xref: /dpdk/drivers/crypto/dpaa_sec/dpaa_sec.h (revision bb44fb6fe7713ddcd023d5b9bacadf074d68092e) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  *
3  *   Copyright 2016 NXP
4  *
5  */
6 
7 #ifndef _DPAA_SEC_H_
8 #define _DPAA_SEC_H_
9 
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD	crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
12 
13 #define NUM_POOL_CHANNELS	4
14 #define DPAA_SEC_BURST		7
15 #define DPAA_SEC_ALG_UNSUPPORT	(-1)
16 #define TDES_CBC_IV_LEN		8
17 #define AES_CBC_IV_LEN		16
18 #define AES_CTR_IV_LEN		16
19 #define AES_GCM_IV_LEN		12
20 
21 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
22  * a pointer to the shared descriptor.
23  */
24 #define MIN_JOB_DESC_SIZE	(CAAM_CMD_SZ + CAAM_PTR_SZ)
25 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
26 #define CTX_POOL_NUM_BUFS	32000
27 #define CTX_POOL_BUF_SIZE	sizeof(struct dpaa_sec_op_ctx)
28 #define CTX_POOL_CACHE_SIZE	512
29 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 2048
30 
31 #define DIR_ENC                 1
32 #define DIR_DEC                 0
33 
34 enum dpaa_sec_op_type {
35 	DPAA_SEC_NONE,  /*!< No Cipher operations*/
36 	DPAA_SEC_CIPHER,/*!< CIPHER operations */
37 	DPAA_SEC_AUTH,  /*!< Authentication Operations */
38 	DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
39 	DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
40 	DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
41 	DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
42 	DPAA_SEC_MAX
43 };
44 
45 
46 #define DPAA_SEC_MAX_DESC_SIZE  64
47 /* code or cmd block to caam */
48 struct sec_cdb {
49 	struct {
50 		union {
51 			uint32_t word;
52 			struct {
53 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
54 				uint16_t rsvd63_48;
55 				unsigned int rsvd47_39:9;
56 				unsigned int idlen:7;
57 #else
58 				unsigned int idlen:7;
59 				unsigned int rsvd47_39:9;
60 				uint16_t rsvd63_48;
61 #endif
62 			} field;
63 		} __packed hi;
64 
65 		union {
66 			uint32_t word;
67 			struct {
68 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
69 				unsigned int rsvd31_30:2;
70 				unsigned int fsgt:1;
71 				unsigned int lng:1;
72 				unsigned int offset:2;
73 				unsigned int abs:1;
74 				unsigned int add_buf:1;
75 				uint8_t pool_id;
76 				uint16_t pool_buffer_size;
77 #else
78 				uint16_t pool_buffer_size;
79 				uint8_t pool_id;
80 				unsigned int add_buf:1;
81 				unsigned int abs:1;
82 				unsigned int offset:2;
83 				unsigned int lng:1;
84 				unsigned int fsgt:1;
85 				unsigned int rsvd31_30:2;
86 #endif
87 			} field;
88 		} __packed lo;
89 	} __packed sh_hdr;
90 
91 	uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
92 };
93 
94 typedef struct dpaa_sec_session_entry {
95 	uint8_t dir;         /*!< Operation Direction */
96 	enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
97 	enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
98 	enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
99 	enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
100 	union {
101 		struct {
102 			uint8_t *data;	/**< pointer to key data */
103 			size_t length;	/**< key length in bytes */
104 		} aead_key;
105 		struct {
106 			struct {
107 				uint8_t *data;	/**< pointer to key data */
108 				size_t length;	/**< key length in bytes */
109 			} cipher_key;
110 			struct {
111 				uint8_t *data;	/**< pointer to key data */
112 				size_t length;	/**< key length in bytes */
113 			} auth_key;
114 		};
115 	};
116 	struct {
117 		uint16_t length;
118 		uint16_t offset;
119 	} iv;	/**< Initialisation vector parameters */
120 	uint16_t auth_only_len; /*!< Length of data for Auth only */
121 	uint32_t digest_length;
122 	struct ipsec_encap_pdb encap_pdb;
123 	struct ip ip4_hdr;
124 	struct ipsec_decap_pdb decap_pdb;
125 	struct dpaa_sec_qp *qp;
126 	struct qman_fq *inq;
127 	struct sec_cdb cdb;	/**< cmd block associated with qp */
128 	struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
129 } dpaa_sec_session;
130 
131 struct dpaa_sec_qp {
132 	struct dpaa_sec_dev_private *internals;
133 	struct qman_fq outq;
134 	int rx_pkts;
135 	int rx_errs;
136 	int tx_pkts;
137 	int tx_errs;
138 };
139 
140 #define RTE_DPAA_MAX_NB_SEC_QPS 8
141 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
142 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
143 
144 /* internal sec queue interface */
145 struct dpaa_sec_dev_private {
146 	void *sec_hw;
147 	struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
148 	struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
149 	struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
150 	unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
151 	unsigned int max_nb_queue_pairs;
152 	unsigned int max_nb_sessions;
153 };
154 
155 #define MAX_SG_ENTRIES		16
156 #define SG_CACHELINE_0		0
157 #define SG_CACHELINE_1		4
158 #define SG_CACHELINE_2		8
159 #define SG_CACHELINE_3		12
160 struct dpaa_sec_job {
161 	/* sg[0] output, sg[1] input, others are possible sub frames */
162 	struct qm_sg_entry sg[MAX_SG_ENTRIES];
163 };
164 
165 #define DPAA_MAX_NB_MAX_DIGEST	32
166 struct dpaa_sec_op_ctx {
167 	struct dpaa_sec_job job;
168 	struct rte_crypto_op *op;
169 	struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
170 	uint32_t fd_status;
171 	int64_t vtop_offset;
172 	uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
173 };
174 
175 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
176 	{	/* MD5 HMAC */
177 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
178 		{.sym = {
179 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
180 			{.auth = {
181 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
182 				.block_size = 64,
183 				.key_size = {
184 					.min = 1,
185 					.max = 64,
186 					.increment = 1
187 				},
188 				.digest_size = {
189 					.min = 1,
190 					.max = 16,
191 					.increment = 1
192 				},
193 				.iv_size = { 0 }
194 			}, }
195 		}, }
196 	},
197 	{	/* SHA1 HMAC */
198 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
199 		{.sym = {
200 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
201 			{.auth = {
202 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
203 				.block_size = 64,
204 				.key_size = {
205 					.min = 1,
206 					.max = 64,
207 					.increment = 1
208 				},
209 				.digest_size = {
210 					.min = 1,
211 					.max = 20,
212 					.increment = 1
213 				},
214 				.iv_size = { 0 }
215 			}, }
216 		}, }
217 	},
218 	{	/* SHA224 HMAC */
219 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
220 		{.sym = {
221 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
222 			{.auth = {
223 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
224 				.block_size = 64,
225 				.key_size = {
226 					.min = 1,
227 					.max = 64,
228 					.increment = 1
229 				},
230 				.digest_size = {
231 					.min = 1,
232 					.max = 28,
233 					.increment = 1
234 				},
235 				.iv_size = { 0 }
236 			}, }
237 		}, }
238 	},
239 	{	/* SHA256 HMAC */
240 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
241 		{.sym = {
242 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
243 			{.auth = {
244 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
245 				.block_size = 64,
246 				.key_size = {
247 					.min = 1,
248 					.max = 64,
249 					.increment = 1
250 				},
251 				.digest_size = {
252 					.min = 1,
253 					.max = 32,
254 					.increment = 1
255 				},
256 				.iv_size = { 0 }
257 			}, }
258 		}, }
259 	},
260 	{	/* SHA384 HMAC */
261 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
262 		{.sym = {
263 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
264 			{.auth = {
265 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
266 				.block_size = 128,
267 				.key_size = {
268 					.min = 1,
269 					.max = 128,
270 					.increment = 1
271 				},
272 				.digest_size = {
273 					.min = 1,
274 					.max = 48,
275 					.increment = 1
276 				},
277 				.iv_size = { 0 }
278 			}, }
279 		}, }
280 	},
281 	{	/* SHA512 HMAC */
282 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
283 		{.sym = {
284 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
285 			{.auth = {
286 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
287 				.block_size = 128,
288 				.key_size = {
289 					.min = 1,
290 					.max = 128,
291 					.increment = 1
292 				},
293 				.digest_size = {
294 					.min = 1,
295 					.max = 64,
296 					.increment = 1
297 				},
298 				.iv_size = { 0 }
299 			}, }
300 		}, }
301 	},
302 	{	/* AES GCM */
303 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
304 		{.sym = {
305 			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
306 			{.aead = {
307 				.algo = RTE_CRYPTO_AEAD_AES_GCM,
308 				.block_size = 16,
309 				.key_size = {
310 					.min = 16,
311 					.max = 32,
312 					.increment = 8
313 				},
314 				.digest_size = {
315 					.min = 8,
316 					.max = 16,
317 					.increment = 4
318 				},
319 				.aad_size = {
320 					.min = 0,
321 					.max = 240,
322 					.increment = 1
323 				},
324 				.iv_size = {
325 					.min = 12,
326 					.max = 12,
327 					.increment = 0
328 				},
329 			}, }
330 		}, }
331 	},
332 	{	/* AES CBC */
333 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
334 		{.sym = {
335 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
336 			{.cipher = {
337 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
338 				.block_size = 16,
339 				.key_size = {
340 					.min = 16,
341 					.max = 32,
342 					.increment = 8
343 				},
344 				.iv_size = {
345 					.min = 16,
346 					.max = 16,
347 					.increment = 0
348 				}
349 			}, }
350 		}, }
351 	},
352 	{	/* AES CTR */
353 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
354 		{.sym = {
355 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
356 			{.cipher = {
357 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
358 				.block_size = 16,
359 				.key_size = {
360 					.min = 16,
361 					.max = 32,
362 					.increment = 8
363 				},
364 				.iv_size = {
365 					.min = 16,
366 					.max = 16,
367 					.increment = 0
368 				}
369 			}, }
370 		}, }
371 	},
372 	{	/* 3DES CBC */
373 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
374 		{.sym = {
375 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
376 			{.cipher = {
377 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
378 				.block_size = 8,
379 				.key_size = {
380 					.min = 16,
381 					.max = 24,
382 					.increment = 8
383 				},
384 				.iv_size = {
385 					.min = 8,
386 					.max = 8,
387 					.increment = 0
388 				}
389 			}, }
390 		}, }
391 	},
392 
393 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
394 };
395 
396 static const struct rte_security_capability dpaa_sec_security_cap[] = {
397 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
398 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
399 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
400 		.ipsec = {
401 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
402 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
403 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
404 			.options = { 0 }
405 		},
406 		.crypto_capabilities = dpaa_sec_capabilities
407 	},
408 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
409 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
410 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
411 		.ipsec = {
412 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
413 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
414 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
415 			.options = { 0 }
416 		},
417 		.crypto_capabilities = dpaa_sec_capabilities
418 	},
419 	{
420 		.action = RTE_SECURITY_ACTION_TYPE_NONE
421 	}
422 };
423 
424 /**
425  * Checksum
426  *
427  * @param buffer calculate chksum for buffer
428  * @param len    buffer length
429  *
430  * @return checksum value in host cpu order
431  */
432 static inline uint16_t
433 calc_chksum(void *buffer, int len)
434 {
435 	uint16_t *buf = (uint16_t *)buffer;
436 	uint32_t sum = 0;
437 	uint16_t result;
438 
439 	for (sum = 0; len > 1; len -= 2)
440 		sum += *buf++;
441 
442 	if (len == 1)
443 		sum += *(unsigned char *)buf;
444 
445 	sum = (sum >> 16) + (sum & 0xFFFF);
446 	sum += (sum >> 16);
447 	result = ~sum;
448 
449 	return  result;
450 }
451 
452 #endif /* _DPAA_SEC_H_ */
453