1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2022 Marvell. 3 */ 4 5 #ifndef __ROC_IE_OT_H__ 6 #define __ROC_IE_OT_H__ 7 8 /* CN10K IPSEC opcodes */ 9 #define ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x28UL 10 #define ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x29UL 11 12 #define ROC_IE_OT_MAJOR_OP_WRITE_SA 0x01UL 13 #define ROC_IE_OT_MINOR_OP_WRITE_SA 0x09UL 14 15 #define ROC_IE_OT_CTX_ILEN 2 16 /* PKIND to be used for CPT Meta parsing */ 17 #define ROC_IE_OT_CPT_PKIND 58 18 #define ROC_IE_OT_CPT_TS_PKIND 54 19 #define ROC_IE_OT_SA_CTX_HDR_SIZE 1 20 21 enum roc_ie_ot_ucc_ipsec { 22 ROC_IE_OT_UCC_SUCCESS = 0x00, 23 ROC_IE_OT_UCC_ERR_SA_INVAL = 0xb0, 24 ROC_IE_OT_UCC_ERR_SA_EXPIRED = 0xb1, 25 ROC_IE_OT_UCC_ERR_SA_OVERFLOW = 0xb2, 26 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_ALGO = 0xb3, 27 ROC_IE_OT_UCC_ERR_SA_AH_BAD_ALGO = 0xb4, 28 ROC_IE_OT_UCC_ERR_SA_BAD_CTX = 0xb5, 29 ROC_IE_OT_UCC_SA_CTX_FLAG_MISMATCH = 0xb6, 30 ROC_IE_OT_UCC_ERR_AOP_IPSEC = 0xb7, 31 ROC_IE_OT_UCC_ERR_PKT_IP = 0xb8, 32 ROC_IE_OT_UCC_ERR_PKT_IP6_BAD_EXT = 0xb9, 33 ROC_IE_OT_UCC_ERR_PKT_IP6_HBH = 0xba, 34 ROC_IE_OT_UCC_ERR_PKT_IP6_BIGEXT = 0xbb, 35 ROC_IE_OT_UCC_ERR_PKT_IP_ULP = 0xbc, 36 ROC_IE_OT_UCC_ERR_PKT_SA_MISMATCH = 0xbd, 37 ROC_IE_OT_UCC_ERR_PKT_SPI_MISMATCH = 0xbe, 38 ROC_IE_OT_UCC_ERR_PKT_ESP_BADPAD = 0xbf, 39 ROC_IE_OT_UCC_ERR_PKT_BADICV = 0xc0, 40 ROC_IE_OT_UCC_ERR_PKT_REPLAY_SEQ = 0xc1, 41 ROC_IE_OT_UCC_ERR_PKT_BADNH = 0xc2, 42 ROC_IE_OT_UCC_ERR_PKT_SA_PORT_MISMATCH = 0xc3, 43 ROC_IE_OT_UCC_ERR_PKT_BAD_DLEN = 0xc4, 44 ROC_IE_OT_UCC_ERR_SA_ESP_BAD_KEYS = 0xc5, 45 ROC_IE_OT_UCC_ERR_SA_AH_BAD_KEYS = 0xc6, 46 ROC_IE_OT_UCC_ERR_SA_BAD_IP = 0xc7, 47 ROC_IE_OT_UCC_ERR_PKT_IP_FRAG = 0xc8, 48 ROC_IE_OT_UCC_ERR_PKT_REPLAY_WINDOW = 0xc9, 49 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST = 0xf0, 50 ROC_IE_OT_UCC_SUCCESS_PKT_IP_BADCSUM = 0xf1, 51 ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_AGAIN = 0xf2, 52 ROC_IE_OT_UCC_SUCCESS_PKT_L4_GOODCSUM = 0xf3, 53 ROC_IE_OT_UCC_SUCCESS_PKT_L4_BADCSUM = 0xf4, 54 ROC_IE_OT_UCC_SUCCESS_PKT_UDPESP_NZCSUM = 0xf5, 55 ROC_IE_OT_UCC_SUCCESS_PKT_UDP_ZEROCSUM = 0xf6, 56 ROC_IE_OT_UCC_SUCCESS_PKT_IP_GOODCSUM = 0xf7, 57 }; 58 59 enum { 60 ROC_IE_OT_SA_AR_WIN_DISABLED = 0, 61 ROC_IE_OT_SA_AR_WIN_64 = 1, 62 ROC_IE_OT_SA_AR_WIN_128 = 2, 63 ROC_IE_OT_SA_AR_WIN_256 = 3, 64 ROC_IE_OT_SA_AR_WIN_512 = 4, 65 ROC_IE_OT_SA_AR_WIN_1024 = 5, 66 ROC_IE_OT_SA_AR_WIN_2048 = 6, 67 ROC_IE_OT_SA_AR_WIN_4096 = 7, 68 }; 69 70 enum { 71 ROC_IE_OT_SA_PKT_FMT_FULL = 0, 72 ROC_IE_OT_SA_PKT_FMT_META = 1, 73 }; 74 75 enum { 76 ROC_IE_OT_SA_PKT_OUTPUT_DECRYPTED = 0, 77 ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG = 1, 78 ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG = 2, 79 ROC_IE_OT_SA_PKT_OUTPUT_UCODE_BASED_DEFRAG = 3, 80 }; 81 82 enum { 83 ROC_IE_OT_SA_DEFRAG_ALL = 0, 84 ROC_IE_OT_SA_DEFRAG_IN_ORDER = 1, 85 ROC_IE_OT_SA_DEFRAG_IN_REV_ORDER = 2, 86 }; 87 88 enum { 89 ROC_IE_OT_SA_IV_SRC_DEFAULT = 0, 90 ROC_IE_OT_SA_IV_SRC_ENC_CTR = 1, 91 ROC_IE_OT_SA_IV_SRC_FROM_SA = 2, 92 }; 93 94 enum { 95 ROC_IE_OT_SA_COPY_FROM_SA = 0, 96 ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR = 1, 97 }; 98 99 enum { 100 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE = 0, 101 ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE = 1, 102 }; 103 104 enum { 105 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE = 0, 106 ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE = 1, 107 }; 108 109 enum { 110 ROC_IE_OT_SA_ENC_NULL = 0, 111 ROC_IE_OT_SA_ENC_3DES_CBC = 2, 112 ROC_IE_OT_SA_ENC_AES_CBC = 3, 113 ROC_IE_OT_SA_ENC_AES_CTR = 4, 114 ROC_IE_OT_SA_ENC_AES_GCM = 5, 115 ROC_IE_OT_SA_ENC_AES_CCM = 6, 116 }; 117 118 enum { 119 ROC_IE_OT_SA_AUTH_NULL = 0, 120 ROC_IE_OT_SA_AUTH_SHA1 = 2, 121 ROC_IE_OT_SA_AUTH_SHA2_256 = 4, 122 ROC_IE_OT_SA_AUTH_SHA2_384 = 5, 123 ROC_IE_OT_SA_AUTH_SHA2_512 = 6, 124 ROC_IE_OT_SA_AUTH_AES_GMAC = 7, 125 ROC_IE_OT_SA_AUTH_AES_XCBC_128 = 8, 126 }; 127 128 enum { 129 ROC_IE_OT_SA_ENCAP_NONE = 0, 130 ROC_IE_OT_SA_ENCAP_UDP = 1, 131 ROC_IE_OT_SA_ENCAP_TCP = 2, 132 }; 133 134 enum { 135 ROC_IE_OT_SA_LIFE_UNIT_OCTETS = 0, 136 ROC_IE_OT_SA_LIFE_UNIT_PKTS = 1, 137 }; 138 139 enum { 140 ROC_IE_OT_SA_IP_HDR_VERIFY_DISABLED = 0, 141 ROC_IE_OT_SA_IP_HDR_VERIFY_DST_ADDR = 1, 142 ROC_IE_OT_SA_IP_HDR_VERIFY_SRC_DST_ADDR = 2, 143 }; 144 145 enum { 146 ROC_IE_OT_REAS_STS_SUCCESS = 0, 147 ROC_IE_OT_REAS_STS_TIMEOUT = 1, 148 ROC_IE_OT_REAS_STS_EVICT = 2, 149 ROC_IE_OT_REAS_STS_BAD_ORDER = 3, 150 ROC_IE_OT_REAS_STS_TOO_MANY = 4, 151 ROC_IE_OT_REAS_STS_HSH_EVICT = 5, 152 ROC_IE_OT_REAS_STS_OVERLAP = 6, 153 ROC_IE_OT_REAS_STS_ZOMBIE = 7, 154 ROC_IE_OT_REAS_STS_L3P_ERR = 8, 155 ROC_IE_OT_REAS_STS_MAX = 9 156 }; 157 158 enum { 159 ROC_IE_OT_ERR_CTL_MODE_NONE = 0, 160 ROC_IE_OT_ERR_CTL_MODE_CLEAR = 1, 161 ROC_IE_OT_ERR_CTL_MODE_RING = 2, 162 }; 163 164 /* Context units in bytes */ 165 #define ROC_CTX_UNIT_8B 8 166 #define ROC_CTX_UNIT_128B 128 167 #define ROC_CTX_MAX_CKEY_LEN 32 168 #define ROC_CTX_MAX_OPAD_IPAD_LEN 128 169 170 /* Anti reply window size supported */ 171 #define ROC_AR_WIN_SIZE_MIN 64 172 #define ROC_AR_WIN_SIZE_MAX 4096 173 #define ROC_LOG_MIN_AR_WIN_SIZE_M1 5 174 175 /* u64 array size to fit anti replay window bits */ 176 #define ROC_AR_WINBITS_SZ \ 177 (PLT_ALIGN_CEIL(ROC_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / \ 178 BITS_PER_LONG_LONG) 179 180 #define ROC_IPSEC_ERR_RING_MAX_ENTRY 65536 181 182 union roc_ot_ipsec_err_ring_head { 183 uint64_t u64; 184 struct { 185 uint16_t tail_pos; 186 uint16_t tail_gen; 187 uint16_t head_pos; 188 uint16_t head_gen; 189 } s; 190 }; 191 192 union roc_ot_ipsec_err_ring_entry { 193 uint64_t u64; 194 struct { 195 uint64_t data0 : 44; 196 uint64_t data1 : 9; 197 uint64_t rsvd : 3; 198 uint64_t comp_code : 8; 199 } s; 200 }; 201 202 /* Common bit fields between inbound and outbound SA */ 203 union roc_ot_ipsec_sa_word2 { 204 struct { 205 uint64_t valid : 1; 206 uint64_t dir : 1; 207 uint64_t outer_ip_ver : 1; 208 uint64_t rsvd0 : 1; 209 uint64_t mode : 1; 210 uint64_t protocol : 1; 211 uint64_t aes_key_len : 2; 212 213 uint64_t enc_type : 3; 214 uint64_t life_unit : 1; 215 uint64_t auth_type : 4; 216 217 uint64_t encap_type : 2; 218 uint64_t et_ovrwr_ddr_en : 1; 219 uint64_t esn_en : 1; 220 uint64_t tport_l4_incr_csum : 1; 221 uint64_t ip_hdr_verify : 2; 222 uint64_t udp_ports_verify : 1; 223 224 uint64_t rsvd2 : 7; 225 uint64_t async_mode : 1; 226 227 uint64_t spi : 32; 228 } s; 229 uint64_t u64; 230 }; 231 232 PLT_STATIC_ASSERT(sizeof(union roc_ot_ipsec_sa_word2) == 1 * sizeof(uint64_t)); 233 234 union roc_ot_ipsec_outer_ip_hdr { 235 struct { 236 uint32_t dst_addr; 237 uint32_t src_addr; 238 } ipv4; 239 struct { 240 uint8_t src_addr[16]; 241 uint8_t dst_addr[16]; 242 } ipv6; 243 }; 244 245 struct roc_ot_ipsec_inb_ctx_update_reg { 246 uint64_t ar_base; 247 uint64_t ar_valid_mask; 248 uint64_t hard_life; 249 uint64_t soft_life; 250 uint64_t mib_octs; 251 uint64_t mib_pkts; 252 uint64_t ar_winbits[ROC_AR_WINBITS_SZ]; 253 }; 254 255 union roc_ot_ipsec_outb_iv { 256 uint64_t u64[2]; 257 uint8_t iv_dbg[16]; 258 struct { 259 uint8_t iv_dbg1[4]; 260 uint8_t salt[4]; 261 262 uint32_t rsvd; 263 uint8_t iv_dbg2[4]; 264 } s; 265 }; 266 267 struct roc_ot_ipsec_outb_ctx_update_reg { 268 union { 269 struct { 270 uint64_t reserved_0_2 : 3; 271 uint64_t address : 57; 272 uint64_t mode : 4; 273 } s; 274 uint64_t u64; 275 } err_ctl; 276 277 uint64_t esn_val; 278 uint64_t hard_life; 279 uint64_t soft_life; 280 uint64_t mib_octs; 281 uint64_t mib_pkts; 282 }; 283 284 union roc_ot_ipsec_outb_param1 { 285 uint16_t u16; 286 struct { 287 uint16_t l4_csum_disable : 1; 288 uint16_t ip_csum_disable : 1; 289 uint16_t ttl_or_hop_limit : 1; 290 uint16_t dummy_pkt : 1; 291 uint16_t rfc_or_override_mode : 1; 292 uint16_t reserved_5_15 : 11; 293 } s; 294 }; 295 296 union roc_ot_ipsec_inb_param1 { 297 uint16_t u16; 298 struct { 299 uint16_t l4_csum_disable : 1; 300 uint16_t ip_csum_disable : 1; 301 uint16_t esp_trailer_disable : 1; 302 uint16_t reserved_3_15 : 13; 303 } s; 304 }; 305 306 struct roc_ot_ipsec_inb_sa { 307 /* Word0 */ 308 union { 309 struct { 310 uint64_t ar_win : 3; 311 uint64_t hard_life_dec : 1; 312 uint64_t soft_life_dec : 1; 313 uint64_t count_glb_octets : 1; 314 uint64_t count_glb_pkts : 1; 315 uint64_t count_mib_bytes : 1; 316 317 uint64_t count_mib_pkts : 1; 318 uint64_t hw_ctx_off : 7; 319 320 uint64_t ctx_id : 16; 321 322 uint64_t orig_pkt_fabs : 1; 323 uint64_t orig_pkt_free : 1; 324 uint64_t pkind : 6; 325 326 uint64_t rsvd0 : 1; 327 uint64_t et_ovrwr : 1; 328 uint64_t pkt_output : 2; 329 uint64_t pkt_format : 1; 330 uint64_t defrag_opt : 2; 331 uint64_t x2p_dst : 1; 332 333 uint64_t ctx_push_size : 7; 334 uint64_t rsvd1 : 1; 335 336 uint64_t ctx_hdr_size : 2; 337 uint64_t aop_valid : 1; 338 uint64_t rsvd2 : 1; 339 uint64_t ctx_size : 4; 340 } s; 341 uint64_t u64; 342 } w0; 343 344 /* Word1 */ 345 union { 346 struct { 347 uint64_t orig_pkt_aura : 20; 348 uint64_t rsvd3 : 4; 349 uint64_t orig_pkt_foff : 8; 350 uint64_t cookie : 32; 351 } s; 352 uint64_t u64; 353 } w1; 354 355 /* Word 2 */ 356 union { 357 struct { 358 uint64_t valid : 1; 359 uint64_t dir : 1; 360 uint64_t outer_ip_ver : 1; 361 uint64_t rsvd4 : 1; 362 uint64_t ipsec_mode : 1; 363 uint64_t ipsec_protocol : 1; 364 uint64_t aes_key_len : 2; 365 366 uint64_t enc_type : 3; 367 uint64_t life_unit : 1; 368 uint64_t auth_type : 4; 369 370 uint64_t encap_type : 2; 371 uint64_t et_ovrwr_ddr_en : 1; 372 uint64_t esn_en : 1; 373 uint64_t tport_l4_incr_csum : 1; 374 uint64_t ip_hdr_verify : 2; 375 uint64_t udp_ports_verify : 1; 376 377 uint64_t l3hdr_on_err : 1; 378 uint64_t rsvd6 : 6; 379 uint64_t async_mode : 1; 380 381 uint64_t spi : 32; 382 } s; 383 uint64_t u64; 384 } w2; 385 386 /* Word3 */ 387 uint64_t rsvd7; 388 389 /* Word4 - Word7 */ 390 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN]; 391 392 /* Word8 - Word9 */ 393 union { 394 struct { 395 uint32_t rsvd8; 396 uint8_t salt[4]; 397 } s; 398 uint64_t u64; 399 } w8; 400 uint64_t rsvd9; 401 402 /* Word10 */ 403 union { 404 struct { 405 uint64_t rsvd10 : 32; 406 uint64_t udp_src_port : 16; 407 uint64_t udp_dst_port : 16; 408 } s; 409 uint64_t u64; 410 } w10; 411 412 /* Word11 - Word14 */ 413 union roc_ot_ipsec_outer_ip_hdr outer_hdr; 414 415 /* Word15 - Word30 */ 416 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN]; 417 418 /* Word31 - Word100 */ 419 struct roc_ot_ipsec_inb_ctx_update_reg ctx; 420 }; 421 422 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w1) == 423 1 * sizeof(uint64_t)); 424 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w2) == 425 2 * sizeof(uint64_t)); 426 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, cipher_key) == 427 4 * sizeof(uint64_t)); 428 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w8) == 429 8 * sizeof(uint64_t)); 430 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, w10) == 431 10 * sizeof(uint64_t)); 432 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, outer_hdr) == 433 11 * sizeof(uint64_t)); 434 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, hmac_opad_ipad) == 435 15 * sizeof(uint64_t)); 436 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_inb_sa, ctx) == 437 31 * sizeof(uint64_t)); 438 439 struct roc_ot_ipsec_outb_sa { 440 /* Word0 */ 441 union { 442 struct { 443 uint64_t esn_en : 1; 444 uint64_t ip_id : 1; 445 uint64_t rsvd0 : 1; 446 uint64_t hard_life_dec : 1; 447 uint64_t soft_life_dec : 1; 448 uint64_t count_glb_octets : 1; 449 uint64_t count_glb_pkts : 1; 450 uint64_t count_mib_bytes : 1; 451 452 uint64_t count_mib_pkts : 1; 453 uint64_t hw_ctx_off : 7; 454 455 uint64_t ctx_id : 16; 456 uint64_t rsvd1 : 16; 457 458 uint64_t ctx_push_size : 7; 459 uint64_t rsvd2 : 1; 460 461 uint64_t ctx_hdr_size : 2; 462 uint64_t aop_valid : 1; 463 uint64_t rsvd3 : 1; 464 uint64_t ctx_size : 4; 465 } s; 466 uint64_t u64; 467 } w0; 468 469 /* Word1 */ 470 union { 471 struct { 472 uint64_t rsvd4 : 32; 473 uint64_t cookie : 32; 474 } s; 475 uint64_t u64; 476 } w1; 477 478 /* Word 2 */ 479 union { 480 struct { 481 uint64_t valid : 1; 482 uint64_t dir : 1; 483 uint64_t outer_ip_ver : 1; 484 uint64_t rsvd5 : 1; 485 uint64_t ipsec_mode : 1; 486 uint64_t ipsec_protocol : 1; 487 uint64_t aes_key_len : 2; 488 489 uint64_t enc_type : 3; 490 uint64_t life_unit : 1; 491 uint64_t auth_type : 4; 492 493 uint64_t encap_type : 2; 494 uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1; 495 uint64_t dscp_src : 1; 496 uint64_t iv_src : 2; 497 uint64_t ipid_gen : 1; 498 uint64_t rsvd6 : 1; 499 500 uint64_t rsvd7 : 7; 501 uint64_t async_mode : 1; 502 503 uint64_t spi : 32; 504 } s; 505 uint64_t u64; 506 } w2; 507 508 /* Word3 */ 509 uint64_t rsvd8; 510 511 /* Word4 - Word7 */ 512 uint8_t cipher_key[ROC_CTX_MAX_CKEY_LEN]; 513 514 /* Word8 - Word9 */ 515 union roc_ot_ipsec_outb_iv iv; 516 517 /* Word10 */ 518 union { 519 struct { 520 uint64_t rsvd9 : 4; 521 uint64_t ipv4_df_or_ipv6_flw_lbl : 20; 522 523 uint64_t dscp : 6; 524 uint64_t rsvd10 : 2; 525 526 uint64_t udp_dst_port : 16; 527 528 uint64_t udp_src_port : 16; 529 } s; 530 uint64_t u64; 531 } w10; 532 533 /* Word11 - Word14 */ 534 union roc_ot_ipsec_outer_ip_hdr outer_hdr; 535 536 /* Word15 - Word30 */ 537 uint8_t hmac_opad_ipad[ROC_CTX_MAX_OPAD_IPAD_LEN]; 538 539 /* Word31 - Word36 */ 540 struct roc_ot_ipsec_outb_ctx_update_reg ctx; 541 }; 542 543 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w1) == 544 1 * sizeof(uint64_t)); 545 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w2) == 546 2 * sizeof(uint64_t)); 547 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, cipher_key) == 548 4 * sizeof(uint64_t)); 549 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, iv) == 550 8 * sizeof(uint64_t)); 551 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, w10) == 552 10 * sizeof(uint64_t)); 553 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, outer_hdr) == 554 11 * sizeof(uint64_t)); 555 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, hmac_opad_ipad) == 556 15 * sizeof(uint64_t)); 557 PLT_STATIC_ASSERT(offsetof(struct roc_ot_ipsec_outb_sa, ctx) == 558 31 * sizeof(uint64_t)); 559 560 void __roc_api roc_ot_ipsec_inb_sa_init(struct roc_ot_ipsec_inb_sa *sa, 561 bool is_inline); 562 void __roc_api roc_ot_ipsec_outb_sa_init(struct roc_ot_ipsec_outb_sa *sa); 563 #endif /* __ROC_IE_OT_H__ */ 564