1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright 2016-2021 NXP
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define MAX_DPAA_CORES 4
14 #define NUM_POOL_CHANNELS 4
15 #define DPAA_SEC_BURST 7
16 #define DPAA_SEC_ALG_UNSUPPORT (-1)
17 #define TDES_CBC_IV_LEN 8
18 #define AES_CBC_IV_LEN 16
19 #define AES_CTR_IV_LEN 16
20 #define AES_GCM_IV_LEN 12
22 extern uint8_t dpaa_cryptodev_driver_id;
24 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
26 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
27 * a pointer to the shared descriptor.
29 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
30 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
31 #define CTX_POOL_NUM_BUFS 32000
32 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
33 #define CTX_POOL_CACHE_SIZE 512
34 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
39 enum dpaa_sec_op_type {
40 DPAA_SEC_NONE, /*!< No Cipher operations*/
41 DPAA_SEC_CIPHER,/*!< CIPHER operations */
42 DPAA_SEC_AUTH, /*!< Authentication Operations */
43 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
44 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
47 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
50 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
51 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
52 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
56 #define DPAA_SEC_MAX_DESC_SIZE 64
57 /* code or cmd block to caam */
63 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
65 unsigned int rsvd47_39:9;
69 unsigned int rsvd47_39:9;
78 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
79 unsigned int rsvd31_30:2;
82 unsigned int offset:2;
84 unsigned int add_buf:1;
86 uint16_t pool_buffer_size;
88 uint16_t pool_buffer_size;
90 unsigned int add_buf:1;
92 unsigned int offset:2;
95 unsigned int rsvd31_30:2;
101 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
103 #ifdef RTE_LIB_SECURITY
105 * The structure is to be filled by user as a part of
106 * dpaa_sec_proto_ctxt for PDCP Protocol
108 struct sec_pdcp_ctxt {
109 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
110 int8_t bearer; /*!< PDCP bearer ID */
111 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
112 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
113 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
114 uint8_t sdap_enabled; /*!< SDAP header is enabled */
115 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
116 * per packet hfn is stored
118 uint32_t hfn; /*!< Hyper Frame Number */
119 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
123 typedef int (*dpaa_sec_build_fd_t)(
124 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
125 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
126 struct rte_crypto_va_iova_ptr *iv,
127 struct rte_crypto_va_iova_ptr *digest,
128 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
131 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
132 struct rte_crypto_sgl *sgl,
133 struct rte_crypto_sgl *dest_sgl,
134 struct rte_crypto_va_iova_ptr *iv,
135 struct rte_crypto_va_iova_ptr *digest,
136 struct rte_crypto_va_iova_ptr *auth_iv,
137 union rte_crypto_sym_ofs ofs,
140 typedef struct dpaa_sec_session_entry {
141 struct sec_cdb cdb; /**< cmd block associated with qp */
142 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
143 struct qman_fq *inq[MAX_DPAA_CORES];
144 uint8_t dir; /*!< Operation Direction */
145 uint8_t ctxt; /*!< Session Context Type */
146 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
147 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
148 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
149 #ifdef RTE_LIB_SECURITY
150 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
152 dpaa_sec_build_fd_t build_fd;
153 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd;
156 uint8_t *data; /**< pointer to key data */
157 size_t length; /**< key length in bytes */
163 uint8_t *data; /**< pointer to key data */
164 size_t length; /**< key length in bytes */
169 uint8_t *data; /**< pointer to key data */
170 size_t length; /**< key length in bytes */
181 } iv; /**< Initialisation vector parameters */
182 uint16_t auth_only_len;
183 /*!< Length of data for Auth only */
184 uint32_t digest_length;
185 struct ipsec_decap_pdb decap_pdb;
186 struct ipsec_encap_pdb encap_pdb;
189 struct rte_ipv6_hdr ip6_hdr;
191 uint8_t auth_cipher_text;
192 /**< Authenticate/cipher ordering */
194 #ifdef RTE_LIB_SECURITY
195 struct sec_pdcp_ctxt pdcp;
201 struct dpaa_sec_dev_private *internals;
202 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
210 #define RTE_DPAA_MAX_NB_SEC_QPS 2
211 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
212 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
214 /* internal sec queue interface */
215 struct dpaa_sec_dev_private {
217 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
218 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
219 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
220 unsigned int max_nb_queue_pairs;
221 unsigned int max_nb_sessions;
225 #define MAX_SG_ENTRIES 16
226 #define MAX_JOB_SG_ENTRIES 36
228 struct dpaa_sec_job {
229 /* sg[0] output, sg[1] input, others are possible sub frames */
230 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
233 #define DPAA_MAX_NB_MAX_DIGEST 32
234 struct dpaa_sec_op_ctx {
235 struct dpaa_sec_job job;
237 struct rte_crypto_op *op;
240 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
243 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
246 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
248 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
250 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
252 .algo = RTE_CRYPTO_AUTH_NULL,
269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
271 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
273 .algo = RTE_CRYPTO_AUTH_MD5,
290 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
292 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
294 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
311 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
313 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
315 .algo = RTE_CRYPTO_AUTH_SHA1,
332 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
334 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
336 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
353 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
355 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
357 .algo = RTE_CRYPTO_AUTH_SHA224,
374 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
376 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
378 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
397 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
399 .algo = RTE_CRYPTO_AUTH_SHA256,
416 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
418 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
420 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
437 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
439 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
441 .algo = RTE_CRYPTO_AUTH_SHA384,
458 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
460 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
462 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
479 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
481 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
483 .algo = RTE_CRYPTO_AUTH_SHA512,
500 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
502 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
504 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
521 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
523 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
525 .algo = RTE_CRYPTO_AEAD_AES_GCM,
550 { /* NULL (CIPHER) */
551 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
553 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
555 .algo = RTE_CRYPTO_CIPHER_NULL,
571 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
573 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
575 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
591 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
593 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
595 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
611 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
613 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
615 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
631 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
633 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
635 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
650 { /* SNOW 3G (UIA2) */
651 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
653 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
655 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
675 { /* SNOW 3G (UEA2) */
676 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
678 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
680 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
696 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
698 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
700 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
716 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
718 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
720 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
741 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
743 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
745 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
761 { /* AES XCBC HMAC */
762 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
764 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
766 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
783 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
786 #ifdef RTE_LIB_SECURITY
787 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
788 { /* SNOW 3G (UIA2) */
789 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
791 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
793 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
813 { /* SNOW 3G (UEA2) */
814 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
816 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
818 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
834 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
836 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
838 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
854 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
856 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
858 .algo = RTE_CRYPTO_AUTH_NULL,
874 { /* NULL (CIPHER) */
875 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
877 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
879 .algo = RTE_CRYPTO_CIPHER_NULL,
895 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
897 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
899 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
915 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
917 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
919 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
940 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
943 static const struct rte_security_capability dpaa_sec_security_cap[] = {
944 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
945 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
946 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
948 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
949 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
950 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
952 .replay_win_sz_max = 128
954 .crypto_capabilities = dpaa_sec_capabilities
956 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
957 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
958 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
960 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
961 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
962 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
964 .replay_win_sz_max = 128
966 .crypto_capabilities = dpaa_sec_capabilities
968 { /* PDCP Lookaside Protocol offload Data */
969 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
970 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
972 .domain = RTE_SECURITY_PDCP_MODE_DATA,
975 .crypto_capabilities = dpaa_pdcp_capabilities
977 { /* PDCP Lookaside Protocol offload Control */
978 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
979 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
981 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
984 .crypto_capabilities = dpaa_pdcp_capabilities
986 { /* PDCP Lookaside Protocol offload Short MAC */
987 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
988 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
990 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
993 .crypto_capabilities = dpaa_pdcp_capabilities
996 .action = RTE_SECURITY_ACTION_TYPE_NONE
1004 * @param buffer calculate chksum for buffer
1005 * @param len buffer length
1007 * @return checksum value in host cpu order
1009 static inline uint16_t
1010 calc_chksum(void *buffer, int len)
1012 uint16_t *buf = (uint16_t *)buffer;
1016 for (sum = 0; len > 1; len -= 2)
1020 sum += *(unsigned char *)buf;
1022 sum = (sum >> 16) + (sum & 0xFFFF);
1030 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
1031 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
1032 enum rte_crypto_op_sess_type sess_type,
1033 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
1036 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
1039 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
1041 #endif /* _DPAA_SEC_H_ */