drivers/common/cnxk/cnxk_security_ar.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef __CNXK_SECURITY_AR_H__
   6 #define __CNXK_SECURITY_AR_H__
   7
   8 #include <rte_mbuf.h>
   9
  10 #include "cnxk_security.h"
  11
  12 #define CNXK_ON_AR_WIN_SIZE_MAX 1024
  13
  14 /* u64 array size to fit anti replay window bits */
  15 #define AR_WIN_ARR_SZ                                                          \
  16         (PLT_ALIGN_CEIL(CNXK_ON_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) /        \
  17          BITS_PER_LONG_LONG)
  18
  19 #define WORD_SHIFT 6
  20 #define WORD_SIZE  (1 << WORD_SHIFT)
  21 #define WORD_MASK  (WORD_SIZE - 1)
  22
  23 #define IPSEC_ANTI_REPLAY_FAILED (-1)
  24
  25 struct cnxk_on_ipsec_ar {
  26         rte_spinlock_t lock;
  27         uint32_t winb;
  28         uint32_t wint;
  29         uint64_t base;                  /**< base of the anti-replay window */
  30         uint64_t window[AR_WIN_ARR_SZ]; /**< anti-replay window */
  31 };
  32
  33 static inline int
  34 cnxk_on_anti_replay_check(uint64_t seq, struct cnxk_on_ipsec_ar *ar,
  35                           uint32_t winsz)
  36 {
  37         uint64_t ex_winsz = winsz + WORD_SIZE;
  38         uint64_t *window = &ar->window[0];
  39         uint64_t seqword, shiftwords;
  40         uint64_t base = ar->base;
  41         uint32_t winb = ar->winb;
  42         uint32_t wint = ar->wint;
  43         uint64_t winwords;
  44         uint64_t bit_pos;
  45         uint64_t shift;
  46         uint64_t *wptr;
  47         uint64_t tmp;
  48
  49         winwords = ex_winsz >> WORD_SHIFT;
  50         if (winsz > 64)
  51                 goto slow_shift;
  52         /* Check if the seq is the biggest one yet */
  53         if (likely(seq > base)) {
  54                 shift = seq - base;
  55                 if (shift < winsz) { /* In window */
  56                         /*
  57                          * If more than 64-bit anti-replay window,
  58                          * use slow shift routine
  59                          */
  60                         wptr = window + (shift >> WORD_SHIFT);
  61                         *wptr <<= shift;
  62                         *wptr |= 1ull;
  63                 } else {
  64                         /* No special handling of window size > 64 */
  65                         wptr = window + ((winsz - 1) >> WORD_SHIFT);
  66                         /*
  67                          * Zero out the whole window (especially for
  68                          * bigger than 64b window) till the last 64b word
  69                          * as the incoming sequence number minus
  70                          * base sequence is more than the window size.
  71                          */
  72                         while (window != wptr)
  73                                 *window++ = 0ull;
  74                         /*
  75                          * Set the last bit (of the window) to 1
  76                          * as that corresponds to the base sequence number.
  77                          * Now any incoming sequence number which is
  78                          * (base - window size - 1) will pass anti-replay check
  79                          */
  80                         *wptr = 1ull;
  81                 }
  82                 /*
  83                  * Set the base to incoming sequence number as
  84                  * that is the biggest sequence number seen yet
  85                  */
  86                 ar->base = seq;
  87                 return 0;
  88         }
  89
  90         bit_pos = base - seq;
  91
  92         /* If seq falls behind the window, return failure */
  93         if (bit_pos >= winsz)
  94                 return IPSEC_ANTI_REPLAY_FAILED;
  95
  96         /* seq is within anti-replay window */
  97         wptr = window + ((winsz - bit_pos - 1) >> WORD_SHIFT);
  98         bit_pos &= WORD_MASK;
  99
 100         /* Check if this is a replayed packet */
 101         if (*wptr & ((1ull) << bit_pos))
 102                 return IPSEC_ANTI_REPLAY_FAILED;
 103
 104         /* mark as seen */
 105         *wptr |= ((1ull) << bit_pos);
 106         return 0;
 107
 108 slow_shift:
 109         if (likely(seq > base)) {
 110                 uint32_t i;
 111
 112                 shift = seq - base;
 113                 if (unlikely(shift >= winsz)) {
 114                         /*
 115                          * shift is bigger than the window,
 116                          * so just zero out everything
 117                          */
 118                         for (i = 0; i < winwords; i++)
 119                                 window[i] = 0;
 120 winupdate:
 121                         /* Find out the word */
 122                         seqword = ((seq - 1) % ex_winsz) >> WORD_SHIFT;
 123
 124                         /* Find out the bit in the word */
 125                         bit_pos = (seq - 1) & WORD_MASK;
 126
 127                         /*
 128                          * Set the bit corresponding to sequence number
 129                          * in window to mark it as received
 130                          */
 131                         window[seqword] |= (1ull << (63 - bit_pos));
 132
 133                         /* wint and winb range from 1 to ex_winsz */
 134                         ar->wint = ((wint + shift - 1) % ex_winsz) + 1;
 135                         ar->winb = ((winb + shift - 1) % ex_winsz) + 1;
 136
 137                         ar->base = seq;
 138                         return 0;
 139                 }
 140
 141                 /*
 142                  * New sequence number is bigger than the base but
 143                  * it's not bigger than base + window size
 144                  */
 145
 146                 shiftwords = ((wint + shift - 1) >> WORD_SHIFT) -
 147                              ((wint - 1) >> WORD_SHIFT);
 148                 if (unlikely(shiftwords)) {
 149                         tmp = (wint + WORD_SIZE - 1) / WORD_SIZE;
 150                         for (i = 0; i < shiftwords; i++) {
 151                                 tmp %= winwords;
 152                                 window[tmp++] = 0;
 153                         }
 154                 }
 155
 156                 goto winupdate;
 157         }
 158
 159         /* Sequence number is before the window */
 160         if (unlikely((seq + winsz) <= base))
 161                 return IPSEC_ANTI_REPLAY_FAILED;
 162
 163         /* Sequence number is within the window */
 164
 165         /* Find out the word */
 166         seqword = ((seq - 1) % ex_winsz) >> WORD_SHIFT;
 167
 168         /* Find out the bit in the word */
 169         bit_pos = (seq - 1) & WORD_MASK;
 170
 171         /* Check if this is a replayed packet */
 172         if (window[seqword] & (1ull << (63 - bit_pos)))
 173                 return IPSEC_ANTI_REPLAY_FAILED;
 174
 175         /*
 176          * Set the bit corresponding to sequence number
 177          * in window to mark it as received
 178          */
 179         window[seqword] |= (1ull << (63 - bit_pos));
 180
 181         return 0;
 182 }
 183
 184 #endif /* __CNXK_SECURITY_AR_H__ */