1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
4 * Copyright 2016,2020-2021 NXP
8 #ifndef _DPAA2_SEC_PMD_PRIVATE_H_
9 #define _DPAA2_SEC_PMD_PRIVATE_H_
11 #ifdef RTE_LIB_SECURITY
12 #include <rte_security_driver.h>
15 #define CRYPTODEV_NAME_DPAA2_SEC_PMD crypto_dpaa2_sec
16 /**< NXP DPAA2 - SEC PMD device name */
18 extern uint8_t cryptodev_driver_id;
20 /* FLE_POOL_NUM_BUFS is set as per the ipsec-secgw application */
21 #define FLE_POOL_NUM_BUFS 32000
22 #define FLE_POOL_BUF_SIZE 256
23 #define FLE_POOL_CACHE_SIZE 512
24 #define FLE_SG_MEM_SIZE(num) (FLE_POOL_BUF_SIZE + ((num) * 32))
25 #define SEC_FLC_DHR_OUTBOUND -114
26 #define SEC_FLC_DHR_INBOUND 0
29 #define MAX_DESC_SIZE 64
30 /** private data structure for each DPAA2_SEC device */
31 struct dpaa2_sec_dev_private {
32 void *mc_portal; /**< MC Portal for configuring this device */
33 void *hw; /**< Hardware handle for this device.Used by NADK framework */
34 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
35 int32_t hw_id; /**< An unique ID of this device instance */
36 int32_t vfio_fd; /**< File descriptor received via VFIO */
37 uint16_t token; /**< Token required by DPxxx objects */
38 unsigned int max_nb_queue_pairs;
39 /**< Max number of queue pairs supported by device */
43 struct dpaa2_queue rx_vq;
44 struct dpaa2_queue tx_vq;
56 #define DPAA2_IPv6_DEFAULT_VTC_FLOW 0x60000000
58 #define DPAA2_SET_FLC_EWS(flc) (flc->word1_bits23_16 |= 0x1)
59 #define DPAA2_SET_FLC_RSC(flc) (flc->word1_bits31_24 |= 0x1)
60 #define DPAA2_SET_FLC_REUSE_BS(flc) (flc->mode_bits |= 0x8000)
61 #define DPAA2_SET_FLC_REUSE_FF(flc) (flc->mode_bits |= 0x2000)
63 /* SEC Flow Context Descriptor */
64 struct sec_flow_context {
66 uint16_t word0_sdid; /* 11-0 SDID */
67 uint16_t word0_res; /* 31-12 reserved */
70 uint8_t word1_sdl; /* 5-0 SDL */
73 uint8_t word1_bits_15_8; /* 11-8 CRID */
77 uint8_t word1_bits23_16; /* 16 EWS */
82 uint8_t word1_bits31_24; /* 24 RSC */
86 /* word 2 RFLC[31-0] */
87 uint32_t word2_rflc_31_0;
89 /* word 3 RFLC[63-32] */
90 uint32_t word3_rflc_63_32;
93 uint16_t word4_iicid; /* 15-0 IICID */
94 uint16_t word4_oicid; /* 31-16 OICID */
97 uint32_t word5_ofqid:24; /* 23-0 OFQID */
98 uint32_t word5_31_24:8;
105 uint32_t word6_oflc_31_0;
108 uint32_t word7_oflc_63_32;
110 /* Word 8-15 storage profiles */
111 uint16_t dl; /**< DataLength(correction) */
112 uint16_t reserved; /**< reserved */
113 uint16_t dhr; /**< DataHeadRoom(correction) */
114 uint16_t mode_bits; /**< mode bits */
115 uint16_t bpv0; /**< buffer pool0 valid */
116 uint16_t bpid0; /**< Bypass Memory Translation */
117 uint16_t bpv1; /**< buffer pool1 valid */
118 uint16_t bpid1; /**< Bypass Memory Translation */
119 uint64_t word_12_15[2]; /**< word 12-15 are reserved */
122 struct sec_flc_desc {
123 struct sec_flow_context flc;
124 uint32_t desc[MAX_DESC_SIZE];
128 struct rte_mempool *fle_pool; /* per device memory pool for FLE */
129 struct sec_flc_desc flc_desc[0];
132 enum dpaa2_sec_op_type {
133 DPAA2_SEC_NONE, /*!< No Cipher operations*/
134 DPAA2_SEC_CIPHER,/*!< CIPHER operations */
135 DPAA2_SEC_AUTH, /*!< Authentication Operations */
136 DPAA2_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
137 DPAA2_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
140 DPAA2_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
143 DPAA2_SEC_IPSEC, /*!< IPSEC protocol operations*/
144 DPAA2_SEC_PDCP, /*!< PDCP protocol operations*/
145 DPAA2_SEC_PKC, /*!< Public Key Cryptographic Operations */
149 struct dpaa2_sec_aead_ctxt {
150 uint16_t auth_only_len; /*!< Length of data for Auth only */
151 uint8_t auth_cipher_text; /**< Authenticate/cipher ordering */
154 #ifdef RTE_LIB_SECURITY
156 * The structure is to be filled by user for PDCP Protocol
158 struct dpaa2_pdcp_ctxt {
159 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
160 int8_t bearer; /*!< PDCP bearer ID */
161 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
162 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
163 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
164 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
165 * per packet hfn is stored
167 uint32_t hfn; /*!< Hyper Frame Number */
168 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
172 typedef int (*dpaa2_sec_build_fd_t)(
173 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
174 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
175 struct rte_crypto_va_iova_ptr *iv,
176 struct rte_crypto_va_iova_ptr *digest,
177 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
180 typedef int (*dpaa2_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
181 struct rte_crypto_sgl *sgl,
182 struct rte_crypto_va_iova_ptr *iv,
183 struct rte_crypto_va_iova_ptr *digest,
184 struct rte_crypto_va_iova_ptr *auth_iv,
185 union rte_crypto_sym_ofs ofs,
187 struct qbman_fd *fd);
189 typedef struct dpaa2_sec_session_entry {
192 uint8_t dir; /*!< Operation Direction */
193 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
194 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
195 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
196 dpaa2_sec_build_fd_t build_fd;
197 dpaa2_sec_build_raw_dp_fd_t build_raw_dp_fd;
200 uint8_t *data; /**< pointer to key data */
201 size_t length; /**< key length in bytes */
205 uint8_t *data; /**< pointer to key data */
206 size_t length; /**< key length in bytes */
209 uint8_t *data; /**< pointer to key data */
210 size_t length; /**< key length in bytes */
217 uint16_t length; /**< IV length in bytes */
218 uint16_t offset; /**< IV offset in bytes */
220 uint16_t digest_length;
223 struct dpaa2_sec_aead_ctxt aead_ctxt;
226 #ifdef RTE_LIB_SECURITY
227 struct dpaa2_pdcp_ctxt pdcp;
232 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] = {
233 /* Symmetric capabilities */
235 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
237 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
239 .algo = RTE_CRYPTO_AUTH_MD5,
256 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
258 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
260 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
277 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
279 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
281 .algo = RTE_CRYPTO_AUTH_SHA1,
298 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
300 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
302 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
319 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
321 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
323 .algo = RTE_CRYPTO_AUTH_SHA224,
340 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
342 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
344 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
361 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
363 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
365 .algo = RTE_CRYPTO_AUTH_SHA256,
382 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
384 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
386 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
403 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
405 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
407 .algo = RTE_CRYPTO_AUTH_SHA384,
424 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
426 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
428 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
445 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
447 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
449 .algo = RTE_CRYPTO_AUTH_SHA512,
466 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
468 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
470 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
487 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
489 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
491 .algo = RTE_CRYPTO_AEAD_AES_GCM,
516 { /* AES XCBC HMAC */
517 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
519 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
521 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
539 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
541 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
543 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
560 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
562 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
564 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
580 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
582 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
584 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
600 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
602 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
604 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
620 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
622 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
624 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
639 { /* SNOW 3G (UIA2) */
640 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
642 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
644 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
664 { /* SNOW 3G (UEA2) */
665 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
667 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
669 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
685 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
687 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
689 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
705 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
707 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
709 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
729 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
732 #ifdef RTE_LIB_SECURITY
734 static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] = {
735 { /* SNOW 3G (UIA2) */
736 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
738 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
740 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
760 { /* SNOW 3G (UEA2) */
761 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
763 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
765 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
781 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
783 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
785 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
801 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
803 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
805 .algo = RTE_CRYPTO_AUTH_NULL,
821 { /* NULL (CIPHER) */
822 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
824 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
826 .algo = RTE_CRYPTO_CIPHER_NULL,
842 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
844 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
846 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
862 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
864 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
866 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
887 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
890 static const struct rte_security_capability dpaa2_sec_security_cap[] = {
891 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
892 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
893 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
895 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
896 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
897 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
899 .replay_win_sz_max = 128
901 .crypto_capabilities = dpaa2_sec_capabilities
903 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
904 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
905 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
907 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
908 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
909 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
911 .replay_win_sz_max = 128
913 .crypto_capabilities = dpaa2_sec_capabilities
915 { /* PDCP Lookaside Protocol offload Data */
916 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
917 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
919 .domain = RTE_SECURITY_PDCP_MODE_DATA,
922 .crypto_capabilities = dpaa2_pdcp_capabilities
924 { /* PDCP Lookaside Protocol offload Control */
925 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
926 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
928 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
931 .crypto_capabilities = dpaa2_pdcp_capabilities
933 { /* PDCP Lookaside Protocol offload Short MAC */
934 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
935 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
937 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
940 .crypto_capabilities = dpaa2_pdcp_capabilities
943 .action = RTE_SECURITY_ACTION_TYPE_NONE
950 * @param buffer calculate chksum for buffer
951 * @param len buffer length
953 * @return checksum value in host cpu order
955 static inline uint16_t
956 calc_chksum(void *buffer, int len)
958 uint16_t *buf = (uint16_t *)buffer;
962 for (sum = 0; len > 1; len -= 2)
966 sum += *(unsigned char *)buf;
968 sum = (sum >> 16) + (sum & 0xFFFF);
976 dpaa2_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
977 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
978 enum rte_crypto_op_sess_type sess_type,
979 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
982 dpaa2_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
985 #endif /* _DPAA2_SEC_PMD_PRIVATE_H_ */