1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2020 Intel Corporation
5 #ifndef _IAVF_IPSEC_CRYPTO_H_
6 #define _IAVF_IPSEC_CRYPTO_H_
8 #include <rte_security.h>
14 struct iavf_tx_ipsec_desc {
21 __le16 l4payload_length;
23 __le16 trailer_length;
29 __le16 ipv6_ext_hdr_length;
35 #define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT 0
36 #define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_MASK (0x3FFFULL << \
37 IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT)
39 #define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT 16
40 #define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_MASK (0xFFFFFFFFULL << \
41 IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT)
43 #define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT 48
44 #define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_MASK (0x3FULL << \
45 IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT)
47 #define IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT 5
48 #define IAVF_IPSEC_TX_DESC_QW1_UDP_MASK (0x1ULL << \
49 IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT)
51 #define IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT 6
52 #define IAVF_IPSEC_TX_DESC_QW1_IVLEN_MASK (0x3ULL << \
53 IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT)
55 #define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT 8
56 #define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_MASK (0xFFULL << \
57 IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT)
59 #define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT 16
60 #define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_MASK (0xFFULL << \
61 IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT)
63 #define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT 32
64 #define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_MASK (0xFFFFFULL << \
65 IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT)
67 /* Initialization Vector Length type */
68 enum iavf_ipsec_iv_len {
69 IAVF_IPSEC_IV_LEN_NONE, /* No IV */
70 IAVF_IPSEC_IV_LEN_DW, /* 4B IV */
71 IAVF_IPSEC_IV_LEN_DDW, /* 8B IV */
72 IAVF_IPSEC_IV_LEN_QDW, /* 16B IV */
76 /* IPsec Crypto Packet Metadata offload flags */
77 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_IS_TUN (0x1 << 0)
78 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_ESN (0x1 << 1)
79 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_IPV6_EXT_HDRS (0x1 << 2)
80 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_NATT (0x1 << 3)
83 * Packet metadata data structure used to hold parameters required by the iAVF
84 * transmit data path. Parameters set for session by calling
85 * rte_security_set_pkt_metadata() API.
87 struct iavf_ipsec_crypto_pkt_metadata {
88 uint32_t sa_idx; /* SA hardware index (20b/4B) */
90 uint8_t ol_flags; /* flags (1B) */
91 uint8_t len_iv; /* IV length (2b/1B) */
92 uint8_t ctx_desc_ipsec_params; /* IPsec params for ctx desc (7b/1B) */
93 uint8_t esp_trailer_len; /* ESP trailer length (6b/1B) */
95 uint16_t l4_payload_len; /* L4 payload length */
96 uint8_t ipv6_ext_hdrs_len; /* IPv6 extender headers len (5b/1B) */
97 uint8_t next_proto; /* Next Protocol (8b/1B) */
99 uint32_t esn; /* Extended Sequence Number (32b/4B) */
103 * Inline IPsec Crypto offload is supported
106 iavf_ipsec_crypto_supported(struct iavf_adapter *adapter);
109 * Create security context
111 int iavf_security_ctx_create(struct iavf_adapter *adapter);
114 * Create security context
116 int iavf_security_init(struct iavf_adapter *adapter);
119 * Set security capabilities
121 int iavf_ipsec_crypto_set_security_capabililites(struct iavf_security_ctx
122 *iavf_sctx, struct virtchnl_ipsec_cap *virtchl_capabilities);
125 int iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
128 * Destroy security context
130 int iavf_security_ctx_destroy(struct iavf_adapter *adapterv);
133 * Verify that the inline IPsec Crypto action is valid for this device
136 iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
137 const struct rte_security_session *session, uint32_t spi);
140 * Add inbound security policy rule to hardware
143 iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
146 rte_be32_t v4_dst_addr,
147 uint8_t *v6_dst_addr,
153 * Delete inbound security policy rule from hardware
156 iavf_ipsec_crypto_security_policy_delete(struct iavf_adapter *adapter,
157 uint8_t is_v4, uint32_t flow_id);
160 iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
162 #endif /* _IAVF_IPSEC_CRYPTO_H_ */