1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020-2022 NXP
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIB_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
18 extern uint8_t cryptodev_driver_id;
20 /* FLE_POOL_NUM_BUFS is set as per the ipsec-secgw application */
21 #define FLE_POOL_NUM_BUFS 32000
22 #define FLE_POOL_BUF_SIZE 256
23 #define FLE_POOL_CACHE_SIZE 512
24 #define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
25 #define SEC_FLC_DHR_OUTBOUND -114
26 #define SEC_FLC_DHR_INBOUND 0
29 #define MAX_DESC_SIZE 64
30 /** private data structure for each DPAA2_SEC device */
31 struct dpaa2_sec_dev_private {
32 void *mc_portal; /**< MC Portal for configuring this device */
33 void *hw; /**< Hardware handle for this device.Used by NADK framework */
34 int32_t hw_id; /**< An unique ID of this device instance */
35 int32_t vfio_fd; /**< File descriptor received via VFIO */
36 uint16_t token; /**< Token required by DPxxx objects */
37 unsigned int max_nb_queue_pairs;
38 /**< Max number of queue pairs supported by device */
40 uint8_t en_loose_ordered;
44 struct dpaa2_queue rx_vq;
45 struct dpaa2_queue tx_vq;
46 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
58 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
60 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
61 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
62 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
63 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
65 /* SEC Flow Context Descriptor */
66 struct sec_flow_context {
68 uint16_t word0_sdid; /* 11-0 SDID */
69 uint16_t word0_res; /* 31-12 reserved */
72 uint8_t word1_sdl; /* 5-0 SDL */
75 uint8_t word1_bits_15_8; /* 11-8 CRID */
79 uint8_t word1_bits23_16; /* 16 EWS */
84 uint8_t word1_bits31_24; /* 24 RSC */
88 /* word 2 RFLC[31-0] */
89 uint32_t word2_rflc_31_0;
91 /* word 3 RFLC[63-32] */
92 uint32_t word3_rflc_63_32;
95 uint16_t word4_iicid; /* 15-0 IICID */
96 uint16_t word4_oicid; /* 31-16 OICID */
99 uint32_t word5_ofqid:24; /* 23-0 OFQID */
100 uint32_t word5_31_24:8;
107 uint32_t word6_oflc_31_0;
110 uint32_t word7_oflc_63_32;
112 /* Word 8-15 storage profiles */
113 uint16_t dl; /**< DataLength(correction) */
114 uint16_t reserved; /**< reserved */
115 uint16_t dhr; /**< DataHeadRoom(correction) */
116 uint16_t mode_bits; /**< mode bits */
117 uint16_t bpv0; /**< buffer pool0 valid */
118 uint16_t bpid0; /**< Bypass Memory Translation */
119 uint16_t bpv1; /**< buffer pool1 valid */
120 uint16_t bpid1; /**< Bypass Memory Translation */
121 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
124 struct sec_flc_desc {
125 struct sec_flow_context flc;
126 uint32_t desc[MAX_DESC_SIZE];
130 struct sec_flc_desc flc_desc[0];
133 enum dpaa2_sec_op_type {
134 DPAA2_SEC_NONE, /*!< No Cipher operations*/
135 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
136 DPAA2_SEC_AUTH, /*!< Authentication Operations */
137 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
138 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
141 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
144 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
145 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
146 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
150 struct dpaa2_sec_aead_ctxt {
151 uint16_t auth_only_len; /*!< Length of data for Auth only */
152 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
155 #ifdef RTE_LIB_SECURITY
157 * The structure is to be filled by user for PDCP Protocol
159 struct dpaa2_pdcp_ctxt {
160 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
161 int8_t bearer; /*!< PDCP bearer ID */
162 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
163 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
164 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
165 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
166 * per packet hfn is stored
168 uint32_t hfn; /*!< Hyper Frame Number */
169 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
173 typedef int (*dpaa2_sec_build_fd_t)(
174 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
175 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
176 struct rte_crypto_va_iova_ptr *iv,
177 struct rte_crypto_va_iova_ptr *digest,
178 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
181 typedef int (*dpaa2_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
182 struct rte_crypto_sgl *sgl,
183 struct rte_crypto_sgl *dest_sgl,
184 struct rte_crypto_va_iova_ptr *iv,
185 struct rte_crypto_va_iova_ptr *digest,
186 struct rte_crypto_va_iova_ptr *auth_iv,
187 union rte_crypto_sym_ofs ofs,
189 struct qbman_fd *fd);
191 typedef struct dpaa2_sec_session_entry {
194 uint8_t dir; /*!< Operation Direction */
195 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
196 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
197 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
198 dpaa2_sec_build_fd_t build_fd;
199 dpaa2_sec_build_raw_dp_fd_t build_raw_dp_fd;
202 uint8_t *data; /**< pointer to key data */
203 size_t length; /**< key length in bytes */
207 uint8_t *data; /**< pointer to key data */
208 size_t length; /**< key length in bytes */
211 uint8_t *data; /**< pointer to key data */
212 size_t length; /**< key length in bytes */
219 uint16_t length; /**< IV length in bytes */
220 uint16_t offset; /**< IV offset in bytes */
222 uint16_t digest_length;
225 struct dpaa2_sec_aead_ctxt aead_ctxt;
228 #ifdef RTE_LIB_SECURITY
229 struct dpaa2_pdcp_ctxt pdcp;
234 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
235 /* Symmetric capabilities */
237 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
239 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
241 .algo = RTE_CRYPTO_AUTH_MD5,
258 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
260 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
262 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
279 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
281 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
283 .algo = RTE_CRYPTO_AUTH_SHA1,
300 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
302 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
304 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
321 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
323 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
325 .algo = RTE_CRYPTO_AUTH_SHA224,
342 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
344 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
346 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
363 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
365 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
367 .algo = RTE_CRYPTO_AUTH_SHA256,
384 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
386 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
388 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
405 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
407 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
409 .algo = RTE_CRYPTO_AUTH_SHA384,
426 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
428 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
430 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
447 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
449 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
451 .algo = RTE_CRYPTO_AUTH_SHA512,
468 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
470 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
472 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
489 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
491 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
493 .algo = RTE_CRYPTO_AEAD_AES_GCM,
518 { /* AES XCBC HMAC */
519 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
521 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
523 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
541 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
543 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
545 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
563 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
565 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
567 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
583 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
585 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
587 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
603 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
605 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
607 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
623 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
625 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
627 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
642 { /* SNOW 3G (UIA2) */
643 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
645 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
647 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
667 { /* SNOW 3G (UEA2) */
668 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
670 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
672 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
688 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
690 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
692 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
708 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
710 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
712 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
732 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
735 #ifdef RTE_LIB_SECURITY
737 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
738 { /* SNOW 3G (UIA2) */
739 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
741 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
743 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
763 { /* SNOW 3G (UEA2) */
764 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
766 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
768 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
784 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
786 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
788 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
804 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
806 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
808 .algo = RTE_CRYPTO_AUTH_NULL,
824 { /* NULL (CIPHER) */
825 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
827 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
829 .algo = RTE_CRYPTO_CIPHER_NULL,
845 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
847 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
849 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
865 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
867 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
869 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
890 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
893 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
894 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
895 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
896 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
898 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
899 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
900 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
902 .replay_win_sz_max = 128
904 .crypto_capabilities = dpaa2_sec_capabilities
906 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
907 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
908 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
910 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
911 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
912 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
914 .replay_win_sz_max = 128
916 .crypto_capabilities = dpaa2_sec_capabilities
918 { /* PDCP Lookaside Protocol offload Data */
919 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
920 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
922 .domain = RTE_SECURITY_PDCP_MODE_DATA,
925 .crypto_capabilities = dpaa2_pdcp_capabilities
927 { /* PDCP Lookaside Protocol offload Control */
928 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
929 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
931 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
934 .crypto_capabilities = dpaa2_pdcp_capabilities
936 { /* PDCP Lookaside Protocol offload Short MAC */
937 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
938 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
940 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
943 .crypto_capabilities = dpaa2_pdcp_capabilities
946 .action = RTE_SECURITY_ACTION_TYPE_NONE
953 * @param buffer calculate chksum for buffer
954 * @param len buffer length
956 * @return checksum value in host cpu order
958 static inline uint16_t
959 calc_chksum(void *buffer, int len)
961 uint16_t *buf = (uint16_t *)buffer;
965 for (sum = 0; len > 1; len -= 2)
969 sum += *(unsigned char *)buf;
971 sum = (sum >> 16) + (sum & 0xFFFF);
979 dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
980 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
981 enum rte_crypto_op_sess_type sess_type,
982 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
985 dpaa2_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
988 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */