1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2022 Marvell.
5 #ifndef __ROC_IE_OT_H__
6 #define __ROC_IE_OT_H__
8 /* CN10K IPSEC opcodes */
9 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
10 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
12 #define ROC_IE_OT_MAJOR_OP_WRITE_SA 0x01UL
13 #define ROC_IE_OT_MINOR_OP_WRITE_SA 0x09UL
15 #define ROC_IE_OT_CTX_ILEN 2
16 /* PKIND to be used for CPT Meta parsing */
17 #define ROC_IE_OT_CPT_PKIND 58
18 #define ROC_IE_OT_CPT_TS_PKIND 54
19 #define ROC_IE_OT_SA_CTX_HDR_SIZE 1
21 enum roc_ie_ot_ucc_ipsec {
22 ROC_IE_OT_UCC_SUCCESS = 0x00,
23 ROC_IE_OT_UCC_ERR_SA_INVAL = 0xb0,
24 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0xb1,
25 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0xb2,
26 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0xb3,
27 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0xb4,
28 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0xb5,
29 ROC_IE_OT_UCC_SA_CTX_FLAG_MISMATCH = 0xb6,
30 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0xb7,
31 ROC_IE_OT_UCC_ERR_PKT_IP = 0xb8,
32 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0xb9,
33 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0xba,
34 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0xbb,
35 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0xbc,
36 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0xbd,
37 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0xbe,
38 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0xbf,
39 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0xc0,
40 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0xc1,
41 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0xc2,
42 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0xc3,
43 ROC_IE_OT_UCC_ERR_PKT_BAD_DLEN = 0xc4,
44 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0xc5,
45 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0xc6,
46 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0xc7,
47 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0xc8,
48 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0xc9,
49 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0xf0,
50 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0xf1,
51 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0xf2,
52 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0xf3,
53 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0xf4,
54 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0xf5,
55 ROC_IE_OT_UCC_SUCCESS_PKT_UDP_ZEROCSUM = 0xf6,
56 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0xf7,
60 ROC_IE_OT_SA_AR_WIN_DISABLED = 0,
61 ROC_IE_OT_SA_AR_WIN_64 = 1,
62 ROC_IE_OT_SA_AR_WIN_128 = 2,
63 ROC_IE_OT_SA_AR_WIN_256 = 3,
64 ROC_IE_OT_SA_AR_WIN_512 = 4,
65 ROC_IE_OT_SA_AR_WIN_1024 = 5,
66 ROC_IE_OT_SA_AR_WIN_2048 = 6,
67 ROC_IE_OT_SA_AR_WIN_4096 = 7,
71 ROC_IE_OT_SA_PKT_FMT_FULL = 0,
72 ROC_IE_OT_SA_PKT_FMT_META = 1,
76 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0,
77 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1,
78 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2,
79 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3,
83 ROC_IE_OT_SA_DEFRAG_ALL = 0,
84 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1,
85 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2,
89 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0,
90 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1,
91 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2,
95 ROC_IE_OT_SA_COPY_FROM_SA = 0,
96 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1,
100 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0,
101 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1,
105 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0,
106 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
110 ROC_IE_OT_SA_ENC_NULL = 0,
111 ROC_IE_OT_SA_ENC_3DES_CBC = 2,
112 ROC_IE_OT_SA_ENC_AES_CBC = 3,
113 ROC_IE_OT_SA_ENC_AES_CTR = 4,
114 ROC_IE_OT_SA_ENC_AES_GCM = 5,
115 ROC_IE_OT_SA_ENC_AES_CCM = 6,
119 ROC_IE_OT_SA_AUTH_NULL = 0,
120 ROC_IE_OT_SA_AUTH_SHA1 = 2,
121 ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
122 ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
123 ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
124 ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
125 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
129 ROC_IE_OT_SA_ENCAP_NONE = 0,
130 ROC_IE_OT_SA_ENCAP_UDP = 1,
131 ROC_IE_OT_SA_ENCAP_TCP = 2,
135 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0,
136 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1,
140 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0,
141 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1,
142 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2,
146 ROC_IE_OT_REAS_STS_SUCCESS = 0,
147 ROC_IE_OT_REAS_STS_TIMEOUT = 1,
148 ROC_IE_OT_REAS_STS_EVICT = 2,
149 ROC_IE_OT_REAS_STS_BAD_ORDER = 3,
150 ROC_IE_OT_REAS_STS_TOO_MANY = 4,
151 ROC_IE_OT_REAS_STS_HSH_EVICT = 5,
152 ROC_IE_OT_REAS_STS_OVERLAP = 6,
153 ROC_IE_OT_REAS_STS_ZOMBIE = 7,
154 ROC_IE_OT_REAS_STS_L3P_ERR = 8,
155 ROC_IE_OT_REAS_STS_MAX = 9
159 ROC_IE_OT_ERR_CTL_MODE_NONE = 0,
160 ROC_IE_OT_ERR_CTL_MODE_CLEAR = 1,
161 ROC_IE_OT_ERR_CTL_MODE_RING = 2,
164 /* Context units in bytes */
165 #define ROC_CTX_UNIT_8B 8
166 #define ROC_CTX_UNIT_128B 128
167 #define ROC_CTX_MAX_CKEY_LEN 32
168 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128
170 /* Anti reply window size supported */
171 #define ROC_AR_WIN_SIZE_MIN 64
172 #define ROC_AR_WIN_SIZE_MAX 4096
173 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5
175 /* u64 array size to fit anti replay window bits */
176 #define ROC_AR_WINBITS_SZ \
177 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \
180 #define ROC_IPSEC_ERR_RING_MAX_ENTRY 65536
182 union roc_ot_ipsec_err_ring_head {
192 union roc_ot_ipsec_err_ring_entry {
198 uint64_t comp_code : 8;
202 /* Common bit fields between inbound and outbound SA */
203 union roc_ot_ipsec_sa_word2 {
207 uint64_t outer_ip_ver : 1;
210 uint64_t protocol : 1;
211 uint64_t aes_key_len : 2;
213 uint64_t enc_type : 3;
214 uint64_t life_unit : 1;
215 uint64_t auth_type : 4;
217 uint64_t encap_type : 2;
218 uint64_t et_ovrwr_ddr_en : 1;
220 uint64_t tport_l4_incr_csum : 1;
221 uint64_t ip_hdr_verify : 2;
222 uint64_t udp_ports_verify : 1;
225 uint64_t async_mode : 1;
232 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t));
234 union roc_ot_ipsec_outer_ip_hdr {
240 uint8_t src_addr[16];
241 uint8_t dst_addr[16];
245 struct roc_ot_ipsec_inb_ctx_update_reg {
247 uint64_t ar_valid_mask;
252 uint64_t ar_winbits[ROC_AR_WINBITS_SZ];
255 union roc_ot_ipsec_outb_iv {
267 struct roc_ot_ipsec_outb_ctx_update_reg {
270 uint64_t reserved_0_2 : 3;
271 uint64_t address : 57;
284 union roc_ot_ipsec_outb_param1 {
287 uint16_t l4_csum_disable : 1;
288 uint16_t ip_csum_disable : 1;
289 uint16_t ttl_or_hop_limit : 1;
290 uint16_t dummy_pkt : 1;
291 uint16_t rfc_or_override_mode : 1;
292 uint16_t reserved_5_15 : 11;
296 union roc_ot_ipsec_inb_param1 {
299 uint16_t l4_csum_disable : 1;
300 uint16_t ip_csum_disable : 1;
301 uint16_t esp_trailer_disable : 1;
302 uint16_t reserved_3_15 : 13;
306 struct roc_ot_ipsec_inb_sa {
311 uint64_t hard_life_dec : 1;
312 uint64_t soft_life_dec : 1;
313 uint64_t count_glb_octets : 1;
314 uint64_t count_glb_pkts : 1;
315 uint64_t count_mib_bytes : 1;
317 uint64_t count_mib_pkts : 1;
318 uint64_t hw_ctx_off : 7;
320 uint64_t ctx_id : 16;
322 uint64_t orig_pkt_fabs : 1;
323 uint64_t orig_pkt_free : 1;
327 uint64_t et_ovrwr : 1;
328 uint64_t pkt_output : 2;
329 uint64_t pkt_format : 1;
330 uint64_t defrag_opt : 2;
331 uint64_t x2p_dst : 1;
333 uint64_t ctx_push_size : 7;
336 uint64_t ctx_hdr_size : 2;
337 uint64_t aop_valid : 1;
339 uint64_t ctx_size : 4;
347 uint64_t orig_pkt_aura : 20;
349 uint64_t orig_pkt_foff : 8;
350 uint64_t cookie : 32;
360 uint64_t outer_ip_ver : 1;
362 uint64_t ipsec_mode : 1;
363 uint64_t ipsec_protocol : 1;
364 uint64_t aes_key_len : 2;
366 uint64_t enc_type : 3;
367 uint64_t life_unit : 1;
368 uint64_t auth_type : 4;
370 uint64_t encap_type : 2;
371 uint64_t et_ovrwr_ddr_en : 1;
373 uint64_t tport_l4_incr_csum : 1;
374 uint64_t ip_hdr_verify : 2;
375 uint64_t udp_ports_verify : 1;
377 uint64_t l3hdr_on_err : 1;
379 uint64_t async_mode : 1;
390 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
405 uint64_t rsvd10 : 32;
406 uint64_t udp_src_port : 16;
407 uint64_t udp_dst_port : 16;
412 /* Word11 - Word14 */
413 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
415 /* Word15 - Word30 */
416 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
418 /* Word31 - Word100 */
419 struct roc_ot_ipsec_inb_ctx_update_reg ctx;
422 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) ==
423 1 * sizeof(uint64_t));
424 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) ==
425 2 * sizeof(uint64_t));
426 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) ==
427 4 * sizeof(uint64_t));
428 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) ==
429 8 * sizeof(uint64_t));
430 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) ==
431 10 * sizeof(uint64_t));
432 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) ==
433 11 * sizeof(uint64_t));
434 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) ==
435 15 * sizeof(uint64_t));
436 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) ==
437 31 * sizeof(uint64_t));
439 struct roc_ot_ipsec_outb_sa {
446 uint64_t hard_life_dec : 1;
447 uint64_t soft_life_dec : 1;
448 uint64_t count_glb_octets : 1;
449 uint64_t count_glb_pkts : 1;
450 uint64_t count_mib_bytes : 1;
452 uint64_t count_mib_pkts : 1;
453 uint64_t hw_ctx_off : 7;
455 uint64_t ctx_id : 16;
458 uint64_t ctx_push_size : 7;
461 uint64_t ctx_hdr_size : 2;
462 uint64_t aop_valid : 1;
464 uint64_t ctx_size : 4;
473 uint64_t cookie : 32;
483 uint64_t outer_ip_ver : 1;
485 uint64_t ipsec_mode : 1;
486 uint64_t ipsec_protocol : 1;
487 uint64_t aes_key_len : 2;
489 uint64_t enc_type : 3;
490 uint64_t life_unit : 1;
491 uint64_t auth_type : 4;
493 uint64_t encap_type : 2;
494 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
495 uint64_t dscp_src : 1;
497 uint64_t ipid_gen : 1;
501 uint64_t async_mode : 1;
512 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
515 union roc_ot_ipsec_outb_iv iv;
521 uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
526 uint64_t udp_dst_port : 16;
528 uint64_t udp_src_port : 16;
533 /* Word11 - Word14 */
534 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
536 /* Word15 - Word30 */
537 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
539 /* Word31 - Word36 */
540 struct roc_ot_ipsec_outb_ctx_update_reg ctx;
543 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) ==
544 1 * sizeof(uint64_t));
545 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) ==
546 2 * sizeof(uint64_t));
547 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) ==
548 4 * sizeof(uint64_t));
549 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) ==
550 8 * sizeof(uint64_t));
551 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) ==
552 10 * sizeof(uint64_t));
553 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) ==
554 11 * sizeof(uint64_t));
555 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
556 15 * sizeof(uint64_t));
557 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
558 31 * sizeof(uint64_t));
560 void __roc_api roc_ot_ipsec_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa,
562 void __roc_api roc_ot_ipsec_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa);
563 #endif /* __ROC_IE_OT_H__ */