xref: /dpdk/drivers/crypto/dpaa_sec/dpaa_sec.h (revision 10b71caecbe1cddcbb65c050ca775fba575e88db) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  *
3  *   Copyright 2016-2020 NXP
4  *
5  */
6 
7 #ifndef _DPAA_SEC_H_
8 #define _DPAA_SEC_H_
9 
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD	crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
12 
13 #define MAX_DPAA_CORES		4
14 #define NUM_POOL_CHANNELS	4
15 #define DPAA_SEC_BURST		7
16 #define DPAA_SEC_ALG_UNSUPPORT	(-1)
17 #define TDES_CBC_IV_LEN		8
18 #define AES_CBC_IV_LEN		16
19 #define AES_CTR_IV_LEN		16
20 #define AES_GCM_IV_LEN		12
21 
22 #define DPAA_IPv6_DEFAULT_VTC_FLOW	0x60000000
23 
24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
25  * a pointer to the shared descriptor.
26  */
27 #define MIN_JOB_DESC_SIZE	(CAAM_CMD_SZ + CAAM_PTR_SZ)
28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
29 #define CTX_POOL_NUM_BUFS	32000
30 #define CTX_POOL_BUF_SIZE	sizeof(struct dpaa_sec_op_ctx)
31 #define CTX_POOL_CACHE_SIZE	512
32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
33 
34 #define DIR_ENC                 1
35 #define DIR_DEC                 0
36 
37 enum dpaa_sec_op_type {
38 	DPAA_SEC_NONE,  /*!< No Cipher operations*/
39 	DPAA_SEC_CIPHER,/*!< CIPHER operations */
40 	DPAA_SEC_AUTH,  /*!< Authentication Operations */
41 	DPAA_SEC_AEAD,  /*!< AEAD (AES-GCM/CCM) type operations */
42 	DPAA_SEC_CIPHER_HASH,  /*!< Authenticated Encryption with
43 				* associated data
44 				*/
45 	DPAA_SEC_HASH_CIPHER,  /*!< Encryption with Authenticated
46 				* associated data
47 				*/
48 	DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
49 	DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
50 	DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
51 	DPAA_SEC_MAX
52 };
53 
54 #define DPAA_SEC_MAX_DESC_SIZE  64
55 /* code or cmd block to caam */
56 struct sec_cdb {
57 	struct {
58 		union {
59 			uint32_t word;
60 			struct {
61 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
62 				uint16_t rsvd63_48;
63 				unsigned int rsvd47_39:9;
64 				unsigned int idlen:7;
65 #else
66 				unsigned int idlen:7;
67 				unsigned int rsvd47_39:9;
68 				uint16_t rsvd63_48;
69 #endif
70 			} field;
71 		} __packed hi;
72 
73 		union {
74 			uint32_t word;
75 			struct {
76 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
77 				unsigned int rsvd31_30:2;
78 				unsigned int fsgt:1;
79 				unsigned int lng:1;
80 				unsigned int offset:2;
81 				unsigned int abs:1;
82 				unsigned int add_buf:1;
83 				uint8_t pool_id;
84 				uint16_t pool_buffer_size;
85 #else
86 				uint16_t pool_buffer_size;
87 				uint8_t pool_id;
88 				unsigned int add_buf:1;
89 				unsigned int abs:1;
90 				unsigned int offset:2;
91 				unsigned int lng:1;
92 				unsigned int fsgt:1;
93 				unsigned int rsvd31_30:2;
94 #endif
95 			} field;
96 		} __packed lo;
97 	} __packed sh_hdr;
98 
99 	uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
100 };
101 #ifdef RTE_LIBRTE_SECURITY
102 /*!
103  * The structure is to be filled by user as a part of
104  * dpaa_sec_proto_ctxt for PDCP Protocol
105  */
106 struct sec_pdcp_ctxt {
107 	enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
108 	int8_t bearer;	/*!< PDCP bearer ID */
109 	int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
110 	int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
111 	uint8_t sn_size;	/*!< Sequence number size, 5/7/12/15/18 */
112 	uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
113 				 * per packet hfn is stored
114 				 */
115 	uint32_t hfn;	/*!< Hyper Frame Number */
116 	uint32_t hfn_threshold;	/*!< HFN Threashold for key renegotiation */
117 };
118 #endif
119 typedef struct dpaa_sec_session_entry {
120 	struct sec_cdb cdb;	/**< cmd block associated with qp */
121 	struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
122 	struct qman_fq *inq[MAX_DPAA_CORES];
123 	uint8_t dir;         /*!< Operation Direction */
124 	uint8_t ctxt;	/*!< Session Context Type */
125 	enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
126 	enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
127 	enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
128 #ifdef RTE_LIBRTE_SECURITY
129 	enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
130 #endif
131 	union {
132 		struct {
133 			uint8_t *data;	/**< pointer to key data */
134 			size_t length;	/**< key length in bytes */
135 			uint32_t alg;
136 			uint32_t algmode;
137 		} aead_key;
138 		struct {
139 			struct {
140 				uint8_t *data;	/**< pointer to key data */
141 				size_t length;	/**< key length in bytes */
142 				uint32_t alg;
143 				uint32_t algmode;
144 			} cipher_key;
145 			struct {
146 				uint8_t *data;	/**< pointer to key data */
147 				size_t length;	/**< key length in bytes */
148 				uint32_t alg;
149 				uint32_t algmode;
150 			} auth_key;
151 		};
152 	};
153 	union {
154 		struct {
155 			struct {
156 				uint16_t length;
157 				uint16_t offset;
158 			} iv;	/**< Initialisation vector parameters */
159 			uint16_t auth_only_len;
160 					/*!< Length of data for Auth only */
161 			uint32_t digest_length;
162 			struct ipsec_decap_pdb decap_pdb;
163 			struct ipsec_encap_pdb encap_pdb;
164 			union {
165 				struct ip ip4_hdr;
166 				struct rte_ipv6_hdr ip6_hdr;
167 			};
168 			uint8_t auth_cipher_text;
169 				/**< Authenticate/cipher ordering */
170 		};
171 #ifdef RTE_LIBRTE_SECURITY
172 		struct sec_pdcp_ctxt pdcp;
173 #endif
174 	};
175 } dpaa_sec_session;
176 
177 struct dpaa_sec_qp {
178 	struct dpaa_sec_dev_private *internals;
179 	struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
180 	struct qman_fq outq;
181 	int rx_pkts;
182 	int rx_errs;
183 	int tx_pkts;
184 	int tx_errs;
185 };
186 
187 #define RTE_DPAA_MAX_NB_SEC_QPS 2
188 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
189 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
190 
191 /* internal sec queue interface */
192 struct dpaa_sec_dev_private {
193 	void *sec_hw;
194 	struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
195 	struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
196 	unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
197 	unsigned int max_nb_queue_pairs;
198 	unsigned int max_nb_sessions;
199 	rte_spinlock_t lock;
200 };
201 
202 #define MAX_SG_ENTRIES		16
203 #define MAX_JOB_SG_ENTRIES	36
204 
205 struct dpaa_sec_job {
206 	/* sg[0] output, sg[1] input, others are possible sub frames */
207 	struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
208 };
209 
210 #define DPAA_MAX_NB_MAX_DIGEST	32
211 struct dpaa_sec_op_ctx {
212 	struct dpaa_sec_job job;
213 	struct rte_crypto_op *op;
214 	struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
215 	uint32_t fd_status;
216 	int64_t vtop_offset;
217 	uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
218 };
219 
220 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
221 	{	/* NULL (AUTH) */
222 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
223 		{.sym = {
224 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
225 			{.auth = {
226 				.algo = RTE_CRYPTO_AUTH_NULL,
227 				.block_size = 1,
228 				.key_size = {
229 					.min = 0,
230 					.max = 0,
231 					.increment = 0
232 				},
233 				.digest_size = {
234 					.min = 0,
235 					.max = 0,
236 					.increment = 0
237 				},
238 				.iv_size = { 0 }
239 			}, },
240 		}, },
241 	},
242 	{	/* MD5 HMAC */
243 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
244 		{.sym = {
245 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
246 			{.auth = {
247 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
248 				.block_size = 64,
249 				.key_size = {
250 					.min = 1,
251 					.max = 64,
252 					.increment = 1
253 				},
254 				.digest_size = {
255 					.min = 1,
256 					.max = 16,
257 					.increment = 1
258 				},
259 				.iv_size = { 0 }
260 			}, }
261 		}, }
262 	},
263 	{	/* SHA1 HMAC */
264 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
265 		{.sym = {
266 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
267 			{.auth = {
268 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
269 				.block_size = 64,
270 				.key_size = {
271 					.min = 1,
272 					.max = 64,
273 					.increment = 1
274 				},
275 				.digest_size = {
276 					.min = 1,
277 					.max = 20,
278 					.increment = 1
279 				},
280 				.iv_size = { 0 }
281 			}, }
282 		}, }
283 	},
284 	{	/* SHA224 HMAC */
285 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
286 		{.sym = {
287 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
288 			{.auth = {
289 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
290 				.block_size = 64,
291 				.key_size = {
292 					.min = 1,
293 					.max = 64,
294 					.increment = 1
295 				},
296 				.digest_size = {
297 					.min = 1,
298 					.max = 28,
299 					.increment = 1
300 				},
301 				.iv_size = { 0 }
302 			}, }
303 		}, }
304 	},
305 	{	/* SHA256 HMAC */
306 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
307 		{.sym = {
308 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
309 			{.auth = {
310 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
311 				.block_size = 64,
312 				.key_size = {
313 					.min = 1,
314 					.max = 64,
315 					.increment = 1
316 				},
317 				.digest_size = {
318 					.min = 1,
319 					.max = 32,
320 					.increment = 1
321 				},
322 				.iv_size = { 0 }
323 			}, }
324 		}, }
325 	},
326 	{	/* SHA384 HMAC */
327 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 		{.sym = {
329 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
330 			{.auth = {
331 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
332 				.block_size = 128,
333 				.key_size = {
334 					.min = 1,
335 					.max = 128,
336 					.increment = 1
337 				},
338 				.digest_size = {
339 					.min = 1,
340 					.max = 48,
341 					.increment = 1
342 				},
343 				.iv_size = { 0 }
344 			}, }
345 		}, }
346 	},
347 	{	/* SHA512 HMAC */
348 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
349 		{.sym = {
350 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
351 			{.auth = {
352 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
353 				.block_size = 128,
354 				.key_size = {
355 					.min = 1,
356 					.max = 128,
357 					.increment = 1
358 				},
359 				.digest_size = {
360 					.min = 1,
361 					.max = 64,
362 					.increment = 1
363 				},
364 				.iv_size = { 0 }
365 			}, }
366 		}, }
367 	},
368 	{	/* AES GCM */
369 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
370 		{.sym = {
371 			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
372 			{.aead = {
373 				.algo = RTE_CRYPTO_AEAD_AES_GCM,
374 				.block_size = 16,
375 				.key_size = {
376 					.min = 16,
377 					.max = 32,
378 					.increment = 8
379 				},
380 				.digest_size = {
381 					.min = 8,
382 					.max = 16,
383 					.increment = 4
384 				},
385 				.aad_size = {
386 					.min = 0,
387 					.max = 240,
388 					.increment = 1
389 				},
390 				.iv_size = {
391 					.min = 12,
392 					.max = 12,
393 					.increment = 0
394 				},
395 			}, }
396 		}, }
397 	},
398 	{	/* NULL (CIPHER) */
399 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
400 		{.sym = {
401 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
402 			{.cipher = {
403 				.algo = RTE_CRYPTO_CIPHER_NULL,
404 				.block_size = 1,
405 				.key_size = {
406 					.min = 0,
407 					.max = 0,
408 					.increment = 0
409 				},
410 				.iv_size = {
411 					.min = 0,
412 					.max = 0,
413 					.increment = 0
414 				}
415 			}, },
416 		}, }
417 	},
418 	{	/* AES CBC */
419 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
420 		{.sym = {
421 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
422 			{.cipher = {
423 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
424 				.block_size = 16,
425 				.key_size = {
426 					.min = 16,
427 					.max = 32,
428 					.increment = 8
429 				},
430 				.iv_size = {
431 					.min = 16,
432 					.max = 16,
433 					.increment = 0
434 				}
435 			}, }
436 		}, }
437 	},
438 	{	/* AES CTR */
439 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
440 		{.sym = {
441 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
442 			{.cipher = {
443 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
444 				.block_size = 16,
445 				.key_size = {
446 					.min = 16,
447 					.max = 32,
448 					.increment = 8
449 				},
450 				.iv_size = {
451 					.min = 16,
452 					.max = 16,
453 					.increment = 0
454 				},
455 			}, }
456 		}, }
457 	},
458 	{	/* 3DES CBC */
459 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
460 		{.sym = {
461 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
462 			{.cipher = {
463 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
464 				.block_size = 8,
465 				.key_size = {
466 					.min = 16,
467 					.max = 24,
468 					.increment = 8
469 				},
470 				.iv_size = {
471 					.min = 8,
472 					.max = 8,
473 					.increment = 0
474 				}
475 			}, }
476 		}, }
477 	},
478 	{	/* SNOW 3G (UIA2) */
479 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
480 		{.sym = {
481 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
482 			{.auth = {
483 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
484 				.block_size = 16,
485 				.key_size = {
486 					.min = 16,
487 					.max = 16,
488 					.increment = 0
489 				},
490 				.digest_size = {
491 					.min = 4,
492 					.max = 4,
493 					.increment = 0
494 				},
495 				.iv_size = {
496 					.min = 16,
497 					.max = 16,
498 					.increment = 0
499 				}
500 			}, }
501 		}, }
502 	},
503 	{	/* SNOW 3G (UEA2) */
504 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
505 		{.sym = {
506 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
507 			{.cipher = {
508 				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
509 				.block_size = 16,
510 				.key_size = {
511 					.min = 16,
512 					.max = 16,
513 					.increment = 0
514 				},
515 				.iv_size = {
516 					.min = 16,
517 					.max = 16,
518 					.increment = 0
519 				}
520 			}, }
521 		}, }
522 	},
523 	{	/* ZUC (EEA3) */
524 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
525 		{.sym = {
526 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
527 			{.cipher = {
528 				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
529 				.block_size = 16,
530 				.key_size = {
531 					.min = 16,
532 					.max = 16,
533 					.increment = 0
534 				},
535 				.iv_size = {
536 					.min = 16,
537 					.max = 16,
538 					.increment = 0
539 				}
540 			}, }
541 		}, }
542 	},
543 	{	/* ZUC (EIA3) */
544 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
545 		{.sym = {
546 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
547 			{.auth = {
548 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
549 				.block_size = 16,
550 				.key_size = {
551 					.min = 16,
552 					.max = 16,
553 					.increment = 0
554 				},
555 				.digest_size = {
556 					.min = 4,
557 					.max = 4,
558 					.increment = 0
559 				},
560 				.iv_size = {
561 					.min = 16,
562 					.max = 16,
563 					.increment = 0
564 				}
565 			}, }
566 		}, }
567 	},
568 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
569 };
570 
571 #ifdef RTE_LIBRTE_SECURITY
572 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
573 	{	/* SNOW 3G (UIA2) */
574 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
575 		{.sym = {
576 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
577 			{.auth = {
578 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
579 				.block_size = 16,
580 				.key_size = {
581 					.min = 16,
582 					.max = 16,
583 					.increment = 0
584 				},
585 				.digest_size = {
586 					.min = 4,
587 					.max = 4,
588 					.increment = 0
589 				},
590 				.iv_size = {
591 					.min = 16,
592 					.max = 16,
593 					.increment = 0
594 				}
595 			}, }
596 		}, }
597 	},
598 	{	/* SNOW 3G (UEA2) */
599 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
600 		{.sym = {
601 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
602 			{.cipher = {
603 				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
604 				.block_size = 16,
605 				.key_size = {
606 					.min = 16,
607 					.max = 16,
608 					.increment = 0
609 				},
610 				.iv_size = {
611 					.min = 16,
612 					.max = 16,
613 					.increment = 0
614 				}
615 			}, }
616 		}, }
617 	},
618 	{	/* AES CTR */
619 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
620 		{.sym = {
621 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
622 			{.cipher = {
623 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
624 				.block_size = 16,
625 				.key_size = {
626 					.min = 16,
627 					.max = 32,
628 					.increment = 8
629 				},
630 				.iv_size = {
631 					.min = 16,
632 					.max = 16,
633 					.increment = 0
634 				}
635 			}, }
636 		}, }
637 	},
638 	{	/* NULL (AUTH) */
639 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
640 		{.sym = {
641 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
642 			{.auth = {
643 				.algo = RTE_CRYPTO_AUTH_NULL,
644 				.block_size = 1,
645 				.key_size = {
646 					.min = 0,
647 					.max = 0,
648 					.increment = 0
649 				},
650 				.digest_size = {
651 					.min = 0,
652 					.max = 0,
653 					.increment = 0
654 				},
655 				.iv_size = { 0 }
656 			}, },
657 		}, },
658 	},
659 	{	/* NULL (CIPHER) */
660 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
661 		{.sym = {
662 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
663 			{.cipher = {
664 				.algo = RTE_CRYPTO_CIPHER_NULL,
665 				.block_size = 1,
666 				.key_size = {
667 					.min = 0,
668 					.max = 0,
669 					.increment = 0
670 				},
671 				.iv_size = {
672 					.min = 0,
673 					.max = 0,
674 					.increment = 0
675 				}
676 			}, },
677 		}, }
678 	},
679 	{	/* ZUC (EEA3) */
680 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
681 		{.sym = {
682 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
683 			{.cipher = {
684 				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
685 				.block_size = 16,
686 				.key_size = {
687 					.min = 16,
688 					.max = 16,
689 					.increment = 0
690 				},
691 				.iv_size = {
692 					.min = 16,
693 					.max = 16,
694 					.increment = 0
695 				}
696 			}, }
697 		}, }
698 	},
699 	{	/* ZUC (EIA3) */
700 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
701 		{.sym = {
702 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
703 			{.auth = {
704 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
705 				.block_size = 16,
706 				.key_size = {
707 					.min = 16,
708 					.max = 16,
709 					.increment = 0
710 				},
711 				.digest_size = {
712 					.min = 4,
713 					.max = 4,
714 					.increment = 0
715 				},
716 				.iv_size = {
717 					.min = 16,
718 					.max = 16,
719 					.increment = 0
720 				}
721 			}, }
722 		}, }
723 	},
724 
725 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
726 };
727 
728 static const struct rte_security_capability dpaa_sec_security_cap[] = {
729 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
730 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
731 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
732 		.ipsec = {
733 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
734 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
735 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
736 			.options = { 0 },
737 			.replay_win_sz_max = 128
738 		},
739 		.crypto_capabilities = dpaa_sec_capabilities
740 	},
741 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
742 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
743 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
744 		.ipsec = {
745 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
746 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
747 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
748 			.options = { 0 },
749 			.replay_win_sz_max = 128
750 		},
751 		.crypto_capabilities = dpaa_sec_capabilities
752 	},
753 	{ /* PDCP Lookaside Protocol offload Data */
754 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
755 		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
756 		.pdcp = {
757 			.domain = RTE_SECURITY_PDCP_MODE_DATA,
758 			.capa_flags = 0
759 		},
760 		.crypto_capabilities = dpaa_pdcp_capabilities
761 	},
762 	{ /* PDCP Lookaside Protocol offload Control */
763 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
764 		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
765 		.pdcp = {
766 			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
767 			.capa_flags = 0
768 		},
769 		.crypto_capabilities = dpaa_pdcp_capabilities
770 	},
771 	{
772 		.action = RTE_SECURITY_ACTION_TYPE_NONE
773 	}
774 };
775 #endif
776 
777 /**
778  * Checksum
779  *
780  * @param buffer calculate chksum for buffer
781  * @param len    buffer length
782  *
783  * @return checksum value in host cpu order
784  */
785 static inline uint16_t
786 calc_chksum(void *buffer, int len)
787 {
788 	uint16_t *buf = (uint16_t *)buffer;
789 	uint32_t sum = 0;
790 	uint16_t result;
791 
792 	for (sum = 0; len > 1; len -= 2)
793 		sum += *buf++;
794 
795 	if (len == 1)
796 		sum += *(unsigned char *)buf;
797 
798 	sum = (sum >> 16) + (sum & 0xFFFF);
799 	sum += (sum >> 16);
800 	result = ~sum;
801 
802 	return  result;
803 }
804 
805 #endif /* _DPAA_SEC_H_ */
806