1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef __ROC_IE_ON_H__
6 #define __ROC_IE_ON_H__
10 /* CN9K IPsec LA opcodes */
11 #define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20
12 #define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21
13 #define ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23
14 #define ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24
16 /* Ucode completion codes */
17 enum roc_ie_on_ucc_ipsec {
18 ROC_IE_ON_UCC_SUCCESS = 0,
19 ROC_IE_ON_AUTH_UNSUPPORTED = 0xB0,
20 ROC_IE_ON_ENCRYPT_UNSUPPORTED = 0xB1,
21 /* Software defined completion code for anti-replay failed packets */
22 ROC_IE_ON_SWCC_ANTI_REPLAY = 0xE7,
26 #define ROC_IE_ON_INB_RPTR_HDR 0x8
27 #define ROC_IE_ON_MAX_IV_LEN 16
28 #define ROC_IE_ON_PER_PKT_IV BIT(43)
31 ROC_IE_ON_SA_ENC_NULL = 0,
32 ROC_IE_ON_SA_ENC_DES_CBC = 1,
33 ROC_IE_ON_SA_ENC_3DES_CBC = 2,
34 ROC_IE_ON_SA_ENC_AES_CBC = 3,
35 ROC_IE_ON_SA_ENC_AES_CTR = 4,
36 ROC_IE_ON_SA_ENC_AES_GCM = 5,
37 ROC_IE_ON_SA_ENC_AES_CCM = 6,
41 ROC_IE_ON_SA_AUTH_NULL = 0,
42 ROC_IE_ON_SA_AUTH_MD5 = 1,
43 ROC_IE_ON_SA_AUTH_SHA1 = 2,
44 ROC_IE_ON_SA_AUTH_SHA2_224 = 3,
45 ROC_IE_ON_SA_AUTH_SHA2_256 = 4,
46 ROC_IE_ON_SA_AUTH_SHA2_384 = 5,
47 ROC_IE_ON_SA_AUTH_SHA2_512 = 6,
48 ROC_IE_ON_SA_AUTH_AES_GMAC = 7,
49 ROC_IE_ON_SA_AUTH_AES_XCBC_128 = 8,
53 ROC_IE_ON_SA_FRAG_POST = 0,
54 ROC_IE_ON_SA_FRAG_PRE = 1,
58 ROC_IE_ON_SA_ENCAP_NONE = 0,
59 ROC_IE_ON_SA_ENCAP_UDP = 1,
63 ROC_IE_ON_IV_SRC_HW_GEN_DEFAULT = 0,
64 ROC_IE_ON_IV_SRC_FROM_DPTR = 1,
67 struct roc_ie_on_outb_hdr {
73 union roc_ie_on_bit_perfect_iv {
83 struct roc_ie_on_traffic_selector {
98 struct roc_ie_on_ip_template {
101 uint8_t ipv4_hdr[20];
106 uint8_t ipv6_hdr[40];
113 union roc_on_ipsec_outb_param1 {
116 uint16_t frag_num : 4;
117 uint16_t rsvd_4_6 : 3;
118 uint16_t gre_select : 1;
121 uint16_t min_frag_size : 1;
122 uint16_t per_pkt_iv : 1;
123 uint16_t tfc_pad_enable : 1;
124 uint16_t tfc_dummy_pkt : 1;
125 uint16_t rfc_or_override_mode : 1;
126 uint16_t custom_hdr_or_p99 : 1;
130 union roc_on_ipsec_inb_param2 {
133 uint16_t rsvd_0_10 : 11;
134 uint16_t gre_select : 1;
136 uint16_t udp_cksum : 1;
137 uint16_t ctx_addr_sel : 1;
138 uint16_t custom_hdr_or_p99 : 1;
142 struct roc_ie_on_sa_ctl {
144 uint64_t exp_proto_inter_frag : 8;
145 uint64_t copy_df : 1;
146 uint64_t frag_type : 1;
147 uint64_t explicit_iv_en : 1;
149 uint64_t rsvd_45_44 : 2;
150 uint64_t encap_type : 2;
151 uint64_t enc_type : 3;
152 uint64_t rsvd_48 : 1;
153 uint64_t auth_type : 4;
155 uint64_t direction : 1;
156 uint64_t outer_ip_ver : 1;
157 uint64_t inner_ip_ver : 1;
158 uint64_t ipsec_mode : 1;
159 uint64_t ipsec_proto : 1;
160 uint64_t aes_key_len : 2;
163 struct roc_ie_on_common_sa {
165 struct roc_ie_on_sa_ctl ctl;
168 uint8_t cipher_key[32];
171 union roc_ie_on_bit_perfect_iv iv;
178 struct roc_ie_on_outb_sa {
180 struct roc_ie_on_common_sa common_sa;
185 struct roc_ie_on_ip_template template;
188 uint8_t hmac_key[24];
190 struct roc_ie_on_ip_template template;
195 struct roc_ie_on_ip_template template;
198 uint8_t hmac_key[64];
200 struct roc_ie_on_ip_template template;
205 struct roc_ie_on_inb_sa {
207 struct roc_ie_on_common_sa common_sa;
210 uint8_t udp_encap[8];
215 uint8_t hmac_key[48];
216 struct roc_ie_on_traffic_selector selector;
221 struct roc_ie_on_traffic_selector selector;
224 uint8_t hmac_key[64];
226 struct roc_ie_on_traffic_selector selector;
233 /* CN9K IPsec FP opcodes */
234 #define ROC_IE_ONF_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x25UL
235 #define ROC_IE_ONF_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x26UL
237 /* Ucode completion codes */
238 #define ROC_IE_ON_UCC_SUCCESS 0
239 #define ROC_IE_ON_UCC_ENC_TYPE_ERR 0xB1
240 #define ROC_IE_ON_UCC_IP_VER_ERR 0xB2
241 #define ROC_IE_ON_UCC_PROTO_ERR 0xB3
242 #define ROC_IE_ON_UCC_CTX_INVALID 0xB4
243 #define ROC_IE_ON_UCC_CTX_DIR_MISMATCH 0xB5
244 #define ROC_IE_ON_UCC_IP_PAYLOAD_TYPE_ERR 0xB6
245 #define ROC_IE_ON_UCC_CTX_FLAG_MISMATCH 0xB7
246 #define ROC_IE_ON_UCC_SPI_MISMATCH 0xBE
247 #define ROC_IE_ON_UCC_IP_CHKSUM_ERR 0xBF
248 #define ROC_IE_ON_UCC_AUTH_ERR 0xC3
249 #define ROC_IE_ON_UCC_PADDING_INVALID 0xC4
250 #define ROC_IE_ON_UCC_SA_MISMATCH 0xCC
251 #define ROC_IE_ON_UCC_L2_HDR_INFO_ERR 0xCF
252 #define ROC_IE_ON_UCC_L2_HDR_LEN_ERR 0xE0
254 struct roc_ie_onf_sa_ctl {
256 uint64_t exp_proto_inter_frag : 8;
257 uint64_t rsvd_41_40 : 2;
258 /* Disable SPI, SEQ data in RPTR for Inbound inline */
259 uint64_t spi_seq_dis : 1;
261 uint64_t rsvd_44_45 : 2;
262 uint64_t encap_type : 2;
263 uint64_t enc_type : 3;
264 uint64_t rsvd_48 : 1;
265 uint64_t auth_type : 4;
267 uint64_t direction : 1;
268 uint64_t outer_ip_ver : 1;
269 uint64_t inner_ip_ver : 1;
270 uint64_t ipsec_mode : 1;
271 uint64_t ipsec_proto : 1;
272 uint64_t aes_key_len : 2;
275 struct roc_onf_ipsec_outb_sa {
277 struct roc_ie_onf_sa_ctl ctl;
289 uint8_t cipher_key[32];
292 uint8_t hmac_key[48];
295 struct roc_onf_ipsec_inb_sa {
297 struct roc_ie_onf_sa_ctl ctl;
300 uint8_t nonce[4]; /* Only for AES-GCM */
308 uint8_t cipher_key[32];
311 uint8_t hmac_key[48];
314 #define ROC_ONF_IPSEC_INB_MAX_L2_SZ 32UL
315 #define ROC_ONF_IPSEC_OUTB_MAX_L2_SZ 30UL
316 #define ROC_ONF_IPSEC_OUTB_MAX_L2_INFO_SZ (ROC_ONF_IPSEC_OUTB_MAX_L2_SZ + 2)
318 #define ROC_ONF_IPSEC_INB_RES_OFF 80
319 #define ROC_ONF_IPSEC_INB_SPI_SEQ_SZ 16
321 struct roc_onf_ipsec_outb_hdr {
327 #endif /* __ROC_IE_ON_H__ */