Lines Matching refs:sa
11 #include "sa.h"
88 rte_ipsec_sa_type(const struct rte_ipsec_sa *sa)
90 return sa->type;
160 rte_ipsec_sa_fini(struct rte_ipsec_sa *sa)
162 memset(sa, 0, sa->size);
254 esp_inb_init(struct rte_ipsec_sa *sa)
257 sa->ctp.cipher.offset = sizeof(struct rte_esp_hdr) + sa->iv_len;
258 sa->ctp.cipher.length = sa->icv_len + sa->ctp.cipher.offset;
264 switch (sa->algo_type) {
268 sa->ctp.auth.raw = sa->ctp.cipher.raw;
271 sa->ctp.auth.offset = 0;
272 sa->ctp.auth.length = sa->icv_len - sa->sqh_len;
273 sa->cofs.ofs.cipher.tail = sa->sqh_len;
277 sa->cofs.ofs.cipher.head = sa->ctp.cipher.offset - sa->ctp.auth.offset;
284 esp_inb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
286 sa->proto = prm->tun.next_proto;
287 esp_inb_init(sa);
294 esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen, uint64_t sqn)
298 sa->sqn.outb = sqn > 1 ? sqn : 1;
300 algo_type = sa->algo_type;
313 sa->ctp.cipher.offset = hlen + sizeof(struct rte_esp_hdr) +
314 sa->iv_len;
315 sa->ctp.cipher.length = 0;
319 sa->ctp.cipher.offset = hlen + sizeof(struct rte_esp_hdr);
320 sa->ctp.cipher.length = sa->iv_len;
323 sa->ctp.cipher.offset = 0;
324 sa->ctp.cipher.length = 0;
336 sa->ctp.auth.raw = sa->ctp.cipher.raw;
339 sa->ctp.auth.offset = hlen;
340 sa->ctp.auth.length = sizeof(struct rte_esp_hdr) +
341 sa->iv_len + sa->sqh_len;
345 sa->cofs.ofs.cipher.head = sa->ctp.cipher.offset - sa->ctp.auth.offset;
346 sa->cofs.ofs.cipher.tail = (sa->ctp.auth.offset + sa->ctp.auth.length) -
347 (sa->ctp.cipher.offset + sa->ctp.cipher.length);
354 esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm)
356 sa->proto = prm->tun.next_proto;
357 sa->hdr_len = prm->tun.hdr_len;
358 sa->hdr_l3_off = prm->tun.hdr_l3_off;
360 memcpy(sa->hdr, prm->tun.hdr, prm->tun.hdr_len);
363 if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE) {
365 &sa->hdr[prm->tun.hdr_len];
366 sa->hdr_len += sizeof(struct rte_udp_hdr);
373 sa->tx_offload.val = rte_mbuf_tx_offload(sa->hdr_l3_off,
374 prm->tun.hdr_len - sa->hdr_l3_off, 0, 0, 0, 0, 0);
376 esp_outb_init(sa, sa->hdr_len, prm->ipsec_xform.esn.value);
383 esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,
391 sa->tos_mask |= RTE_IPV4_HDR_ECN_MASK;
394 sa->tos_mask |= RTE_IPV4_HDR_DSCP_MASK;
400 sa->aad_len = sizeof(struct aead_gcm_aad);
401 sa->icv_len = cxf->aead->digest_length;
402 sa->iv_ofs = cxf->aead->iv.offset;
403 sa->iv_len = sizeof(uint64_t);
404 sa->pad_align = IPSEC_PAD_AES_GCM;
405 sa->algo_type = ALGO_TYPE_AES_GCM;
409 sa->aad_len = sizeof(struct aead_ccm_aad);
410 sa->icv_len = cxf->aead->digest_length;
411 sa->iv_ofs = cxf->aead->iv.offset;
412 sa->iv_len = sizeof(uint64_t);
413 sa->pad_align = IPSEC_PAD_AES_CCM;
414 sa->algo_type = ALGO_TYPE_AES_CCM;
418 sa->aad_len = sizeof(struct aead_chacha20_poly1305_aad);
419 sa->icv_len = cxf->aead->digest_length;
420 sa->iv_ofs = cxf->aead->iv.offset;
421 sa->iv_len = sizeof(uint64_t);
422 sa->pad_align = IPSEC_PAD_CHACHA20_POLY1305;
423 sa->algo_type = ALGO_TYPE_CHACHA20_POLY1305;
431 sa->pad_align = IPSEC_PAD_AES_GMAC;
432 sa->iv_len = sizeof(uint64_t);
433 sa->icv_len = cxf->auth->digest_length;
434 sa->iv_ofs = cxf->auth->iv.offset;
435 sa->algo_type = ALGO_TYPE_AES_GMAC;
438 sa->icv_len = cxf->auth->digest_length;
439 sa->iv_ofs = cxf->cipher->iv.offset;
443 sa->pad_align = IPSEC_PAD_NULL;
444 sa->iv_len = 0;
445 sa->algo_type = ALGO_TYPE_NULL;
449 sa->pad_align = IPSEC_PAD_AES_CBC;
450 sa->iv_len = IPSEC_MAX_IV_SIZE;
451 sa->algo_type = ALGO_TYPE_AES_CBC;
456 sa->pad_align = IPSEC_PAD_AES_CTR;
457 sa->iv_len = IPSEC_AES_CTR_IV_SIZE;
458 sa->algo_type = ALGO_TYPE_AES_CTR;
463 sa->pad_align = IPSEC_PAD_3DES_CBC;
464 sa->iv_len = IPSEC_3DES_IV_SIZE;
465 sa->algo_type = ALGO_TYPE_3DES_CBC;
473 sa->sqh_len = IS_ESN(sa) ? sizeof(uint32_t) : 0;
474 sa->udata = prm->userdata;
475 sa->spi = rte_cpu_to_be_32(prm->ipsec_xform.spi);
476 sa->salt = prm->ipsec_xform.salt;
479 sa->tx_offload.msk =
483 switch (sa->type & msk) {
486 esp_inb_tun_init(sa, prm);
489 esp_inb_init(sa);
497 esp_outb_tun_init(sa, prm);
502 esp_outb_init(sa, 0, prm->ipsec_xform.esn.value);
513 fill_sa_replay(struct rte_ipsec_sa *sa, uint32_t wnd_sz, uint32_t nb_bucket,
516 sa->replay.win_sz = wnd_sz;
517 sa->replay.nb_bucket = nb_bucket;
518 sa->replay.bucket_index_mask = nb_bucket - 1;
519 sa->sqn.inb.rsn[0] = (struct replay_sqn *)(sa + 1);
520 sa->sqn.inb.rsn[0]->sqn = sqn;
521 if ((sa->type & RTE_IPSEC_SATP_SQN_MASK) == RTE_IPSEC_SATP_SQN_ATOM) {
522 sa->sqn.inb.rsn[1] = (struct replay_sqn *)
523 ((uintptr_t)sa->sqn.inb.rsn[0] + rsn_size(nb_bucket));
524 sa->sqn.inb.rsn[1]->sqn = sqn;
549 rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,
557 if (sa == NULL || prm == NULL)
579 if (sa->type & RTE_IPSEC_SATP_NATT_ENABLE)
581 if (hlen > sizeof(sa->hdr))
591 memset(sa, 0, sz);
592 sa->type = type;
593 sa->size = sz;
596 sa->sqn_mask = (prm->ipsec_xform.options.esn == 0) ?
599 rc = esp_sa_init(sa, prm, &cxf);
601 rte_ipsec_sa_fini(sa);
605 fill_sa_replay(sa, wsz, nb, prm->ipsec_xform.esn.value);
673 ss->sa->statistics.count += k;
674 ss->sa->statistics.bytes += bytes;
691 lksd_none_pkt_func_select(const struct rte_ipsec_sa *sa,
700 switch (sa->type & msk) {
714 pf->process = (sa->sqh_len != 0) ?
719 pf->process = (sa->sqh_len != 0) ?
730 cpu_crypto_pkt_func_select(const struct rte_ipsec_sa *sa,
739 switch (sa->type & msk) {
753 pf->process = (sa->sqh_len != 0) ?
758 pf->process = (sa->sqh_len != 0) ?
773 inline_crypto_pkt_func_select(const struct rte_ipsec_sa *sa,
782 switch (sa->type & msk) {
810 const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf)
819 rc = lksd_none_pkt_func_select(sa, pf);
822 rc = inline_crypto_pkt_func_select(sa, pf);
825 if ((sa->type & RTE_IPSEC_SATP_DIR_MASK) ==
836 rc = cpu_crypto_pkt_func_select(sa, pf);