]> git.proxmox.com Git - ceph.git/blame - ceph/src/spdk/dpdk/drivers/crypto/dpaa_sec/dpaa_sec.h
projects / ceph.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
import 15.2.0 Octopus source
[ceph.git] / ceph / src / spdk / dpdk / drivers / crypto / dpaa_sec / dpaa_sec.h
CommitLineData
11fdf7f2
TL		 1/* SPDX-License-Identifier: BSD-3-Clause
2 *
3 * Copyright 2016 NXP
4 *
5 */
6
7#ifndef _DPAA_SEC_H_
8#define _DPAA_SEC_H_
9
10#define CRYPTODEV_NAME_DPAA_SEC_PMD crypto_dpaa_sec
11/**< NXP DPAA - SEC PMD device name */
12
9f95a23c 13#define MAX_DPAA_CORES 4
11fdf7f2
TL		 14#define NUM_POOL_CHANNELS 4
15#define DPAA_SEC_BURST 7
16#define DPAA_SEC_ALG_UNSUPPORT (-1)
17#define TDES_CBC_IV_LEN 8
18#define AES_CBC_IV_LEN 16
19#define AES_CTR_IV_LEN 16
20#define AES_GCM_IV_LEN 12
21
22/* Minimum job descriptor consists of a oneword job descriptor HEADER and
23 * a pointer to the shared descriptor.
24 */
25#define MIN_JOB_DESC_SIZE (CAAM_CMD_SZ + CAAM_PTR_SZ)
26/* CTX_POOL_NUM_BUFS is set as per the ipsec-secgw application */
27#define CTX_POOL_NUM_BUFS 32000
28#define CTX_POOL_BUF_SIZE sizeof(struct dpaa_sec_op_ctx)
29#define CTX_POOL_CACHE_SIZE 512
9f95a23c 30#define RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS 1024
11fdf7f2
TL		 31
32#define DIR_ENC 1
33#define DIR_DEC 0
34
35enum dpaa_sec_op_type {
36 DPAA_SEC_NONE, /*!< No Cipher operations*/
37 DPAA_SEC_CIPHER,/*!< CIPHER operations */
38 DPAA_SEC_AUTH, /*!< Authentication Operations */
39 DPAA_SEC_AEAD, /*!< Authenticated Encryption with associated data */
40 DPAA_SEC_IPSEC, /*!< IPSEC protocol operations*/
41 DPAA_SEC_PDCP, /*!< PDCP protocol operations*/
42 DPAA_SEC_PKC, /*!< Public Key Cryptographic Operations */
43 DPAA_SEC_MAX
44};
45
46
47#define DPAA_SEC_MAX_DESC_SIZE 64
48/* code or cmd block to caam */
49struct sec_cdb {
50 struct {
51 union {
52 uint32_t word;
53 struct {
54#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
55 uint16_t rsvd63_48;
56 unsigned int rsvd47_39:9;
57 unsigned int idlen:7;
58#else
59 unsigned int idlen:7;
60 unsigned int rsvd47_39:9;
61 uint16_t rsvd63_48;
62#endif
63 } field;
64 } __packed hi;
65
66 union {
67 uint32_t word;
68 struct {
69#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
70 unsigned int rsvd31_30:2;
71 unsigned int fsgt:1;
72 unsigned int lng:1;
73 unsigned int offset:2;
74 unsigned int abs:1;
75 unsigned int add_buf:1;
76 uint8_t pool_id;
77 uint16_t pool_buffer_size;
78#else
79 uint16_t pool_buffer_size;
80 uint8_t pool_id;
81 unsigned int add_buf:1;
82 unsigned int abs:1;
83 unsigned int offset:2;
84 unsigned int lng:1;
85 unsigned int fsgt:1;
86 unsigned int rsvd31_30:2;
87#endif
88 } field;
89 } __packed lo;
90 } __packed sh_hdr;
91
92 uint32_t sh_desc[DPAA_SEC_MAX_DESC_SIZE];
93};
94
9f95a23c
TL		 95/*!
96 * The structure is to be filled by user as a part of
97 * dpaa_sec_proto_ctxt for PDCP Protocol
98 */
99struct sec_pdcp_ctxt {
100 enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
101 int8_t bearer; /*!< PDCP bearer ID */
102 int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
103 int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
104 uint32_t hfn; /*!< Hyper Frame Number */
105 uint32_t hfn_threshold; /*!< HFN Threashold for key renegotiation */
106 uint8_t sn_size; /*!< Sequence number size, 7/12/15 */
107};
108
11fdf7f2
TL		 109typedef struct dpaa_sec_session_entry {
110 uint8_t dir; /*!< Operation Direction */
111 enum rte_crypto_cipher_algorithm cipher_alg; /*!< Cipher Algorithm*/
112 enum rte_crypto_auth_algorithm auth_alg; /*!< Authentication Algorithm*/
113 enum rte_crypto_aead_algorithm aead_alg; /*!< AEAD Algorithm*/
114 enum rte_security_session_protocol proto_alg; /*!< Security Algorithm*/
115 union {
116 struct {
117 uint8_t *data; /**< pointer to key data */
118 size_t length; /**< key length in bytes */
119 } aead_key;
120 struct {
121 struct {
122 uint8_t *data; /**< pointer to key data */
123 size_t length; /**< key length in bytes */
124 } cipher_key;
125 struct {
126 uint8_t *data; /**< pointer to key data */
127 size_t length; /**< key length in bytes */
128 } auth_key;
129 };
130 };
9f95a23c
TL		 131 union {
132 struct {
133 struct {
134 uint16_t length;
135 uint16_t offset;
136 } iv; /**< Initialisation vector parameters */
137 uint16_t auth_only_len;
138 /*!< Length of data for Auth only */
139 uint32_t digest_length;
140 struct ipsec_decap_pdb decap_pdb;
141 struct ipsec_encap_pdb encap_pdb;
142 struct ip ip4_hdr;
143 };
144 struct sec_pdcp_ctxt pdcp;
145 };
146 struct dpaa_sec_qp *qp[MAX_DPAA_CORES];
147 struct qman_fq *inq[MAX_DPAA_CORES];
11fdf7f2
TL		 148 struct sec_cdb cdb; /**< cmd block associated with qp */
149 struct rte_mempool *ctx_pool; /* session mempool for dpaa_sec_op_ctx */
150} dpaa_sec_session;
151
152struct dpaa_sec_qp {
153 struct dpaa_sec_dev_private *internals;
154 struct qman_fq outq;
155 int rx_pkts;
156 int rx_errs;
157 int tx_pkts;
158 int tx_errs;
159};
160
9f95a23c
TL		 161#define RTE_DPAA_MAX_NB_SEC_QPS 2
162#define RTE_DPAA_MAX_RX_QUEUE (MAX_DPAA_CORES * RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS)
11fdf7f2
TL		 163#define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
164
165/* internal sec queue interface */
166struct dpaa_sec_dev_private {
167 void *sec_hw;
168 struct rte_mempool *ctx_pool; /* per dev mempool for dpaa_sec_op_ctx */
169 struct dpaa_sec_qp qps[RTE_DPAA_MAX_NB_SEC_QPS]; /* i/o queue for sec */
170 struct qman_fq inq[RTE_DPAA_MAX_RX_QUEUE];
171 unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
172 unsigned int max_nb_queue_pairs;
173 unsigned int max_nb_sessions;
9f95a23c 174 rte_spinlock_t lock;
11fdf7f2
TL		 175};
176
177#define MAX_SG_ENTRIES 16
178#define SG_CACHELINE_0 0
179#define SG_CACHELINE_1 4
180#define SG_CACHELINE_2 8
181#define SG_CACHELINE_3 12
182struct dpaa_sec_job {
183 /* sg[0] output, sg[1] input, others are possible sub frames */
184 struct qm_sg_entry sg[MAX_SG_ENTRIES];
185};
186
187#define DPAA_MAX_NB_MAX_DIGEST 32
188struct dpaa_sec_op_ctx {
189 struct dpaa_sec_job job;
190 struct rte_crypto_op *op;
191 struct rte_mempool *ctx_pool; /* mempool pointer for dpaa_sec_op_ctx */
192 uint32_t fd_status;
193 int64_t vtop_offset;
194 uint8_t digest[DPAA_MAX_NB_MAX_DIGEST];
195};
196
197static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
198 { /* MD5 HMAC */
199 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
200 {.sym = {
201 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
202 {.auth = {
203 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
204 .block_size = 64,
205 .key_size = {
206 .min = 1,
207 .max = 64,
208 .increment = 1
209 },
210 .digest_size = {
211 .min = 1,
212 .max = 16,
213 .increment = 1
214 },
215 .iv_size = { 0 }
216 }, }
217 }, }
218 },
219 { /* SHA1 HMAC */
220 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
221 {.sym = {
222 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
223 {.auth = {
224 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
225 .block_size = 64,
226 .key_size = {
227 .min = 1,
228 .max = 64,
229 .increment = 1
230 },
231 .digest_size = {
232 .min = 1,
233 .max = 20,
234 .increment = 1
235 },
236 .iv_size = { 0 }
237 }, }
238 }, }
239 },
240 { /* SHA224 HMAC */
241 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
242 {.sym = {
243 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
244 {.auth = {
245 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
246 .block_size = 64,
247 .key_size = {
248 .min = 1,
249 .max = 64,
250 .increment = 1
251 },
252 .digest_size = {
253 .min = 1,
254 .max = 28,
255 .increment = 1
256 },
257 .iv_size = { 0 }
258 }, }
259 }, }
260 },
261 { /* SHA256 HMAC */
262 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
263 {.sym = {
264 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
265 {.auth = {
266 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
267 .block_size = 64,
268 .key_size = {
269 .min = 1,
270 .max = 64,
271 .increment = 1
272 },
273 .digest_size = {
274 .min = 1,
275 .max = 32,
276 .increment = 1
277 },
278 .iv_size = { 0 }
279 }, }
280 }, }
281 },
282 { /* SHA384 HMAC */
283 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
284 {.sym = {
285 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
286 {.auth = {
287 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
288 .block_size = 128,
289 .key_size = {
290 .min = 1,
291 .max = 128,
292 .increment = 1
293 },
294 .digest_size = {
295 .min = 1,
296 .max = 48,
297 .increment = 1
298 },
299 .iv_size = { 0 }
300 }, }
301 }, }
302 },
303 { /* SHA512 HMAC */
304 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
305 {.sym = {
306 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
307 {.auth = {
308 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
309 .block_size = 128,
310 .key_size = {
311 .min = 1,
312 .max = 128,
313 .increment = 1
314 },
315 .digest_size = {
316 .min = 1,
317 .max = 64,
318 .increment = 1
319 },
320 .iv_size = { 0 }
321 }, }
322 }, }
323 },
324 { /* AES GCM */
325 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
326 {.sym = {
327 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
328 {.aead = {
329 .algo = RTE_CRYPTO_AEAD_AES_GCM,
330 .block_size = 16,
331 .key_size = {
332 .min = 16,
333 .max = 32,
334 .increment = 8
335 },
336 .digest_size = {
337 .min = 8,
338 .max = 16,
339 .increment = 4
340 },
341 .aad_size = {
342 .min = 0,
343 .max = 240,
344 .increment = 1
345 },
346 .iv_size = {
347 .min = 12,
348 .max = 12,
349 .increment = 0
350 },
351 }, }
352 }, }
353 },
354 { /* AES CBC */
355 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
356 {.sym = {
357 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
358 {.cipher = {
359 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
360 .block_size = 16,
361 .key_size = {
362 .min = 16,
363 .max = 32,
364 .increment = 8
365 },
366 .iv_size = {
367 .min = 16,
368 .max = 16,
369 .increment = 0
370 }
371 }, }
372 }, }
373 },
374 { /* AES CTR */
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
376 {.sym = {
377 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
378 {.cipher = {
379 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
380 .block_size = 16,
381 .key_size = {
382 .min = 16,
383 .max = 32,
384 .increment = 8
385 },
386 .iv_size = {
387 .min = 16,
388 .max = 16,
389 .increment = 0
9f95a23c 390 },
11fdf7f2
TL		 391 }, }
392 }, }
393 },
394 { /* 3DES CBC */
395 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
396 {.sym = {
397 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
398 {.cipher = {
399 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
400 .block_size = 8,
401 .key_size = {
402 .min = 16,
403 .max = 24,
404 .increment = 8
405 },
406 .iv_size = {
407 .min = 8,
408 .max = 8,
409 .increment = 0
410 }
411 }, }
412 }, }
413 },
414
415 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
416};
417
9f95a23c
TL		 418static const struct rte_cryptodev_capabilities dpaa_pdcp_capabilities[] = {
419 { /* SNOW 3G (UIA2) */
420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
421 {.sym = {
422 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
423 {.auth = {
424 .algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
425 .block_size = 16,
426 .key_size = {
427 .min = 16,
428 .max = 16,
429 .increment = 0
430 },
431 .digest_size = {
432 .min = 4,
433 .max = 4,
434 .increment = 0
435 },
436 .iv_size = {
437 .min = 16,
438 .max = 16,
439 .increment = 0
440 }
441 }, }
442 }, }
443 },
444 { /* SNOW 3G (UEA2) */
445 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
446 {.sym = {
447 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
448 {.cipher = {
449 .algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
450 .block_size = 16,
451 .key_size = {
452 .min = 16,
453 .max = 16,
454 .increment = 0
455 },
456 .iv_size = {
457 .min = 16,
458 .max = 16,
459 .increment = 0
460 }
461 }, }
462 }, }
463 },
464 { /* AES CTR */
465 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
466 {.sym = {
467 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
468 {.cipher = {
469 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
470 .block_size = 16,
471 .key_size = {
472 .min = 16,
473 .max = 32,
474 .increment = 8
475 },
476 .iv_size = {
477 .min = 16,
478 .max = 16,
479 .increment = 0
480 }
481 }, }
482 }, }
483 },
484 { /* NULL (AUTH) */
485 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
486 {.sym = {
487 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
488 {.auth = {
489 .algo = RTE_CRYPTO_AUTH_NULL,
490 .block_size = 1,
491 .key_size = {
492 .min = 0,
493 .max = 0,
494 .increment = 0
495 },
496 .digest_size = {
497 .min = 0,
498 .max = 0,
499 .increment = 0
500 },
501 .iv_size = { 0 }
502 }, },
503 }, },
504 },
505 { /* NULL (CIPHER) */
506 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
507 {.sym = {
508 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
509 {.cipher = {
510 .algo = RTE_CRYPTO_CIPHER_NULL,
511 .block_size = 1,
512 .key_size = {
513 .min = 0,
514 .max = 0,
515 .increment = 0
516 },
517 .iv_size = {
518 .min = 0,
519 .max = 0,
520 .increment = 0
521 }
522 }, },
523 }, }
524 },
525 { /* ZUC (EEA3) */
526 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
527 {.sym = {
528 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
529 {.cipher = {
530 .algo = RTE_CRYPTO_CIPHER_ZUC_EEA3,
531 .block_size = 16,
532 .key_size = {
533 .min = 16,
534 .max = 16,
535 .increment = 0
536 },
537 .iv_size = {
538 .min = 16,
539 .max = 16,
540 .increment = 0
541 }
542 }, }
543 }, }
544 },
545 { /* ZUC (EIA3) */
546 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
547 {.sym = {
548 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
549 {.auth = {
550 .algo = RTE_CRYPTO_AUTH_ZUC_EIA3,
551 .block_size = 16,
552 .key_size = {
553 .min = 16,
554 .max = 16,
555 .increment = 0
556 },
557 .digest_size = {
558 .min = 4,
559 .max = 4,
560 .increment = 0
561 },
562 .iv_size = {
563 .min = 16,
564 .max = 16,
565 .increment = 0
566 }
567 }, }
568 }, }
569 },
570
571 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
572};
573
11fdf7f2
TL		 574static const struct rte_security_capability dpaa_sec_security_cap[] = {
575 { /* IPsec Lookaside Protocol offload ESP Transport Egress */
576 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
577 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
578 .ipsec = {
579 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
580 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
581 .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
582 .options = { 0 }
583 },
584 .crypto_capabilities = dpaa_sec_capabilities
585 },
586 { /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */
587 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
588 .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
589 .ipsec = {
590 .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
591 .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
592 .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
593 .options = { 0 }
594 },
595 .crypto_capabilities = dpaa_sec_capabilities
596 },
9f95a23c
TL		 597 { /* PDCP Lookaside Protocol offload Data */
598 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
599 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
600 .pdcp = {
601 .domain = RTE_SECURITY_PDCP_MODE_DATA,
602 },
603 .crypto_capabilities = dpaa_pdcp_capabilities
604 },
605 { /* PDCP Lookaside Protocol offload Control */
606 .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
607 .protocol = RTE_SECURITY_PROTOCOL_PDCP,
608 .pdcp = {
609 .domain = RTE_SECURITY_PDCP_MODE_CONTROL,
610 },
611 .crypto_capabilities = dpaa_pdcp_capabilities
612 },
11fdf7f2
TL		 613 {
614 .action = RTE_SECURITY_ACTION_TYPE_NONE
615 }
616};
617
618/**
619 * Checksum
620 *
621 * @param buffer calculate chksum for buffer
622 * @param len buffer length
623 *
624 * @return checksum value in host cpu order
625 */
626static inline uint16_t
627calc_chksum(void *buffer, int len)
628{
629 uint16_t *buf = (uint16_t *)buffer;
630 uint32_t sum = 0;
631 uint16_t result;
632
633 for (sum = 0; len > 1; len -= 2)
634 sum += *buf++;
635
636 if (len == 1)
637 sum += *(unsigned char *)buf;
638
639 sum = (sum >> 16) + (sum & 0xFFFF);
640 sum += (sum >> 16);
641 result = ~sum;
642
643 return result;
644}
645
646#endif /* _DPAA_SEC_H_ */
Ceph