1 /* SPDX-License-Identifier: BSD-3-Clause
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define MAX_DPAA_CORES 4
14 #define NUM_POOL_CHANNELS 4
15 #define DPAA_SEC_BURST 7
16 #define DPAA_SEC_ALG_UNSUPPORT (-1)
17 #define TDES_CBC_IV_LEN 8
18 #define AES_CBC_IV_LEN 16
19 #define AES_CTR_IV_LEN 16
20 #define AES_GCM_IV_LEN 12
22 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
25 * a pointer to the shared descriptor.
27 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
29 #define CTX_POOL_NUM_BUFS 32000
30 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
31 #define CTX_POOL_CACHE_SIZE 512
32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
37 enum dpaa_sec_op_type {
38 DPAA_SEC_NONE, /*!< No Cipher operations*/
39 DPAA_SEC_CIPHER,/*!< CIPHER operations */
40 DPAA_SEC_AUTH, /*!< Authentication Operations */
41 DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
42 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
43 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
44 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
49 #define DPAA_SEC_MAX_DESC_SIZE 64
50 /* code or cmd block to caam */
56 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
58 unsigned int rsvd47_39:9;
62 unsigned int rsvd47_39:9;
71 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
72 unsigned int rsvd31_30:2;
75 unsigned int offset:2;
77 unsigned int add_buf:1;
79 uint16_t pool_buffer_size;
81 uint16_t pool_buffer_size;
83 unsigned int add_buf:1;
85 unsigned int offset:2;
88 unsigned int rsvd31_30:2;
94 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
98 * The structure is to be filled by user as a part of
99 * dpaa_sec_proto_ctxt for PDCP Protocol
101 struct sec_pdcp_ctxt {
102 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
103 int8_t bearer; /*!< PDCP bearer ID */
104 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
105 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
106 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
107 uint32_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
108 * per packet hfn is stored
110 uint32_t hfn; /*!< Hyper Frame Number */
111 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
114 typedef struct dpaa_sec_session_entry {
115 uint8_t dir; /*!< Operation Direction */
116 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
117 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
118 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
119 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
122 uint8_t *data; /**< pointer to key data */
123 size_t length; /**< key length in bytes */
127 uint8_t *data; /**< pointer to key data */
128 size_t length; /**< key length in bytes */
131 uint8_t *data; /**< pointer to key data */
132 size_t length; /**< key length in bytes */
141 } iv; /**< Initialisation vector parameters */
142 uint16_t auth_only_len;
143 /*!< Length of data for Auth only */
144 uint32_t digest_length;
145 struct ipsec_decap_pdb decap_pdb;
146 struct ipsec_encap_pdb encap_pdb;
149 struct rte_ipv6_hdr ip6_hdr;
152 struct sec_pdcp_ctxt pdcp;
154 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
155 struct qman_fq *inq[MAX_DPAA_CORES];
156 struct sec_cdb cdb; /**< cmd block associated with qp */
157 struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
161 struct dpaa_sec_dev_private *internals;
169 #define RTE_DPAA_MAX_NB_SEC_QPS 2
170 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
171 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
173 /* internal sec queue interface */
174 struct dpaa_sec_dev_private {
176 struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
177 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
178 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
179 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
180 unsigned int max_nb_queue_pairs;
181 unsigned int max_nb_sessions;
185 #define MAX_SG_ENTRIES 16
186 #define MAX_JOB_SG_ENTRIES 36
188 struct dpaa_sec_job {
189 /* sg[0] output, sg[1] input, others are possible sub frames */
190 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
193 #define DPAA_MAX_NB_MAX_DIGEST 32
194 struct dpaa_sec_op_ctx {
195 struct dpaa_sec_job job;
196 struct rte_crypto_op *op;
197 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
200 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
203 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
205 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
207 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
209 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
226 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
228 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
230 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
247 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
249 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
251 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
268 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
270 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
272 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
291 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
293 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
310 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
312 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
314 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
331 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
333 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
335 .algo = RTE_CRYPTO_AEAD_AES_GCM,
361 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
363 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
365 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
381 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
383 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
385 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
401 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
403 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
405 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
421 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
424 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
425 { /* SNOW 3G (UIA2) */
426 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
428 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
430 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
450 { /* SNOW 3G (UEA2) */
451 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
453 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
455 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
471 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
473 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
475 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
491 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
493 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
495 .algo = RTE_CRYPTO_AUTH_NULL,
511 { /* NULL (CIPHER) */
512 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
514 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
516 .algo = RTE_CRYPTO_CIPHER_NULL,
532 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
534 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
536 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
552 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
554 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
556 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
577 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
580 static const struct rte_security_capability dpaa_sec_security_cap[] = {
581 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
582 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
583 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
585 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
586 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
587 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
590 .crypto_capabilities = dpaa_sec_capabilities
592 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
593 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
594 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
596 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
597 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
598 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
601 .crypto_capabilities = dpaa_sec_capabilities
603 { /* PDCP Lookaside Protocol offload Data */
604 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
605 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
607 .domain = RTE_SECURITY_PDCP_MODE_DATA,
609 .crypto_capabilities = dpaa_pdcp_capabilities
611 { /* PDCP Lookaside Protocol offload Control */
612 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
613 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
615 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
617 .crypto_capabilities = dpaa_pdcp_capabilities
620 .action = RTE_SECURITY_ACTION_TYPE_NONE
627 * @param buffer calculate chksum for buffer
628 * @param len buffer length
630 * @return checksum value in host cpu order
632 static inline uint16_t
633 calc_chksum(void *buffer, int len)
635 uint16_t *buf = (uint16_t *)buffer;
639 for (sum = 0; len > 1; len -= 2)
643 sum += *(unsigned char *)buf;
645 sum = (sum >> 16) + (sum & 0xFFFF);
652 #endif /* _DPAA_SEC_H_ */