1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2020 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define MAX_DPAA_CORES 4 14 #define NUM_POOL_CHANNELS 4 15 #define DPAA_SEC_BURST 7 16 #define DPAA_SEC_ALG_UNSUPPORT (-1) 17 #define TDES_CBC_IV_LEN 8 18 #define AES_CBC_IV_LEN 16 19 #define AES_CTR_IV_LEN 16 20 #define AES_GCM_IV_LEN 12 21 22 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 23 24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 25 * a pointer to the shared descriptor. 26 */ 27 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 29 #define CTX_POOL_NUM_BUFS 32000 30 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 31 #define CTX_POOL_CACHE_SIZE 512 32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 33 34 #define DIR_ENC 1 35 #define DIR_DEC 0 36 37 enum dpaa_sec_op_type { 38 DPAA_SEC_NONE, /*!< No Cipher operations*/ 39 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 40 DPAA_SEC_AUTH, /*!< Authentication Operations */ 41 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 42 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 43 * associated data 44 */ 45 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 46 * associated data 47 */ 48 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 49 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 50 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 51 DPAA_SEC_MAX 52 }; 53 54 #define DPAA_SEC_MAX_DESC_SIZE 64 55 /* code or cmd block to caam */ 56 struct sec_cdb { 57 struct { 58 union { 59 uint32_t word; 60 struct { 61 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 62 uint16_t rsvd63_48; 63 unsigned int rsvd47_39:9; 64 unsigned int idlen:7; 65 #else 66 unsigned int idlen:7; 67 unsigned int rsvd47_39:9; 68 uint16_t rsvd63_48; 69 #endif 70 } field; 71 } __packed hi; 72 73 union { 74 uint32_t word; 75 struct { 76 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 77 unsigned int rsvd31_30:2; 78 unsigned int fsgt:1; 79 unsigned int lng:1; 80 unsigned int offset:2; 81 unsigned int abs:1; 82 unsigned int add_buf:1; 83 uint8_t pool_id; 84 uint16_t pool_buffer_size; 85 #else 86 uint16_t pool_buffer_size; 87 uint8_t pool_id; 88 unsigned int add_buf:1; 89 unsigned int abs:1; 90 unsigned int offset:2; 91 unsigned int lng:1; 92 unsigned int fsgt:1; 93 unsigned int rsvd31_30:2; 94 #endif 95 } field; 96 } __packed lo; 97 } __packed sh_hdr; 98 99 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 100 }; 101 #ifdef RTE_LIB_SECURITY 102 /*! 103 * The structure is to be filled by user as a part of 104 * dpaa_sec_proto_ctxt for PDCP Protocol 105 */ 106 struct sec_pdcp_ctxt { 107 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 108 int8_t bearer; /*!< PDCP bearer ID */ 109 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 110 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 111 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 112 uint8_t sdap_enabled; /*!< SDAP header is enabled */ 113 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 114 * per packet hfn is stored 115 */ 116 uint32_t hfn; /*!< Hyper Frame Number */ 117 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 118 }; 119 #endif 120 typedef struct dpaa_sec_session_entry { 121 struct sec_cdb cdb; /**< cmd block associated with qp */ 122 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 123 struct qman_fq *inq[MAX_DPAA_CORES]; 124 uint8_t dir; /*!< Operation Direction */ 125 uint8_t ctxt; /*!< Session Context Type */ 126 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 127 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 128 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 129 #ifdef RTE_LIB_SECURITY 130 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 131 #endif 132 union { 133 struct { 134 uint8_t *data; /**< pointer to key data */ 135 size_t length; /**< key length in bytes */ 136 uint32_t alg; 137 uint32_t algmode; 138 } aead_key; 139 struct { 140 struct { 141 uint8_t *data; /**< pointer to key data */ 142 size_t length; /**< key length in bytes */ 143 uint32_t alg; 144 uint32_t algmode; 145 } cipher_key; 146 struct { 147 uint8_t *data; /**< pointer to key data */ 148 size_t length; /**< key length in bytes */ 149 uint32_t alg; 150 uint32_t algmode; 151 } auth_key; 152 }; 153 }; 154 union { 155 struct { 156 struct { 157 uint16_t length; 158 uint16_t offset; 159 } iv; /**< Initialisation vector parameters */ 160 uint16_t auth_only_len; 161 /*!< Length of data for Auth only */ 162 uint32_t digest_length; 163 struct ipsec_decap_pdb decap_pdb; 164 struct ipsec_encap_pdb encap_pdb; 165 union { 166 struct ip ip4_hdr; 167 struct rte_ipv6_hdr ip6_hdr; 168 }; 169 uint8_t auth_cipher_text; 170 /**< Authenticate/cipher ordering */ 171 }; 172 #ifdef RTE_LIB_SECURITY 173 struct sec_pdcp_ctxt pdcp; 174 #endif 175 }; 176 } dpaa_sec_session; 177 178 struct dpaa_sec_qp { 179 struct dpaa_sec_dev_private *internals; 180 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 181 struct qman_fq outq; 182 int rx_pkts; 183 int rx_errs; 184 int tx_pkts; 185 int tx_errs; 186 }; 187 188 #define RTE_DPAA_MAX_NB_SEC_QPS 2 189 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 190 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 191 192 /* internal sec queue interface */ 193 struct dpaa_sec_dev_private { 194 void *sec_hw; 195 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 196 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 197 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 198 unsigned int max_nb_queue_pairs; 199 unsigned int max_nb_sessions; 200 rte_spinlock_t lock; 201 }; 202 203 #define MAX_SG_ENTRIES 16 204 #define MAX_JOB_SG_ENTRIES 36 205 206 struct dpaa_sec_job { 207 /* sg[0] output, sg[1] input, others are possible sub frames */ 208 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 209 }; 210 211 #define DPAA_MAX_NB_MAX_DIGEST 32 212 struct dpaa_sec_op_ctx { 213 struct dpaa_sec_job job; 214 struct rte_crypto_op *op; 215 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 216 uint32_t fd_status; 217 int64_t vtop_offset; 218 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 219 }; 220 221 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 222 { /* NULL (AUTH) */ 223 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 224 {.sym = { 225 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 226 {.auth = { 227 .algo = RTE_CRYPTO_AUTH_NULL, 228 .block_size = 1, 229 .key_size = { 230 .min = 0, 231 .max = 0, 232 .increment = 0 233 }, 234 .digest_size = { 235 .min = 0, 236 .max = 0, 237 .increment = 0 238 }, 239 .iv_size = { 0 } 240 }, }, 241 }, }, 242 }, 243 { /* MD5 HMAC */ 244 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 245 {.sym = { 246 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 247 {.auth = { 248 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 249 .block_size = 64, 250 .key_size = { 251 .min = 1, 252 .max = 64, 253 .increment = 1 254 }, 255 .digest_size = { 256 .min = 1, 257 .max = 16, 258 .increment = 1 259 }, 260 .iv_size = { 0 } 261 }, } 262 }, } 263 }, 264 { /* SHA1 HMAC */ 265 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 266 {.sym = { 267 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 268 {.auth = { 269 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 270 .block_size = 64, 271 .key_size = { 272 .min = 1, 273 .max = 64, 274 .increment = 1 275 }, 276 .digest_size = { 277 .min = 1, 278 .max = 20, 279 .increment = 1 280 }, 281 .iv_size = { 0 } 282 }, } 283 }, } 284 }, 285 { /* SHA224 HMAC */ 286 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 287 {.sym = { 288 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 289 {.auth = { 290 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 291 .block_size = 64, 292 .key_size = { 293 .min = 1, 294 .max = 64, 295 .increment = 1 296 }, 297 .digest_size = { 298 .min = 1, 299 .max = 28, 300 .increment = 1 301 }, 302 .iv_size = { 0 } 303 }, } 304 }, } 305 }, 306 { /* SHA256 HMAC */ 307 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 308 {.sym = { 309 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 310 {.auth = { 311 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 312 .block_size = 64, 313 .key_size = { 314 .min = 1, 315 .max = 64, 316 .increment = 1 317 }, 318 .digest_size = { 319 .min = 1, 320 .max = 32, 321 .increment = 1 322 }, 323 .iv_size = { 0 } 324 }, } 325 }, } 326 }, 327 { /* SHA384 HMAC */ 328 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 329 {.sym = { 330 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 331 {.auth = { 332 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 333 .block_size = 128, 334 .key_size = { 335 .min = 1, 336 .max = 128, 337 .increment = 1 338 }, 339 .digest_size = { 340 .min = 1, 341 .max = 48, 342 .increment = 1 343 }, 344 .iv_size = { 0 } 345 }, } 346 }, } 347 }, 348 { /* SHA512 HMAC */ 349 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 350 {.sym = { 351 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 352 {.auth = { 353 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 354 .block_size = 128, 355 .key_size = { 356 .min = 1, 357 .max = 128, 358 .increment = 1 359 }, 360 .digest_size = { 361 .min = 1, 362 .max = 64, 363 .increment = 1 364 }, 365 .iv_size = { 0 } 366 }, } 367 }, } 368 }, 369 { /* AES GCM */ 370 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 371 {.sym = { 372 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 373 {.aead = { 374 .algo = RTE_CRYPTO_AEAD_AES_GCM, 375 .block_size = 16, 376 .key_size = { 377 .min = 16, 378 .max = 32, 379 .increment = 8 380 }, 381 .digest_size = { 382 .min = 8, 383 .max = 16, 384 .increment = 4 385 }, 386 .aad_size = { 387 .min = 0, 388 .max = 240, 389 .increment = 1 390 }, 391 .iv_size = { 392 .min = 12, 393 .max = 12, 394 .increment = 0 395 }, 396 }, } 397 }, } 398 }, 399 { /* NULL (CIPHER) */ 400 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 401 {.sym = { 402 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 403 {.cipher = { 404 .algo = RTE_CRYPTO_CIPHER_NULL, 405 .block_size = 1, 406 .key_size = { 407 .min = 0, 408 .max = 0, 409 .increment = 0 410 }, 411 .iv_size = { 412 .min = 0, 413 .max = 0, 414 .increment = 0 415 } 416 }, }, 417 }, } 418 }, 419 { /* AES CBC */ 420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 421 {.sym = { 422 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 423 {.cipher = { 424 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 425 .block_size = 16, 426 .key_size = { 427 .min = 16, 428 .max = 32, 429 .increment = 8 430 }, 431 .iv_size = { 432 .min = 16, 433 .max = 16, 434 .increment = 0 435 } 436 }, } 437 }, } 438 }, 439 { /* AES CTR */ 440 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 441 {.sym = { 442 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 443 {.cipher = { 444 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 445 .block_size = 16, 446 .key_size = { 447 .min = 16, 448 .max = 32, 449 .increment = 8 450 }, 451 .iv_size = { 452 .min = 16, 453 .max = 16, 454 .increment = 0 455 }, 456 }, } 457 }, } 458 }, 459 { /* 3DES CBC */ 460 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 461 {.sym = { 462 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 463 {.cipher = { 464 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 465 .block_size = 8, 466 .key_size = { 467 .min = 16, 468 .max = 24, 469 .increment = 8 470 }, 471 .iv_size = { 472 .min = 8, 473 .max = 8, 474 .increment = 0 475 } 476 }, } 477 }, } 478 }, 479 { /* SNOW 3G (UIA2) */ 480 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 481 {.sym = { 482 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 483 {.auth = { 484 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 485 .block_size = 16, 486 .key_size = { 487 .min = 16, 488 .max = 16, 489 .increment = 0 490 }, 491 .digest_size = { 492 .min = 4, 493 .max = 4, 494 .increment = 0 495 }, 496 .iv_size = { 497 .min = 16, 498 .max = 16, 499 .increment = 0 500 } 501 }, } 502 }, } 503 }, 504 { /* SNOW 3G (UEA2) */ 505 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 506 {.sym = { 507 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 508 {.cipher = { 509 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 510 .block_size = 16, 511 .key_size = { 512 .min = 16, 513 .max = 16, 514 .increment = 0 515 }, 516 .iv_size = { 517 .min = 16, 518 .max = 16, 519 .increment = 0 520 } 521 }, } 522 }, } 523 }, 524 { /* ZUC (EEA3) */ 525 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 526 {.sym = { 527 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 528 {.cipher = { 529 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 530 .block_size = 16, 531 .key_size = { 532 .min = 16, 533 .max = 16, 534 .increment = 0 535 }, 536 .iv_size = { 537 .min = 16, 538 .max = 16, 539 .increment = 0 540 } 541 }, } 542 }, } 543 }, 544 { /* ZUC (EIA3) */ 545 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 546 {.sym = { 547 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 548 {.auth = { 549 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 550 .block_size = 16, 551 .key_size = { 552 .min = 16, 553 .max = 16, 554 .increment = 0 555 }, 556 .digest_size = { 557 .min = 4, 558 .max = 4, 559 .increment = 0 560 }, 561 .iv_size = { 562 .min = 16, 563 .max = 16, 564 .increment = 0 565 } 566 }, } 567 }, } 568 }, 569 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 570 }; 571 572 #ifdef RTE_LIB_SECURITY 573 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 574 { /* SNOW 3G (UIA2) */ 575 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 576 {.sym = { 577 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 578 {.auth = { 579 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 580 .block_size = 16, 581 .key_size = { 582 .min = 16, 583 .max = 16, 584 .increment = 0 585 }, 586 .digest_size = { 587 .min = 4, 588 .max = 4, 589 .increment = 0 590 }, 591 .iv_size = { 592 .min = 16, 593 .max = 16, 594 .increment = 0 595 } 596 }, } 597 }, } 598 }, 599 { /* SNOW 3G (UEA2) */ 600 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 601 {.sym = { 602 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 603 {.cipher = { 604 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 605 .block_size = 16, 606 .key_size = { 607 .min = 16, 608 .max = 16, 609 .increment = 0 610 }, 611 .iv_size = { 612 .min = 16, 613 .max = 16, 614 .increment = 0 615 } 616 }, } 617 }, } 618 }, 619 { /* AES CTR */ 620 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 621 {.sym = { 622 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 623 {.cipher = { 624 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 625 .block_size = 16, 626 .key_size = { 627 .min = 16, 628 .max = 32, 629 .increment = 8 630 }, 631 .iv_size = { 632 .min = 16, 633 .max = 16, 634 .increment = 0 635 } 636 }, } 637 }, } 638 }, 639 { /* NULL (AUTH) */ 640 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 641 {.sym = { 642 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 643 {.auth = { 644 .algo = RTE_CRYPTO_AUTH_NULL, 645 .block_size = 1, 646 .key_size = { 647 .min = 0, 648 .max = 0, 649 .increment = 0 650 }, 651 .digest_size = { 652 .min = 0, 653 .max = 0, 654 .increment = 0 655 }, 656 .iv_size = { 0 } 657 }, }, 658 }, }, 659 }, 660 { /* NULL (CIPHER) */ 661 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 662 {.sym = { 663 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 664 {.cipher = { 665 .algo = RTE_CRYPTO_CIPHER_NULL, 666 .block_size = 1, 667 .key_size = { 668 .min = 0, 669 .max = 0, 670 .increment = 0 671 }, 672 .iv_size = { 673 .min = 0, 674 .max = 0, 675 .increment = 0 676 } 677 }, }, 678 }, } 679 }, 680 { /* ZUC (EEA3) */ 681 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 682 {.sym = { 683 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 684 {.cipher = { 685 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 686 .block_size = 16, 687 .key_size = { 688 .min = 16, 689 .max = 16, 690 .increment = 0 691 }, 692 .iv_size = { 693 .min = 16, 694 .max = 16, 695 .increment = 0 696 } 697 }, } 698 }, } 699 }, 700 { /* ZUC (EIA3) */ 701 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 702 {.sym = { 703 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 704 {.auth = { 705 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 706 .block_size = 16, 707 .key_size = { 708 .min = 16, 709 .max = 16, 710 .increment = 0 711 }, 712 .digest_size = { 713 .min = 4, 714 .max = 4, 715 .increment = 0 716 }, 717 .iv_size = { 718 .min = 16, 719 .max = 16, 720 .increment = 0 721 } 722 }, } 723 }, } 724 }, 725 726 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 727 }; 728 729 static const struct rte_security_capability dpaa_sec_security_cap[] = { 730 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 731 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 732 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 733 .ipsec = { 734 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 735 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 736 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 737 .options = { 0 }, 738 .replay_win_sz_max = 128 739 }, 740 .crypto_capabilities = dpaa_sec_capabilities 741 }, 742 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 743 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 744 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 745 .ipsec = { 746 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 747 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 748 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 749 .options = { 0 }, 750 .replay_win_sz_max = 128 751 }, 752 .crypto_capabilities = dpaa_sec_capabilities 753 }, 754 { /* PDCP Lookaside Protocol offload Data */ 755 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 756 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 757 .pdcp = { 758 .domain = RTE_SECURITY_PDCP_MODE_DATA, 759 .capa_flags = 0 760 }, 761 .crypto_capabilities = dpaa_pdcp_capabilities 762 }, 763 { /* PDCP Lookaside Protocol offload Control */ 764 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 765 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 766 .pdcp = { 767 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 768 .capa_flags = 0 769 }, 770 .crypto_capabilities = dpaa_pdcp_capabilities 771 }, 772 { 773 .action = RTE_SECURITY_ACTION_TYPE_NONE 774 } 775 }; 776 #endif 777 778 /** 779 * Checksum 780 * 781 * @param buffer calculate chksum for buffer 782 * @param len buffer length 783 * 784 * @return checksum value in host cpu order 785 */ 786 static inline uint16_t 787 calc_chksum(void *buffer, int len) 788 { 789 uint16_t *buf = (uint16_t *)buffer; 790 uint32_t sum = 0; 791 uint16_t result; 792 793 for (sum = 0; len > 1; len -= 2) 794 sum += *buf++; 795 796 if (len == 1) 797 sum += *(unsigned char *)buf; 798 799 sum = (sum >> 16) + (sum & 0xFFFF); 800 sum += (sum >> 16); 801 result = ~sum; 802 803 return result; 804 } 805 806 #endif /* _DPAA_SEC_H_ */ 807