198e0ce485
All ipsec related settings are being held in the driver private data to allow easy add and remove of SAS. There is no need to keep a record of the keys, and also storing the keys can be a security issue. Signed-off-by: Radu Nicolau <radu.nicolau@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
119 lines
3.1 KiB
C
119 lines
3.1 KiB
C
/* SPDX-License-Identifier: BSD-3-Clause
|
|
* Copyright(c) 2010-2017 Intel Corporation
|
|
*/
|
|
|
|
#ifndef IXGBE_IPSEC_H_
|
|
#define IXGBE_IPSEC_H_
|
|
|
|
#include <rte_security.h>
|
|
|
|
#define IPSRXIDX_RX_EN 0x00000001
|
|
#define IPSRXIDX_TABLE_IP 0x00000002
|
|
#define IPSRXIDX_TABLE_SPI 0x00000004
|
|
#define IPSRXIDX_TABLE_KEY 0x00000006
|
|
#define IPSRXIDX_WRITE 0x80000000
|
|
#define IPSRXIDX_READ 0x40000000
|
|
#define IPSRXMOD_VALID 0x00000001
|
|
#define IPSRXMOD_PROTO 0x00000004
|
|
#define IPSRXMOD_DECRYPT 0x00000008
|
|
#define IPSRXMOD_IPV6 0x00000010
|
|
#define IXGBE_ADVTXD_POPTS_IPSEC 0x00000400
|
|
#define IXGBE_ADVTXD_TUCMD_IPSEC_TYPE_ESP 0x00002000
|
|
#define IXGBE_ADVTXD_TUCMD_IPSEC_ENCRYPT_EN 0x00004000
|
|
#define IXGBE_RXDADV_IPSEC_STATUS_SECP 0x00020000
|
|
#define IXGBE_RXDADV_IPSEC_ERROR_BIT_MASK 0x18000000
|
|
#define IXGBE_RXDADV_IPSEC_ERROR_INVALID_PROTOCOL 0x08000000
|
|
#define IXGBE_RXDADV_IPSEC_ERROR_INVALID_LENGTH 0x10000000
|
|
#define IXGBE_RXDADV_IPSEC_ERROR_AUTHENTICATION_FAILED 0x18000000
|
|
|
|
#define IPSEC_MAX_RX_IP_COUNT 128
|
|
#define IPSEC_MAX_SA_COUNT 1024
|
|
|
|
#define ESP_ICV_SIZE 16
|
|
#define ESP_TRAILER_SIZE 2
|
|
|
|
enum ixgbe_operation {
|
|
IXGBE_OP_AUTHENTICATED_ENCRYPTION,
|
|
IXGBE_OP_AUTHENTICATED_DECRYPTION
|
|
};
|
|
|
|
enum ixgbe_gcm_key {
|
|
IXGBE_GCM_KEY_128,
|
|
IXGBE_GCM_KEY_256
|
|
};
|
|
|
|
/**
|
|
* Generic IP address structure
|
|
* TODO: Find better location for this rte_net.h possibly.
|
|
**/
|
|
struct ipaddr {
|
|
enum ipaddr_type {
|
|
IPv4,
|
|
IPv6
|
|
} type;
|
|
/**< IP Address Type - IPv4/IPv6 */
|
|
|
|
union {
|
|
uint32_t ipv4;
|
|
uint32_t ipv6[4];
|
|
};
|
|
};
|
|
|
|
/** inline crypto crypto private session structure */
|
|
struct ixgbe_crypto_session {
|
|
enum ixgbe_operation op;
|
|
uint8_t *key;
|
|
uint32_t salt;
|
|
uint32_t sa_index;
|
|
uint32_t spi;
|
|
struct ipaddr src_ip;
|
|
struct ipaddr dst_ip;
|
|
struct rte_eth_dev *dev;
|
|
} __rte_cache_aligned;
|
|
|
|
struct ixgbe_crypto_rx_ip_table {
|
|
struct ipaddr ip;
|
|
uint16_t ref_count;
|
|
};
|
|
struct ixgbe_crypto_rx_sa_table {
|
|
uint32_t spi;
|
|
uint32_t ip_index;
|
|
uint8_t mode;
|
|
uint8_t used;
|
|
};
|
|
|
|
struct ixgbe_crypto_tx_sa_table {
|
|
uint32_t spi;
|
|
uint8_t used;
|
|
};
|
|
|
|
union ixgbe_crypto_tx_desc_md {
|
|
uint64_t data;
|
|
struct {
|
|
/**< SA table index */
|
|
uint32_t sa_idx;
|
|
/**< ICV and ESP trailer length */
|
|
uint8_t pad_len;
|
|
/**< enable encryption */
|
|
uint8_t enc;
|
|
};
|
|
};
|
|
|
|
struct ixgbe_ipsec {
|
|
struct ixgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
|
|
struct ixgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
|
|
struct ixgbe_crypto_tx_sa_table tx_sa_tbl[IPSEC_MAX_SA_COUNT];
|
|
};
|
|
|
|
|
|
struct rte_security_ctx *
|
|
ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
|
|
int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
|
|
int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
|
|
const void *ip_spec,
|
|
uint8_t is_ipv6);
|
|
|
|
|
|
|
|
#endif /*IXGBE_IPSEC_H_*/
|