xref: /f-stack/dpdk/drivers/net/ixgbe/ixgbe_ipsec.h (revision 4418919f) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2010-2017 Intel Corporation
3  */
4 
5 #ifndef IXGBE_IPSEC_H_
6 #define IXGBE_IPSEC_H_
7 
8 #include <rte_security.h>
9 
10 #define IPSRXIDX_RX_EN                                    0x00000001
11 #define IPSRXIDX_TABLE_IP                                 0x00000002
12 #define IPSRXIDX_TABLE_SPI                                0x00000004
13 #define IPSRXIDX_TABLE_KEY                                0x00000006
14 #define IPSRXIDX_WRITE                                    0x80000000
15 #define IPSRXIDX_READ                                     0x40000000
16 #define IPSRXMOD_VALID                                    0x00000001
17 #define IPSRXMOD_PROTO                                    0x00000004
18 #define IPSRXMOD_DECRYPT                                  0x00000008
19 #define IPSRXMOD_IPV6                                     0x00000010
20 #define IXGBE_ADVTXD_POPTS_IPSEC                          0x00000400
21 #define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP                 0x00002000
22 #define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN               0x00004000
23 #define IXGBE_RXDADV_IPSEC_STATUS_SECP                    0x00020000
24 #define IXGBE_RXDADV_IPSEC_ERROR_BIT_MASK                 0x18000000
25 #define IXGBE_RXDADV_IPSEC_ERROR_INVALID_PROTOCOL         0x08000000
26 #define IXGBE_RXDADV_IPSEC_ERROR_INVALID_LENGTH           0x10000000
27 #define IXGBE_RXDADV_IPSEC_ERROR_AUTHENTICATION_FAILED    0x18000000
28 
29 #define IPSEC_MAX_RX_IP_COUNT           128
30 #define IPSEC_MAX_SA_COUNT              1024
31 
32 #define ESP_ICV_SIZE 16
33 #define ESP_TRAILER_SIZE 2
34 
35 enum ixgbe_operation {
36 	IXGBE_OP_AUTHENTICATED_ENCRYPTION,
37 	IXGBE_OP_AUTHENTICATED_DECRYPTION
38 };
39 
40 enum ixgbe_gcm_key {
41 	IXGBE_GCM_KEY_128,
42 	IXGBE_GCM_KEY_256
43 };
44 
45 /**
46  * Generic IP address structure
47  * TODO: Find better location for this rte_net.h possibly.
48  **/
49 struct ipaddr {
50 	enum ipaddr_type {
51 		IPv4,
52 		IPv6
53 	} type;
54 	/**< IP Address Type - IPv4/IPv6 */
55 
56 	union {
57 		uint32_t ipv4;
58 		uint32_t ipv6[4];
59 	};
60 };
61 
62 /** inline crypto crypto private session structure */
63 struct ixgbe_crypto_session {
64 	enum ixgbe_operation op;
65 	const uint8_t *key;
66 	uint32_t key_len;
67 	uint32_t salt;
68 	uint32_t sa_index;
69 	uint32_t spi;
70 	struct ipaddr src_ip;
71 	struct ipaddr dst_ip;
72 	struct rte_eth_dev *dev;
73 } __rte_cache_aligned;
74 
75 struct ixgbe_crypto_rx_ip_table {
76 	struct ipaddr ip;
77 	uint16_t ref_count;
78 };
79 struct ixgbe_crypto_rx_sa_table {
80 	uint32_t spi;
81 	uint32_t ip_index;
82 	uint8_t  mode;
83 	uint8_t  used;
84 };
85 
86 struct ixgbe_crypto_tx_sa_table {
87 	uint32_t spi;
88 	uint8_t  used;
89 };
90 
91 union ixgbe_crypto_tx_desc_md {
92 	uint64_t data;
93 	struct {
94 		/**< SA table index */
95 		uint32_t sa_idx;
96 		/**< ICV and ESP trailer length */
97 		uint8_t pad_len;
98 		/**< enable encryption */
99 		uint8_t enc;
100 	};
101 };
102 
103 struct ixgbe_ipsec {
104 	struct ixgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
105 	struct ixgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
106 	struct ixgbe_crypto_tx_sa_table tx_sa_tbl[IPSEC_MAX_SA_COUNT];
107 };
108 
109 
110 int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
111 int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
112 int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
113 					  const void *ip_spec,
114 					  uint8_t is_ipv6);
115 
116 
117 
118 #endif /*IXGBE_IPSEC_H_*/
119