1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright 2016-2020 NXP
10 #define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11 /**< NXP DPAA - SEC PMD device name */
13 #define MAX_DPAA_CORES 4
14 #define NUM_POOL_CHANNELS 4
15 #define DPAA_SEC_BURST 7
16 #define DPAA_SEC_ALG_UNSUPPORT (-1)
17 #define TDES_CBC_IV_LEN 8
18 #define AES_CBC_IV_LEN 16
19 #define AES_CTR_IV_LEN 16
20 #define AES_GCM_IV_LEN 12
22 #define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
24 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
25 * a pointer to the shared descriptor.
27 #define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
28 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
29 #define CTX_POOL_NUM_BUFS 32000
30 #define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
31 #define CTX_POOL_CACHE_SIZE 512
32 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
37 enum dpaa_sec_op_type {
38 DPAA_SEC_NONE, /*!< No Cipher operations*/
39 DPAA_SEC_CIPHER,/*!< CIPHER operations */
40 DPAA_SEC_AUTH, /*!< Authentication Operations */
41 DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
42 DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
45 DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
48 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
49 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
50 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
54 #define DPAA_SEC_MAX_DESC_SIZE 64
55 /* code or cmd block to caam */
61 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
63 unsigned int rsvd47_39:9;
67 unsigned int rsvd47_39:9;
76 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
77 unsigned int rsvd31_30:2;
80 unsigned int offset:2;
82 unsigned int add_buf:1;
84 uint16_t pool_buffer_size;
86 uint16_t pool_buffer_size;
88 unsigned int add_buf:1;
90 unsigned int offset:2;
93 unsigned int rsvd31_30:2;
99 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
101 #ifdef RTE_LIB_SECURITY
103 * The structure is to be filled by user as a part of
104 * dpaa_sec_proto_ctxt for PDCP Protocol
106 struct sec_pdcp_ctxt {
107 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
108 int8_t bearer; /*!< PDCP bearer ID */
109 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
110 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
111 uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
112 uint8_t sdap_enabled; /*!< SDAP header is enabled */
113 uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
114 * per packet hfn is stored
116 uint32_t hfn; /*!< Hyper Frame Number */
117 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
120 typedef struct dpaa_sec_session_entry {
121 struct sec_cdb cdb; /**< cmd block associated with qp */
122 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
123 struct qman_fq *inq[MAX_DPAA_CORES];
124 uint8_t dir; /*!< Operation Direction */
125 uint8_t ctxt; /*!< Session Context Type */
126 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
127 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
128 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
129 #ifdef RTE_LIB_SECURITY
130 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
134 uint8_t *data; /**< pointer to key data */
135 size_t length; /**< key length in bytes */
141 uint8_t *data; /**< pointer to key data */
142 size_t length; /**< key length in bytes */
147 uint8_t *data; /**< pointer to key data */
148 size_t length; /**< key length in bytes */
159 } iv; /**< Initialisation vector parameters */
160 uint16_t auth_only_len;
161 /*!< Length of data for Auth only */
162 uint32_t digest_length;
163 struct ipsec_decap_pdb decap_pdb;
164 struct ipsec_encap_pdb encap_pdb;
167 struct rte_ipv6_hdr ip6_hdr;
169 uint8_t auth_cipher_text;
170 /**< Authenticate/cipher ordering */
172 #ifdef RTE_LIB_SECURITY
173 struct sec_pdcp_ctxt pdcp;
179 struct dpaa_sec_dev_private *internals;
180 struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
188 #define RTE_DPAA_MAX_NB_SEC_QPS 2
189 #define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
190 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
192 /* internal sec queue interface */
193 struct dpaa_sec_dev_private {
195 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
196 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
197 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
198 unsigned int max_nb_queue_pairs;
199 unsigned int max_nb_sessions;
203 #define MAX_SG_ENTRIES 16
204 #define MAX_JOB_SG_ENTRIES 36
206 struct dpaa_sec_job {
207 /* sg[0] output, sg[1] input, others are possible sub frames */
208 struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
211 #define DPAA_MAX_NB_MAX_DIGEST 32
212 struct dpaa_sec_op_ctx {
213 struct dpaa_sec_job job;
214 struct rte_crypto_op *op;
215 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
218 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
221 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
223 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
225 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
227 .algo = RTE_CRYPTO_AUTH_NULL,
244 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
246 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
248 .algo = RTE_CRYPTO_AUTH_MD5,
265 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
267 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
269 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
286 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
288 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
290 .algo = RTE_CRYPTO_AUTH_SHA1,
307 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
309 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
311 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
328 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
330 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
332 .algo = RTE_CRYPTO_AUTH_SHA224,
349 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
351 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
353 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
370 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
372 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
374 .algo = RTE_CRYPTO_AUTH_SHA256,
391 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
393 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
395 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
412 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
414 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
416 .algo = RTE_CRYPTO_AUTH_SHA384,
433 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
435 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
437 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
456 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
458 .algo = RTE_CRYPTO_AUTH_SHA512,
475 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
477 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
479 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
496 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
498 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
500 .algo = RTE_CRYPTO_AEAD_AES_GCM,
525 { /* NULL (CIPHER) */
526 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
528 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
530 .algo = RTE_CRYPTO_CIPHER_NULL,
546 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
548 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
550 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
566 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
568 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
570 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
586 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
588 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
590 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
606 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
608 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
610 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
625 { /* SNOW 3G (UIA2) */
626 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
628 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
630 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
650 { /* SNOW 3G (UEA2) */
651 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
653 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
655 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
671 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
673 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
675 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
691 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
693 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
695 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
716 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
718 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
720 .algo = RTE_CRYPTO_AUTH_AES_CMAC,
736 { /* AES XCBC HMAC */
737 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
739 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
741 .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
758 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
761 #ifdef RTE_LIB_SECURITY
762 static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
763 { /* SNOW 3G (UIA2) */
764 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
766 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
768 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
788 { /* SNOW 3G (UEA2) */
789 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
791 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
793 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
809 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
811 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
813 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
829 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
831 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
833 .algo = RTE_CRYPTO_AUTH_NULL,
849 { /* NULL (CIPHER) */
850 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
852 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
854 .algo = RTE_CRYPTO_CIPHER_NULL,
870 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
872 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
874 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
890 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
892 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
894 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
915 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
918 static const struct rte_security_capability dpaa_sec_security_cap[] = {
919 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
920 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
921 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
923 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
924 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
925 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
927 .replay_win_sz_max = 128
929 .crypto_capabilities = dpaa_sec_capabilities
931 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
932 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
933 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
935 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
936 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
937 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
939 .replay_win_sz_max = 128
941 .crypto_capabilities = dpaa_sec_capabilities
943 { /* PDCP Lookaside Protocol offload Data */
944 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
945 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
947 .domain = RTE_SECURITY_PDCP_MODE_DATA,
950 .crypto_capabilities = dpaa_pdcp_capabilities
952 { /* PDCP Lookaside Protocol offload Control */
953 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
954 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
956 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
959 .crypto_capabilities = dpaa_pdcp_capabilities
962 .action = RTE_SECURITY_ACTION_TYPE_NONE
970 * @param buffer calculate chksum for buffer
971 * @param len buffer length
973 * @return checksum value in host cpu order
975 static inline uint16_t
976 calc_chksum(void *buffer, int len)
978 uint16_t *buf = (uint16_t *)buffer;
982 for (sum = 0; len > 1; len -= 2)
986 sum += *(unsigned char *)buf;
988 sum = (sum >> 16) + (sum & 0xFFFF);
995 #endif /* _DPAA_SEC_H_ */