drivers/crypto/dpaa_sec/dpaa_sec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  *
   3  *   Copyright 2016 NXP
   4  *
   5  */
   6
   7 #ifndef _DPAA_SEC_H_
   8 #define _DPAA_SEC_H_
   9
  10 #define CRYPTODEV_NAME_DPAA_SEC_PMD     crypto_dpaa_sec
  11 /**< NXP DPAA - SEC PMD device name */
  12
  13 #define NUM_POOL_CHANNELS       4
  14 #define DPAA_SEC_BURST          7
  15 #define DPAA_SEC_ALG_UNSUPPORT  (-1)
  16 #define TDES_CBC_IV_LEN         8
  17 #define AES_CBC_IV_LEN          16
  18 #define AES_CTR_IV_LEN          16
  19 #define AES_GCM_IV_LEN          12
  20
  21 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
  22  * a pointer to the shared descriptor.
  23  */
  24 #define MIN_JOB_DESC_SIZE       (CAAM_CMD_SZ + CAAM_PTR_SZ)
  25 /* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
  26 #define CTX_POOL_NUM_BUFS       32000
  27 #define CTX_POOL_BUF_SIZE       sizeof(struct dpaa_sec_op_ctx)
  28 #define CTX_POOL_CACHE_SIZE     512
  29 #define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 2048
  30
  31 #define DIR_ENC                 1
  32 #define DIR_DEC                 0
  33
  34 enum dpaa_sec_op_type {
  35         DPAA_SEC_NONE,  /*!< No Cipher operations*/
  36         DPAA_SEC_CIPHER,/*!< CIPHER operations */
  37         DPAA_SEC_AUTH,  /*!< Authentication Operations */
  38         DPAA_SEC_AEAD,  /*!< Authenticated Encryption with associated data */
  39         DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
  40         DPAA_SEC_PDCP,  /*!< PDCP protocol operations*/
  41         DPAA_SEC_PKC,   /*!< Public Key Cryptographic Operations */
  42         DPAA_SEC_MAX
  43 };
  44
  45
  46 #define DPAA_SEC_MAX_DESC_SIZE  64
  47 /* code or cmd block to caam */
  48 struct sec_cdb {
  49         struct {
  50                 union {
  51                         uint32_t word;
  52                         struct {
  53 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  54                                 uint16_t rsvd63_48;
  55                                 unsigned int rsvd47_39:9;
  56                                 unsigned int idlen:7;
  57 #else
  58                                 unsigned int idlen:7;
  59                                 unsigned int rsvd47_39:9;
  60                                 uint16_t rsvd63_48;
  61 #endif
  62                         } field;
  63                 } __packed hi;
  64
  65                 union {
  66                         uint32_t word;
  67                         struct {
  68 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
  69                                 unsigned int rsvd31_30:2;
  70                                 unsigned int fsgt:1;
  71                                 unsigned int lng:1;
  72                                 unsigned int offset:2;
  73                                 unsigned int abs:1;
  74                                 unsigned int add_buf:1;
  75                                 uint8_t pool_id;
  76                                 uint16_t pool_buffer_size;
  77 #else
  78                                 uint16_t pool_buffer_size;
  79                                 uint8_t pool_id;
  80                                 unsigned int add_buf:1;
  81                                 unsigned int abs:1;
  82                                 unsigned int offset:2;
  83                                 unsigned int lng:1;
  84                                 unsigned int fsgt:1;
  85                                 unsigned int rsvd31_30:2;
  86 #endif
  87                         } field;
  88                 } __packed lo;
  89         } __packed sh_hdr;
  90
  91         uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
  92 };
  93
  94 typedef struct dpaa_sec_session_entry {
  95         uint8_t dir;         /*!< Operation Direction */
  96         enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
  97         enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
  98         enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
  99         enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
 100         union {
 101                 struct {
 102                         uint8_t *data;  /**< pointer to key data */
 103                         size_t length;  /**< key length in bytes */
 104                 } aead_key;
 105                 struct {
 106                         struct {
 107                                 uint8_t *data;  /**< pointer to key data */
 108                                 size_t length;  /**< key length in bytes */
 109                         } cipher_key;
 110                         struct {
 111                                 uint8_t *data;  /**< pointer to key data */
 112                                 size_t length;  /**< key length in bytes */
 113                         } auth_key;
 114                 };
 115         };
 116         struct {
 117                 uint16_t length;
 118                 uint16_t offset;
 119         } iv;   /**< Initialisation vector parameters */
 120         uint16_t auth_only_len; /*!< Length of data for Auth only */
 121         uint32_t digest_length;
 122         struct ipsec_encap_pdb encap_pdb;
 123         struct ip ip4_hdr;
 124         struct ipsec_decap_pdb decap_pdb;
 125         struct dpaa_sec_qp *qp;
 126         struct qman_fq *inq;
 127         struct sec_cdb cdb;     /**< cmd block associated with qp */
 128         struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
 129 } dpaa_sec_session;
 130
 131 struct dpaa_sec_qp {
 132         struct dpaa_sec_dev_private *internals;
 133         struct qman_fq outq;
 134         int rx_pkts;
 135         int rx_errs;
 136         int tx_pkts;
 137         int tx_errs;
 138 };
 139
 140 #define RTE_DPAA_MAX_NB_SEC_QPS 2
 141 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
 142 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
 143
 144 /* internal sec queue interface */
 145 struct dpaa_sec_dev_private {
 146         void *sec_hw;
 147         struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
 148         struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
 149         struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
 150         unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
 151         unsigned int max_nb_queue_pairs;
 152         unsigned int max_nb_sessions;
 153         rte_spinlock_t lock;
 154 };
 155
 156 #define MAX_SG_ENTRIES          16
 157 #define SG_CACHELINE_0          0
 158 #define SG_CACHELINE_1          4
 159 #define SG_CACHELINE_2          8
 160 #define SG_CACHELINE_3          12
 161 struct dpaa_sec_job {
 162         /* sg[0] output, sg[1] input, others are possible sub frames */
 163         struct qm_sg_entry sg[MAX_SG_ENTRIES];
 164 };
 165
 166 #define DPAA_MAX_NB_MAX_DIGEST  32
 167 struct dpaa_sec_op_ctx {
 168         struct dpaa_sec_job job;
 169         struct rte_crypto_op *op;
 170         struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
 171         uint32_t fd_status;
 172         int64_t vtop_offset;
 173         uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
 174 };
 175
 176 static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
 177         {       /* MD5 HMAC */
 178                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 179                 {.sym = {
 180                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 181                         {.auth = {
 182                                 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
 183                                 .block_size = 64,
 184                                 .key_size = {
 185                                         .min = 1,
 186                                         .max = 64,
 187                                         .increment = 1
 188                                 },
 189                                 .digest_size = {
 190                                         .min = 1,
 191                                         .max = 16,
 192                                         .increment = 1
 193                                 },
 194                                 .iv_size = { 0 }
 195                         }, }
 196                 }, }
 197         },
 198         {       /* SHA1 HMAC */
 199                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 200                 {.sym = {
 201                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 202                         {.auth = {
 203                                 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
 204                                 .block_size = 64,
 205                                 .key_size = {
 206                                         .min = 1,
 207                                         .max = 64,
 208                                         .increment = 1
 209                                 },
 210                                 .digest_size = {
 211                                         .min = 1,
 212                                         .max = 20,
 213                                         .increment = 1
 214                                 },
 215                                 .iv_size = { 0 }
 216                         }, }
 217                 }, }
 218         },
 219         {       /* SHA224 HMAC */
 220                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 221                 {.sym = {
 222                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 223                         {.auth = {
 224                                 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
 225                                 .block_size = 64,
 226                                 .key_size = {
 227                                         .min = 1,
 228                                         .max = 64,
 229                                         .increment = 1
 230                                 },
 231                                 .digest_size = {
 232                                         .min = 1,
 233                                         .max = 28,
 234                                         .increment = 1
 235                                 },
 236                                 .iv_size = { 0 }
 237                         }, }
 238                 }, }
 239         },
 240         {       /* SHA256 HMAC */
 241                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 242                 {.sym = {
 243                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 244                         {.auth = {
 245                                 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
 246                                 .block_size = 64,
 247                                 .key_size = {
 248                                         .min = 1,
 249                                         .max = 64,
 250                                         .increment = 1
 251                                 },
 252                                 .digest_size = {
 253                                         .min = 1,
 254                                         .max = 32,
 255                                         .increment = 1
 256                                 },
 257                                 .iv_size = { 0 }
 258                         }, }
 259                 }, }
 260         },
 261         {       /* SHA384 HMAC */
 262                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 263                 {.sym = {
 264                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 265                         {.auth = {
 266                                 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
 267                                 .block_size = 128,
 268                                 .key_size = {
 269                                         .min = 1,
 270                                         .max = 128,
 271                                         .increment = 1
 272                                 },
 273                                 .digest_size = {
 274                                         .min = 1,
 275                                         .max = 48,
 276                                         .increment = 1
 277                                 },
 278                                 .iv_size = { 0 }
 279                         }, }
 280                 }, }
 281         },
 282         {       /* SHA512 HMAC */
 283                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 284                 {.sym = {
 285                         .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
 286                         {.auth = {
 287                                 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
 288                                 .block_size = 128,
 289                                 .key_size = {
 290                                         .min = 1,
 291                                         .max = 128,
 292                                         .increment = 1
 293                                 },
 294                                 .digest_size = {
 295                                         .min = 1,
 296                                         .max = 64,
 297                                         .increment = 1
 298                                 },
 299                                 .iv_size = { 0 }
 300                         }, }
 301                 }, }
 302         },
 303         {       /* AES GCM */
 304                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 305                 {.sym = {
 306                         .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
 307                         {.aead = {
 308                                 .algo = RTE_CRYPTO_AEAD_AES_GCM,
 309                                 .block_size = 16,
 310                                 .key_size = {
 311                                         .min = 16,
 312                                         .max = 32,
 313                                         .increment = 8
 314                                 },
 315                                 .digest_size = {
 316                                         .min = 8,
 317                                         .max = 16,
 318                                         .increment = 4
 319                                 },
 320                                 .aad_size = {
 321                                         .min = 0,
 322                                         .max = 240,
 323                                         .increment = 1
 324                                 },
 325                                 .iv_size = {
 326                                         .min = 12,
 327                                         .max = 12,
 328                                         .increment = 0
 329                                 },
 330                         }, }
 331                 }, }
 332         },
 333         {       /* AES CBC */
 334                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 335                 {.sym = {
 336                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 337                         {.cipher = {
 338                                 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
 339                                 .block_size = 16,
 340                                 .key_size = {
 341                                         .min = 16,
 342                                         .max = 32,
 343                                         .increment = 8
 344                                 },
 345                                 .iv_size = {
 346                                         .min = 16,
 347                                         .max = 16,
 348                                         .increment = 0
 349                                 }
 350                         }, }
 351                 }, }
 352         },
 353         {       /* AES CTR */
 354                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 355                 {.sym = {
 356                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 357                         {.cipher = {
 358                                 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
 359                                 .block_size = 16,
 360                                 .key_size = {
 361                                         .min = 16,
 362                                         .max = 32,
 363                                         .increment = 8
 364                                 },
 365                                 .iv_size = {
 366                                         .min = 16,
 367                                         .max = 16,
 368                                         .increment = 0
 369                                 }
 370                         }, }
 371                 }, }
 372         },
 373         {       /* 3DES CBC */
 374                 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 375                 {.sym = {
 376                         .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
 377                         {.cipher = {
 378                                 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
 379                                 .block_size = 8,
 380                                 .key_size = {
 381                                         .min = 16,
 382                                         .max = 24,
 383                                         .increment = 8
 384                                 },
 385                                 .iv_size = {
 386                                         .min = 8,
 387                                         .max = 8,
 388                                         .increment = 0
 389                                 }
 390                         }, }
 391                 }, }
 392         },
 393
 394         RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 395 };
 396
 397 static const struct rte_security_capability dpaa_sec_security_cap[] = {
 398         { /* IPsec Lookaside Protocol offload ESP Transport Egress */
 399                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 400                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 401                 .ipsec = {
 402                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 403                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 404                         .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
 405                         .options = { 0 }
 406                 },
 407                 .crypto_capabilities = dpaa_sec_capabilities
 408         },
 409         { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
 410                 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 411                 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 412                 .ipsec = {
 413                         .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 414                         .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 415                         .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 416                         .options = { 0 }
 417                 },
 418                 .crypto_capabilities = dpaa_sec_capabilities
 419         },
 420         {
 421                 .action = RTE_SECURITY_ACTION_TYPE_NONE
 422         }
 423 };
 424
 425 /**
 426  * Checksum
 427  *
 428  * @param buffer calculate chksum for buffer
 429  * @param len    buffer length
 430  *
 431  * @return checksum value in host cpu order
 432  */
 433 static inline uint16_t
 434 calc_chksum(void *buffer, int len)
 435 {
 436         uint16_t *buf = (uint16_t *)buffer;
 437         uint32_t sum = 0;
 438         uint16_t result;
 439
 440         for (sum = 0; len > 1; len -= 2)
 441                 sum += *buf++;
 442
 443         if (len == 1)
 444                 sum += *(unsigned char *)buf;
 445
 446         sum = (sum >> 16) + (sum & 0xFFFF);
 447         sum += (sum >> 16);
 448         result = ~sum;
 449
 450         return  result;
 451 }
 452
 453 #endif /* _DPAA_SEC_H_ */