1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #ifndef __ROC_IE_OT_H__
6 #define __ROC_IE_OT_H__
8 /* PKIND to be used for CPT Meta parsing */
9 #define ROC_OT_CPT_META_PKIND 58
11 /* CN10K IPSEC opcodes */
12 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
13 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
15 enum roc_ie_ot_ucc_ipsec {
16 ROC_IE_OT_UCC_SUCCESS = 0x00,
17 ROC_IE_OT_UCC_ERR_SA_INVAL = 0xb0,
18 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0xb1,
19 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0xb2,
20 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0xb3,
21 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0xb4,
22 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0xb5,
23 ROC_IE_OT_UCC_SA_CTX_FLAG_MISMATCH = 0xb6,
24 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0xb7,
25 ROC_IE_OT_UCC_ERR_PKT_IP = 0xb8,
26 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0xb9,
27 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0xba,
28 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0xbb,
29 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0xbc,
30 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0xbd,
31 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0xbe,
32 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0xbf,
33 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0xc0,
34 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0xc1,
35 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0xc2,
36 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0xc3,
37 ROC_IE_OT_UCC_ERR_PKT_BAD_DLEN = 0xc4,
38 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0xc5,
39 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0xc6,
40 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0xc7,
41 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0xc8,
42 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0xc9,
43 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0xf0,
44 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0xf1,
45 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0xf2,
46 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0xf3,
47 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0xf4,
48 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0xf5,
49 ROC_IE_OT_UCC_SUCCESS_PKT_UDP_ZEROCSUM = 0xf6,
50 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0xf7,
54 ROC_IE_OT_SA_AR_WIN_DISABLED = 0,
55 ROC_IE_OT_SA_AR_WIN_64 = 1,
56 ROC_IE_OT_SA_AR_WIN_128 = 2,
57 ROC_IE_OT_SA_AR_WIN_256 = 3,
58 ROC_IE_OT_SA_AR_WIN_512 = 4,
59 ROC_IE_OT_SA_AR_WIN_1024 = 5,
60 ROC_IE_OT_SA_AR_WIN_2048 = 6,
61 ROC_IE_OT_SA_AR_WIN_4096 = 7,
65 ROC_IE_OT_SA_PKT_FMT_FULL = 0,
66 ROC_IE_OT_SA_PKT_FMT_META = 1,
70 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0,
71 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1,
72 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2,
73 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3,
77 ROC_IE_OT_SA_DEFRAG_ALL = 0,
78 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1,
79 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2,
83 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0,
84 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1,
85 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2,
89 ROC_IE_OT_SA_COPY_FROM_SA = 0,
90 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1,
94 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0,
95 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1,
99 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0,
100 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
104 ROC_IE_OT_SA_ENC_NULL = 0,
105 ROC_IE_OT_SA_ENC_3DES_CBC = 2,
106 ROC_IE_OT_SA_ENC_AES_CBC = 3,
107 ROC_IE_OT_SA_ENC_AES_CTR = 4,
108 ROC_IE_OT_SA_ENC_AES_GCM = 5,
109 ROC_IE_OT_SA_ENC_AES_CCM = 6,
113 ROC_IE_OT_SA_AUTH_NULL = 0,
114 ROC_IE_OT_SA_AUTH_SHA1 = 2,
115 ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
116 ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
117 ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
118 ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
119 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
123 ROC_IE_OT_SA_ENCAP_NONE = 0,
124 ROC_IE_OT_SA_ENCAP_UDP = 1,
125 ROC_IE_OT_SA_ENCAP_TCP = 2,
129 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0,
130 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1,
134 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0,
135 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1,
136 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2,
140 ROC_IE_OT_REAS_STS_SUCCESS = 0,
141 ROC_IE_OT_REAS_STS_TIMEOUT = 1,
142 ROC_IE_OT_REAS_STS_EVICT = 2,
143 ROC_IE_OT_REAS_STS_BAD_ORDER = 3,
144 ROC_IE_OT_REAS_STS_TOO_MANY = 4,
145 ROC_IE_OT_REAS_STS_HSH_EVICT = 5,
146 ROC_IE_OT_REAS_STS_OVERLAP = 6,
147 ROC_IE_OT_REAS_STS_ZOMBIE = 7,
148 ROC_IE_OT_REAS_STS_L3P_ERR = 8,
149 ROC_IE_OT_REAS_STS_MAX = 9
151 /* Context units in bytes */
152 #define ROC_CTX_UNIT_8B 8
153 #define ROC_CTX_UNIT_128B 128
154 #define ROC_CTX_MAX_CKEY_LEN 32
155 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128
157 /* Anti reply window size supported */
158 #define ROC_AR_WIN_SIZE_MIN 64
159 #define ROC_AR_WIN_SIZE_MAX 4096
160 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5
162 /* u64 array size to fit anti replay window bits */
163 #define ROC_AR_WINBITS_SZ \
164 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \
167 /* Common bit fields between inbound and outbound SA */
168 union roc_ot_ipsec_sa_word2 {
172 uint64_t outer_ip_ver : 1;
175 uint64_t protocol : 1;
176 uint64_t aes_key_len : 2;
178 uint64_t enc_type : 3;
179 uint64_t life_unit : 1;
180 uint64_t auth_type : 4;
182 uint64_t encap_type : 2;
183 uint64_t et_ovrwr_ddr_en : 1;
185 uint64_t tport_l4_incr_csum : 1;
186 uint64_t ip_hdr_verify : 2;
187 uint64_t udp_ports_verify : 1;
190 uint64_t async_mode : 1;
197 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t));
199 union roc_ot_ipsec_outer_ip_hdr {
205 uint8_t src_addr[16];
206 uint8_t dst_addr[16];
210 struct roc_ot_ipsec_inb_ctx_update_reg {
212 uint64_t ar_valid_mask;
217 uint64_t ar_winbits[ROC_AR_WINBITS_SZ];
220 union roc_ot_ipsec_outb_iv {
232 struct roc_ot_ipsec_outb_ctx_update_reg {
241 union roc_ot_ipsec_outb_param1 {
244 uint16_t l4_csum_disable : 1;
245 uint16_t ip_csum_disable : 1;
246 uint16_t ttl_or_hop_limit : 1;
247 uint16_t dummy_pkt : 1;
248 uint16_t rfc_or_override_mode : 1;
249 uint16_t reserved_5_15 : 11;
253 union roc_ot_ipsec_inb_param1 {
256 uint16_t l4_csum_disable : 1;
257 uint16_t ip_csum_disable : 1;
258 uint16_t esp_trailer_disable : 1;
259 uint16_t reserved_3_15 : 13;
263 struct roc_ot_ipsec_inb_sa {
268 uint64_t hard_life_dec : 1;
269 uint64_t soft_life_dec : 1;
270 uint64_t count_glb_octets : 1;
271 uint64_t count_glb_pkts : 1;
272 uint64_t count_mib_bytes : 1;
274 uint64_t count_mib_pkts : 1;
275 uint64_t hw_ctx_off : 7;
277 uint64_t ctx_id : 16;
279 uint64_t orig_pkt_fabs : 1;
280 uint64_t orig_pkt_free : 1;
284 uint64_t et_ovrwr : 1;
285 uint64_t pkt_output : 2;
286 uint64_t pkt_format : 1;
287 uint64_t defrag_opt : 2;
288 uint64_t x2p_dst : 1;
290 uint64_t ctx_push_size : 7;
293 uint64_t ctx_hdr_size : 2;
294 uint64_t aop_valid : 1;
296 uint64_t ctx_size : 4;
304 uint64_t orig_pkt_aura : 20;
306 uint64_t orig_pkt_foff : 8;
307 uint64_t cookie : 32;
317 uint64_t outer_ip_ver : 1;
319 uint64_t ipsec_mode : 1;
320 uint64_t ipsec_protocol : 1;
321 uint64_t aes_key_len : 2;
323 uint64_t enc_type : 3;
324 uint64_t life_unit : 1;
325 uint64_t auth_type : 4;
327 uint64_t encap_type : 2;
328 uint64_t et_ovrwr_ddr_en : 1;
330 uint64_t tport_l4_incr_csum : 1;
331 uint64_t ip_hdr_verify : 2;
332 uint64_t udp_ports_verify : 1;
335 uint64_t async_mode : 1;
346 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
361 uint64_t rsvd10 : 32;
362 uint64_t udp_src_port : 16;
363 uint64_t udp_dst_port : 16;
368 /* Word11 - Word14 */
369 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
371 /* Word15 - Word30 */
372 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
374 /* Word31 - Word100 */
375 struct roc_ot_ipsec_inb_ctx_update_reg ctx;
378 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) ==
379 1 * sizeof(uint64_t));
380 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) ==
381 2 * sizeof(uint64_t));
382 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) ==
383 4 * sizeof(uint64_t));
384 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) ==
385 8 * sizeof(uint64_t));
386 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) ==
387 10 * sizeof(uint64_t));
388 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) ==
389 11 * sizeof(uint64_t));
390 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) ==
391 15 * sizeof(uint64_t));
392 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) ==
393 31 * sizeof(uint64_t));
395 struct roc_ot_ipsec_outb_sa {
402 uint64_t hard_life_dec : 1;
403 uint64_t soft_life_dec : 1;
404 uint64_t count_glb_octets : 1;
405 uint64_t count_glb_pkts : 1;
406 uint64_t count_mib_bytes : 1;
408 uint64_t count_mib_pkts : 1;
409 uint64_t hw_ctx_off : 7;
413 uint64_t ctx_push_size : 7;
416 uint64_t ctx_hdr_size : 2;
417 uint64_t aop_valid : 1;
419 uint64_t ctx_size : 4;
428 uint64_t cookie : 32;
438 uint64_t outer_ip_ver : 1;
440 uint64_t ipsec_mode : 1;
441 uint64_t ipsec_protocol : 1;
442 uint64_t aes_key_len : 2;
444 uint64_t enc_type : 3;
445 uint64_t life_unit : 1;
446 uint64_t auth_type : 4;
448 uint64_t encap_type : 2;
449 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
450 uint64_t dscp_src : 1;
452 uint64_t ipid_gen : 1;
456 uint64_t async_mode : 1;
467 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
470 union roc_ot_ipsec_outb_iv iv;
476 uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
481 uint64_t udp_dst_port : 16;
483 uint64_t udp_src_port : 16;
488 /* Word11 - Word14 */
489 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
491 /* Word15 - Word30 */
492 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
494 /* Word31 - Word36 */
495 struct roc_ot_ipsec_outb_ctx_update_reg ctx;
498 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) ==
499 1 * sizeof(uint64_t));
500 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) ==
501 2 * sizeof(uint64_t));
502 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) ==
503 4 * sizeof(uint64_t));
504 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) ==
505 8 * sizeof(uint64_t));
506 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) ==
507 10 * sizeof(uint64_t));
508 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) ==
509 11 * sizeof(uint64_t));
510 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
511 15 * sizeof(uint64_t));
512 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
513 31 * sizeof(uint64_t));
515 #endif /* __ROC_IE_OT_H__ */