xref: /dpdk/drivers/net/iavf/iavf_ipsec_crypto.h (revision 578da1bd) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2020 Intel Corporation
3  */
4 
5 #ifndef _IAVF_IPSEC_CRYPTO_H_
6 #define _IAVF_IPSEC_CRYPTO_H_
7 
8 #include <rte_security.h>
9 
10 #include "iavf.h"
11 
12 
13 
14 struct iavf_tx_ipsec_desc {
15 	union {
16 		struct {
17 			__le64 qw0;
18 			__le64 qw1;
19 		};
20 		struct {
21 			__le16 l4payload_length;
22 			__le32 esn;
23 			__le16 trailer_length;
24 			u8 type:4;
25 			u8 rsv:1;
26 			u8 udp:1;
27 			u8 ivlen:2;
28 			u8 next_header;
29 			__le16 ipv6_ext_hdr_length;
30 			__le32 said;
31 		} __rte_packed;
32 	};
33 } __rte_packed;
34 
35 #define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT    0
36 #define IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_MASK     (0x3FFFULL << \
37 			IAVF_IPSEC_TX_DESC_QW0_L4PAYLEN_SHIFT)
38 
39 #define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT    16
40 #define IAVF_IPSEC_TX_DESC_QW0_IPSECESN_MASK     (0xFFFFFFFFULL << \
41 			IAVF_IPSEC_TX_DESC_QW0_IPSECESN_SHIFT)
42 
43 #define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT  48
44 #define IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_MASK   (0x3FULL << \
45 			IAVF_IPSEC_TX_DESC_QW0_TRAILERLEN_SHIFT)
46 
47 #define IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT         5
48 #define IAVF_IPSEC_TX_DESC_QW1_UDP_MASK          (0x1ULL << \
49 			IAVF_IPSEC_TX_DESC_QW1_UDP_SHIFT)
50 
51 #define IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT       6
52 #define IAVF_IPSEC_TX_DESC_QW1_IVLEN_MASK        (0x3ULL << \
53 			IAVF_IPSEC_TX_DESC_QW1_IVLEN_SHIFT)
54 
55 #define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT     8
56 #define IAVF_IPSEC_TX_DESC_QW1_IPSECNH_MASK      (0xFFULL << \
57 			IAVF_IPSEC_TX_DESC_QW1_IPSECNH_SHIFT)
58 
59 #define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT      16
60 #define IAVF_IPSEC_TX_DESC_QW1_EXTLEN_MASK       (0xFFULL << \
61 			IAVF_IPSEC_TX_DESC_QW1_EXTLEN_SHIFT)
62 
63 #define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT     32
64 #define IAVF_IPSEC_TX_DESC_QW1_IPSECSA_MASK      (0xFFFFFULL << \
65 			IAVF_IPSEC_TX_DESC_QW1_IPSECSA_SHIFT)
66 
67 /* Initialization Vector Length type */
68 enum iavf_ipsec_iv_len {
69 	IAVF_IPSEC_IV_LEN_NONE,		/* No IV */
70 	IAVF_IPSEC_IV_LEN_DW,		/* 4B IV */
71 	IAVF_IPSEC_IV_LEN_DDW,		/* 8B IV */
72 	IAVF_IPSEC_IV_LEN_QDW,		/* 16B IV */
73 };
74 
75 
76 /* IPsec Crypto Packet Metadata offload flags */
77 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_IS_TUN		(0x1 << 0)
78 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_ESN			(0x1 << 1)
79 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_IPV6_EXT_HDRS	(0x1 << 2)
80 #define IAVF_IPSEC_CRYPTO_OL_FLAGS_NATT			(0x1 << 3)
81 
82 /**
83  * Packet metadata data structure used to hold parameters required by the iAVF
84  * transmit data path. Parameters set for session by calling
85  * rte_security_set_pkt_metadata() API.
86  */
87 struct iavf_ipsec_crypto_pkt_metadata {
88 	uint32_t sa_idx;                /* SA hardware index (20b/4B) */
89 
90 	uint8_t ol_flags;		/* flags (1B) */
91 	uint8_t len_iv;			/* IV length (2b/1B) */
92 	uint8_t ctx_desc_ipsec_params;	/* IPsec params for ctx desc (7b/1B) */
93 	uint8_t esp_trailer_len;	/* ESP trailer length (6b/1B) */
94 
95 	uint16_t l4_payload_len;	/* L4 payload length */
96 	uint8_t ipv6_ext_hdrs_len;	/* IPv6 extender headers len (5b/1B) */
97 	uint8_t next_proto;		/* Next Protocol (8b/1B) */
98 
99 	uint32_t esn;		        /* Extended Sequence Number (32b/4B) */
100 } __rte_packed;
101 
102 /**
103  * Inline IPsec Crypto offload is supported
104  */
105 int
106 iavf_ipsec_crypto_supported(struct iavf_adapter *adapter);
107 
108 /**
109  * Create security context
110  */
111 int iavf_security_ctx_create(struct iavf_adapter *adapter);
112 
113 /**
114  * Create security context
115  */
116 int iavf_security_init(struct iavf_adapter *adapter);
117 
118 /**
119  * Set security capabilities
120  */
121 int iavf_ipsec_crypto_set_security_capabililites(struct iavf_security_ctx
122 		*iavf_sctx, struct virtchnl_ipsec_cap *virtchl_capabilities);
123 
124 
125 int iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
126 
127 /**
128  * Destroy security context
129  */
130 int iavf_security_ctx_destroy(struct iavf_adapter *adapterv);
131 
132 /**
133  * Verify that the inline IPsec Crypto action is valid for this device
134  */
135 uint32_t
136 iavf_ipsec_crypto_action_valid(struct rte_eth_dev *ethdev,
137 	const struct rte_security_session *session, uint32_t spi);
138 
139 /**
140  * Add inbound security policy rule to hardware
141  */
142 int
143 iavf_ipsec_crypto_inbound_security_policy_add(struct iavf_adapter *adapter,
144 	uint32_t esp_spi,
145 	uint8_t is_v4,
146 	rte_be32_t v4_dst_addr,
147 	uint8_t *v6_dst_addr,
148 	uint8_t drop,
149 	bool is_udp,
150 	uint16_t udp_port);
151 
152 /**
153  * Delete inbound security policy rule from hardware
154  */
155 int
156 iavf_ipsec_crypto_security_policy_delete(struct iavf_adapter *adapter,
157 	uint8_t is_v4, uint32_t flow_id);
158 
159 int
160 iavf_security_get_pkt_md_offset(struct iavf_adapter *adapter);
161 
162 #endif /* _IAVF_IPSEC_CRYPTO_H_ */
163