xref: /dpdk/drivers/crypto/dpaa_sec/dpaa_sec.h (revision 89f0711f9ddfb5822da9d34f384b92f72a61c4dc) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  *
3  *   Copyright 2016 NXP
4  *
5  */
6 
7 #ifndef _DPAA_SEC_H_
8 #define _DPAA_SEC_H_
9 
10 #define NUM_POOL_CHANNELS	4
11 #define DPAA_SEC_BURST		7
12 #define DPAA_SEC_ALG_UNSUPPORT	(-1)
13 #define TDES_CBC_IV_LEN		8
14 #define AES_CBC_IV_LEN		16
15 #define AES_CTR_IV_LEN		16
16 #define AES_GCM_IV_LEN		12
17 
18 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
19  * a pointer to the shared descriptor.
20  */
21 #define MIN_JOB_DESC_SIZE	(CAAM_CMD_SZ + CAAM_PTR_SZ)
22 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
23 #define CTX_POOL_NUM_BUFS	32000
24 #define CTX_POOL_BUF_SIZE	sizeof(struct dpaa_sec_op_ctx)
25 #define CTX_POOL_CACHE_SIZE	512
26 
27 #define DIR_ENC                 1
28 #define DIR_DEC                 0
29 
30 enum dpaa_sec_op_type {
31 	DPAA_SEC_NONE,  /*!< No Cipher operations*/
32 	DPAA_SEC_CIPHER,/*!< CIPHER operations */
33 	DPAA_SEC_AUTH,  /*!< Authentication Operations */
34 	DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
35 	DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
36 	DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
37 	DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
38 	DPAA_SEC_MAX
39 };
40 
41 
42 #define DPAA_SEC_MAX_DESC_SIZE  64
43 /* code or cmd block to caam */
44 struct sec_cdb {
45 	struct {
46 		union {
47 			uint32_t word;
48 			struct {
49 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
50 				uint16_t rsvd63_48;
51 				unsigned int rsvd47_39:9;
52 				unsigned int idlen:7;
53 #else
54 				unsigned int idlen:7;
55 				unsigned int rsvd47_39:9;
56 				uint16_t rsvd63_48;
57 #endif
58 			} field;
59 		} __packed hi;
60 
61 		union {
62 			uint32_t word;
63 			struct {
64 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
65 				unsigned int rsvd31_30:2;
66 				unsigned int fsgt:1;
67 				unsigned int lng:1;
68 				unsigned int offset:2;
69 				unsigned int abs:1;
70 				unsigned int add_buf:1;
71 				uint8_t pool_id;
72 				uint16_t pool_buffer_size;
73 #else
74 				uint16_t pool_buffer_size;
75 				uint8_t pool_id;
76 				unsigned int add_buf:1;
77 				unsigned int abs:1;
78 				unsigned int offset:2;
79 				unsigned int lng:1;
80 				unsigned int fsgt:1;
81 				unsigned int rsvd31_30:2;
82 #endif
83 			} field;
84 		} __packed lo;
85 	} __packed sh_hdr;
86 
87 	uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
88 };
89 
90 typedef struct dpaa_sec_session_entry {
91 	uint8_t dir;         /*!< Operation Direction */
92 	enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
93 	enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
94 	enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
95 	enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
96 	union {
97 		struct {
98 			uint8_t *data;	/**< pointer to key data */
99 			size_t length;	/**< key length in bytes */
100 		} aead_key;
101 		struct {
102 			struct {
103 				uint8_t *data;	/**< pointer to key data */
104 				size_t length;	/**< key length in bytes */
105 			} cipher_key;
106 			struct {
107 				uint8_t *data;	/**< pointer to key data */
108 				size_t length;	/**< key length in bytes */
109 			} auth_key;
110 		};
111 	};
112 	struct {
113 		uint16_t length;
114 		uint16_t offset;
115 	} iv;	/**< Initialisation vector parameters */
116 	uint16_t auth_only_len; /*!< Length of data for Auth only */
117 	uint32_t digest_length;
118 	struct ipsec_encap_pdb encap_pdb;
119 	struct ip ip4_hdr;
120 	struct ipsec_decap_pdb decap_pdb;
121 	struct dpaa_sec_qp *qp;
122 	struct qman_fq *inq;
123 	struct sec_cdb cdb;	/**< cmd block associated with qp */
124 	struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
125 } dpaa_sec_session;
126 
127 struct dpaa_sec_qp {
128 	struct dpaa_sec_dev_private *internals;
129 	struct qman_fq outq;
130 	int rx_pkts;
131 	int rx_errs;
132 	int tx_pkts;
133 	int tx_errs;
134 };
135 
136 #define RTE_DPAA_MAX_NB_SEC_QPS 1
137 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
138 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
139 
140 /* internal sec queue interface */
141 struct dpaa_sec_dev_private {
142 	void *sec_hw;
143 	struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
144 	struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
145 	struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
146 	unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
147 	unsigned int max_nb_queue_pairs;
148 	unsigned int max_nb_sessions;
149 };
150 
151 #define MAX_SG_ENTRIES		16
152 #define SG_CACHELINE_0		0
153 #define SG_CACHELINE_1		4
154 #define SG_CACHELINE_2		8
155 #define SG_CACHELINE_3		12
156 struct dpaa_sec_job {
157 	/* sg[0] output, sg[1] input, others are possible sub frames */
158 	struct qm_sg_entry sg[MAX_SG_ENTRIES];
159 };
160 
161 #define DPAA_MAX_NB_MAX_DIGEST	32
162 struct dpaa_sec_op_ctx {
163 	struct dpaa_sec_job job;
164 	struct rte_crypto_op *op;
165 	struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
166 	uint32_t fd_status;
167 	int64_t vtop_offset;
168 	uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
169 };
170 
171 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
172 	{	/* MD5 HMAC */
173 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
174 		{.sym = {
175 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
176 			{.auth = {
177 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
178 				.block_size = 64,
179 				.key_size = {
180 					.min = 1,
181 					.max = 64,
182 					.increment = 1
183 				},
184 				.digest_size = {
185 					.min = 16,
186 					.max = 16,
187 					.increment = 0
188 				},
189 			}, }
190 		}, }
191 	},
192 	{	/* SHA1 HMAC */
193 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
194 		{.sym = {
195 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
196 			{.auth = {
197 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
198 				.block_size = 64,
199 				.key_size = {
200 					.min = 1,
201 					.max = 64,
202 					.increment = 1
203 				},
204 				.digest_size = {
205 					.min = 20,
206 					.max = 20,
207 					.increment = 0
208 				},
209 			}, }
210 		}, }
211 	},
212 	{	/* SHA224 HMAC */
213 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
214 		{.sym = {
215 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
216 			{.auth = {
217 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
218 				.block_size = 64,
219 				.key_size = {
220 					.min = 1,
221 					.max = 64,
222 					.increment = 1
223 				},
224 				.digest_size = {
225 					.min = 28,
226 					.max = 28,
227 					.increment = 0
228 				},
229 			}, }
230 		}, }
231 	},
232 	{	/* SHA256 HMAC */
233 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
234 		{.sym = {
235 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
236 			{.auth = {
237 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
238 				.block_size = 64,
239 				.key_size = {
240 					.min = 1,
241 					.max = 64,
242 					.increment = 1
243 				},
244 				.digest_size = {
245 					.min = 32,
246 					.max = 32,
247 					.increment = 0
248 				},
249 			}, }
250 		}, }
251 	},
252 	{	/* SHA384 HMAC */
253 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
254 		{.sym = {
255 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
256 			{.auth = {
257 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
258 				.block_size = 128,
259 				.key_size = {
260 					.min = 1,
261 					.max = 128,
262 					.increment = 1
263 				},
264 				.digest_size = {
265 					.min = 48,
266 					.max = 48,
267 					.increment = 0
268 				},
269 			}, }
270 		}, }
271 	},
272 	{	/* SHA512 HMAC */
273 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
274 		{.sym = {
275 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
276 			{.auth = {
277 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
278 				.block_size = 128,
279 				.key_size = {
280 					.min = 1,
281 					.max = 128,
282 					.increment = 1
283 				},
284 				.digest_size = {
285 					.min = 64,
286 					.max = 64,
287 					.increment = 0
288 				},
289 			}, }
290 		}, }
291 	},
292 	{	/* AES GCM */
293 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
294 		{.sym = {
295 			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
296 			{.aead = {
297 				.algo = RTE_CRYPTO_AEAD_AES_GCM,
298 				.block_size = 16,
299 				.key_size = {
300 					.min = 16,
301 					.max = 32,
302 					.increment = 8
303 				},
304 				.digest_size = {
305 					.min = 8,
306 					.max = 16,
307 					.increment = 4
308 				},
309 				.aad_size = {
310 					.min = 0,
311 					.max = 240,
312 					.increment = 1
313 				},
314 				.iv_size = {
315 					.min = 12,
316 					.max = 12,
317 					.increment = 0
318 				},
319 			}, }
320 		}, }
321 	},
322 	{	/* AES CBC */
323 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
324 		{.sym = {
325 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
326 			{.cipher = {
327 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
328 				.block_size = 16,
329 				.key_size = {
330 					.min = 16,
331 					.max = 32,
332 					.increment = 8
333 				},
334 				.iv_size = {
335 					.min = 16,
336 					.max = 16,
337 					.increment = 0
338 				}
339 			}, }
340 		}, }
341 	},
342 	{	/* AES CTR */
343 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
344 		{.sym = {
345 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
346 			{.cipher = {
347 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
348 				.block_size = 16,
349 				.key_size = {
350 					.min = 16,
351 					.max = 32,
352 					.increment = 8
353 				},
354 				.iv_size = {
355 					.min = 16,
356 					.max = 16,
357 					.increment = 0
358 				}
359 			}, }
360 		}, }
361 	},
362 	{	/* 3DES CBC */
363 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
364 		{.sym = {
365 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
366 			{.cipher = {
367 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
368 				.block_size = 8,
369 				.key_size = {
370 					.min = 16,
371 					.max = 24,
372 					.increment = 8
373 				},
374 				.iv_size = {
375 					.min = 8,
376 					.max = 8,
377 					.increment = 0
378 				}
379 			}, }
380 		}, }
381 	},
382 
383 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
384 };
385 
386 static const struct rte_security_capability dpaa_sec_security_cap[] = {
387 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
388 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
389 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
390 		.ipsec = {
391 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
392 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
393 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
394 			.options = { 0 }
395 		},
396 		.crypto_capabilities = dpaa_sec_capabilities
397 	},
398 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
399 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
400 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
401 		.ipsec = {
402 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
403 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
404 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
405 			.options = { 0 }
406 		},
407 		.crypto_capabilities = dpaa_sec_capabilities
408 	},
409 	{
410 		.action = RTE_SECURITY_ACTION_TYPE_NONE
411 	}
412 };
413 
414 /**
415  * Checksum
416  *
417  * @param buffer calculate chksum for buffer
418  * @param len    buffer length
419  *
420  * @return checksum value in host cpu order
421  */
422 static inline uint16_t
423 calc_chksum(void *buffer, int len)
424 {
425 	uint16_t *buf = (uint16_t *)buffer;
426 	uint32_t sum = 0;
427 	uint16_t result;
428 
429 	for (sum = 0; len > 1; len -= 2)
430 		sum += *buf++;
431 
432 	if (len == 1)
433 		sum += *(unsigned char *)buf;
434 
435 	sum = (sum >> 16) + (sum & 0xFFFF);
436 	sum += (sum >> 16);
437 	result = ~sum;
438 
439 	return  result;
440 }
441 
442 #endif /* _DPAA_SEC_H_ */
443