1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef __ROC_IE_OT_H__
6 #define __ROC_IE_OT_H__
8 /* PKIND to be used for CPT Meta parsing */
9 #define ROC_OT_CPT_META_PKIND 58
11 /* CN10K IPSEC opcodes */
12 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
13 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
15 #define ROC_IE_OT_MAJOR_OP_WRITE_SA 0x01UL
16 #define ROC_IE_OT_MINOR_OP_WRITE_SA 0x09UL
18 #define ROC_IE_OT_CTX_ILEN 2
20 enum roc_ie_ot_ucc_ipsec {
21 ROC_IE_OT_UCC_SUCCESS = 0x00,
22 ROC_IE_OT_UCC_ERR_SA_INVAL = 0xb0,
23 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0xb1,
24 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0xb2,
25 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0xb3,
26 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0xb4,
27 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0xb5,
28 ROC_IE_OT_UCC_SA_CTX_FLAG_MISMATCH = 0xb6,
29 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0xb7,
30 ROC_IE_OT_UCC_ERR_PKT_IP = 0xb8,
31 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0xb9,
32 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0xba,
33 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0xbb,
34 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0xbc,
35 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0xbd,
36 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0xbe,
37 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0xbf,
38 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0xc0,
39 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0xc1,
40 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0xc2,
41 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0xc3,
42 ROC_IE_OT_UCC_ERR_PKT_BAD_DLEN = 0xc4,
43 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0xc5,
44 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0xc6,
45 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0xc7,
46 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0xc8,
47 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0xc9,
48 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0xf0,
49 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0xf1,
50 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0xf2,
51 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0xf3,
52 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0xf4,
53 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0xf5,
54 ROC_IE_OT_UCC_SUCCESS_PKT_UDP_ZEROCSUM = 0xf6,
55 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0xf7,
59 ROC_IE_OT_SA_AR_WIN_DISABLED = 0,
60 ROC_IE_OT_SA_AR_WIN_64 = 1,
61 ROC_IE_OT_SA_AR_WIN_128 = 2,
62 ROC_IE_OT_SA_AR_WIN_256 = 3,
63 ROC_IE_OT_SA_AR_WIN_512 = 4,
64 ROC_IE_OT_SA_AR_WIN_1024 = 5,
65 ROC_IE_OT_SA_AR_WIN_2048 = 6,
66 ROC_IE_OT_SA_AR_WIN_4096 = 7,
70 ROC_IE_OT_SA_PKT_FMT_FULL = 0,
71 ROC_IE_OT_SA_PKT_FMT_META = 1,
75 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0,
76 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1,
77 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2,
78 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3,
82 ROC_IE_OT_SA_DEFRAG_ALL = 0,
83 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1,
84 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2,
88 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0,
89 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1,
90 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2,
94 ROC_IE_OT_SA_COPY_FROM_SA = 0,
95 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1,
99 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0,
100 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1,
104 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0,
105 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
109 ROC_IE_OT_SA_ENC_NULL = 0,
110 ROC_IE_OT_SA_ENC_3DES_CBC = 2,
111 ROC_IE_OT_SA_ENC_AES_CBC = 3,
112 ROC_IE_OT_SA_ENC_AES_CTR = 4,
113 ROC_IE_OT_SA_ENC_AES_GCM = 5,
114 ROC_IE_OT_SA_ENC_AES_CCM = 6,
118 ROC_IE_OT_SA_AUTH_NULL = 0,
119 ROC_IE_OT_SA_AUTH_SHA1 = 2,
120 ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
121 ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
122 ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
123 ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
124 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
128 ROC_IE_OT_SA_ENCAP_NONE = 0,
129 ROC_IE_OT_SA_ENCAP_UDP = 1,
130 ROC_IE_OT_SA_ENCAP_TCP = 2,
134 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0,
135 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1,
139 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0,
140 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1,
141 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2,
145 ROC_IE_OT_REAS_STS_SUCCESS = 0,
146 ROC_IE_OT_REAS_STS_TIMEOUT = 1,
147 ROC_IE_OT_REAS_STS_EVICT = 2,
148 ROC_IE_OT_REAS_STS_BAD_ORDER = 3,
149 ROC_IE_OT_REAS_STS_TOO_MANY = 4,
150 ROC_IE_OT_REAS_STS_HSH_EVICT = 5,
151 ROC_IE_OT_REAS_STS_OVERLAP = 6,
152 ROC_IE_OT_REAS_STS_ZOMBIE = 7,
153 ROC_IE_OT_REAS_STS_L3P_ERR = 8,
154 ROC_IE_OT_REAS_STS_MAX = 9
156 /* Context units in bytes */
157 #define ROC_CTX_UNIT_8B 8
158 #define ROC_CTX_UNIT_128B 128
159 #define ROC_CTX_MAX_CKEY_LEN 32
160 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128
162 /* Anti reply window size supported */
163 #define ROC_AR_WIN_SIZE_MIN 64
164 #define ROC_AR_WIN_SIZE_MAX 4096
165 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5
167 /* u64 array size to fit anti replay window bits */
168 #define ROC_AR_WINBITS_SZ \
169 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \
172 /* Common bit fields between inbound and outbound SA */
173 union roc_ot_ipsec_sa_word2 {
177 uint64_t outer_ip_ver : 1;
180 uint64_t protocol : 1;
181 uint64_t aes_key_len : 2;
183 uint64_t enc_type : 3;
184 uint64_t life_unit : 1;
185 uint64_t auth_type : 4;
187 uint64_t encap_type : 2;
188 uint64_t et_ovrwr_ddr_en : 1;
190 uint64_t tport_l4_incr_csum : 1;
191 uint64_t ip_hdr_verify : 2;
192 uint64_t udp_ports_verify : 1;
195 uint64_t async_mode : 1;
202 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t));
204 union roc_ot_ipsec_outer_ip_hdr {
210 uint8_t src_addr[16];
211 uint8_t dst_addr[16];
215 struct roc_ot_ipsec_inb_ctx_update_reg {
217 uint64_t ar_valid_mask;
222 uint64_t ar_winbits[ROC_AR_WINBITS_SZ];
225 union roc_ot_ipsec_outb_iv {
237 struct roc_ot_ipsec_outb_ctx_update_reg {
246 union roc_ot_ipsec_outb_param1 {
249 uint16_t l4_csum_disable : 1;
250 uint16_t ip_csum_disable : 1;
251 uint16_t ttl_or_hop_limit : 1;
252 uint16_t dummy_pkt : 1;
253 uint16_t rfc_or_override_mode : 1;
254 uint16_t reserved_5_15 : 11;
258 union roc_ot_ipsec_inb_param1 {
261 uint16_t l4_csum_disable : 1;
262 uint16_t ip_csum_disable : 1;
263 uint16_t esp_trailer_disable : 1;
264 uint16_t reserved_3_15 : 13;
268 struct roc_ot_ipsec_inb_sa {
273 uint64_t hard_life_dec : 1;
274 uint64_t soft_life_dec : 1;
275 uint64_t count_glb_octets : 1;
276 uint64_t count_glb_pkts : 1;
277 uint64_t count_mib_bytes : 1;
279 uint64_t count_mib_pkts : 1;
280 uint64_t hw_ctx_off : 7;
282 uint64_t ctx_id : 16;
284 uint64_t orig_pkt_fabs : 1;
285 uint64_t orig_pkt_free : 1;
289 uint64_t et_ovrwr : 1;
290 uint64_t pkt_output : 2;
291 uint64_t pkt_format : 1;
292 uint64_t defrag_opt : 2;
293 uint64_t x2p_dst : 1;
295 uint64_t ctx_push_size : 7;
298 uint64_t ctx_hdr_size : 2;
299 uint64_t aop_valid : 1;
301 uint64_t ctx_size : 4;
309 uint64_t orig_pkt_aura : 20;
311 uint64_t orig_pkt_foff : 8;
312 uint64_t cookie : 32;
322 uint64_t outer_ip_ver : 1;
324 uint64_t ipsec_mode : 1;
325 uint64_t ipsec_protocol : 1;
326 uint64_t aes_key_len : 2;
328 uint64_t enc_type : 3;
329 uint64_t life_unit : 1;
330 uint64_t auth_type : 4;
332 uint64_t encap_type : 2;
333 uint64_t et_ovrwr_ddr_en : 1;
335 uint64_t tport_l4_incr_csum : 1;
336 uint64_t ip_hdr_verify : 2;
337 uint64_t udp_ports_verify : 1;
340 uint64_t async_mode : 1;
351 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
366 uint64_t rsvd10 : 32;
367 uint64_t udp_src_port : 16;
368 uint64_t udp_dst_port : 16;
373 /* Word11 - Word14 */
374 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
376 /* Word15 - Word30 */
377 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
379 /* Word31 - Word100 */
380 struct roc_ot_ipsec_inb_ctx_update_reg ctx;
383 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) ==
384 1 * sizeof(uint64_t));
385 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) ==
386 2 * sizeof(uint64_t));
387 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) ==
388 4 * sizeof(uint64_t));
389 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) ==
390 8 * sizeof(uint64_t));
391 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) ==
392 10 * sizeof(uint64_t));
393 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) ==
394 11 * sizeof(uint64_t));
395 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) ==
396 15 * sizeof(uint64_t));
397 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) ==
398 31 * sizeof(uint64_t));
400 struct roc_ot_ipsec_outb_sa {
407 uint64_t hard_life_dec : 1;
408 uint64_t soft_life_dec : 1;
409 uint64_t count_glb_octets : 1;
410 uint64_t count_glb_pkts : 1;
411 uint64_t count_mib_bytes : 1;
413 uint64_t count_mib_pkts : 1;
414 uint64_t hw_ctx_off : 7;
418 uint64_t ctx_push_size : 7;
421 uint64_t ctx_hdr_size : 2;
422 uint64_t aop_valid : 1;
424 uint64_t ctx_size : 4;
433 uint64_t cookie : 32;
443 uint64_t outer_ip_ver : 1;
445 uint64_t ipsec_mode : 1;
446 uint64_t ipsec_protocol : 1;
447 uint64_t aes_key_len : 2;
449 uint64_t enc_type : 3;
450 uint64_t life_unit : 1;
451 uint64_t auth_type : 4;
453 uint64_t encap_type : 2;
454 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
455 uint64_t dscp_src : 1;
457 uint64_t ipid_gen : 1;
461 uint64_t async_mode : 1;
472 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
475 union roc_ot_ipsec_outb_iv iv;
481 uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
486 uint64_t udp_dst_port : 16;
488 uint64_t udp_src_port : 16;
493 /* Word11 - Word14 */
494 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
496 /* Word15 - Word30 */
497 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
499 /* Word31 - Word36 */
500 struct roc_ot_ipsec_outb_ctx_update_reg ctx;
503 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) ==
504 1 * sizeof(uint64_t));
505 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) ==
506 2 * sizeof(uint64_t));
507 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) ==
508 4 * sizeof(uint64_t));
509 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) ==
510 8 * sizeof(uint64_t));
511 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) ==
512 10 * sizeof(uint64_t));
513 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) ==
514 11 * sizeof(uint64_t));
515 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
516 15 * sizeof(uint64_t));
517 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
518 31 * sizeof(uint64_t));
520 #endif /* __ROC_IE_OT_H__ */