1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define MAX_DPAA_CORES 4 14 #define NUM_POOL_CHANNELS 4 15 #define DPAA_SEC_BURST 7 16 #define DPAA_SEC_ALG_UNSUPPORT (-1) 17 #define TDES_CBC_IV_LEN 8 18 #define AES_CBC_IV_LEN 16 19 #define AES_CTR_IV_LEN 16 20 #define AES_GCM_IV_LEN 12 21 22 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 23 * a pointer to the shared descriptor. 24 */ 25 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 26 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 27 #define CTX_POOL_NUM_BUFS 32000 28 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 29 #define CTX_POOL_CACHE_SIZE 512 30 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 31 32 #define DIR_ENC 1 33 #define DIR_DEC 0 34 35 enum dpaa_sec_op_type { 36 DPAA_SEC_NONE, /*!< No Cipher operations*/ 37 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 38 DPAA_SEC_AUTH, /*!< Authentication Operations */ 39 DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */ 40 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 41 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 42 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 43 DPAA_SEC_MAX 44 }; 45 46 47 #define DPAA_SEC_MAX_DESC_SIZE 64 48 /* code or cmd block to caam */ 49 struct sec_cdb { 50 struct { 51 union { 52 uint32_t word; 53 struct { 54 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 55 uint16_t rsvd63_48; 56 unsigned int rsvd47_39:9; 57 unsigned int idlen:7; 58 #else 59 unsigned int idlen:7; 60 unsigned int rsvd47_39:9; 61 uint16_t rsvd63_48; 62 #endif 63 } field; 64 } __packed hi; 65 66 union { 67 uint32_t word; 68 struct { 69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 70 unsigned int rsvd31_30:2; 71 unsigned int fsgt:1; 72 unsigned int lng:1; 73 unsigned int offset:2; 74 unsigned int abs:1; 75 unsigned int add_buf:1; 76 uint8_t pool_id; 77 uint16_t pool_buffer_size; 78 #else 79 uint16_t pool_buffer_size; 80 uint8_t pool_id; 81 unsigned int add_buf:1; 82 unsigned int abs:1; 83 unsigned int offset:2; 84 unsigned int lng:1; 85 unsigned int fsgt:1; 86 unsigned int rsvd31_30:2; 87 #endif 88 } field; 89 } __packed lo; 90 } __packed sh_hdr; 91 92 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 93 }; 94 95 /*! 96 * The structure is to be filled by user as a part of 97 * dpaa_sec_proto_ctxt for PDCP Protocol 98 */ 99 struct sec_pdcp_ctxt { 100 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 101 int8_t bearer; /*!< PDCP bearer ID */ 102 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 103 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 104 uint32_t hfn; /*!< Hyper Frame Number */ 105 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 106 uint8_t sn_size; /*!< Sequence number size, 7/12/15 */ 107 }; 108 109 typedef struct dpaa_sec_session_entry { 110 uint8_t dir; /*!< Operation Direction */ 111 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 112 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 113 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 114 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 115 union { 116 struct { 117 uint8_t *data; /**< pointer to key data */ 118 size_t length; /**< key length in bytes */ 119 } aead_key; 120 struct { 121 struct { 122 uint8_t *data; /**< pointer to key data */ 123 size_t length; /**< key length in bytes */ 124 } cipher_key; 125 struct { 126 uint8_t *data; /**< pointer to key data */ 127 size_t length; /**< key length in bytes */ 128 } auth_key; 129 }; 130 }; 131 union { 132 struct { 133 struct { 134 uint16_t length; 135 uint16_t offset; 136 } iv; /**< Initialisation vector parameters */ 137 uint16_t auth_only_len; 138 /*!< Length of data for Auth only */ 139 uint32_t digest_length; 140 struct ipsec_decap_pdb decap_pdb; 141 struct ipsec_encap_pdb encap_pdb; 142 struct ip ip4_hdr; 143 }; 144 struct sec_pdcp_ctxt pdcp; 145 }; 146 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 147 struct qman_fq *inq[MAX_DPAA_CORES]; 148 struct sec_cdb cdb; /**< cmd block associated with qp */ 149 struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */ 150 } dpaa_sec_session; 151 152 struct dpaa_sec_qp { 153 struct dpaa_sec_dev_private *internals; 154 struct qman_fq outq; 155 int rx_pkts; 156 int rx_errs; 157 int tx_pkts; 158 int tx_errs; 159 }; 160 161 #define RTE_DPAA_MAX_NB_SEC_QPS 2 162 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 163 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 164 165 /* internal sec queue interface */ 166 struct dpaa_sec_dev_private { 167 void *sec_hw; 168 struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */ 169 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 170 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 171 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 172 unsigned int max_nb_queue_pairs; 173 unsigned int max_nb_sessions; 174 rte_spinlock_t lock; 175 }; 176 177 #define MAX_SG_ENTRIES 16 178 #define SG_CACHELINE_0 0 179 #define SG_CACHELINE_1 4 180 #define SG_CACHELINE_2 8 181 #define SG_CACHELINE_3 12 182 struct dpaa_sec_job { 183 /* sg[0] output, sg[1] input, others are possible sub frames */ 184 struct qm_sg_entry sg[MAX_SG_ENTRIES]; 185 }; 186 187 #define DPAA_MAX_NB_MAX_DIGEST 32 188 struct dpaa_sec_op_ctx { 189 struct dpaa_sec_job job; 190 struct rte_crypto_op *op; 191 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 192 uint32_t fd_status; 193 int64_t vtop_offset; 194 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 195 }; 196 197 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 198 { /* MD5 HMAC */ 199 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 200 {.sym = { 201 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 202 {.auth = { 203 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 204 .block_size = 64, 205 .key_size = { 206 .min = 1, 207 .max = 64, 208 .increment = 1 209 }, 210 .digest_size = { 211 .min = 1, 212 .max = 16, 213 .increment = 1 214 }, 215 .iv_size = { 0 } 216 }, } 217 }, } 218 }, 219 { /* SHA1 HMAC */ 220 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 221 {.sym = { 222 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 223 {.auth = { 224 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 225 .block_size = 64, 226 .key_size = { 227 .min = 1, 228 .max = 64, 229 .increment = 1 230 }, 231 .digest_size = { 232 .min = 1, 233 .max = 20, 234 .increment = 1 235 }, 236 .iv_size = { 0 } 237 }, } 238 }, } 239 }, 240 { /* SHA224 HMAC */ 241 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 242 {.sym = { 243 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 244 {.auth = { 245 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 246 .block_size = 64, 247 .key_size = { 248 .min = 1, 249 .max = 64, 250 .increment = 1 251 }, 252 .digest_size = { 253 .min = 1, 254 .max = 28, 255 .increment = 1 256 }, 257 .iv_size = { 0 } 258 }, } 259 }, } 260 }, 261 { /* SHA256 HMAC */ 262 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 263 {.sym = { 264 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 265 {.auth = { 266 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 267 .block_size = 64, 268 .key_size = { 269 .min = 1, 270 .max = 64, 271 .increment = 1 272 }, 273 .digest_size = { 274 .min = 1, 275 .max = 32, 276 .increment = 1 277 }, 278 .iv_size = { 0 } 279 }, } 280 }, } 281 }, 282 { /* SHA384 HMAC */ 283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 284 {.sym = { 285 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 286 {.auth = { 287 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 288 .block_size = 128, 289 .key_size = { 290 .min = 1, 291 .max = 128, 292 .increment = 1 293 }, 294 .digest_size = { 295 .min = 1, 296 .max = 48, 297 .increment = 1 298 }, 299 .iv_size = { 0 } 300 }, } 301 }, } 302 }, 303 { /* SHA512 HMAC */ 304 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 305 {.sym = { 306 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 307 {.auth = { 308 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 309 .block_size = 128, 310 .key_size = { 311 .min = 1, 312 .max = 128, 313 .increment = 1 314 }, 315 .digest_size = { 316 .min = 1, 317 .max = 64, 318 .increment = 1 319 }, 320 .iv_size = { 0 } 321 }, } 322 }, } 323 }, 324 { /* AES GCM */ 325 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 326 {.sym = { 327 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 328 {.aead = { 329 .algo = RTE_CRYPTO_AEAD_AES_GCM, 330 .block_size = 16, 331 .key_size = { 332 .min = 16, 333 .max = 32, 334 .increment = 8 335 }, 336 .digest_size = { 337 .min = 8, 338 .max = 16, 339 .increment = 4 340 }, 341 .aad_size = { 342 .min = 0, 343 .max = 240, 344 .increment = 1 345 }, 346 .iv_size = { 347 .min = 12, 348 .max = 12, 349 .increment = 0 350 }, 351 }, } 352 }, } 353 }, 354 { /* AES CBC */ 355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 356 {.sym = { 357 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 358 {.cipher = { 359 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 360 .block_size = 16, 361 .key_size = { 362 .min = 16, 363 .max = 32, 364 .increment = 8 365 }, 366 .iv_size = { 367 .min = 16, 368 .max = 16, 369 .increment = 0 370 } 371 }, } 372 }, } 373 }, 374 { /* AES CTR */ 375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 376 {.sym = { 377 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 378 {.cipher = { 379 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 380 .block_size = 16, 381 .key_size = { 382 .min = 16, 383 .max = 32, 384 .increment = 8 385 }, 386 .iv_size = { 387 .min = 16, 388 .max = 16, 389 .increment = 0 390 }, 391 }, } 392 }, } 393 }, 394 { /* 3DES CBC */ 395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 396 {.sym = { 397 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 398 {.cipher = { 399 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 400 .block_size = 8, 401 .key_size = { 402 .min = 16, 403 .max = 24, 404 .increment = 8 405 }, 406 .iv_size = { 407 .min = 8, 408 .max = 8, 409 .increment = 0 410 } 411 }, } 412 }, } 413 }, 414 415 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 416 }; 417 418 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 419 { /* SNOW 3G (UIA2) */ 420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 421 {.sym = { 422 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 423 {.auth = { 424 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 425 .block_size = 16, 426 .key_size = { 427 .min = 16, 428 .max = 16, 429 .increment = 0 430 }, 431 .digest_size = { 432 .min = 4, 433 .max = 4, 434 .increment = 0 435 }, 436 .iv_size = { 437 .min = 16, 438 .max = 16, 439 .increment = 0 440 } 441 }, } 442 }, } 443 }, 444 { /* SNOW 3G (UEA2) */ 445 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 446 {.sym = { 447 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 448 {.cipher = { 449 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 450 .block_size = 16, 451 .key_size = { 452 .min = 16, 453 .max = 16, 454 .increment = 0 455 }, 456 .iv_size = { 457 .min = 16, 458 .max = 16, 459 .increment = 0 460 } 461 }, } 462 }, } 463 }, 464 { /* AES CTR */ 465 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 466 {.sym = { 467 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 468 {.cipher = { 469 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 470 .block_size = 16, 471 .key_size = { 472 .min = 16, 473 .max = 32, 474 .increment = 8 475 }, 476 .iv_size = { 477 .min = 16, 478 .max = 16, 479 .increment = 0 480 } 481 }, } 482 }, } 483 }, 484 { /* NULL (AUTH) */ 485 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 486 {.sym = { 487 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 488 {.auth = { 489 .algo = RTE_CRYPTO_AUTH_NULL, 490 .block_size = 1, 491 .key_size = { 492 .min = 0, 493 .max = 0, 494 .increment = 0 495 }, 496 .digest_size = { 497 .min = 0, 498 .max = 0, 499 .increment = 0 500 }, 501 .iv_size = { 0 } 502 }, }, 503 }, }, 504 }, 505 { /* NULL (CIPHER) */ 506 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 507 {.sym = { 508 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 509 {.cipher = { 510 .algo = RTE_CRYPTO_CIPHER_NULL, 511 .block_size = 1, 512 .key_size = { 513 .min = 0, 514 .max = 0, 515 .increment = 0 516 }, 517 .iv_size = { 518 .min = 0, 519 .max = 0, 520 .increment = 0 521 } 522 }, }, 523 }, } 524 }, 525 { /* ZUC (EEA3) */ 526 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 527 {.sym = { 528 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 529 {.cipher = { 530 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 531 .block_size = 16, 532 .key_size = { 533 .min = 16, 534 .max = 16, 535 .increment = 0 536 }, 537 .iv_size = { 538 .min = 16, 539 .max = 16, 540 .increment = 0 541 } 542 }, } 543 }, } 544 }, 545 { /* ZUC (EIA3) */ 546 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 547 {.sym = { 548 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 549 {.auth = { 550 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 551 .block_size = 16, 552 .key_size = { 553 .min = 16, 554 .max = 16, 555 .increment = 0 556 }, 557 .digest_size = { 558 .min = 4, 559 .max = 4, 560 .increment = 0 561 }, 562 .iv_size = { 563 .min = 16, 564 .max = 16, 565 .increment = 0 566 } 567 }, } 568 }, } 569 }, 570 571 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 572 }; 573 574 static const struct rte_security_capability dpaa_sec_security_cap[] = { 575 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 576 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 577 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 578 .ipsec = { 579 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 580 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 581 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 582 .options = { 0 } 583 }, 584 .crypto_capabilities = dpaa_sec_capabilities 585 }, 586 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 587 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 588 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 589 .ipsec = { 590 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 591 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 592 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 593 .options = { 0 } 594 }, 595 .crypto_capabilities = dpaa_sec_capabilities 596 }, 597 { /* PDCP Lookaside Protocol offload Data */ 598 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 599 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 600 .pdcp = { 601 .domain = RTE_SECURITY_PDCP_MODE_DATA, 602 }, 603 .crypto_capabilities = dpaa_pdcp_capabilities 604 }, 605 { /* PDCP Lookaside Protocol offload Control */ 606 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 607 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 608 .pdcp = { 609 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 610 }, 611 .crypto_capabilities = dpaa_pdcp_capabilities 612 }, 613 { 614 .action = RTE_SECURITY_ACTION_TYPE_NONE 615 } 616 }; 617 618 /** 619 * Checksum 620 * 621 * @param buffer calculate chksum for buffer 622 * @param len buffer length 623 * 624 * @return checksum value in host cpu order 625 */ 626 static inline uint16_t 627 calc_chksum(void *buffer, int len) 628 { 629 uint16_t *buf = (uint16_t *)buffer; 630 uint32_t sum = 0; 631 uint16_t result; 632 633 for (sum = 0; len > 1; len -= 2) 634 sum += *buf++; 635 636 if (len == 1) 637 sum += *(unsigned char *)buf; 638 639 sum = (sum >> 16) + (sum & 0xFFFF); 640 sum += (sum >> 16); 641 result = ~sum; 642 643 return result; 644 } 645 646 #endif /* _DPAA_SEC_H_ */ 647