4 * Copyright(c) 2010-2017 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #ifndef IXGBE_IPSEC_H_
35 #define IXGBE_IPSEC_H_
37 #include <rte_security.h>
39 #define IPSRXIDX_RX_EN 0x00000001
40 #define IPSRXIDX_TABLE_IP 0x00000002
41 #define IPSRXIDX_TABLE_SPI 0x00000004
42 #define IPSRXIDX_TABLE_KEY 0x00000006
43 #define IPSRXIDX_WRITE 0x80000000
44 #define IPSRXIDX_READ 0x40000000
45 #define IPSRXMOD_VALID 0x00000001
46 #define IPSRXMOD_PROTO 0x00000004
47 #define IPSRXMOD_DECRYPT 0x00000008
48 #define IPSRXMOD_IPV6 0x00000010
49 #define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400
50 #define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000
51 #define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN 0x00004000
52 #define IXGBE_RXDADV_IPSEC_STATUS_SECP 0x00020000
53 #define IXGBE_RXDADV_IPSEC_ERROR_BIT_MASK 0x18000000
54 #define IXGBE_RXDADV_IPSEC_ERROR_INVALID_PROTOCOL 0x08000000
55 #define IXGBE_RXDADV_IPSEC_ERROR_INVALID_LENGTH 0x10000000
56 #define IXGBE_RXDADV_IPSEC_ERROR_AUTHENTICATION_FAILED 0x18000000
58 #define IPSEC_MAX_RX_IP_COUNT 128
59 #define IPSEC_MAX_SA_COUNT 1024
61 #define ESP_ICV_SIZE 16
62 #define ESP_TRAILER_SIZE 2
64 enum ixgbe_operation {
65 IXGBE_OP_AUTHENTICATED_ENCRYPTION,
66 IXGBE_OP_AUTHENTICATED_DECRYPTION
75 * Generic IP address structure
76 * TODO: Find better location for this rte_net.h possibly.
83 /**< IP Address Type - IPv4/IPv6 */
91 /** inline crypto crypto private session structure */
92 struct ixgbe_crypto_session {
93 enum ixgbe_operation op;
100 struct rte_eth_dev *dev;
101 } __rte_cache_aligned;
103 struct ixgbe_crypto_rx_ip_table {
107 struct ixgbe_crypto_rx_sa_table {
116 struct ixgbe_crypto_tx_sa_table {
123 union ixgbe_crypto_tx_desc_md {
126 /**< SA table index */
128 /**< ICV and ESP trailer length */
130 /**< enable encryption */
136 struct ixgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
137 struct ixgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
138 struct ixgbe_crypto_tx_sa_table tx_sa_tbl[IPSEC_MAX_SA_COUNT];
142 struct rte_security_ctx *
143 ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
144 int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
145 int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
151 #endif /*IXGBE_IPSEC_H_*/