xref: /dpdk/drivers/net/txgbe/txgbe_ipsec.h (revision 27595cd83053b2d39634a159d6709b3ce3cdf3b0) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2015-2020 Beijing WangXun Technology Co., Ltd.
3  * Copyright(c) 2010-2017 Intel Corporation
4  */
5 
6 #ifndef TXGBE_IPSEC_H_
7 #define TXGBE_IPSEC_H_
8 
9 #include <rte_ethdev.h>
10 #include <rte_ethdev_core.h>
11 #include <rte_security.h>
12 
13 #define IPSRXMOD_VALID                                    0x00000001
14 #define IPSRXMOD_PROTO                                    0x00000004
15 #define IPSRXMOD_DECRYPT                                  0x00000008
16 #define IPSRXMOD_IPV6                                     0x00000010
17 
18 #define IPSEC_MAX_RX_IP_COUNT           128
19 #define IPSEC_MAX_SA_COUNT              1024
20 
21 #define ESP_ICV_SIZE 16
22 #define ESP_TRAILER_SIZE 2
23 
24 enum txgbe_operation {
25 	TXGBE_OP_AUTHENTICATED_ENCRYPTION,
26 	TXGBE_OP_AUTHENTICATED_DECRYPTION
27 };
28 
29 /**
30  * Generic IP address structure
31  * TODO: Find better location for this rte_net.h possibly.
32  **/
33 struct ipaddr {
34 	enum ipaddr_type {
35 		IPv4,
36 		IPv6
37 	} type;
38 	/**< IP Address Type - IPv4/IPv6 */
39 
40 	union {
41 		uint32_t ipv4;
42 		uint32_t ipv6[4];
43 	};
44 };
45 
46 /** inline crypto private session structure */
47 struct __rte_cache_aligned txgbe_crypto_session {
48 	enum txgbe_operation op;
49 	const uint8_t *key;
50 	uint32_t key_len;
51 	uint32_t salt;
52 	uint32_t sa_index;
53 	uint32_t spi;
54 	struct ipaddr src_ip;
55 	struct ipaddr dst_ip;
56 	struct rte_eth_dev *dev;
57 };
58 
59 struct txgbe_crypto_rx_ip_table {
60 	struct ipaddr ip;
61 	uint16_t ref_count;
62 };
63 struct txgbe_crypto_rx_sa_table {
64 	uint32_t spi;
65 	uint32_t ip_index;
66 	uint8_t  mode;
67 	uint8_t  used;
68 };
69 
70 struct txgbe_crypto_tx_sa_table {
71 	uint32_t spi;
72 	uint8_t  used;
73 };
74 
75 union txgbe_crypto_tx_desc_md {
76 	uint64_t data;
77 	struct {
78 		/**< SA table index */
79 		uint32_t sa_idx;
80 		/**< ICV and ESP trailer length */
81 		uint8_t pad_len;
82 		/**< enable encryption */
83 		uint8_t enc;
84 	};
85 };
86 
87 struct txgbe_ipsec {
88 	struct txgbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
89 	struct txgbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];
90 	struct txgbe_crypto_tx_sa_table tx_sa_tbl[IPSEC_MAX_SA_COUNT];
91 };
92 
93 int txgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
94 int txgbe_crypto_add_ingress_sa_from_flow(const void *sess,
95 					  const void *ip_spec,
96 					  uint8_t is_ipv6);
97 
98 #endif /*TXGBE_IPSEC_H_*/
99