1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020-2021 NXP
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIB_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
18 extern uint8_t cryptodev_driver_id;
20 /* FLE_POOL_NUM_BUFS is set as per the ipsec-secgw application */
21 #define FLE_POOL_NUM_BUFS 32000
22 #define FLE_POOL_BUF_SIZE 256
23 #define FLE_POOL_CACHE_SIZE 512
24 #define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
25 #define SEC_FLC_DHR_OUTBOUND -114
26 #define SEC_FLC_DHR_INBOUND 0
29 #define MAX_DESC_SIZE 64
30 /** private data structure for each DPAA2_SEC device */
31 struct dpaa2_sec_dev_private {
32 void *mc_portal; /**< MC Portal for configuring this device */
33 void *hw; /**< Hardware handle for this device.Used by NADK framework */
34 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
35 int32_t hw_id; /**< An unique ID of this device instance */
36 int32_t vfio_fd; /**< File descriptor received via VFIO */
37 uint16_t token; /**< Token required by DPxxx objects */
38 unsigned int max_nb_queue_pairs;
39 /**< Max number of queue pairs supported by device */
43 struct dpaa2_queue rx_vq;
44 struct dpaa2_queue tx_vq;
56 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
58 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
59 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
60 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
61 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
63 /* SEC Flow Context Descriptor */
64 struct sec_flow_context {
66 uint16_t word0_sdid; /* 11-0 SDID */
67 uint16_t word0_res; /* 31-12 reserved */
70 uint8_t word1_sdl; /* 5-0 SDL */
73 uint8_t word1_bits_15_8; /* 11-8 CRID */
77 uint8_t word1_bits23_16; /* 16 EWS */
82 uint8_t word1_bits31_24; /* 24 RSC */
86 /* word 2 RFLC[31-0] */
87 uint32_t word2_rflc_31_0;
89 /* word 3 RFLC[63-32] */
90 uint32_t word3_rflc_63_32;
93 uint16_t word4_iicid; /* 15-0 IICID */
94 uint16_t word4_oicid; /* 31-16 OICID */
97 uint32_t word5_ofqid:24; /* 23-0 OFQID */
98 uint32_t word5_31_24:8;
105 uint32_t word6_oflc_31_0;
108 uint32_t word7_oflc_63_32;
110 /* Word 8-15 storage profiles */
111 uint16_t dl; /**< DataLength(correction) */
112 uint16_t reserved; /**< reserved */
113 uint16_t dhr; /**< DataHeadRoom(correction) */
114 uint16_t mode_bits; /**< mode bits */
115 uint16_t bpv0; /**< buffer pool0 valid */
116 uint16_t bpid0; /**< Bypass Memory Translation */
117 uint16_t bpv1; /**< buffer pool1 valid */
118 uint16_t bpid1; /**< Bypass Memory Translation */
119 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
122 struct sec_flc_desc {
123 struct sec_flow_context flc;
124 uint32_t desc[MAX_DESC_SIZE];
128 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
129 struct sec_flc_desc flc_desc[0];
132 enum dpaa2_sec_op_type {
133 DPAA2_SEC_NONE, /*!< No Cipher operations*/
134 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
135 DPAA2_SEC_AUTH, /*!< Authentication Operations */
136 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
137 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
140 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
143 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
144 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
145 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
149 struct dpaa2_sec_aead_ctxt {
150 uint16_t auth_only_len; /*!< Length of data for Auth only */
151 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
154 #ifdef RTE_LIB_SECURITY
156 * The structure is to be filled by user for PDCP Protocol
158 struct dpaa2_pdcp_ctxt {
159 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
160 int8_t bearer; /*!< PDCP bearer ID */
161 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
162 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
163 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
164 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
165 * per packet hfn is stored
167 uint32_t hfn; /*!< Hyper Frame Number */
168 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
172 typedef int (*dpaa2_sec_build_fd_t)(
173 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
174 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
175 struct rte_crypto_va_iova_ptr *iv,
176 struct rte_crypto_va_iova_ptr *digest,
177 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
180 typedef int (*dpaa2_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
181 struct rte_crypto_sgl *sgl,
182 struct rte_crypto_sgl *dest_sgl,
183 struct rte_crypto_va_iova_ptr *iv,
184 struct rte_crypto_va_iova_ptr *digest,
185 struct rte_crypto_va_iova_ptr *auth_iv,
186 union rte_crypto_sym_ofs ofs,
188 struct qbman_fd *fd);
190 typedef struct dpaa2_sec_session_entry {
193 uint8_t dir; /*!< Operation Direction */
194 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
195 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
196 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
197 dpaa2_sec_build_fd_t build_fd;
198 dpaa2_sec_build_raw_dp_fd_t build_raw_dp_fd;
201 uint8_t *data; /**< pointer to key data */
202 size_t length; /**< key length in bytes */
206 uint8_t *data; /**< pointer to key data */
207 size_t length; /**< key length in bytes */
210 uint8_t *data; /**< pointer to key data */
211 size_t length; /**< key length in bytes */
218 uint16_t length; /**< IV length in bytes */
219 uint16_t offset; /**< IV offset in bytes */
221 uint16_t digest_length;
224 struct dpaa2_sec_aead_ctxt aead_ctxt;
227 #ifdef RTE_LIB_SECURITY
228 struct dpaa2_pdcp_ctxt pdcp;
233 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
234 /* Symmetric capabilities */
236 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
238 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
240 .algo = RTE_CRYPTO_AUTH_MD5,
257 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
259 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
261 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
278 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
280 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
282 .algo = RTE_CRYPTO_AUTH_SHA1,
299 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
301 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
303 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
320 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
322 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
324 .algo = RTE_CRYPTO_AUTH_SHA224,
341 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
343 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
345 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
362 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
364 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
366 .algo = RTE_CRYPTO_AUTH_SHA256,
383 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
385 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
387 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
404 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
406 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
408 .algo = RTE_CRYPTO_AUTH_SHA384,
425 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
427 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
429 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
446 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
448 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
450 .algo = RTE_CRYPTO_AUTH_SHA512,
467 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
469 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
471 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
488 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
490 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
492 .algo = RTE_CRYPTO_AEAD_AES_GCM,
517 { /* AES XCBC HMAC */
518 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
520 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
522 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
540 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
542 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
544 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
561 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
563 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
565 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
581 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
583 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
585 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
601 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
603 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
605 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
621 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
623 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
625 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
640 { /* SNOW 3G (UIA2) */
641 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
643 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
645 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
665 { /* SNOW 3G (UEA2) */
666 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
668 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
670 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
686 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
688 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
690 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
706 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
708 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
710 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
730 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
733 #ifdef RTE_LIB_SECURITY
735 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
736 { /* SNOW 3G (UIA2) */
737 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
739 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
741 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
761 { /* SNOW 3G (UEA2) */
762 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
764 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
766 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
782 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
784 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
786 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
802 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
804 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
806 .algo = RTE_CRYPTO_AUTH_NULL,
822 { /* NULL (CIPHER) */
823 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
825 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
827 .algo = RTE_CRYPTO_CIPHER_NULL,
843 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
845 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
847 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
863 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
865 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
867 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
888 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
891 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
892 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
893 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
894 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
896 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
897 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
898 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
900 .replay_win_sz_max = 128
902 .crypto_capabilities = dpaa2_sec_capabilities
904 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
905 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
906 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
908 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
909 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
910 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
912 .replay_win_sz_max = 128
914 .crypto_capabilities = dpaa2_sec_capabilities
916 { /* PDCP Lookaside Protocol offload Data */
917 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
918 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
920 .domain = RTE_SECURITY_PDCP_MODE_DATA,
923 .crypto_capabilities = dpaa2_pdcp_capabilities
925 { /* PDCP Lookaside Protocol offload Control */
926 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
927 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
929 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
932 .crypto_capabilities = dpaa2_pdcp_capabilities
934 { /* PDCP Lookaside Protocol offload Short MAC */
935 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
936 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
938 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
941 .crypto_capabilities = dpaa2_pdcp_capabilities
944 .action = RTE_SECURITY_ACTION_TYPE_NONE
951 * @param buffer calculate chksum for buffer
952 * @param len buffer length
954 * @return checksum value in host cpu order
956 static inline uint16_t
957 calc_chksum(void *buffer, int len)
959 uint16_t *buf = (uint16_t *)buffer;
963 for (sum = 0; len > 1; len -= 2)
967 sum += *(unsigned char *)buf;
969 sum = (sum >> 16) + (sum & 0xFFFF);
977 dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
978 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
979 enum rte_crypto_op_sess_type sess_type,
980 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
983 dpaa2_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
986 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */