 }, }
400 },
401 { /* SHA256 */
402 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
403 {.sym = {
404 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
405 {.auth = {
406 .algo = RTE_CRYPTO_AUTH_SHA256,
407 .block_size = 64,
408 .key_size = {
409 .min = 0,
410 .max = 0,
411 .increment = 0
412 },
413 .digest_size = {
414 .min = 32,
415 .max = 32,
416 .increment = 0
417 },
418 .iv_size = { 0 }
419 }, }
420 }, }
421 },
422 { /* SHA256 HMAC */
423 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
424 {.sym = {
425 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
426 {.auth = {
427 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
428 .block_size = 64,
429 .key_size = {
430 .min = 1,
431 .max = 64,
432 .increment = 1
433 },
434 .digest_size = {
435 .min = 1,
436 .max = 32,
437 .increment = 1
438 },
439 .iv_size = { 0 }
440 }, }
441 }, }
442 },
443 { /* SHA384 */
444 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
445 {.sym = {
446 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
447 {.auth = {
448 .algo = RTE_CRYPTO_AUTH_SHA384,
449 .block_size = 64,
450 .key_size = {
451 .min = 0,
452 .max = 0,
453 .increment = 0
454 },
455 .digest_size = {
456 .min = 48,
457 .max = 48,
458 .increment = 0
459 },
460 .iv_size = { 0 }
461 }, }
462 }, }
463 },
464 { /* SHA384 HMAC */
465 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
466 {.sym = {
467 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
468 {.auth = {
469 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
470 .block_size = 128,
471 .key_size = {
472 .min = 1,
473 .max = 128,
474 .increment = 1
475 },
476 .digest_size = {
477 .min = 1,
478 .max = 48,
479 .increment = 1
480 },
481 .iv_size = { 0 }
482 }, }
483 }, }
484 },
485 { /* SHA512 */
486 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
487 {.sym = {
488 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
489 {.auth = {
490 .algo = RTE_CRYPTO_AUTH_SHA512,
491 .block_size = 128,
492 .key_size = {
493 .min = 0,
494 .max = 0,
495 .increment = 0
496 },
497 .digest_size = {
498 .min = 64,
499 .max = 64,
500 .increment = 0
501 },
502 .iv_size = { 0 }
503 }, }
504 }, }
505 },
506 { /* SHA512 HMAC */
507 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
508 {.sym = {
509 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
510 {.auth = {
511 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
512 .block_size = 128,
513 .key_size = {
514 .min = 1,
515 .max = 128,
516 .increment = 1
517 },
518 .digest_size = {
519 .min = 1,
520 .max = 64,
521 .increment = 1
522 },
523 .iv_size = { 0 }
524 }, }
525 }, }
526 },
527 { /* AES GCM */
528 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
529 {.sym = {
530 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
531 {.aead = {
532 .algo = RTE_CRYPTO_AEAD_AES_GCM,
533 .block_size = 16,
534 .key_size = {
535 .min = 16,
536 .max = 32,
537 .increment = 8
538 },
539 .digest_size = {
540 .min = 8,
541 .max = 16,
542 .increment = 4
543 },
544 .aad_size = {
545 .min = 0,
546 .max = 240,
547 .increment = 1
548 },
549 .iv_size = {
550 .min = 12,
551 .max = 12,
552 .increment = 0
553 },
554 }, }
555 }, }
556 },
557 { /* NULL (CIPHER) */
558 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
559 {.sym = {
560 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
561 {.cipher = {
562 .algo = RTE_CRYPTO_CIPHER_NULL,
563 .block_size = 1,
564 .key_size = {
565 .min = 0,
566 .max = 0,
567 .increment = 0
568 },
569 .iv_size = {
570 .min = 0,
571 .max = 0,
572 .increment = 0
573 }
574 }, },
575 }, }
576 },
577 { /* AES CBC */
578 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
579 {.sym = {
580 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
581 {.cipher = {
582 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
583 .block_size = 16,
584 .key_size = {
585 .min = 16,
586 .max = 32,
587 .increment = 8
588 },
589 .iv_size = {
590 .min = 16,
591 .max = 16,
592 .increment = 0
593 }
594 }, }
595 }, }
596 },
597 { /* AES CTR */
598 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
599 {.sym = {
600 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
601 {.cipher = {
602 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
603 .block_size = 16,
604 .key_size = {
605 .min = 16,
606 .max = 32,
607 .increment = 8
608 },
609 .iv_size = {
610 .min = 16,
611 .max = 16,
612 .increment = 0
613 },
614 }, }
615 }, }
616 },
617 { /* DES CBC */
618 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
619 {.sym = {
620 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
621 {.cipher = {
622 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
623 .block_size = 8,
624 .key_size = {
625 .min = 8,
626 .max = 8,
627 .increment = 0
628 },
629 .iv_size = {
630 .min = 8,
631 .max = 8,
632 .increment = 0
633 }
634 }, }
635 }, }
636 },
637 { /* 3DES CBC */
638 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
639 {.sym = {
640 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
641 {.cipher = {
642 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
643 .block_size = 8,
644 .key_size = {
645 .min = 16,
646 .max = 24,
647 .increment = 8
648 },
649 .iv_size = {
650 .min = 8,
651 .max = 8,
652 .increment = 0
653 }
654 }, }
655 }, }
656 },
657 { /* SNOW 3G (UIA2) */
658 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
659 {.sym = {
660 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
661 {.auth = {
662 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
663 .block_size = 16,
664 .key_size = {
665 .min = 16,
666 .max = 16,
667 .increment = 0
668 },
669 .digest_size = {
670 .min = 4,
671 .max = 4,
672 .increment = 0
673 },
674 .iv_size = {
675 .min = 16,
676 .max = 16,
677 .increment = 0
678 }
679 }, }
680 }, }
681 },
682 { /* SNOW 3G (UEA2) */
683 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
684 {.sym = {
685 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
686 {.cipher = {
687 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
688 .block_size = 16,
689 .key_size = {
690 .min = 16,
691 .max = 16,
692 .increment = 0
693 },
694 .iv_size = {
695 .min = 16,
696 .max = 16,
697 .increment = 0
698 }
699 }, }
700 }, }
701 },
702 { /* ZUC (EEA3) */
703 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
704 {.sym = {
705 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
706 {.cipher = {
707 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
708 .block_size = 16,
709 .key_size = {
710 .min = 16,
711 .max = 16,
712 .increment = 0
713 },
714 .iv_size = {
715 .min = 16,
716 .max = 16,
717 .increment = 0
718 }
719 }, }
720 }, }
721 },
722 { /* ZUC (EIA3) */
723 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
724 {.sym = {
725 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
726 {.auth = {
727 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
728 .block_size = 16,
729 .key_size = {
730 .min = 16,
731 .max = 16,
732 .increment = 0
733 },
734 .digest_size = {
735 .min = 4,
736 .max = 4,
737 .increment = 0
738 },
739 .iv_size = {
740 .min = 16,
741 .max = 16,
742 .increment = 0
743 }
744 }, }
745 }, }
746 },
747 { /* AES CMAC */
748 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
749 {.sym = {
750 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
751 {.auth = {
752 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
753 .block_size = 16,
754 .key_size = {
755 .min = 1,
756 .max = 16,
757 .increment = 1
758 },
759 .digest_size = {
760 .min = 12,
761 .max = 16,
762 .increment = 4
763 },
764 .iv_size = { 0 }
765 }, }
766 }, }
767 },
768 { /* AES XCBC HMAC */
769 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
770 {.sym = {
771 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
772 {.auth = {
773 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
774 .block_size = 16,
775 .key_size = {
776 .min = 1,
777 .max = 16,
778 .increment = 1
779 },
780 .digest_size = {
781 .min = 12,
782 .max = 16,
783 .increment = 4
784 },
785 .aad_size = { 0 },
786 .iv_size = { 0 }
787 }, }
788 }, }
789 },
790 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
791 };
792
793 #ifdef RTE_LIB_SECURITY
794 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
795 { /* SNOW 3G (UIA2) */
796 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
797 {.sym = {
798 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
799 {.auth = {
800 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
801 .block_size = 16,
802 .key_size = {
803 .min = 16,
804 .max = 16,
805 .increment = 0
806 },
807 .digest_size = {
808 .min = 4,
809 .max = 4,
810 .increment = 0
811 },
812 .iv_size = {
813 .min = 16,
814 .max = 16,
815 .increment = 0
816 }
817 }, }
818 }, }
819 },
820 { /* SNOW 3G (UEA2) */
821 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
822 {.sym = {
823 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
824 {.cipher = {
825 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
826 .block_size = 16,
827 .key_size = {
828 .min = 16,
829 .max = 16,
830 .increment = 0
831 },
832 .iv_size = {
833 .min = 16,
834 .max = 16,
835 .increment = 0
836 }
837 }, }
838 }, }
839 },
840 { /* AES CTR */
841 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
842 {.sym = {
843 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
844 {.cipher = {
845 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
846 .block_size = 16,
847 .key_size = {
848 .min = 16,
849 .max = 32,
850 .increment = 8
851 },
852 .iv_size = {
853 .min = 16,
854 .max = 16,
855 .increment = 0
856 }
857 }, }
858 }, }
859 },
860 { /* NULL (AUTH) */
861 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
862 {.sym = {
863 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
864 {.auth = {
865 .algo = RTE_CRYPTO_AUTH_NULL,
866 .block_size = 1,
867 .key_size = {
868 .min = 0,
869 .max = 0,
870 .increment = 0
871 },
872 .digest_size = {
873 .min = 0,
874 .max = 0,
875 .increment = 0
876 },
877 .iv_size = { 0 }
878 }, },
879 }, },
880 },
881 { /* NULL (CIPHER) */
882 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
883 {.sym = {
884 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
885 {.cipher = {
886 .algo = RTE_CRYPTO_CIPHER_NULL,
887 .block_size = 1,
888 .key_size = {
889 .min = 0,
890 .max = 0,
891 .increment = 0
892 },
893 .iv_size = {
894 .min = 0,
895 .max = 0,
896 .increment = 0
897 }
898 }, },
899 }, }
900 },
901 { /* ZUC (EEA3) */
902 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
903 {.sym = {
904 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
905 {.cipher = {
906 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
907 .block_size = 16,
908 .key_size = {
909 .min = 16,
910 .max = 16,
911 .increment = 0
912 },
913 .iv_size = {
914 .min = 16,
915 .max = 16,
916 .increment = 0
917 }
918 }, }
919 }, }
920 },
921 { /* ZUC (EIA3) */
922 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
923 {.sym = {
924 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
925 {.auth = {
926 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
927 .block_size = 16,
928 .key_size = {
929 .min = 16,
930 .max = 16,
931 .increment = 0
932 },
933 .digest_size = {
934 .min = 4,
935 .max = 4,
936 .increment = 0
937 },
938 .iv_size = {
939 .min = 16,
940 .max = 16,
941 .increment = 0
942 }
943 }, }
944 }, }
945 },
946
947 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
948 };
949
950 static const struct rte_security_capability dpaa_sec_security_cap[] = {
951 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
952 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
953 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
954 .ipsec = {
955 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
956 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
957 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
958 .options = { 0 },
959 .replay_win_sz_max = 128
960 },
961 .crypto_capabilities = dpaa_sec_capabilities
962 },
963 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
964 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
965 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
966 .ipsec = {
967 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
968 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
969 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
970 .options = { 0 },
971 .replay_win_sz_max = 128
972 },
973 .crypto_capabilities = dpaa_sec_capabilities
974 },
975 { /* PDCP Lookaside Protocol offload Data */
976 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
977 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
978 .pdcp = {
979 .domain = RTE_SECURITY_PDCP_MODE_DATA,
980 .capa_flags = 0
981 },
982 .crypto_capabilities = dpaa_pdcp_capabilities
983 },
984 { /* PDCP Lookaside Protocol offload Control */
985 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
986 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
987 .pdcp = {
988 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
989 .capa_flags = 0
990 },
991 .crypto_capabilities = dpaa_pdcp_capabilities
992 },
993 { /* PDCP Lookaside Protocol offload Short MAC */
994 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
995 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
996 .pdcp = {
997 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
998 .capa_flags = 0
999 },
1000 .crypto_capabilities = dpaa_pdcp_capabilities
1001 },
1002 {
1003 .action = RTE_SECURITY_ACTION_TYPE_NONE
1004 }
1005 };
1006 #endif
1007
1008 /**
1009 * Checksum
1010 *
1011 * @param buffer calculate chksum for buffer
1012 * @param len buffer length
1013 *
1014 * @return checksum value in host cpu order
1015 */
1016 static inline uint16_t
calc_chksum(void * buffer,int len)1017 calc_chksum(void *buffer, int len)
1018 {
1019 uint16_t *buf = (uint16_t *)buffer;
1020 uint32_t sum = 0;
1021 uint16_t result;
1022
1023 for (sum = 0; len > 1; len -= 2)
1024 sum += *buf++;
1025
1026 if (len == 1)
1027 sum += *(unsigned char *)buf;
1028
1029 sum = (sum >> 16) + (sum & 0xFFFF);
1030 sum += (sum >> 16);
1031 result = ~sum;
1032
1033 return result;
1034 }
1035
1036 int
1037 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
1038 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
1039 enum rte_crypto_op_sess_type sess_type,
1040 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
1041
1042 int
1043 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
1044
1045 int
1046 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
1047
1048 #endif /* _DPAA_SEC_H_ */
1049