1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020 NXP
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIB_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
19 #define MAX_DESC_SIZE 64
20 /** private data structure for each DPAA2_SEC device */
21 struct dpaa2_sec_dev_private {
22 void *mc_portal; /**< MC Portal for configuring this device */
23 void *hw; /**< Hardware handle for this device.Used by NADK framework */
24 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
25 int32_t hw_id; /**< An unique ID of this device instance */
26 int32_t vfio_fd; /**< File descriptor received via VFIO */
27 uint16_t token; /**< Token required by DPxxx objects */
28 unsigned int max_nb_queue_pairs;
29 /**< Max number of queue pairs supported by device */
33 struct dpaa2_queue rx_vq;
34 struct dpaa2_queue tx_vq;
46 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
48 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
49 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
50 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
51 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
53 /* SEC Flow Context Descriptor */
54 struct sec_flow_context {
56 uint16_t word0_sdid; /* 11-0 SDID */
57 uint16_t word0_res; /* 31-12 reserved */
60 uint8_t word1_sdl; /* 5-0 SDL */
63 uint8_t word1_bits_15_8; /* 11-8 CRID */
67 uint8_t word1_bits23_16; /* 16 EWS */
72 uint8_t word1_bits31_24; /* 24 RSC */
76 /* word 2 RFLC[31-0] */
77 uint32_t word2_rflc_31_0;
79 /* word 3 RFLC[63-32] */
80 uint32_t word3_rflc_63_32;
83 uint16_t word4_iicid; /* 15-0 IICID */
84 uint16_t word4_oicid; /* 31-16 OICID */
87 uint32_t word5_ofqid:24; /* 23-0 OFQID */
88 uint32_t word5_31_24:8;
95 uint32_t word6_oflc_31_0;
98 uint32_t word7_oflc_63_32;
100 /* Word 8-15 storage profiles */
101 uint16_t dl; /**< DataLength(correction) */
102 uint16_t reserved; /**< reserved */
103 uint16_t dhr; /**< DataHeadRoom(correction) */
104 uint16_t mode_bits; /**< mode bits */
105 uint16_t bpv0; /**< buffer pool0 valid */
106 uint16_t bpid0; /**< Bypass Memory Translation */
107 uint16_t bpv1; /**< buffer pool1 valid */
108 uint16_t bpid1; /**< Bypass Memory Translation */
109 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
112 struct sec_flc_desc {
113 struct sec_flow_context flc;
114 uint32_t desc[MAX_DESC_SIZE];
118 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
119 struct sec_flc_desc flc_desc[0];
122 enum dpaa2_sec_op_type {
123 DPAA2_SEC_NONE, /*!< No Cipher operations*/
124 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
125 DPAA2_SEC_AUTH, /*!< Authentication Operations */
126 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
127 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
130 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
133 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
134 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
135 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
139 struct dpaa2_sec_aead_ctxt {
140 uint16_t auth_only_len; /*!< Length of data for Auth only */
141 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
144 #ifdef RTE_LIB_SECURITY
146 * The structure is to be filled by user for PDCP Protocol
148 struct dpaa2_pdcp_ctxt {
149 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
150 int8_t bearer; /*!< PDCP bearer ID */
151 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
152 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
153 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
154 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
155 * per packet hfn is stored
157 uint32_t hfn; /*!< Hyper Frame Number */
158 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
161 typedef struct dpaa2_sec_session_entry {
164 uint8_t dir; /*!< Operation Direction */
165 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
166 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
167 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
170 uint8_t *data; /**< pointer to key data */
171 size_t length; /**< key length in bytes */
175 uint8_t *data; /**< pointer to key data */
176 size_t length; /**< key length in bytes */
179 uint8_t *data; /**< pointer to key data */
180 size_t length; /**< key length in bytes */
187 uint16_t length; /**< IV length in bytes */
188 uint16_t offset; /**< IV offset in bytes */
190 uint16_t digest_length;
193 struct dpaa2_sec_aead_ctxt aead_ctxt;
196 #ifdef RTE_LIB_SECURITY
197 struct dpaa2_pdcp_ctxt pdcp;
202 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
203 /* Symmetric capabilities */
205 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
207 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
209 .algo = RTE_CRYPTO_AUTH_NULL,
226 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
228 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
230 .algo = RTE_CRYPTO_AUTH_MD5,
247 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
249 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
251 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
268 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
270 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
272 .algo = RTE_CRYPTO_AUTH_SHA1,
289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
291 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
293 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
310 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
312 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
314 .algo = RTE_CRYPTO_AUTH_SHA224,
331 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
333 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
335 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
352 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
354 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
356 .algo = RTE_CRYPTO_AUTH_SHA256,
373 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
375 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
377 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
396 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
398 .algo = RTE_CRYPTO_AUTH_SHA384,
415 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
417 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
419 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
436 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
438 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
440 .algo = RTE_CRYPTO_AUTH_SHA512,
457 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
459 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
461 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
478 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
480 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
482 .algo = RTE_CRYPTO_AEAD_AES_GCM,
507 { /* NULL (CIPHER) */
508 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
510 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
512 .algo = RTE_CRYPTO_CIPHER_NULL,
528 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
530 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
532 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
548 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
550 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
552 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
568 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
570 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
572 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
588 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
590 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
592 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
607 { /* SNOW 3G (UIA2) */
608 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
610 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
612 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
632 { /* SNOW 3G (UEA2) */
633 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
635 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
637 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
653 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
655 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
657 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
673 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
675 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
677 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
697 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
700 #ifdef RTE_LIB_SECURITY
702 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
703 { /* SNOW 3G (UIA2) */
704 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
706 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
708 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
728 { /* SNOW 3G (UEA2) */
729 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
731 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
733 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
749 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
751 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
753 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
769 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
771 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
773 .algo = RTE_CRYPTO_AUTH_NULL,
789 { /* NULL (CIPHER) */
790 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
792 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
794 .algo = RTE_CRYPTO_CIPHER_NULL,
810 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
812 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
814 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
830 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
832 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
834 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
855 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
858 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
859 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
860 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
861 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
863 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
864 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
865 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
867 .replay_win_sz_max = 128
869 .crypto_capabilities = dpaa2_sec_capabilities
871 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
872 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
873 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
875 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
876 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
877 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
879 .replay_win_sz_max = 128
881 .crypto_capabilities = dpaa2_sec_capabilities
883 { /* PDCP Lookaside Protocol offload Data */
884 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
885 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
887 .domain = RTE_SECURITY_PDCP_MODE_DATA,
890 .crypto_capabilities = dpaa2_pdcp_capabilities
892 { /* PDCP Lookaside Protocol offload Control */
893 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
894 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
896 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
899 .crypto_capabilities = dpaa2_pdcp_capabilities
902 .action = RTE_SECURITY_ACTION_TYPE_NONE
909 * @param buffer calculate chksum for buffer
910 * @param len buffer length
912 * @return checksum value in host cpu order
914 static inline uint16_t
915 calc_chksum(void *buffer, int len)
917 uint16_t *buf = (uint16_t *)buffer;
921 for (sum = 0; len > 1; len -= 2)
925 sum += *(unsigned char *)buf;
927 sum = (sum >> 16) + (sum & 0xFFFF);
934 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */