1 /* SPDX-License-Identifier: BSD-3-Clause
2 *
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020-2023 NXP
5 *
6 */
7
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
10
11 #include <rte_security_driver.h>
12
13 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
14 /**< NXP DPAA2 - SEC PMD device name */
15
16 extern uint8_t cryptodev_driver_id;
17
18 /* FLE_POOL_NUM_BUFS is set as per the ipsec-secgw application */
19 #define FLE_POOL_NUM_BUFS 32000
20 #define FLE_POOL_BUF_SIZE 256
21 #define FLE_POOL_CACHE_SIZE 512
22 #define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
23 #define SEC_FLC_DHR_OUTBOUND -114
24 #define SEC_FLC_DHR_INBOUND 0
25
26 #define MAX_QUEUES 64
27 #define MAX_DESC_SIZE 64
28 /** private data structure for each DPAA2_SEC device */
29 struct dpaa2_sec_dev_private {
30 void *mc_portal; /**< MC Portal for configuring this device */
31 void *hw; /**< Hardware handle for this device.Used by NADK framework */
32 int32_t hw_id; /**< An unique ID of this device instance */
33 int32_t vfio_fd; /**< File descriptor received via VFIO */
34 uint16_t token; /**< Token required by DPxxx objects */
35 unsigned int max_nb_queue_pairs;
36 /**< Max number of queue pairs supported by device */
37 uint8_t en_ordered;
38 uint8_t en_loose_ordered;
39 };
40
41 struct dpaa2_sec_qp {
42 struct dpaa2_queue rx_vq;
43 struct dpaa2_queue tx_vq;
44 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
45 };
46
47 enum shr_desc_type {
48 DESC_UPDATE,
49 DESC_FINAL,
50 DESC_INITFINAL,
51 };
52
53 #define DIR_ENC 1
54 #define DIR_DEC 0
55
56 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
57
58 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
59 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
60 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
61 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
62
63 /* SEC Flow Context Descriptor */
64 struct sec_flow_context {
65 /* word 0 */
66 uint16_t word0_sdid; /* 11-0 SDID */
67 uint16_t word0_res; /* 31-12 reserved */
68
69 /* word 1 */
70 uint8_t word1_sdl; /* 5-0 SDL */
71 /* 7-6 reserved */
72
73 uint8_t word1_bits_15_8; /* 11-8 CRID */
74 /* 14-12 reserved */
75 /* 15 CRJD */
76
77 uint8_t word1_bits23_16; /* 16 EWS */
78 /* 17 DAC */
79 /* 18,19,20 ? */
80 /* 23-21 reserved */
81
82 uint8_t word1_bits31_24; /* 24 RSC */
83 /* 25 RBMT */
84 /* 31-26 reserved */
85
86 /* word 2 RFLC[31-0] */
87 uint32_t word2_rflc_31_0;
88
89 /* word 3 RFLC[63-32] */
90 uint32_t word3_rflc_63_32;
91
92 /* word 4 */
93 uint16_t word4_iicid; /* 15-0 IICID */
94 uint16_t word4_oicid; /* 31-16 OICID */
95
96 /* word 5 */
97 uint32_t word5_ofqid:24; /* 23-0 OFQID */
98 uint32_t word5_31_24:8;
99 /* 24 OSC */
100 /* 25 OBMT */
101 /* 29-26 reserved */
102 /* 31-30 ICR */
103
104 /* word 6 */
105 uint32_t word6_oflc_31_0;
106
107 /* word 7 */
108 uint32_t word7_oflc_63_32;
109
110 /* Word 8-15 storage profiles */
111 uint16_t dl; /**< DataLength(correction) */
112 uint16_t reserved; /**< reserved */
113 uint16_t dhr; /**< DataHeadRoom(correction) */
114 uint16_t mode_bits; /**< mode bits */
115 uint16_t bpv0; /**< buffer pool0 valid */
116 uint16_t bpid0; /**< Bypass Memory Translation */
117 uint16_t bpv1; /**< buffer pool1 valid */
118 uint16_t bpid1; /**< Bypass Memory Translation */
119 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
120 };
121
122 struct sec_flc_desc {
123 struct sec_flow_context flc;
124 uint32_t desc[MAX_DESC_SIZE];
125 };
126
127 struct ctxt_priv {
128 struct sec_flc_desc flc_desc[0];
129 };
130
131 enum dpaa2_sec_op_type {
132 DPAA2_SEC_NONE, /*!< No Cipher operations*/
133 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
134 DPAA2_SEC_AUTH, /*!< Authentication Operations */
135 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
136 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
137 * associated data
138 */
139 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
140 * associated data
141 */
142 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
143 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
144 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
145 DPAA2_SEC_MAX
146 };
147
148 struct dpaa2_sec_aead_ctxt {
149 uint16_t auth_only_len; /*!< Length of data for Auth only */
150 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
151 };
152
153 /*
154 * The structure is to be filled by user for PDCP Protocol
155 */
156 struct dpaa2_pdcp_ctxt {
157 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
158 int8_t bearer; /*!< PDCP bearer ID */
159 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
160 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
161 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
162 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
163 * per packet hfn is stored
164 */
165 uint32_t hfn; /*!< Hyper Frame Number */
166 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
167 };
168
169 typedef int (*dpaa2_sec_build_fd_t)(
170 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
171 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
172 struct rte_crypto_va_iova_ptr *iv,
173 struct rte_crypto_va_iova_ptr *digest,
174 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
175 void *user_data);
176
177 typedef int (*dpaa2_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
178 struct rte_crypto_sgl *sgl,
179 struct rte_crypto_sgl *dest_sgl,
180 struct rte_crypto_va_iova_ptr *iv,
181 struct rte_crypto_va_iova_ptr *digest,
182 struct rte_crypto_va_iova_ptr *auth_iv,
183 union rte_crypto_sym_ofs ofs,
184 void *userdata,
185 struct qbman_fd *fd);
186
187 typedef struct dpaa2_sec_session_entry {
188 void *ctxt;
189 uint8_t ctxt_type;
190 uint8_t dir; /*!< Operation Direction */
191 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
192 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
193 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
194 dpaa2_sec_build_fd_t build_fd;
195 dpaa2_sec_build_raw_dp_fd_t build_raw_dp_fd;
196 union {
197 struct {
198 uint8_t *data; /**< pointer to key data */
199 size_t length; /**< key length in bytes */
200 } aead_key;
201 struct {
202 struct {
203 uint8_t *data; /**< pointer to key data */
204 size_t length; /**< key length in bytes */
205 } cipher_key;
206 struct {
207 uint8_t *data; /**< pointer to key data */
208 size_t length; /**< key length in bytes */
209 } auth_key;
210 };
211 };
212 union {
213 struct {
214 struct {
215 uint16_t length; /**< IV length in bytes */
216 uint16_t offset; /**< IV offset in bytes */
217 } iv;
218 uint16_t digest_length;
219 uint8_t status;
220 union {
221 struct dpaa2_sec_aead_ctxt aead_ctxt;
222 } ext_params;
223 };
224 struct dpaa2_pdcp_ctxt pdcp;
225 };
226 } dpaa2_sec_session;
227
228 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
229 /* Symmetric capabilities */
230 { /* MD5 */
231 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
232 {.sym = {
233 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
234 {.auth = {
235 .algo = RTE_CRYPTO_AUTH_MD5,
236 .block_size = 64,
237 .key_size = {
238 .min = 0,
239 .max = 0,
240 .increment = 0
241 },
242 .digest_size = {
243 .min = 16,
244 .max = 16,
245 .increment = 0
246 },
247 .iv_size = { 0 }
248 }, }
249 }, }
250 },
251 { /* MD5 HMAC */
252 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
253 {.sym = {
254 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
255 {.auth = {
256 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
257 .block_size = 64,
258 .key_size = {
259 .min = 1,
260 .max = 64,
261 .increment = 1
262 },
263 .digest_size = {
264 .min = 1,
265 .max = 16,
266 .increment = 1
267 },
268 .iv_size = { 0 }
269 }, }
270 }, }
271 },
272 { /* SHA1 */
273 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
274 {.sym = {
275 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
276 {.auth = {
277 .algo = RTE_CRYPTO_AUTH_SHA1,
278 .block_size = 64,
279 .key_size = {
280 .min = 0,
281 .max = 0,
282 .increment = 0
283 },
284 .digest_size = {
285 .min = 20,
286 .max = 20,
287 .increment = 0
288 },
289 .iv_size = { 0 }
290 }, }
291 }, }
292 },
293 { /* SHA1 HMAC */
294 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
295 {.sym = {
296 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
297 {.auth = {
298 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
299 .block_size = 64,
300 .key_size = {
301 .min = 1,
302 .max = 64,
303 .increment = 1
304 },
305 .digest_size = {
306 .min = 1,
307 .max = 20,
308 .increment = 1
309 },
310 .iv_size = { 0 }
311 }, }
312 }, }
313 },
314 { /* SHA224 */
315 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
316 {.sym = {
317 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
318 {.auth = {
319 .algo = RTE_CRYPTO_AUTH_SHA224,
320 .block_size = 64,
321 .key_size = {
322 .min = 0,
323 .max = 0,
324 .increment = 0
325 },
326 .digest_size = {
327 .min = 28,
328 .max = 28,
329 .increment = 0
330 },
331 .iv_size = { 0 }
332 }, }
333 }, }
334 },
335 { /* SHA224 HMAC */
336 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
337 {.sym = {
338 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
339 {.auth = {
340 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
341 .block_size = 64,
342 .key_size = {
343 .min = 1,
344 .max = 64,
345 .increment = 1
346 },
347 .digest_size = {
348 .min = 1,
349 .max = 28,
350 .increment = 1
351 },
352 .iv_size = { 0 }
353 }, }
354 }, }
355 },
356 { /* SHA256 */
357 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
358 {.sym = {
359 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
360 {.auth = {
361 .algo = RTE_CRYPTO_AUTH_SHA256,
362 .block_size = 64,
363 .key_size = {
364 .min = 0,
365 .max = 0,
366 .increment = 0
367 },
368 .digest_size = {
369 .min = 32,
370 .max = 32,
371 .increment = 0
372 },
373 .iv_size = { 0 }
374 }, }
375 }, }
376 },
377 { /* SHA256 HMAC */
378 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
379 {.sym = {
380 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
381 {.auth = {
382 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
383 .block_size = 64,
384 .key_size = {
385 .min = 1,
386 .max = 64,
387 .increment = 1
388 },
389 .digest_size = {
390 .min = 1,
391 .max = 32,
392 .increment = 1
393 },
394 .iv_size = { 0 }
395 }, }
396 }, }
397 },
398 { /* SHA384 */
399 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
400 {.sym = {
401 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
402 {.auth = {
403 .algo = RTE_CRYPTO_AUTH_SHA384,
404 .block_size = 64,
405 .key_size = {
406 .min = 0,
407 .max = 0,
408 .increment = 0
409 },
410 .digest_size = {
411 .min = 48,
412 .max = 48,
413 .increment = 0
414 },
415 .iv_size = { 0 }
416 }, }
417 }, }
418 },
419 { /* SHA384 HMAC */
420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
421 {.sym = {
422 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
423 {.auth = {
424 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
425 .block_size = 128,
426 .key_size = {
427 .min = 1,
428 .max = 128,
429 .increment = 1
430 },
431 .digest_size = {
432 .min = 1,
433 .max = 48,
434 .increment = 1
435 },
436 .iv_size = { 0 }
437 }, }
438 }, }
439 },
440 { /* SHA512 */
441 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
442 {.sym = {
443 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
444 {.auth = {
445 .algo = RTE_CRYPTO_AUTH_SHA512,
446 .block_size = 128,
447 .key_size = {
448 .min = 0,
449 .max = 0,
450 .increment = 0
451 },
452 .digest_size = {
453 .min = 64,
454 .max = 64,
455 .increment = 0
456 },
457 .iv_size = { 0 }
458 }, }
459 }, }
460 },
461 { /* SHA512 HMAC */
462 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
463 {.sym = {
464 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
465 {.auth = {
466 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
467 .block_size = 128,
468 .key_size = {
469 .min = 1,
470 .max = 128,
471 .increment = 1
472 },
473 .digest_size = {
474 .min = 1,
475 .max = 64,
476 .increment = 1
477 },
478 .iv_size = { 0 }
479 }, }
480 }, }
481 },
482 { /* AES GCM */
483 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
484 {.sym = {
485 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
486 {.aead = {
487 .algo = RTE_CRYPTO_AEAD_AES_GCM,
488 .block_size = 16,
489 .key_size = {
490 .min = 16,
491 .max = 32,
492 .increment = 8
493 },
494 .digest_size = {
495 .min = 8,
496 .max = 16,
497 .increment = 4
498 },
499 .aad_size = {
500 .min = 0,
501 .max = 240,
502 .increment = 1
503 },
504 .iv_size = {
505 .min = 12,
506 .max = 12,
507 .increment = 0
508 },
509 }, }
510 }, }
511 },
512 { /* AES XCBC HMAC */
513 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
514 {.sym = {
515 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
516 {.auth = {
517 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
518 .block_size = 16,
519 .key_size = {
520 .min = 1,
521 .max = 16,
522 .increment = 1
523 },
524 .digest_size = {
525 .min = 12,
526 .max = 16,
527 .increment = 4
528 },
529 .aad_size = { 0 },
530 .iv_size = { 0 }
531 }, }
532 }, }
533 },
534 { /* AES CMAC */
535 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
536 {.sym = {
537 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
538 {.auth = {
539 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
540 .block_size = 16,
541 .key_size = {
542 .min = 1,
543 .max = 16,
544 .increment = 1
545 },
546 .digest_size = {
547 .min = 12,
548 .max = 16,
549 .increment = 4
550 },
551 .aad_size = { 0 },
552 .iv_size = { 0 }
553 }, }
554 }, }
555 },
556 { /* AES CBC */
557 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
558 {.sym = {
559 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
560 {.cipher = {
561 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
562 .block_size = 16,
563 .key_size = {
564 .min = 16,
565 .max = 32,
566 .increment = 8
567 },
568 .iv_size = {
569 .min = 16,
570 .max = 16,
571 .increment = 0
572 }
573 }, }
574 }, }
575 },
576 { /* AES CTR */
577 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
578 {.sym = {
579 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
580 {.cipher = {
581 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
582 .block_size = 16,
583 .key_size = {
584 .min = 16,
585 .max = 32,
586 .increment = 8
587 },
588 .iv_size = {
589 .min = 16,
590 .max = 16,
591 .increment = 0
592 },
593 }, }
594 }, }
595 },
596 { /* DES CBC */
597 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
598 {.sym = {
599 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
600 {.cipher = {
601 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
602 .block_size = 8,
603 .key_size = {
604 .min = 8,
605 .max = 8,
606 .increment = 0
607 },
608 .iv_size = {
609 .min = 8,
610 .max = 8,
611 .increment = 0
612 }
613 }, }
614 }, }
615 },
616 { /* 3DES CBC */
617 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
618 {.sym = {
619 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
620 {.cipher = {
621 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
622 .block_size = 8,
623 .key_size = {
624 .min = 16,
625 .max = 24,
626 .increment = 8
627 },
628 .iv_size = {
629 .min = 8,
630 .max = 8,
631 .increment = 0
632 }
633 }, }
634 }, }
635 },
636 { /* SNOW 3G (UIA2) */
637 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
638 {.sym = {
639 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
640 {.auth = {
641 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
642 .block_size = 16,
643 .key_size = {
644 .min = 16,
645 .max = 16,
646 .increment = 0
647 },
648 .digest_size = {
649 .min = 4,
650 .max = 4,
651 .increment = 0
652 },
653 .iv_size = {
654 .min = 16,
655 .max = 16,
656 .increment = 0
657 }
658 }, }
659 }, }
660 },
661 { /* SNOW 3G (UEA2) */
662 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
663 {.sym = {
664 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
665 {.cipher = {
666 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
667 .block_size = 16,
668 .key_size = {
669 .min = 16,
670 .max = 16,
671 .increment = 0
672 },
673 .iv_size = {
674 .min = 16,
675 .max = 16,
676 .increment = 0
677 }
678 }, }
679 }, }
680 },
681 { /* ZUC (EEA3) */
682 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
683 {.sym = {
684 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
685 {.cipher = {
686 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
687 .block_size = 16,
688 .key_size = {
689 .min = 16,
690 .max = 16,
691 .increment = 0
692 },
693 .iv_size = {
694 .min = 16,
695 .max = 16,
696 .increment = 0
697 }
698 }, }
699 }, }
700 },
701 { /* ZUC (EIA3) */
702 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
703 {.sym = {
704 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
705 {.auth = {
706 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
707 .block_size = 16,
708 .key_size = {
709 .min = 16,
710 .max = 16,
711 .increment = 0
712 },
713 .digest_size = {
714 .min = 4,
715 .max = 4,
716 .increment = 0
717 },
718 .iv_size = {
719 .min = 16,
720 .max = 16,
721 .increment = 0
722 }
723 }, }
724 }, }
725 },
726 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
727 };
728
729 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
730 { /* SNOW 3G (UIA2) */
731 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
732 {.sym = {
733 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
734 {.auth = {
735 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
736 .block_size = 16,
737 .key_size = {
738 .min = 16,
739 .max = 16,
740 .increment = 0
741 },
742 .digest_size = {
743 .min = 4,
744 .max = 4,
745 .increment = 0
746 },
747 .iv_size = {
748 .min = 16,
749 .max = 16,
750 .increment = 0
751 }
752 }, }
753 }, }
754 },
755 { /* SNOW 3G (UEA2) */
756 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
757 {.sym = {
758 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
759 {.cipher = {
760 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
761 .block_size = 16,
762 .key_size = {
763 .min = 16,
764 .max = 16,
765 .increment = 0
766 },
767 .iv_size = {
768 .min = 16,
769 .max = 16,
770 .increment = 0
771 }
772 }, }
773 }, }
774 },
775 { /* AES CTR */
776 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
777 {.sym = {
778 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
779 {.cipher = {
780 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
781 .block_size = 16,
782 .key_size = {
783 .min = 16,
784 .max = 32,
785 .increment = 8
786 },
787 .iv_size = {
788 .min = 16,
789 .max = 16,
790 .increment = 0
791 }
792 }, }
793 }, }
794 },
795 { /* NULL (AUTH) */
796 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
797 {.sym = {
798 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
799 {.auth = {
800 .algo = RTE_CRYPTO_AUTH_NULL,
801 .block_size = 1,
802 .key_size = {
803 .min = 0,
804 .max = 0,
805 .increment = 0
806 },
807 .digest_size = {
808 .min = 0,
809 .max = 0,
810 .increment = 0
811 },
812 .iv_size = { 0 }
813 }, },
814 }, },
815 },
816 { /* NULL (CIPHER) */
817 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
818 {.sym = {
819 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
820 {.cipher = {
821 .algo = RTE_CRYPTO_CIPHER_NULL,
822 .block_size = 1,
823 .key_size = {
824 .min = 0,
825 .max = 0,
826 .increment = 0
827 },
828 .iv_size = {
829 .min = 0,
830 .max = 0,
831 .increment = 0
832 }
833 }, },
834 }, }
835 },
836 { /* ZUC (EEA3) */
837 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
838 {.sym = {
839 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
840 {.cipher = {
841 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
842 .block_size = 16,
843 .key_size = {
844 .min = 16,
845 .max = 16,
846 .increment = 0
847 },
848 .iv_size = {
849 .min = 16,
850 .max = 16,
851 .increment = 0
852 }
853 }, }
854 }, }
855 },
856 { /* ZUC (EIA3) */
857 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
858 {.sym = {
859 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
860 {.auth = {
861 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
862 .block_size = 16,
863 .key_size = {
864 .min = 16,
865 .max = 16,
866 .increment = 0
867 },
868 .digest_size = {
869 .min = 4,
870 .max = 4,
871 .increment = 0
872 },
873 .iv_size = {
874 .min = 16,
875 .max = 16,
876 .increment = 0
877 }
878 }, }
879 }, }
880 },
881 { /* NULL (AUTH) */
882 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
883 {.sym = {
884 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
885 {.auth = {
886 .algo = RTE_CRYPTO_AUTH_NULL,
887 .block_size = 1,
888 .key_size = {
889 .min = 0,
890 .max = 0,
891 .increment = 0
892 },
893 .digest_size = {
894 .min = 0,
895 .max = 0,
896 .increment = 0
897 },
898 }, },
899 }, },
900 },
901 { /* NULL (CIPHER) */
902 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
903 {.sym = {
904 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
905 {.cipher = {
906 .algo = RTE_CRYPTO_CIPHER_NULL,
907 .block_size = 1,
908 .key_size = {
909 .min = 0,
910 .max = 0,
911 .increment = 0
912 },
913 .iv_size = {
914 .min = 0,
915 .max = 0,
916 .increment = 0
917 }
918 }, },
919 }, }
920 },
921 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
922 };
923
924 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
925 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
926 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
927 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
928 .ipsec = {
929 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
930 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
931 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
932 .options = {
933 .udp_encap = 1,
934 .copy_df = 1,
935 .copy_dscp = 1,
936 .dec_ttl = 1,
937 .esn = 1,
938 },
939 .replay_win_sz_max = 1024
940 },
941 .crypto_capabilities = dpaa2_sec_capabilities
942 },
943 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
944 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
945 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
946 .ipsec = {
947 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
948 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
949 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
950 .options = {
951 .iv_gen_disable = 1,
952 .udp_encap = 1,
953 .copy_df = 1,
954 .copy_dscp = 1,
955 .dec_ttl = 1,
956 .esn = 1,
957 },
958 .replay_win_sz_max = 1024
959 },
960 .crypto_capabilities = dpaa2_sec_capabilities
961 },
962 { /* PDCP Lookaside Protocol offload Data */
963 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
964 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
965 .pdcp = {
966 .domain = RTE_SECURITY_PDCP_MODE_DATA,
967 .capa_flags = 0
968 },
969 .crypto_capabilities = dpaa2_pdcp_capabilities
970 },
971 { /* PDCP Lookaside Protocol offload Control */
972 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
973 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
974 .pdcp = {
975 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
976 .capa_flags = 0
977 },
978 .crypto_capabilities = dpaa2_pdcp_capabilities
979 },
980 { /* PDCP Lookaside Protocol offload Short MAC */
981 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
982 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
983 .pdcp = {
984 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
985 .capa_flags = 0
986 },
987 .crypto_capabilities = dpaa2_pdcp_capabilities
988 },
989 {
990 .action = RTE_SECURITY_ACTION_TYPE_NONE
991 }
992 };
993 /**
994 * Checksum
995 *
996 * @param buffer calculate chksum for buffer
997 * @param len buffer length
998 *
999 * @return checksum value in host cpu order
1000 */
1001 static inline uint16_t
calc_chksum(void * buffer,int len)1002 calc_chksum(void *buffer, int len)
1003 {
1004 uint16_t *buf = (uint16_t *)buffer;
1005 uint32_t sum = 0;
1006 uint16_t result;
1007
1008 for (sum = 0; len > 1; len -= 2)
1009 sum += *buf++;
1010
1011 if (len == 1)
1012 sum += *(unsigned char *)buf;
1013
1014 sum = (sum >> 16) + (sum & 0xFFFF);
1015 sum += (sum >> 16);
1016 result = ~sum;
1017
1018 return result;
1019 }
1020
1021 int
1022 dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
1023 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
1024 enum rte_crypto_op_sess_type sess_type,
1025 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
1026
1027 int
1028 dpaa2_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
1029
1030
1031 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */
1032