1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright 2016-2021 NXP
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define MAX_DPAA_CORES 4
14 #define NUM_POOL_CHANNELS 4
15 #define DPAA_SEC_BURST 7
16 #define DPAA_SEC_ALG_UNSUPPORT (-1)
17 #define TDES_CBC_IV_LEN 8
18 #define AES_CBC_IV_LEN 16
19 #define AES_CTR_IV_LEN 16
20 #define AES_GCM_IV_LEN 12
22 extern uint8_t dpaa_cryptodev_driver_id;
24 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
26 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
27 * a pointer to the shared descriptor.
29 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
30 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
31 #define CTX_POOL_NUM_BUFS 32000
32 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
33 #define CTX_POOL_CACHE_SIZE 512
34 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
39 enum dpaa_sec_op_type {
40 DPAA_SEC_NONE, /*!< No Cipher operations*/
41 DPAA_SEC_CIPHER,/*!< CIPHER operations */
42 DPAA_SEC_AUTH, /*!< Authentication Operations */
43 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
44 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
47 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
50 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
51 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
52 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
56 #define DPAA_SEC_MAX_DESC_SIZE 64
57 /* code or cmd block to caam */
63 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
65 unsigned int rsvd47_39:9;
69 unsigned int rsvd47_39:9;
78 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
79 unsigned int rsvd31_30:2;
82 unsigned int offset:2;
84 unsigned int add_buf:1;
86 uint16_t pool_buffer_size;
88 uint16_t pool_buffer_size;
90 unsigned int add_buf:1;
92 unsigned int offset:2;
95 unsigned int rsvd31_30:2;
101 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
103 #ifdef RTE_LIB_SECURITY
105 * The structure is to be filled by user as a part of
106 * dpaa_sec_proto_ctxt for PDCP Protocol
108 struct sec_pdcp_ctxt {
109 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
110 int8_t bearer; /*!< PDCP bearer ID */
111 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
112 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
113 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
114 uint8_t sdap_enabled; /*!< SDAP header is enabled */
115 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
116 * per packet hfn is stored
118 uint32_t hfn; /*!< Hyper Frame Number */
119 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
123 typedef int (*dpaa_sec_build_fd_t)(
124 void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
125 uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
126 struct rte_crypto_va_iova_ptr *iv,
127 struct rte_crypto_va_iova_ptr *digest,
128 struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
131 typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
132 struct rte_crypto_sgl *sgl,
133 struct rte_crypto_sgl *dest_sgl,
134 struct rte_crypto_va_iova_ptr *iv,
135 struct rte_crypto_va_iova_ptr *digest,
136 struct rte_crypto_va_iova_ptr *auth_iv,
137 union rte_crypto_sym_ofs ofs,
141 typedef struct dpaa_sec_session_entry {
142 struct sec_cdb cdb; /**< cmd block associated with qp */
143 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
144 struct qman_fq *inq[MAX_DPAA_CORES];
145 uint8_t dir; /*!< Operation Direction */
146 uint8_t ctxt; /*!< Session Context Type */
147 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
148 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
149 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
150 #ifdef RTE_LIB_SECURITY
151 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
153 dpaa_sec_build_fd_t build_fd;
154 dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd;
157 uint8_t *data; /**< pointer to key data */
158 size_t length; /**< key length in bytes */
164 uint8_t *data; /**< pointer to key data */
165 size_t length; /**< key length in bytes */
170 uint8_t *data; /**< pointer to key data */
171 size_t length; /**< key length in bytes */
182 } iv; /**< Initialisation vector parameters */
183 uint16_t auth_only_len;
184 /*!< Length of data for Auth only */
185 uint32_t digest_length;
186 struct ipsec_decap_pdb decap_pdb;
187 struct ipsec_encap_pdb encap_pdb;
190 struct rte_ipv6_hdr ip6_hdr;
192 uint8_t auth_cipher_text;
193 /**< Authenticate/cipher ordering */
195 #ifdef RTE_LIB_SECURITY
196 struct sec_pdcp_ctxt pdcp;
202 struct dpaa_sec_dev_private *internals;
203 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
211 #define RTE_DPAA_MAX_NB_SEC_QPS 2
212 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
213 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
215 /* internal sec queue interface */
216 struct dpaa_sec_dev_private {
218 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
219 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
220 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
221 unsigned int max_nb_queue_pairs;
222 unsigned int max_nb_sessions;
226 #define MAX_SG_ENTRIES 16
227 #define MAX_JOB_SG_ENTRIES 36
229 struct dpaa_sec_job {
230 /* sg[0] output, sg[1] input, others are possible sub frames */
231 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
234 #define DPAA_MAX_NB_MAX_DIGEST 32
235 struct dpaa_sec_op_ctx {
236 struct dpaa_sec_job job;
238 struct rte_crypto_op *op;
241 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
244 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
247 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
249 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
251 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
253 .algo = RTE_CRYPTO_AUTH_NULL,
270 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
272 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
274 .algo = RTE_CRYPTO_AUTH_MD5,
291 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
293 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
295 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
312 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
314 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
316 .algo = RTE_CRYPTO_AUTH_SHA1,
333 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
335 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
337 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
354 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
356 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
358 .algo = RTE_CRYPTO_AUTH_SHA224,
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
379 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
396 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
398 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
400 .algo = RTE_CRYPTO_AUTH_SHA256,
417 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
419 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
421 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
440 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
442 .algo = RTE_CRYPTO_AUTH_SHA384,
459 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
461 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
463 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
480 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
482 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
484 .algo = RTE_CRYPTO_AUTH_SHA512,
501 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
503 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
505 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
522 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
524 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
526 .algo = RTE_CRYPTO_AEAD_AES_GCM,
551 { /* NULL (CIPHER) */
552 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
554 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
556 .algo = RTE_CRYPTO_CIPHER_NULL,
572 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
574 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
576 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
592 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
594 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
596 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
612 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
614 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
616 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
632 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
634 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
636 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
651 { /* SNOW 3G (UIA2) */
652 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
654 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
656 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
676 { /* SNOW 3G (UEA2) */
677 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
679 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
681 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
697 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
699 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
701 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
717 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
719 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
721 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
742 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
744 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
746 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
762 { /* AES XCBC HMAC */
763 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
765 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
767 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
784 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
787 #ifdef RTE_LIB_SECURITY
788 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
789 { /* SNOW 3G (UIA2) */
790 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
792 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
794 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
814 { /* SNOW 3G (UEA2) */
815 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
817 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
819 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
835 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
837 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
839 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
855 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
857 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
859 .algo = RTE_CRYPTO_AUTH_NULL,
875 { /* NULL (CIPHER) */
876 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
878 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
880 .algo = RTE_CRYPTO_CIPHER_NULL,
896 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
898 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
900 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
916 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
918 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
920 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
941 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
944 static const struct rte_security_capability dpaa_sec_security_cap[] = {
945 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
946 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
947 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
949 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
950 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
951 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
953 .replay_win_sz_max = 128
955 .crypto_capabilities = dpaa_sec_capabilities
957 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
958 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
959 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
961 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
962 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
963 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
965 .replay_win_sz_max = 128
967 .crypto_capabilities = dpaa_sec_capabilities
969 { /* PDCP Lookaside Protocol offload Data */
970 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
971 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
973 .domain = RTE_SECURITY_PDCP_MODE_DATA,
976 .crypto_capabilities = dpaa_pdcp_capabilities
978 { /* PDCP Lookaside Protocol offload Control */
979 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
980 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
982 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
985 .crypto_capabilities = dpaa_pdcp_capabilities
987 { /* PDCP Lookaside Protocol offload Short MAC */
988 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
989 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
991 .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
994 .crypto_capabilities = dpaa_pdcp_capabilities
997 .action = RTE_SECURITY_ACTION_TYPE_NONE
1005 * @param buffer calculate chksum for buffer
1006 * @param len buffer length
1008 * @return checksum value in host cpu order
1010 static inline uint16_t
1011 calc_chksum(void *buffer, int len)
1013 uint16_t *buf = (uint16_t *)buffer;
1017 for (sum = 0; len > 1; len -= 2)
1021 sum += *(unsigned char *)buf;
1023 sum = (sum >> 16) + (sum & 0xFFFF);
1031 dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
1032 struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
1033 enum rte_crypto_op_sess_type sess_type,
1034 union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
1037 dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
1040 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
1042 #endif /* _DPAA_SEC_H_ */