1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIBRTE_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
19 #define MAX_DESC_SIZE 64
20 /** private data structure for each DPAA2_SEC device */
21 struct dpaa2_sec_dev_private {
22 void *mc_portal; /**< MC Portal for configuring this device */
23 void *hw; /**< Hardware handle for this device.Used by NADK framework */
24 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
25 int32_t hw_id; /**< An unique ID of this device instance */
26 int32_t vfio_fd; /**< File descriptor received via VFIO */
27 uint16_t token; /**< Token required by DPxxx objects */
28 unsigned int max_nb_queue_pairs;
29 /**< Max number of queue pairs supported by device */
33 struct dpaa2_queue rx_vq;
34 struct dpaa2_queue tx_vq;
46 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
48 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
49 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
50 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
51 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
53 /* SEC Flow Context Descriptor */
54 struct sec_flow_context {
56 uint16_t word0_sdid; /* 11-0 SDID */
57 uint16_t word0_res; /* 31-12 reserved */
60 uint8_t word1_sdl; /* 5-0 SDL */
63 uint8_t word1_bits_15_8; /* 11-8 CRID */
67 uint8_t word1_bits23_16; /* 16 EWS */
72 uint8_t word1_bits31_24; /* 24 RSC */
76 /* word 2 RFLC[31-0] */
77 uint32_t word2_rflc_31_0;
79 /* word 3 RFLC[63-32] */
80 uint32_t word3_rflc_63_32;
83 uint16_t word4_iicid; /* 15-0 IICID */
84 uint16_t word4_oicid; /* 31-16 OICID */
87 uint32_t word5_ofqid:24; /* 23-0 OFQID */
88 uint32_t word5_31_24:8;
95 uint32_t word6_oflc_31_0;
98 uint32_t word7_oflc_63_32;
100 /* Word 8-15 storage profiles */
101 uint16_t dl; /**< DataLength(correction) */
102 uint16_t reserved; /**< reserved */
103 uint16_t dhr; /**< DataHeadRoom(correction) */
104 uint16_t mode_bits; /**< mode bits */
105 uint16_t bpv0; /**< buffer pool0 valid */
106 uint16_t bpid0; /**< Bypass Memory Translation */
107 uint16_t bpv1; /**< buffer pool1 valid */
108 uint16_t bpid1; /**< Bypass Memory Translation */
109 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
112 struct sec_flc_desc {
113 struct sec_flow_context flc;
114 uint32_t desc[MAX_DESC_SIZE];
118 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
119 struct sec_flc_desc flc_desc[0];
122 enum dpaa2_sec_op_type {
123 DPAA2_SEC_NONE, /*!< No Cipher operations*/
124 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
125 DPAA2_SEC_AUTH, /*!< Authentication Operations */
126 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
127 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
130 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
133 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
134 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
135 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
139 struct dpaa2_sec_aead_ctxt {
140 uint16_t auth_only_len; /*!< Length of data for Auth only */
141 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
144 #ifdef RTE_LIBRTE_SECURITY
146 * The structure is to be filled by user for PDCP Protocol
148 struct dpaa2_pdcp_ctxt {
149 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
150 int8_t bearer; /*!< PDCP bearer ID */
151 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
152 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
153 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
154 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
155 * per packet hfn is stored
157 uint32_t hfn; /*!< Hyper Frame Number */
158 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
161 typedef struct dpaa2_sec_session_entry {
164 uint8_t dir; /*!< Operation Direction */
165 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
166 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
167 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
170 uint8_t *data; /**< pointer to key data */
171 size_t length; /**< key length in bytes */
175 uint8_t *data; /**< pointer to key data */
176 size_t length; /**< key length in bytes */
179 uint8_t *data; /**< pointer to key data */
180 size_t length; /**< key length in bytes */
187 uint16_t length; /**< IV length in bytes */
188 uint16_t offset; /**< IV offset in bytes */
190 uint16_t digest_length;
193 struct dpaa2_sec_aead_ctxt aead_ctxt;
196 #ifdef RTE_LIBRTE_SECURITY
197 struct dpaa2_pdcp_ctxt pdcp;
202 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
204 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
206 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
208 .algo = RTE_CRYPTO_AUTH_NULL,
225 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
227 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
229 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
246 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
248 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
250 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
267 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
269 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
271 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
288 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
290 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
292 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
311 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
313 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
330 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
332 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
334 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
351 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
353 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
355 .algo = RTE_CRYPTO_AEAD_AES_GCM,
380 { /* NULL (CIPHER) */
381 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
383 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
385 .algo = RTE_CRYPTO_CIPHER_NULL,
401 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
403 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
405 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
421 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
423 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
425 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
441 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
443 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
445 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
460 { /* SNOW 3G (UIA2) */
461 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
463 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
465 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
485 { /* SNOW 3G (UEA2) */
486 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
488 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
490 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
506 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
508 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
510 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
526 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
528 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
530 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
550 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
553 #ifdef RTE_LIBRTE_SECURITY
555 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
556 { /* SNOW 3G (UIA2) */
557 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
559 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
561 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
581 { /* SNOW 3G (UEA2) */
582 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
584 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
586 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
602 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
604 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
606 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
622 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
624 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
626 .algo = RTE_CRYPTO_AUTH_NULL,
642 { /* NULL (CIPHER) */
643 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
645 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
647 .algo = RTE_CRYPTO_CIPHER_NULL,
663 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
665 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
667 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
683 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
685 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
687 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
708 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
711 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
712 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
713 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
714 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
716 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
717 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
718 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
720 .replay_win_sz_max = 128
722 .crypto_capabilities = dpaa2_sec_capabilities
724 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
725 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
726 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
728 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
729 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
730 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
732 .replay_win_sz_max = 128
734 .crypto_capabilities = dpaa2_sec_capabilities
736 { /* PDCP Lookaside Protocol offload Data */
737 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
738 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
740 .domain = RTE_SECURITY_PDCP_MODE_DATA,
743 .crypto_capabilities = dpaa2_pdcp_capabilities
745 { /* PDCP Lookaside Protocol offload Control */
746 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
747 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
749 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
752 .crypto_capabilities = dpaa2_pdcp_capabilities
755 .action = RTE_SECURITY_ACTION_TYPE_NONE
762 * @param buffer calculate chksum for buffer
763 * @param len buffer length
765 * @return checksum value in host cpu order
767 static inline uint16_t
768 calc_chksum(void *buffer, int len)
770 uint16_t *buf = (uint16_t *)buffer;
774 for (sum = 0; len > 1; len -= 2)
778 sum += *(unsigned char *)buf;
780 sum = (sum >> 16) + (sum & 0xFFFF);
787 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */
git.droids-corp.org / dpdk.git / blob