1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018-2020 Intel Corporation
9 #define IPSEC_MAX_HDR_SIZE 64
10 #define IPSEC_MAX_IV_SIZE 16
11 #define IPSEC_MAX_IV_QWORD (IPSEC_MAX_IV_SIZE / sizeof(uint64_t))
12 #define TUN_HDR_MSK (RTE_IPSEC_SATP_ECN_MASK | RTE_IPSEC_SATP_DSCP_MASK)
14 /* padding alignment for different algorithms */
16 IPSEC_PAD_DEFAULT = 4,
17 IPSEC_PAD_3DES_CBC = 8,
18 IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE,
19 IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT,
20 IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT,
21 IPSEC_PAD_AES_CCM = IPSEC_PAD_DEFAULT,
22 IPSEC_PAD_CHACHA20_POLY1305 = IPSEC_PAD_DEFAULT,
23 IPSEC_PAD_NULL = IPSEC_PAD_DEFAULT,
24 IPSEC_PAD_AES_GMAC = IPSEC_PAD_DEFAULT,
27 /* iv sizes for different algorithms */
29 IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE,
30 IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t),
31 /* TripleDES supports IV size of 32bits or 64bits but he library
32 * only supports 64bits.
34 IPSEC_3DES_IV_SIZE = sizeof(uint64_t),
37 /* these definitions probably has to be in rte_crypto_sym.h */
47 #ifdef __SIZEOF_INT128__
56 #define REPLAY_SQN_NUM 2
57 #define REPLAY_SQN_NEXT(n) ((n) ^ 1)
62 __extension__ uint64_t window[0];
65 /*IPSEC SA supported algorithms */
73 ALGO_TYPE_CHACHA20_POLY1305,
80 uint64_t type; /* type of given SA */
81 uint64_t udata; /* user defined */
82 uint32_t size; /* size of given sa object */
84 /* sqn calculations related */
89 uint16_t bucket_index_mask;
91 /* template for crypto op fields */
93 union sym_op_ofslen cipher;
94 union sym_op_ofslen auth;
96 /* cpu-crypto offsets */
97 union rte_crypto_sym_ofs cofs;
98 /* tx_offload template for tunnel mbuf */
105 uint8_t proto; /* next proto */
111 uint8_t iv_ofs; /* offset for algo-specific IV inside crypto op */
116 /* template for tunnel header */
117 uint8_t hdr[IPSEC_MAX_HDR_SIZE];
120 * sqn and replay window
121 * In case of SA handled by multiple threads *sqn* cacheline
122 * could be shared by multiple cores.
123 * To minimise performance impact, we try to locate in a separate
124 * place from other frequently accessed data.
129 uint32_t rdidx; /* read index */
130 uint32_t wridx; /* write index */
131 struct replay_sqn *rsn[REPLAY_SQN_NUM];
140 uint64_t authentication_failed;
144 } __rte_cache_aligned;
147 ipsec_sa_pkt_func_select(const struct rte_ipsec_session *ss,
148 const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf);
150 /* inbound processing */
153 esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
154 struct rte_crypto_op *cop[], uint16_t num);
157 esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
158 struct rte_mbuf *mb[], uint16_t num);
161 inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss,
162 struct rte_mbuf *mb[], uint16_t num);
165 esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
166 struct rte_mbuf *mb[], uint16_t num);
169 inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss,
170 struct rte_mbuf *mb[], uint16_t num);
173 cpu_inb_pkt_prepare(const struct rte_ipsec_session *ss,
174 struct rte_mbuf *mb[], uint16_t num);
176 /* outbound processing */
179 esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
180 struct rte_crypto_op *cop[], uint16_t num);
183 esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
184 struct rte_crypto_op *cop[], uint16_t num);
187 esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
191 pkt_flag_process(const struct rte_ipsec_session *ss,
192 struct rte_mbuf *mb[], uint16_t num);
195 inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss,
196 struct rte_mbuf *mb[], uint16_t num);
199 inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss,
200 struct rte_mbuf *mb[], uint16_t num);
203 inline_proto_outb_pkt_process(const struct rte_ipsec_session *ss,
204 struct rte_mbuf *mb[], uint16_t num);
207 cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss,
208 struct rte_mbuf *mb[], uint16_t num);
210 cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss,
211 struct rte_mbuf *mb[], uint16_t num);