1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020-2021 NXP
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIB_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
19 #define MAX_DESC_SIZE 64
20 /** private data structure for each DPAA2_SEC device */
21 struct dpaa2_sec_dev_private {
22 void *mc_portal; /**< MC Portal for configuring this device */
23 void *hw; /**< Hardware handle for this device.Used by NADK framework */
24 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
25 int32_t hw_id; /**< An unique ID of this device instance */
26 int32_t vfio_fd; /**< File descriptor received via VFIO */
27 uint16_t token; /**< Token required by DPxxx objects */
28 unsigned int max_nb_queue_pairs;
29 /**< Max number of queue pairs supported by device */
33 struct dpaa2_queue rx_vq;
34 struct dpaa2_queue tx_vq;
46 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
48 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
49 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
50 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
51 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
53 /* SEC Flow Context Descriptor */
54 struct sec_flow_context {
56 uint16_t word0_sdid; /* 11-0 SDID */
57 uint16_t word0_res; /* 31-12 reserved */
60 uint8_t word1_sdl; /* 5-0 SDL */
63 uint8_t word1_bits_15_8; /* 11-8 CRID */
67 uint8_t word1_bits23_16; /* 16 EWS */
72 uint8_t word1_bits31_24; /* 24 RSC */
76 /* word 2 RFLC[31-0] */
77 uint32_t word2_rflc_31_0;
79 /* word 3 RFLC[63-32] */
80 uint32_t word3_rflc_63_32;
83 uint16_t word4_iicid; /* 15-0 IICID */
84 uint16_t word4_oicid; /* 31-16 OICID */
87 uint32_t word5_ofqid:24; /* 23-0 OFQID */
88 uint32_t word5_31_24:8;
95 uint32_t word6_oflc_31_0;
98 uint32_t word7_oflc_63_32;
100 /* Word 8-15 storage profiles */
101 uint16_t dl; /**< DataLength(correction) */
102 uint16_t reserved; /**< reserved */
103 uint16_t dhr; /**< DataHeadRoom(correction) */
104 uint16_t mode_bits; /**< mode bits */
105 uint16_t bpv0; /**< buffer pool0 valid */
106 uint16_t bpid0; /**< Bypass Memory Translation */
107 uint16_t bpv1; /**< buffer pool1 valid */
108 uint16_t bpid1; /**< Bypass Memory Translation */
109 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
112 struct sec_flc_desc {
113 struct sec_flow_context flc;
114 uint32_t desc[MAX_DESC_SIZE];
118 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
119 struct sec_flc_desc flc_desc[0];
122 enum dpaa2_sec_op_type {
123 DPAA2_SEC_NONE, /*!< No Cipher operations*/
124 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
125 DPAA2_SEC_AUTH, /*!< Authentication Operations */
126 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
127 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
130 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
133 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
134 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
135 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
139 struct dpaa2_sec_aead_ctxt {
140 uint16_t auth_only_len; /*!< Length of data for Auth only */
141 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
144 #ifdef RTE_LIB_SECURITY
146 * The structure is to be filled by user for PDCP Protocol
148 struct dpaa2_pdcp_ctxt {
149 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
150 int8_t bearer; /*!< PDCP bearer ID */
151 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
152 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
153 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
154 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
155 * per packet hfn is stored
157 uint32_t hfn; /*!< Hyper Frame Number */
158 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
161 typedef struct dpaa2_sec_session_entry {
164 uint8_t dir; /*!< Operation Direction */
165 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
166 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
167 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
170 uint8_t *data; /**< pointer to key data */
171 size_t length; /**< key length in bytes */
175 uint8_t *data; /**< pointer to key data */
176 size_t length; /**< key length in bytes */
179 uint8_t *data; /**< pointer to key data */
180 size_t length; /**< key length in bytes */
187 uint16_t length; /**< IV length in bytes */
188 uint16_t offset; /**< IV offset in bytes */
190 uint16_t digest_length;
193 struct dpaa2_sec_aead_ctxt aead_ctxt;
196 #ifdef RTE_LIB_SECURITY
197 struct dpaa2_pdcp_ctxt pdcp;
202 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
203 /* Symmetric capabilities */
205 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
207 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
209 .algo = RTE_CRYPTO_AUTH_NULL,
226 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
228 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
230 .algo = RTE_CRYPTO_AUTH_MD5,
247 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
249 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
251 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
268 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
270 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
272 .algo = RTE_CRYPTO_AUTH_SHA1,
289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
291 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
293 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
310 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
312 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
314 .algo = RTE_CRYPTO_AUTH_SHA224,
331 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
333 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
335 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
352 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
354 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
356 .algo = RTE_CRYPTO_AUTH_SHA256,
373 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
375 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
377 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
396 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
398 .algo = RTE_CRYPTO_AUTH_SHA384,
415 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
417 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
419 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
436 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
438 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
440 .algo = RTE_CRYPTO_AUTH_SHA512,
457 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
459 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
461 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
478 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
480 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
482 .algo = RTE_CRYPTO_AEAD_AES_GCM,
507 { /* AES XCBC HMAC */
508 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
510 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
512 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
530 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
532 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
534 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
550 { /* NULL (CIPHER) */
551 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
553 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
555 .algo = RTE_CRYPTO_CIPHER_NULL,
571 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
573 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
575 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
591 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
593 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
595 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
611 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
613 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
615 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
631 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
633 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
635 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
650 { /* SNOW 3G (UIA2) */
651 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
653 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
655 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
675 { /* SNOW 3G (UEA2) */
676 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
678 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
680 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
696 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
698 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
700 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
716 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
718 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
720 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
740 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
743 #ifdef RTE_LIB_SECURITY
745 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
746 { /* SNOW 3G (UIA2) */
747 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
749 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
751 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
771 { /* SNOW 3G (UEA2) */
772 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
774 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
776 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
792 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
794 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
796 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
812 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
814 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
816 .algo = RTE_CRYPTO_AUTH_NULL,
832 { /* NULL (CIPHER) */
833 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
835 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
837 .algo = RTE_CRYPTO_CIPHER_NULL,
853 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
855 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
857 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
873 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
875 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
877 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
898 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
901 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
902 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
903 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
904 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
906 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
907 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
908 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
910 .replay_win_sz_max = 128
912 .crypto_capabilities = dpaa2_sec_capabilities
914 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
915 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
916 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
918 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
919 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
920 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
922 .replay_win_sz_max = 128
924 .crypto_capabilities = dpaa2_sec_capabilities
926 { /* PDCP Lookaside Protocol offload Data */
927 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
928 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
930 .domain = RTE_SECURITY_PDCP_MODE_DATA,
933 .crypto_capabilities = dpaa2_pdcp_capabilities
935 { /* PDCP Lookaside Protocol offload Control */
936 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
937 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
939 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
942 .crypto_capabilities = dpaa2_pdcp_capabilities
944 { /* PDCP Lookaside Protocol offload Short MAC */
945 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
946 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
948 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
951 .crypto_capabilities = dpaa2_pdcp_capabilities
954 .action = RTE_SECURITY_ACTION_TYPE_NONE
961 * @param buffer calculate chksum for buffer
962 * @param len buffer length
964 * @return checksum value in host cpu order
966 static inline uint16_t
967 calc_chksum(void *buffer, int len)
969 uint16_t *buf = (uint16_t *)buffer;
973 for (sum = 0; len > 1; len -= 2)
977 sum += *(unsigned char *)buf;
979 sum = (sum >> 16) + (sum & 0xFFFF);
986 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */