1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2024 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define SEC_BASE_ADDR 0x1700000 14 #define MAP_SIZE 0x100000 15 #define BLOCK_OFFSET 0x10000 16 #define CMD_REG 0x4 17 #define QICTL_DQEN 0x01 18 #define QI_BLOCK_NUMBER 7 19 #define MAX_DPAA_CORES 4 20 #define NUM_POOL_CHANNELS 4 21 #define DPAA_SEC_BURST 7 22 #define DPAA_SEC_ALG_UNSUPPORT (-1) 23 #define TDES_CBC_IV_LEN 8 24 #define AES_CBC_IV_LEN 16 25 #define AES_CTR_IV_LEN 16 26 #define AES_GCM_IV_LEN 12 27 28 extern uint8_t dpaa_cryptodev_driver_id; 29 30 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 31 32 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 33 * a pointer to the shared descriptor. 34 */ 35 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 36 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 37 #define CTX_POOL_NUM_BUFS 32000 38 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 39 #define CTX_POOL_CACHE_SIZE 512 40 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 41 42 #define DIR_ENC 1 43 #define DIR_DEC 0 44 45 enum dpaa_sec_op_type { 46 DPAA_SEC_NONE, /*!< No Cipher operations*/ 47 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 48 DPAA_SEC_AUTH, /*!< Authentication Operations */ 49 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 50 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 51 * associated data 52 */ 53 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 54 * associated data 55 */ 56 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 57 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 58 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 59 DPAA_SEC_MAX 60 }; 61 62 #define DPAA_SEC_MAX_DESC_SIZE 64 63 /* code or cmd block to caam */ 64 struct sec_cdb { 65 struct __rte_packed_begin { 66 union __rte_packed_begin { 67 uint32_t word; 68 struct { 69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 70 uint16_t rsvd63_48; 71 unsigned int rsvd47_39:9; 72 unsigned int idlen:7; 73 #else 74 unsigned int idlen:7; 75 unsigned int rsvd47_39:9; 76 uint16_t rsvd63_48; 77 #endif 78 } field; 79 } __rte_packed_end hi; 80 81 union __rte_packed_begin { 82 uint32_t word; 83 struct { 84 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 85 unsigned int rsvd31_30:2; 86 unsigned int fsgt:1; 87 unsigned int lng:1; 88 unsigned int offset:2; 89 unsigned int abs:1; 90 unsigned int add_buf:1; 91 uint8_t pool_id; 92 uint16_t pool_buffer_size; 93 #else 94 uint16_t pool_buffer_size; 95 uint8_t pool_id; 96 unsigned int add_buf:1; 97 unsigned int abs:1; 98 unsigned int offset:2; 99 unsigned int lng:1; 100 unsigned int fsgt:1; 101 unsigned int rsvd31_30:2; 102 #endif 103 } field; 104 } __rte_packed_end lo; 105 } __rte_packed_end sh_hdr; 106 107 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 108 }; 109 110 /*! 111 * The structure is to be filled by user as a part of 112 * dpaa_sec_proto_ctxt for PDCP Protocol 113 */ 114 struct sec_pdcp_ctxt { 115 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 116 int8_t bearer; /*!< PDCP bearer ID */ 117 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 118 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 119 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 120 uint8_t sdap_enabled; /*!< SDAP header is enabled */ 121 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 122 * per packet hfn is stored 123 */ 124 uint32_t hfn; /*!< Hyper Frame Number */ 125 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 126 }; 127 128 typedef int (*dpaa_sec_build_fd_t)( 129 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec, 130 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs, 131 struct rte_crypto_va_iova_ptr *iv, 132 struct rte_crypto_va_iova_ptr *digest, 133 struct rte_crypto_va_iova_ptr *aad_or_auth_iv, 134 void *user_data); 135 136 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx, 137 struct rte_crypto_sgl *sgl, 138 struct rte_crypto_sgl *dest_sgl, 139 struct rte_crypto_va_iova_ptr *iv, 140 struct rte_crypto_va_iova_ptr *digest, 141 struct rte_crypto_va_iova_ptr *auth_iv, 142 union rte_crypto_sym_ofs ofs, 143 void *userdata, 144 struct qm_fd *fd); 145 146 struct dpaa_ipv4_udp { 147 struct ip ip4_hdr; 148 struct rte_udp_hdr udp_hdr; 149 }; 150 151 struct dpaa_ipv6_udp { 152 struct rte_ipv6_hdr ip6_hdr; 153 struct rte_udp_hdr udp_hdr; 154 }; 155 156 typedef struct dpaa_sec_session_entry { 157 struct sec_cdb cdb; /**< cmd block associated with qp */ 158 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 159 struct qman_fq *inq[MAX_DPAA_CORES]; 160 uint8_t dir; /*!< Operation Direction */ 161 uint8_t ctxt; /*!< Session Context Type */ 162 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 163 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 164 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 165 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 166 dpaa_sec_build_fd_t build_fd; 167 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd; 168 union { 169 struct { 170 uint8_t *data; /**< pointer to key data */ 171 size_t length; /**< key length in bytes */ 172 uint32_t alg; 173 uint32_t algmode; 174 } aead_key; 175 struct { 176 struct { 177 uint8_t *data; /**< pointer to key data */ 178 size_t length; /**< key length in bytes */ 179 uint32_t alg; 180 uint32_t algmode; 181 } cipher_key; 182 struct { 183 uint8_t *data; /**< pointer to key data */ 184 size_t length; /**< key length in bytes */ 185 uint32_t alg; 186 uint32_t algmode; 187 } auth_key; 188 }; 189 }; 190 union { 191 struct { 192 struct { 193 uint16_t length; 194 uint16_t offset; 195 } iv; /**< Initialisation vector parameters */ 196 uint16_t auth_only_len; 197 /*!< Length of data for Auth only */ 198 uint32_t digest_length; 199 struct ipsec_decap_pdb decap_pdb; 200 struct ipsec_encap_pdb encap_pdb; 201 union { 202 struct ip ip4_hdr; 203 struct rte_ipv6_hdr ip6_hdr; 204 struct dpaa_ipv4_udp udp4; 205 struct dpaa_ipv6_udp udp6; 206 }; 207 uint8_t auth_cipher_text; 208 /**< Authenticate/cipher ordering */ 209 }; 210 struct sec_pdcp_ctxt pdcp; 211 }; 212 } dpaa_sec_session; 213 214 struct dpaa_sec_qp { 215 struct dpaa_sec_dev_private *internals; 216 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 217 struct qman_fq outq; 218 int rx_pkts; 219 int rx_errs; 220 int tx_pkts; 221 int tx_errs; 222 }; 223 224 #define RTE_DPAA_MAX_NB_SEC_QPS 2 225 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 226 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 227 228 /* internal sec queue interface */ 229 struct dpaa_sec_dev_private { 230 void *sec_hw; 231 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 232 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 233 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 234 unsigned int max_nb_queue_pairs; 235 unsigned int max_nb_sessions; 236 rte_spinlock_t lock; 237 }; 238 239 #define MAX_SG_ENTRIES 16 240 #define MAX_JOB_SG_ENTRIES 36 241 242 struct dpaa_sec_job { 243 /* sg[0] output, sg[1] input, others are possible sub frames */ 244 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 245 }; 246 247 #define DPAA_MAX_NB_MAX_DIGEST 64 248 struct dpaa_sec_op_ctx { 249 struct dpaa_sec_job job; 250 union { 251 struct rte_crypto_op *op; 252 void *userdata; 253 }; 254 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 255 uint32_t fd_status; 256 int64_t vtop_offset; 257 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 258 }; 259 260 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 261 { /* NULL (AUTH) */ 262 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 263 {.sym = { 264 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 265 {.auth = { 266 .algo = RTE_CRYPTO_AUTH_NULL, 267 .block_size = 1, 268 .key_size = { 269 .min = 0, 270 .max = 0, 271 .increment = 0 272 }, 273 .digest_size = { 274 .min = 0, 275 .max = 0, 276 .increment = 0 277 }, 278 .iv_size = { 0 } 279 }, }, 280 }, }, 281 }, 282 { /* MD5 */ 283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 284 {.sym = { 285 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 286 {.auth = { 287 .algo = RTE_CRYPTO_AUTH_MD5, 288 .block_size = 64, 289 .key_size = { 290 .min = 0, 291 .max = 0, 292 .increment = 0 293 }, 294 .digest_size = { 295 .min = 16, 296 .max = 16, 297 .increment = 0 298 }, 299 .iv_size = { 0 } 300 }, } 301 }, } 302 }, 303 { /* MD5 HMAC */ 304 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 305 {.sym = { 306 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 307 {.auth = { 308 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 309 .block_size = 64, 310 .key_size = { 311 .min = 1, 312 .max = 64, 313 .increment = 1 314 }, 315 .digest_size = { 316 .min = 1, 317 .max = 16, 318 .increment = 1 319 }, 320 .iv_size = { 0 } 321 }, } 322 }, } 323 }, 324 { /* SHA1 */ 325 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 326 {.sym = { 327 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 328 {.auth = { 329 .algo = RTE_CRYPTO_AUTH_SHA1, 330 .block_size = 64, 331 .key_size = { 332 .min = 0, 333 .max = 0, 334 .increment = 0 335 }, 336 .digest_size = { 337 .min = 20, 338 .max = 20, 339 .increment = 0 340 }, 341 .iv_size = { 0 } 342 }, } 343 }, } 344 }, 345 { /* SHA1 HMAC */ 346 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 347 {.sym = { 348 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 349 {.auth = { 350 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 351 .block_size = 64, 352 .key_size = { 353 .min = 1, 354 .max = 64, 355 .increment = 1 356 }, 357 .digest_size = { 358 .min = 1, 359 .max = 20, 360 .increment = 1 361 }, 362 .iv_size = { 0 } 363 }, } 364 }, } 365 }, 366 { /* SHA224 */ 367 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 368 {.sym = { 369 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 370 {.auth = { 371 .algo = RTE_CRYPTO_AUTH_SHA224, 372 .block_size = 64, 373 .key_size = { 374 .min = 0, 375 .max = 0, 376 .increment = 0 377 }, 378 .digest_size = { 379 .min = 28, 380 .max = 28, 381 .increment = 0 382 }, 383 .iv_size = { 0 } 384 }, } 385 }, } 386 }, 387 { /* SHA224 HMAC */ 388 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 389 {.sym = { 390 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 391 {.auth = { 392 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 393 .block_size = 64, 394 .key_size = { 395 .min = 1, 396 .max = 64, 397 .increment = 1 398 }, 399 .digest_size = { 400 .min = 1, 401 .max = 28, 402 .increment = 1 403 }, 404 .iv_size = { 0 } 405 }, } 406 }, } 407 }, 408 { /* SHA256 */ 409 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 410 {.sym = { 411 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 412 {.auth = { 413 .algo = RTE_CRYPTO_AUTH_SHA256, 414 .block_size = 64, 415 .key_size = { 416 .min = 0, 417 .max = 0, 418 .increment = 0 419 }, 420 .digest_size = { 421 .min = 32, 422 .max = 32, 423 .increment = 0 424 }, 425 .iv_size = { 0 } 426 }, } 427 }, } 428 }, 429 { /* SHA256 HMAC */ 430 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 431 {.sym = { 432 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 433 {.auth = { 434 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 435 .block_size = 64, 436 .key_size = { 437 .min = 1, 438 .max = 64, 439 .increment = 1 440 }, 441 .digest_size = { 442 .min = 1, 443 .max = 32, 444 .increment = 1 445 }, 446 .iv_size = { 0 } 447 }, } 448 }, } 449 }, 450 { /* SHA384 */ 451 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 452 {.sym = { 453 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 454 {.auth = { 455 .algo = RTE_CRYPTO_AUTH_SHA384, 456 .block_size = 64, 457 .key_size = { 458 .min = 0, 459 .max = 0, 460 .increment = 0 461 }, 462 .digest_size = { 463 .min = 48, 464 .max = 48, 465 .increment = 0 466 }, 467 .iv_size = { 0 } 468 }, } 469 }, } 470 }, 471 { /* SHA384 HMAC */ 472 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 473 {.sym = { 474 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 475 {.auth = { 476 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 477 .block_size = 128, 478 .key_size = { 479 .min = 1, 480 .max = 128, 481 .increment = 1 482 }, 483 .digest_size = { 484 .min = 1, 485 .max = 48, 486 .increment = 1 487 }, 488 .iv_size = { 0 } 489 }, } 490 }, } 491 }, 492 { /* SHA512 */ 493 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 494 {.sym = { 495 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 496 {.auth = { 497 .algo = RTE_CRYPTO_AUTH_SHA512, 498 .block_size = 128, 499 .key_size = { 500 .min = 0, 501 .max = 0, 502 .increment = 0 503 }, 504 .digest_size = { 505 .min = 64, 506 .max = 64, 507 .increment = 0 508 }, 509 .iv_size = { 0 } 510 }, } 511 }, } 512 }, 513 { /* SHA512 HMAC */ 514 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 515 {.sym = { 516 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 517 {.auth = { 518 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 519 .block_size = 128, 520 .key_size = { 521 .min = 1, 522 .max = 128, 523 .increment = 1 524 }, 525 .digest_size = { 526 .min = 1, 527 .max = 64, 528 .increment = 1 529 }, 530 .iv_size = { 0 } 531 }, } 532 }, } 533 }, 534 { /* AES GCM */ 535 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 536 {.sym = { 537 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 538 {.aead = { 539 .algo = RTE_CRYPTO_AEAD_AES_GCM, 540 .block_size = 16, 541 .key_size = { 542 .min = 16, 543 .max = 32, 544 .increment = 8 545 }, 546 .digest_size = { 547 .min = 8, 548 .max = 16, 549 .increment = 4 550 }, 551 .aad_size = { 552 .min = 0, 553 .max = 240, 554 .increment = 1 555 }, 556 .iv_size = { 557 .min = 12, 558 .max = 12, 559 .increment = 0 560 }, 561 }, } 562 }, } 563 }, 564 { /* NULL (CIPHER) */ 565 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 566 {.sym = { 567 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 568 {.cipher = { 569 .algo = RTE_CRYPTO_CIPHER_NULL, 570 .block_size = 1, 571 .key_size = { 572 .min = 0, 573 .max = 0, 574 .increment = 0 575 }, 576 .iv_size = { 577 .min = 0, 578 .max = 0, 579 .increment = 0 580 } 581 }, }, 582 }, } 583 }, 584 { /* AES CBC */ 585 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 586 {.sym = { 587 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 588 {.cipher = { 589 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 590 .block_size = 16, 591 .key_size = { 592 .min = 16, 593 .max = 32, 594 .increment = 8 595 }, 596 .iv_size = { 597 .min = 16, 598 .max = 16, 599 .increment = 0 600 } 601 }, } 602 }, } 603 }, 604 { /* AES CTR */ 605 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 606 {.sym = { 607 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 608 {.cipher = { 609 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 610 .block_size = 16, 611 .key_size = { 612 .min = 16, 613 .max = 32, 614 .increment = 8 615 }, 616 .iv_size = { 617 .min = 16, 618 .max = 16, 619 .increment = 0 620 }, 621 }, } 622 }, } 623 }, 624 { /* DES CBC */ 625 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 626 {.sym = { 627 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 628 {.cipher = { 629 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 630 .block_size = 8, 631 .key_size = { 632 .min = 8, 633 .max = 8, 634 .increment = 0 635 }, 636 .iv_size = { 637 .min = 8, 638 .max = 8, 639 .increment = 0 640 } 641 }, } 642 }, } 643 }, 644 { /* 3DES CBC */ 645 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 646 {.sym = { 647 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 648 {.cipher = { 649 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 650 .block_size = 8, 651 .key_size = { 652 .min = 16, 653 .max = 24, 654 .increment = 8 655 }, 656 .iv_size = { 657 .min = 8, 658 .max = 8, 659 .increment = 0 660 } 661 }, } 662 }, } 663 }, 664 { /* SNOW 3G (UIA2) */ 665 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 666 {.sym = { 667 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 668 {.auth = { 669 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 670 .block_size = 16, 671 .key_size = { 672 .min = 16, 673 .max = 16, 674 .increment = 0 675 }, 676 .digest_size = { 677 .min = 4, 678 .max = 4, 679 .increment = 0 680 }, 681 .iv_size = { 682 .min = 16, 683 .max = 16, 684 .increment = 0 685 } 686 }, } 687 }, } 688 }, 689 { /* SNOW 3G (UEA2) */ 690 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 691 {.sym = { 692 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 693 {.cipher = { 694 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 695 .block_size = 16, 696 .key_size = { 697 .min = 16, 698 .max = 16, 699 .increment = 0 700 }, 701 .iv_size = { 702 .min = 16, 703 .max = 16, 704 .increment = 0 705 } 706 }, } 707 }, } 708 }, 709 { /* ZUC (EEA3) */ 710 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 711 {.sym = { 712 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 713 {.cipher = { 714 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 715 .block_size = 16, 716 .key_size = { 717 .min = 16, 718 .max = 16, 719 .increment = 0 720 }, 721 .iv_size = { 722 .min = 16, 723 .max = 16, 724 .increment = 0 725 } 726 }, } 727 }, } 728 }, 729 { /* ZUC (EIA3) */ 730 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 731 {.sym = { 732 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 733 {.auth = { 734 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 735 .block_size = 16, 736 .key_size = { 737 .min = 16, 738 .max = 16, 739 .increment = 0 740 }, 741 .digest_size = { 742 .min = 4, 743 .max = 4, 744 .increment = 0 745 }, 746 .iv_size = { 747 .min = 16, 748 .max = 16, 749 .increment = 0 750 } 751 }, } 752 }, } 753 }, 754 { /* AES CMAC */ 755 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 756 {.sym = { 757 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 758 {.auth = { 759 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 760 .block_size = 16, 761 .key_size = { 762 .min = 1, 763 .max = 16, 764 .increment = 1 765 }, 766 .digest_size = { 767 .min = 12, 768 .max = 16, 769 .increment = 4 770 }, 771 .iv_size = { 0 } 772 }, } 773 }, } 774 }, 775 { /* AES XCBC HMAC */ 776 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 777 {.sym = { 778 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 779 {.auth = { 780 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 781 .block_size = 16, 782 .key_size = { 783 .min = 1, 784 .max = 16, 785 .increment = 1 786 }, 787 .digest_size = { 788 .min = 12, 789 .max = 16, 790 .increment = 4 791 }, 792 .aad_size = { 0 }, 793 .iv_size = { 0 } 794 }, } 795 }, } 796 }, 797 { /* NULL (AUTH) */ 798 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 799 {.sym = { 800 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 801 {.auth = { 802 .algo = RTE_CRYPTO_AUTH_NULL, 803 .block_size = 1, 804 .key_size = { 805 .min = 0, 806 .max = 0, 807 .increment = 0 808 }, 809 .digest_size = { 810 .min = 0, 811 .max = 0, 812 .increment = 0 813 }, 814 }, }, 815 }, }, 816 }, 817 { /* NULL (CIPHER) */ 818 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 819 {.sym = { 820 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 821 {.cipher = { 822 .algo = RTE_CRYPTO_CIPHER_NULL, 823 .block_size = 1, 824 .key_size = { 825 .min = 0, 826 .max = 0, 827 .increment = 0 828 }, 829 .iv_size = { 830 .min = 0, 831 .max = 0, 832 .increment = 0 833 } 834 }, }, 835 }, } 836 }, 837 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 838 }; 839 840 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 841 { /* SNOW 3G (UIA2) */ 842 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 843 {.sym = { 844 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 845 {.auth = { 846 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 847 .block_size = 16, 848 .key_size = { 849 .min = 16, 850 .max = 16, 851 .increment = 0 852 }, 853 .digest_size = { 854 .min = 4, 855 .max = 4, 856 .increment = 0 857 }, 858 .iv_size = { 859 .min = 16, 860 .max = 16, 861 .increment = 0 862 } 863 }, } 864 }, } 865 }, 866 { /* SNOW 3G (UEA2) */ 867 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 868 {.sym = { 869 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 870 {.cipher = { 871 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 872 .block_size = 16, 873 .key_size = { 874 .min = 16, 875 .max = 16, 876 .increment = 0 877 }, 878 .iv_size = { 879 .min = 16, 880 .max = 16, 881 .increment = 0 882 } 883 }, } 884 }, } 885 }, 886 { /* AES CTR */ 887 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 888 {.sym = { 889 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 890 {.cipher = { 891 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 892 .block_size = 16, 893 .key_size = { 894 .min = 16, 895 .max = 32, 896 .increment = 8 897 }, 898 .iv_size = { 899 .min = 16, 900 .max = 16, 901 .increment = 0 902 } 903 }, } 904 }, } 905 }, 906 { /* NULL (AUTH) */ 907 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 908 {.sym = { 909 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 910 {.auth = { 911 .algo = RTE_CRYPTO_AUTH_NULL, 912 .block_size = 1, 913 .key_size = { 914 .min = 0, 915 .max = 0, 916 .increment = 0 917 }, 918 .digest_size = { 919 .min = 0, 920 .max = 0, 921 .increment = 0 922 }, 923 .iv_size = { 0 } 924 }, }, 925 }, }, 926 }, 927 { /* NULL (CIPHER) */ 928 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 929 {.sym = { 930 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 931 {.cipher = { 932 .algo = RTE_CRYPTO_CIPHER_NULL, 933 .block_size = 1, 934 .key_size = { 935 .min = 0, 936 .max = 0, 937 .increment = 0 938 }, 939 .iv_size = { 940 .min = 0, 941 .max = 0, 942 .increment = 0 943 } 944 }, }, 945 }, } 946 }, 947 { /* ZUC (EEA3) */ 948 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 949 {.sym = { 950 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 951 {.cipher = { 952 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 953 .block_size = 16, 954 .key_size = { 955 .min = 16, 956 .max = 16, 957 .increment = 0 958 }, 959 .iv_size = { 960 .min = 16, 961 .max = 16, 962 .increment = 0 963 } 964 }, } 965 }, } 966 }, 967 { /* ZUC (EIA3) */ 968 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 969 {.sym = { 970 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 971 {.auth = { 972 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 973 .block_size = 16, 974 .key_size = { 975 .min = 16, 976 .max = 16, 977 .increment = 0 978 }, 979 .digest_size = { 980 .min = 4, 981 .max = 4, 982 .increment = 0 983 }, 984 .iv_size = { 985 .min = 16, 986 .max = 16, 987 .increment = 0 988 } 989 }, } 990 }, } 991 }, 992 993 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 994 }; 995 996 static const struct rte_security_capability dpaa_sec_security_cap[] = { 997 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 998 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 999 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 1000 .ipsec = { 1001 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 1002 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 1003 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 1004 .options = { 1005 .copy_df = 1, 1006 .copy_dscp = 1, 1007 .dec_ttl = 1, 1008 .ecn = 1, 1009 .esn = 1, 1010 .udp_encap = 1, 1011 }, 1012 .replay_win_sz_max = 128 1013 }, 1014 .crypto_capabilities = dpaa_sec_capabilities 1015 }, 1016 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 1017 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1018 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 1019 .ipsec = { 1020 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 1021 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 1022 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 1023 .options = { 1024 .copy_df = 1, 1025 .copy_dscp = 1, 1026 .dec_ttl = 1, 1027 .ecn = 1, 1028 .esn = 1, 1029 .udp_encap = 1, 1030 }, 1031 .replay_win_sz_max = 128 1032 }, 1033 .crypto_capabilities = dpaa_sec_capabilities 1034 }, 1035 { /* PDCP Lookaside Protocol offload Data */ 1036 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1037 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 1038 .pdcp = { 1039 .domain = RTE_SECURITY_PDCP_MODE_DATA, 1040 .capa_flags = 0 1041 }, 1042 .crypto_capabilities = dpaa_pdcp_capabilities 1043 }, 1044 { /* PDCP Lookaside Protocol offload Control */ 1045 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1046 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 1047 .pdcp = { 1048 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 1049 .capa_flags = 0 1050 }, 1051 .crypto_capabilities = dpaa_pdcp_capabilities 1052 }, 1053 { /* PDCP Lookaside Protocol offload Short MAC */ 1054 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1055 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 1056 .pdcp = { 1057 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, 1058 .capa_flags = 0 1059 }, 1060 .crypto_capabilities = dpaa_pdcp_capabilities 1061 }, 1062 { 1063 .action = RTE_SECURITY_ACTION_TYPE_NONE 1064 } 1065 }; 1066 1067 /** 1068 * Checksum 1069 * 1070 * @param buffer calculate chksum for buffer 1071 * @param len buffer length 1072 * 1073 * @return checksum value in host cpu order 1074 */ 1075 static inline uint16_t 1076 calc_chksum(void *buffer, int len) 1077 { 1078 uint16_t *buf = (uint16_t *)buffer; 1079 uint32_t sum = 0; 1080 uint16_t result; 1081 1082 for (sum = 0; len > 1; len -= 2) 1083 sum += *buf++; 1084 1085 if (len == 1) 1086 sum += *(unsigned char *)buf; 1087 1088 sum = (sum >> 16) + (sum & 0xFFFF); 1089 sum += (sum >> 16); 1090 result = ~sum; 1091 1092 return result; 1093 } 1094 1095 int 1096 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, 1097 struct rte_crypto_raw_dp_ctx *raw_dp_ctx, 1098 enum rte_crypto_op_sess_type sess_type, 1099 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update); 1100 1101 int 1102 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev); 1103 1104 int 1105 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess); 1106 1107 #endif /* _DPAA_SEC_H_ */ 1108