/* SPDX-License-Identifier: BSD-3-Clause
*
- * Copyright 2016 NXP
+ * Copyright 2016-2021 NXP
*
*/
#define AES_CTR_IV_LEN 16
#define AES_GCM_IV_LEN 12
+extern uint8_t dpaa_cryptodev_driver_id;
+
+#define DPAA_IPv6_DEFAULT_VTC_FLOW 0x60000000
+
/* Minimum job descriptor consists of a oneword job descriptor HEADER and
* a pointer to the shared descriptor.
*/
DPAA_SEC_NONE, /*!< No Cipher operations*/
DPAA_SEC_CIPHER,/*!< CIPHER operations */
DPAA_SEC_AUTH, /*!< Authentication Operations */
- DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
+ DPAA_SEC_AEAD, /*!< AEAD (AES-GCM/CCM) type operations */
+ DPAA_SEC_CIPHER_HASH, /*!< Authenticated Encryption with
+ * associated data
+ */
+ DPAA_SEC_HASH_CIPHER, /*!< Encryption with Authenticated
+ * associated data
+ */
DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
DPAA_SEC_MAX
};
-
#define DPAA_SEC_MAX_DESC_SIZE 64
/* code or cmd block to caam */
struct sec_cdb {
uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
};
-
+#ifdef RTE_LIB_SECURITY
/*!
* The structure is to be filled by user as a part of
* dpaa_sec_proto_ctxt for PDCP Protocol
int8_t bearer; /*!< PDCP bearer ID */
int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
+ uint8_t sn_size; /*!< Sequence number size, 5/7/12/15/18 */
+ uint8_t sdap_enabled; /*!< SDAP header is enabled */
+ uint16_t hfn_ovd_offset;/*!< offset from rte_crypto_op at which
+ * per packet hfn is stored
+ */
uint32_t hfn; /*!< Hyper Frame Number */
uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
- uint8_t sn_size; /*!< Sequence number size, 7/12/15 */
};
+#endif
+
+typedef int (*dpaa_sec_build_fd_t)(
+ void *qp, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
+ uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
+ struct rte_crypto_va_iova_ptr *iv,
+ struct rte_crypto_va_iova_ptr *digest,
+ struct rte_crypto_va_iova_ptr *aad_or_auth_iv,
+ void *user_data);
+
+typedef struct dpaa_sec_job* (*dpaa_sec_build_raw_dp_fd_t)(uint8_t *drv_ctx,
+ struct rte_crypto_sgl *sgl,
+ struct rte_crypto_sgl *dest_sgl,
+ struct rte_crypto_va_iova_ptr *iv,
+ struct rte_crypto_va_iova_ptr *digest,
+ struct rte_crypto_va_iova_ptr *auth_iv,
+ union rte_crypto_sym_ofs ofs,
+ void *userdata,
+ struct qm_fd *fd);
typedef struct dpaa_sec_session_entry {
+ struct sec_cdb cdb; /**< cmd block associated with qp */
+ struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
+ struct qman_fq *inq[MAX_DPAA_CORES];
uint8_t dir; /*!< Operation Direction */
+ uint8_t ctxt; /*!< Session Context Type */
enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
+#ifdef RTE_LIB_SECURITY
enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
+#endif
+ dpaa_sec_build_fd_t build_fd;
+ dpaa_sec_build_raw_dp_fd_t build_raw_dp_fd;
union {
struct {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
+ uint32_t alg;
+ uint32_t algmode;
} aead_key;
struct {
struct {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
+ uint32_t alg;
+ uint32_t algmode;
} cipher_key;
struct {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
+ uint32_t alg;
+ uint32_t algmode;
} auth_key;
};
};
uint32_t digest_length;
struct ipsec_decap_pdb decap_pdb;
struct ipsec_encap_pdb encap_pdb;
- struct ip ip4_hdr;
+ union {
+ struct ip ip4_hdr;
+ struct rte_ipv6_hdr ip6_hdr;
+ };
+ uint8_t auth_cipher_text;
+ /**< Authenticate/cipher ordering */
};
+#ifdef RTE_LIB_SECURITY
struct sec_pdcp_ctxt pdcp;
+#endif
};
- struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
- struct qman_fq *inq[MAX_DPAA_CORES];
- struct sec_cdb cdb; /**< cmd block associated with qp */
- struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
} dpaa_sec_session;
struct dpaa_sec_qp {
struct dpaa_sec_dev_private *internals;
+ struct rte_mempool *ctx_pool; /* mempool for dpaa_sec_op_ctx */
struct qman_fq outq;
int rx_pkts;
int rx_errs;
/* internal sec queue interface */
struct dpaa_sec_dev_private {
void *sec_hw;
- struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
};
#define MAX_SG_ENTRIES 16
-#define SG_CACHELINE_0 0
-#define SG_CACHELINE_1 4
-#define SG_CACHELINE_2 8
-#define SG_CACHELINE_3 12
+#define MAX_JOB_SG_ENTRIES 36
+
struct dpaa_sec_job {
/* sg[0] output, sg[1] input, others are possible sub frames */
- struct qm_sg_entry sg[MAX_SG_ENTRIES];
+ struct qm_sg_entry sg[MAX_JOB_SG_ENTRIES];
};
#define DPAA_MAX_NB_MAX_DIGEST 32
struct dpaa_sec_op_ctx {
struct dpaa_sec_job job;
- struct rte_crypto_op *op;
+ union {
+ struct rte_crypto_op *op;
+ void *userdata;
+ };
struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
uint32_t fd_status;
int64_t vtop_offset;
};
static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
+ { /* NULL (AUTH) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_NULL,
+ .block_size = 1,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, },
+ }, },
+ },
+ { /* MD5 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* MD5 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* SHA1 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 20,
+ .max = 20,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA1 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* SHA224 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA224,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 28,
+ .max = 28,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA224 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* SHA256 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA256 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* SHA384 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA384 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* SHA512 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512,
+ .block_size = 128,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 0
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
{ /* SHA512 HMAC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* NULL (CIPHER) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_NULL,
+ .block_size = 1,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, },
+ }, }
+ },
{ /* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
+ { /* DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
}, }
}, }
},
-
+ { /* SNOW 3G (UIA2) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 4,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SNOW 3G (UEA2) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* ZUC (EEA3) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* ZUC (EIA3) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 4,
+ .max = 4,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* AES CMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_CMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
+ { /* AES XCBC HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 1,
+ .max = 16,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ .aad_size = { 0 },
+ .iv_size = { 0 }
+ }, }
+ }, }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
+#ifdef RTE_LIB_SECURITY
static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
{ /* SNOW 3G (UIA2) */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
- .options = { 0 }
+ .options = { 0 },
+ .replay_win_sz_max = 128
},
.crypto_capabilities = dpaa_sec_capabilities
},
.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
- .options = { 0 }
+ .options = { 0 },
+ .replay_win_sz_max = 128
},
.crypto_capabilities = dpaa_sec_capabilities
},
.protocol = RTE_SECURITY_PROTOCOL_PDCP,
.pdcp = {
.domain = RTE_SECURITY_PDCP_MODE_DATA,
+ .capa_flags = 0
},
.crypto_capabilities = dpaa_pdcp_capabilities
},
.protocol = RTE_SECURITY_PROTOCOL_PDCP,
.pdcp = {
.domain = RTE_SECURITY_PDCP_MODE_CONTROL,
+ .capa_flags = 0
+ },
+ .crypto_capabilities = dpaa_pdcp_capabilities
+ },
+ { /* PDCP Lookaside Protocol offload Short MAC */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+ .pdcp = {
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .capa_flags = 0
},
.crypto_capabilities = dpaa_pdcp_capabilities
},
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
};
+#endif
/**
* Checksum
return result;
}
+int
+dpaa_sec_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
+ struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
+ enum rte_crypto_op_sess_type sess_type,
+ union rte_cryptodev_session_ctx session_ctx, uint8_t is_update);
+
+int
+dpaa_sec_get_dp_ctx_size(struct rte_cryptodev *dev);
+
+int
+dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
+
#endif /* _DPAA_SEC_H_ */