drivers/net/iavf/iavf_ipsec_crypto.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(c) 2020 Intel Corporation
   3  */
   4
   5 #ifndef _IAVF_IPSEC_CRYPTO_H_
   6 #define _IAVF_IPSEC_CRYPTO_H_
   7
   8 #include <rte_security.h>
   9
  10 #include "iavf.h"
  11
  12
  13
  14 struct iavf_tx_ipsec_desc {
  15         union {
  16                 struct {
  17                         __le64 qw0;
  18                         __le64 qw1;
  19                 };
  20                 struct {
  21                         __le16 l4payload_length;
  22                         __le32 esn;
  23                         __le16 trailer_length;
  24                         u8 type:4;
  25                         u8 rsv:1;
  26                         u8 udp:1;
  27                         u8 ivlen:2;
  28                         u8 next_header;
  29                         __le16 ipv6_ext_hdr_length;
  30                         __le32 said;
  31                 } __rte_packed;
  32         };
  33 } __rte_packed;
  34
  35 #define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT    0
  36 #define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_MASK     (0x3FFFULL << \
  37                         IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT)
  38
  39 #define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT    16
  40 #define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_MASK     (0xFFFFFFFFULL << \
  41                         IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT)
  42
  43 #define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT  48
  44 #define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_MASK   (0x3FULL << \
  45                         IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT)
  46
  47 #define IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT         5
  48 #define IAVF_IPSEC_TX_DESC_QW1_UDP_MASK          (0x1ULL << \
  49                         IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT)
  50
  51 #define IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT       6
  52 #define IAVF_IPSEC_TX_DESC_QW1_IVLEN_MASK        (0x3ULL << \
  53                         IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT)
  54
  55 #define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT     8
  56 #define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_MASK      (0xFFULL << \
  57                         IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT)
  58
  59 #define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT      16
  60 #define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_MASK       (0xFFULL << \
  61                         IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT)
  62
  63 #define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT     32
  64 #define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_MASK      (0xFFFFFULL << \
  65                         IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT)
  66
  67 /* Initialization Vector Length type */
  68 enum iavf_ipsec_iv_len {
  69         IAVF_IPSEC_IV_LEN_NONE,         /* No IV */
  70         IAVF_IPSEC_IV_LEN_DW,           /* 4B IV */
  71         IAVF_IPSEC_IV_LEN_DDW,          /* 8B IV */
  72         IAVF_IPSEC_IV_LEN_QDW,          /* 16B IV */
  73 };
  74
  75
  76 /* IPsec Crypto Packet Metadata offload flags */
  77 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_IS_TUN               (0x1 << 0)
  78 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_ESN                  (0x1 << 1)
  79 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_IPV6_EXT_HDRS        (0x1 << 2)
  80 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_NATT                 (0x1 << 3)
  81
  82 /**
  83  * Packet metadata data structure used to hold parameters required by the iAVF
  84  * transmit data path. Parameters set for session by calling
  85  * rte_security_set_pkt_metadata() API.
  86  */
  87 struct iavf_ipsec_crypto_pkt_metadata {
  88         uint32_t sa_idx;                /* SA hardware index (20b/4B) */
  89
  90         uint8_t ol_flags;               /* flags (1B) */
  91         uint8_t len_iv;                 /* IV length (2b/1B) */
  92         uint8_t ctx_desc_ipsec_params;  /* IPsec params for ctx desc (7b/1B) */
  93         uint8_t esp_trailer_len;        /* ESP trailer length (6b/1B) */
  94
  95         uint16_t l4_payload_len;        /* L4 payload length */
  96         uint8_t ipv6_ext_hdrs_len;      /* IPv6 extender headers len (5b/1B) */
  97         uint8_t next_proto;             /* Next Protocol (8b/1B) */
  98
  99         uint32_t esn;                   /* Extended Sequence Number (32b/4B) */
 100 } __rte_packed;
 101
 102 /**
 103  * Inline IPsec Crypto offload is supported
 104  */
 105 int
 106 iavf_ipsec_crypto_supported(struct iavf_adapter *adapter);
 107
 108 /**
 109  * Create security context
 110  */
 111 int iavf_security_ctx_create(struct iavf_adapter *adapter);
 112
 113 /**
 114  * Create security context
 115  */
 116 int iavf_security_init(struct iavf_adapter *adapter);
 117
 118 /**
 119  * Set security capabilities
 120  */
 121 int iavf_ipsec_crypto_set_security_capabililites(struct iavf_security_ctx
 122                 *iavf_sctx, struct virtchnl_ipsec_cap *virtchl_capabilities);
 123
 124
 125 int iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
 126
 127 /**
 128  * Destroy security context
 129  */
 130 int iavf_security_ctx_destroy(struct iavf_adapter *adapterv);
 131
 132 /**
 133  * Verify that the inline IPsec Crypto action is valid for this device
 134  */
 135 uint32_t
 136 iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
 137         const struct rte_security_session *session, uint32_t spi);
 138
 139 /**
 140  * Add inbound security policy rule to hardware
 141  */
 142 int
 143 iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
 144         uint32_t esp_spi,
 145         uint8_t is_v4,
 146         rte_be32_t v4_dst_addr,
 147         uint8_t *v6_dst_addr,
 148         uint8_t drop,
 149         bool is_udp,
 150         uint16_t udp_port);
 151
 152 /**
 153  * Delete inbound security policy rule from hardware
 154  */
 155 int
 156 iavf_ipsec_crypto_security_policy_delete(struct iavf_adapter *adapter,
 157         uint8_t is_v4, uint32_t flow_id);
 158
 159 int
 160 iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
 161
 162 #endif /* _IAVF_IPSEC_CRYPTO_H_ */