1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2022 Marvell.
5 #ifndef __ROC_IE_OT_H__
6 #define __ROC_IE_OT_H__
8 /* CN10K IPSEC opcodes */
9 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL
10 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL
12 #define ROC_IE_OT_MAJOR_OP_WRITE_SA 0x01UL
13 #define ROC_IE_OT_MINOR_OP_WRITE_SA 0x09UL
15 #define ROC_IE_OT_CTX_ILEN 2
16 /* PKIND to be used for CPT Meta parsing */
17 #define ROC_IE_OT_CPT_PKIND 58
18 #define ROC_IE_OT_SA_CTX_HDR_SIZE 1
20 enum roc_ie_ot_ucc_ipsec {
21 ROC_IE_OT_UCC_SUCCESS = 0x00,
22 ROC_IE_OT_UCC_ERR_SA_INVAL = 0xb0,
23 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0xb1,
24 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0xb2,
25 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0xb3,
26 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0xb4,
27 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0xb5,
28 ROC_IE_OT_UCC_SA_CTX_FLAG_MISMATCH = 0xb6,
29 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0xb7,
30 ROC_IE_OT_UCC_ERR_PKT_IP = 0xb8,
31 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0xb9,
32 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0xba,
33 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0xbb,
34 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0xbc,
35 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0xbd,
36 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0xbe,
37 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0xbf,
38 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0xc0,
39 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0xc1,
40 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0xc2,
41 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0xc3,
42 ROC_IE_OT_UCC_ERR_PKT_BAD_DLEN = 0xc4,
43 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0xc5,
44 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0xc6,
45 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0xc7,
46 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0xc8,
47 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0xc9,
48 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0xf0,
49 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0xf1,
50 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0xf2,
51 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0xf3,
52 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0xf4,
53 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0xf5,
54 ROC_IE_OT_UCC_SUCCESS_PKT_UDP_ZEROCSUM = 0xf6,
55 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0xf7,
59 ROC_IE_OT_SA_AR_WIN_DISABLED = 0,
60 ROC_IE_OT_SA_AR_WIN_64 = 1,
61 ROC_IE_OT_SA_AR_WIN_128 = 2,
62 ROC_IE_OT_SA_AR_WIN_256 = 3,
63 ROC_IE_OT_SA_AR_WIN_512 = 4,
64 ROC_IE_OT_SA_AR_WIN_1024 = 5,
65 ROC_IE_OT_SA_AR_WIN_2048 = 6,
66 ROC_IE_OT_SA_AR_WIN_4096 = 7,
70 ROC_IE_OT_SA_PKT_FMT_FULL = 0,
71 ROC_IE_OT_SA_PKT_FMT_META = 1,
75 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0,
76 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1,
77 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2,
78 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3,
82 ROC_IE_OT_SA_DEFRAG_ALL = 0,
83 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1,
84 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2,
88 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0,
89 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1,
90 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2,
94 ROC_IE_OT_SA_COPY_FROM_SA = 0,
95 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1,
99 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0,
100 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1,
104 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0,
105 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1,
109 ROC_IE_OT_SA_ENC_NULL = 0,
110 ROC_IE_OT_SA_ENC_3DES_CBC = 2,
111 ROC_IE_OT_SA_ENC_AES_CBC = 3,
112 ROC_IE_OT_SA_ENC_AES_CTR = 4,
113 ROC_IE_OT_SA_ENC_AES_GCM = 5,
114 ROC_IE_OT_SA_ENC_AES_CCM = 6,
118 ROC_IE_OT_SA_AUTH_NULL = 0,
119 ROC_IE_OT_SA_AUTH_SHA1 = 2,
120 ROC_IE_OT_SA_AUTH_SHA2_256 = 4,
121 ROC_IE_OT_SA_AUTH_SHA2_384 = 5,
122 ROC_IE_OT_SA_AUTH_SHA2_512 = 6,
123 ROC_IE_OT_SA_AUTH_AES_GMAC = 7,
124 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8,
128 ROC_IE_OT_SA_ENCAP_NONE = 0,
129 ROC_IE_OT_SA_ENCAP_UDP = 1,
130 ROC_IE_OT_SA_ENCAP_TCP = 2,
134 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0,
135 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1,
139 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0,
140 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1,
141 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2,
145 ROC_IE_OT_REAS_STS_SUCCESS = 0,
146 ROC_IE_OT_REAS_STS_TIMEOUT = 1,
147 ROC_IE_OT_REAS_STS_EVICT = 2,
148 ROC_IE_OT_REAS_STS_BAD_ORDER = 3,
149 ROC_IE_OT_REAS_STS_TOO_MANY = 4,
150 ROC_IE_OT_REAS_STS_HSH_EVICT = 5,
151 ROC_IE_OT_REAS_STS_OVERLAP = 6,
152 ROC_IE_OT_REAS_STS_ZOMBIE = 7,
153 ROC_IE_OT_REAS_STS_L3P_ERR = 8,
154 ROC_IE_OT_REAS_STS_MAX = 9
158 ROC_IE_OT_ERR_CTL_MODE_NONE = 0,
159 ROC_IE_OT_ERR_CTL_MODE_CLEAR = 1,
160 ROC_IE_OT_ERR_CTL_MODE_RING = 2,
163 /* Context units in bytes */
164 #define ROC_CTX_UNIT_8B 8
165 #define ROC_CTX_UNIT_128B 128
166 #define ROC_CTX_MAX_CKEY_LEN 32
167 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128
169 /* Anti reply window size supported */
170 #define ROC_AR_WIN_SIZE_MIN 64
171 #define ROC_AR_WIN_SIZE_MAX 4096
172 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5
174 /* u64 array size to fit anti replay window bits */
175 #define ROC_AR_WINBITS_SZ \
176 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \
179 #define ROC_IPSEC_ERR_RING_MAX_ENTRY 65536
181 union roc_ot_ipsec_err_ring_head {
191 union roc_ot_ipsec_err_ring_entry {
197 uint64_t comp_code : 8;
201 /* Common bit fields between inbound and outbound SA */
202 union roc_ot_ipsec_sa_word2 {
206 uint64_t outer_ip_ver : 1;
209 uint64_t protocol : 1;
210 uint64_t aes_key_len : 2;
212 uint64_t enc_type : 3;
213 uint64_t life_unit : 1;
214 uint64_t auth_type : 4;
216 uint64_t encap_type : 2;
217 uint64_t et_ovrwr_ddr_en : 1;
219 uint64_t tport_l4_incr_csum : 1;
220 uint64_t ip_hdr_verify : 2;
221 uint64_t udp_ports_verify : 1;
224 uint64_t async_mode : 1;
231 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t));
233 union roc_ot_ipsec_outer_ip_hdr {
239 uint8_t src_addr[16];
240 uint8_t dst_addr[16];
244 struct roc_ot_ipsec_inb_ctx_update_reg {
246 uint64_t ar_valid_mask;
251 uint64_t ar_winbits[ROC_AR_WINBITS_SZ];
254 union roc_ot_ipsec_outb_iv {
266 struct roc_ot_ipsec_outb_ctx_update_reg {
269 uint64_t reserved_0_2 : 3;
270 uint64_t address : 57;
283 union roc_ot_ipsec_outb_param1 {
286 uint16_t l4_csum_disable : 1;
287 uint16_t ip_csum_disable : 1;
288 uint16_t ttl_or_hop_limit : 1;
289 uint16_t dummy_pkt : 1;
290 uint16_t rfc_or_override_mode : 1;
291 uint16_t reserved_5_15 : 11;
295 union roc_ot_ipsec_inb_param1 {
298 uint16_t l4_csum_disable : 1;
299 uint16_t ip_csum_disable : 1;
300 uint16_t esp_trailer_disable : 1;
301 uint16_t reserved_3_15 : 13;
305 struct roc_ot_ipsec_inb_sa {
310 uint64_t hard_life_dec : 1;
311 uint64_t soft_life_dec : 1;
312 uint64_t count_glb_octets : 1;
313 uint64_t count_glb_pkts : 1;
314 uint64_t count_mib_bytes : 1;
316 uint64_t count_mib_pkts : 1;
317 uint64_t hw_ctx_off : 7;
319 uint64_t ctx_id : 16;
321 uint64_t orig_pkt_fabs : 1;
322 uint64_t orig_pkt_free : 1;
326 uint64_t et_ovrwr : 1;
327 uint64_t pkt_output : 2;
328 uint64_t pkt_format : 1;
329 uint64_t defrag_opt : 2;
330 uint64_t x2p_dst : 1;
332 uint64_t ctx_push_size : 7;
335 uint64_t ctx_hdr_size : 2;
336 uint64_t aop_valid : 1;
338 uint64_t ctx_size : 4;
346 uint64_t orig_pkt_aura : 20;
348 uint64_t orig_pkt_foff : 8;
349 uint64_t cookie : 32;
359 uint64_t outer_ip_ver : 1;
361 uint64_t ipsec_mode : 1;
362 uint64_t ipsec_protocol : 1;
363 uint64_t aes_key_len : 2;
365 uint64_t enc_type : 3;
366 uint64_t life_unit : 1;
367 uint64_t auth_type : 4;
369 uint64_t encap_type : 2;
370 uint64_t et_ovrwr_ddr_en : 1;
372 uint64_t tport_l4_incr_csum : 1;
373 uint64_t ip_hdr_verify : 2;
374 uint64_t udp_ports_verify : 1;
376 uint64_t l3hdr_on_err : 1;
378 uint64_t async_mode : 1;
389 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
404 uint64_t rsvd10 : 32;
405 uint64_t udp_src_port : 16;
406 uint64_t udp_dst_port : 16;
411 /* Word11 - Word14 */
412 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
414 /* Word15 - Word30 */
415 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
417 /* Word31 - Word100 */
418 struct roc_ot_ipsec_inb_ctx_update_reg ctx;
421 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) ==
422 1 * sizeof(uint64_t));
423 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) ==
424 2 * sizeof(uint64_t));
425 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) ==
426 4 * sizeof(uint64_t));
427 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) ==
428 8 * sizeof(uint64_t));
429 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) ==
430 10 * sizeof(uint64_t));
431 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) ==
432 11 * sizeof(uint64_t));
433 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) ==
434 15 * sizeof(uint64_t));
435 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) ==
436 31 * sizeof(uint64_t));
438 struct roc_ot_ipsec_outb_sa {
445 uint64_t hard_life_dec : 1;
446 uint64_t soft_life_dec : 1;
447 uint64_t count_glb_octets : 1;
448 uint64_t count_glb_pkts : 1;
449 uint64_t count_mib_bytes : 1;
451 uint64_t count_mib_pkts : 1;
452 uint64_t hw_ctx_off : 7;
454 uint64_t ctx_id : 16;
457 uint64_t ctx_push_size : 7;
460 uint64_t ctx_hdr_size : 2;
461 uint64_t aop_valid : 1;
463 uint64_t ctx_size : 4;
472 uint64_t cookie : 32;
482 uint64_t outer_ip_ver : 1;
484 uint64_t ipsec_mode : 1;
485 uint64_t ipsec_protocol : 1;
486 uint64_t aes_key_len : 2;
488 uint64_t enc_type : 3;
489 uint64_t life_unit : 1;
490 uint64_t auth_type : 4;
492 uint64_t encap_type : 2;
493 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
494 uint64_t dscp_src : 1;
496 uint64_t ipid_gen : 1;
500 uint64_t async_mode : 1;
511 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN];
514 union roc_ot_ipsec_outb_iv iv;
520 uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
525 uint64_t udp_dst_port : 16;
527 uint64_t udp_src_port : 16;
532 /* Word11 - Word14 */
533 union roc_ot_ipsec_outer_ip_hdr outer_hdr;
535 /* Word15 - Word30 */
536 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN];
538 /* Word31 - Word36 */
539 struct roc_ot_ipsec_outb_ctx_update_reg ctx;
542 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) ==
543 1 * sizeof(uint64_t));
544 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) ==
545 2 * sizeof(uint64_t));
546 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) ==
547 4 * sizeof(uint64_t));
548 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) ==
549 8 * sizeof(uint64_t));
550 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) ==
551 10 * sizeof(uint64_t));
552 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) ==
553 11 * sizeof(uint64_t));
554 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) ==
555 15 * sizeof(uint64_t));
556 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) ==
557 31 * sizeof(uint64_t));
559 void __roc_api roc_ot_ipsec_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa,
561 void __roc_api roc_ot_ipsec_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa);
562 #endif /* __ROC_IE_OT_H__ */