1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2022 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define SEC_BASE_ADDR 0x1700000 14 #define MAP_SIZE 0x100000 15 #define BLOCK_OFFSET 0x10000 16 #define CMD_REG 0x4 17 #define QICTL_DQEN 0x01 18 #define QI_BLOCK_NUMBER 7 19 #define MAX_DPAA_CORES 4 20 #define NUM_POOL_CHANNELS 4 21 #define DPAA_SEC_BURST 7 22 #define DPAA_SEC_ALG_UNSUPPORT (-1) 23 #define TDES_CBC_IV_LEN 8 24 #define AES_CBC_IV_LEN 16 25 #define AES_CTR_IV_LEN 16 26 #define AES_GCM_IV_LEN 12 27 28 extern uint8_t dpaa_cryptodev_driver_id; 29 30 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 31 32 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 33 * a pointer to the shared descriptor. 34 */ 35 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 36 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 37 #define CTX_POOL_NUM_BUFS 32000 38 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 39 #define CTX_POOL_CACHE_SIZE 512 40 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 41 42 #define DIR_ENC 1 43 #define DIR_DEC 0 44 45 enum dpaa_sec_op_type { 46 DPAA_SEC_NONE, /*!< No Cipher operations*/ 47 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 48 DPAA_SEC_AUTH, /*!< Authentication Operations */ 49 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 50 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 51 * associated data 52 */ 53 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 54 * associated data 55 */ 56 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 57 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 58 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 59 DPAA_SEC_MAX 60 }; 61 62 #define DPAA_SEC_MAX_DESC_SIZE 64 63 /* code or cmd block to caam */ 64 struct sec_cdb { 65 struct { 66 union { 67 uint32_t word; 68 struct { 69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 70 uint16_t rsvd63_48; 71 unsigned int rsvd47_39:9; 72 unsigned int idlen:7; 73 #else 74 unsigned int idlen:7; 75 unsigned int rsvd47_39:9; 76 uint16_t rsvd63_48; 77 #endif 78 } field; 79 } __packed hi; 80 81 union { 82 uint32_t word; 83 struct { 84 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 85 unsigned int rsvd31_30:2; 86 unsigned int fsgt:1; 87 unsigned int lng:1; 88 unsigned int offset:2; 89 unsigned int abs:1; 90 unsigned int add_buf:1; 91 uint8_t pool_id; 92 uint16_t pool_buffer_size; 93 #else 94 uint16_t pool_buffer_size; 95 uint8_t pool_id; 96 unsigned int add_buf:1; 97 unsigned int abs:1; 98 unsigned int offset:2; 99 unsigned int lng:1; 100 unsigned int fsgt:1; 101 unsigned int rsvd31_30:2; 102 #endif 103 } field; 104 } __packed lo; 105 } __packed sh_hdr; 106 107 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 108 }; 109 #ifdef RTE_LIB_SECURITY 110 /*! 111 * The structure is to be filled by user as a part of 112 * dpaa_sec_proto_ctxt for PDCP Protocol 113 */ 114 struct sec_pdcp_ctxt { 115 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 116 int8_t bearer; /*!< PDCP bearer ID */ 117 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 118 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 119 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 120 uint8_t sdap_enabled; /*!< SDAP header is enabled */ 121 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 122 * per packet hfn is stored 123 */ 124 uint32_t hfn; /*!< Hyper Frame Number */ 125 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 126 }; 127 #endif 128 129 typedef int (*dpaa_sec_build_fd_t)( 130 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec, 131 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs, 132 struct rte_crypto_va_iova_ptr *iv, 133 struct rte_crypto_va_iova_ptr *digest, 134 struct rte_crypto_va_iova_ptr *aad_or_auth_iv, 135 void *user_data); 136 137 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx, 138 struct rte_crypto_sgl *sgl, 139 struct rte_crypto_sgl *dest_sgl, 140 struct rte_crypto_va_iova_ptr *iv, 141 struct rte_crypto_va_iova_ptr *digest, 142 struct rte_crypto_va_iova_ptr *auth_iv, 143 union rte_crypto_sym_ofs ofs, 144 void *userdata, 145 struct qm_fd *fd); 146 147 typedef struct dpaa_sec_session_entry { 148 struct sec_cdb cdb; /**< cmd block associated with qp */ 149 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 150 struct qman_fq *inq[MAX_DPAA_CORES]; 151 uint8_t dir; /*!< Operation Direction */ 152 uint8_t ctxt; /*!< Session Context Type */ 153 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 154 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 155 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 156 #ifdef RTE_LIB_SECURITY 157 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 158 #endif 159 dpaa_sec_build_fd_t build_fd; 160 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd; 161 union { 162 struct { 163 uint8_t *data; /**< pointer to key data */ 164 size_t length; /**< key length in bytes */ 165 uint32_t alg; 166 uint32_t algmode; 167 } aead_key; 168 struct { 169 struct { 170 uint8_t *data; /**< pointer to key data */ 171 size_t length; /**< key length in bytes */ 172 uint32_t alg; 173 uint32_t algmode; 174 } cipher_key; 175 struct { 176 uint8_t *data; /**< pointer to key data */ 177 size_t length; /**< key length in bytes */ 178 uint32_t alg; 179 uint32_t algmode; 180 } auth_key; 181 }; 182 }; 183 union { 184 struct { 185 struct { 186 uint16_t length; 187 uint16_t offset; 188 } iv; /**< Initialisation vector parameters */ 189 uint16_t auth_only_len; 190 /*!< Length of data for Auth only */ 191 uint32_t digest_length; 192 struct ipsec_decap_pdb decap_pdb; 193 struct ipsec_encap_pdb encap_pdb; 194 union { 195 struct ip ip4_hdr; 196 struct rte_ipv6_hdr ip6_hdr; 197 }; 198 uint8_t auth_cipher_text; 199 /**< Authenticate/cipher ordering */ 200 }; 201 #ifdef RTE_LIB_SECURITY 202 struct sec_pdcp_ctxt pdcp; 203 #endif 204 }; 205 } dpaa_sec_session; 206 207 struct dpaa_sec_qp { 208 struct dpaa_sec_dev_private *internals; 209 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 210 struct qman_fq outq; 211 int rx_pkts; 212 int rx_errs; 213 int tx_pkts; 214 int tx_errs; 215 }; 216 217 #define RTE_DPAA_MAX_NB_SEC_QPS 2 218 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 219 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 220 221 /* internal sec queue interface */ 222 struct dpaa_sec_dev_private { 223 void *sec_hw; 224 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 225 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 226 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 227 unsigned int max_nb_queue_pairs; 228 unsigned int max_nb_sessions; 229 rte_spinlock_t lock; 230 }; 231 232 #define MAX_SG_ENTRIES 16 233 #define MAX_JOB_SG_ENTRIES 36 234 235 struct dpaa_sec_job { 236 /* sg[0] output, sg[1] input, others are possible sub frames */ 237 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 238 }; 239 240 #define DPAA_MAX_NB_MAX_DIGEST 64 241 struct dpaa_sec_op_ctx { 242 struct dpaa_sec_job job; 243 union { 244 struct rte_crypto_op *op; 245 void *userdata; 246 }; 247 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 248 uint32_t fd_status; 249 int64_t vtop_offset; 250 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 251 }; 252 253 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 254 { /* NULL (AUTH) */ 255 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 256 {.sym = { 257 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 258 {.auth = { 259 .algo = RTE_CRYPTO_AUTH_NULL, 260 .block_size = 1, 261 .key_size = { 262 .min = 0, 263 .max = 0, 264 .increment = 0 265 }, 266 .digest_size = { 267 .min = 0, 268 .max = 0, 269 .increment = 0 270 }, 271 .iv_size = { 0 } 272 }, }, 273 }, }, 274 }, 275 { /* MD5 */ 276 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 277 {.sym = { 278 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 279 {.auth = { 280 .algo = RTE_CRYPTO_AUTH_MD5, 281 .block_size = 64, 282 .key_size = { 283 .min = 0, 284 .max = 0, 285 .increment = 0 286 }, 287 .digest_size = { 288 .min = 16, 289 .max = 16, 290 .increment = 0 291 }, 292 .iv_size = { 0 } 293 }, } 294 }, } 295 }, 296 { /* MD5 HMAC */ 297 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 298 {.sym = { 299 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 300 {.auth = { 301 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 302 .block_size = 64, 303 .key_size = { 304 .min = 1, 305 .max = 64, 306 .increment = 1 307 }, 308 .digest_size = { 309 .min = 1, 310 .max = 16, 311 .increment = 1 312 }, 313 .iv_size = { 0 } 314 }, } 315 }, } 316 }, 317 { /* SHA1 */ 318 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 319 {.sym = { 320 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 321 {.auth = { 322 .algo = RTE_CRYPTO_AUTH_SHA1, 323 .block_size = 64, 324 .key_size = { 325 .min = 0, 326 .max = 0, 327 .increment = 0 328 }, 329 .digest_size = { 330 .min = 20, 331 .max = 20, 332 .increment = 0 333 }, 334 .iv_size = { 0 } 335 }, } 336 }, } 337 }, 338 { /* SHA1 HMAC */ 339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 340 {.sym = { 341 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 342 {.auth = { 343 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 344 .block_size = 64, 345 .key_size = { 346 .min = 1, 347 .max = 64, 348 .increment = 1 349 }, 350 .digest_size = { 351 .min = 1, 352 .max = 20, 353 .increment = 1 354 }, 355 .iv_size = { 0 } 356 }, } 357 }, } 358 }, 359 { /* SHA224 */ 360 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 361 {.sym = { 362 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 363 {.auth = { 364 .algo = RTE_CRYPTO_AUTH_SHA224, 365 .block_size = 64, 366 .key_size = { 367 .min = 0, 368 .max = 0, 369 .increment = 0 370 }, 371 .digest_size = { 372 .min = 28, 373 .max = 28, 374 .increment = 0 375 }, 376 .iv_size = { 0 } 377 }, } 378 }, } 379 }, 380 { /* SHA224 HMAC */ 381 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 382 {.sym = { 383 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 384 {.auth = { 385 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 386 .block_size = 64, 387 .key_size = { 388 .min = 1, 389 .max = 64, 390 .increment = 1 391 }, 392 .digest_size = { 393 .min = 1, 394 .max = 28, 395 .increment = 1 396 }, 397 .iv_size = { 0 } 398 }, } 399 }, } 400 }, 401 { /* SHA256 */ 402 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 403 {.sym = { 404 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 405 {.auth = { 406 .algo = RTE_CRYPTO_AUTH_SHA256, 407 .block_size = 64, 408 .key_size = { 409 .min = 0, 410 .max = 0, 411 .increment = 0 412 }, 413 .digest_size = { 414 .min = 32, 415 .max = 32, 416 .increment = 0 417 }, 418 .iv_size = { 0 } 419 }, } 420 }, } 421 }, 422 { /* SHA256 HMAC */ 423 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 424 {.sym = { 425 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 426 {.auth = { 427 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 428 .block_size = 64, 429 .key_size = { 430 .min = 1, 431 .max = 64, 432 .increment = 1 433 }, 434 .digest_size = { 435 .min = 1, 436 .max = 32, 437 .increment = 1 438 }, 439 .iv_size = { 0 } 440 }, } 441 }, } 442 }, 443 { /* SHA384 */ 444 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 445 {.sym = { 446 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 447 {.auth = { 448 .algo = RTE_CRYPTO_AUTH_SHA384, 449 .block_size = 64, 450 .key_size = { 451 .min = 0, 452 .max = 0, 453 .increment = 0 454 }, 455 .digest_size = { 456 .min = 48, 457 .max = 48, 458 .increment = 0 459 }, 460 .iv_size = { 0 } 461 }, } 462 }, } 463 }, 464 { /* SHA384 HMAC */ 465 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 466 {.sym = { 467 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 468 {.auth = { 469 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 470 .block_size = 128, 471 .key_size = { 472 .min = 1, 473 .max = 128, 474 .increment = 1 475 }, 476 .digest_size = { 477 .min = 1, 478 .max = 48, 479 .increment = 1 480 }, 481 .iv_size = { 0 } 482 }, } 483 }, } 484 }, 485 { /* SHA512 */ 486 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 487 {.sym = { 488 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 489 {.auth = { 490 .algo = RTE_CRYPTO_AUTH_SHA512, 491 .block_size = 128, 492 .key_size = { 493 .min = 0, 494 .max = 0, 495 .increment = 0 496 }, 497 .digest_size = { 498 .min = 64, 499 .max = 64, 500 .increment = 0 501 }, 502 .iv_size = { 0 } 503 }, } 504 }, } 505 }, 506 { /* SHA512 HMAC */ 507 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 508 {.sym = { 509 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 510 {.auth = { 511 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 512 .block_size = 128, 513 .key_size = { 514 .min = 1, 515 .max = 128, 516 .increment = 1 517 }, 518 .digest_size = { 519 .min = 1, 520 .max = 64, 521 .increment = 1 522 }, 523 .iv_size = { 0 } 524 }, } 525 }, } 526 }, 527 { /* AES GCM */ 528 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 529 {.sym = { 530 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 531 {.aead = { 532 .algo = RTE_CRYPTO_AEAD_AES_GCM, 533 .block_size = 16, 534 .key_size = { 535 .min = 16, 536 .max = 32, 537 .increment = 8 538 }, 539 .digest_size = { 540 .min = 8, 541 .max = 16, 542 .increment = 4 543 }, 544 .aad_size = { 545 .min = 0, 546 .max = 240, 547 .increment = 1 548 }, 549 .iv_size = { 550 .min = 12, 551 .max = 12, 552 .increment = 0 553 }, 554 }, } 555 }, } 556 }, 557 { /* NULL (CIPHER) */ 558 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 559 {.sym = { 560 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 561 {.cipher = { 562 .algo = RTE_CRYPTO_CIPHER_NULL, 563 .block_size = 1, 564 .key_size = { 565 .min = 0, 566 .max = 0, 567 .increment = 0 568 }, 569 .iv_size = { 570 .min = 0, 571 .max = 0, 572 .increment = 0 573 } 574 }, }, 575 }, } 576 }, 577 { /* AES CBC */ 578 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 579 {.sym = { 580 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 581 {.cipher = { 582 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 583 .block_size = 16, 584 .key_size = { 585 .min = 16, 586 .max = 32, 587 .increment = 8 588 }, 589 .iv_size = { 590 .min = 16, 591 .max = 16, 592 .increment = 0 593 } 594 }, } 595 }, } 596 }, 597 { /* AES CTR */ 598 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 599 {.sym = { 600 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 601 {.cipher = { 602 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 603 .block_size = 16, 604 .key_size = { 605 .min = 16, 606 .max = 32, 607 .increment = 8 608 }, 609 .iv_size = { 610 .min = 16, 611 .max = 16, 612 .increment = 0 613 }, 614 }, } 615 }, } 616 }, 617 { /* DES CBC */ 618 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 619 {.sym = { 620 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 621 {.cipher = { 622 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 623 .block_size = 8, 624 .key_size = { 625 .min = 8, 626 .max = 8, 627 .increment = 0 628 }, 629 .iv_size = { 630 .min = 8, 631 .max = 8, 632 .increment = 0 633 } 634 }, } 635 }, } 636 }, 637 { /* 3DES CBC */ 638 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 639 {.sym = { 640 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 641 {.cipher = { 642 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 643 .block_size = 8, 644 .key_size = { 645 .min = 16, 646 .max = 24, 647 .increment = 8 648 }, 649 .iv_size = { 650 .min = 8, 651 .max = 8, 652 .increment = 0 653 } 654 }, } 655 }, } 656 }, 657 { /* SNOW 3G (UIA2) */ 658 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 659 {.sym = { 660 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 661 {.auth = { 662 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 663 .block_size = 16, 664 .key_size = { 665 .min = 16, 666 .max = 16, 667 .increment = 0 668 }, 669 .digest_size = { 670 .min = 4, 671 .max = 4, 672 .increment = 0 673 }, 674 .iv_size = { 675 .min = 16, 676 .max = 16, 677 .increment = 0 678 } 679 }, } 680 }, } 681 }, 682 { /* SNOW 3G (UEA2) */ 683 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 684 {.sym = { 685 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 686 {.cipher = { 687 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 688 .block_size = 16, 689 .key_size = { 690 .min = 16, 691 .max = 16, 692 .increment = 0 693 }, 694 .iv_size = { 695 .min = 16, 696 .max = 16, 697 .increment = 0 698 } 699 }, } 700 }, } 701 }, 702 { /* ZUC (EEA3) */ 703 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 704 {.sym = { 705 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 706 {.cipher = { 707 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 708 .block_size = 16, 709 .key_size = { 710 .min = 16, 711 .max = 16, 712 .increment = 0 713 }, 714 .iv_size = { 715 .min = 16, 716 .max = 16, 717 .increment = 0 718 } 719 }, } 720 }, } 721 }, 722 { /* ZUC (EIA3) */ 723 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 724 {.sym = { 725 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 726 {.auth = { 727 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 728 .block_size = 16, 729 .key_size = { 730 .min = 16, 731 .max = 16, 732 .increment = 0 733 }, 734 .digest_size = { 735 .min = 4, 736 .max = 4, 737 .increment = 0 738 }, 739 .iv_size = { 740 .min = 16, 741 .max = 16, 742 .increment = 0 743 } 744 }, } 745 }, } 746 }, 747 { /* AES CMAC */ 748 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 749 {.sym = { 750 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 751 {.auth = { 752 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 753 .block_size = 16, 754 .key_size = { 755 .min = 1, 756 .max = 16, 757 .increment = 1 758 }, 759 .digest_size = { 760 .min = 12, 761 .max = 16, 762 .increment = 4 763 }, 764 .iv_size = { 0 } 765 }, } 766 }, } 767 }, 768 { /* AES XCBC HMAC */ 769 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 770 {.sym = { 771 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 772 {.auth = { 773 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 774 .block_size = 16, 775 .key_size = { 776 .min = 1, 777 .max = 16, 778 .increment = 1 779 }, 780 .digest_size = { 781 .min = 12, 782 .max = 16, 783 .increment = 4 784 }, 785 .aad_size = { 0 }, 786 .iv_size = { 0 } 787 }, } 788 }, } 789 }, 790 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 791 }; 792 793 #ifdef RTE_LIB_SECURITY 794 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 795 { /* SNOW 3G (UIA2) */ 796 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 797 {.sym = { 798 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 799 {.auth = { 800 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 801 .block_size = 16, 802 .key_size = { 803 .min = 16, 804 .max = 16, 805 .increment = 0 806 }, 807 .digest_size = { 808 .min = 4, 809 .max = 4, 810 .increment = 0 811 }, 812 .iv_size = { 813 .min = 16, 814 .max = 16, 815 .increment = 0 816 } 817 }, } 818 }, } 819 }, 820 { /* SNOW 3G (UEA2) */ 821 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 822 {.sym = { 823 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 824 {.cipher = { 825 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 826 .block_size = 16, 827 .key_size = { 828 .min = 16, 829 .max = 16, 830 .increment = 0 831 }, 832 .iv_size = { 833 .min = 16, 834 .max = 16, 835 .increment = 0 836 } 837 }, } 838 }, } 839 }, 840 { /* AES CTR */ 841 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 842 {.sym = { 843 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 844 {.cipher = { 845 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 846 .block_size = 16, 847 .key_size = { 848 .min = 16, 849 .max = 32, 850 .increment = 8 851 }, 852 .iv_size = { 853 .min = 16, 854 .max = 16, 855 .increment = 0 856 } 857 }, } 858 }, } 859 }, 860 { /* NULL (AUTH) */ 861 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 862 {.sym = { 863 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 864 {.auth = { 865 .algo = RTE_CRYPTO_AUTH_NULL, 866 .block_size = 1, 867 .key_size = { 868 .min = 0, 869 .max = 0, 870 .increment = 0 871 }, 872 .digest_size = { 873 .min = 0, 874 .max = 0, 875 .increment = 0 876 }, 877 .iv_size = { 0 } 878 }, }, 879 }, }, 880 }, 881 { /* NULL (CIPHER) */ 882 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 883 {.sym = { 884 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 885 {.cipher = { 886 .algo = RTE_CRYPTO_CIPHER_NULL, 887 .block_size = 1, 888 .key_size = { 889 .min = 0, 890 .max = 0, 891 .increment = 0 892 }, 893 .iv_size = { 894 .min = 0, 895 .max = 0, 896 .increment = 0 897 } 898 }, }, 899 }, } 900 }, 901 { /* ZUC (EEA3) */ 902 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 903 {.sym = { 904 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 905 {.cipher = { 906 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 907 .block_size = 16, 908 .key_size = { 909 .min = 16, 910 .max = 16, 911 .increment = 0 912 }, 913 .iv_size = { 914 .min = 16, 915 .max = 16, 916 .increment = 0 917 } 918 }, } 919 }, } 920 }, 921 { /* ZUC (EIA3) */ 922 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 923 {.sym = { 924 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 925 {.auth = { 926 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 927 .block_size = 16, 928 .key_size = { 929 .min = 16, 930 .max = 16, 931 .increment = 0 932 }, 933 .digest_size = { 934 .min = 4, 935 .max = 4, 936 .increment = 0 937 }, 938 .iv_size = { 939 .min = 16, 940 .max = 16, 941 .increment = 0 942 } 943 }, } 944 }, } 945 }, 946 947 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 948 }; 949 950 static const struct rte_security_capability dpaa_sec_security_cap[] = { 951 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 952 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 953 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 954 .ipsec = { 955 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 956 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 957 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 958 .options = { 0 }, 959 .replay_win_sz_max = 128 960 }, 961 .crypto_capabilities = dpaa_sec_capabilities 962 }, 963 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 964 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 965 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 966 .ipsec = { 967 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 968 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 969 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 970 .options = { 0 }, 971 .replay_win_sz_max = 128 972 }, 973 .crypto_capabilities = dpaa_sec_capabilities 974 }, 975 { /* PDCP Lookaside Protocol offload Data */ 976 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 977 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 978 .pdcp = { 979 .domain = RTE_SECURITY_PDCP_MODE_DATA, 980 .capa_flags = 0 981 }, 982 .crypto_capabilities = dpaa_pdcp_capabilities 983 }, 984 { /* PDCP Lookaside Protocol offload Control */ 985 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 986 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 987 .pdcp = { 988 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 989 .capa_flags = 0 990 }, 991 .crypto_capabilities = dpaa_pdcp_capabilities 992 }, 993 { /* PDCP Lookaside Protocol offload Short MAC */ 994 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 995 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 996 .pdcp = { 997 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, 998 .capa_flags = 0 999 }, 1000 .crypto_capabilities = dpaa_pdcp_capabilities 1001 }, 1002 { 1003 .action = RTE_SECURITY_ACTION_TYPE_NONE 1004 } 1005 }; 1006 #endif 1007 1008 /** 1009 * Checksum 1010 * 1011 * @param buffer calculate chksum for buffer 1012 * @param len buffer length 1013 * 1014 * @return checksum value in host cpu order 1015 */ 1016 static inline uint16_t 1017 calc_chksum(void *buffer, int len) 1018 { 1019 uint16_t *buf = (uint16_t *)buffer; 1020 uint32_t sum = 0; 1021 uint16_t result; 1022 1023 for (sum = 0; len > 1; len -= 2) 1024 sum += *buf++; 1025 1026 if (len == 1) 1027 sum += *(unsigned char *)buf; 1028 1029 sum = (sum >> 16) + (sum & 0xFFFF); 1030 sum += (sum >> 16); 1031 result = ~sum; 1032 1033 return result; 1034 } 1035 1036 int 1037 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id, 1038 struct rte_crypto_raw_dp_ctx *raw_dp_ctx, 1039 enum rte_crypto_op_sess_type sess_type, 1040 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update); 1041 1042 int 1043 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev); 1044 1045 int 1046 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess); 1047 1048 #endif /* _DPAA_SEC_H_ */ 1049