1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef __ROC_IE_OT_H__
6 #define __ROC_IE_OT_H__
8 /* PKIND to be used for CPT Meta parsing */
9 #define ROC_OT_CPT_META_PKIND 58
11 /* CN10K IPSEC opcodes */
12 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
13 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
15 enum roc_ie_ot_ucc_ipsec {
16 ROC_IE_OT_UCC_SUCCESS = 0x00,
17 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0x02,
18 ROC_IE_OT_UCC_ERR_SA_INVAL = 0x03,
19 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0x04,
20 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0x05,
21 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0x06,
22 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0x07,
23 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0x08,
24 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0x09,
25 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0x0a,
26 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0x0b,
27 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0x0c,
28 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0x0d,
29 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0x0e,
30 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0x0f,
31 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0x11,
32 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0x13,
33 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0x17,
34 ROC_IE_OT_UCC_ERR_PKT_IP = 0x23,
35 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0x25,
36 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0x27,
37 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0x29,
38 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0x2b,
39 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0x2d,
40 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0x2f,
41 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0x31,
42 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0x33,
43 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0x35,
44 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0x37,
45 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0x39,
46 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0x3b,
47 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0x3d,
51 ROC_IE_OT_SA_AR_WIN_DISABLED = 0,
52 ROC_IE_OT_SA_AR_WIN_64 = 1,
53 ROC_IE_OT_SA_AR_WIN_128 = 2,
54 ROC_IE_OT_SA_AR_WIN_256 = 3,
55 ROC_IE_OT_SA_AR_WIN_512 = 4,
56 ROC_IE_OT_SA_AR_WIN_1024 = 5,
57 ROC_IE_OT_SA_AR_WIN_2048 = 6,
58 ROC_IE_OT_SA_AR_WIN_4096 = 7,
62 ROC_IE_OT_SA_PKT_FMT_FULL = 0,
63 ROC_IE_OT_SA_PKT_FMT_META = 1,
67 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0,
68 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1,
69 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2,
70 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3,
74 ROC_IE_OT_SA_DEFRAG_ALL = 0,
75 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1,
76 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2,
80 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0,
81 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1,
82 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2,
86 ROC_IE_OT_SA_COPY_FROM_SA = 0,
87 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1,
91 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0,
92 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1,
96 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0,
97 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
101 ROC_IE_OT_SA_DIR_INBOUND = 0,
102 ROC_IE_OT_SA_DIR_OUTBOUND = 1,
106 ROC_IE_OT_SA_IP_VERSION_4 = 0,
107 ROC_IE_OT_SA_IP_VERSION_6 = 1,
111 ROC_IE_OT_SA_MODE_TRANSPORT = 0,
112 ROC_IE_OT_SA_MODE_TUNNEL = 1,
116 ROC_IE_OT_SA_PROTOCOL_AH = 0,
117 ROC_IE_OT_SA_PROTOCOL_ESP = 1,
121 ROC_IE_OT_SA_AES_KEY_LEN_128 = 1,
122 ROC_IE_OT_SA_AES_KEY_LEN_192 = 2,
123 ROC_IE_OT_SA_AES_KEY_LEN_256 = 3,
127 ROC_IE_OT_SA_ENC_NULL = 0,
128 ROC_IE_OT_SA_ENC_3DES_CBC = 2,
129 ROC_IE_OT_SA_ENC_AES_CBC = 3,
130 ROC_IE_OT_SA_ENC_AES_CTR = 4,
131 ROC_IE_OT_SA_ENC_AES_GCM = 5,
132 ROC_IE_OT_SA_ENC_AES_CCM = 6,
136 ROC_IE_OT_SA_AUTH_NULL = 0,
137 ROC_IE_OT_SA_AUTH_SHA1 = 2,
138 ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
139 ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
140 ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
141 ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
142 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
146 ROC_IE_OT_SA_ENCAP_NONE = 0,
147 ROC_IE_OT_SA_ENCAP_UDP = 1,
148 ROC_IE_OT_SA_ENCAP_TCP = 2,
152 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0,
153 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1,
157 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0,
158 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1,
159 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2,
163 ROC_IE_OT_REAS_STS_SUCCESS = 0,
164 ROC_IE_OT_REAS_STS_TIMEOUT = 1,
165 ROC_IE_OT_REAS_STS_EVICT = 2,
166 ROC_IE_OT_REAS_STS_BAD_ORDER = 3,
167 ROC_IE_OT_REAS_STS_TOO_MANY = 4,
168 ROC_IE_OT_REAS_STS_HSH_EVICT = 5,
169 ROC_IE_OT_REAS_STS_OVERLAP = 6,
170 ROC_IE_OT_REAS_STS_ZOMBIE = 7,
171 ROC_IE_OT_REAS_STS_L3P_ERR = 8,
172 ROC_IE_OT_REAS_STS_MAX = 9
174 /* Context units in bytes */
175 #define ROC_CTX_UNIT_8B 8
176 #define ROC_CTX_UNIT_128B 128
177 #define ROC_CTX_MAX_CKEY_LEN 32
178 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128
180 /* Anti reply window size supported */
181 #define ROC_AR_WIN_SIZE_MIN 64
182 #define ROC_AR_WIN_SIZE_MAX 4096
183 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5
185 /* u64 array size to fit anti replay window bits */
186 #define ROC_AR_WINBITS_SZ \
187 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \
190 /* Common bit fields between inbound and outbound SA */
191 union roc_ot_ipsec_sa_word2 {
195 uint64_t outer_ip_ver : 1;
198 uint64_t protocol : 1;
199 uint64_t aes_key_len : 2;
201 uint64_t enc_type : 3;
202 uint64_t life_unit : 1;
203 uint64_t auth_type : 4;
205 uint64_t encap_type : 2;
209 uint64_t async_mode : 1;
216 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t));
218 union roc_ot_ipsec_outer_ip_hdr {
224 uint8_t src_addr[16];
225 uint8_t dst_addr[16];
229 struct roc_ot_ipsec_inb_ctx_update_reg {
231 uint64_t ar_valid_mask;
236 uint64_t ar_winbits[ROC_AR_WINBITS_SZ];
239 union roc_ot_ipsec_outb_iv {
251 struct roc_ot_ipsec_outb_ctx_update_reg {
260 union roc_ot_ipsec_outb_param1 {
263 uint16_t l4_csum_disable : 1;
264 uint16_t ip_csum_disable : 1;
265 uint16_t ttl_or_hop_limit : 1;
266 uint16_t dummy_pkt : 1;
267 uint16_t rfc_or_override_mode : 1;
268 uint16_t reserved_5_15 : 11;
272 union roc_ot_ipsec_inb_param1 {
275 uint16_t l4_csum_disable : 1;
276 uint16_t ip_csum_disable : 1;
277 uint16_t esp_trailer_disable : 1;
278 uint16_t reserved_3_15 : 13;
282 struct roc_ot_ipsec_inb_sa {
287 uint64_t hard_life_dec : 1;
288 uint64_t soft_life_dec : 1;
289 uint64_t count_glb_octets : 1;
290 uint64_t count_glb_pkts : 1;
291 uint64_t count_mib_bytes : 1;
293 uint64_t count_mib_pkts : 1;
294 uint64_t hw_ctx_off : 7;
296 uint64_t ctx_id : 16;
298 uint64_t orig_pkt_fabs : 1;
299 uint64_t orig_pkt_free : 1;
303 uint64_t et_ovrwr : 1;
304 uint64_t pkt_output : 2;
305 uint64_t pkt_format : 1;
306 uint64_t defrag_opt : 2;
307 uint64_t x2p_dst : 1;
309 uint64_t ctx_push_size : 7;
312 uint64_t ctx_hdr_size : 2;
313 uint64_t aop_valid : 1;
315 uint64_t ctx_size : 4;
323 uint64_t orig_pkt_aura : 20;
325 uint64_t orig_pkt_foff : 8;
326 uint64_t cookie : 32;
336 uint64_t outer_ip_ver : 1;
338 uint64_t ipsec_mode : 1;
339 uint64_t ipsec_protocol : 1;
340 uint64_t aes_key_len : 2;
342 uint64_t enc_type : 3;
343 uint64_t life_unit : 1;
344 uint64_t auth_type : 4;
346 uint64_t encap_type : 2;
347 uint64_t et_ovrwr_ddr_en : 1;
349 uint64_t tport_l4_incr_csum : 1;
350 uint64_t ip_hdr_verify : 2;
354 uint64_t async_mode : 1;
365 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
380 uint64_t rsvd10 : 32;
381 uint64_t udp_src_port : 16;
382 uint64_t udp_dst_port : 16;
387 /* Word11 - Word14 */
388 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
390 /* Word15 - Word30 */
391 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
393 /* Word31 - Word100 */
394 struct roc_ot_ipsec_inb_ctx_update_reg ctx;
397 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) ==
398 1 * sizeof(uint64_t));
399 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) ==
400 2 * sizeof(uint64_t));
401 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) ==
402 4 * sizeof(uint64_t));
403 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) ==
404 8 * sizeof(uint64_t));
405 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) ==
406 10 * sizeof(uint64_t));
407 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) ==
408 11 * sizeof(uint64_t));
409 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) ==
410 15 * sizeof(uint64_t));
411 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) ==
412 31 * sizeof(uint64_t));
414 struct roc_ot_ipsec_outb_sa {
421 uint64_t hard_life_dec : 1;
422 uint64_t soft_life_dec : 1;
423 uint64_t count_glb_octets : 1;
424 uint64_t count_glb_pkts : 1;
425 uint64_t count_mib_bytes : 1;
427 uint64_t count_mib_pkts : 1;
428 uint64_t hw_ctx_off : 7;
432 uint64_t ctx_push_size : 7;
435 uint64_t ctx_hdr_size : 2;
436 uint64_t aop_valid : 1;
438 uint64_t ctx_size : 4;
447 uint64_t cookie : 32;
457 uint64_t outer_ip_ver : 1;
459 uint64_t ipsec_mode : 1;
460 uint64_t ipsec_protocol : 1;
461 uint64_t aes_key_len : 2;
463 uint64_t enc_type : 3;
464 uint64_t life_unit : 1;
465 uint64_t auth_type : 4;
467 uint64_t encap_type : 2;
468 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
469 uint64_t dscp_src : 1;
471 uint64_t ipid_gen : 1;
475 uint64_t async_mode : 1;
486 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
489 union roc_ot_ipsec_outb_iv iv;
495 uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
500 uint64_t udp_dst_port : 16;
502 uint64_t udp_src_port : 16;
507 /* Word11 - Word14 */
508 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
510 /* Word15 - Word30 */
511 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
513 /* Word31 - Word36 */
514 struct roc_ot_ipsec_outb_ctx_update_reg ctx;
517 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) ==
518 1 * sizeof(uint64_t));
519 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) ==
520 2 * sizeof(uint64_t));
521 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) ==
522 4 * sizeof(uint64_t));
523 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) ==
524 8 * sizeof(uint64_t));
525 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) ==
526 10 * sizeof(uint64_t));
527 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) ==
528 11 * sizeof(uint64_t));
529 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
530 15 * sizeof(uint64_t));
531 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
532 31 * sizeof(uint64_t));
534 #endif /* __ROC_IE_OT_H__ */