drivers/crypto/dpaa_sec/dpaa_sec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  *
   3  *   Copyright 2016 NXP
   4  *
   5  */
   6
   7 #ifndef _DPAA_SEC_H_
   8 #define _DPAA_SEC_H_
   9
  10 #define NUM_POOL_CHANNELS       4
  11 #define DPAA_SEC_BURST          7
  12 #define DPAA_SEC_ALG_UNSUPPORT  (-1)
  13 #define TDES_CBC_IV_LEN         8
  14 #define AES_CBC_IV_LEN          16
  15 #define AES_CTR_IV_LEN          16
  16 #define AES_GCM_IV_LEN          12
  17
  18 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
  19  * a pointer to the shared descriptor.
  20  */
  21 #define MIN_JOB_DESC_SIZE       (CAAM_CMD_SZ + CAAM_PTR_SZ)
  22 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
  23 #define CTX_POOL_NUM_BUFS       32000
  24 #define CTX_POOL_BUF_SIZE       sizeof(struct dpaa_sec_op_ctx)
  25 #define CTX_POOL_CACHE_SIZE     512
  26
  27 #define DIR_ENC                 1
  28 #define DIR_DEC                 0
  29
  30 enum dpaa_sec_op_type {
  31         DPAA_SEC_NONE,  /*!< No Cipher operations*/
  32         DPAA_SEC_CIPHER,/*!< CIPHER operations */
  33         DPAA_SEC_AUTH,  /*!< Authentication Operations */
  34         DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
  35         DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
  36         DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
  37         DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
  38         DPAA_SEC_MAX
  39 };
  40
  41
  42 #define DPAA_SEC_MAX_DESC_SIZE  64
  43 /* code or cmd block to caam */
  44 struct sec_cdb {
  45         struct {
  46                 union {
  47                         uint32_t word;
  48                         struct {
  49 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  50                                 uint16_t rsvd63_48;
  51                                 unsigned int rsvd47_39:9;
  52                                 unsigned int idlen:7;
  53 #else
  54                                 unsigned int idlen:7;
  55                                 unsigned int rsvd47_39:9;
  56                                 uint16_t rsvd63_48;
  57 #endif
  58                         } field;
  59                 } __packed hi;
  60
  61                 union {
  62                         uint32_t word;
  63                         struct {
  64 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  65                                 unsigned int rsvd31_30:2;
  66                                 unsigned int fsgt:1;
  67                                 unsigned int lng:1;
  68                                 unsigned int offset:2;
  69                                 unsigned int abs:1;
  70                                 unsigned int add_buf:1;
  71                                 uint8_t pool_id;
  72                                 uint16_t pool_buffer_size;
  73 #else
  74                                 uint16_t pool_buffer_size;
  75                                 uint8_t pool_id;
  76                                 unsigned int add_buf:1;
  77                                 unsigned int abs:1;
  78                                 unsigned int offset:2;
  79                                 unsigned int lng:1;
  80                                 unsigned int fsgt:1;
  81                                 unsigned int rsvd31_30:2;
  82 #endif
  83                         } field;
  84                 } __packed lo;
  85         } __packed sh_hdr;
  86
  87         uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
  88 };
  89
  90 typedef struct dpaa_sec_session_entry {
  91         uint8_t dir;         /*!< Operation Direction */
  92         enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
  93         enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
  94         enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
  95         enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
  96         union {
  97                 struct {
  98                         uint8_t *data;  /**< pointer to key data */
  99                         size_t length;  /**< key length in bytes */
 100                 } aead_key;
 101                 struct {
 102                         struct {
 103                                 uint8_t *data;  /**< pointer to key data */
 104                                 size_t length;  /**< key length in bytes */
 105                         } cipher_key;
 106                         struct {
 107                                 uint8_t *data;  /**< pointer to key data */
 108                                 size_t length;  /**< key length in bytes */
 109                         } auth_key;
 110                 };
 111         };
 112         struct {
 113                 uint16_t length;
 114                 uint16_t offset;
 115         } iv;   /**< Initialisation vector parameters */
 116         uint16_t auth_only_len; /*!< Length of data for Auth only */
 117         uint32_t digest_length;
 118         struct ipsec_encap_pdb encap_pdb;
 119         struct ip ip4_hdr;
 120         struct ipsec_decap_pdb decap_pdb;
 121         struct dpaa_sec_qp *qp;
 122         struct qman_fq *inq;
 123         struct sec_cdb cdb;     /**< cmd block associated with qp */
 124         struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
 125 } dpaa_sec_session;
 126
 127 struct dpaa_sec_qp {
 128         struct dpaa_sec_dev_private *internals;
 129         struct qman_fq outq;
 130         int rx_pkts;
 131         int rx_errs;
 132         int tx_pkts;
 133         int tx_errs;
 134 };
 135
 136 #define RTE_DPAA_MAX_NB_SEC_QPS 1
 137 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
 138 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
 139
 140 /* internal sec queue interface */
 141 struct dpaa_sec_dev_private {
 142         void *sec_hw;
 143         struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
 144         struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
 145         struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
 146         unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
 147         unsigned int max_nb_queue_pairs;
 148         unsigned int max_nb_sessions;
 149 };
 150
 151 #define MAX_SG_ENTRIES          16
 152 #define SG_CACHELINE_0          0
 153 #define SG_CACHELINE_1          4
 154 #define SG_CACHELINE_2          8
 155 #define SG_CACHELINE_3          12
 156 struct dpaa_sec_job {
 157         /* sg[0] output, sg[1] input, others are possible sub frames */
 158         struct qm_sg_entry sg[MAX_SG_ENTRIES];
 159 };
 160
 161 #define DPAA_MAX_NB_MAX_DIGEST  32
 162 struct dpaa_sec_op_ctx {
 163         struct dpaa_sec_job job;
 164         struct rte_crypto_op *op;
 165         struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
 166         uint32_t fd_status;
 167         int64_t vtop_offset;
 168         uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
 169 };
 170
 171 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
 172         {       /* MD5 HMAC */
 173                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 174                 {.sym = {
 175                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 176                         {.auth = {
 177                                 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 178                                 .block_size = 64,
 179                                 .key_size = {
 180                                         .min = 1,
 181                                         .max = 64,
 182                                         .increment = 1
 183                                 },
 184                                 .digest_size = {
 185                                         .min = 16,
 186                                         .max = 16,
 187                                         .increment = 0
 188                                 },
 189                         }, }
 190                 }, }
 191         },
 192         {       /* SHA1 HMAC */
 193                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 194                 {.sym = {
 195                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 196                         {.auth = {
 197                                 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 198                                 .block_size = 64,
 199                                 .key_size = {
 200                                         .min = 1,
 201                                         .max = 64,
 202                                         .increment = 1
 203                                 },
 204                                 .digest_size = {
 205                                         .min = 20,
 206                                         .max = 20,
 207                                         .increment = 0
 208                                 },
 209                         }, }
 210                 }, }
 211         },
 212         {       /* SHA224 HMAC */
 213                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 214                 {.sym = {
 215                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 216                         {.auth = {
 217                                 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 218                                 .block_size = 64,
 219                                 .key_size = {
 220                                         .min = 1,
 221                                         .max = 64,
 222                                         .increment = 1
 223                                 },
 224                                 .digest_size = {
 225                                         .min = 28,
 226                                         .max = 28,
 227                                         .increment = 0
 228                                 },
 229                         }, }
 230                 }, }
 231         },
 232         {       /* SHA256 HMAC */
 233                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 234                 {.sym = {
 235                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 236                         {.auth = {
 237                                 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 238                                 .block_size = 64,
 239                                 .key_size = {
 240                                         .min = 1,
 241                                         .max = 64,
 242                                         .increment = 1
 243                                 },
 244                                 .digest_size = {
 245                                         .min = 32,
 246                                         .max = 32,
 247                                         .increment = 0
 248                                 },
 249                         }, }
 250                 }, }
 251         },
 252         {       /* SHA384 HMAC */
 253                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 254                 {.sym = {
 255                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 256                         {.auth = {
 257                                 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 258                                 .block_size = 128,
 259                                 .key_size = {
 260                                         .min = 1,
 261                                         .max = 128,
 262                                         .increment = 1
 263                                 },
 264                                 .digest_size = {
 265                                         .min = 48,
 266                                         .max = 48,
 267                                         .increment = 0
 268                                 },
 269                         }, }
 270                 }, }
 271         },
 272         {       /* SHA512 HMAC */
 273                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 274                 {.sym = {
 275                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 276                         {.auth = {
 277                                 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 278                                 .block_size = 128,
 279                                 .key_size = {
 280                                         .min = 1,
 281                                         .max = 128,
 282                                         .increment = 1
 283                                 },
 284                                 .digest_size = {
 285                                         .min = 64,
 286                                         .max = 64,
 287                                         .increment = 0
 288                                 },
 289                         }, }
 290                 }, }
 291         },
 292         {       /* AES GCM */
 293                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 294                 {.sym = {
 295                         .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
 296                         {.aead = {
 297                                 .algo = RTE_CRYPTO_AEAD_AES_GCM,
 298                                 .block_size = 16,
 299                                 .key_size = {
 300                                         .min = 16,
 301                                         .max = 32,
 302                                         .increment = 8
 303                                 },
 304                                 .digest_size = {
 305                                         .min = 8,
 306                                         .max = 16,
 307                                         .increment = 4
 308                                 },
 309                                 .aad_size = {
 310                                         .min = 0,
 311                                         .max = 240,
 312                                         .increment = 1
 313                                 },
 314                                 .iv_size = {
 315                                         .min = 12,
 316                                         .max = 12,
 317                                         .increment = 0
 318                                 },
 319                         }, }
 320                 }, }
 321         },
 322         {       /* AES CBC */
 323                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 324                 {.sym = {
 325                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 326                         {.cipher = {
 327                                 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
 328                                 .block_size = 16,
 329                                 .key_size = {
 330                                         .min = 16,
 331                                         .max = 32,
 332                                         .increment = 8
 333                                 },
 334                                 .iv_size = {
 335                                         .min = 16,
 336                                         .max = 16,
 337                                         .increment = 0
 338                                 }
 339                         }, }
 340                 }, }
 341         },
 342         {       /* AES CTR */
 343                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 344                 {.sym = {
 345                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 346                         {.cipher = {
 347                                 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
 348                                 .block_size = 16,
 349                                 .key_size = {
 350                                         .min = 16,
 351                                         .max = 32,
 352                                         .increment = 8
 353                                 },
 354                                 .iv_size = {
 355                                         .min = 16,
 356                                         .max = 16,
 357                                         .increment = 0
 358                                 }
 359                         }, }
 360                 }, }
 361         },
 362         {       /* 3DES CBC */
 363                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 364                 {.sym = {
 365                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 366                         {.cipher = {
 367                                 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
 368                                 .block_size = 8,
 369                                 .key_size = {
 370                                         .min = 16,
 371                                         .max = 24,
 372                                         .increment = 8
 373                                 },
 374                                 .iv_size = {
 375                                         .min = 8,
 376                                         .max = 8,
 377                                         .increment = 0
 378                                 }
 379                         }, }
 380                 }, }
 381         },
 382
 383         RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 384 };
 385
 386 static const struct rte_security_capability dpaa_sec_security_cap[] = {
 387         { /* IPsec Lookaside Protocol offload ESP Transport Egress */
 388                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 389                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 390                 .ipsec = {
 391                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 392                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 393                         .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 394                         .options = { 0 }
 395                 },
 396                 .crypto_capabilities = dpaa_sec_capabilities
 397         },
 398         { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
 399                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 400                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 401                 .ipsec = {
 402                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 403                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 404                         .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 405                         .options = { 0 }
 406                 },
 407                 .crypto_capabilities = dpaa_sec_capabilities
 408         },
 409         {
 410                 .action = RTE_SECURITY_ACTION_TYPE_NONE
 411         }
 412 };
 413
 414 /**
 415  * Checksum
 416  *
 417  * @param buffer calculate chksum for buffer
 418  * @param len    buffer length
 419  *
 420  * @return checksum value in host cpu order
 421  */
 422 static inline uint16_t
 423 calc_chksum(void *buffer, int len)
 424 {
 425         uint16_t *buf = (uint16_t *)buffer;
 426         uint32_t sum = 0;
 427         uint16_t result;
 428
 429         for (sum = 0; len > 1; len -= 2)
 430                 sum += *buf++;
 431
 432         if (len == 1)
 433                 sum += *(unsigned char *)buf;
 434
 435         sum = (sum >> 16) + (sum & 0xFFFF);
 436         sum += (sum >> 16);
 437         result = ~sum;
 438
 439         return  result;
 440 }
 441
 442 #endif /* _DPAA_SEC_H_ */