John Baldwin 4f13842f75 Add support for KTLS in the Chelsio TOE module.
This adds a TOE hook to allocate a KTLS session.  It also recognizes
TLS mbufs in the socket buffer and sends those to the NIC using a TLS
work request to encrypt the record before segmenting it.

TOE TLS support must be enabled via the dev.t6nex.<N>.tls sysctl in
addition to enabling KTLS.

Reviewed by:	np, gallatin
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D21891
2019-10-08 21:40:42 +00:00

592 lines
18 KiB
C

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2017-2018 Chelsio Communications, Inc.
* All rights reserved.
* Written by: John Baldwin <jhb@FreeBSD.org>, Atul Gupta
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*
*/
#ifndef __T4_TLS_H__
#define __T4_TLS_H__
#define TLS1_VERSION 0x0301
#define TLS1_1_VERSION 0x0302
#define TLS1_2_VERSION 0x0303
#define TLS_MAX_VERSION TLS1_2_VERSION
#define DTLS1_VERSION 0xFEFF
#define DTLS1_2_VERSION 0xFEFD
#define DTLS_MAX_VERSION DTLS1_2_VERSION
#define DTLS1_VERSION_MAJOR 0xFE
/* Custom socket options for TLS+TOE. */
#define MAX_MAC_KSZ 64 /*512 bits */
#define MAX_CIPHER_KSZ 32 /* 256 bits */
#define CIPHER_BLOCK_SZ 16
#define SALT_SIZE 4
/* Can accomodate 16, 11-15 are reserved */
enum {
CHSSL_SHA_NOP,
CHSSL_SHA1,
CHSSL_SHA224,
CHSSL_SHA256,
CHSSL_GHASH,
CHSSL_SHA512_224,
CHSSL_SHA512_256,
CHSSL_SHA512_384,
CHSSL_SHA512_512,
CHSSL_CBCMAC,
CHSSL_CMAC,
};
/* Can accomodate 16, 8-15 are reserved */
enum {
CHSSL_CIPH_NOP,
CHSSL_AES_CBC,
CHSSL_AES_GCM,
CHSSL_AES_CTR,
CHSSL_AES_GEN,
CHSSL_IPSEC_ESP,
CHSSL_AES_XTS,
CHSSL_AES_CCM,
};
/* Key Context Programming Operation type */
#define KEY_WRITE_RX 0x1
#define KEY_WRITE_TX 0x2
#define KEY_DELETE_RX 0x4
#define KEY_DELETE_TX 0x8
#define S_KEY_CLR_LOC 4
#define M_KEY_CLR_LOC 0xf
#define V_KEY_CLR_LOC(x) ((x) << S_KEY_CLR_LOC)
#define G_KEY_CLR_LOC(x) (((x) >> S_KEY_CLR_LOC) & M_KEY_CLR_LOC)
#define F_KEY_CLR_LOC V_KEY_CLR_LOC(1U)
#define S_KEY_GET_LOC 0
#define M_KEY_GET_LOC 0xf
#define V_KEY_GET_LOC(x) ((x) << S_KEY_GET_LOC)
#define G_KEY_GET_LOC(x) (((x) >> S_KEY_GET_LOC) & M_KEY_GET_LOC)
struct tls_ofld_state {
unsigned char enc_mode;
unsigned char mac_mode;
unsigned char key_loc;
unsigned char ofld_mode;
unsigned char auth_mode;
unsigned char resv[3];
};
struct tls_tx_ctxt {
unsigned char salt[SALT_SIZE];
unsigned char key[MAX_CIPHER_KSZ];
unsigned char ipad[MAX_MAC_KSZ];
unsigned char opad[MAX_MAC_KSZ];
};
struct tls_rx_ctxt {
unsigned char salt[SALT_SIZE];
unsigned char key[MAX_CIPHER_KSZ];
unsigned char ipad[MAX_MAC_KSZ];
unsigned char opad[MAX_MAC_KSZ];
};
struct tls_key_context {
struct tls_tx_ctxt tx;
struct tls_rx_ctxt rx;
unsigned char l_p_key;
unsigned char hmac_ctrl;
unsigned char mac_first;
unsigned char iv_size;
unsigned char iv_ctrl;
unsigned char iv_algo;
unsigned char tx_seq_no;
unsigned char rx_seq_no;
struct tls_ofld_state state;
unsigned int tx_key_info_size;
unsigned int rx_key_info_size;
unsigned int frag_size;
unsigned int mac_secret_size;
unsigned int cipher_secret_size;
int proto_ver;
unsigned int sock_fd;
unsigned short dtls_epoch;
unsigned short rsv;
};
/* Set with 'struct tls_key_context'. */
#define TCP_TLSOM_SET_TLS_CONTEXT (TCP_VENDOR)
/* Get returns int of enabled (1) / disabled (0). */
#define TCP_TLSOM_GET_TLS_TOM (TCP_VENDOR + 1)
enum {
TLS_TOM_NONE = 0,
TLS_TOM_TXONLY,
TLS_TOM_BOTH
};
/* Set with no value. */
#define TCP_TLSOM_CLR_TLS_TOM (TCP_VENDOR + 2)
/* Set with no value. */
#define TCP_TLSOM_CLR_QUIES (TCP_VENDOR + 3)
#ifdef _KERNEL
/* Timeouts for handshake timer in seconds. */
#define TLS_SRV_HELLO_DONE 9
#define TLS_SRV_HELLO_RD_TM 5
#define TLS_SRV_HELLO_BKOFF_TM 15
#define CONTENT_TYPE_CCS 20
#define CONTENT_TYPE_ALERT 21
#define CONTENT_TYPE_HANDSHAKE 22
#define CONTENT_TYPE_APP_DATA 23
#define CONTENT_TYPE_HEARTBEAT 24
#define CONTENT_TYPE_KEY_CONTEXT 32
#define CONTENT_TYPE_ERROR 127
#define GCM_TAG_SIZE 16
#define AEAD_EXPLICIT_DATA_SIZE 8
#define TLS_HEADER_LENGTH 5
#define TP_TX_PG_SZ 65536
#define FC_TP_PLEN_MAX 17408
#define IPAD_SIZE 64
#define OPAD_SIZE 64
#define KEY_SIZE 32
#define CIPHER_BLOCK_SIZE 16
#define HDR_KCTX_SIZE (IPAD_SIZE + OPAD_SIZE + KEY_SIZE)
#define KEY_IN_DDR_SIZE 16
#define TLS_KEY_CONTEXT_SZ roundup2(sizeof(struct tls_tx_ctxt), 32)
/* MAC KEY SIZE */
#define SHA_NOP 0
#define SHA_GHASH 16
#define SHA_224 28
#define SHA_256 32
#define SHA_384 48
#define SHA_512 64
#define SHA1 20
/* CIPHER KEY SIZE */
#define AES_NOP 0
#define AES_128 16
#define AES_192 24
#define AES_256 32
enum {
TLS_1_2_VERSION,
TLS_1_1_VERSION,
DTLS_1_2_VERSION,
TLS_VERSION_MAX,
};
enum {
CH_EVP_CIPH_STREAM_CIPHER,
CH_EVP_CIPH_CBC_MODE,
CH_EVP_CIPH_GCM_MODE,
CH_EVP_CIPH_CTR_MODE,
};
enum {
TLS_SFO_WR_CONTEXTLOC_DSGL,
TLS_SFO_WR_CONTEXTLOC_IMMEDIATE,
TLS_SFO_WR_CONTEXTLOC_DDR,
};
enum {
CPL_TX_TLS_SFO_TYPE_CCS,
CPL_TX_TLS_SFO_TYPE_ALERT,
CPL_TX_TLS_SFO_TYPE_HANDSHAKE,
CPL_TX_TLS_SFO_TYPE_DATA,
CPL_TX_TLS_SFO_TYPE_HEARTBEAT, /* XXX: Shouldn't this be "CUSTOM"? */
};
enum {
CH_CK_SIZE_128,
CH_CK_SIZE_192,
CH_CK_SIZE_256,
CH_CK_SIZE_NOP,
};
enum {
CH_MK_SIZE_128,
CH_MK_SIZE_160,
CH_MK_SIZE_192,
CH_MK_SIZE_256,
CH_MK_SIZE_512,
CH_MK_SIZE_NOP,
};
struct tls_scmd {
__be32 seqno_numivs;
__be32 ivgen_hdrlen;
};
enum tls_mode {
TLS_MODE_OFF,
TLS_MODE_TLSOM,
TLS_MODE_KTLS,
};
struct tls_ofld_info {
struct tls_key_context k_ctx;
int key_location;
int mac_length;
int rx_key_addr;
int tx_key_addr;
uint64_t tx_seq_no;
unsigned short fcplenmax;
unsigned short adjusted_plen;
unsigned short expn_per_ulp;
unsigned short pdus_per_ulp;
struct tls_scmd scmd0;
u_int iv_len;
enum tls_mode mode;
struct callout handshake_timer;
u_int sb_off;
u_int rcv_over;
};
struct tls_key_req {
__be32 wr_hi;
__be32 wr_mid;
__be32 ftid;
__u8 reneg_to_write_rx;
__u8 protocol;
__be16 mfs;
/* master command */
__be32 cmd;
__be32 len16; /* command length */
__be32 dlen; /* data length in 32-byte units */
__be32 kaddr;
/* sub-command */
__be32 sc_more;
__be32 sc_len;
}__packed;
struct tls_keyctx {
union key_ctx {
struct tx_keyctx_hdr {
__u8 ctxlen;
__u8 r2;
__be16 dualck_to_txvalid;
__u8 txsalt[4];
__be64 r5;
} txhdr;
struct rx_keyctx_hdr {
__u8 flitcnt_hmacctrl;
__u8 protover_ciphmode;
__u8 authmode_to_rxvalid;
__u8 ivpresent_to_rxmk_size;
__u8 rxsalt[4];
__be64 ivinsert_to_authinsrt;
} rxhdr;
} u;
struct keys {
__u8 edkey[32];
__u8 ipad[64];
__u8 opad[64];
} keys;
};
#define S_TLS_KEYCTX_TX_WR_DUALCK 12
#define M_TLS_KEYCTX_TX_WR_DUALCK 0x1
#define V_TLS_KEYCTX_TX_WR_DUALCK(x) ((x) << S_TLS_KEYCTX_TX_WR_DUALCK)
#define G_TLS_KEYCTX_TX_WR_DUALCK(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_DUALCK) & M_TLS_KEYCTX_TX_WR_DUALCK)
#define F_TLS_KEYCTX_TX_WR_DUALCK V_TLS_KEYCTX_TX_WR_DUALCK(1U)
#define S_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT 11
#define M_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT 0x1
#define V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(x) \
((x) << S_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT)
#define G_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT) & \
M_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT)
#define F_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT \
V_TLS_KEYCTX_TX_WR_TXOPAD_PRESENT(1U)
#define S_TLS_KEYCTX_TX_WR_SALT_PRESENT 10
#define M_TLS_KEYCTX_TX_WR_SALT_PRESENT 0x1
#define V_TLS_KEYCTX_TX_WR_SALT_PRESENT(x) \
((x) << S_TLS_KEYCTX_TX_WR_SALT_PRESENT)
#define G_TLS_KEYCTX_TX_WR_SALT_PRESENT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_SALT_PRESENT) & \
M_TLS_KEYCTX_TX_WR_SALT_PRESENT)
#define F_TLS_KEYCTX_TX_WR_SALT_PRESENT \
V_TLS_KEYCTX_TX_WR_SALT_PRESENT(1U)
#define S_TLS_KEYCTX_TX_WR_TXCK_SIZE 6
#define M_TLS_KEYCTX_TX_WR_TXCK_SIZE 0xf
#define V_TLS_KEYCTX_TX_WR_TXCK_SIZE(x) \
((x) << S_TLS_KEYCTX_TX_WR_TXCK_SIZE)
#define G_TLS_KEYCTX_TX_WR_TXCK_SIZE(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_TXCK_SIZE) & \
M_TLS_KEYCTX_TX_WR_TXCK_SIZE)
#define S_TLS_KEYCTX_TX_WR_TXMK_SIZE 2
#define M_TLS_KEYCTX_TX_WR_TXMK_SIZE 0xf
#define V_TLS_KEYCTX_TX_WR_TXMK_SIZE(x) \
((x) << S_TLS_KEYCTX_TX_WR_TXMK_SIZE)
#define G_TLS_KEYCTX_TX_WR_TXMK_SIZE(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_TXMK_SIZE) & \
M_TLS_KEYCTX_TX_WR_TXMK_SIZE)
#define S_TLS_KEYCTX_TX_WR_TXVALID 0
#define M_TLS_KEYCTX_TX_WR_TXVALID 0x1
#define V_TLS_KEYCTX_TX_WR_TXVALID(x) \
((x) << S_TLS_KEYCTX_TX_WR_TXVALID)
#define G_TLS_KEYCTX_TX_WR_TXVALID(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_TXVALID) & M_TLS_KEYCTX_TX_WR_TXVALID)
#define F_TLS_KEYCTX_TX_WR_TXVALID V_TLS_KEYCTX_TX_WR_TXVALID(1U)
#define S_TLS_KEYCTX_TX_WR_FLITCNT 3
#define M_TLS_KEYCTX_TX_WR_FLITCNT 0x1f
#define V_TLS_KEYCTX_TX_WR_FLITCNT(x) \
((x) << S_TLS_KEYCTX_TX_WR_FLITCNT)
#define G_TLS_KEYCTX_TX_WR_FLITCNT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_FLITCNT) & M_TLS_KEYCTX_TX_WR_FLITCNT)
#define S_TLS_KEYCTX_TX_WR_HMACCTRL 0
#define M_TLS_KEYCTX_TX_WR_HMACCTRL 0x7
#define V_TLS_KEYCTX_TX_WR_HMACCTRL(x) \
((x) << S_TLS_KEYCTX_TX_WR_HMACCTRL)
#define G_TLS_KEYCTX_TX_WR_HMACCTRL(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_HMACCTRL) & M_TLS_KEYCTX_TX_WR_HMACCTRL)
#define S_TLS_KEYCTX_TX_WR_PROTOVER 4
#define M_TLS_KEYCTX_TX_WR_PROTOVER 0xf
#define V_TLS_KEYCTX_TX_WR_PROTOVER(x) \
((x) << S_TLS_KEYCTX_TX_WR_PROTOVER)
#define G_TLS_KEYCTX_TX_WR_PROTOVER(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_PROTOVER) & M_TLS_KEYCTX_TX_WR_PROTOVER)
#define S_TLS_KEYCTX_TX_WR_CIPHMODE 0
#define M_TLS_KEYCTX_TX_WR_CIPHMODE 0xf
#define V_TLS_KEYCTX_TX_WR_CIPHMODE(x) \
((x) << S_TLS_KEYCTX_TX_WR_CIPHMODE)
#define G_TLS_KEYCTX_TX_WR_CIPHMODE(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_CIPHMODE) & M_TLS_KEYCTX_TX_WR_CIPHMODE)
#define S_TLS_KEYCTX_TX_WR_AUTHMODE 4
#define M_TLS_KEYCTX_TX_WR_AUTHMODE 0xf
#define V_TLS_KEYCTX_TX_WR_AUTHMODE(x) \
((x) << S_TLS_KEYCTX_TX_WR_AUTHMODE)
#define G_TLS_KEYCTX_TX_WR_AUTHMODE(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_AUTHMODE) & M_TLS_KEYCTX_TX_WR_AUTHMODE)
#define S_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL 3
#define M_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL 0x1
#define V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(x) \
((x) << S_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL)
#define G_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL) & \
M_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL)
#define F_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL \
V_TLS_KEYCTX_TX_WR_CIPHAUTHSEQCTRL(1U)
#define S_TLS_KEYCTX_TX_WR_SEQNUMCTRL 1
#define M_TLS_KEYCTX_TX_WR_SEQNUMCTRL 0x3
#define V_TLS_KEYCTX_TX_WR_SEQNUMCTRL(x) \
((x) << S_TLS_KEYCTX_TX_WR_SEQNUMCTRL)
#define G_TLS_KEYCTX_TX_WR_SEQNUMCTRL(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_SEQNUMCTRL) & \
M_TLS_KEYCTX_TX_WR_SEQNUMCTRL)
#define S_TLS_KEYCTX_TX_WR_RXVALID 0
#define M_TLS_KEYCTX_TX_WR_RXVALID 0x1
#define V_TLS_KEYCTX_TX_WR_RXVALID(x) \
((x) << S_TLS_KEYCTX_TX_WR_RXVALID)
#define G_TLS_KEYCTX_TX_WR_RXVALID(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_RXVALID) & M_TLS_KEYCTX_TX_WR_RXVALID)
#define F_TLS_KEYCTX_TX_WR_RXVALID V_TLS_KEYCTX_TX_WR_RXVALID(1U)
#define S_TLS_KEYCTX_TX_WR_IVPRESENT 7
#define M_TLS_KEYCTX_TX_WR_IVPRESENT 0x1
#define V_TLS_KEYCTX_TX_WR_IVPRESENT(x) \
((x) << S_TLS_KEYCTX_TX_WR_IVPRESENT)
#define G_TLS_KEYCTX_TX_WR_IVPRESENT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_IVPRESENT) & \
M_TLS_KEYCTX_TX_WR_IVPRESENT)
#define F_TLS_KEYCTX_TX_WR_IVPRESENT V_TLS_KEYCTX_TX_WR_IVPRESENT(1U)
#define S_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT 6
#define M_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT 0x1
#define V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(x) \
((x) << S_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT)
#define G_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT) & \
M_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT)
#define F_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT \
V_TLS_KEYCTX_TX_WR_RXOPAD_PRESENT(1U)
#define S_TLS_KEYCTX_TX_WR_RXCK_SIZE 3
#define M_TLS_KEYCTX_TX_WR_RXCK_SIZE 0x7
#define V_TLS_KEYCTX_TX_WR_RXCK_SIZE(x) \
((x) << S_TLS_KEYCTX_TX_WR_RXCK_SIZE)
#define G_TLS_KEYCTX_TX_WR_RXCK_SIZE(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_RXCK_SIZE) & \
M_TLS_KEYCTX_TX_WR_RXCK_SIZE)
#define S_TLS_KEYCTX_TX_WR_RXMK_SIZE 0
#define M_TLS_KEYCTX_TX_WR_RXMK_SIZE 0x7
#define V_TLS_KEYCTX_TX_WR_RXMK_SIZE(x) \
((x) << S_TLS_KEYCTX_TX_WR_RXMK_SIZE)
#define G_TLS_KEYCTX_TX_WR_RXMK_SIZE(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_RXMK_SIZE) & \
M_TLS_KEYCTX_TX_WR_RXMK_SIZE)
#define S_TLS_KEYCTX_TX_WR_IVINSERT 55
#define M_TLS_KEYCTX_TX_WR_IVINSERT 0x1ffULL
#define V_TLS_KEYCTX_TX_WR_IVINSERT(x) \
((x) << S_TLS_KEYCTX_TX_WR_IVINSERT)
#define G_TLS_KEYCTX_TX_WR_IVINSERT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_IVINSERT) & M_TLS_KEYCTX_TX_WR_IVINSERT)
#define S_TLS_KEYCTX_TX_WR_AADSTRTOFST 47
#define M_TLS_KEYCTX_TX_WR_AADSTRTOFST 0xffULL
#define V_TLS_KEYCTX_TX_WR_AADSTRTOFST(x) \
((x) << S_TLS_KEYCTX_TX_WR_AADSTRTOFST)
#define G_TLS_KEYCTX_TX_WR_AADSTRTOFST(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_AADSTRTOFST) & \
M_TLS_KEYCTX_TX_WR_AADSTRTOFST)
#define S_TLS_KEYCTX_TX_WR_AADSTOPOFST 39
#define M_TLS_KEYCTX_TX_WR_AADSTOPOFST 0xffULL
#define V_TLS_KEYCTX_TX_WR_AADSTOPOFST(x) \
((x) << S_TLS_KEYCTX_TX_WR_AADSTOPOFST)
#define G_TLS_KEYCTX_TX_WR_AADSTOPOFST(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_AADSTOPOFST) & \
M_TLS_KEYCTX_TX_WR_AADSTOPOFST)
#define S_TLS_KEYCTX_TX_WR_CIPHERSRTOFST 30
#define M_TLS_KEYCTX_TX_WR_CIPHERSRTOFST 0x1ffULL
#define V_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(x) \
((x) << S_TLS_KEYCTX_TX_WR_CIPHERSRTOFST)
#define G_TLS_KEYCTX_TX_WR_CIPHERSRTOFST(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_CIPHERSRTOFST) & \
M_TLS_KEYCTX_TX_WR_CIPHERSRTOFST)
#define S_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST 23
#define M_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST 0x7f
#define V_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(x) \
((x) << S_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST)
#define G_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST) & \
M_TLS_KEYCTX_TX_WR_CIPHERSTOPOFST)
#define S_TLS_KEYCTX_TX_WR_AUTHSRTOFST 14
#define M_TLS_KEYCTX_TX_WR_AUTHSRTOFST 0x1ff
#define V_TLS_KEYCTX_TX_WR_AUTHSRTOFST(x) \
((x) << S_TLS_KEYCTX_TX_WR_AUTHSRTOFST)
#define G_TLS_KEYCTX_TX_WR_AUTHSRTOFST(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_AUTHSRTOFST) & \
M_TLS_KEYCTX_TX_WR_AUTHSRTOFST)
#define S_TLS_KEYCTX_TX_WR_AUTHSTOPOFST 7
#define M_TLS_KEYCTX_TX_WR_AUTHSTOPOFST 0x7f
#define V_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(x) \
((x) << S_TLS_KEYCTX_TX_WR_AUTHSTOPOFST)
#define G_TLS_KEYCTX_TX_WR_AUTHSTOPOFST(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_AUTHSTOPOFST) & \
M_TLS_KEYCTX_TX_WR_AUTHSTOPOFST)
#define S_TLS_KEYCTX_TX_WR_AUTHINSRT 0
#define M_TLS_KEYCTX_TX_WR_AUTHINSRT 0x7f
#define V_TLS_KEYCTX_TX_WR_AUTHINSRT(x) \
((x) << S_TLS_KEYCTX_TX_WR_AUTHINSRT)
#define G_TLS_KEYCTX_TX_WR_AUTHINSRT(x) \
(((x) >> S_TLS_KEYCTX_TX_WR_AUTHINSRT) & \
M_TLS_KEYCTX_TX_WR_AUTHINSRT)
struct tls_hdr {
__u8 type;
__be16 version;
__be16 length;
} __packed;
struct tlsrx_hdr_pkt {
__u8 type;
__be16 version;
__be16 length;
__be64 tls_seq;
__be16 reserved1;
__u8 res_to_mac_error;
} __packed;
/* res_to_mac_error fields */
#define S_TLSRX_HDR_PKT_INTERNAL_ERROR 4
#define M_TLSRX_HDR_PKT_INTERNAL_ERROR 0x1
#define V_TLSRX_HDR_PKT_INTERNAL_ERROR(x) \
((x) << S_TLSRX_HDR_PKT_INTERNAL_ERROR)
#define G_TLSRX_HDR_PKT_INTERNAL_ERROR(x) \
(((x) >> S_TLSRX_HDR_PKT_INTERNAL_ERROR) & M_TLSRX_HDR_PKT_INTERNAL_ERROR)
#define F_TLSRX_HDR_PKT_INTERNAL_ERROR V_TLSRX_HDR_PKT_INTERNAL_ERROR(1U)
#define S_TLSRX_HDR_PKT_SPP_ERROR 3
#define M_TLSRX_HDR_PKT_SPP_ERROR 0x1
#define V_TLSRX_HDR_PKT_SPP_ERROR(x) ((x) << S_TLSRX_HDR_PKT_SPP_ERROR)
#define G_TLSRX_HDR_PKT_SPP_ERROR(x) \
(((x) >> S_TLSRX_HDR_PKT_SPP_ERROR) & M_TLSRX_HDR_PKT_SPP_ERROR)
#define F_TLSRX_HDR_PKT_SPP_ERROR V_TLSRX_HDR_PKT_SPP_ERROR(1U)
#define S_TLSRX_HDR_PKT_CCDX_ERROR 2
#define M_TLSRX_HDR_PKT_CCDX_ERROR 0x1
#define V_TLSRX_HDR_PKT_CCDX_ERROR(x) ((x) << S_TLSRX_HDR_PKT_CCDX_ERROR)
#define G_TLSRX_HDR_PKT_CCDX_ERROR(x) \
(((x) >> S_TLSRX_HDR_PKT_CCDX_ERROR) & M_TLSRX_HDR_PKT_CCDX_ERROR)
#define F_TLSRX_HDR_PKT_CCDX_ERROR V_TLSRX_HDR_PKT_CCDX_ERROR(1U)
#define S_TLSRX_HDR_PKT_PAD_ERROR 1
#define M_TLSRX_HDR_PKT_PAD_ERROR 0x1
#define V_TLSRX_HDR_PKT_PAD_ERROR(x) ((x) << S_TLSRX_HDR_PKT_PAD_ERROR)
#define G_TLSRX_HDR_PKT_PAD_ERROR(x) \
(((x) >> S_TLSRX_HDR_PKT_PAD_ERROR) & M_TLSRX_HDR_PKT_PAD_ERROR)
#define F_TLSRX_HDR_PKT_PAD_ERROR V_TLSRX_HDR_PKT_PAD_ERROR(1U)
#define S_TLSRX_HDR_PKT_MAC_ERROR 0
#define M_TLSRX_HDR_PKT_MAC_ERROR 0x1
#define V_TLSRX_HDR_PKT_MAC_ERROR(x) ((x) << S_TLSRX_HDR_PKT_MAC_ERROR)
#define G_TLSRX_HDR_PKT_MAC_ERROR(x) \
(((x) >> S_TLSRX_HDR_PKT_MAC_ERROR) & M_TLSRX_HDR_PKT_MAC_ERROR)
#define F_TLSRX_HDR_PKT_MAC_ERROR V_TLSRX_HDR_PKT_MAC_ERROR(1U)
#define M_TLSRX_HDR_PKT_ERROR 0x1F
#endif /* _KERNEL */
#endif /* !__T4_TLS_H__ */