1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define MAX_DPAA_CORES 4 14 #define NUM_POOL_CHANNELS 4 15 #define DPAA_SEC_BURST 7 16 #define DPAA_SEC_ALG_UNSUPPORT (-1) 17 #define TDES_CBC_IV_LEN 8 18 #define AES_CBC_IV_LEN 16 19 #define AES_CTR_IV_LEN 16 20 #define AES_GCM_IV_LEN 12 21 22 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 23 24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 25 * a pointer to the shared descriptor. 26 */ 27 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 29 #define CTX_POOL_NUM_BUFS 32000 30 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 31 #define CTX_POOL_CACHE_SIZE 512 32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 33 34 #define DIR_ENC 1 35 #define DIR_DEC 0 36 37 enum dpaa_sec_op_type { 38 DPAA_SEC_NONE, /*!< No Cipher operations*/ 39 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 40 DPAA_SEC_AUTH, /*!< Authentication Operations */ 41 DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */ 42 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 43 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 44 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 45 DPAA_SEC_MAX 46 }; 47 48 49 #define DPAA_SEC_MAX_DESC_SIZE 64 50 /* code or cmd block to caam */ 51 struct sec_cdb { 52 struct { 53 union { 54 uint32_t word; 55 struct { 56 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 57 uint16_t rsvd63_48; 58 unsigned int rsvd47_39:9; 59 unsigned int idlen:7; 60 #else 61 unsigned int idlen:7; 62 unsigned int rsvd47_39:9; 63 uint16_t rsvd63_48; 64 #endif 65 } field; 66 } __packed hi; 67 68 union { 69 uint32_t word; 70 struct { 71 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 72 unsigned int rsvd31_30:2; 73 unsigned int fsgt:1; 74 unsigned int lng:1; 75 unsigned int offset:2; 76 unsigned int abs:1; 77 unsigned int add_buf:1; 78 uint8_t pool_id; 79 uint16_t pool_buffer_size; 80 #else 81 uint16_t pool_buffer_size; 82 uint8_t pool_id; 83 unsigned int add_buf:1; 84 unsigned int abs:1; 85 unsigned int offset:2; 86 unsigned int lng:1; 87 unsigned int fsgt:1; 88 unsigned int rsvd31_30:2; 89 #endif 90 } field; 91 } __packed lo; 92 } __packed sh_hdr; 93 94 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 95 }; 96 97 /*! 98 * The structure is to be filled by user as a part of 99 * dpaa_sec_proto_ctxt for PDCP Protocol 100 */ 101 struct sec_pdcp_ctxt { 102 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 103 int8_t bearer; /*!< PDCP bearer ID */ 104 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 105 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 106 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 107 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 108 * per packet hfn is stored 109 */ 110 uint32_t hfn; /*!< Hyper Frame Number */ 111 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 112 }; 113 114 typedef struct dpaa_sec_session_entry { 115 uint8_t dir; /*!< Operation Direction */ 116 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 117 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 118 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 119 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 120 union { 121 struct { 122 uint8_t *data; /**< pointer to key data */ 123 size_t length; /**< key length in bytes */ 124 } aead_key; 125 struct { 126 struct { 127 uint8_t *data; /**< pointer to key data */ 128 size_t length; /**< key length in bytes */ 129 } cipher_key; 130 struct { 131 uint8_t *data; /**< pointer to key data */ 132 size_t length; /**< key length in bytes */ 133 } auth_key; 134 }; 135 }; 136 union { 137 struct { 138 struct { 139 uint16_t length; 140 uint16_t offset; 141 } iv; /**< Initialisation vector parameters */ 142 uint16_t auth_only_len; 143 /*!< Length of data for Auth only */ 144 uint32_t digest_length; 145 struct ipsec_decap_pdb decap_pdb; 146 struct ipsec_encap_pdb encap_pdb; 147 union { 148 struct ip ip4_hdr; 149 struct rte_ipv6_hdr ip6_hdr; 150 }; 151 }; 152 struct sec_pdcp_ctxt pdcp; 153 }; 154 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 155 struct qman_fq *inq[MAX_DPAA_CORES]; 156 struct sec_cdb cdb; /**< cmd block associated with qp */ 157 } dpaa_sec_session; 158 159 struct dpaa_sec_qp { 160 struct dpaa_sec_dev_private *internals; 161 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 162 struct qman_fq outq; 163 int rx_pkts; 164 int rx_errs; 165 int tx_pkts; 166 int tx_errs; 167 }; 168 169 #define RTE_DPAA_MAX_NB_SEC_QPS 2 170 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 171 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 172 173 /* internal sec queue interface */ 174 struct dpaa_sec_dev_private { 175 void *sec_hw; 176 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 177 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 178 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 179 unsigned int max_nb_queue_pairs; 180 unsigned int max_nb_sessions; 181 rte_spinlock_t lock; 182 }; 183 184 #define MAX_SG_ENTRIES 16 185 #define MAX_JOB_SG_ENTRIES 36 186 187 struct dpaa_sec_job { 188 /* sg[0] output, sg[1] input, others are possible sub frames */ 189 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 190 }; 191 192 #define DPAA_MAX_NB_MAX_DIGEST 32 193 struct dpaa_sec_op_ctx { 194 struct dpaa_sec_job job; 195 struct rte_crypto_op *op; 196 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 197 uint32_t fd_status; 198 int64_t vtop_offset; 199 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 200 }; 201 202 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 203 { /* MD5 HMAC */ 204 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 205 {.sym = { 206 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 207 {.auth = { 208 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 209 .block_size = 64, 210 .key_size = { 211 .min = 1, 212 .max = 64, 213 .increment = 1 214 }, 215 .digest_size = { 216 .min = 1, 217 .max = 16, 218 .increment = 1 219 }, 220 .iv_size = { 0 } 221 }, } 222 }, } 223 }, 224 { /* SHA1 HMAC */ 225 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 226 {.sym = { 227 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 228 {.auth = { 229 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 230 .block_size = 64, 231 .key_size = { 232 .min = 1, 233 .max = 64, 234 .increment = 1 235 }, 236 .digest_size = { 237 .min = 1, 238 .max = 20, 239 .increment = 1 240 }, 241 .iv_size = { 0 } 242 }, } 243 }, } 244 }, 245 { /* SHA224 HMAC */ 246 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 247 {.sym = { 248 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 249 {.auth = { 250 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 251 .block_size = 64, 252 .key_size = { 253 .min = 1, 254 .max = 64, 255 .increment = 1 256 }, 257 .digest_size = { 258 .min = 1, 259 .max = 28, 260 .increment = 1 261 }, 262 .iv_size = { 0 } 263 }, } 264 }, } 265 }, 266 { /* SHA256 HMAC */ 267 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 268 {.sym = { 269 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 270 {.auth = { 271 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 272 .block_size = 64, 273 .key_size = { 274 .min = 1, 275 .max = 64, 276 .increment = 1 277 }, 278 .digest_size = { 279 .min = 1, 280 .max = 32, 281 .increment = 1 282 }, 283 .iv_size = { 0 } 284 }, } 285 }, } 286 }, 287 { /* SHA384 HMAC */ 288 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 289 {.sym = { 290 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 291 {.auth = { 292 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 293 .block_size = 128, 294 .key_size = { 295 .min = 1, 296 .max = 128, 297 .increment = 1 298 }, 299 .digest_size = { 300 .min = 1, 301 .max = 48, 302 .increment = 1 303 }, 304 .iv_size = { 0 } 305 }, } 306 }, } 307 }, 308 { /* SHA512 HMAC */ 309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 310 {.sym = { 311 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 312 {.auth = { 313 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 314 .block_size = 128, 315 .key_size = { 316 .min = 1, 317 .max = 128, 318 .increment = 1 319 }, 320 .digest_size = { 321 .min = 1, 322 .max = 64, 323 .increment = 1 324 }, 325 .iv_size = { 0 } 326 }, } 327 }, } 328 }, 329 { /* AES GCM */ 330 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 331 {.sym = { 332 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 333 {.aead = { 334 .algo = RTE_CRYPTO_AEAD_AES_GCM, 335 .block_size = 16, 336 .key_size = { 337 .min = 16, 338 .max = 32, 339 .increment = 8 340 }, 341 .digest_size = { 342 .min = 8, 343 .max = 16, 344 .increment = 4 345 }, 346 .aad_size = { 347 .min = 0, 348 .max = 240, 349 .increment = 1 350 }, 351 .iv_size = { 352 .min = 12, 353 .max = 12, 354 .increment = 0 355 }, 356 }, } 357 }, } 358 }, 359 { /* AES CBC */ 360 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 361 {.sym = { 362 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 363 {.cipher = { 364 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 365 .block_size = 16, 366 .key_size = { 367 .min = 16, 368 .max = 32, 369 .increment = 8 370 }, 371 .iv_size = { 372 .min = 16, 373 .max = 16, 374 .increment = 0 375 } 376 }, } 377 }, } 378 }, 379 { /* AES CTR */ 380 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 381 {.sym = { 382 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 383 {.cipher = { 384 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 385 .block_size = 16, 386 .key_size = { 387 .min = 16, 388 .max = 32, 389 .increment = 8 390 }, 391 .iv_size = { 392 .min = 16, 393 .max = 16, 394 .increment = 0 395 }, 396 }, } 397 }, } 398 }, 399 { /* 3DES CBC */ 400 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 401 {.sym = { 402 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 403 {.cipher = { 404 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 405 .block_size = 8, 406 .key_size = { 407 .min = 16, 408 .max = 24, 409 .increment = 8 410 }, 411 .iv_size = { 412 .min = 8, 413 .max = 8, 414 .increment = 0 415 } 416 }, } 417 }, } 418 }, 419 420 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 421 }; 422 423 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 424 { /* SNOW 3G (UIA2) */ 425 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 426 {.sym = { 427 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 428 {.auth = { 429 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 430 .block_size = 16, 431 .key_size = { 432 .min = 16, 433 .max = 16, 434 .increment = 0 435 }, 436 .digest_size = { 437 .min = 4, 438 .max = 4, 439 .increment = 0 440 }, 441 .iv_size = { 442 .min = 16, 443 .max = 16, 444 .increment = 0 445 } 446 }, } 447 }, } 448 }, 449 { /* SNOW 3G (UEA2) */ 450 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 451 {.sym = { 452 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 453 {.cipher = { 454 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 455 .block_size = 16, 456 .key_size = { 457 .min = 16, 458 .max = 16, 459 .increment = 0 460 }, 461 .iv_size = { 462 .min = 16, 463 .max = 16, 464 .increment = 0 465 } 466 }, } 467 }, } 468 }, 469 { /* AES CTR */ 470 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 471 {.sym = { 472 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 473 {.cipher = { 474 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 475 .block_size = 16, 476 .key_size = { 477 .min = 16, 478 .max = 32, 479 .increment = 8 480 }, 481 .iv_size = { 482 .min = 16, 483 .max = 16, 484 .increment = 0 485 } 486 }, } 487 }, } 488 }, 489 { /* NULL (AUTH) */ 490 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 491 {.sym = { 492 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 493 {.auth = { 494 .algo = RTE_CRYPTO_AUTH_NULL, 495 .block_size = 1, 496 .key_size = { 497 .min = 0, 498 .max = 0, 499 .increment = 0 500 }, 501 .digest_size = { 502 .min = 0, 503 .max = 0, 504 .increment = 0 505 }, 506 .iv_size = { 0 } 507 }, }, 508 }, }, 509 }, 510 { /* NULL (CIPHER) */ 511 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 512 {.sym = { 513 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 514 {.cipher = { 515 .algo = RTE_CRYPTO_CIPHER_NULL, 516 .block_size = 1, 517 .key_size = { 518 .min = 0, 519 .max = 0, 520 .increment = 0 521 }, 522 .iv_size = { 523 .min = 0, 524 .max = 0, 525 .increment = 0 526 } 527 }, }, 528 }, } 529 }, 530 { /* ZUC (EEA3) */ 531 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 532 {.sym = { 533 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 534 {.cipher = { 535 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 536 .block_size = 16, 537 .key_size = { 538 .min = 16, 539 .max = 16, 540 .increment = 0 541 }, 542 .iv_size = { 543 .min = 16, 544 .max = 16, 545 .increment = 0 546 } 547 }, } 548 }, } 549 }, 550 { /* ZUC (EIA3) */ 551 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 552 {.sym = { 553 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 554 {.auth = { 555 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 556 .block_size = 16, 557 .key_size = { 558 .min = 16, 559 .max = 16, 560 .increment = 0 561 }, 562 .digest_size = { 563 .min = 4, 564 .max = 4, 565 .increment = 0 566 }, 567 .iv_size = { 568 .min = 16, 569 .max = 16, 570 .increment = 0 571 } 572 }, } 573 }, } 574 }, 575 576 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 577 }; 578 579 static const struct rte_security_capability dpaa_sec_security_cap[] = { 580 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 581 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 582 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 583 .ipsec = { 584 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 585 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 586 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 587 .options = { 0 } 588 }, 589 .crypto_capabilities = dpaa_sec_capabilities 590 }, 591 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 592 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 593 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 594 .ipsec = { 595 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 596 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 597 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 598 .options = { 0 } 599 }, 600 .crypto_capabilities = dpaa_sec_capabilities 601 }, 602 { /* PDCP Lookaside Protocol offload Data */ 603 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 604 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 605 .pdcp = { 606 .domain = RTE_SECURITY_PDCP_MODE_DATA, 607 }, 608 .crypto_capabilities = dpaa_pdcp_capabilities 609 }, 610 { /* PDCP Lookaside Protocol offload Control */ 611 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 612 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 613 .pdcp = { 614 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 615 }, 616 .crypto_capabilities = dpaa_pdcp_capabilities 617 }, 618 { 619 .action = RTE_SECURITY_ACTION_TYPE_NONE 620 } 621 }; 622 623 /** 624 * Checksum 625 * 626 * @param buffer calculate chksum for buffer 627 * @param len buffer length 628 * 629 * @return checksum value in host cpu order 630 */ 631 static inline uint16_t 632 calc_chksum(void *buffer, int len) 633 { 634 uint16_t *buf = (uint16_t *)buffer; 635 uint32_t sum = 0; 636 uint16_t result; 637 638 for (sum = 0; len > 1; len -= 2) 639 sum += *buf++; 640 641 if (len == 1) 642 sum += *(unsigned char *)buf; 643 644 sum = (sum >> 16) + (sum & 0xFFFF); 645 sum += (sum >> 16); 646 result = ~sum; 647 648 return result; 649 } 650 651 #endif /* _DPAA_SEC_H_ */ 652