1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020-2021 NXP
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIB_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
18 extern uint8_t cryptodev_driver_id;
20 /* FLE_POOL_NUM_BUFS is set as per the ipsec-secgw application */
21 #define FLE_POOL_NUM_BUFS 32000
22 #define FLE_POOL_BUF_SIZE 256
23 #define FLE_POOL_CACHE_SIZE 512
24 #define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
25 #define SEC_FLC_DHR_OUTBOUND -114
26 #define SEC_FLC_DHR_INBOUND 0
29 #define MAX_DESC_SIZE 64
30 /** private data structure for each DPAA2_SEC device */
31 struct dpaa2_sec_dev_private {
32 void *mc_portal; /**< MC Portal for configuring this device */
33 void *hw; /**< Hardware handle for this device.Used by NADK framework */
34 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
35 int32_t hw_id; /**< An unique ID of this device instance */
36 int32_t vfio_fd; /**< File descriptor received via VFIO */
37 uint16_t token; /**< Token required by DPxxx objects */
38 unsigned int max_nb_queue_pairs;
39 /**< Max number of queue pairs supported by device */
41 uint8_t en_loose_ordered;
45 struct dpaa2_queue rx_vq;
46 struct dpaa2_queue tx_vq;
58 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
60 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
61 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
62 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
63 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
65 /* SEC Flow Context Descriptor */
66 struct sec_flow_context {
68 uint16_t word0_sdid; /* 11-0 SDID */
69 uint16_t word0_res; /* 31-12 reserved */
72 uint8_t word1_sdl; /* 5-0 SDL */
75 uint8_t word1_bits_15_8; /* 11-8 CRID */
79 uint8_t word1_bits23_16; /* 16 EWS */
84 uint8_t word1_bits31_24; /* 24 RSC */
88 /* word 2 RFLC[31-0] */
89 uint32_t word2_rflc_31_0;
91 /* word 3 RFLC[63-32] */
92 uint32_t word3_rflc_63_32;
95 uint16_t word4_iicid; /* 15-0 IICID */
96 uint16_t word4_oicid; /* 31-16 OICID */
99 uint32_t word5_ofqid:24; /* 23-0 OFQID */
100 uint32_t word5_31_24:8;
107 uint32_t word6_oflc_31_0;
110 uint32_t word7_oflc_63_32;
112 /* Word 8-15 storage profiles */
113 uint16_t dl; /**< DataLength(correction) */
114 uint16_t reserved; /**< reserved */
115 uint16_t dhr; /**< DataHeadRoom(correction) */
116 uint16_t mode_bits; /**< mode bits */
117 uint16_t bpv0; /**< buffer pool0 valid */
118 uint16_t bpid0; /**< Bypass Memory Translation */
119 uint16_t bpv1; /**< buffer pool1 valid */
120 uint16_t bpid1; /**< Bypass Memory Translation */
121 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
124 struct sec_flc_desc {
125 struct sec_flow_context flc;
126 uint32_t desc[MAX_DESC_SIZE];
130 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
131 struct sec_flc_desc flc_desc[0];
134 enum dpaa2_sec_op_type {
135 DPAA2_SEC_NONE, /*!< No Cipher operations*/
136 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
137 DPAA2_SEC_AUTH, /*!< Authentication Operations */
138 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
139 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
142 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
145 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
146 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
147 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
151 struct dpaa2_sec_aead_ctxt {
152 uint16_t auth_only_len; /*!< Length of data for Auth only */
153 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
156 #ifdef RTE_LIB_SECURITY
158 * The structure is to be filled by user for PDCP Protocol
160 struct dpaa2_pdcp_ctxt {
161 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
162 int8_t bearer; /*!< PDCP bearer ID */
163 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
164 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
165 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
166 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
167 * per packet hfn is stored
169 uint32_t hfn; /*!< Hyper Frame Number */
170 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
174 typedef int (*dpaa2_sec_build_fd_t)(
175 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
176 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
177 struct rte_crypto_va_iova_ptr *iv,
178 struct rte_crypto_va_iova_ptr *digest,
179 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
182 typedef int (*dpaa2_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
183 struct rte_crypto_sgl *sgl,
184 struct rte_crypto_sgl *dest_sgl,
185 struct rte_crypto_va_iova_ptr *iv,
186 struct rte_crypto_va_iova_ptr *digest,
187 struct rte_crypto_va_iova_ptr *auth_iv,
188 union rte_crypto_sym_ofs ofs,
190 struct qbman_fd *fd);
192 typedef struct dpaa2_sec_session_entry {
195 uint8_t dir; /*!< Operation Direction */
196 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
197 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
198 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
199 dpaa2_sec_build_fd_t build_fd;
200 dpaa2_sec_build_raw_dp_fd_t build_raw_dp_fd;
203 uint8_t *data; /**< pointer to key data */
204 size_t length; /**< key length in bytes */
208 uint8_t *data; /**< pointer to key data */
209 size_t length; /**< key length in bytes */
212 uint8_t *data; /**< pointer to key data */
213 size_t length; /**< key length in bytes */
220 uint16_t length; /**< IV length in bytes */
221 uint16_t offset; /**< IV offset in bytes */
223 uint16_t digest_length;
226 struct dpaa2_sec_aead_ctxt aead_ctxt;
229 #ifdef RTE_LIB_SECURITY
230 struct dpaa2_pdcp_ctxt pdcp;
235 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
236 /* Symmetric capabilities */
238 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
240 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
242 .algo = RTE_CRYPTO_AUTH_MD5,
259 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
261 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
263 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
280 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
282 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
284 .algo = RTE_CRYPTO_AUTH_SHA1,
301 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
303 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
305 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
322 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
324 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
326 .algo = RTE_CRYPTO_AUTH_SHA224,
343 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
345 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
347 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
364 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
366 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
368 .algo = RTE_CRYPTO_AUTH_SHA256,
385 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
387 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
389 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
406 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
408 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
410 .algo = RTE_CRYPTO_AUTH_SHA384,
427 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
429 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
431 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
448 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
450 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
452 .algo = RTE_CRYPTO_AUTH_SHA512,
469 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
471 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
473 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
490 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
492 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
494 .algo = RTE_CRYPTO_AEAD_AES_GCM,
519 { /* AES XCBC HMAC */
520 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
522 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
524 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
542 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
544 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
546 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
564 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
566 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
568 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
584 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
586 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
588 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
604 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
606 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
608 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
624 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
626 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
628 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
643 { /* SNOW 3G (UIA2) */
644 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
646 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
648 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
668 { /* SNOW 3G (UEA2) */
669 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
671 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
673 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
689 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
691 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
693 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
709 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
711 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
713 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
733 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
736 #ifdef RTE_LIB_SECURITY
738 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
739 { /* SNOW 3G (UIA2) */
740 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
742 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
744 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
764 { /* SNOW 3G (UEA2) */
765 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
767 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
769 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
785 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
787 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
789 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
805 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
807 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
809 .algo = RTE_CRYPTO_AUTH_NULL,
825 { /* NULL (CIPHER) */
826 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
828 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
830 .algo = RTE_CRYPTO_CIPHER_NULL,
846 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
848 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
850 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
866 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
868 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
870 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
891 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
894 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
895 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
896 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
897 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
899 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
900 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
901 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
903 .replay_win_sz_max = 128
905 .crypto_capabilities = dpaa2_sec_capabilities
907 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
908 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
909 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
911 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
912 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
913 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
915 .replay_win_sz_max = 128
917 .crypto_capabilities = dpaa2_sec_capabilities
919 { /* PDCP Lookaside Protocol offload Data */
920 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
921 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
923 .domain = RTE_SECURITY_PDCP_MODE_DATA,
926 .crypto_capabilities = dpaa2_pdcp_capabilities
928 { /* PDCP Lookaside Protocol offload Control */
929 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
930 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
932 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
935 .crypto_capabilities = dpaa2_pdcp_capabilities
937 { /* PDCP Lookaside Protocol offload Short MAC */
938 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
939 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
941 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
944 .crypto_capabilities = dpaa2_pdcp_capabilities
947 .action = RTE_SECURITY_ACTION_TYPE_NONE
954 * @param buffer calculate chksum for buffer
955 * @param len buffer length
957 * @return checksum value in host cpu order
959 static inline uint16_t
960 calc_chksum(void *buffer, int len)
962 uint16_t *buf = (uint16_t *)buffer;
966 for (sum = 0; len > 1; len -= 2)
970 sum += *(unsigned char *)buf;
972 sum = (sum >> 16) + (sum & 0xFFFF);
980 dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
981 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
982 enum rte_crypto_op_sess_type sess_type,
983 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
986 dpaa2_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
989 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */