1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2022 Marvell.
5 #ifndef __ROC_IE_OT_H__
6 #define __ROC_IE_OT_H__
8 /* CN10K IPSEC opcodes */
9 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
10 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
12 #define ROC_IE_OT_MAJOR_OP_WRITE_SA 0x01UL
13 #define ROC_IE_OT_MINOR_OP_WRITE_SA 0x09UL
15 #define ROC_IE_OT_CTX_ILEN 2
16 /* PKIND to be used for CPT Meta parsing */
17 #define ROC_IE_OT_CPT_PKIND 58
18 #define ROC_IE_OT_SA_CTX_HDR_SIZE 1
20 enum roc_ie_ot_ucc_ipsec {
21 ROC_IE_OT_UCC_SUCCESS = 0x00,
22 ROC_IE_OT_UCC_ERR_SA_INVAL = 0xb0,
23 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0xb1,
24 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0xb2,
25 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0xb3,
26 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0xb4,
27 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0xb5,
28 ROC_IE_OT_UCC_SA_CTX_FLAG_MISMATCH = 0xb6,
29 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0xb7,
30 ROC_IE_OT_UCC_ERR_PKT_IP = 0xb8,
31 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0xb9,
32 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0xba,
33 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0xbb,
34 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0xbc,
35 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0xbd,
36 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0xbe,
37 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0xbf,
38 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0xc0,
39 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0xc1,
40 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0xc2,
41 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0xc3,
42 ROC_IE_OT_UCC_ERR_PKT_BAD_DLEN = 0xc4,
43 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0xc5,
44 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0xc6,
45 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0xc7,
46 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0xc8,
47 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0xc9,
48 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0xf0,
49 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0xf1,
50 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0xf2,
51 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0xf3,
52 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0xf4,
53 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0xf5,
54 ROC_IE_OT_UCC_SUCCESS_PKT_UDP_ZEROCSUM = 0xf6,
55 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0xf7,
59 ROC_IE_OT_SA_AR_WIN_DISABLED = 0,
60 ROC_IE_OT_SA_AR_WIN_64 = 1,
61 ROC_IE_OT_SA_AR_WIN_128 = 2,
62 ROC_IE_OT_SA_AR_WIN_256 = 3,
63 ROC_IE_OT_SA_AR_WIN_512 = 4,
64 ROC_IE_OT_SA_AR_WIN_1024 = 5,
65 ROC_IE_OT_SA_AR_WIN_2048 = 6,
66 ROC_IE_OT_SA_AR_WIN_4096 = 7,
70 ROC_IE_OT_SA_PKT_FMT_FULL = 0,
71 ROC_IE_OT_SA_PKT_FMT_META = 1,
75 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0,
76 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1,
77 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2,
78 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3,
82 ROC_IE_OT_SA_DEFRAG_ALL = 0,
83 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1,
84 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2,
88 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0,
89 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1,
90 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2,
94 ROC_IE_OT_SA_COPY_FROM_SA = 0,
95 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1,
99 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0,
100 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1,
104 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0,
105 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
109 ROC_IE_OT_SA_ENC_NULL = 0,
110 ROC_IE_OT_SA_ENC_3DES_CBC = 2,
111 ROC_IE_OT_SA_ENC_AES_CBC = 3,
112 ROC_IE_OT_SA_ENC_AES_CTR = 4,
113 ROC_IE_OT_SA_ENC_AES_GCM = 5,
114 ROC_IE_OT_SA_ENC_AES_CCM = 6,
118 ROC_IE_OT_SA_AUTH_NULL = 0,
119 ROC_IE_OT_SA_AUTH_SHA1 = 2,
120 ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
121 ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
122 ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
123 ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
124 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
128 ROC_IE_OT_SA_ENCAP_NONE = 0,
129 ROC_IE_OT_SA_ENCAP_UDP = 1,
130 ROC_IE_OT_SA_ENCAP_TCP = 2,
134 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0,
135 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1,
139 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0,
140 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1,
141 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2,
145 ROC_IE_OT_REAS_STS_SUCCESS = 0,
146 ROC_IE_OT_REAS_STS_TIMEOUT = 1,
147 ROC_IE_OT_REAS_STS_EVICT = 2,
148 ROC_IE_OT_REAS_STS_BAD_ORDER = 3,
149 ROC_IE_OT_REAS_STS_TOO_MANY = 4,
150 ROC_IE_OT_REAS_STS_HSH_EVICT = 5,
151 ROC_IE_OT_REAS_STS_OVERLAP = 6,
152 ROC_IE_OT_REAS_STS_ZOMBIE = 7,
153 ROC_IE_OT_REAS_STS_L3P_ERR = 8,
154 ROC_IE_OT_REAS_STS_MAX = 9
158 ROC_IE_OT_ERR_CTL_MODE_NONE = 0,
159 ROC_IE_OT_ERR_CTL_MODE_CLEAR = 1,
160 ROC_IE_OT_ERR_CTL_MODE_RING = 2,
163 /* Context units in bytes */
164 #define ROC_CTX_UNIT_8B 8
165 #define ROC_CTX_UNIT_128B 128
166 #define ROC_CTX_MAX_CKEY_LEN 32
167 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128
169 /* Anti reply window size supported */
170 #define ROC_AR_WIN_SIZE_MIN 64
171 #define ROC_AR_WIN_SIZE_MAX 4096
172 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5
174 /* u64 array size to fit anti replay window bits */
175 #define ROC_AR_WINBITS_SZ \
176 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \
179 /* Common bit fields between inbound and outbound SA */
180 union roc_ot_ipsec_sa_word2 {
184 uint64_t outer_ip_ver : 1;
187 uint64_t protocol : 1;
188 uint64_t aes_key_len : 2;
190 uint64_t enc_type : 3;
191 uint64_t life_unit : 1;
192 uint64_t auth_type : 4;
194 uint64_t encap_type : 2;
195 uint64_t et_ovrwr_ddr_en : 1;
197 uint64_t tport_l4_incr_csum : 1;
198 uint64_t ip_hdr_verify : 2;
199 uint64_t udp_ports_verify : 1;
202 uint64_t async_mode : 1;
209 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t));
211 union roc_ot_ipsec_outer_ip_hdr {
217 uint8_t src_addr[16];
218 uint8_t dst_addr[16];
222 struct roc_ot_ipsec_inb_ctx_update_reg {
224 uint64_t ar_valid_mask;
229 uint64_t ar_winbits[ROC_AR_WINBITS_SZ];
232 union roc_ot_ipsec_outb_iv {
244 struct roc_ot_ipsec_outb_ctx_update_reg {
247 uint64_t reserved_0_2 : 3;
248 uint64_t address : 57;
261 union roc_ot_ipsec_outb_param1 {
264 uint16_t l4_csum_disable : 1;
265 uint16_t ip_csum_disable : 1;
266 uint16_t ttl_or_hop_limit : 1;
267 uint16_t dummy_pkt : 1;
268 uint16_t rfc_or_override_mode : 1;
269 uint16_t reserved_5_15 : 11;
273 union roc_ot_ipsec_inb_param1 {
276 uint16_t l4_csum_disable : 1;
277 uint16_t ip_csum_disable : 1;
278 uint16_t esp_trailer_disable : 1;
279 uint16_t reserved_3_15 : 13;
283 struct roc_ot_ipsec_inb_sa {
288 uint64_t hard_life_dec : 1;
289 uint64_t soft_life_dec : 1;
290 uint64_t count_glb_octets : 1;
291 uint64_t count_glb_pkts : 1;
292 uint64_t count_mib_bytes : 1;
294 uint64_t count_mib_pkts : 1;
295 uint64_t hw_ctx_off : 7;
297 uint64_t ctx_id : 16;
299 uint64_t orig_pkt_fabs : 1;
300 uint64_t orig_pkt_free : 1;
304 uint64_t et_ovrwr : 1;
305 uint64_t pkt_output : 2;
306 uint64_t pkt_format : 1;
307 uint64_t defrag_opt : 2;
308 uint64_t x2p_dst : 1;
310 uint64_t ctx_push_size : 7;
313 uint64_t ctx_hdr_size : 2;
314 uint64_t aop_valid : 1;
316 uint64_t ctx_size : 4;
324 uint64_t orig_pkt_aura : 20;
326 uint64_t orig_pkt_foff : 8;
327 uint64_t cookie : 32;
337 uint64_t outer_ip_ver : 1;
339 uint64_t ipsec_mode : 1;
340 uint64_t ipsec_protocol : 1;
341 uint64_t aes_key_len : 2;
343 uint64_t enc_type : 3;
344 uint64_t life_unit : 1;
345 uint64_t auth_type : 4;
347 uint64_t encap_type : 2;
348 uint64_t et_ovrwr_ddr_en : 1;
350 uint64_t tport_l4_incr_csum : 1;
351 uint64_t ip_hdr_verify : 2;
352 uint64_t udp_ports_verify : 1;
355 uint64_t async_mode : 1;
366 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
381 uint64_t rsvd10 : 32;
382 uint64_t udp_src_port : 16;
383 uint64_t udp_dst_port : 16;
388 /* Word11 - Word14 */
389 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
391 /* Word15 - Word30 */
392 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
394 /* Word31 - Word100 */
395 struct roc_ot_ipsec_inb_ctx_update_reg ctx;
398 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) ==
399 1 * sizeof(uint64_t));
400 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) ==
401 2 * sizeof(uint64_t));
402 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) ==
403 4 * sizeof(uint64_t));
404 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) ==
405 8 * sizeof(uint64_t));
406 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) ==
407 10 * sizeof(uint64_t));
408 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) ==
409 11 * sizeof(uint64_t));
410 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) ==
411 15 * sizeof(uint64_t));
412 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) ==
413 31 * sizeof(uint64_t));
415 struct roc_ot_ipsec_outb_sa {
422 uint64_t hard_life_dec : 1;
423 uint64_t soft_life_dec : 1;
424 uint64_t count_glb_octets : 1;
425 uint64_t count_glb_pkts : 1;
426 uint64_t count_mib_bytes : 1;
428 uint64_t count_mib_pkts : 1;
429 uint64_t hw_ctx_off : 7;
433 uint64_t ctx_push_size : 7;
436 uint64_t ctx_hdr_size : 2;
437 uint64_t aop_valid : 1;
439 uint64_t ctx_size : 4;
448 uint64_t cookie : 32;
458 uint64_t outer_ip_ver : 1;
460 uint64_t ipsec_mode : 1;
461 uint64_t ipsec_protocol : 1;
462 uint64_t aes_key_len : 2;
464 uint64_t enc_type : 3;
465 uint64_t life_unit : 1;
466 uint64_t auth_type : 4;
468 uint64_t encap_type : 2;
469 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
470 uint64_t dscp_src : 1;
472 uint64_t ipid_gen : 1;
476 uint64_t async_mode : 1;
487 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
490 union roc_ot_ipsec_outb_iv iv;
496 uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
501 uint64_t udp_dst_port : 16;
503 uint64_t udp_src_port : 16;
508 /* Word11 - Word14 */
509 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
511 /* Word15 - Word30 */
512 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
514 /* Word31 - Word36 */
515 struct roc_ot_ipsec_outb_ctx_update_reg ctx;
518 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) ==
519 1 * sizeof(uint64_t));
520 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) ==
521 2 * sizeof(uint64_t));
522 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) ==
523 4 * sizeof(uint64_t));
524 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) ==
525 8 * sizeof(uint64_t));
526 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) ==
527 10 * sizeof(uint64_t));
528 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) ==
529 11 * sizeof(uint64_t));
530 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
531 15 * sizeof(uint64_t));
532 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
533 31 * sizeof(uint64_t));
535 void __roc_api roc_ot_ipsec_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa,
537 void __roc_api roc_ot_ipsec_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa);
538 #endif /* __ROC_IE_OT_H__ */