1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(C) 2021 Marvell. 3 */ 4 5 #ifndef __ROC_IE_ON_H__ 6 #define __ROC_IE_ON_H__ 7 8 /* CN9K IPsec LA */ 9 10 /* CN9K IPsec LA opcodes */ 11 #define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20 12 #define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21 13 #define ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23 14 #define ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24 15 16 /* Ucode completion codes */ 17 enum roc_ie_on_ucc_ipsec { 18 ROC_IE_ON_UCC_SUCCESS = 0, 19 ROC_IE_ON_AUTH_UNSUPPORTED = 0xB0, 20 ROC_IE_ON_ENCRYPT_UNSUPPORTED = 0xB1, 21 /* Software defined completion code for anti-replay failed packets */ 22 ROC_IE_ON_SWCC_ANTI_REPLAY = 0xE7, 23 }; 24 25 /* Helper macros */ 26 #define ROC_IE_ON_INB_RPTR_HDR 0x8 27 #define ROC_IE_ON_MAX_IV_LEN 16 28 #define ROC_IE_ON_PER_PKT_IV BIT(43) 29 30 enum { 31 ROC_IE_ON_SA_ENC_NULL = 0, 32 ROC_IE_ON_SA_ENC_DES_CBC = 1, 33 ROC_IE_ON_SA_ENC_3DES_CBC = 2, 34 ROC_IE_ON_SA_ENC_AES_CBC = 3, 35 ROC_IE_ON_SA_ENC_AES_CTR = 4, 36 ROC_IE_ON_SA_ENC_AES_GCM = 5, 37 ROC_IE_ON_SA_ENC_AES_CCM = 6, 38 }; 39 40 enum { 41 ROC_IE_ON_SA_AUTH_NULL = 0, 42 ROC_IE_ON_SA_AUTH_MD5 = 1, 43 ROC_IE_ON_SA_AUTH_SHA1 = 2, 44 ROC_IE_ON_SA_AUTH_SHA2_224 = 3, 45 ROC_IE_ON_SA_AUTH_SHA2_256 = 4, 46 ROC_IE_ON_SA_AUTH_SHA2_384 = 5, 47 ROC_IE_ON_SA_AUTH_SHA2_512 = 6, 48 ROC_IE_ON_SA_AUTH_AES_GMAC = 7, 49 ROC_IE_ON_SA_AUTH_AES_XCBC_128 = 8, 50 }; 51 52 enum { 53 ROC_IE_ON_SA_FRAG_POST = 0, 54 ROC_IE_ON_SA_FRAG_PRE = 1, 55 }; 56 57 enum { 58 ROC_IE_ON_SA_ENCAP_NONE = 0, 59 ROC_IE_ON_SA_ENCAP_UDP = 1, 60 }; 61 62 enum { 63 ROC_IE_ON_IV_SRC_HW_GEN_DEFAULT = 0, 64 ROC_IE_ON_IV_SRC_FROM_DPTR = 1, 65 }; 66 67 struct roc_ie_on_outb_hdr { 68 uint32_t ip_id; 69 uint32_t seq; 70 uint8_t iv[16]; 71 }; 72 73 union roc_ie_on_bit_perfect_iv { 74 uint8_t aes_iv[16]; 75 uint8_t des_iv[8]; 76 struct { 77 uint8_t nonce[4]; 78 uint8_t iv[8]; 79 uint8_t counter[4]; 80 } gcm; 81 }; 82 83 struct roc_ie_on_traffic_selector { 84 uint16_t src_port[2]; 85 uint16_t dst_port[2]; 86 union { 87 struct { 88 uint32_t src_addr[2]; 89 uint32_t dst_addr[2]; 90 } ipv4; 91 struct { 92 uint8_t src_addr[32]; 93 uint8_t dst_addr[32]; 94 } ipv6; 95 }; 96 }; 97 98 struct roc_ie_on_ip_template { 99 union { 100 struct { 101 uint8_t ipv4_hdr[20]; 102 uint16_t udp_src; 103 uint16_t udp_dst; 104 } ip4; 105 struct { 106 uint8_t ipv6_hdr[40]; 107 uint16_t udp_src; 108 uint16_t udp_dst; 109 } ip6; 110 }; 111 }; 112 113 union roc_on_ipsec_outb_param1 { 114 uint16_t u16; 115 struct { 116 uint16_t frag_num : 4; 117 uint16_t rsvd_4_6 : 3; 118 uint16_t gre_select : 1; 119 uint16_t dsiv : 1; 120 uint16_t ikev2 : 1; 121 uint16_t min_frag_size : 1; 122 uint16_t per_pkt_iv : 1; 123 uint16_t tfc_pad_enable : 1; 124 uint16_t tfc_dummy_pkt : 1; 125 uint16_t rfc_or_override_mode : 1; 126 uint16_t custom_hdr_or_p99 : 1; 127 } s; 128 }; 129 130 union roc_on_ipsec_inb_param2 { 131 uint16_t u16; 132 struct { 133 uint16_t rsvd_0_10 : 11; 134 uint16_t gre_select : 1; 135 uint16_t ikev2 : 1; 136 uint16_t udp_cksum : 1; 137 uint16_t ctx_addr_sel : 1; 138 uint16_t custom_hdr_or_p99 : 1; 139 } s; 140 }; 141 142 struct roc_ie_on_sa_ctl { 143 uint64_t spi : 32; 144 uint64_t exp_proto_inter_frag : 8; 145 uint64_t copy_df : 1; 146 uint64_t frag_type : 1; 147 uint64_t explicit_iv_en : 1; 148 uint64_t esn_en : 1; 149 uint64_t rsvd_45_44 : 2; 150 uint64_t encap_type : 2; 151 uint64_t enc_type : 3; 152 uint64_t rsvd_48 : 1; 153 uint64_t auth_type : 4; 154 uint64_t valid : 1; 155 uint64_t direction : 1; 156 uint64_t outer_ip_ver : 1; 157 uint64_t inner_ip_ver : 1; 158 uint64_t ipsec_mode : 1; 159 uint64_t ipsec_proto : 1; 160 uint64_t aes_key_len : 2; 161 }; 162 163 struct roc_ie_on_common_sa { 164 /* w0 */ 165 struct roc_ie_on_sa_ctl ctl; 166 167 /* w1-w4 */ 168 uint8_t cipher_key[32]; 169 170 /* w5-w6 */ 171 union roc_ie_on_bit_perfect_iv iv; 172 173 /* w7 */ 174 uint32_t esn_hi; 175 uint32_t esn_low; 176 }; 177 178 struct roc_ie_on_outb_sa { 179 /* w0 - w7 */ 180 struct roc_ie_on_common_sa common_sa; 181 182 /* w8-w55 */ 183 union { 184 struct { 185 struct roc_ie_on_ip_template template; 186 } aes_gcm; 187 struct { 188 uint8_t hmac_key[24]; 189 uint8_t unused[24]; 190 struct roc_ie_on_ip_template template; 191 } sha1; 192 struct { 193 uint8_t key[16]; 194 uint8_t unused[32]; 195 struct roc_ie_on_ip_template template; 196 } aes_xcbc; 197 struct { 198 uint8_t hmac_key[64]; 199 uint8_t hmac_iv[64]; 200 struct roc_ie_on_ip_template template; 201 } sha2; 202 }; 203 }; 204 205 struct roc_ie_on_inb_sa { 206 /* w0 - w7 */ 207 struct roc_ie_on_common_sa common_sa; 208 209 /* w8 */ 210 uint8_t udp_encap[8]; 211 212 /* w9-w33 */ 213 union { 214 struct { 215 uint8_t hmac_key[48]; 216 struct roc_ie_on_traffic_selector selector; 217 } sha1_or_gcm; 218 struct { 219 uint8_t key[16]; 220 uint8_t unused[32]; 221 struct roc_ie_on_traffic_selector selector; 222 } aes_xcbc; 223 struct { 224 uint8_t hmac_key[64]; 225 uint8_t hmac_iv[64]; 226 struct roc_ie_on_traffic_selector selector; 227 } sha2; 228 }; 229 }; 230 231 /* CN9K IPsec FP */ 232 233 /* CN9K IPsec FP opcodes */ 234 #define ROC_IE_ONF_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x25UL 235 #define ROC_IE_ONF_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x26UL 236 237 /* Ucode completion codes */ 238 #define ROC_IE_ON_UCC_SUCCESS 0 239 #define ROC_IE_ON_UCC_ENC_TYPE_ERR 0xB1 240 #define ROC_IE_ON_UCC_IP_VER_ERR 0xB2 241 #define ROC_IE_ON_UCC_PROTO_ERR 0xB3 242 #define ROC_IE_ON_UCC_CTX_INVALID 0xB4 243 #define ROC_IE_ON_UCC_CTX_DIR_MISMATCH 0xB5 244 #define ROC_IE_ON_UCC_IP_PAYLOAD_TYPE_ERR 0xB6 245 #define ROC_IE_ON_UCC_CTX_FLAG_MISMATCH 0xB7 246 #define ROC_IE_ON_UCC_SPI_MISMATCH 0xBE 247 #define ROC_IE_ON_UCC_IP_CHKSUM_ERR 0xBF 248 #define ROC_IE_ON_UCC_AUTH_ERR 0xC3 249 #define ROC_IE_ON_UCC_PADDING_INVALID 0xC4 250 #define ROC_IE_ON_UCC_SA_MISMATCH 0xCC 251 #define ROC_IE_ON_UCC_L2_HDR_INFO_ERR 0xCF 252 #define ROC_IE_ON_UCC_L2_HDR_LEN_ERR 0xE0 253 254 struct roc_ie_onf_sa_ctl { 255 uint32_t spi; 256 uint64_t exp_proto_inter_frag : 8; 257 uint64_t rsvd_41_40 : 2; 258 /* Disable SPI, SEQ data in RPTR for Inbound inline */ 259 uint64_t spi_seq_dis : 1; 260 uint64_t esn_en : 1; 261 uint64_t rsvd_44_45 : 2; 262 uint64_t encap_type : 2; 263 uint64_t enc_type : 3; 264 uint64_t rsvd_48 : 1; 265 uint64_t auth_type : 4; 266 uint64_t valid : 1; 267 uint64_t direction : 1; 268 uint64_t outer_ip_ver : 1; 269 uint64_t inner_ip_ver : 1; 270 uint64_t ipsec_mode : 1; 271 uint64_t ipsec_proto : 1; 272 uint64_t aes_key_len : 2; 273 }; 274 275 struct roc_onf_ipsec_outb_sa { 276 /* w0 */ 277 struct roc_ie_onf_sa_ctl ctl; 278 279 /* w1 */ 280 uint8_t nonce[4]; 281 uint16_t udp_src; 282 uint16_t udp_dst; 283 284 /* w2 */ 285 uint32_t ip_src; 286 uint32_t ip_dst; 287 288 /* w3-w6 */ 289 uint8_t cipher_key[32]; 290 291 /* w7-w12 */ 292 uint8_t hmac_key[48]; 293 }; 294 295 struct roc_onf_ipsec_inb_sa { 296 /* w0 */ 297 struct roc_ie_onf_sa_ctl ctl; 298 299 /* w1 */ 300 uint8_t nonce[4]; /* Only for AES-GCM */ 301 uint32_t unused; 302 303 /* w2 */ 304 uint32_t esn_hi; 305 uint32_t esn_low; 306 307 /* w3-w6 */ 308 uint8_t cipher_key[32]; 309 310 /* w7-w12 */ 311 uint8_t hmac_key[48]; 312 }; 313 314 #define ROC_ONF_IPSEC_INB_MAX_L2_SZ 32UL 315 #define ROC_ONF_IPSEC_OUTB_MAX_L2_SZ 30UL 316 #define ROC_ONF_IPSEC_OUTB_MAX_L2_INFO_SZ (ROC_ONF_IPSEC_OUTB_MAX_L2_SZ + 2) 317 318 #define ROC_ONF_IPSEC_INB_RES_OFF 80 319 #define ROC_ONF_IPSEC_INB_SPI_SEQ_SZ 16 320 321 struct roc_onf_ipsec_outb_hdr { 322 uint32_t ip_id; 323 uint32_t seq; 324 uint8_t iv[16]; 325 }; 326 327 #endif /* __ROC_IE_ON_H__ */ 328