drivers/net/ixgbe/ixgbe_ipsec.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(c) 2010-2017 Intel Corporation
   3  */
   4
   5 #ifndef IXGBE_IPSEC_H_
   6 #define IXGBE_IPSEC_H_
   7
   8 #include <rte_security.h>
   9
  10 #define IPSRXIDX_RX_EN                                    0x00000001
  11 #define IPSRXIDX_TABLE_IP                                 0x00000002
  12 #define IPSRXIDX_TABLE_SPI                                0x00000004
  13 #define IPSRXIDX_TABLE_KEY                                0x00000006
  14 #define IPSRXIDX_WRITE                                    0x80000000
  15 #define IPSRXIDX_READ                                     0x40000000
  16 #define IPSRXMOD_VALID                                    0x00000001
  17 #define IPSRXMOD_PROTO                                    0x00000004
  18 #define IPSRXMOD_DECRYPT                                  0x00000008
  19 #define IPSRXMOD_IPV6                                     0x00000010
  20 #define IXGBE_ADVTXD_POPTS_IPSEC                          0x00000400
  21 #define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP                 0x00002000
  22 #define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN               0x00004000
  23 #define IXGBE_RXDADV_IPSEC_STATUS_SECP                    0x00020000
  24 #define IXGBE_RXDADV_IPSEC_ERROR_BIT_MASK                 0x18000000
  25 #define IXGBE_RXDADV_IPSEC_ERROR_INVALID_PROTOCOL         0x08000000
  26 #define IXGBE_RXDADV_IPSEC_ERROR_INVALID_LENGTH           0x10000000
  27 #define IXGBE_RXDADV_IPSEC_ERROR_AUTHENTICATION_FAILED    0x18000000
  28
  29 #define IPSEC_MAX_RX_IP_COUNT           128
  30 #define IPSEC_MAX_SA_COUNT              1024
  31
  32 #define ESP_ICV_SIZE 16
  33 #define ESP_TRAILER_SIZE 2
  34
  35 enum ixgbe_operation {
  36         IXGBE_OP_AUTHENTICATED_ENCRYPTION,
  37         IXGBE_OP_AUTHENTICATED_DECRYPTION
  38 };
  39
  40 enum ixgbe_gcm_key {
  41         IXGBE_GCM_KEY_128,
  42         IXGBE_GCM_KEY_256
  43 };
  44
  45 /**
  46  * Generic IP address structure
  47  * TODO: Find better location for this rte_net.h possibly.
  48  **/
  49 struct ipaddr {
  50         enum ipaddr_type {
  51                 IPv4,
  52                 IPv6
  53         } type;
  54         /**< IP Address Type - IPv4/IPv6 */
  55
  56         union {
  57                 uint32_t ipv4;
  58                 uint32_t ipv6[4];
  59         };
  60 };
  61
  62 /** inline crypto crypto private session structure */
  63 struct ixgbe_crypto_session {
  64         enum ixgbe_operation op;
  65         const uint8_t *key;
  66         uint32_t key_len;
  67         uint32_t salt;
  68         uint32_t sa_index;
  69         uint32_t spi;
  70         struct ipaddr src_ip;
  71         struct ipaddr dst_ip;
  72         struct rte_eth_dev *dev;
  73 } __rte_cache_aligned;
  74
  75 struct ixgbe_crypto_rx_ip_table {
  76         struct ipaddr ip;
  77         uint16_t ref_count;
  78 };
  79 struct ixgbe_crypto_rx_sa_table {
  80         uint32_t spi;
  81         uint32_t ip_index;
  82         uint8_t  mode;
  83         uint8_t  used;
  84 };
  85
  86 struct ixgbe_crypto_tx_sa_table {
  87         uint32_t spi;
  88         uint8_t  used;
  89 };
  90
  91 union ixgbe_crypto_tx_desc_md {
  92         uint64_t data;
  93         struct {
  94                 /**< SA table index */
  95                 uint32_t sa_idx;
  96                 /**< ICV and ESP trailer length */
  97                 uint8_t pad_len;
  98                 /**< enable encryption */
  99                 uint8_t enc;
 100         };
 101 };
 102
 103 struct ixgbe_ipsec {
 104         struct ixgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
 105         struct ixgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
 106         struct ixgbe_crypto_tx_sa_table tx_sa_tbl[IPSEC_MAX_SA_COUNT];
 107 };
 108
 109
 110 int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
 111 int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
 112 int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
 113                                           const void *ip_spec,
 114                                           uint8_t is_ipv6);
 115
 116
 117
 118 #endif /*IXGBE_IPSEC_H_*/