1 /* SPDX-License-Identifier: BSD-3-Clause 2 * 3 * Copyright 2016-2021 NXP 4 * 5 */ 6 7 #ifndef _DPAA_SEC_H_ 8 #define _DPAA_SEC_H_ 9 10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec 11 /**< NXP DPAA - SEC PMD device name */ 12 13 #define MAX_DPAA_CORES 4 14 #define NUM_POOL_CHANNELS 4 15 #define DPAA_SEC_BURST 7 16 #define DPAA_SEC_ALG_UNSUPPORT (-1) 17 #define TDES_CBC_IV_LEN 8 18 #define AES_CBC_IV_LEN 16 19 #define AES_CTR_IV_LEN 16 20 #define AES_GCM_IV_LEN 12 21 22 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000 23 24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and 25 * a pointer to the shared descriptor. 26 */ 27 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ) 28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */ 29 #define CTX_POOL_NUM_BUFS 32000 30 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx) 31 #define CTX_POOL_CACHE_SIZE 512 32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024 33 34 #define DIR_ENC 1 35 #define DIR_DEC 0 36 37 enum dpaa_sec_op_type { 38 DPAA_SEC_NONE, /*!< No Cipher operations*/ 39 DPAA_SEC_CIPHER,/*!< CIPHER operations */ 40 DPAA_SEC_AUTH, /*!< Authentication Operations */ 41 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */ 42 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with 43 * associated data 44 */ 45 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated 46 * associated data 47 */ 48 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/ 49 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/ 50 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */ 51 DPAA_SEC_MAX 52 }; 53 54 #define DPAA_SEC_MAX_DESC_SIZE 64 55 /* code or cmd block to caam */ 56 struct sec_cdb { 57 struct { 58 union { 59 uint32_t word; 60 struct { 61 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 62 uint16_t rsvd63_48; 63 unsigned int rsvd47_39:9; 64 unsigned int idlen:7; 65 #else 66 unsigned int idlen:7; 67 unsigned int rsvd47_39:9; 68 uint16_t rsvd63_48; 69 #endif 70 } field; 71 } __packed hi; 72 73 union { 74 uint32_t word; 75 struct { 76 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN 77 unsigned int rsvd31_30:2; 78 unsigned int fsgt:1; 79 unsigned int lng:1; 80 unsigned int offset:2; 81 unsigned int abs:1; 82 unsigned int add_buf:1; 83 uint8_t pool_id; 84 uint16_t pool_buffer_size; 85 #else 86 uint16_t pool_buffer_size; 87 uint8_t pool_id; 88 unsigned int add_buf:1; 89 unsigned int abs:1; 90 unsigned int offset:2; 91 unsigned int lng:1; 92 unsigned int fsgt:1; 93 unsigned int rsvd31_30:2; 94 #endif 95 } field; 96 } __packed lo; 97 } __packed sh_hdr; 98 99 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE]; 100 }; 101 #ifdef RTE_LIB_SECURITY 102 /*! 103 * The structure is to be filled by user as a part of 104 * dpaa_sec_proto_ctxt for PDCP Protocol 105 */ 106 struct sec_pdcp_ctxt { 107 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/ 108 int8_t bearer; /*!< PDCP bearer ID */ 109 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/ 110 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/ 111 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */ 112 uint8_t sdap_enabled; /*!< SDAP header is enabled */ 113 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which 114 * per packet hfn is stored 115 */ 116 uint32_t hfn; /*!< Hyper Frame Number */ 117 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */ 118 }; 119 #endif 120 typedef struct dpaa_sec_session_entry { 121 struct sec_cdb cdb; /**< cmd block associated with qp */ 122 struct dpaa_sec_qp *qp[MAX_DPAA_CORES]; 123 struct qman_fq *inq[MAX_DPAA_CORES]; 124 uint8_t dir; /*!< Operation Direction */ 125 uint8_t ctxt; /*!< Session Context Type */ 126 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/ 127 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/ 128 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/ 129 #ifdef RTE_LIB_SECURITY 130 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/ 131 #endif 132 union { 133 struct { 134 uint8_t *data; /**< pointer to key data */ 135 size_t length; /**< key length in bytes */ 136 uint32_t alg; 137 uint32_t algmode; 138 } aead_key; 139 struct { 140 struct { 141 uint8_t *data; /**< pointer to key data */ 142 size_t length; /**< key length in bytes */ 143 uint32_t alg; 144 uint32_t algmode; 145 } cipher_key; 146 struct { 147 uint8_t *data; /**< pointer to key data */ 148 size_t length; /**< key length in bytes */ 149 uint32_t alg; 150 uint32_t algmode; 151 } auth_key; 152 }; 153 }; 154 union { 155 struct { 156 struct { 157 uint16_t length; 158 uint16_t offset; 159 } iv; /**< Initialisation vector parameters */ 160 uint16_t auth_only_len; 161 /*!< Length of data for Auth only */ 162 uint32_t digest_length; 163 struct ipsec_decap_pdb decap_pdb; 164 struct ipsec_encap_pdb encap_pdb; 165 union { 166 struct ip ip4_hdr; 167 struct rte_ipv6_hdr ip6_hdr; 168 }; 169 uint8_t auth_cipher_text; 170 /**< Authenticate/cipher ordering */ 171 }; 172 #ifdef RTE_LIB_SECURITY 173 struct sec_pdcp_ctxt pdcp; 174 #endif 175 }; 176 } dpaa_sec_session; 177 178 struct dpaa_sec_qp { 179 struct dpaa_sec_dev_private *internals; 180 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */ 181 struct qman_fq outq; 182 int rx_pkts; 183 int rx_errs; 184 int tx_pkts; 185 int tx_errs; 186 }; 187 188 #define RTE_DPAA_MAX_NB_SEC_QPS 2 189 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS) 190 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63 191 192 /* internal sec queue interface */ 193 struct dpaa_sec_dev_private { 194 void *sec_hw; 195 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */ 196 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE]; 197 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE]; 198 unsigned int max_nb_queue_pairs; 199 unsigned int max_nb_sessions; 200 rte_spinlock_t lock; 201 }; 202 203 #define MAX_SG_ENTRIES 16 204 #define MAX_JOB_SG_ENTRIES 36 205 206 struct dpaa_sec_job { 207 /* sg[0] output, sg[1] input, others are possible sub frames */ 208 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES]; 209 }; 210 211 #define DPAA_MAX_NB_MAX_DIGEST 32 212 struct dpaa_sec_op_ctx { 213 struct dpaa_sec_job job; 214 struct rte_crypto_op *op; 215 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */ 216 uint32_t fd_status; 217 int64_t vtop_offset; 218 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST]; 219 }; 220 221 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = { 222 { /* NULL (AUTH) */ 223 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 224 {.sym = { 225 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 226 {.auth = { 227 .algo = RTE_CRYPTO_AUTH_NULL, 228 .block_size = 1, 229 .key_size = { 230 .min = 0, 231 .max = 0, 232 .increment = 0 233 }, 234 .digest_size = { 235 .min = 0, 236 .max = 0, 237 .increment = 0 238 }, 239 .iv_size = { 0 } 240 }, }, 241 }, }, 242 }, 243 { /* MD5 */ 244 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 245 {.sym = { 246 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 247 {.auth = { 248 .algo = RTE_CRYPTO_AUTH_MD5, 249 .block_size = 64, 250 .key_size = { 251 .min = 0, 252 .max = 0, 253 .increment = 0 254 }, 255 .digest_size = { 256 .min = 16, 257 .max = 16, 258 .increment = 0 259 }, 260 .iv_size = { 0 } 261 }, } 262 }, } 263 }, 264 { /* MD5 HMAC */ 265 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 266 {.sym = { 267 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 268 {.auth = { 269 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 270 .block_size = 64, 271 .key_size = { 272 .min = 1, 273 .max = 64, 274 .increment = 1 275 }, 276 .digest_size = { 277 .min = 1, 278 .max = 16, 279 .increment = 1 280 }, 281 .iv_size = { 0 } 282 }, } 283 }, } 284 }, 285 { /* SHA1 */ 286 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 287 {.sym = { 288 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 289 {.auth = { 290 .algo = RTE_CRYPTO_AUTH_SHA1, 291 .block_size = 64, 292 .key_size = { 293 .min = 0, 294 .max = 0, 295 .increment = 0 296 }, 297 .digest_size = { 298 .min = 20, 299 .max = 20, 300 .increment = 0 301 }, 302 .iv_size = { 0 } 303 }, } 304 }, } 305 }, 306 { /* SHA1 HMAC */ 307 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 308 {.sym = { 309 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 310 {.auth = { 311 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 312 .block_size = 64, 313 .key_size = { 314 .min = 1, 315 .max = 64, 316 .increment = 1 317 }, 318 .digest_size = { 319 .min = 1, 320 .max = 20, 321 .increment = 1 322 }, 323 .iv_size = { 0 } 324 }, } 325 }, } 326 }, 327 { /* SHA224 */ 328 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 329 {.sym = { 330 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 331 {.auth = { 332 .algo = RTE_CRYPTO_AUTH_SHA224, 333 .block_size = 64, 334 .key_size = { 335 .min = 0, 336 .max = 0, 337 .increment = 0 338 }, 339 .digest_size = { 340 .min = 28, 341 .max = 28, 342 .increment = 0 343 }, 344 .iv_size = { 0 } 345 }, } 346 }, } 347 }, 348 { /* SHA224 HMAC */ 349 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 350 {.sym = { 351 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 352 {.auth = { 353 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 354 .block_size = 64, 355 .key_size = { 356 .min = 1, 357 .max = 64, 358 .increment = 1 359 }, 360 .digest_size = { 361 .min = 1, 362 .max = 28, 363 .increment = 1 364 }, 365 .iv_size = { 0 } 366 }, } 367 }, } 368 }, 369 { /* SHA256 */ 370 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 371 {.sym = { 372 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 373 {.auth = { 374 .algo = RTE_CRYPTO_AUTH_SHA256, 375 .block_size = 64, 376 .key_size = { 377 .min = 0, 378 .max = 0, 379 .increment = 0 380 }, 381 .digest_size = { 382 .min = 32, 383 .max = 32, 384 .increment = 0 385 }, 386 .iv_size = { 0 } 387 }, } 388 }, } 389 }, 390 { /* SHA256 HMAC */ 391 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 392 {.sym = { 393 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 394 {.auth = { 395 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 396 .block_size = 64, 397 .key_size = { 398 .min = 1, 399 .max = 64, 400 .increment = 1 401 }, 402 .digest_size = { 403 .min = 1, 404 .max = 32, 405 .increment = 1 406 }, 407 .iv_size = { 0 } 408 }, } 409 }, } 410 }, 411 { /* SHA384 */ 412 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 413 {.sym = { 414 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 415 {.auth = { 416 .algo = RTE_CRYPTO_AUTH_SHA384, 417 .block_size = 64, 418 .key_size = { 419 .min = 0, 420 .max = 0, 421 .increment = 0 422 }, 423 .digest_size = { 424 .min = 48, 425 .max = 48, 426 .increment = 0 427 }, 428 .iv_size = { 0 } 429 }, } 430 }, } 431 }, 432 { /* SHA384 HMAC */ 433 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 434 {.sym = { 435 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 436 {.auth = { 437 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 438 .block_size = 128, 439 .key_size = { 440 .min = 1, 441 .max = 128, 442 .increment = 1 443 }, 444 .digest_size = { 445 .min = 1, 446 .max = 48, 447 .increment = 1 448 }, 449 .iv_size = { 0 } 450 }, } 451 }, } 452 }, 453 { /* SHA512 */ 454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 455 {.sym = { 456 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 457 {.auth = { 458 .algo = RTE_CRYPTO_AUTH_SHA512, 459 .block_size = 128, 460 .key_size = { 461 .min = 0, 462 .max = 0, 463 .increment = 0 464 }, 465 .digest_size = { 466 .min = 64, 467 .max = 64, 468 .increment = 0 469 }, 470 .iv_size = { 0 } 471 }, } 472 }, } 473 }, 474 { /* SHA512 HMAC */ 475 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 476 {.sym = { 477 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 478 {.auth = { 479 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 480 .block_size = 128, 481 .key_size = { 482 .min = 1, 483 .max = 128, 484 .increment = 1 485 }, 486 .digest_size = { 487 .min = 1, 488 .max = 64, 489 .increment = 1 490 }, 491 .iv_size = { 0 } 492 }, } 493 }, } 494 }, 495 { /* AES GCM */ 496 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 497 {.sym = { 498 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 499 {.aead = { 500 .algo = RTE_CRYPTO_AEAD_AES_GCM, 501 .block_size = 16, 502 .key_size = { 503 .min = 16, 504 .max = 32, 505 .increment = 8 506 }, 507 .digest_size = { 508 .min = 8, 509 .max = 16, 510 .increment = 4 511 }, 512 .aad_size = { 513 .min = 0, 514 .max = 240, 515 .increment = 1 516 }, 517 .iv_size = { 518 .min = 12, 519 .max = 12, 520 .increment = 0 521 }, 522 }, } 523 }, } 524 }, 525 { /* NULL (CIPHER) */ 526 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 527 {.sym = { 528 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 529 {.cipher = { 530 .algo = RTE_CRYPTO_CIPHER_NULL, 531 .block_size = 1, 532 .key_size = { 533 .min = 0, 534 .max = 0, 535 .increment = 0 536 }, 537 .iv_size = { 538 .min = 0, 539 .max = 0, 540 .increment = 0 541 } 542 }, }, 543 }, } 544 }, 545 { /* AES CBC */ 546 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 547 {.sym = { 548 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 549 {.cipher = { 550 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 551 .block_size = 16, 552 .key_size = { 553 .min = 16, 554 .max = 32, 555 .increment = 8 556 }, 557 .iv_size = { 558 .min = 16, 559 .max = 16, 560 .increment = 0 561 } 562 }, } 563 }, } 564 }, 565 { /* AES CTR */ 566 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 567 {.sym = { 568 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 569 {.cipher = { 570 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 571 .block_size = 16, 572 .key_size = { 573 .min = 16, 574 .max = 32, 575 .increment = 8 576 }, 577 .iv_size = { 578 .min = 16, 579 .max = 16, 580 .increment = 0 581 }, 582 }, } 583 }, } 584 }, 585 { /* DES CBC */ 586 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 587 {.sym = { 588 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 589 {.cipher = { 590 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 591 .block_size = 8, 592 .key_size = { 593 .min = 8, 594 .max = 8, 595 .increment = 0 596 }, 597 .iv_size = { 598 .min = 8, 599 .max = 8, 600 .increment = 0 601 } 602 }, } 603 }, } 604 }, 605 { /* 3DES CBC */ 606 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 607 {.sym = { 608 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 609 {.cipher = { 610 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 611 .block_size = 8, 612 .key_size = { 613 .min = 16, 614 .max = 24, 615 .increment = 8 616 }, 617 .iv_size = { 618 .min = 8, 619 .max = 8, 620 .increment = 0 621 } 622 }, } 623 }, } 624 }, 625 { /* SNOW 3G (UIA2) */ 626 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 627 {.sym = { 628 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 629 {.auth = { 630 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 631 .block_size = 16, 632 .key_size = { 633 .min = 16, 634 .max = 16, 635 .increment = 0 636 }, 637 .digest_size = { 638 .min = 4, 639 .max = 4, 640 .increment = 0 641 }, 642 .iv_size = { 643 .min = 16, 644 .max = 16, 645 .increment = 0 646 } 647 }, } 648 }, } 649 }, 650 { /* SNOW 3G (UEA2) */ 651 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 652 {.sym = { 653 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 654 {.cipher = { 655 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 656 .block_size = 16, 657 .key_size = { 658 .min = 16, 659 .max = 16, 660 .increment = 0 661 }, 662 .iv_size = { 663 .min = 16, 664 .max = 16, 665 .increment = 0 666 } 667 }, } 668 }, } 669 }, 670 { /* ZUC (EEA3) */ 671 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 672 {.sym = { 673 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 674 {.cipher = { 675 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 676 .block_size = 16, 677 .key_size = { 678 .min = 16, 679 .max = 16, 680 .increment = 0 681 }, 682 .iv_size = { 683 .min = 16, 684 .max = 16, 685 .increment = 0 686 } 687 }, } 688 }, } 689 }, 690 { /* ZUC (EIA3) */ 691 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 692 {.sym = { 693 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 694 {.auth = { 695 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 696 .block_size = 16, 697 .key_size = { 698 .min = 16, 699 .max = 16, 700 .increment = 0 701 }, 702 .digest_size = { 703 .min = 4, 704 .max = 4, 705 .increment = 0 706 }, 707 .iv_size = { 708 .min = 16, 709 .max = 16, 710 .increment = 0 711 } 712 }, } 713 }, } 714 }, 715 { /* AES CMAC */ 716 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 717 {.sym = { 718 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 719 {.auth = { 720 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 721 .block_size = 16, 722 .key_size = { 723 .min = 1, 724 .max = 16, 725 .increment = 1 726 }, 727 .digest_size = { 728 .min = 12, 729 .max = 16, 730 .increment = 4 731 }, 732 .iv_size = { 0 } 733 }, } 734 }, } 735 }, 736 { /* AES XCBC HMAC */ 737 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 738 {.sym = { 739 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 740 {.auth = { 741 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC, 742 .block_size = 16, 743 .key_size = { 744 .min = 1, 745 .max = 16, 746 .increment = 1 747 }, 748 .digest_size = { 749 .min = 12, 750 .max = 16, 751 .increment = 4 752 }, 753 .aad_size = { 0 }, 754 .iv_size = { 0 } 755 }, } 756 }, } 757 }, 758 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 759 }; 760 761 #ifdef RTE_LIB_SECURITY 762 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = { 763 { /* SNOW 3G (UIA2) */ 764 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 765 {.sym = { 766 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 767 {.auth = { 768 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2, 769 .block_size = 16, 770 .key_size = { 771 .min = 16, 772 .max = 16, 773 .increment = 0 774 }, 775 .digest_size = { 776 .min = 4, 777 .max = 4, 778 .increment = 0 779 }, 780 .iv_size = { 781 .min = 16, 782 .max = 16, 783 .increment = 0 784 } 785 }, } 786 }, } 787 }, 788 { /* SNOW 3G (UEA2) */ 789 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 790 {.sym = { 791 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 792 {.cipher = { 793 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2, 794 .block_size = 16, 795 .key_size = { 796 .min = 16, 797 .max = 16, 798 .increment = 0 799 }, 800 .iv_size = { 801 .min = 16, 802 .max = 16, 803 .increment = 0 804 } 805 }, } 806 }, } 807 }, 808 { /* AES CTR */ 809 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 810 {.sym = { 811 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 812 {.cipher = { 813 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 814 .block_size = 16, 815 .key_size = { 816 .min = 16, 817 .max = 32, 818 .increment = 8 819 }, 820 .iv_size = { 821 .min = 16, 822 .max = 16, 823 .increment = 0 824 } 825 }, } 826 }, } 827 }, 828 { /* NULL (AUTH) */ 829 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 830 {.sym = { 831 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 832 {.auth = { 833 .algo = RTE_CRYPTO_AUTH_NULL, 834 .block_size = 1, 835 .key_size = { 836 .min = 0, 837 .max = 0, 838 .increment = 0 839 }, 840 .digest_size = { 841 .min = 0, 842 .max = 0, 843 .increment = 0 844 }, 845 .iv_size = { 0 } 846 }, }, 847 }, }, 848 }, 849 { /* NULL (CIPHER) */ 850 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 851 {.sym = { 852 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 853 {.cipher = { 854 .algo = RTE_CRYPTO_CIPHER_NULL, 855 .block_size = 1, 856 .key_size = { 857 .min = 0, 858 .max = 0, 859 .increment = 0 860 }, 861 .iv_size = { 862 .min = 0, 863 .max = 0, 864 .increment = 0 865 } 866 }, }, 867 }, } 868 }, 869 { /* ZUC (EEA3) */ 870 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 871 {.sym = { 872 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 873 {.cipher = { 874 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3, 875 .block_size = 16, 876 .key_size = { 877 .min = 16, 878 .max = 16, 879 .increment = 0 880 }, 881 .iv_size = { 882 .min = 16, 883 .max = 16, 884 .increment = 0 885 } 886 }, } 887 }, } 888 }, 889 { /* ZUC (EIA3) */ 890 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 891 {.sym = { 892 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 893 {.auth = { 894 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3, 895 .block_size = 16, 896 .key_size = { 897 .min = 16, 898 .max = 16, 899 .increment = 0 900 }, 901 .digest_size = { 902 .min = 4, 903 .max = 4, 904 .increment = 0 905 }, 906 .iv_size = { 907 .min = 16, 908 .max = 16, 909 .increment = 0 910 } 911 }, } 912 }, } 913 }, 914 915 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 916 }; 917 918 static const struct rte_security_capability dpaa_sec_security_cap[] = { 919 { /* IPsec Lookaside Protocol offload ESP Transport Egress */ 920 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 921 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 922 .ipsec = { 923 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 924 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 925 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, 926 .options = { 0 }, 927 .replay_win_sz_max = 128 928 }, 929 .crypto_capabilities = dpaa_sec_capabilities 930 }, 931 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */ 932 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 933 .protocol = RTE_SECURITY_PROTOCOL_IPSEC, 934 .ipsec = { 935 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, 936 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, 937 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, 938 .options = { 0 }, 939 .replay_win_sz_max = 128 940 }, 941 .crypto_capabilities = dpaa_sec_capabilities 942 }, 943 { /* PDCP Lookaside Protocol offload Data */ 944 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 945 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 946 .pdcp = { 947 .domain = RTE_SECURITY_PDCP_MODE_DATA, 948 .capa_flags = 0 949 }, 950 .crypto_capabilities = dpaa_pdcp_capabilities 951 }, 952 { /* PDCP Lookaside Protocol offload Control */ 953 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 954 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 955 .pdcp = { 956 .domain = RTE_SECURITY_PDCP_MODE_CONTROL, 957 .capa_flags = 0 958 }, 959 .crypto_capabilities = dpaa_pdcp_capabilities 960 }, 961 { /* PDCP Lookaside Protocol offload Short MAC */ 962 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, 963 .protocol = RTE_SECURITY_PROTOCOL_PDCP, 964 .pdcp = { 965 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, 966 .capa_flags = 0 967 }, 968 .crypto_capabilities = dpaa_pdcp_capabilities 969 }, 970 { 971 .action = RTE_SECURITY_ACTION_TYPE_NONE 972 } 973 }; 974 #endif 975 976 /** 977 * Checksum 978 * 979 * @param buffer calculate chksum for buffer 980 * @param len buffer length 981 * 982 * @return checksum value in host cpu order 983 */ 984 static inline uint16_t 985 calc_chksum(void *buffer, int len) 986 { 987 uint16_t *buf = (uint16_t *)buffer; 988 uint32_t sum = 0; 989 uint16_t result; 990 991 for (sum = 0; len > 1; len -= 2) 992 sum += *buf++; 993 994 if (len == 1) 995 sum += *(unsigned char *)buf; 996 997 sum = (sum >> 16) + (sum & 0xFFFF); 998 sum += (sum >> 16); 999 result = ~sum; 1000 1001 return result; 1002 } 1003 1004 #endif /* _DPAA_SEC_H_ */ 1005