1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2020 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define MAX_DPAA_CORES 4 14 #define NUM_POOL_CHANNELS 4 15 #define DPAA_SEC_BURST 7 16 #define DPAA_SEC_ALG_UNSUPPORT (-1) 17 #define TDES_CBC_IV_LEN 8 18 #define AES_CBC_IV_LEN 16 19 #define AES_CTR_IV_LEN 16 20 #define AES_GCM_IV_LEN 12 21 22 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 23 24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 25 * a pointer to the shared descriptor. 26 */ 27 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 29 #define CTX_POOL_NUM_BUFS 32000 30 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 31 #define CTX_POOL_CACHE_SIZE 512 32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 33 34 #define DIR_ENC 1 35 #define DIR_DEC 0 36 37 enum dpaa_sec_op_type { 38 DPAA_SEC_NONE, /*!< No Cipher operations*/ 39 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 40 DPAA_SEC_AUTH, /*!< Authentication Operations */ 41 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 42 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 43 * associated data 44 */ 45 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 46 * associated data 47 */ 48 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 49 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 50 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 51 DPAA_SEC_MAX 52 }; 53 54 #define DPAA_SEC_MAX_DESC_SIZE 64 55 /* code or cmd block to caam */ 56 struct sec_cdb { 57 struct { 58 union { 59 uint32_t word; 60 struct { 61 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 62 uint16_t rsvd63_48; 63 unsigned int rsvd47_39:9; 64 unsigned int idlen:7; 65 #else 66 unsigned int idlen:7; 67 unsigned int rsvd47_39:9; 68 uint16_t rsvd63_48; 69 #endif 70 } field; 71 } __packed hi; 72 73 union { 74 uint32_t word; 75 struct { 76 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 77 unsigned int rsvd31_30:2; 78 unsigned int fsgt:1; 79 unsigned int lng:1; 80 unsigned int offset:2; 81 unsigned int abs:1; 82 unsigned int add_buf:1; 83 uint8_t pool_id; 84 uint16_t pool_buffer_size; 85 #else 86 uint16_t pool_buffer_size; 87 uint8_t pool_id; 88 unsigned int add_buf:1; 89 unsigned int abs:1; 90 unsigned int offset:2; 91 unsigned int lng:1; 92 unsigned int fsgt:1; 93 unsigned int rsvd31_30:2; 94 #endif 95 } field; 96 } __packed lo; 97 } __packed sh_hdr; 98 99 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 100 }; 101 #ifdef RTE_LIBRTE_SECURITY 102 /*! 103 * The structure is to be filled by user as a part of 104 * dpaa_sec_proto_ctxt for PDCP Protocol 105 */ 106 struct sec_pdcp_ctxt { 107 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 108 int8_t bearer; /*!< PDCP bearer ID */ 109 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 110 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 111 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 112 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 113 * per packet hfn is stored 114 */ 115 uint32_t hfn; /*!< Hyper Frame Number */ 116 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 117 }; 118 #endif 119 typedef struct dpaa_sec_session_entry { 120 struct sec_cdb cdb; /**< cmd block associated with qp */ 121 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 122 struct qman_fq *inq[MAX_DPAA_CORES]; 123 uint8_t dir; /*!< Operation Direction */ 124 uint8_t ctxt; /*!< Session Context Type */ 125 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 126 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 127 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 128 #ifdef RTE_LIBRTE_SECURITY 129 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 130 #endif 131 union { 132 struct { 133 uint8_t *data; /**< pointer to key data */ 134 size_t length; /**< key length in bytes */ 135 uint32_t alg; 136 uint32_t algmode; 137 } aead_key; 138 struct { 139 struct { 140 uint8_t *data; /**< pointer to key data */ 141 size_t length; /**< key length in bytes */ 142 uint32_t alg; 143 uint32_t algmode; 144 } cipher_key; 145 struct { 146 uint8_t *data; /**< pointer to key data */ 147 size_t length; /**< key length in bytes */ 148 uint32_t alg; 149 uint32_t algmode; 150 } auth_key; 151 }; 152 }; 153 union { 154 struct { 155 struct { 156 uint16_t length; 157 uint16_t offset; 158 } iv; /**< Initialisation vector parameters */ 159 uint16_t auth_only_len; 160 /*!< Length of data for Auth only */ 161 uint32_t digest_length; 162 struct ipsec_decap_pdb decap_pdb; 163 struct ipsec_encap_pdb encap_pdb; 164 union { 165 struct ip ip4_hdr; 166 struct rte_ipv6_hdr ip6_hdr; 167 }; 168 uint8_t auth_cipher_text; 169 /**< Authenticate/cipher ordering */ 170 }; 171 #ifdef RTE_LIBRTE_SECURITY 172 struct sec_pdcp_ctxt pdcp; 173 #endif 174 }; 175 } dpaa_sec_session; 176 177 struct dpaa_sec_qp { 178 struct dpaa_sec_dev_private *internals; 179 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 180 struct qman_fq outq; 181 int rx_pkts; 182 int rx_errs; 183 int tx_pkts; 184 int tx_errs; 185 }; 186 187 #define RTE_DPAA_MAX_NB_SEC_QPS 2 188 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 189 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 190 191 /* internal sec queue interface */ 192 struct dpaa_sec_dev_private { 193 void *sec_hw; 194 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 195 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 196 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 197 unsigned int max_nb_queue_pairs; 198 unsigned int max_nb_sessions; 199 rte_spinlock_t lock; 200 }; 201 202 #define MAX_SG_ENTRIES 16 203 #define MAX_JOB_SG_ENTRIES 36 204 205 struct dpaa_sec_job { 206 /* sg[0] output, sg[1] input, others are possible sub frames */ 207 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 208 }; 209 210 #define DPAA_MAX_NB_MAX_DIGEST 32 211 struct dpaa_sec_op_ctx { 212 struct dpaa_sec_job job; 213 struct rte_crypto_op *op; 214 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 215 uint32_t fd_status; 216 int64_t vtop_offset; 217 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 218 }; 219 220 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 221 { /* NULL (AUTH) */ 222 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 223 {.sym = { 224 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 225 {.auth = { 226 .algo = RTE_CRYPTO_AUTH_NULL, 227 .block_size = 1, 228 .key_size = { 229 .min = 0, 230 .max = 0, 231 .increment = 0 232 }, 233 .digest_size = { 234 .min = 0, 235 .max = 0, 236 .increment = 0 237 }, 238 .iv_size = { 0 } 239 }, }, 240 }, }, 241 }, 242 { /* MD5 HMAC */ 243 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 244 {.sym = { 245 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 246 {.auth = { 247 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 248 .block_size = 64, 249 .key_size = { 250 .min = 1, 251 .max = 64, 252 .increment = 1 253 }, 254 .digest_size = { 255 .min = 1, 256 .max = 16, 257 .increment = 1 258 }, 259 .iv_size = { 0 } 260 }, } 261 }, } 262 }, 263 { /* SHA1 HMAC */ 264 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 265 {.sym = { 266 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 267 {.auth = { 268 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 269 .block_size = 64, 270 .key_size = { 271 .min = 1, 272 .max = 64, 273 .increment = 1 274 }, 275 .digest_size = { 276 .min = 1, 277 .max = 20, 278 .increment = 1 279 }, 280 .iv_size = { 0 } 281 }, } 282 }, } 283 }, 284 { /* SHA224 HMAC */ 285 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 286 {.sym = { 287 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 288 {.auth = { 289 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 290 .block_size = 64, 291 .key_size = { 292 .min = 1, 293 .max = 64, 294 .increment = 1 295 }, 296 .digest_size = { 297 .min = 1, 298 .max = 28, 299 .increment = 1 300 }, 301 .iv_size = { 0 } 302 }, } 303 }, } 304 }, 305 { /* SHA256 HMAC */ 306 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 307 {.sym = { 308 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 309 {.auth = { 310 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 311 .block_size = 64, 312 .key_size = { 313 .min = 1, 314 .max = 64, 315 .increment = 1 316 }, 317 .digest_size = { 318 .min = 1, 319 .max = 32, 320 .increment = 1 321 }, 322 .iv_size = { 0 } 323 }, } 324 }, } 325 }, 326 { /* SHA384 HMAC */ 327 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 328 {.sym = { 329 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 330 {.auth = { 331 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 332 .block_size = 128, 333 .key_size = { 334 .min = 1, 335 .max = 128, 336 .increment = 1 337 }, 338 .digest_size = { 339 .min = 1, 340 .max = 48, 341 .increment = 1 342 }, 343 .iv_size = { 0 } 344 }, } 345 }, } 346 }, 347 { /* SHA512 HMAC */ 348 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 349 {.sym = { 350 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 351 {.auth = { 352 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 353 .block_size = 128, 354 .key_size = { 355 .min = 1, 356 .max = 128, 357 .increment = 1 358 }, 359 .digest_size = { 360 .min = 1, 361 .max = 64, 362 .increment = 1 363 }, 364 .iv_size = { 0 } 365 }, } 366 }, } 367 }, 368 { /* AES GCM */ 369 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 370 {.sym = { 371 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 372 {.aead = { 373 .algo = RTE_CRYPTO_AEAD_AES_GCM, 374 .block_size = 16, 375 .key_size = { 376 .min = 16, 377 .max = 32, 378 .increment = 8 379 }, 380 .digest_size = { 381 .min = 8, 382 .max = 16, 383 .increment = 4 384 }, 385 .aad_size = { 386 .min = 0, 387 .max = 240, 388 .increment = 1 389 }, 390 .iv_size = { 391 .min = 12, 392 .max = 12, 393 .increment = 0 394 }, 395 }, } 396 }, } 397 }, 398 { /* NULL (CIPHER) */ 399 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 400 {.sym = { 401 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 402 {.cipher = { 403 .algo = RTE_CRYPTO_CIPHER_NULL, 404 .block_size = 1, 405 .key_size = { 406 .min = 0, 407 .max = 0, 408 .increment = 0 409 }, 410 .iv_size = { 411 .min = 0, 412 .max = 0, 413 .increment = 0 414 } 415 }, }, 416 }, } 417 }, 418 { /* AES CBC */ 419 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 420 {.sym = { 421 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 422 {.cipher = { 423 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 424 .block_size = 16, 425 .key_size = { 426 .min = 16, 427 .max = 32, 428 .increment = 8 429 }, 430 .iv_size = { 431 .min = 16, 432 .max = 16, 433 .increment = 0 434 } 435 }, } 436 }, } 437 }, 438 { /* AES CTR */ 439 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 440 {.sym = { 441 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 442 {.cipher = { 443 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 444 .block_size = 16, 445 .key_size = { 446 .min = 16, 447 .max = 32, 448 .increment = 8 449 }, 450 .iv_size = { 451 .min = 16, 452 .max = 16, 453 .increment = 0 454 }, 455 }, } 456 }, } 457 }, 458 { /* 3DES CBC */ 459 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 460 {.sym = { 461 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 462 {.cipher = { 463 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 464 .block_size = 8, 465 .key_size = { 466 .min = 16, 467 .max = 24, 468 .increment = 8 469 }, 470 .iv_size = { 471 .min = 8, 472 .max = 8, 473 .increment = 0 474 } 475 }, } 476 }, } 477 }, 478 { /* SNOW 3G (UIA2) */ 479 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 480 {.sym = { 481 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 482 {.auth = { 483 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 484 .block_size = 16, 485 .key_size = { 486 .min = 16, 487 .max = 16, 488 .increment = 0 489 }, 490 .digest_size = { 491 .min = 4, 492 .max = 4, 493 .increment = 0 494 }, 495 .iv_size = { 496 .min = 16, 497 .max = 16, 498 .increment = 0 499 } 500 }, } 501 }, } 502 }, 503 { /* SNOW 3G (UEA2) */ 504 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 505 {.sym = { 506 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 507 {.cipher = { 508 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 509 .block_size = 16, 510 .key_size = { 511 .min = 16, 512 .max = 16, 513 .increment = 0 514 }, 515 .iv_size = { 516 .min = 16, 517 .max = 16, 518 .increment = 0 519 } 520 }, } 521 }, } 522 }, 523 { /* ZUC (EEA3) */ 524 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 525 {.sym = { 526 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 527 {.cipher = { 528 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 529 .block_size = 16, 530 .key_size = { 531 .min = 16, 532 .max = 16, 533 .increment = 0 534 }, 535 .iv_size = { 536 .min = 16, 537 .max = 16, 538 .increment = 0 539 } 540 }, } 541 }, } 542 }, 543 { /* ZUC (EIA3) */ 544 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 545 {.sym = { 546 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 547 {.auth = { 548 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 549 .block_size = 16, 550 .key_size = { 551 .min = 16, 552 .max = 16, 553 .increment = 0 554 }, 555 .digest_size = { 556 .min = 4, 557 .max = 4, 558 .increment = 0 559 }, 560 .iv_size = { 561 .min = 16, 562 .max = 16, 563 .increment = 0 564 } 565 }, } 566 }, } 567 }, 568 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 569 }; 570 571 #ifdef RTE_LIBRTE_SECURITY 572 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 573 { /* SNOW 3G (UIA2) */ 574 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 575 {.sym = { 576 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 577 {.auth = { 578 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 579 .block_size = 16, 580 .key_size = { 581 .min = 16, 582 .max = 16, 583 .increment = 0 584 }, 585 .digest_size = { 586 .min = 4, 587 .max = 4, 588 .increment = 0 589 }, 590 .iv_size = { 591 .min = 16, 592 .max = 16, 593 .increment = 0 594 } 595 }, } 596 }, } 597 }, 598 { /* SNOW 3G (UEA2) */ 599 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 600 {.sym = { 601 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 602 {.cipher = { 603 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 604 .block_size = 16, 605 .key_size = { 606 .min = 16, 607 .max = 16, 608 .increment = 0 609 }, 610 .iv_size = { 611 .min = 16, 612 .max = 16, 613 .increment = 0 614 } 615 }, } 616 }, } 617 }, 618 { /* AES CTR */ 619 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 620 {.sym = { 621 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 622 {.cipher = { 623 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 624 .block_size = 16, 625 .key_size = { 626 .min = 16, 627 .max = 32, 628 .increment = 8 629 }, 630 .iv_size = { 631 .min = 16, 632 .max = 16, 633 .increment = 0 634 } 635 }, } 636 }, } 637 }, 638 { /* NULL (AUTH) */ 639 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 640 {.sym = { 641 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 642 {.auth = { 643 .algo = RTE_CRYPTO_AUTH_NULL, 644 .block_size = 1, 645 .key_size = { 646 .min = 0, 647 .max = 0, 648 .increment = 0 649 }, 650 .digest_size = { 651 .min = 0, 652 .max = 0, 653 .increment = 0 654 }, 655 .iv_size = { 0 } 656 }, }, 657 }, }, 658 }, 659 { /* NULL (CIPHER) */ 660 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 661 {.sym = { 662 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 663 {.cipher = { 664 .algo = RTE_CRYPTO_CIPHER_NULL, 665 .block_size = 1, 666 .key_size = { 667 .min = 0, 668 .max = 0, 669 .increment = 0 670 }, 671 .iv_size = { 672 .min = 0, 673 .max = 0, 674 .increment = 0 675 } 676 }, }, 677 }, } 678 }, 679 { /* ZUC (EEA3) */ 680 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 681 {.sym = { 682 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 683 {.cipher = { 684 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 685 .block_size = 16, 686 .key_size = { 687 .min = 16, 688 .max = 16, 689 .increment = 0 690 }, 691 .iv_size = { 692 .min = 16, 693 .max = 16, 694 .increment = 0 695 } 696 }, } 697 }, } 698 }, 699 { /* ZUC (EIA3) */ 700 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 701 {.sym = { 702 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 703 {.auth = { 704 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 705 .block_size = 16, 706 .key_size = { 707 .min = 16, 708 .max = 16, 709 .increment = 0 710 }, 711 .digest_size = { 712 .min = 4, 713 .max = 4, 714 .increment = 0 715 }, 716 .iv_size = { 717 .min = 16, 718 .max = 16, 719 .increment = 0 720 } 721 }, } 722 }, } 723 }, 724 725 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 726 }; 727 728 static const struct rte_security_capability dpaa_sec_security_cap[] = { 729 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 730 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 731 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 732 .ipsec = { 733 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 734 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 735 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 736 .options = { 0 }, 737 .replay_win_sz_max = 128 738 }, 739 .crypto_capabilities = dpaa_sec_capabilities 740 }, 741 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 742 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 743 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 744 .ipsec = { 745 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 746 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 747 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 748 .options = { 0 }, 749 .replay_win_sz_max = 128 750 }, 751 .crypto_capabilities = dpaa_sec_capabilities 752 }, 753 { /* PDCP Lookaside Protocol offload Data */ 754 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 755 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 756 .pdcp = { 757 .domain = RTE_SECURITY_PDCP_MODE_DATA, 758 .capa_flags = 0 759 }, 760 .crypto_capabilities = dpaa_pdcp_capabilities 761 }, 762 { /* PDCP Lookaside Protocol offload Control */ 763 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 764 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 765 .pdcp = { 766 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 767 .capa_flags = 0 768 }, 769 .crypto_capabilities = dpaa_pdcp_capabilities 770 }, 771 { 772 .action = RTE_SECURITY_ACTION_TYPE_NONE 773 } 774 }; 775 #endif 776 777 /** 778 * Checksum 779 * 780 * @param buffer calculate chksum for buffer 781 * @param len buffer length 782 * 783 * @return checksum value in host cpu order 784 */ 785 static inline uint16_t 786 calc_chksum(void *buffer, int len) 787 { 788 uint16_t *buf = (uint16_t *)buffer; 789 uint32_t sum = 0; 790 uint16_t result; 791 792 for (sum = 0; len > 1; len -= 2) 793 sum += *buf++; 794 795 if (len == 1) 796 sum += *(unsigned char *)buf; 797 798 sum = (sum >> 16) + (sum & 0xFFFF); 799 sum += (sum >> 16); 800 result = ~sum; 801 802 return result; 803 } 804 805 #endif /* _DPAA_SEC_H_ */ 806