1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2018-2020 Intel Corporation 3 */ 4 5 #ifndef _SA_H_ 6 #define _SA_H_ 7 8 #include <rte_rwlock.h> 9 10 #define IPSEC_MAX_HDR_SIZE 64 11 #define IPSEC_MAX_IV_SIZE 16 12 #define IPSEC_MAX_IV_QWORD (IPSEC_MAX_IV_SIZE / sizeof(uint64_t)) 13 #define TUN_HDR_MSK (RTE_IPSEC_SATP_ECN_MASK | RTE_IPSEC_SATP_DSCP_MASK) 14 15 /* padding alignment for different algorithms */ 16 enum { 17 IPSEC_PAD_DEFAULT = 4, 18 IPSEC_PAD_3DES_CBC = 8, 19 IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE, 20 IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT, 21 IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT, 22 IPSEC_PAD_NULL = IPSEC_PAD_DEFAULT, 23 }; 24 25 /* iv sizes for different algorithms */ 26 enum { 27 IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE, 28 IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t), 29 /* TripleDES supports IV size of 32bits or 64bits but he library 30 * only supports 64bits. 31 */ 32 IPSEC_3DES_IV_SIZE = sizeof(uint64_t), 33 }; 34 35 /* these definitions probably has to be in rte_crypto_sym.h */ 36 union sym_op_ofslen { 37 uint64_t raw; 38 struct { 39 uint32_t offset; 40 uint32_t length; 41 }; 42 }; 43 44 union sym_op_data { 45 #ifdef __SIZEOF_INT128__ 46 __uint128_t raw; 47 #endif 48 struct { 49 uint8_t *va; 50 rte_iova_t pa; 51 }; 52 }; 53 54 #define REPLAY_SQN_NUM 2 55 #define REPLAY_SQN_NEXT(n) ((n) ^ 1) 56 57 struct replay_sqn { 58 rte_rwlock_t rwl; 59 uint64_t sqn; 60 __extension__ uint64_t window[0]; 61 }; 62 63 /*IPSEC SA supported algorithms */ 64 enum sa_algo_type { 65 ALGO_TYPE_NULL = 0, 66 ALGO_TYPE_3DES_CBC, 67 ALGO_TYPE_AES_CBC, 68 ALGO_TYPE_AES_CTR, 69 ALGO_TYPE_AES_GCM, 70 ALGO_TYPE_MAX 71 }; 72 73 struct rte_ipsec_sa { 74 75 uint64_t type; /* type of given SA */ 76 uint64_t udata; /* user defined */ 77 uint32_t size; /* size of given sa object */ 78 uint32_t spi; 79 /* sqn calculations related */ 80 uint64_t sqn_mask; 81 struct { 82 uint32_t win_sz; 83 uint16_t nb_bucket; 84 uint16_t bucket_index_mask; 85 } replay; 86 /* template for crypto op fields */ 87 struct { 88 union sym_op_ofslen cipher; 89 union sym_op_ofslen auth; 90 } ctp; 91 /* cpu-crypto offsets */ 92 union rte_crypto_sym_ofs cofs; 93 /* tx_offload template for tunnel mbuf */ 94 struct { 95 uint64_t msk; 96 uint64_t val; 97 } tx_offload; 98 uint32_t salt; 99 uint8_t algo_type; 100 uint8_t proto; /* next proto */ 101 uint8_t aad_len; 102 uint8_t hdr_len; 103 uint8_t hdr_l3_off; 104 uint8_t icv_len; 105 uint8_t sqh_len; 106 uint8_t iv_ofs; /* offset for algo-specific IV inside crypto op */ 107 uint8_t iv_len; 108 uint8_t pad_align; 109 uint8_t tos_mask; 110 111 /* template for tunnel header */ 112 uint8_t hdr[IPSEC_MAX_HDR_SIZE]; 113 114 /* 115 * sqn and replay window 116 * In case of SA handled by multiple threads *sqn* cacheline 117 * could be shared by multiple cores. 118 * To minimise performance impact, we try to locate in a separate 119 * place from other frequently accesed data. 120 */ 121 union { 122 uint64_t outb; 123 struct { 124 uint32_t rdidx; /* read index */ 125 uint32_t wridx; /* write index */ 126 struct replay_sqn *rsn[REPLAY_SQN_NUM]; 127 } inb; 128 } sqn; 129 130 } __rte_cache_aligned; 131 132 int 133 ipsec_sa_pkt_func_select(const struct rte_ipsec_session *ss, 134 const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf); 135 136 /* inbound processing */ 137 138 uint16_t 139 esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 140 struct rte_crypto_op *cop[], uint16_t num); 141 142 uint16_t 143 esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss, 144 struct rte_mbuf *mb[], uint16_t num); 145 146 uint16_t 147 inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss, 148 struct rte_mbuf *mb[], uint16_t num); 149 150 uint16_t 151 esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss, 152 struct rte_mbuf *mb[], uint16_t num); 153 154 uint16_t 155 inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss, 156 struct rte_mbuf *mb[], uint16_t num); 157 158 uint16_t 159 cpu_inb_pkt_prepare(const struct rte_ipsec_session *ss, 160 struct rte_mbuf *mb[], uint16_t num); 161 162 /* outbound processing */ 163 164 uint16_t 165 esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 166 struct rte_crypto_op *cop[], uint16_t num); 167 168 uint16_t 169 esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 170 struct rte_crypto_op *cop[], uint16_t num); 171 172 uint16_t 173 esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 174 uint16_t num); 175 176 uint16_t 177 pkt_flag_process(const struct rte_ipsec_session *ss, 178 struct rte_mbuf *mb[], uint16_t num); 179 180 uint16_t 181 inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss, 182 struct rte_mbuf *mb[], uint16_t num); 183 184 uint16_t 185 inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss, 186 struct rte_mbuf *mb[], uint16_t num); 187 188 uint16_t 189 inline_proto_outb_pkt_process(const struct rte_ipsec_session *ss, 190 struct rte_mbuf *mb[], uint16_t num); 191 192 uint16_t 193 cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss, 194 struct rte_mbuf *mb[], uint16_t num); 195 uint16_t 196 cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, 197 struct rte_mbuf *mb[], uint16_t num); 198 199 #endif /* _SA_H_ */ 200