1 /* SPDX-License-Identifier: BSD-3-Clause
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define MAX_DPAA_CORES 4
14 #define NUM_POOL_CHANNELS 4
15 #define DPAA_SEC_BURST 7
16 #define DPAA_SEC_ALG_UNSUPPORT (-1)
17 #define TDES_CBC_IV_LEN 8
18 #define AES_CBC_IV_LEN 16
19 #define AES_CTR_IV_LEN 16
20 #define AES_GCM_IV_LEN 12
22 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
23 * a pointer to the shared descriptor.
25 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
26 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
27 #define CTX_POOL_NUM_BUFS 32000
28 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
29 #define CTX_POOL_CACHE_SIZE 512
30 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
35 enum dpaa_sec_op_type {
36 DPAA_SEC_NONE, /*!< No Cipher operations*/
37 DPAA_SEC_CIPHER,/*!< CIPHER operations */
38 DPAA_SEC_AUTH, /*!< Authentication Operations */
39 DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
40 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
41 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
42 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
47 #define DPAA_SEC_MAX_DESC_SIZE 64
48 /* code or cmd block to caam */
54 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
56 unsigned int rsvd47_39:9;
60 unsigned int rsvd47_39:9;
69 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
70 unsigned int rsvd31_30:2;
73 unsigned int offset:2;
75 unsigned int add_buf:1;
77 uint16_t pool_buffer_size;
79 uint16_t pool_buffer_size;
81 unsigned int add_buf:1;
83 unsigned int offset:2;
86 unsigned int rsvd31_30:2;
92 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
96 * The structure is to be filled by user as a part of
97 * dpaa_sec_proto_ctxt for PDCP Protocol
99 struct sec_pdcp_ctxt {
100 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
101 int8_t bearer; /*!< PDCP bearer ID */
102 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
103 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
104 uint32_t hfn; /*!< Hyper Frame Number */
105 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
106 uint8_t sn_size; /*!< Sequence number size, 7/12/15 */
109 typedef struct dpaa_sec_session_entry {
110 uint8_t dir; /*!< Operation Direction */
111 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
112 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
113 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
114 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
117 uint8_t *data; /**< pointer to key data */
118 size_t length; /**< key length in bytes */
122 uint8_t *data; /**< pointer to key data */
123 size_t length; /**< key length in bytes */
126 uint8_t *data; /**< pointer to key data */
127 size_t length; /**< key length in bytes */
136 } iv; /**< Initialisation vector parameters */
137 uint16_t auth_only_len;
138 /*!< Length of data for Auth only */
139 uint32_t digest_length;
140 struct ipsec_decap_pdb decap_pdb;
141 struct ipsec_encap_pdb encap_pdb;
144 struct sec_pdcp_ctxt pdcp;
146 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
147 struct qman_fq *inq[MAX_DPAA_CORES];
148 struct sec_cdb cdb; /**< cmd block associated with qp */
149 struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
153 struct dpaa_sec_dev_private *internals;
161 #define RTE_DPAA_MAX_NB_SEC_QPS 2
162 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
163 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
165 /* internal sec queue interface */
166 struct dpaa_sec_dev_private {
168 struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
169 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
170 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
171 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
172 unsigned int max_nb_queue_pairs;
173 unsigned int max_nb_sessions;
177 #define MAX_SG_ENTRIES 16
178 #define SG_CACHELINE_0 0
179 #define SG_CACHELINE_1 4
180 #define SG_CACHELINE_2 8
181 #define SG_CACHELINE_3 12
182 struct dpaa_sec_job {
183 /* sg[0] output, sg[1] input, others are possible sub frames */
184 struct qm_sg_entry sg[MAX_SG_ENTRIES];
187 #define DPAA_MAX_NB_MAX_DIGEST 32
188 struct dpaa_sec_op_ctx {
189 struct dpaa_sec_job job;
190 struct rte_crypto_op *op;
191 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
194 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
197 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
199 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
201 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
203 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
220 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
222 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
224 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
241 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
243 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
245 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
262 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
264 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
266 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
285 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
287 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
304 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
306 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
308 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
325 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
327 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
329 .algo = RTE_CRYPTO_AEAD_AES_GCM,
355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
357 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
359 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
379 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
397 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
399 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
415 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
418 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
419 { /* SNOW 3G (UIA2) */
420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
422 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
424 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
444 { /* SNOW 3G (UEA2) */
445 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
447 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
449 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
465 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
467 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
469 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
485 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
487 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
489 .algo = RTE_CRYPTO_AUTH_NULL,
505 { /* NULL (CIPHER) */
506 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
508 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
510 .algo = RTE_CRYPTO_CIPHER_NULL,
526 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
528 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
530 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
546 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
548 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
550 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
571 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
574 static const struct rte_security_capability dpaa_sec_security_cap[] = {
575 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
576 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
577 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
579 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
580 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
581 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
584 .crypto_capabilities = dpaa_sec_capabilities
586 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
587 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
588 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
590 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
591 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
592 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
595 .crypto_capabilities = dpaa_sec_capabilities
597 { /* PDCP Lookaside Protocol offload Data */
598 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
599 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
601 .domain = RTE_SECURITY_PDCP_MODE_DATA,
603 .crypto_capabilities = dpaa_pdcp_capabilities
605 { /* PDCP Lookaside Protocol offload Control */
606 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
607 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
609 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
611 .crypto_capabilities = dpaa_pdcp_capabilities
614 .action = RTE_SECURITY_ACTION_TYPE_NONE
621 * @param buffer calculate chksum for buffer
622 * @param len buffer length
624 * @return checksum value in host cpu order
626 static inline uint16_t
627 calc_chksum(void *buffer, int len)
629 uint16_t *buf = (uint16_t *)buffer;
633 for (sum = 0; len > 1; len -= 2)
637 sum += *(unsigned char *)buf;
639 sum = (sum >> 16) + (sum & 0xFFFF);
646 #endif /* _DPAA_SEC_H_ */