xref: /dpdk/drivers/crypto/dpaa_sec/dpaa_sec.h (revision c7f5dba7d4bb7971fac51755aad09b71b10cef90) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  *
3  *   Copyright 2016 NXP
4  *
5  */
6 
7 #ifndef _DPAA_SEC_H_
8 #define _DPAA_SEC_H_
9 
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD	crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
12 
13 #define NUM_POOL_CHANNELS	4
14 #define DPAA_SEC_BURST		7
15 #define DPAA_SEC_ALG_UNSUPPORT	(-1)
16 #define TDES_CBC_IV_LEN		8
17 #define AES_CBC_IV_LEN		16
18 #define AES_CTR_IV_LEN		16
19 #define AES_GCM_IV_LEN		12
20 
21 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
22  * a pointer to the shared descriptor.
23  */
24 #define MIN_JOB_DESC_SIZE	(CAAM_CMD_SZ + CAAM_PTR_SZ)
25 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
26 #define CTX_POOL_NUM_BUFS	32000
27 #define CTX_POOL_BUF_SIZE	sizeof(struct dpaa_sec_op_ctx)
28 #define CTX_POOL_CACHE_SIZE	512
29 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 2048
30 
31 #define DIR_ENC                 1
32 #define DIR_DEC                 0
33 
34 enum dpaa_sec_op_type {
35 	DPAA_SEC_NONE,  /*!< No Cipher operations*/
36 	DPAA_SEC_CIPHER,/*!< CIPHER operations */
37 	DPAA_SEC_AUTH,  /*!< Authentication Operations */
38 	DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
39 	DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
40 	DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
41 	DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
42 	DPAA_SEC_MAX
43 };
44 
45 
46 #define DPAA_SEC_MAX_DESC_SIZE  64
47 /* code or cmd block to caam */
48 struct sec_cdb {
49 	struct {
50 		union {
51 			uint32_t word;
52 			struct {
53 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
54 				uint16_t rsvd63_48;
55 				unsigned int rsvd47_39:9;
56 				unsigned int idlen:7;
57 #else
58 				unsigned int idlen:7;
59 				unsigned int rsvd47_39:9;
60 				uint16_t rsvd63_48;
61 #endif
62 			} field;
63 		} __packed hi;
64 
65 		union {
66 			uint32_t word;
67 			struct {
68 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
69 				unsigned int rsvd31_30:2;
70 				unsigned int fsgt:1;
71 				unsigned int lng:1;
72 				unsigned int offset:2;
73 				unsigned int abs:1;
74 				unsigned int add_buf:1;
75 				uint8_t pool_id;
76 				uint16_t pool_buffer_size;
77 #else
78 				uint16_t pool_buffer_size;
79 				uint8_t pool_id;
80 				unsigned int add_buf:1;
81 				unsigned int abs:1;
82 				unsigned int offset:2;
83 				unsigned int lng:1;
84 				unsigned int fsgt:1;
85 				unsigned int rsvd31_30:2;
86 #endif
87 			} field;
88 		} __packed lo;
89 	} __packed sh_hdr;
90 
91 	uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
92 };
93 
94 typedef struct dpaa_sec_session_entry {
95 	uint8_t dir;         /*!< Operation Direction */
96 	enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
97 	enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
98 	enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
99 	enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
100 	union {
101 		struct {
102 			uint8_t *data;	/**< pointer to key data */
103 			size_t length;	/**< key length in bytes */
104 		} aead_key;
105 		struct {
106 			struct {
107 				uint8_t *data;	/**< pointer to key data */
108 				size_t length;	/**< key length in bytes */
109 			} cipher_key;
110 			struct {
111 				uint8_t *data;	/**< pointer to key data */
112 				size_t length;	/**< key length in bytes */
113 			} auth_key;
114 		};
115 	};
116 	struct {
117 		uint16_t length;
118 		uint16_t offset;
119 	} iv;	/**< Initialisation vector parameters */
120 	uint16_t auth_only_len; /*!< Length of data for Auth only */
121 	uint32_t digest_length;
122 	struct ipsec_encap_pdb encap_pdb;
123 	struct ip ip4_hdr;
124 	struct ipsec_decap_pdb decap_pdb;
125 	struct dpaa_sec_qp *qp;
126 	struct qman_fq *inq;
127 	struct sec_cdb cdb;	/**< cmd block associated with qp */
128 	struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
129 } dpaa_sec_session;
130 
131 struct dpaa_sec_qp {
132 	struct dpaa_sec_dev_private *internals;
133 	struct qman_fq outq;
134 	int rx_pkts;
135 	int rx_errs;
136 	int tx_pkts;
137 	int tx_errs;
138 };
139 
140 #define RTE_DPAA_MAX_NB_SEC_QPS 2
141 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
142 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
143 
144 /* internal sec queue interface */
145 struct dpaa_sec_dev_private {
146 	void *sec_hw;
147 	struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
148 	struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
149 	struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
150 	unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
151 	unsigned int max_nb_queue_pairs;
152 	unsigned int max_nb_sessions;
153 	rte_spinlock_t lock;
154 };
155 
156 #define MAX_SG_ENTRIES		16
157 #define SG_CACHELINE_0		0
158 #define SG_CACHELINE_1		4
159 #define SG_CACHELINE_2		8
160 #define SG_CACHELINE_3		12
161 struct dpaa_sec_job {
162 	/* sg[0] output, sg[1] input, others are possible sub frames */
163 	struct qm_sg_entry sg[MAX_SG_ENTRIES];
164 };
165 
166 #define DPAA_MAX_NB_MAX_DIGEST	32
167 struct dpaa_sec_op_ctx {
168 	struct dpaa_sec_job job;
169 	struct rte_crypto_op *op;
170 	struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
171 	uint32_t fd_status;
172 	int64_t vtop_offset;
173 	uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
174 };
175 
176 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
177 	{	/* MD5 HMAC */
178 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
179 		{.sym = {
180 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
181 			{.auth = {
182 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
183 				.block_size = 64,
184 				.key_size = {
185 					.min = 1,
186 					.max = 64,
187 					.increment = 1
188 				},
189 				.digest_size = {
190 					.min = 1,
191 					.max = 16,
192 					.increment = 1
193 				},
194 				.iv_size = { 0 }
195 			}, }
196 		}, }
197 	},
198 	{	/* SHA1 HMAC */
199 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
200 		{.sym = {
201 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
202 			{.auth = {
203 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
204 				.block_size = 64,
205 				.key_size = {
206 					.min = 1,
207 					.max = 64,
208 					.increment = 1
209 				},
210 				.digest_size = {
211 					.min = 1,
212 					.max = 20,
213 					.increment = 1
214 				},
215 				.iv_size = { 0 }
216 			}, }
217 		}, }
218 	},
219 	{	/* SHA224 HMAC */
220 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
221 		{.sym = {
222 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
223 			{.auth = {
224 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
225 				.block_size = 64,
226 				.key_size = {
227 					.min = 1,
228 					.max = 64,
229 					.increment = 1
230 				},
231 				.digest_size = {
232 					.min = 1,
233 					.max = 28,
234 					.increment = 1
235 				},
236 				.iv_size = { 0 }
237 			}, }
238 		}, }
239 	},
240 	{	/* SHA256 HMAC */
241 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
242 		{.sym = {
243 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
244 			{.auth = {
245 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
246 				.block_size = 64,
247 				.key_size = {
248 					.min = 1,
249 					.max = 64,
250 					.increment = 1
251 				},
252 				.digest_size = {
253 					.min = 1,
254 					.max = 32,
255 					.increment = 1
256 				},
257 				.iv_size = { 0 }
258 			}, }
259 		}, }
260 	},
261 	{	/* SHA384 HMAC */
262 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
263 		{.sym = {
264 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
265 			{.auth = {
266 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
267 				.block_size = 128,
268 				.key_size = {
269 					.min = 1,
270 					.max = 128,
271 					.increment = 1
272 				},
273 				.digest_size = {
274 					.min = 1,
275 					.max = 48,
276 					.increment = 1
277 				},
278 				.iv_size = { 0 }
279 			}, }
280 		}, }
281 	},
282 	{	/* SHA512 HMAC */
283 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
284 		{.sym = {
285 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
286 			{.auth = {
287 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
288 				.block_size = 128,
289 				.key_size = {
290 					.min = 1,
291 					.max = 128,
292 					.increment = 1
293 				},
294 				.digest_size = {
295 					.min = 1,
296 					.max = 64,
297 					.increment = 1
298 				},
299 				.iv_size = { 0 }
300 			}, }
301 		}, }
302 	},
303 	{	/* AES GCM */
304 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
305 		{.sym = {
306 			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
307 			{.aead = {
308 				.algo = RTE_CRYPTO_AEAD_AES_GCM,
309 				.block_size = 16,
310 				.key_size = {
311 					.min = 16,
312 					.max = 32,
313 					.increment = 8
314 				},
315 				.digest_size = {
316 					.min = 8,
317 					.max = 16,
318 					.increment = 4
319 				},
320 				.aad_size = {
321 					.min = 0,
322 					.max = 240,
323 					.increment = 1
324 				},
325 				.iv_size = {
326 					.min = 12,
327 					.max = 12,
328 					.increment = 0
329 				},
330 			}, }
331 		}, }
332 	},
333 	{	/* AES CBC */
334 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
335 		{.sym = {
336 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
337 			{.cipher = {
338 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
339 				.block_size = 16,
340 				.key_size = {
341 					.min = 16,
342 					.max = 32,
343 					.increment = 8
344 				},
345 				.iv_size = {
346 					.min = 16,
347 					.max = 16,
348 					.increment = 0
349 				}
350 			}, }
351 		}, }
352 	},
353 	{	/* AES CTR */
354 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
355 		{.sym = {
356 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
357 			{.cipher = {
358 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
359 				.block_size = 16,
360 				.key_size = {
361 					.min = 16,
362 					.max = 32,
363 					.increment = 8
364 				},
365 				.iv_size = {
366 					.min = 16,
367 					.max = 16,
368 					.increment = 0
369 				}
370 			}, }
371 		}, }
372 	},
373 	{	/* 3DES CBC */
374 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
375 		{.sym = {
376 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
377 			{.cipher = {
378 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
379 				.block_size = 8,
380 				.key_size = {
381 					.min = 16,
382 					.max = 24,
383 					.increment = 8
384 				},
385 				.iv_size = {
386 					.min = 8,
387 					.max = 8,
388 					.increment = 0
389 				}
390 			}, }
391 		}, }
392 	},
393 
394 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
395 };
396 
397 static const struct rte_security_capability dpaa_sec_security_cap[] = {
398 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
399 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
400 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
401 		.ipsec = {
402 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
403 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
404 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
405 			.options = { 0 }
406 		},
407 		.crypto_capabilities = dpaa_sec_capabilities
408 	},
409 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
410 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
411 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
412 		.ipsec = {
413 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
414 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
415 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
416 			.options = { 0 }
417 		},
418 		.crypto_capabilities = dpaa_sec_capabilities
419 	},
420 	{
421 		.action = RTE_SECURITY_ACTION_TYPE_NONE
422 	}
423 };
424 
425 /**
426  * Checksum
427  *
428  * @param buffer calculate chksum for buffer
429  * @param len    buffer length
430  *
431  * @return checksum value in host cpu order
432  */
433 static inline uint16_t
434 calc_chksum(void *buffer, int len)
435 {
436 	uint16_t *buf = (uint16_t *)buffer;
437 	uint32_t sum = 0;
438 	uint16_t result;
439 
440 	for (sum = 0; len > 1; len -= 2)
441 		sum += *buf++;
442 
443 	if (len == 1)
444 		sum += *(unsigned char *)buf;
445 
446 	sum = (sum >> 16) + (sum & 0xFFFF);
447 	sum += (sum >> 16);
448 	result = ~sum;
449 
450 	return  result;
451 }
452 
453 #endif /* _DPAA_SEC_H_ */
454