xref: /dpdk/drivers/crypto/dpaa_sec/dpaa_sec.h (revision c9902a15bd005b6d4fe072cf7b60fe4ee679155f)
1 /* SPDX-License-Identifier: BSD-3-Clause
2  *
3  *   Copyright 2016-2021 NXP
4  *
5  */
6 
7 #ifndef _DPAA_SEC_H_
8 #define _DPAA_SEC_H_
9 
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD	crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
12 
13 #define MAX_DPAA_CORES		4
14 #define NUM_POOL_CHANNELS	4
15 #define DPAA_SEC_BURST		7
16 #define DPAA_SEC_ALG_UNSUPPORT	(-1)
17 #define TDES_CBC_IV_LEN		8
18 #define AES_CBC_IV_LEN		16
19 #define AES_CTR_IV_LEN		16
20 #define AES_GCM_IV_LEN		12
21 
22 #define DPAA_IPv6_DEFAULT_VTC_FLOW	0x60000000
23 
24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
25  * a pointer to the shared descriptor.
26  */
27 #define MIN_JOB_DESC_SIZE	(CAAM_CMD_SZ + CAAM_PTR_SZ)
28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
29 #define CTX_POOL_NUM_BUFS	32000
30 #define CTX_POOL_BUF_SIZE	sizeof(struct dpaa_sec_op_ctx)
31 #define CTX_POOL_CACHE_SIZE	512
32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
33 
34 #define DIR_ENC                 1
35 #define DIR_DEC                 0
36 
37 enum dpaa_sec_op_type {
38 	DPAA_SEC_NONE,  /*!< No Cipher operations*/
39 	DPAA_SEC_CIPHER,/*!< CIPHER operations */
40 	DPAA_SEC_AUTH,  /*!< Authentication Operations */
41 	DPAA_SEC_AEAD,  /*!< AEAD (AES-GCM/CCM) type operations */
42 	DPAA_SEC_CIPHER_HASH,  /*!< Authenticated Encryption with
43 				* associated data
44 				*/
45 	DPAA_SEC_HASH_CIPHER,  /*!< Encryption with Authenticated
46 				* associated data
47 				*/
48 	DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
49 	DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
50 	DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
51 	DPAA_SEC_MAX
52 };
53 
54 #define DPAA_SEC_MAX_DESC_SIZE  64
55 /* code or cmd block to caam */
56 struct sec_cdb {
57 	struct {
58 		union {
59 			uint32_t word;
60 			struct {
61 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
62 				uint16_t rsvd63_48;
63 				unsigned int rsvd47_39:9;
64 				unsigned int idlen:7;
65 #else
66 				unsigned int idlen:7;
67 				unsigned int rsvd47_39:9;
68 				uint16_t rsvd63_48;
69 #endif
70 			} field;
71 		} __packed hi;
72 
73 		union {
74 			uint32_t word;
75 			struct {
76 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
77 				unsigned int rsvd31_30:2;
78 				unsigned int fsgt:1;
79 				unsigned int lng:1;
80 				unsigned int offset:2;
81 				unsigned int abs:1;
82 				unsigned int add_buf:1;
83 				uint8_t pool_id;
84 				uint16_t pool_buffer_size;
85 #else
86 				uint16_t pool_buffer_size;
87 				uint8_t pool_id;
88 				unsigned int add_buf:1;
89 				unsigned int abs:1;
90 				unsigned int offset:2;
91 				unsigned int lng:1;
92 				unsigned int fsgt:1;
93 				unsigned int rsvd31_30:2;
94 #endif
95 			} field;
96 		} __packed lo;
97 	} __packed sh_hdr;
98 
99 	uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
100 };
101 #ifdef RTE_LIB_SECURITY
102 /*!
103  * The structure is to be filled by user as a part of
104  * dpaa_sec_proto_ctxt for PDCP Protocol
105  */
106 struct sec_pdcp_ctxt {
107 	enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
108 	int8_t bearer;	/*!< PDCP bearer ID */
109 	int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
110 	int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
111 	uint8_t sn_size;	/*!< Sequence number size, 5/7/12/15/18 */
112 	uint8_t sdap_enabled;	/*!< SDAP header is enabled */
113 	uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
114 				 * per packet hfn is stored
115 				 */
116 	uint32_t hfn;	/*!< Hyper Frame Number */
117 	uint32_t hfn_threshold;	/*!< HFN Threashold for key renegotiation */
118 };
119 #endif
120 typedef struct dpaa_sec_session_entry {
121 	struct sec_cdb cdb;	/**< cmd block associated with qp */
122 	struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
123 	struct qman_fq *inq[MAX_DPAA_CORES];
124 	uint8_t dir;         /*!< Operation Direction */
125 	uint8_t ctxt;	/*!< Session Context Type */
126 	enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
127 	enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
128 	enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
129 #ifdef RTE_LIB_SECURITY
130 	enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
131 #endif
132 	union {
133 		struct {
134 			uint8_t *data;	/**< pointer to key data */
135 			size_t length;	/**< key length in bytes */
136 			uint32_t alg;
137 			uint32_t algmode;
138 		} aead_key;
139 		struct {
140 			struct {
141 				uint8_t *data;	/**< pointer to key data */
142 				size_t length;	/**< key length in bytes */
143 				uint32_t alg;
144 				uint32_t algmode;
145 			} cipher_key;
146 			struct {
147 				uint8_t *data;	/**< pointer to key data */
148 				size_t length;	/**< key length in bytes */
149 				uint32_t alg;
150 				uint32_t algmode;
151 			} auth_key;
152 		};
153 	};
154 	union {
155 		struct {
156 			struct {
157 				uint16_t length;
158 				uint16_t offset;
159 			} iv;	/**< Initialisation vector parameters */
160 			uint16_t auth_only_len;
161 					/*!< Length of data for Auth only */
162 			uint32_t digest_length;
163 			struct ipsec_decap_pdb decap_pdb;
164 			struct ipsec_encap_pdb encap_pdb;
165 			union {
166 				struct ip ip4_hdr;
167 				struct rte_ipv6_hdr ip6_hdr;
168 			};
169 			uint8_t auth_cipher_text;
170 				/**< Authenticate/cipher ordering */
171 		};
172 #ifdef RTE_LIB_SECURITY
173 		struct sec_pdcp_ctxt pdcp;
174 #endif
175 	};
176 } dpaa_sec_session;
177 
178 struct dpaa_sec_qp {
179 	struct dpaa_sec_dev_private *internals;
180 	struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
181 	struct qman_fq outq;
182 	int rx_pkts;
183 	int rx_errs;
184 	int tx_pkts;
185 	int tx_errs;
186 };
187 
188 #define RTE_DPAA_MAX_NB_SEC_QPS 2
189 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
190 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
191 
192 /* internal sec queue interface */
193 struct dpaa_sec_dev_private {
194 	void *sec_hw;
195 	struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
196 	struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
197 	unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
198 	unsigned int max_nb_queue_pairs;
199 	unsigned int max_nb_sessions;
200 	rte_spinlock_t lock;
201 };
202 
203 #define MAX_SG_ENTRIES		16
204 #define MAX_JOB_SG_ENTRIES	36
205 
206 struct dpaa_sec_job {
207 	/* sg[0] output, sg[1] input, others are possible sub frames */
208 	struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
209 };
210 
211 #define DPAA_MAX_NB_MAX_DIGEST	32
212 struct dpaa_sec_op_ctx {
213 	struct dpaa_sec_job job;
214 	struct rte_crypto_op *op;
215 	struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
216 	uint32_t fd_status;
217 	int64_t vtop_offset;
218 	uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
219 };
220 
221 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
222 	{	/* NULL (AUTH) */
223 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
224 		{.sym = {
225 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
226 			{.auth = {
227 				.algo = RTE_CRYPTO_AUTH_NULL,
228 				.block_size = 1,
229 				.key_size = {
230 					.min = 0,
231 					.max = 0,
232 					.increment = 0
233 				},
234 				.digest_size = {
235 					.min = 0,
236 					.max = 0,
237 					.increment = 0
238 				},
239 				.iv_size = { 0 }
240 			}, },
241 		}, },
242 	},
243 	{       /* MD5 */
244 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
245 		{.sym = {
246 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
247 			{.auth = {
248 				.algo = RTE_CRYPTO_AUTH_MD5,
249 				.block_size = 64,
250 				.key_size = {
251 					.min = 0,
252 					.max = 0,
253 					.increment = 0
254 				},
255 				.digest_size = {
256 					.min = 16,
257 					.max = 16,
258 					.increment = 0
259 				},
260 				.iv_size = { 0 }
261 			}, }
262 		}, }
263 	},
264 	{	/* MD5 HMAC */
265 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
266 		{.sym = {
267 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
268 			{.auth = {
269 				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
270 				.block_size = 64,
271 				.key_size = {
272 					.min = 1,
273 					.max = 64,
274 					.increment = 1
275 				},
276 				.digest_size = {
277 					.min = 1,
278 					.max = 16,
279 					.increment = 1
280 				},
281 				.iv_size = { 0 }
282 			}, }
283 		}, }
284 	},
285 	{	/* SHA1 */
286 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
287 		{.sym = {
288 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
289 			{.auth = {
290 				.algo = RTE_CRYPTO_AUTH_SHA1,
291 				.block_size = 64,
292 				.key_size = {
293 					.min = 0,
294 					.max = 0,
295 					.increment = 0
296 				},
297 				.digest_size = {
298 					.min = 20,
299 					.max = 20,
300 					.increment = 0
301 				},
302 				.iv_size = { 0 }
303 			}, }
304 		}, }
305 	},
306 	{	/* SHA1 HMAC */
307 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
308 		{.sym = {
309 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
310 			{.auth = {
311 				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
312 				.block_size = 64,
313 				.key_size = {
314 					.min = 1,
315 					.max = 64,
316 					.increment = 1
317 				},
318 				.digest_size = {
319 					.min = 1,
320 					.max = 20,
321 					.increment = 1
322 				},
323 				.iv_size = { 0 }
324 			}, }
325 		}, }
326 	},
327 	{	/* SHA224 */
328 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
329 		{.sym = {
330 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
331 			{.auth = {
332 				.algo = RTE_CRYPTO_AUTH_SHA224,
333 				.block_size = 64,
334 					.key_size = {
335 					.min = 0,
336 					.max = 0,
337 					.increment = 0
338 				},
339 				.digest_size = {
340 					.min = 28,
341 					.max = 28,
342 					.increment = 0
343 				},
344 				.iv_size = { 0 }
345 			}, }
346 		}, }
347 	},
348 	{	/* SHA224 HMAC */
349 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
350 		{.sym = {
351 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
352 			{.auth = {
353 				.algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
354 				.block_size = 64,
355 				.key_size = {
356 					.min = 1,
357 					.max = 64,
358 					.increment = 1
359 				},
360 				.digest_size = {
361 					.min = 1,
362 					.max = 28,
363 					.increment = 1
364 				},
365 				.iv_size = { 0 }
366 			}, }
367 		}, }
368 	},
369 	{	/* SHA256 */
370 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
371 		{.sym = {
372 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
373 			{.auth = {
374 				.algo = RTE_CRYPTO_AUTH_SHA256,
375 				.block_size = 64,
376 				.key_size = {
377 					.min = 0,
378 					.max = 0,
379 					.increment = 0
380 				},
381 				.digest_size = {
382 					.min = 32,
383 					.max = 32,
384 					.increment = 0
385 				},
386 				.iv_size = { 0 }
387 			}, }
388 		}, }
389 	},
390 	{	/* SHA256 HMAC */
391 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
392 		{.sym = {
393 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
394 			{.auth = {
395 				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
396 				.block_size = 64,
397 				.key_size = {
398 					.min = 1,
399 					.max = 64,
400 					.increment = 1
401 				},
402 				.digest_size = {
403 					.min = 1,
404 					.max = 32,
405 					.increment = 1
406 				},
407 				.iv_size = { 0 }
408 			}, }
409 		}, }
410 	},
411 	{	/* SHA384 */
412 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
413 		{.sym = {
414 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
415 			{.auth = {
416 				.algo = RTE_CRYPTO_AUTH_SHA384,
417 				.block_size = 64,
418 				.key_size = {
419 					.min = 0,
420 					.max = 0,
421 					.increment = 0
422 				},
423 				.digest_size = {
424 					.min = 48,
425 					.max = 48,
426 					.increment = 0
427 					},
428 				.iv_size = { 0 }
429 			}, }
430 		}, }
431 	},
432 	{	/* SHA384 HMAC */
433 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
434 		{.sym = {
435 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
436 			{.auth = {
437 				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
438 				.block_size = 128,
439 				.key_size = {
440 					.min = 1,
441 					.max = 128,
442 					.increment = 1
443 				},
444 				.digest_size = {
445 					.min = 1,
446 					.max = 48,
447 					.increment = 1
448 				},
449 				.iv_size = { 0 }
450 			}, }
451 		}, }
452 	},
453 	{	/* SHA512 */
454 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
455 		{.sym = {
456 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
457 			{.auth = {
458 				.algo = RTE_CRYPTO_AUTH_SHA512,
459 				.block_size = 128,
460 				.key_size = {
461 					.min = 0,
462 					.max = 0,
463 					.increment = 0
464 				},
465 				.digest_size = {
466 					.min = 64,
467 					.max = 64,
468 					.increment = 0
469 				},
470 				.iv_size = { 0 }
471 			}, }
472 		}, }
473 	},
474 	{	/* SHA512 HMAC */
475 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
476 		{.sym = {
477 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
478 			{.auth = {
479 				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
480 				.block_size = 128,
481 				.key_size = {
482 					.min = 1,
483 					.max = 128,
484 					.increment = 1
485 				},
486 				.digest_size = {
487 					.min = 1,
488 					.max = 64,
489 					.increment = 1
490 				},
491 				.iv_size = { 0 }
492 			}, }
493 		}, }
494 	},
495 	{	/* AES GCM */
496 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
497 		{.sym = {
498 			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
499 			{.aead = {
500 				.algo = RTE_CRYPTO_AEAD_AES_GCM,
501 				.block_size = 16,
502 				.key_size = {
503 					.min = 16,
504 					.max = 32,
505 					.increment = 8
506 				},
507 				.digest_size = {
508 					.min = 8,
509 					.max = 16,
510 					.increment = 4
511 				},
512 				.aad_size = {
513 					.min = 0,
514 					.max = 240,
515 					.increment = 1
516 				},
517 				.iv_size = {
518 					.min = 12,
519 					.max = 12,
520 					.increment = 0
521 				},
522 			}, }
523 		}, }
524 	},
525 	{	/* NULL (CIPHER) */
526 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
527 		{.sym = {
528 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
529 			{.cipher = {
530 				.algo = RTE_CRYPTO_CIPHER_NULL,
531 				.block_size = 1,
532 				.key_size = {
533 					.min = 0,
534 					.max = 0,
535 					.increment = 0
536 				},
537 				.iv_size = {
538 					.min = 0,
539 					.max = 0,
540 					.increment = 0
541 				}
542 			}, },
543 		}, }
544 	},
545 	{	/* AES CBC */
546 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
547 		{.sym = {
548 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
549 			{.cipher = {
550 				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
551 				.block_size = 16,
552 				.key_size = {
553 					.min = 16,
554 					.max = 32,
555 					.increment = 8
556 				},
557 				.iv_size = {
558 					.min = 16,
559 					.max = 16,
560 					.increment = 0
561 				}
562 			}, }
563 		}, }
564 	},
565 	{	/* AES CTR */
566 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
567 		{.sym = {
568 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
569 			{.cipher = {
570 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
571 				.block_size = 16,
572 				.key_size = {
573 					.min = 16,
574 					.max = 32,
575 					.increment = 8
576 				},
577 				.iv_size = {
578 					.min = 16,
579 					.max = 16,
580 					.increment = 0
581 				},
582 			}, }
583 		}, }
584 	},
585 	{       /* DES CBC */
586 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
587 		{.sym = {
588 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
589 			{.cipher = {
590 				.algo = RTE_CRYPTO_CIPHER_DES_CBC,
591 				.block_size = 8,
592 				.key_size = {
593 					.min = 8,
594 					.max = 8,
595 					.increment = 0
596 				},
597 				.iv_size = {
598 					.min = 8,
599 					.max = 8,
600 					.increment = 0
601 				}
602 			}, }
603 		}, }
604 	},
605 	{	/* 3DES CBC */
606 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
607 		{.sym = {
608 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
609 			{.cipher = {
610 				.algo = RTE_CRYPTO_CIPHER_3DES_CBC,
611 				.block_size = 8,
612 				.key_size = {
613 					.min = 16,
614 					.max = 24,
615 					.increment = 8
616 				},
617 				.iv_size = {
618 					.min = 8,
619 					.max = 8,
620 					.increment = 0
621 				}
622 			}, }
623 		}, }
624 	},
625 	{	/* SNOW 3G (UIA2) */
626 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
627 		{.sym = {
628 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
629 			{.auth = {
630 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
631 				.block_size = 16,
632 				.key_size = {
633 					.min = 16,
634 					.max = 16,
635 					.increment = 0
636 				},
637 				.digest_size = {
638 					.min = 4,
639 					.max = 4,
640 					.increment = 0
641 				},
642 				.iv_size = {
643 					.min = 16,
644 					.max = 16,
645 					.increment = 0
646 				}
647 			}, }
648 		}, }
649 	},
650 	{	/* SNOW 3G (UEA2) */
651 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
652 		{.sym = {
653 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
654 			{.cipher = {
655 				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
656 				.block_size = 16,
657 				.key_size = {
658 					.min = 16,
659 					.max = 16,
660 					.increment = 0
661 				},
662 				.iv_size = {
663 					.min = 16,
664 					.max = 16,
665 					.increment = 0
666 				}
667 			}, }
668 		}, }
669 	},
670 	{	/* ZUC (EEA3) */
671 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
672 		{.sym = {
673 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
674 			{.cipher = {
675 				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
676 				.block_size = 16,
677 				.key_size = {
678 					.min = 16,
679 					.max = 16,
680 					.increment = 0
681 				},
682 				.iv_size = {
683 					.min = 16,
684 					.max = 16,
685 					.increment = 0
686 				}
687 			}, }
688 		}, }
689 	},
690 	{	/* ZUC (EIA3) */
691 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
692 		{.sym = {
693 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
694 			{.auth = {
695 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
696 				.block_size = 16,
697 				.key_size = {
698 					.min = 16,
699 					.max = 16,
700 					.increment = 0
701 				},
702 				.digest_size = {
703 					.min = 4,
704 					.max = 4,
705 					.increment = 0
706 				},
707 				.iv_size = {
708 					.min = 16,
709 					.max = 16,
710 					.increment = 0
711 				}
712 			}, }
713 		}, }
714 	},
715 	{       /* AES CMAC */
716 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
717 		{.sym = {
718 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
719 			{.auth = {
720 				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
721 				.block_size = 16,
722 				.key_size = {
723 					.min = 1,
724 					.max = 16,
725 					.increment = 1
726 				},
727 				.digest_size = {
728 					.min = 12,
729 					.max = 16,
730 					.increment = 4
731 				},
732 				.iv_size = { 0 }
733 			}, }
734 		}, }
735 	},
736 	{       /* AES XCBC HMAC */
737 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
738 		{.sym = {
739 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
740 			{.auth = {
741 				.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
742 				.block_size = 16,
743 				.key_size = {
744 					.min = 1,
745 					.max = 16,
746 					.increment = 1
747 				},
748 				.digest_size = {
749 					.min = 12,
750 					.max = 16,
751 					.increment = 4
752 				},
753 				.aad_size = { 0 },
754 				.iv_size = { 0 }
755 			}, }
756 		}, }
757 	},
758 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
759 };
760 
761 #ifdef RTE_LIB_SECURITY
762 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
763 	{	/* SNOW 3G (UIA2) */
764 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
765 		{.sym = {
766 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
767 			{.auth = {
768 				.algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
769 				.block_size = 16,
770 				.key_size = {
771 					.min = 16,
772 					.max = 16,
773 					.increment = 0
774 				},
775 				.digest_size = {
776 					.min = 4,
777 					.max = 4,
778 					.increment = 0
779 				},
780 				.iv_size = {
781 					.min = 16,
782 					.max = 16,
783 					.increment = 0
784 				}
785 			}, }
786 		}, }
787 	},
788 	{	/* SNOW 3G (UEA2) */
789 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
790 		{.sym = {
791 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
792 			{.cipher = {
793 				.algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
794 				.block_size = 16,
795 				.key_size = {
796 					.min = 16,
797 					.max = 16,
798 					.increment = 0
799 				},
800 				.iv_size = {
801 					.min = 16,
802 					.max = 16,
803 					.increment = 0
804 				}
805 			}, }
806 		}, }
807 	},
808 	{	/* AES CTR */
809 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
810 		{.sym = {
811 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
812 			{.cipher = {
813 				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
814 				.block_size = 16,
815 				.key_size = {
816 					.min = 16,
817 					.max = 32,
818 					.increment = 8
819 				},
820 				.iv_size = {
821 					.min = 16,
822 					.max = 16,
823 					.increment = 0
824 				}
825 			}, }
826 		}, }
827 	},
828 	{	/* NULL (AUTH) */
829 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
830 		{.sym = {
831 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
832 			{.auth = {
833 				.algo = RTE_CRYPTO_AUTH_NULL,
834 				.block_size = 1,
835 				.key_size = {
836 					.min = 0,
837 					.max = 0,
838 					.increment = 0
839 				},
840 				.digest_size = {
841 					.min = 0,
842 					.max = 0,
843 					.increment = 0
844 				},
845 				.iv_size = { 0 }
846 			}, },
847 		}, },
848 	},
849 	{	/* NULL (CIPHER) */
850 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
851 		{.sym = {
852 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
853 			{.cipher = {
854 				.algo = RTE_CRYPTO_CIPHER_NULL,
855 				.block_size = 1,
856 				.key_size = {
857 					.min = 0,
858 					.max = 0,
859 					.increment = 0
860 				},
861 				.iv_size = {
862 					.min = 0,
863 					.max = 0,
864 					.increment = 0
865 				}
866 			}, },
867 		}, }
868 	},
869 	{	/* ZUC (EEA3) */
870 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
871 		{.sym = {
872 			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
873 			{.cipher = {
874 				.algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
875 				.block_size = 16,
876 				.key_size = {
877 					.min = 16,
878 					.max = 16,
879 					.increment = 0
880 				},
881 				.iv_size = {
882 					.min = 16,
883 					.max = 16,
884 					.increment = 0
885 				}
886 			}, }
887 		}, }
888 	},
889 	{	/* ZUC (EIA3) */
890 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
891 		{.sym = {
892 			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
893 			{.auth = {
894 				.algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
895 				.block_size = 16,
896 				.key_size = {
897 					.min = 16,
898 					.max = 16,
899 					.increment = 0
900 				},
901 				.digest_size = {
902 					.min = 4,
903 					.max = 4,
904 					.increment = 0
905 				},
906 				.iv_size = {
907 					.min = 16,
908 					.max = 16,
909 					.increment = 0
910 				}
911 			}, }
912 		}, }
913 	},
914 
915 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
916 };
917 
918 static const struct rte_security_capability dpaa_sec_security_cap[] = {
919 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
920 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
921 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
922 		.ipsec = {
923 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
924 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
925 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
926 			.options = { 0 },
927 			.replay_win_sz_max = 128
928 		},
929 		.crypto_capabilities = dpaa_sec_capabilities
930 	},
931 	{ /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
932 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
933 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
934 		.ipsec = {
935 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
936 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
937 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
938 			.options = { 0 },
939 			.replay_win_sz_max = 128
940 		},
941 		.crypto_capabilities = dpaa_sec_capabilities
942 	},
943 	{ /* PDCP Lookaside Protocol offload Data */
944 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
945 		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
946 		.pdcp = {
947 			.domain = RTE_SECURITY_PDCP_MODE_DATA,
948 			.capa_flags = 0
949 		},
950 		.crypto_capabilities = dpaa_pdcp_capabilities
951 	},
952 	{ /* PDCP Lookaside Protocol offload Control */
953 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
954 		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
955 		.pdcp = {
956 			.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
957 			.capa_flags = 0
958 		},
959 		.crypto_capabilities = dpaa_pdcp_capabilities
960 	},
961 	{ /* PDCP Lookaside Protocol offload Short MAC */
962 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
963 		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
964 		.pdcp = {
965 			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
966 			.capa_flags = 0
967 		},
968 		.crypto_capabilities = dpaa_pdcp_capabilities
969 	},
970 	{
971 		.action = RTE_SECURITY_ACTION_TYPE_NONE
972 	}
973 };
974 #endif
975 
976 /**
977  * Checksum
978  *
979  * @param buffer calculate chksum for buffer
980  * @param len    buffer length
981  *
982  * @return checksum value in host cpu order
983  */
984 static inline uint16_t
985 calc_chksum(void *buffer, int len)
986 {
987 	uint16_t *buf = (uint16_t *)buffer;
988 	uint32_t sum = 0;
989 	uint16_t result;
990 
991 	for (sum = 0; len > 1; len -= 2)
992 		sum += *buf++;
993 
994 	if (len == 1)
995 		sum += *(unsigned char *)buf;
996 
997 	sum = (sum >> 16) + (sum & 0xFFFF);
998 	sum += (sum >> 16);
999 	result = ~sum;
1000 
1001 	return  result;
1002 }
1003 
1004 #endif /* _DPAA_SEC_H_ */
1005