1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2021 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define MAX_DPAA_CORES 4 14 #define NUM_POOL_CHANNELS 4 15 #define DPAA_SEC_BURST 7 16 #define DPAA_SEC_ALG_UNSUPPORT (-1) 17 #define TDES_CBC_IV_LEN 8 18 #define AES_CBC_IV_LEN 16 19 #define AES_CTR_IV_LEN 16 20 #define AES_GCM_IV_LEN 12 21 22 extern uint8_t dpaa_cryptodev_driver_id; 23 24 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 25 26 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 27 * a pointer to the shared descriptor. 28 */ 29 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 30 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 31 #define CTX_POOL_NUM_BUFS 32000 32 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 33 #define CTX_POOL_CACHE_SIZE 512 34 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 35 36 #define DIR_ENC 1 37 #define DIR_DEC 0 38 39 enum dpaa_sec_op_type { 40 DPAA_SEC_NONE, /*!< No Cipher operations*/ 41 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 42 DPAA_SEC_AUTH, /*!< Authentication Operations */ 43 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 44 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 45 * associated data 46 */ 47 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 48 * associated data 49 */ 50 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 51 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 52 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 53 DPAA_SEC_MAX 54 }; 55 56 #define DPAA_SEC_MAX_DESC_SIZE 64 57 /* code or cmd block to caam */ 58 struct sec_cdb { 59 struct { 60 union { 61 uint32_t word; 62 struct { 63 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 64 uint16_t rsvd63_48; 65 unsigned int rsvd47_39:9; 66 unsigned int idlen:7; 67 #else 68 unsigned int idlen:7; 69 unsigned int rsvd47_39:9; 70 uint16_t rsvd63_48; 71 #endif 72 } field; 73 } __packed hi; 74 75 union { 76 uint32_t word; 77 struct { 78 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 79 unsigned int rsvd31_30:2; 80 unsigned int fsgt:1; 81 unsigned int lng:1; 82 unsigned int offset:2; 83 unsigned int abs:1; 84 unsigned int add_buf:1; 85 uint8_t pool_id; 86 uint16_t pool_buffer_size; 87 #else 88 uint16_t pool_buffer_size; 89 uint8_t pool_id; 90 unsigned int add_buf:1; 91 unsigned int abs:1; 92 unsigned int offset:2; 93 unsigned int lng:1; 94 unsigned int fsgt:1; 95 unsigned int rsvd31_30:2; 96 #endif 97 } field; 98 } __packed lo; 99 } __packed sh_hdr; 100 101 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 102 }; 103 #ifdef RTE_LIB_SECURITY 104 /*! 105 * The structure is to be filled by user as a part of 106 * dpaa_sec_proto_ctxt for PDCP Protocol 107 */ 108 struct sec_pdcp_ctxt { 109 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 110 int8_t bearer; /*!< PDCP bearer ID */ 111 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 112 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 113 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 114 uint8_t sdap_enabled; /*!< SDAP header is enabled */ 115 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 116 * per packet hfn is stored 117 */ 118 uint32_t hfn; /*!< Hyper Frame Number */ 119 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 120 }; 121 #endif 122 123 typedef int (*dpaa_sec_build_fd_t)( 124 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec, 125 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs, 126 struct rte_crypto_va_iova_ptr *iv, 127 struct rte_crypto_va_iova_ptr *digest, 128 struct rte_crypto_va_iova_ptr *aad_or_auth_iv, 129 void *user_data); 130 131 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx, 132 struct rte_crypto_sgl *sgl, 133 struct rte_crypto_sgl *dest_sgl, 134 struct rte_crypto_va_iova_ptr *iv, 135 struct rte_crypto_va_iova_ptr *digest, 136 struct rte_crypto_va_iova_ptr *auth_iv, 137 union rte_crypto_sym_ofs ofs, 138 void *userdata, 139 struct qm_fd *fd); 140 141 typedef struct dpaa_sec_session_entry { 142 struct sec_cdb cdb; /**< cmd block associated with qp */ 143 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 144 struct qman_fq *inq[MAX_DPAA_CORES]; 145 uint8_t dir; /*!< Operation Direction */ 146 uint8_t ctxt; /*!< Session Context Type */ 147 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 148 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 149 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 150 #ifdef RTE_LIB_SECURITY 151 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 152 #endif 153 dpaa_sec_build_fd_t build_fd; 154 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd; 155 union { 156 struct { 157 uint8_t *data; /**< pointer to key data */ 158 size_t length; /**< key length in bytes */ 159 uint32_t alg; 160 uint32_t algmode; 161 } aead_key; 162 struct { 163 struct { 164 uint8_t *data; /**< pointer to key data */ 165 size_t length; /**< key length in bytes */ 166 uint32_t alg; 167 uint32_t algmode; 168 } cipher_key; 169 struct { 170 uint8_t *data; /**< pointer to key data */ 171 size_t length; /**< key length in bytes */ 172 uint32_t alg; 173 uint32_t algmode; 174 } auth_key; 175 }; 176 }; 177 union { 178 struct { 179 struct { 180 uint16_t length; 181 uint16_t offset; 182 } iv; /**< Initialisation vector parameters */ 183 uint16_t auth_only_len; 184 /*!< Length of data for Auth only */ 185 uint32_t digest_length; 186 struct ipsec_decap_pdb decap_pdb; 187 struct ipsec_encap_pdb encap_pdb; 188 union { 189 struct ip ip4_hdr; 190 struct rte_ipv6_hdr ip6_hdr; 191 }; 192 uint8_t auth_cipher_text; 193 /**< Authenticate/cipher ordering */ 194 }; 195 #ifdef RTE_LIB_SECURITY 196 struct sec_pdcp_ctxt pdcp; 197 #endif 198 }; 199 } dpaa_sec_session; 200 201 struct dpaa_sec_qp { 202 struct dpaa_sec_dev_private *internals; 203 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 204 struct qman_fq outq; 205 int rx_pkts; 206 int rx_errs; 207 int tx_pkts; 208 int tx_errs; 209 }; 210 211 #define RTE_DPAA_MAX_NB_SEC_QPS 2 212 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 213 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 214 215 /* internal sec queue interface */ 216 struct dpaa_sec_dev_private { 217 void *sec_hw; 218 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 219 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 220 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 221 unsigned int max_nb_queue_pairs; 222 unsigned int max_nb_sessions; 223 rte_spinlock_t lock; 224 }; 225 226 #define MAX_SG_ENTRIES 16 227 #define MAX_JOB_SG_ENTRIES 36 228 229 struct dpaa_sec_job { 230 /* sg[0] output, sg[1] input, others are possible sub frames */ 231 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 232 }; 233 234 #define DPAA_MAX_NB_MAX_DIGEST 32 235 struct dpaa_sec_op_ctx { 236 struct dpaa_sec_job job; 237 union { 238 struct rte_crypto_op *op; 239 void *userdata; 240 }; 241 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 242 uint32_t fd_status; 243 int64_t vtop_offset; 244 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 245 }; 246 247 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 248 { /* NULL (AUTH) */ 249 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 250 {.sym = { 251 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 252 {.auth = { 253 .algo = RTE_CRYPTO_AUTH_NULL, 254 .block_size = 1, 255 .key_size = { 256 .min = 0, 257 .max = 0, 258 .increment = 0 259 }, 260 .digest_size = { 261 .min = 0, 262 .max = 0, 263 .increment = 0 264 }, 265 .iv_size = { 0 } 266 }, }, 267 }, }, 268 }, 269 { /* MD5 */ 270 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 271 {.sym = { 272 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 273 {.auth = { 274 .algo = RTE_CRYPTO_AUTH_MD5, 275 .block_size = 64, 276 .key_size = { 277 .min = 0, 278 .max = 0, 279 .increment = 0 280 }, 281 .digest_size = { 282 .min = 16, 283 .max = 16, 284 .increment = 0 285 }, 286 .iv_size = { 0 } 287 }, } 288 }, } 289 }, 290 { /* MD5 HMAC */ 291 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 292 {.sym = { 293 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 294 {.auth = { 295 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 296 .block_size = 64, 297 .key_size = { 298 .min = 1, 299 .max = 64, 300 .increment = 1 301 }, 302 .digest_size = { 303 .min = 1, 304 .max = 16, 305 .increment = 1 306 }, 307 .iv_size = { 0 } 308 }, } 309 }, } 310 }, 311 { /* SHA1 */ 312 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 313 {.sym = { 314 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 315 {.auth = { 316 .algo = RTE_CRYPTO_AUTH_SHA1, 317 .block_size = 64, 318 .key_size = { 319 .min = 0, 320 .max = 0, 321 .increment = 0 322 }, 323 .digest_size = { 324 .min = 20, 325 .max = 20, 326 .increment = 0 327 }, 328 .iv_size = { 0 } 329 }, } 330 }, } 331 }, 332 { /* SHA1 HMAC */ 333 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 334 {.sym = { 335 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 336 {.auth = { 337 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 338 .block_size = 64, 339 .key_size = { 340 .min = 1, 341 .max = 64, 342 .increment = 1 343 }, 344 .digest_size = { 345 .min = 1, 346 .max = 20, 347 .increment = 1 348 }, 349 .iv_size = { 0 } 350 }, } 351 }, } 352 }, 353 { /* SHA224 */ 354 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 355 {.sym = { 356 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 357 {.auth = { 358 .algo = RTE_CRYPTO_AUTH_SHA224, 359 .block_size = 64, 360 .key_size = { 361 .min = 0, 362 .max = 0, 363 .increment = 0 364 }, 365 .digest_size = { 366 .min = 28, 367 .max = 28, 368 .increment = 0 369 }, 370 .iv_size = { 0 } 371 }, } 372 }, } 373 }, 374 { /* SHA224 HMAC */ 375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 376 {.sym = { 377 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 378 {.auth = { 379 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 380 .block_size = 64, 381 .key_size = { 382 .min = 1, 383 .max = 64, 384 .increment = 1 385 }, 386 .digest_size = { 387 .min = 1, 388 .max = 28, 389 .increment = 1 390 }, 391 .iv_size = { 0 } 392 }, } 393 }, } 394 }, 395 { /* SHA256 */ 396 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 397 {.sym = { 398 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 399 {.auth = { 400 .algo = RTE_CRYPTO_AUTH_SHA256, 401 .block_size = 64, 402 .key_size = { 403 .min = 0, 404 .max = 0, 405 .increment = 0 406 }, 407 .digest_size = { 408 .min = 32, 409 .max = 32, 410 .increment = 0 411 }, 412 .iv_size = { 0 } 413 }, } 414 }, } 415 }, 416 { /* SHA256 HMAC */ 417 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 418 {.sym = { 419 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 420 {.auth = { 421 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 422 .block_size = 64, 423 .key_size = { 424 .min = 1, 425 .max = 64, 426 .increment = 1 427 }, 428 .digest_size = { 429 .min = 1, 430 .max = 32, 431 .increment = 1 432 }, 433 .iv_size = { 0 } 434 }, } 435 }, } 436 }, 437 { /* SHA384 */ 438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 439 {.sym = { 440 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 441 {.auth = { 442 .algo = RTE_CRYPTO_AUTH_SHA384, 443 .block_size = 64, 444 .key_size = { 445 .min = 0, 446 .max = 0, 447 .increment = 0 448 }, 449 .digest_size = { 450 .min = 48, 451 .max = 48, 452 .increment = 0 453 }, 454 .iv_size = { 0 } 455 }, } 456 }, } 457 }, 458 { /* SHA384 HMAC */ 459 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 460 {.sym = { 461 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 462 {.auth = { 463 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 464 .block_size = 128, 465 .key_size = { 466 .min = 1, 467 .max = 128, 468 .increment = 1 469 }, 470 .digest_size = { 471 .min = 1, 472 .max = 48, 473 .increment = 1 474 }, 475 .iv_size = { 0 } 476 }, } 477 }, } 478 }, 479 { /* SHA512 */ 480 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 481 {.sym = { 482 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 483 {.auth = { 484 .algo = RTE_CRYPTO_AUTH_SHA512, 485 .block_size = 128, 486 .key_size = { 487 .min = 0, 488 .max = 0, 489 .increment = 0 490 }, 491 .digest_size = { 492 .min = 64, 493 .max = 64, 494 .increment = 0 495 }, 496 .iv_size = { 0 } 497 }, } 498 }, } 499 }, 500 { /* SHA512 HMAC */ 501 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 502 {.sym = { 503 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 504 {.auth = { 505 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 506 .block_size = 128, 507 .key_size = { 508 .min = 1, 509 .max = 128, 510 .increment = 1 511 }, 512 .digest_size = { 513 .min = 1, 514 .max = 64, 515 .increment = 1 516 }, 517 .iv_size = { 0 } 518 }, } 519 }, } 520 }, 521 { /* AES GCM */ 522 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 523 {.sym = { 524 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 525 {.aead = { 526 .algo = RTE_CRYPTO_AEAD_AES_GCM, 527 .block_size = 16, 528 .key_size = { 529 .min = 16, 530 .max = 32, 531 .increment = 8 532 }, 533 .digest_size = { 534 .min = 8, 535 .max = 16, 536 .increment = 4 537 }, 538 .aad_size = { 539 .min = 0, 540 .max = 240, 541 .increment = 1 542 }, 543 .iv_size = { 544 .min = 12, 545 .max = 12, 546 .increment = 0 547 }, 548 }, } 549 }, } 550 }, 551 { /* NULL (CIPHER) */ 552 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 553 {.sym = { 554 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 555 {.cipher = { 556 .algo = RTE_CRYPTO_CIPHER_NULL, 557 .block_size = 1, 558 .key_size = { 559 .min = 0, 560 .max = 0, 561 .increment = 0 562 }, 563 .iv_size = { 564 .min = 0, 565 .max = 0, 566 .increment = 0 567 } 568 }, }, 569 }, } 570 }, 571 { /* AES CBC */ 572 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 573 {.sym = { 574 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 575 {.cipher = { 576 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 577 .block_size = 16, 578 .key_size = { 579 .min = 16, 580 .max = 32, 581 .increment = 8 582 }, 583 .iv_size = { 584 .min = 16, 585 .max = 16, 586 .increment = 0 587 } 588 }, } 589 }, } 590 }, 591 { /* AES CTR */ 592 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 593 {.sym = { 594 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 595 {.cipher = { 596 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 597 .block_size = 16, 598 .key_size = { 599 .min = 16, 600 .max = 32, 601 .increment = 8 602 }, 603 .iv_size = { 604 .min = 16, 605 .max = 16, 606 .increment = 0 607 }, 608 }, } 609 }, } 610 }, 611 { /* DES CBC */ 612 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 613 {.sym = { 614 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 615 {.cipher = { 616 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 617 .block_size = 8, 618 .key_size = { 619 .min = 8, 620 .max = 8, 621 .increment = 0 622 }, 623 .iv_size = { 624 .min = 8, 625 .max = 8, 626 .increment = 0 627 } 628 }, } 629 }, } 630 }, 631 { /* 3DES CBC */ 632 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 633 {.sym = { 634 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 635 {.cipher = { 636 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 637 .block_size = 8, 638 .key_size = { 639 .min = 16, 640 .max = 24, 641 .increment = 8 642 }, 643 .iv_size = { 644 .min = 8, 645 .max = 8, 646 .increment = 0 647 } 648 }, } 649 }, } 650 }, 651 { /* SNOW 3G (UIA2) */ 652 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 653 {.sym = { 654 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 655 {.auth = { 656 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 657 .block_size = 16, 658 .key_size = { 659 .min = 16, 660 .max = 16, 661 .increment = 0 662 }, 663 .digest_size = { 664 .min = 4, 665 .max = 4, 666 .increment = 0 667 }, 668 .iv_size = { 669 .min = 16, 670 .max = 16, 671 .increment = 0 672 } 673 }, } 674 }, } 675 }, 676 { /* SNOW 3G (UEA2) */ 677 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 678 {.sym = { 679 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 680 {.cipher = { 681 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 682 .block_size = 16, 683 .key_size = { 684 .min = 16, 685 .max = 16, 686 .increment = 0 687 }, 688 .iv_size = { 689 .min = 16, 690 .max = 16, 691 .increment = 0 692 } 693 }, } 694 }, } 695 }, 696 { /* ZUC (EEA3) */ 697 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 698 {.sym = { 699 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 700 {.cipher = { 701 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 702 .block_size = 16, 703 .key_size = { 704 .min = 16, 705 .max = 16, 706 .increment = 0 707 }, 708 .iv_size = { 709 .min = 16, 710 .max = 16, 711 .increment = 0 712 } 713 }, } 714 }, } 715 }, 716 { /* ZUC (EIA3) */ 717 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 718 {.sym = { 719 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 720 {.auth = { 721 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 722 .block_size = 16, 723 .key_size = { 724 .min = 16, 725 .max = 16, 726 .increment = 0 727 }, 728 .digest_size = { 729 .min = 4, 730 .max = 4, 731 .increment = 0 732 }, 733 .iv_size = { 734 .min = 16, 735 .max = 16, 736 .increment = 0 737 } 738 }, } 739 }, } 740 }, 741 { /* AES CMAC */ 742 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 743 {.sym = { 744 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 745 {.auth = { 746 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 747 .block_size = 16, 748 .key_size = { 749 .min = 1, 750 .max = 16, 751 .increment = 1 752 }, 753 .digest_size = { 754 .min = 12, 755 .max = 16, 756 .increment = 4 757 }, 758 .iv_size = { 0 } 759 }, } 760 }, } 761 }, 762 { /* AES XCBC HMAC */ 763 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 764 {.sym = { 765 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 766 {.auth = { 767 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 768 .block_size = 16, 769 .key_size = { 770 .min = 1, 771 .max = 16, 772 .increment = 1 773 }, 774 .digest_size = { 775 .min = 12, 776 .max = 16, 777 .increment = 4 778 }, 779 .aad_size = { 0 }, 780 .iv_size = { 0 } 781 }, } 782 }, } 783 }, 784 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 785 }; 786 787 #ifdef RTE_LIB_SECURITY 788 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 789 { /* SNOW 3G (UIA2) */ 790 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 791 {.sym = { 792 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 793 {.auth = { 794 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 795 .block_size = 16, 796 .key_size = { 797 .min = 16, 798 .max = 16, 799 .increment = 0 800 }, 801 .digest_size = { 802 .min = 4, 803 .max = 4, 804 .increment = 0 805 }, 806 .iv_size = { 807 .min = 16, 808 .max = 16, 809 .increment = 0 810 } 811 }, } 812 }, } 813 }, 814 { /* SNOW 3G (UEA2) */ 815 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 816 {.sym = { 817 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 818 {.cipher = { 819 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 820 .block_size = 16, 821 .key_size = { 822 .min = 16, 823 .max = 16, 824 .increment = 0 825 }, 826 .iv_size = { 827 .min = 16, 828 .max = 16, 829 .increment = 0 830 } 831 }, } 832 }, } 833 }, 834 { /* AES CTR */ 835 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 836 {.sym = { 837 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 838 {.cipher = { 839 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 840 .block_size = 16, 841 .key_size = { 842 .min = 16, 843 .max = 32, 844 .increment = 8 845 }, 846 .iv_size = { 847 .min = 16, 848 .max = 16, 849 .increment = 0 850 } 851 }, } 852 }, } 853 }, 854 { /* NULL (AUTH) */ 855 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 856 {.sym = { 857 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 858 {.auth = { 859 .algo = RTE_CRYPTO_AUTH_NULL, 860 .block_size = 1, 861 .key_size = { 862 .min = 0, 863 .max = 0, 864 .increment = 0 865 }, 866 .digest_size = { 867 .min = 0, 868 .max = 0, 869 .increment = 0 870 }, 871 .iv_size = { 0 } 872 }, }, 873 }, }, 874 }, 875 { /* NULL (CIPHER) */ 876 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 877 {.sym = { 878 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 879 {.cipher = { 880 .algo = RTE_CRYPTO_CIPHER_NULL, 881 .block_size = 1, 882 .key_size = { 883 .min = 0, 884 .max = 0, 885 .increment = 0 886 }, 887 .iv_size = { 888 .min = 0, 889 .max = 0, 890 .increment = 0 891 } 892 }, }, 893 }, } 894 }, 895 { /* ZUC (EEA3) */ 896 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 897 {.sym = { 898 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 899 {.cipher = { 900 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 901 .block_size = 16, 902 .key_size = { 903 .min = 16, 904 .max = 16, 905 .increment = 0 906 }, 907 .iv_size = { 908 .min = 16, 909 .max = 16, 910 .increment = 0 911 } 912 }, } 913 }, } 914 }, 915 { /* ZUC (EIA3) */ 916 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 917 {.sym = { 918 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 919 {.auth = { 920 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 921 .block_size = 16, 922 .key_size = { 923 .min = 16, 924 .max = 16, 925 .increment = 0 926 }, 927 .digest_size = { 928 .min = 4, 929 .max = 4, 930 .increment = 0 931 }, 932 .iv_size = { 933 .min = 16, 934 .max = 16, 935 .increment = 0 936 } 937 }, } 938 }, } 939 }, 940 941 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 942 }; 943 944 static const struct rte_security_capability dpaa_sec_security_cap[] = { 945 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 946 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 947 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 948 .ipsec = { 949 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 950 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 951 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 952 .options = { 0 }, 953 .replay_win_sz_max = 128 954 }, 955 .crypto_capabilities = dpaa_sec_capabilities 956 }, 957 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 958 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 959 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 960 .ipsec = { 961 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 962 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 963 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 964 .options = { 0 }, 965 .replay_win_sz_max = 128 966 }, 967 .crypto_capabilities = dpaa_sec_capabilities 968 }, 969 { /* PDCP Lookaside Protocol offload Data */ 970 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 971 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 972 .pdcp = { 973 .domain = RTE_SECURITY_PDCP_MODE_DATA, 974 .capa_flags = 0 975 }, 976 .crypto_capabilities = dpaa_pdcp_capabilities 977 }, 978 { /* PDCP Lookaside Protocol offload Control */ 979 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 980 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 981 .pdcp = { 982 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 983 .capa_flags = 0 984 }, 985 .crypto_capabilities = dpaa_pdcp_capabilities 986 }, 987 { /* PDCP Lookaside Protocol offload Short MAC */ 988 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 989 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 990 .pdcp = { 991 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, 992 .capa_flags = 0 993 }, 994 .crypto_capabilities = dpaa_pdcp_capabilities 995 }, 996 { 997 .action = RTE_SECURITY_ACTION_TYPE_NONE 998 } 999 }; 1000 #endif 1001 1002 /** 1003 * Checksum 1004 * 1005 * @param buffer calculate chksum for buffer 1006 * @param len buffer length 1007 * 1008 * @return checksum value in host cpu order 1009 */ 1010 static inline uint16_t 1011 calc_chksum(void *buffer, int len) 1012 { 1013 uint16_t *buf = (uint16_t *)buffer; 1014 uint32_t sum = 0; 1015 uint16_t result; 1016 1017 for (sum = 0; len > 1; len -= 2) 1018 sum += *buf++; 1019 1020 if (len == 1) 1021 sum += *(unsigned char *)buf; 1022 1023 sum = (sum >> 16) + (sum & 0xFFFF); 1024 sum += (sum >> 16); 1025 result = ~sum; 1026 1027 return result; 1028 } 1029 1030 int 1031 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, 1032 struct rte_crypto_raw_dp_ctx *raw_dp_ctx, 1033 enum rte_crypto_op_sess_type sess_type, 1034 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update); 1035 1036 int 1037 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev); 1038 1039 int 1040 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess); 1041 1042 #endif /* _DPAA_SEC_H_ */ 1043