drivers/crypto/dpaa_sec/dpaa_sec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  *
   3  *   Copyright 2016 NXP
   4  *
   5  */
   6
   7 #ifndef _DPAA_SEC_H_
   8 #define _DPAA_SEC_H_
   9
  10 #define CRYPTODEV_NAME_DPAA_SEC_PMD     crypto_dpaa_sec
  11 /**< NXP DPAA - SEC PMD device name */
  12
  13 #define NUM_POOL_CHANNELS       4
  14 #define DPAA_SEC_BURST          7
  15 #define DPAA_SEC_ALG_UNSUPPORT  (-1)
  16 #define TDES_CBC_IV_LEN         8
  17 #define AES_CBC_IV_LEN          16
  18 #define AES_CTR_IV_LEN          16
  19 #define AES_GCM_IV_LEN          12
  20
  21 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
  22  * a pointer to the shared descriptor.
  23  */
  24 #define MIN_JOB_DESC_SIZE       (CAAM_CMD_SZ + CAAM_PTR_SZ)
  25 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
  26 #define CTX_POOL_NUM_BUFS       32000
  27 #define CTX_POOL_BUF_SIZE       sizeof(struct dpaa_sec_op_ctx)
  28 #define CTX_POOL_CACHE_SIZE     512
  29
  30 #define DIR_ENC                 1
  31 #define DIR_DEC                 0
  32
  33 enum dpaa_sec_op_type {
  34         DPAA_SEC_NONE,  /*!< No Cipher operations*/
  35         DPAA_SEC_CIPHER,/*!< CIPHER operations */
  36         DPAA_SEC_AUTH,  /*!< Authentication Operations */
  37         DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
  38         DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
  39         DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
  40         DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
  41         DPAA_SEC_MAX
  42 };
  43
  44
  45 #define DPAA_SEC_MAX_DESC_SIZE  64
  46 /* code or cmd block to caam */
  47 struct sec_cdb {
  48         struct {
  49                 union {
  50                         uint32_t word;
  51                         struct {
  52 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  53                                 uint16_t rsvd63_48;
  54                                 unsigned int rsvd47_39:9;
  55                                 unsigned int idlen:7;
  56 #else
  57                                 unsigned int idlen:7;
  58                                 unsigned int rsvd47_39:9;
  59                                 uint16_t rsvd63_48;
  60 #endif
  61                         } field;
  62                 } __packed hi;
  63
  64                 union {
  65                         uint32_t word;
  66                         struct {
  67 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  68                                 unsigned int rsvd31_30:2;
  69                                 unsigned int fsgt:1;
  70                                 unsigned int lng:1;
  71                                 unsigned int offset:2;
  72                                 unsigned int abs:1;
  73                                 unsigned int add_buf:1;
  74                                 uint8_t pool_id;
  75                                 uint16_t pool_buffer_size;
  76 #else
  77                                 uint16_t pool_buffer_size;
  78                                 uint8_t pool_id;
  79                                 unsigned int add_buf:1;
  80                                 unsigned int abs:1;
  81                                 unsigned int offset:2;
  82                                 unsigned int lng:1;
  83                                 unsigned int fsgt:1;
  84                                 unsigned int rsvd31_30:2;
  85 #endif
  86                         } field;
  87                 } __packed lo;
  88         } __packed sh_hdr;
  89
  90         uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
  91 };
  92
  93 typedef struct dpaa_sec_session_entry {
  94         uint8_t dir;         /*!< Operation Direction */
  95         enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
  96         enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
  97         enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
  98         enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
  99         union {
 100                 struct {
 101                         uint8_t *data;  /**< pointer to key data */
 102                         size_t length;  /**< key length in bytes */
 103                 } aead_key;
 104                 struct {
 105                         struct {
 106                                 uint8_t *data;  /**< pointer to key data */
 107                                 size_t length;  /**< key length in bytes */
 108                         } cipher_key;
 109                         struct {
 110                                 uint8_t *data;  /**< pointer to key data */
 111                                 size_t length;  /**< key length in bytes */
 112                         } auth_key;
 113                 };
 114         };
 115         struct {
 116                 uint16_t length;
 117                 uint16_t offset;
 118         } iv;   /**< Initialisation vector parameters */
 119         uint16_t auth_only_len; /*!< Length of data for Auth only */
 120         uint32_t digest_length;
 121         struct ipsec_encap_pdb encap_pdb;
 122         struct ip ip4_hdr;
 123         struct ipsec_decap_pdb decap_pdb;
 124         struct dpaa_sec_qp *qp;
 125         struct qman_fq *inq;
 126         struct sec_cdb cdb;     /**< cmd block associated with qp */
 127         struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
 128 } dpaa_sec_session;
 129
 130 struct dpaa_sec_qp {
 131         struct dpaa_sec_dev_private *internals;
 132         struct qman_fq outq;
 133         int rx_pkts;
 134         int rx_errs;
 135         int tx_pkts;
 136         int tx_errs;
 137 };
 138
 139 #define RTE_DPAA_MAX_NB_SEC_QPS 8
 140 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
 141 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
 142
 143 /* internal sec queue interface */
 144 struct dpaa_sec_dev_private {
 145         void *sec_hw;
 146         struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
 147         struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
 148         struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
 149         unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
 150         unsigned int max_nb_queue_pairs;
 151         unsigned int max_nb_sessions;
 152 };
 153
 154 #define MAX_SG_ENTRIES          16
 155 #define SG_CACHELINE_0          0
 156 #define SG_CACHELINE_1          4
 157 #define SG_CACHELINE_2          8
 158 #define SG_CACHELINE_3          12
 159 struct dpaa_sec_job {
 160         /* sg[0] output, sg[1] input, others are possible sub frames */
 161         struct qm_sg_entry sg[MAX_SG_ENTRIES];
 162 };
 163
 164 #define DPAA_MAX_NB_MAX_DIGEST  32
 165 struct dpaa_sec_op_ctx {
 166         struct dpaa_sec_job job;
 167         struct rte_crypto_op *op;
 168         struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
 169         uint32_t fd_status;
 170         int64_t vtop_offset;
 171         uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
 172 };
 173
 174 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
 175         {       /* MD5 HMAC */
 176                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 177                 {.sym = {
 178                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 179                         {.auth = {
 180                                 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 181                                 .block_size = 64,
 182                                 .key_size = {
 183                                         .min = 1,
 184                                         .max = 64,
 185                                         .increment = 1
 186                                 },
 187                                 .digest_size = {
 188                                         .min = 1,
 189                                         .max = 16,
 190                                         .increment = 1
 191                                 },
 192                                 .iv_size = { 0 }
 193                         }, }
 194                 }, }
 195         },
 196         {       /* SHA1 HMAC */
 197                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 198                 {.sym = {
 199                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 200                         {.auth = {
 201                                 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 202                                 .block_size = 64,
 203                                 .key_size = {
 204                                         .min = 1,
 205                                         .max = 64,
 206                                         .increment = 1
 207                                 },
 208                                 .digest_size = {
 209                                         .min = 1,
 210                                         .max = 20,
 211                                         .increment = 1
 212                                 },
 213                                 .iv_size = { 0 }
 214                         }, }
 215                 }, }
 216         },
 217         {       /* SHA224 HMAC */
 218                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 219                 {.sym = {
 220                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 221                         {.auth = {
 222                                 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 223                                 .block_size = 64,
 224                                 .key_size = {
 225                                         .min = 1,
 226                                         .max = 64,
 227                                         .increment = 1
 228                                 },
 229                                 .digest_size = {
 230                                         .min = 1,
 231                                         .max = 28,
 232                                         .increment = 1
 233                                 },
 234                                 .iv_size = { 0 }
 235                         }, }
 236                 }, }
 237         },
 238         {       /* SHA256 HMAC */
 239                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 240                 {.sym = {
 241                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 242                         {.auth = {
 243                                 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 244                                 .block_size = 64,
 245                                 .key_size = {
 246                                         .min = 1,
 247                                         .max = 64,
 248                                         .increment = 1
 249                                 },
 250                                 .digest_size = {
 251                                         .min = 1,
 252                                         .max = 32,
 253                                         .increment = 1
 254                                 },
 255                                 .iv_size = { 0 }
 256                         }, }
 257                 }, }
 258         },
 259         {       /* SHA384 HMAC */
 260                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 261                 {.sym = {
 262                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 263                         {.auth = {
 264                                 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 265                                 .block_size = 128,
 266                                 .key_size = {
 267                                         .min = 1,
 268                                         .max = 128,
 269                                         .increment = 1
 270                                 },
 271                                 .digest_size = {
 272                                         .min = 1,
 273                                         .max = 48,
 274                                         .increment = 1
 275                                 },
 276                                 .iv_size = { 0 }
 277                         }, }
 278                 }, }
 279         },
 280         {       /* SHA512 HMAC */
 281                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 282                 {.sym = {
 283                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 284                         {.auth = {
 285                                 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 286                                 .block_size = 128,
 287                                 .key_size = {
 288                                         .min = 1,
 289                                         .max = 128,
 290                                         .increment = 1
 291                                 },
 292                                 .digest_size = {
 293                                         .min = 1,
 294                                         .max = 64,
 295                                         .increment = 1
 296                                 },
 297                                 .iv_size = { 0 }
 298                         }, }
 299                 }, }
 300         },
 301         {       /* AES GCM */
 302                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 303                 {.sym = {
 304                         .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
 305                         {.aead = {
 306                                 .algo = RTE_CRYPTO_AEAD_AES_GCM,
 307                                 .block_size = 16,
 308                                 .key_size = {
 309                                         .min = 16,
 310                                         .max = 32,
 311                                         .increment = 8
 312                                 },
 313                                 .digest_size = {
 314                                         .min = 8,
 315                                         .max = 16,
 316                                         .increment = 4
 317                                 },
 318                                 .aad_size = {
 319                                         .min = 0,
 320                                         .max = 240,
 321                                         .increment = 1
 322                                 },
 323                                 .iv_size = {
 324                                         .min = 12,
 325                                         .max = 12,
 326                                         .increment = 0
 327                                 },
 328                         }, }
 329                 }, }
 330         },
 331         {       /* AES CBC */
 332                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 333                 {.sym = {
 334                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 335                         {.cipher = {
 336                                 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
 337                                 .block_size = 16,
 338                                 .key_size = {
 339                                         .min = 16,
 340                                         .max = 32,
 341                                         .increment = 8
 342                                 },
 343                                 .iv_size = {
 344                                         .min = 16,
 345                                         .max = 16,
 346                                         .increment = 0
 347                                 }
 348                         }, }
 349                 }, }
 350         },
 351         {       /* AES CTR */
 352                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 353                 {.sym = {
 354                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 355                         {.cipher = {
 356                                 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
 357                                 .block_size = 16,
 358                                 .key_size = {
 359                                         .min = 16,
 360                                         .max = 32,
 361                                         .increment = 8
 362                                 },
 363                                 .iv_size = {
 364                                         .min = 16,
 365                                         .max = 16,
 366                                         .increment = 0
 367                                 }
 368                         }, }
 369                 }, }
 370         },
 371         {       /* 3DES CBC */
 372                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 373                 {.sym = {
 374                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 375                         {.cipher = {
 376                                 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
 377                                 .block_size = 8,
 378                                 .key_size = {
 379                                         .min = 16,
 380                                         .max = 24,
 381                                         .increment = 8
 382                                 },
 383                                 .iv_size = {
 384                                         .min = 8,
 385                                         .max = 8,
 386                                         .increment = 0
 387                                 }
 388                         }, }
 389                 }, }
 390         },
 391
 392         RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 393 };
 394
 395 static const struct rte_security_capability dpaa_sec_security_cap[] = {
 396         { /* IPsec Lookaside Protocol offload ESP Transport Egress */
 397                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 398                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 399                 .ipsec = {
 400                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 401                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 402                         .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 403                         .options = { 0 }
 404                 },
 405                 .crypto_capabilities = dpaa_sec_capabilities
 406         },
 407         { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
 408                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 409                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 410                 .ipsec = {
 411                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 412                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 413                         .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 414                         .options = { 0 }
 415                 },
 416                 .crypto_capabilities = dpaa_sec_capabilities
 417         },
 418         {
 419                 .action = RTE_SECURITY_ACTION_TYPE_NONE
 420         }
 421 };
 422
 423 /**
 424  * Checksum
 425  *
 426  * @param buffer calculate chksum for buffer
 427  * @param len    buffer length
 428  *
 429  * @return checksum value in host cpu order
 430  */
 431 static inline uint16_t
 432 calc_chksum(void *buffer, int len)
 433 {
 434         uint16_t *buf = (uint16_t *)buffer;
 435         uint32_t sum = 0;
 436         uint16_t result;
 437
 438         for (sum = 0; len > 1; len -= 2)
 439                 sum += *buf++;
 440
 441         if (len == 1)
 442                 sum += *(unsigned char *)buf;
 443
 444         sum = (sum >> 16) + (sum & 0xFFFF);
 445         sum += (sum >> 16);
 446         result = ~sum;
 447
 448         return  result;
 449 }
 450
 451 #endif /* _DPAA_SEC_H_ */