lib/librte_ipsec/sa.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(c) 2018 Intel Corporation
   3  */
   4
   5 #ifndef _SA_H_
   6 #define _SA_H_
   7
   8 #include <rte_rwlock.h>
   9
  10 #define IPSEC_MAX_HDR_SIZE      64
  11 #define IPSEC_MAX_IV_SIZE       16
  12 #define IPSEC_MAX_IV_QWORD      (IPSEC_MAX_IV_SIZE / sizeof(uint64_t))
  13
  14 /* padding alignment for different algorithms */
  15 enum {
  16         IPSEC_PAD_DEFAULT = 4,
  17         IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE,
  18         IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT,
  19         IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT,
  20         IPSEC_PAD_NULL = IPSEC_PAD_DEFAULT,
  21 };
  22
  23 /* iv sizes for different algorithms */
  24 enum {
  25         IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE,
  26         IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t),
  27 };
  28
  29 /* these definitions probably has to be in rte_crypto_sym.h */
  30 union sym_op_ofslen {
  31         uint64_t raw;
  32         struct {
  33                 uint32_t offset;
  34                 uint32_t length;
  35         };
  36 };
  37
  38 union sym_op_data {
  39 #ifdef __SIZEOF_INT128__
  40         __uint128_t raw;
  41 #endif
  42         struct {
  43                 uint8_t *va;
  44                 rte_iova_t pa;
  45         };
  46 };
  47
  48 #define REPLAY_SQN_NUM          2
  49 #define REPLAY_SQN_NEXT(n)      ((n) ^ 1)
  50
  51 struct replay_sqn {
  52         rte_rwlock_t rwl;
  53         uint64_t sqn;
  54         __extension__ uint64_t window[0];
  55 };
  56
  57 /*IPSEC SA supported algorithms */
  58 enum sa_algo_type       {
  59         ALGO_TYPE_NULL = 0,
  60         ALGO_TYPE_AES_CBC,
  61         ALGO_TYPE_AES_CTR,
  62         ALGO_TYPE_AES_GCM,
  63         ALGO_TYPE_MAX
  64 };
  65
  66 struct rte_ipsec_sa {
  67
  68         uint64_t type;     /* type of given SA */
  69         uint64_t udata;    /* user defined */
  70         uint32_t size;     /* size of given sa object */
  71         uint32_t spi;
  72         /* sqn calculations related */
  73         uint64_t sqn_mask;
  74         struct {
  75                 uint32_t win_sz;
  76                 uint16_t nb_bucket;
  77                 uint16_t bucket_index_mask;
  78         } replay;
  79         /* template for crypto op fields */
  80         struct {
  81                 union sym_op_ofslen cipher;
  82                 union sym_op_ofslen auth;
  83         } ctp;
  84         uint32_t salt;
  85         uint8_t algo_type;
  86         uint8_t proto;    /* next proto */
  87         uint8_t aad_len;
  88         uint8_t hdr_len;
  89         uint8_t hdr_l3_off;
  90         uint8_t icv_len;
  91         uint8_t sqh_len;
  92         uint8_t iv_ofs; /* offset for algo-specific IV inside crypto op */
  93         uint8_t iv_len;
  94         uint8_t pad_align;
  95
  96         /* template for tunnel header */
  97         uint8_t hdr[IPSEC_MAX_HDR_SIZE];
  98
  99         /*
 100          * sqn and replay window
 101          * In case of SA handled by multiple threads *sqn* cacheline
 102          * could be shared by multiple cores.
 103          * To minimise perfomance impact, we try to locate in a separate
 104          * place from other frequently accesed data.
 105          */
 106         union {
 107                 union {
 108                         rte_atomic64_t atom;
 109                         uint64_t raw;
 110                 } outb;
 111                 struct {
 112                         uint32_t rdidx; /* read index */
 113                         uint32_t wridx; /* write index */
 114                         struct replay_sqn *rsn[REPLAY_SQN_NUM];
 115                 } inb;
 116         } sqn;
 117
 118 } __rte_cache_aligned;
 119
 120 int
 121 ipsec_sa_pkt_func_select(const struct rte_ipsec_session *ss,
 122         const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf);
 123
 124 #endif /* _SA_H_ */