1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
8 #ifndef _RTE_DPAA2_SEC_PMD_PRIVATE_H_
9 #define _RTE_DPAA2_SEC_PMD_PRIVATE_H_
11 #include <rte_security_driver.h>
13 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
14 /**< NXP DPAA2 - SEC PMD device name */
17 #define MAX_DESC_SIZE 64
18 /** private data structure for each DPAA2_SEC device */
19 struct dpaa2_sec_dev_private {
20 void *mc_portal; /**< MC Portal for configuring this device */
21 void *hw; /**< Hardware handle for this device.Used by NADK framework */
22 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
23 int32_t hw_id; /**< An unique ID of this device instance */
24 int32_t vfio_fd; /**< File descriptor received via VFIO */
25 uint16_t token; /**< Token required by DPxxx objects */
26 unsigned int max_nb_queue_pairs;
27 /**< Max number of queue pairs supported by device */
31 struct dpaa2_queue rx_vq;
32 struct dpaa2_queue tx_vq;
44 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
46 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
47 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
48 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
49 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
51 /* SEC Flow Context Descriptor */
52 struct sec_flow_context {
54 uint16_t word0_sdid; /* 11-0 SDID */
55 uint16_t word0_res; /* 31-12 reserved */
58 uint8_t word1_sdl; /* 5-0 SDL */
61 uint8_t word1_bits_15_8; /* 11-8 CRID */
65 uint8_t word1_bits23_16; /* 16 EWS */
70 uint8_t word1_bits31_24; /* 24 RSC */
74 /* word 2 RFLC[31-0] */
75 uint32_t word2_rflc_31_0;
77 /* word 3 RFLC[63-32] */
78 uint32_t word3_rflc_63_32;
81 uint16_t word4_iicid; /* 15-0 IICID */
82 uint16_t word4_oicid; /* 31-16 OICID */
85 uint32_t word5_ofqid:24; /* 23-0 OFQID */
86 uint32_t word5_31_24:8;
93 uint32_t word6_oflc_31_0;
96 uint32_t word7_oflc_63_32;
98 /* Word 8-15 storage profiles */
99 uint16_t dl; /**< DataLength(correction) */
100 uint16_t reserved; /**< reserved */
101 uint16_t dhr; /**< DataHeadRoom(correction) */
102 uint16_t mode_bits; /**< mode bits */
103 uint16_t bpv0; /**< buffer pool0 valid */
104 uint16_t bpid0; /**< Bypass Memory Translation */
105 uint16_t bpv1; /**< buffer pool1 valid */
106 uint16_t bpid1; /**< Bypass Memory Translation */
107 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
110 struct sec_flc_desc {
111 struct sec_flow_context flc;
112 uint32_t desc[MAX_DESC_SIZE];
116 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
117 struct sec_flc_desc flc_desc[0];
120 enum dpaa2_sec_op_type {
121 DPAA2_SEC_NONE, /*!< No Cipher operations*/
122 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
123 DPAA2_SEC_AUTH, /*!< Authentication Operations */
124 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
125 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
128 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
131 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
132 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
133 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
137 struct dpaa2_sec_aead_ctxt {
138 uint16_t auth_only_len; /*!< Length of data for Auth only */
139 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
143 * The structure is to be filled by user for PDCP Protocol
145 struct dpaa2_pdcp_ctxt {
146 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
147 int8_t bearer; /*!< PDCP bearer ID */
148 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
149 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
150 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
151 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
152 * per packet hfn is stored
154 uint32_t hfn; /*!< Hyper Frame Number */
155 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
158 typedef struct dpaa2_sec_session_entry {
161 uint8_t dir; /*!< Operation Direction */
162 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
163 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
164 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
167 uint8_t *data; /**< pointer to key data */
168 size_t length; /**< key length in bytes */
172 uint8_t *data; /**< pointer to key data */
173 size_t length; /**< key length in bytes */
176 uint8_t *data; /**< pointer to key data */
177 size_t length; /**< key length in bytes */
184 uint16_t length; /**< IV length in bytes */
185 uint16_t offset; /**< IV offset in bytes */
187 uint16_t digest_length;
190 struct dpaa2_sec_aead_ctxt aead_ctxt;
193 struct dpaa2_pdcp_ctxt pdcp;
197 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
199 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
201 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
203 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
220 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
222 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
224 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
241 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
243 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
245 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
262 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
264 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
266 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
285 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
287 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
304 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
306 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
308 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
325 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
327 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
329 .algo = RTE_CRYPTO_AEAD_AES_GCM,
355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
357 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
359 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
379 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
397 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
399 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
414 { /* SNOW 3G (UIA2) */
415 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
417 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
419 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
439 { /* SNOW 3G (UEA2) */
440 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
442 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
444 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
460 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
462 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
464 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
480 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
482 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
484 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
504 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
507 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
508 { /* SNOW 3G (UIA2) */
509 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
511 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
513 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
533 { /* SNOW 3G (UEA2) */
534 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
536 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
538 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
554 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
556 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
558 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
574 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
576 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
578 .algo = RTE_CRYPTO_AUTH_NULL,
594 { /* NULL (CIPHER) */
595 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
597 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
599 .algo = RTE_CRYPTO_CIPHER_NULL,
615 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
617 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
619 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
635 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
637 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
639 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
660 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
663 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
664 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
665 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
666 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
668 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
669 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
670 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
673 .crypto_capabilities = dpaa2_sec_capabilities
675 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
676 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
677 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
679 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
680 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
681 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
684 .crypto_capabilities = dpaa2_sec_capabilities
686 { /* PDCP Lookaside Protocol offload Data */
687 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
688 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
690 .domain = RTE_SECURITY_PDCP_MODE_DATA,
693 .crypto_capabilities = dpaa2_pdcp_capabilities
695 { /* PDCP Lookaside Protocol offload Control */
696 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
697 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
699 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
702 .crypto_capabilities = dpaa2_pdcp_capabilities
705 .action = RTE_SECURITY_ACTION_TYPE_NONE
712 * @param buffer calculate chksum for buffer
713 * @param len buffer length
715 * @return checksum value in host cpu order
717 static inline uint16_t
718 calc_chksum(void *buffer, int len)
720 uint16_t *buf = (uint16_t *)buffer;
724 for (sum = 0; len > 1; len -= 2)
728 sum += *(unsigned char *)buf;
730 sum = (sum >> 16) + (sum & 0xFFFF);
737 #endif /* _RTE_DPAA2_SEC_PMD_PRIVATE_H_ */
git.droids-corp.org / dpdk.git / blob