1 /* SPDX-License-Identifier: BSD-3-Clause
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define NUM_POOL_CHANNELS 4
14 #define DPAA_SEC_BURST 7
15 #define DPAA_SEC_ALG_UNSUPPORT (-1)
16 #define TDES_CBC_IV_LEN 8
17 #define AES_CBC_IV_LEN 16
18 #define AES_CTR_IV_LEN 16
19 #define AES_GCM_IV_LEN 12
21 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
22 * a pointer to the shared descriptor.
24 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
25 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
26 #define CTX_POOL_NUM_BUFS 32000
27 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
28 #define CTX_POOL_CACHE_SIZE 512
33 enum dpaa_sec_op_type {
34 DPAA_SEC_NONE, /*!< No Cipher operations*/
35 DPAA_SEC_CIPHER,/*!< CIPHER operations */
36 DPAA_SEC_AUTH, /*!< Authentication Operations */
37 DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
38 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
39 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
40 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
45 #define DPAA_SEC_MAX_DESC_SIZE 64
46 /* code or cmd block to caam */
52 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
54 unsigned int rsvd47_39:9;
58 unsigned int rsvd47_39:9;
67 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
68 unsigned int rsvd31_30:2;
71 unsigned int offset:2;
73 unsigned int add_buf:1;
75 uint16_t pool_buffer_size;
77 uint16_t pool_buffer_size;
79 unsigned int add_buf:1;
81 unsigned int offset:2;
84 unsigned int rsvd31_30:2;
90 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
93 typedef struct dpaa_sec_session_entry {
94 uint8_t dir; /*!< Operation Direction */
95 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
96 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
97 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
98 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
101 uint8_t *data; /**< pointer to key data */
102 size_t length; /**< key length in bytes */
106 uint8_t *data; /**< pointer to key data */
107 size_t length; /**< key length in bytes */
110 uint8_t *data; /**< pointer to key data */
111 size_t length; /**< key length in bytes */
118 } iv; /**< Initialisation vector parameters */
119 uint16_t auth_only_len; /*!< Length of data for Auth only */
120 uint32_t digest_length;
121 struct ipsec_encap_pdb encap_pdb;
123 struct ipsec_decap_pdb decap_pdb;
124 struct dpaa_sec_qp *qp;
126 struct sec_cdb cdb; /**< cmd block associated with qp */
127 struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
131 struct dpaa_sec_dev_private *internals;
139 #define RTE_DPAA_MAX_NB_SEC_QPS 1
140 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
141 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
143 /* internal sec queue interface */
144 struct dpaa_sec_dev_private {
146 struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
147 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
148 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
149 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
150 unsigned int max_nb_queue_pairs;
151 unsigned int max_nb_sessions;
154 #define MAX_SG_ENTRIES 16
155 #define SG_CACHELINE_0 0
156 #define SG_CACHELINE_1 4
157 #define SG_CACHELINE_2 8
158 #define SG_CACHELINE_3 12
159 struct dpaa_sec_job {
160 /* sg[0] output, sg[1] input, others are possible sub frames */
161 struct qm_sg_entry sg[MAX_SG_ENTRIES];
164 #define DPAA_MAX_NB_MAX_DIGEST 32
165 struct dpaa_sec_op_ctx {
166 struct dpaa_sec_job job;
167 struct rte_crypto_op *op;
168 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
171 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
174 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
176 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
178 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
180 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
196 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
198 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
200 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
216 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
218 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
220 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
236 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
238 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
240 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
256 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
258 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
260 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
276 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
278 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
280 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
296 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
298 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
300 .algo = RTE_CRYPTO_AEAD_AES_GCM,
326 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
328 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
330 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
346 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
348 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
350 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
366 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
368 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
370 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
386 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
389 static const struct rte_security_capability dpaa_sec_security_cap[] = {
390 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
391 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
392 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
394 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
395 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
396 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
399 .crypto_capabilities = dpaa_sec_capabilities
401 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
402 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
403 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
405 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
406 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
407 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
410 .crypto_capabilities = dpaa_sec_capabilities
413 .action = RTE_SECURITY_ACTION_TYPE_NONE
420 * @param buffer calculate chksum for buffer
421 * @param len buffer length
423 * @return checksum value in host cpu order
425 static inline uint16_t
426 calc_chksum(void *buffer, int len)
428 uint16_t *buf = (uint16_t *)buffer;
432 for (sum = 0; len > 1; len -= 2)
436 sum += *(unsigned char *)buf;
438 sum = (sum >> 16) + (sum & 0xFFFF);
445 #endif /* _DPAA_SEC_H_ */