drivers/crypto/dpaa_sec/dpaa_sec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  *
   3  *   Copyright 2016 NXP
   4  *
   5  */
   6
   7 #ifndef _DPAA_SEC_H_
   8 #define _DPAA_SEC_H_
   9
  10 #define CRYPTODEV_NAME_DPAA_SEC_PMD     crypto_dpaa_sec
  11 /**< NXP DPAA - SEC PMD device name */
  12
  13 #define NUM_POOL_CHANNELS       4
  14 #define DPAA_SEC_BURST          7
  15 #define DPAA_SEC_ALG_UNSUPPORT  (-1)
  16 #define TDES_CBC_IV_LEN         8
  17 #define AES_CBC_IV_LEN          16
  18 #define AES_CTR_IV_LEN          16
  19 #define AES_GCM_IV_LEN          12
  20
  21 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
  22  * a pointer to the shared descriptor.
  23  */
  24 #define MIN_JOB_DESC_SIZE       (CAAM_CMD_SZ + CAAM_PTR_SZ)
  25 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
  26 #define CTX_POOL_NUM_BUFS       32000
  27 #define CTX_POOL_BUF_SIZE       sizeof(struct dpaa_sec_op_ctx)
  28 #define CTX_POOL_CACHE_SIZE     512
  29 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 2048
  30
  31 #define DIR_ENC                 1
  32 #define DIR_DEC                 0
  33
  34 enum dpaa_sec_op_type {
  35         DPAA_SEC_NONE,  /*!< No Cipher operations*/
  36         DPAA_SEC_CIPHER,/*!< CIPHER operations */
  37         DPAA_SEC_AUTH,  /*!< Authentication Operations */
  38         DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
  39         DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
  40         DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
  41         DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
  42         DPAA_SEC_MAX
  43 };
  44
  45
  46 #define DPAA_SEC_MAX_DESC_SIZE  64
  47 /* code or cmd block to caam */
  48 struct sec_cdb {
  49         struct {
  50                 union {
  51                         uint32_t word;
  52                         struct {
  53 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  54                                 uint16_t rsvd63_48;
  55                                 unsigned int rsvd47_39:9;
  56                                 unsigned int idlen:7;
  57 #else
  58                                 unsigned int idlen:7;
  59                                 unsigned int rsvd47_39:9;
  60                                 uint16_t rsvd63_48;
  61 #endif
  62                         } field;
  63                 } __packed hi;
  64
  65                 union {
  66                         uint32_t word;
  67                         struct {
  68 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  69                                 unsigned int rsvd31_30:2;
  70                                 unsigned int fsgt:1;
  71                                 unsigned int lng:1;
  72                                 unsigned int offset:2;
  73                                 unsigned int abs:1;
  74                                 unsigned int add_buf:1;
  75                                 uint8_t pool_id;
  76                                 uint16_t pool_buffer_size;
  77 #else
  78                                 uint16_t pool_buffer_size;
  79                                 uint8_t pool_id;
  80                                 unsigned int add_buf:1;
  81                                 unsigned int abs:1;
  82                                 unsigned int offset:2;
  83                                 unsigned int lng:1;
  84                                 unsigned int fsgt:1;
  85                                 unsigned int rsvd31_30:2;
  86 #endif
  87                         } field;
  88                 } __packed lo;
  89         } __packed sh_hdr;
  90
  91         uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
  92 };
  93
  94 typedef struct dpaa_sec_session_entry {
  95         uint8_t dir;         /*!< Operation Direction */
  96         enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
  97         enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
  98         enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
  99         enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
 100         union {
 101                 struct {
 102                         uint8_t *data;  /**< pointer to key data */
 103                         size_t length;  /**< key length in bytes */
 104                 } aead_key;
 105                 struct {
 106                         struct {
 107                                 uint8_t *data;  /**< pointer to key data */
 108                                 size_t length;  /**< key length in bytes */
 109                         } cipher_key;
 110                         struct {
 111                                 uint8_t *data;  /**< pointer to key data */
 112                                 size_t length;  /**< key length in bytes */
 113                         } auth_key;
 114                 };
 115         };
 116         struct {
 117                 uint16_t length;
 118                 uint16_t offset;
 119         } iv;   /**< Initialisation vector parameters */
 120         uint16_t auth_only_len; /*!< Length of data for Auth only */
 121         uint32_t digest_length;
 122         struct ipsec_encap_pdb encap_pdb;
 123         struct ip ip4_hdr;
 124         struct ipsec_decap_pdb decap_pdb;
 125         struct dpaa_sec_qp *qp;
 126         struct qman_fq *inq;
 127         struct sec_cdb cdb;     /**< cmd block associated with qp */
 128         struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
 129 } dpaa_sec_session;
 130
 131 struct dpaa_sec_qp {
 132         struct dpaa_sec_dev_private *internals;
 133         struct qman_fq outq;
 134         int rx_pkts;
 135         int rx_errs;
 136         int tx_pkts;
 137         int tx_errs;
 138 };
 139
 140 #define RTE_DPAA_MAX_NB_SEC_QPS 8
 141 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
 142 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
 143
 144 /* internal sec queue interface */
 145 struct dpaa_sec_dev_private {
 146         void *sec_hw;
 147         struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
 148         struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
 149         struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
 150         unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
 151         unsigned int max_nb_queue_pairs;
 152         unsigned int max_nb_sessions;
 153 };
 154
 155 #define MAX_SG_ENTRIES          16
 156 #define SG_CACHELINE_0          0
 157 #define SG_CACHELINE_1          4
 158 #define SG_CACHELINE_2          8
 159 #define SG_CACHELINE_3          12
 160 struct dpaa_sec_job {
 161         /* sg[0] output, sg[1] input, others are possible sub frames */
 162         struct qm_sg_entry sg[MAX_SG_ENTRIES];
 163 };
 164
 165 #define DPAA_MAX_NB_MAX_DIGEST  32
 166 struct dpaa_sec_op_ctx {
 167         struct dpaa_sec_job job;
 168         struct rte_crypto_op *op;
 169         struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
 170         uint32_t fd_status;
 171         int64_t vtop_offset;
 172         uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
 173 };
 174
 175 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
 176         {       /* MD5 HMAC */
 177                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 178                 {.sym = {
 179                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 180                         {.auth = {
 181                                 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 182                                 .block_size = 64,
 183                                 .key_size = {
 184                                         .min = 1,
 185                                         .max = 64,
 186                                         .increment = 1
 187                                 },
 188                                 .digest_size = {
 189                                         .min = 1,
 190                                         .max = 16,
 191                                         .increment = 1
 192                                 },
 193                                 .iv_size = { 0 }
 194                         }, }
 195                 }, }
 196         },
 197         {       /* SHA1 HMAC */
 198                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 199                 {.sym = {
 200                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 201                         {.auth = {
 202                                 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 203                                 .block_size = 64,
 204                                 .key_size = {
 205                                         .min = 1,
 206                                         .max = 64,
 207                                         .increment = 1
 208                                 },
 209                                 .digest_size = {
 210                                         .min = 1,
 211                                         .max = 20,
 212                                         .increment = 1
 213                                 },
 214                                 .iv_size = { 0 }
 215                         }, }
 216                 }, }
 217         },
 218         {       /* SHA224 HMAC */
 219                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 220                 {.sym = {
 221                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 222                         {.auth = {
 223                                 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 224                                 .block_size = 64,
 225                                 .key_size = {
 226                                         .min = 1,
 227                                         .max = 64,
 228                                         .increment = 1
 229                                 },
 230                                 .digest_size = {
 231                                         .min = 1,
 232                                         .max = 28,
 233                                         .increment = 1
 234                                 },
 235                                 .iv_size = { 0 }
 236                         }, }
 237                 }, }
 238         },
 239         {       /* SHA256 HMAC */
 240                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 241                 {.sym = {
 242                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 243                         {.auth = {
 244                                 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 245                                 .block_size = 64,
 246                                 .key_size = {
 247                                         .min = 1,
 248                                         .max = 64,
 249                                         .increment = 1
 250                                 },
 251                                 .digest_size = {
 252                                         .min = 1,
 253                                         .max = 32,
 254                                         .increment = 1
 255                                 },
 256                                 .iv_size = { 0 }
 257                         }, }
 258                 }, }
 259         },
 260         {       /* SHA384 HMAC */
 261                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 262                 {.sym = {
 263                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 264                         {.auth = {
 265                                 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 266                                 .block_size = 128,
 267                                 .key_size = {
 268                                         .min = 1,
 269                                         .max = 128,
 270                                         .increment = 1
 271                                 },
 272                                 .digest_size = {
 273                                         .min = 1,
 274                                         .max = 48,
 275                                         .increment = 1
 276                                 },
 277                                 .iv_size = { 0 }
 278                         }, }
 279                 }, }
 280         },
 281         {       /* SHA512 HMAC */
 282                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 283                 {.sym = {
 284                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 285                         {.auth = {
 286                                 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 287                                 .block_size = 128,
 288                                 .key_size = {
 289                                         .min = 1,
 290                                         .max = 128,
 291                                         .increment = 1
 292                                 },
 293                                 .digest_size = {
 294                                         .min = 1,
 295                                         .max = 64,
 296                                         .increment = 1
 297                                 },
 298                                 .iv_size = { 0 }
 299                         }, }
 300                 }, }
 301         },
 302         {       /* AES GCM */
 303                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 304                 {.sym = {
 305                         .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
 306                         {.aead = {
 307                                 .algo = RTE_CRYPTO_AEAD_AES_GCM,
 308                                 .block_size = 16,
 309                                 .key_size = {
 310                                         .min = 16,
 311                                         .max = 32,
 312                                         .increment = 8
 313                                 },
 314                                 .digest_size = {
 315                                         .min = 8,
 316                                         .max = 16,
 317                                         .increment = 4
 318                                 },
 319                                 .aad_size = {
 320                                         .min = 0,
 321                                         .max = 240,
 322                                         .increment = 1
 323                                 },
 324                                 .iv_size = {
 325                                         .min = 12,
 326                                         .max = 12,
 327                                         .increment = 0
 328                                 },
 329                         }, }
 330                 }, }
 331         },
 332         {       /* AES CBC */
 333                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 334                 {.sym = {
 335                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 336                         {.cipher = {
 337                                 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
 338                                 .block_size = 16,
 339                                 .key_size = {
 340                                         .min = 16,
 341                                         .max = 32,
 342                                         .increment = 8
 343                                 },
 344                                 .iv_size = {
 345                                         .min = 16,
 346                                         .max = 16,
 347                                         .increment = 0
 348                                 }
 349                         }, }
 350                 }, }
 351         },
 352         {       /* AES CTR */
 353                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 354                 {.sym = {
 355                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 356                         {.cipher = {
 357                                 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
 358                                 .block_size = 16,
 359                                 .key_size = {
 360                                         .min = 16,
 361                                         .max = 32,
 362                                         .increment = 8
 363                                 },
 364                                 .iv_size = {
 365                                         .min = 16,
 366                                         .max = 16,
 367                                         .increment = 0
 368                                 }
 369                         }, }
 370                 }, }
 371         },
 372         {       /* 3DES CBC */
 373                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 374                 {.sym = {
 375                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 376                         {.cipher = {
 377                                 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
 378                                 .block_size = 8,
 379                                 .key_size = {
 380                                         .min = 16,
 381                                         .max = 24,
 382                                         .increment = 8
 383                                 },
 384                                 .iv_size = {
 385                                         .min = 8,
 386                                         .max = 8,
 387                                         .increment = 0
 388                                 }
 389                         }, }
 390                 }, }
 391         },
 392
 393         RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 394 };
 395
 396 static const struct rte_security_capability dpaa_sec_security_cap[] = {
 397         { /* IPsec Lookaside Protocol offload ESP Transport Egress */
 398                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 399                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 400                 .ipsec = {
 401                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 402                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 403                         .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 404                         .options = { 0 }
 405                 },
 406                 .crypto_capabilities = dpaa_sec_capabilities
 407         },
 408         { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
 409                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 410                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 411                 .ipsec = {
 412                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 413                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 414                         .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 415                         .options = { 0 }
 416                 },
 417                 .crypto_capabilities = dpaa_sec_capabilities
 418         },
 419         {
 420                 .action = RTE_SECURITY_ACTION_TYPE_NONE
 421         }
 422 };
 423
 424 /**
 425  * Checksum
 426  *
 427  * @param buffer calculate chksum for buffer
 428  * @param len    buffer length
 429  *
 430  * @return checksum value in host cpu order
 431  */
 432 static inline uint16_t
 433 calc_chksum(void *buffer, int len)
 434 {
 435         uint16_t *buf = (uint16_t *)buffer;
 436         uint32_t sum = 0;
 437         uint16_t result;
 438
 439         for (sum = 0; len > 1; len -= 2)
 440                 sum += *buf++;
 441
 442         if (len == 1)
 443                 sum += *(unsigned char *)buf;
 444
 445         sum = (sum >> 16) + (sum & 0xFFFF);
 446         sum += (sum >> 16);
 447         result = ~sum;
 448
 449         return  result;
 450 }
 451
 452 #endif /* _DPAA_SEC_H_ */