1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2023 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define SEC_BASE_ADDR 0x1700000 14 #define MAP_SIZE 0x100000 15 #define BLOCK_OFFSET 0x10000 16 #define CMD_REG 0x4 17 #define QICTL_DQEN 0x01 18 #define QI_BLOCK_NUMBER 7 19 #define MAX_DPAA_CORES 4 20 #define NUM_POOL_CHANNELS 4 21 #define DPAA_SEC_BURST 7 22 #define DPAA_SEC_ALG_UNSUPPORT (-1) 23 #define TDES_CBC_IV_LEN 8 24 #define AES_CBC_IV_LEN 16 25 #define AES_CTR_IV_LEN 16 26 #define AES_GCM_IV_LEN 12 27 28 extern uint8_t dpaa_cryptodev_driver_id; 29 30 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 31 32 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 33 * a pointer to the shared descriptor. 34 */ 35 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 36 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 37 #define CTX_POOL_NUM_BUFS 32000 38 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 39 #define CTX_POOL_CACHE_SIZE 512 40 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 41 42 #define DIR_ENC 1 43 #define DIR_DEC 0 44 45 enum dpaa_sec_op_type { 46 DPAA_SEC_NONE, /*!< No Cipher operations*/ 47 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 48 DPAA_SEC_AUTH, /*!< Authentication Operations */ 49 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 50 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 51 * associated data 52 */ 53 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 54 * associated data 55 */ 56 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 57 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 58 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 59 DPAA_SEC_MAX 60 }; 61 62 #define DPAA_SEC_MAX_DESC_SIZE 64 63 /* code or cmd block to caam */ 64 struct sec_cdb { 65 struct { 66 union { 67 uint32_t word; 68 struct { 69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 70 uint16_t rsvd63_48; 71 unsigned int rsvd47_39:9; 72 unsigned int idlen:7; 73 #else 74 unsigned int idlen:7; 75 unsigned int rsvd47_39:9; 76 uint16_t rsvd63_48; 77 #endif 78 } field; 79 } __packed hi; 80 81 union { 82 uint32_t word; 83 struct { 84 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 85 unsigned int rsvd31_30:2; 86 unsigned int fsgt:1; 87 unsigned int lng:1; 88 unsigned int offset:2; 89 unsigned int abs:1; 90 unsigned int add_buf:1; 91 uint8_t pool_id; 92 uint16_t pool_buffer_size; 93 #else 94 uint16_t pool_buffer_size; 95 uint8_t pool_id; 96 unsigned int add_buf:1; 97 unsigned int abs:1; 98 unsigned int offset:2; 99 unsigned int lng:1; 100 unsigned int fsgt:1; 101 unsigned int rsvd31_30:2; 102 #endif 103 } field; 104 } __packed lo; 105 } __packed sh_hdr; 106 107 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 108 }; 109 110 /*! 111 * The structure is to be filled by user as a part of 112 * dpaa_sec_proto_ctxt for PDCP Protocol 113 */ 114 struct sec_pdcp_ctxt { 115 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 116 int8_t bearer; /*!< PDCP bearer ID */ 117 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 118 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 119 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 120 uint8_t sdap_enabled; /*!< SDAP header is enabled */ 121 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 122 * per packet hfn is stored 123 */ 124 uint32_t hfn; /*!< Hyper Frame Number */ 125 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 126 }; 127 128 typedef int (*dpaa_sec_build_fd_t)( 129 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec, 130 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs, 131 struct rte_crypto_va_iova_ptr *iv, 132 struct rte_crypto_va_iova_ptr *digest, 133 struct rte_crypto_va_iova_ptr *aad_or_auth_iv, 134 void *user_data); 135 136 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx, 137 struct rte_crypto_sgl *sgl, 138 struct rte_crypto_sgl *dest_sgl, 139 struct rte_crypto_va_iova_ptr *iv, 140 struct rte_crypto_va_iova_ptr *digest, 141 struct rte_crypto_va_iova_ptr *auth_iv, 142 union rte_crypto_sym_ofs ofs, 143 void *userdata, 144 struct qm_fd *fd); 145 146 typedef struct dpaa_sec_session_entry { 147 struct sec_cdb cdb; /**< cmd block associated with qp */ 148 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 149 struct qman_fq *inq[MAX_DPAA_CORES]; 150 uint8_t dir; /*!< Operation Direction */ 151 uint8_t ctxt; /*!< Session Context Type */ 152 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 153 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 154 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 155 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 156 dpaa_sec_build_fd_t build_fd; 157 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd; 158 union { 159 struct { 160 uint8_t *data; /**< pointer to key data */ 161 size_t length; /**< key length in bytes */ 162 uint32_t alg; 163 uint32_t algmode; 164 } aead_key; 165 struct { 166 struct { 167 uint8_t *data; /**< pointer to key data */ 168 size_t length; /**< key length in bytes */ 169 uint32_t alg; 170 uint32_t algmode; 171 } cipher_key; 172 struct { 173 uint8_t *data; /**< pointer to key data */ 174 size_t length; /**< key length in bytes */ 175 uint32_t alg; 176 uint32_t algmode; 177 } auth_key; 178 }; 179 }; 180 union { 181 struct { 182 struct { 183 uint16_t length; 184 uint16_t offset; 185 } iv; /**< Initialisation vector parameters */ 186 uint16_t auth_only_len; 187 /*!< Length of data for Auth only */ 188 uint32_t digest_length; 189 struct ipsec_decap_pdb decap_pdb; 190 struct ipsec_encap_pdb encap_pdb; 191 union { 192 struct ip ip4_hdr; 193 struct rte_ipv6_hdr ip6_hdr; 194 }; 195 uint8_t auth_cipher_text; 196 /**< Authenticate/cipher ordering */ 197 }; 198 struct sec_pdcp_ctxt pdcp; 199 }; 200 } dpaa_sec_session; 201 202 struct dpaa_sec_qp { 203 struct dpaa_sec_dev_private *internals; 204 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 205 struct qman_fq outq; 206 int rx_pkts; 207 int rx_errs; 208 int tx_pkts; 209 int tx_errs; 210 }; 211 212 #define RTE_DPAA_MAX_NB_SEC_QPS 2 213 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 214 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 215 216 /* internal sec queue interface */ 217 struct dpaa_sec_dev_private { 218 void *sec_hw; 219 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 220 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 221 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 222 unsigned int max_nb_queue_pairs; 223 unsigned int max_nb_sessions; 224 rte_spinlock_t lock; 225 }; 226 227 #define MAX_SG_ENTRIES 16 228 #define MAX_JOB_SG_ENTRIES 36 229 230 struct dpaa_sec_job { 231 /* sg[0] output, sg[1] input, others are possible sub frames */ 232 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 233 }; 234 235 #define DPAA_MAX_NB_MAX_DIGEST 64 236 struct dpaa_sec_op_ctx { 237 struct dpaa_sec_job job; 238 union { 239 struct rte_crypto_op *op; 240 void *userdata; 241 }; 242 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 243 uint32_t fd_status; 244 int64_t vtop_offset; 245 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 246 }; 247 248 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 249 { /* NULL (AUTH) */ 250 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 251 {.sym = { 252 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 253 {.auth = { 254 .algo = RTE_CRYPTO_AUTH_NULL, 255 .block_size = 1, 256 .key_size = { 257 .min = 0, 258 .max = 0, 259 .increment = 0 260 }, 261 .digest_size = { 262 .min = 0, 263 .max = 0, 264 .increment = 0 265 }, 266 .iv_size = { 0 } 267 }, }, 268 }, }, 269 }, 270 { /* MD5 */ 271 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 272 {.sym = { 273 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 274 {.auth = { 275 .algo = RTE_CRYPTO_AUTH_MD5, 276 .block_size = 64, 277 .key_size = { 278 .min = 0, 279 .max = 0, 280 .increment = 0 281 }, 282 .digest_size = { 283 .min = 16, 284 .max = 16, 285 .increment = 0 286 }, 287 .iv_size = { 0 } 288 }, } 289 }, } 290 }, 291 { /* MD5 HMAC */ 292 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 293 {.sym = { 294 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 295 {.auth = { 296 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 297 .block_size = 64, 298 .key_size = { 299 .min = 1, 300 .max = 64, 301 .increment = 1 302 }, 303 .digest_size = { 304 .min = 1, 305 .max = 16, 306 .increment = 1 307 }, 308 .iv_size = { 0 } 309 }, } 310 }, } 311 }, 312 { /* SHA1 */ 313 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 314 {.sym = { 315 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 316 {.auth = { 317 .algo = RTE_CRYPTO_AUTH_SHA1, 318 .block_size = 64, 319 .key_size = { 320 .min = 0, 321 .max = 0, 322 .increment = 0 323 }, 324 .digest_size = { 325 .min = 20, 326 .max = 20, 327 .increment = 0 328 }, 329 .iv_size = { 0 } 330 }, } 331 }, } 332 }, 333 { /* SHA1 HMAC */ 334 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 335 {.sym = { 336 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 337 {.auth = { 338 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 339 .block_size = 64, 340 .key_size = { 341 .min = 1, 342 .max = 64, 343 .increment = 1 344 }, 345 .digest_size = { 346 .min = 1, 347 .max = 20, 348 .increment = 1 349 }, 350 .iv_size = { 0 } 351 }, } 352 }, } 353 }, 354 { /* SHA224 */ 355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 356 {.sym = { 357 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 358 {.auth = { 359 .algo = RTE_CRYPTO_AUTH_SHA224, 360 .block_size = 64, 361 .key_size = { 362 .min = 0, 363 .max = 0, 364 .increment = 0 365 }, 366 .digest_size = { 367 .min = 28, 368 .max = 28, 369 .increment = 0 370 }, 371 .iv_size = { 0 } 372 }, } 373 }, } 374 }, 375 { /* SHA224 HMAC */ 376 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 377 {.sym = { 378 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 379 {.auth = { 380 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 381 .block_size = 64, 382 .key_size = { 383 .min = 1, 384 .max = 64, 385 .increment = 1 386 }, 387 .digest_size = { 388 .min = 1, 389 .max = 28, 390 .increment = 1 391 }, 392 .iv_size = { 0 } 393 }, } 394 }, } 395 }, 396 { /* SHA256 */ 397 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 398 {.sym = { 399 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 400 {.auth = { 401 .algo = RTE_CRYPTO_AUTH_SHA256, 402 .block_size = 64, 403 .key_size = { 404 .min = 0, 405 .max = 0, 406 .increment = 0 407 }, 408 .digest_size = { 409 .min = 32, 410 .max = 32, 411 .increment = 0 412 }, 413 .iv_size = { 0 } 414 }, } 415 }, } 416 }, 417 { /* SHA256 HMAC */ 418 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 419 {.sym = { 420 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 421 {.auth = { 422 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 423 .block_size = 64, 424 .key_size = { 425 .min = 1, 426 .max = 64, 427 .increment = 1 428 }, 429 .digest_size = { 430 .min = 1, 431 .max = 32, 432 .increment = 1 433 }, 434 .iv_size = { 0 } 435 }, } 436 }, } 437 }, 438 { /* SHA384 */ 439 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 440 {.sym = { 441 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 442 {.auth = { 443 .algo = RTE_CRYPTO_AUTH_SHA384, 444 .block_size = 64, 445 .key_size = { 446 .min = 0, 447 .max = 0, 448 .increment = 0 449 }, 450 .digest_size = { 451 .min = 48, 452 .max = 48, 453 .increment = 0 454 }, 455 .iv_size = { 0 } 456 }, } 457 }, } 458 }, 459 { /* SHA384 HMAC */ 460 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 461 {.sym = { 462 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 463 {.auth = { 464 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 465 .block_size = 128, 466 .key_size = { 467 .min = 1, 468 .max = 128, 469 .increment = 1 470 }, 471 .digest_size = { 472 .min = 1, 473 .max = 48, 474 .increment = 1 475 }, 476 .iv_size = { 0 } 477 }, } 478 }, } 479 }, 480 { /* SHA512 */ 481 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 482 {.sym = { 483 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 484 {.auth = { 485 .algo = RTE_CRYPTO_AUTH_SHA512, 486 .block_size = 128, 487 .key_size = { 488 .min = 0, 489 .max = 0, 490 .increment = 0 491 }, 492 .digest_size = { 493 .min = 64, 494 .max = 64, 495 .increment = 0 496 }, 497 .iv_size = { 0 } 498 }, } 499 }, } 500 }, 501 { /* SHA512 HMAC */ 502 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 503 {.sym = { 504 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 505 {.auth = { 506 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 507 .block_size = 128, 508 .key_size = { 509 .min = 1, 510 .max = 128, 511 .increment = 1 512 }, 513 .digest_size = { 514 .min = 1, 515 .max = 64, 516 .increment = 1 517 }, 518 .iv_size = { 0 } 519 }, } 520 }, } 521 }, 522 { /* AES GCM */ 523 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 524 {.sym = { 525 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 526 {.aead = { 527 .algo = RTE_CRYPTO_AEAD_AES_GCM, 528 .block_size = 16, 529 .key_size = { 530 .min = 16, 531 .max = 32, 532 .increment = 8 533 }, 534 .digest_size = { 535 .min = 8, 536 .max = 16, 537 .increment = 4 538 }, 539 .aad_size = { 540 .min = 0, 541 .max = 240, 542 .increment = 1 543 }, 544 .iv_size = { 545 .min = 12, 546 .max = 12, 547 .increment = 0 548 }, 549 }, } 550 }, } 551 }, 552 { /* NULL (CIPHER) */ 553 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 554 {.sym = { 555 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 556 {.cipher = { 557 .algo = RTE_CRYPTO_CIPHER_NULL, 558 .block_size = 1, 559 .key_size = { 560 .min = 0, 561 .max = 0, 562 .increment = 0 563 }, 564 .iv_size = { 565 .min = 0, 566 .max = 0, 567 .increment = 0 568 } 569 }, }, 570 }, } 571 }, 572 { /* AES CBC */ 573 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 574 {.sym = { 575 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 576 {.cipher = { 577 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 578 .block_size = 16, 579 .key_size = { 580 .min = 16, 581 .max = 32, 582 .increment = 8 583 }, 584 .iv_size = { 585 .min = 16, 586 .max = 16, 587 .increment = 0 588 } 589 }, } 590 }, } 591 }, 592 { /* AES CTR */ 593 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 594 {.sym = { 595 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 596 {.cipher = { 597 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 598 .block_size = 16, 599 .key_size = { 600 .min = 16, 601 .max = 32, 602 .increment = 8 603 }, 604 .iv_size = { 605 .min = 16, 606 .max = 16, 607 .increment = 0 608 }, 609 }, } 610 }, } 611 }, 612 { /* DES CBC */ 613 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 614 {.sym = { 615 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 616 {.cipher = { 617 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 618 .block_size = 8, 619 .key_size = { 620 .min = 8, 621 .max = 8, 622 .increment = 0 623 }, 624 .iv_size = { 625 .min = 8, 626 .max = 8, 627 .increment = 0 628 } 629 }, } 630 }, } 631 }, 632 { /* 3DES CBC */ 633 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 634 {.sym = { 635 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 636 {.cipher = { 637 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 638 .block_size = 8, 639 .key_size = { 640 .min = 16, 641 .max = 24, 642 .increment = 8 643 }, 644 .iv_size = { 645 .min = 8, 646 .max = 8, 647 .increment = 0 648 } 649 }, } 650 }, } 651 }, 652 { /* SNOW 3G (UIA2) */ 653 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 654 {.sym = { 655 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 656 {.auth = { 657 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 658 .block_size = 16, 659 .key_size = { 660 .min = 16, 661 .max = 16, 662 .increment = 0 663 }, 664 .digest_size = { 665 .min = 4, 666 .max = 4, 667 .increment = 0 668 }, 669 .iv_size = { 670 .min = 16, 671 .max = 16, 672 .increment = 0 673 } 674 }, } 675 }, } 676 }, 677 { /* SNOW 3G (UEA2) */ 678 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 679 {.sym = { 680 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 681 {.cipher = { 682 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 683 .block_size = 16, 684 .key_size = { 685 .min = 16, 686 .max = 16, 687 .increment = 0 688 }, 689 .iv_size = { 690 .min = 16, 691 .max = 16, 692 .increment = 0 693 } 694 }, } 695 }, } 696 }, 697 { /* ZUC (EEA3) */ 698 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 699 {.sym = { 700 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 701 {.cipher = { 702 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 703 .block_size = 16, 704 .key_size = { 705 .min = 16, 706 .max = 16, 707 .increment = 0 708 }, 709 .iv_size = { 710 .min = 16, 711 .max = 16, 712 .increment = 0 713 } 714 }, } 715 }, } 716 }, 717 { /* ZUC (EIA3) */ 718 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 719 {.sym = { 720 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 721 {.auth = { 722 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 723 .block_size = 16, 724 .key_size = { 725 .min = 16, 726 .max = 16, 727 .increment = 0 728 }, 729 .digest_size = { 730 .min = 4, 731 .max = 4, 732 .increment = 0 733 }, 734 .iv_size = { 735 .min = 16, 736 .max = 16, 737 .increment = 0 738 } 739 }, } 740 }, } 741 }, 742 { /* AES CMAC */ 743 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 744 {.sym = { 745 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 746 {.auth = { 747 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 748 .block_size = 16, 749 .key_size = { 750 .min = 1, 751 .max = 16, 752 .increment = 1 753 }, 754 .digest_size = { 755 .min = 12, 756 .max = 16, 757 .increment = 4 758 }, 759 .iv_size = { 0 } 760 }, } 761 }, } 762 }, 763 { /* AES XCBC HMAC */ 764 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 765 {.sym = { 766 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 767 {.auth = { 768 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 769 .block_size = 16, 770 .key_size = { 771 .min = 1, 772 .max = 16, 773 .increment = 1 774 }, 775 .digest_size = { 776 .min = 12, 777 .max = 16, 778 .increment = 4 779 }, 780 .aad_size = { 0 }, 781 .iv_size = { 0 } 782 }, } 783 }, } 784 }, 785 { /* NULL (AUTH) */ 786 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 787 {.sym = { 788 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 789 {.auth = { 790 .algo = RTE_CRYPTO_AUTH_NULL, 791 .block_size = 1, 792 .key_size = { 793 .min = 0, 794 .max = 0, 795 .increment = 0 796 }, 797 .digest_size = { 798 .min = 0, 799 .max = 0, 800 .increment = 0 801 }, 802 }, }, 803 }, }, 804 }, 805 { /* NULL (CIPHER) */ 806 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 807 {.sym = { 808 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 809 {.cipher = { 810 .algo = RTE_CRYPTO_CIPHER_NULL, 811 .block_size = 1, 812 .key_size = { 813 .min = 0, 814 .max = 0, 815 .increment = 0 816 }, 817 .iv_size = { 818 .min = 0, 819 .max = 0, 820 .increment = 0 821 } 822 }, }, 823 }, } 824 }, 825 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 826 }; 827 828 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 829 { /* SNOW 3G (UIA2) */ 830 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 831 {.sym = { 832 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 833 {.auth = { 834 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 835 .block_size = 16, 836 .key_size = { 837 .min = 16, 838 .max = 16, 839 .increment = 0 840 }, 841 .digest_size = { 842 .min = 4, 843 .max = 4, 844 .increment = 0 845 }, 846 .iv_size = { 847 .min = 16, 848 .max = 16, 849 .increment = 0 850 } 851 }, } 852 }, } 853 }, 854 { /* SNOW 3G (UEA2) */ 855 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 856 {.sym = { 857 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 858 {.cipher = { 859 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 860 .block_size = 16, 861 .key_size = { 862 .min = 16, 863 .max = 16, 864 .increment = 0 865 }, 866 .iv_size = { 867 .min = 16, 868 .max = 16, 869 .increment = 0 870 } 871 }, } 872 }, } 873 }, 874 { /* AES CTR */ 875 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 876 {.sym = { 877 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 878 {.cipher = { 879 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 880 .block_size = 16, 881 .key_size = { 882 .min = 16, 883 .max = 32, 884 .increment = 8 885 }, 886 .iv_size = { 887 .min = 16, 888 .max = 16, 889 .increment = 0 890 } 891 }, } 892 }, } 893 }, 894 { /* NULL (AUTH) */ 895 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 896 {.sym = { 897 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 898 {.auth = { 899 .algo = RTE_CRYPTO_AUTH_NULL, 900 .block_size = 1, 901 .key_size = { 902 .min = 0, 903 .max = 0, 904 .increment = 0 905 }, 906 .digest_size = { 907 .min = 0, 908 .max = 0, 909 .increment = 0 910 }, 911 .iv_size = { 0 } 912 }, }, 913 }, }, 914 }, 915 { /* NULL (CIPHER) */ 916 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 917 {.sym = { 918 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 919 {.cipher = { 920 .algo = RTE_CRYPTO_CIPHER_NULL, 921 .block_size = 1, 922 .key_size = { 923 .min = 0, 924 .max = 0, 925 .increment = 0 926 }, 927 .iv_size = { 928 .min = 0, 929 .max = 0, 930 .increment = 0 931 } 932 }, }, 933 }, } 934 }, 935 { /* ZUC (EEA3) */ 936 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 937 {.sym = { 938 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 939 {.cipher = { 940 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 941 .block_size = 16, 942 .key_size = { 943 .min = 16, 944 .max = 16, 945 .increment = 0 946 }, 947 .iv_size = { 948 .min = 16, 949 .max = 16, 950 .increment = 0 951 } 952 }, } 953 }, } 954 }, 955 { /* ZUC (EIA3) */ 956 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 957 {.sym = { 958 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 959 {.auth = { 960 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 961 .block_size = 16, 962 .key_size = { 963 .min = 16, 964 .max = 16, 965 .increment = 0 966 }, 967 .digest_size = { 968 .min = 4, 969 .max = 4, 970 .increment = 0 971 }, 972 .iv_size = { 973 .min = 16, 974 .max = 16, 975 .increment = 0 976 } 977 }, } 978 }, } 979 }, 980 981 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 982 }; 983 984 static const struct rte_security_capability dpaa_sec_security_cap[] = { 985 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 986 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 987 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 988 .ipsec = { 989 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 990 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 991 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 992 .options = { 0 }, 993 .replay_win_sz_max = 128 994 }, 995 .crypto_capabilities = dpaa_sec_capabilities 996 }, 997 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 998 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 999 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 1000 .ipsec = { 1001 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 1002 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 1003 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 1004 .options = { 0 }, 1005 .replay_win_sz_max = 128 1006 }, 1007 .crypto_capabilities = dpaa_sec_capabilities 1008 }, 1009 { /* PDCP Lookaside Protocol offload Data */ 1010 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1011 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 1012 .pdcp = { 1013 .domain = RTE_SECURITY_PDCP_MODE_DATA, 1014 .capa_flags = 0 1015 }, 1016 .crypto_capabilities = dpaa_pdcp_capabilities 1017 }, 1018 { /* PDCP Lookaside Protocol offload Control */ 1019 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1020 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 1021 .pdcp = { 1022 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 1023 .capa_flags = 0 1024 }, 1025 .crypto_capabilities = dpaa_pdcp_capabilities 1026 }, 1027 { /* PDCP Lookaside Protocol offload Short MAC */ 1028 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 1029 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 1030 .pdcp = { 1031 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, 1032 .capa_flags = 0 1033 }, 1034 .crypto_capabilities = dpaa_pdcp_capabilities 1035 }, 1036 { 1037 .action = RTE_SECURITY_ACTION_TYPE_NONE 1038 } 1039 }; 1040 1041 /** 1042 * Checksum 1043 * 1044 * @param buffer calculate chksum for buffer 1045 * @param len buffer length 1046 * 1047 * @return checksum value in host cpu order 1048 */ 1049 static inline uint16_t 1050 calc_chksum(void *buffer, int len) 1051 { 1052 uint16_t *buf = (uint16_t *)buffer; 1053 uint32_t sum = 0; 1054 uint16_t result; 1055 1056 for (sum = 0; len > 1; len -= 2) 1057 sum += *buf++; 1058 1059 if (len == 1) 1060 sum += *(unsigned char *)buf; 1061 1062 sum = (sum >> 16) + (sum & 0xFFFF); 1063 sum += (sum >> 16); 1064 result = ~sum; 1065 1066 return result; 1067 } 1068 1069 int 1070 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, 1071 struct rte_crypto_raw_dp_ctx *raw_dp_ctx, 1072 enum rte_crypto_op_sess_type sess_type, 1073 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update); 1074 1075 int 1076 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev); 1077 1078 int 1079 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess); 1080 1081 #endif /* _DPAA_SEC_H_ */ 1082