aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/ixgbe/ixgbe_ipsec.h
blob: fb8fefc83c9f3b2bfcb00bd277aae538852885e2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

/*-
 *   BSD LICENSE
 *
 *   Copyright(c) 2010-2017 Intel Corporation. All rights reserved.
 *   All rights reserved.
 *
 *   Redistribution and use in source and binary forms, with or without
 *   modification, are permitted provided that the following conditions
 *   are met:
 *
 *     * Redistributions of source code must retain the above copyright
 *       notice, this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in
 *       the documentation and/or other materials provided with the
 *       distribution.
 *     * Neither the name of Intel Corporation nor the names of its
 *       contributors may be used to endorse or promote products derived
 *       from this software without specific prior written permission.
 *
 *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef IXGBE_IPSEC_H_
#define IXGBE_IPSEC_H_

#include <rte_security.h>

#define IPSRXIDX_RX_EN                                    0x00000001
#define IPSRXIDX_TABLE_IP                                 0x00000002
#define IPSRXIDX_TABLE_SPI                                0x00000004
#define IPSRXIDX_TABLE_KEY                                0x00000006
#define IPSRXIDX_WRITE                                    0x80000000
#define IPSRXIDX_READ                                     0x40000000
#define IPSRXMOD_VALID                                    0x00000001
#define IPSRXMOD_PROTO                                    0x00000004
#define IPSRXMOD_DECRYPT                                  0x00000008
#define IPSRXMOD_IPV6                                     0x00000010
#define IXGBE_ADVTXD_POPTS_IPSEC                          0x00000400
#define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP                 0x00002000
#define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN               0x00004000
#define IXGBE_RXDADV_IPSEC_STATUS_SECP                    0x00020000
#define IXGBE_RXDADV_IPSEC_ERROR_BIT_MASK                 0x18000000
#define IXGBE_RXDADV_IPSEC_ERROR_INVALID_PROTOCOL         0x08000000
#define IXGBE_RXDADV_IPSEC_ERROR_INVALID_LENGTH           0x10000000
#define IXGBE_RXDADV_IPSEC_ERROR_AUTHENTICATION_FAILED    0x18000000

#define IPSEC_MAX_RX_IP_COUNT           128
#define IPSEC_MAX_SA_COUNT              1024

#define ESP_ICV_SIZE 16
#define ESP_TRAILER_SIZE 2

enum ixgbe_operation {
	IXGBE_OP_AUTHENTICATED_ENCRYPTION,
	IXGBE_OP_AUTHENTICATED_DECRYPTION
};

enum ixgbe_gcm_key {
	IXGBE_GCM_KEY_128,
	IXGBE_GCM_KEY_256
};

/**
 * Generic IP address structure
 * TODO: Find better location for this rte_net.h possibly.
 **/
struct ipaddr {
	enum ipaddr_type {
		IPv4,
		IPv6
	} type;
	/**< IP Address Type - IPv4/IPv6 */

	union {
		uint32_t ipv4;
		uint32_t ipv6[4];
	};
};

/** inline crypto crypto private session structure */
struct ixgbe_crypto_session {
	enum ixgbe_operation op;
	uint8_t *key;
	uint32_t salt;
	uint32_t sa_index;
	uint32_t spi;
	struct ipaddr src_ip;
	struct ipaddr dst_ip;
	struct rte_eth_dev *dev;
} __rte_cache_aligned;

struct ixgbe_crypto_rx_ip_table {
	struct ipaddr ip;
	uint16_t ref_count;
};
struct ixgbe_crypto_rx_sa_table {
	uint32_t spi;
	uint32_t ip_index;
	uint32_t key[4];
	uint32_t salt;
	uint8_t  mode;
	uint8_t  used;
};

struct ixgbe_crypto_tx_sa_table {
	uint32_t spi;
	uint32_t key[4];
	uint32_t salt;
	uint8_t  used;
};

union ixgbe_crypto_tx_desc_md {
	uint64_t data;
	struct {
		/**< SA table index */
		uint32_t sa_idx;
		/**< ICV and ESP trailer length */
		uint8_t pad_len;
		/**< enable encryption */
		uint8_t enc;
	};
};

struct ixgbe_ipsec {
	struct ixgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
	struct ixgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
	struct ixgbe_crypto_tx_sa_table tx_sa_tbl[IPSEC_MAX_SA_COUNT];
};


struct rte_security_ctx *
ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
					  const void *ip_spec,
					  uint8_t is_ipv6);



#endif /*IXGBE_IPSEC_H_*/