1993f0d4dSRadu Nicolau /* SPDX-License-Identifier: BSD-3-Clause 2993f0d4dSRadu Nicolau * Copyright(c) 2001-2021 Intel Corporation 3993f0d4dSRadu Nicolau */ 4993f0d4dSRadu Nicolau 5993f0d4dSRadu Nicolau #ifndef _VIRTCHNL_INLINE_IPSEC_H_ 6993f0d4dSRadu Nicolau #define _VIRTCHNL_INLINE_IPSEC_H_ 7993f0d4dSRadu Nicolau 8993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM 3 9993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_MAX_ALGO_CAP_NUM 16 10993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_MAX_TX_DESC_NUM 128 11993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER 2 12993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_MAX_KEY_LEN 128 13993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM 8 14993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_SA_DESTROY 0 15993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_BROADCAST_VFID 0xFFFFFFFF 16993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_INVALID_REQ_ID 0xFFFF 17993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_INVALID_SA_CFG_RESP 0xFFFFFFFF 18993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_INVALID_SP_CFG_RESP 0xFFFFFFFF 19993f0d4dSRadu Nicolau 20993f0d4dSRadu Nicolau /* crypto type */ 21993f0d4dSRadu Nicolau #define VIRTCHNL_AUTH 1 22993f0d4dSRadu Nicolau #define VIRTCHNL_CIPHER 2 23993f0d4dSRadu Nicolau #define VIRTCHNL_AEAD 3 24993f0d4dSRadu Nicolau 25993f0d4dSRadu Nicolau /* caps enabled */ 26993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_ESN_ENA BIT(0) 27993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_UDP_ENCAP_ENA BIT(1) 28993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_SA_INDEX_SW_ENA BIT(2) 29993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_AUDIT_ENA BIT(3) 30993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_BYTE_LIMIT_ENA BIT(4) 31993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_DROP_ON_AUTH_FAIL_ENA BIT(5) 32993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_ARW_CHECK_ENA BIT(6) 33993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_24BIT_SPI_ENA BIT(7) 34993f0d4dSRadu Nicolau 35993f0d4dSRadu Nicolau /* algorithm type */ 36993f0d4dSRadu Nicolau /* Hash Algorithm */ 37993f0d4dSRadu Nicolau #define VIRTCHNL_HASH_NO_ALG 0 /* NULL algorithm */ 38993f0d4dSRadu Nicolau #define VIRTCHNL_AES_CBC_MAC 1 /* AES-CBC-MAC algorithm */ 39993f0d4dSRadu Nicolau #define VIRTCHNL_AES_CMAC 2 /* AES CMAC algorithm */ 40993f0d4dSRadu Nicolau #define VIRTCHNL_AES_GMAC 3 /* AES GMAC algorithm */ 41993f0d4dSRadu Nicolau #define VIRTCHNL_AES_XCBC_MAC 4 /* AES XCBC algorithm */ 42993f0d4dSRadu Nicolau #define VIRTCHNL_MD5_HMAC 5 /* HMAC using MD5 algorithm */ 43993f0d4dSRadu Nicolau #define VIRTCHNL_SHA1_HMAC 6 /* HMAC using 128 bit SHA algorithm */ 44993f0d4dSRadu Nicolau #define VIRTCHNL_SHA224_HMAC 7 /* HMAC using 224 bit SHA algorithm */ 45993f0d4dSRadu Nicolau #define VIRTCHNL_SHA256_HMAC 8 /* HMAC using 256 bit SHA algorithm */ 46993f0d4dSRadu Nicolau #define VIRTCHNL_SHA384_HMAC 9 /* HMAC using 384 bit SHA algorithm */ 47993f0d4dSRadu Nicolau #define VIRTCHNL_SHA512_HMAC 10 /* HMAC using 512 bit SHA algorithm */ 48993f0d4dSRadu Nicolau #define VIRTCHNL_SHA3_224_HMAC 11 /* HMAC using 224 bit SHA3 algorithm */ 49993f0d4dSRadu Nicolau #define VIRTCHNL_SHA3_256_HMAC 12 /* HMAC using 256 bit SHA3 algorithm */ 50993f0d4dSRadu Nicolau #define VIRTCHNL_SHA3_384_HMAC 13 /* HMAC using 384 bit SHA3 algorithm */ 51993f0d4dSRadu Nicolau #define VIRTCHNL_SHA3_512_HMAC 14 /* HMAC using 512 bit SHA3 algorithm */ 52993f0d4dSRadu Nicolau /* Cipher Algorithm */ 53993f0d4dSRadu Nicolau #define VIRTCHNL_CIPHER_NO_ALG 15 /* NULL algorithm */ 54993f0d4dSRadu Nicolau #define VIRTCHNL_3DES_CBC 16 /* Triple DES algorithm in CBC mode */ 55993f0d4dSRadu Nicolau #define VIRTCHNL_AES_CBC 17 /* AES algorithm in CBC mode */ 56993f0d4dSRadu Nicolau #define VIRTCHNL_AES_CTR 18 /* AES algorithm in Counter mode */ 57993f0d4dSRadu Nicolau /* AEAD Algorithm */ 58993f0d4dSRadu Nicolau #define VIRTCHNL_AES_CCM 19 /* AES algorithm in CCM mode */ 59993f0d4dSRadu Nicolau #define VIRTCHNL_AES_GCM 20 /* AES algorithm in GCM mode */ 60993f0d4dSRadu Nicolau #define VIRTCHNL_CHACHA20_POLY1305 21 /* algorithm of ChaCha20-Poly1305 */ 61993f0d4dSRadu Nicolau 62993f0d4dSRadu Nicolau /* protocol type */ 63993f0d4dSRadu Nicolau #define VIRTCHNL_PROTO_ESP 1 64993f0d4dSRadu Nicolau #define VIRTCHNL_PROTO_AH 2 65993f0d4dSRadu Nicolau #define VIRTCHNL_PROTO_RSVD1 3 66993f0d4dSRadu Nicolau 67993f0d4dSRadu Nicolau /* sa mode */ 68993f0d4dSRadu Nicolau #define VIRTCHNL_SA_MODE_TRANSPORT 1 69993f0d4dSRadu Nicolau #define VIRTCHNL_SA_MODE_TUNNEL 2 70993f0d4dSRadu Nicolau #define VIRTCHNL_SA_MODE_TRAN_TUN 3 71993f0d4dSRadu Nicolau #define VIRTCHNL_SA_MODE_UNKNOWN 4 72993f0d4dSRadu Nicolau 73993f0d4dSRadu Nicolau /* sa direction */ 74993f0d4dSRadu Nicolau #define VIRTCHNL_DIR_INGRESS 1 75993f0d4dSRadu Nicolau #define VIRTCHNL_DIR_EGRESS 2 76993f0d4dSRadu Nicolau #define VIRTCHNL_DIR_INGRESS_EGRESS 3 77993f0d4dSRadu Nicolau 78993f0d4dSRadu Nicolau /* sa termination */ 79993f0d4dSRadu Nicolau #define VIRTCHNL_TERM_SOFTWARE 1 80993f0d4dSRadu Nicolau #define VIRTCHNL_TERM_HARDWARE 2 81993f0d4dSRadu Nicolau 82993f0d4dSRadu Nicolau /* sa ip type */ 83993f0d4dSRadu Nicolau #define VIRTCHNL_IPV4 1 84993f0d4dSRadu Nicolau #define VIRTCHNL_IPV6 2 85993f0d4dSRadu Nicolau 86993f0d4dSRadu Nicolau /* for virtchnl_ipsec_resp */ 87993f0d4dSRadu Nicolau enum inline_ipsec_resp { 88993f0d4dSRadu Nicolau INLINE_IPSEC_SUCCESS = 0, 89993f0d4dSRadu Nicolau INLINE_IPSEC_FAIL = -1, 90993f0d4dSRadu Nicolau INLINE_IPSEC_ERR_FIFO_FULL = -2, 91993f0d4dSRadu Nicolau INLINE_IPSEC_ERR_NOT_READY = -3, 92993f0d4dSRadu Nicolau INLINE_IPSEC_ERR_VF_DOWN = -4, 93993f0d4dSRadu Nicolau INLINE_IPSEC_ERR_INVALID_PARAMS = -5, 94993f0d4dSRadu Nicolau INLINE_IPSEC_ERR_NO_MEM = -6, 95993f0d4dSRadu Nicolau }; 96993f0d4dSRadu Nicolau 97993f0d4dSRadu Nicolau /* Detailed opcodes for DPDK and IPsec use */ 98993f0d4dSRadu Nicolau enum inline_ipsec_ops { 99993f0d4dSRadu Nicolau INLINE_IPSEC_OP_GET_CAP = 0, 100993f0d4dSRadu Nicolau INLINE_IPSEC_OP_GET_STATUS = 1, 101993f0d4dSRadu Nicolau INLINE_IPSEC_OP_SA_CREATE = 2, 102993f0d4dSRadu Nicolau INLINE_IPSEC_OP_SA_UPDATE = 3, 103993f0d4dSRadu Nicolau INLINE_IPSEC_OP_SA_DESTROY = 4, 104993f0d4dSRadu Nicolau INLINE_IPSEC_OP_SP_CREATE = 5, 105993f0d4dSRadu Nicolau INLINE_IPSEC_OP_SP_DESTROY = 6, 106993f0d4dSRadu Nicolau INLINE_IPSEC_OP_SA_READ = 7, 107993f0d4dSRadu Nicolau INLINE_IPSEC_OP_EVENT = 8, 108993f0d4dSRadu Nicolau INLINE_IPSEC_OP_RESP = 9, 109993f0d4dSRadu Nicolau }; 110993f0d4dSRadu Nicolau 111993f0d4dSRadu Nicolau /* Not all valid, if certain field is invalid, set 1 for all bits */ 112*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_algo_cap { 113993f0d4dSRadu Nicolau u32 algo_type; 114993f0d4dSRadu Nicolau 115993f0d4dSRadu Nicolau u16 block_size; 116993f0d4dSRadu Nicolau 117993f0d4dSRadu Nicolau u16 min_key_size; 118993f0d4dSRadu Nicolau u16 max_key_size; 119993f0d4dSRadu Nicolau u16 inc_key_size; 120993f0d4dSRadu Nicolau 121993f0d4dSRadu Nicolau u16 min_iv_size; 122993f0d4dSRadu Nicolau u16 max_iv_size; 123993f0d4dSRadu Nicolau u16 inc_iv_size; 124993f0d4dSRadu Nicolau 125993f0d4dSRadu Nicolau u16 min_digest_size; 126993f0d4dSRadu Nicolau u16 max_digest_size; 127993f0d4dSRadu Nicolau u16 inc_digest_size; 128993f0d4dSRadu Nicolau 129993f0d4dSRadu Nicolau u16 min_aad_size; 130993f0d4dSRadu Nicolau u16 max_aad_size; 131993f0d4dSRadu Nicolau u16 inc_aad_size; 132*e7750639SAndre Muezerie } __rte_packed_end; 133993f0d4dSRadu Nicolau 134993f0d4dSRadu Nicolau /* vf record the capability of crypto from the virtchnl */ 135*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_sym_crypto_cap { 136993f0d4dSRadu Nicolau u8 crypto_type; 137993f0d4dSRadu Nicolau u8 algo_cap_num; 138993f0d4dSRadu Nicolau struct virtchnl_algo_cap algo_cap_list[VIRTCHNL_IPSEC_MAX_ALGO_CAP_NUM]; 139*e7750639SAndre Muezerie } __rte_packed_end; 140993f0d4dSRadu Nicolau 141993f0d4dSRadu Nicolau /* VIRTCHNL_OP_GET_IPSEC_CAP 142993f0d4dSRadu Nicolau * VF pass virtchnl_ipsec_cap to PF 143993f0d4dSRadu Nicolau * and PF return capability of ipsec from virtchnl. 144993f0d4dSRadu Nicolau */ 145*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_cap { 146993f0d4dSRadu Nicolau /* max number of SA per VF */ 147993f0d4dSRadu Nicolau u16 max_sa_num; 148993f0d4dSRadu Nicolau 149993f0d4dSRadu Nicolau /* IPsec SA Protocol - value ref VIRTCHNL_PROTO_XXX */ 150993f0d4dSRadu Nicolau u8 virtchnl_protocol_type; 151993f0d4dSRadu Nicolau 152993f0d4dSRadu Nicolau /* IPsec SA Mode - value ref VIRTCHNL_SA_MODE_XXX */ 153993f0d4dSRadu Nicolau u8 virtchnl_sa_mode; 154993f0d4dSRadu Nicolau 155993f0d4dSRadu Nicolau /* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */ 156993f0d4dSRadu Nicolau u8 virtchnl_direction; 157993f0d4dSRadu Nicolau 158993f0d4dSRadu Nicolau /* termination mode - value ref VIRTCHNL_TERM_XXX */ 159993f0d4dSRadu Nicolau u8 termination_mode; 160993f0d4dSRadu Nicolau 161993f0d4dSRadu Nicolau /* number of supported crypto capability */ 162993f0d4dSRadu Nicolau u8 crypto_cap_num; 163993f0d4dSRadu Nicolau 164993f0d4dSRadu Nicolau /* descriptor ID */ 165993f0d4dSRadu Nicolau u16 desc_id; 166993f0d4dSRadu Nicolau 167993f0d4dSRadu Nicolau /* capabilities enabled - value ref VIRTCHNL_IPSEC_XXX_ENA */ 168993f0d4dSRadu Nicolau u32 caps_enabled; 169993f0d4dSRadu Nicolau 170993f0d4dSRadu Nicolau /* crypto capabilities */ 171993f0d4dSRadu Nicolau struct virtchnl_sym_crypto_cap cap[VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM]; 172*e7750639SAndre Muezerie } __rte_packed_end; 173993f0d4dSRadu Nicolau 174993f0d4dSRadu Nicolau /* configuration of crypto function */ 175*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_crypto_cfg_item { 176993f0d4dSRadu Nicolau u8 crypto_type; 177993f0d4dSRadu Nicolau 178993f0d4dSRadu Nicolau u32 algo_type; 179993f0d4dSRadu Nicolau 180993f0d4dSRadu Nicolau /* Length of valid IV data. */ 181993f0d4dSRadu Nicolau u16 iv_len; 182993f0d4dSRadu Nicolau 183993f0d4dSRadu Nicolau /* Length of digest */ 184993f0d4dSRadu Nicolau u16 digest_len; 185993f0d4dSRadu Nicolau 186993f0d4dSRadu Nicolau /* SA salt */ 187993f0d4dSRadu Nicolau u32 salt; 188993f0d4dSRadu Nicolau 189993f0d4dSRadu Nicolau /* The length of the symmetric key */ 190993f0d4dSRadu Nicolau u16 key_len; 191993f0d4dSRadu Nicolau 192993f0d4dSRadu Nicolau /* key data buffer */ 193993f0d4dSRadu Nicolau u8 key_data[VIRTCHNL_IPSEC_MAX_KEY_LEN]; 194*e7750639SAndre Muezerie } __rte_packed_end; 195993f0d4dSRadu Nicolau 196993f0d4dSRadu Nicolau struct virtchnl_ipsec_sym_crypto_cfg { 197993f0d4dSRadu Nicolau struct virtchnl_ipsec_crypto_cfg_item 198993f0d4dSRadu Nicolau items[VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER]; 199993f0d4dSRadu Nicolau }; 200993f0d4dSRadu Nicolau 201993f0d4dSRadu Nicolau /* VIRTCHNL_OP_IPSEC_SA_CREATE 202993f0d4dSRadu Nicolau * VF send this SA configuration to PF using virtchnl; 203993f0d4dSRadu Nicolau * PF create SA as configuration and PF driver will return 204993f0d4dSRadu Nicolau * an unique index (sa_idx) for the created SA. 205993f0d4dSRadu Nicolau */ 206*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_sa_cfg { 207993f0d4dSRadu Nicolau /* IPsec SA Protocol - AH/ESP */ 208993f0d4dSRadu Nicolau u8 virtchnl_protocol_type; 209993f0d4dSRadu Nicolau 210993f0d4dSRadu Nicolau /* termination mode - value ref VIRTCHNL_TERM_XXX */ 211993f0d4dSRadu Nicolau u8 virtchnl_termination; 212993f0d4dSRadu Nicolau 213993f0d4dSRadu Nicolau /* type of outer IP - IPv4/IPv6 */ 214993f0d4dSRadu Nicolau u8 virtchnl_ip_type; 215993f0d4dSRadu Nicolau 216993f0d4dSRadu Nicolau /* type of esn - !0:enable/0:disable */ 217993f0d4dSRadu Nicolau u8 esn_enabled; 218993f0d4dSRadu Nicolau 219993f0d4dSRadu Nicolau /* udp encap - !0:enable/0:disable */ 220993f0d4dSRadu Nicolau u8 udp_encap_enabled; 221993f0d4dSRadu Nicolau 222993f0d4dSRadu Nicolau /* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */ 223993f0d4dSRadu Nicolau u8 virtchnl_direction; 224993f0d4dSRadu Nicolau 225993f0d4dSRadu Nicolau /* reserved */ 226993f0d4dSRadu Nicolau u8 reserved1; 227993f0d4dSRadu Nicolau 228993f0d4dSRadu Nicolau /* SA security parameter index */ 229993f0d4dSRadu Nicolau u32 spi; 230993f0d4dSRadu Nicolau 231993f0d4dSRadu Nicolau /* outer src ip address */ 232993f0d4dSRadu Nicolau u8 src_addr[16]; 233993f0d4dSRadu Nicolau 234993f0d4dSRadu Nicolau /* outer dst ip address */ 235993f0d4dSRadu Nicolau u8 dst_addr[16]; 236993f0d4dSRadu Nicolau 237993f0d4dSRadu Nicolau /* SPD reference. Used to link an SA with its policy. 238993f0d4dSRadu Nicolau * PF drivers may ignore this field. 239993f0d4dSRadu Nicolau */ 240993f0d4dSRadu Nicolau u16 spd_ref; 241993f0d4dSRadu Nicolau 242993f0d4dSRadu Nicolau /* high 32 bits of esn */ 243993f0d4dSRadu Nicolau u32 esn_hi; 244993f0d4dSRadu Nicolau 245993f0d4dSRadu Nicolau /* low 32 bits of esn */ 246993f0d4dSRadu Nicolau u32 esn_low; 247993f0d4dSRadu Nicolau 248993f0d4dSRadu Nicolau /* When enabled, sa_index must be valid */ 249993f0d4dSRadu Nicolau u8 sa_index_en; 250993f0d4dSRadu Nicolau 251993f0d4dSRadu Nicolau /* SA index when sa_index_en is true */ 252993f0d4dSRadu Nicolau u32 sa_index; 253993f0d4dSRadu Nicolau 254993f0d4dSRadu Nicolau /* auditing mode - enable/disable */ 255993f0d4dSRadu Nicolau u8 audit_en; 256993f0d4dSRadu Nicolau 257993f0d4dSRadu Nicolau /* lifetime byte limit - enable/disable 258993f0d4dSRadu Nicolau * When enabled, byte_limit_hard and byte_limit_soft 259993f0d4dSRadu Nicolau * must be valid. 260993f0d4dSRadu Nicolau */ 261993f0d4dSRadu Nicolau u8 byte_limit_en; 262993f0d4dSRadu Nicolau 263993f0d4dSRadu Nicolau /* hard byte limit count */ 264993f0d4dSRadu Nicolau u64 byte_limit_hard; 265993f0d4dSRadu Nicolau 266993f0d4dSRadu Nicolau /* soft byte limit count */ 267993f0d4dSRadu Nicolau u64 byte_limit_soft; 268993f0d4dSRadu Nicolau 269993f0d4dSRadu Nicolau /* drop on authentication failure - enable/disable */ 270993f0d4dSRadu Nicolau u8 drop_on_auth_fail_en; 271993f0d4dSRadu Nicolau 272993f0d4dSRadu Nicolau /* anti-reply window check - enable/disable 273993f0d4dSRadu Nicolau * When enabled, arw_size must be valid. 274993f0d4dSRadu Nicolau */ 275993f0d4dSRadu Nicolau u8 arw_check_en; 276993f0d4dSRadu Nicolau 277993f0d4dSRadu Nicolau /* size of arw window, offset by 1. Setting to 0 278993f0d4dSRadu Nicolau * represents ARW window size of 1. Setting to 127 279993f0d4dSRadu Nicolau * represents ARW window size of 128 280993f0d4dSRadu Nicolau */ 281993f0d4dSRadu Nicolau u8 arw_size; 282993f0d4dSRadu Nicolau 283993f0d4dSRadu Nicolau /* no ip offload mode - enable/disable 284993f0d4dSRadu Nicolau * When enabled, ip type and address must not be valid. 285993f0d4dSRadu Nicolau */ 286993f0d4dSRadu Nicolau u8 no_ip_offload_en; 287993f0d4dSRadu Nicolau 288993f0d4dSRadu Nicolau /* SA Domain. Used to logical separate an SADB into groups. 289993f0d4dSRadu Nicolau * PF drivers supporting a single group ignore this field. 290993f0d4dSRadu Nicolau */ 291993f0d4dSRadu Nicolau u16 sa_domain; 292993f0d4dSRadu Nicolau 293993f0d4dSRadu Nicolau /* crypto configuration */ 294993f0d4dSRadu Nicolau struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg; 295*e7750639SAndre Muezerie } __rte_packed_end; 296993f0d4dSRadu Nicolau 297993f0d4dSRadu Nicolau /* VIRTCHNL_OP_IPSEC_SA_UPDATE 298993f0d4dSRadu Nicolau * VF send configuration of index of SA to PF 299993f0d4dSRadu Nicolau * PF will update SA according to configuration 300993f0d4dSRadu Nicolau */ 301*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_sa_update { 302993f0d4dSRadu Nicolau u32 sa_index; /* SA to update */ 303993f0d4dSRadu Nicolau u32 esn_hi; /* high 32 bits of esn */ 304993f0d4dSRadu Nicolau u32 esn_low; /* low 32 bits of esn */ 305*e7750639SAndre Muezerie } __rte_packed_end; 306993f0d4dSRadu Nicolau 307993f0d4dSRadu Nicolau /* VIRTCHNL_OP_IPSEC_SA_DESTROY 308993f0d4dSRadu Nicolau * VF send configuration of index of SA to PF 309993f0d4dSRadu Nicolau * PF will destroy SA according to configuration 310993f0d4dSRadu Nicolau * flag bitmap indicate all SA or just selected SA will 311993f0d4dSRadu Nicolau * be destroyed 312993f0d4dSRadu Nicolau */ 313*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_sa_destroy { 314993f0d4dSRadu Nicolau /* All zero bitmap indicates all SA will be destroyed. 315993f0d4dSRadu Nicolau * Non-zero bitmap indicates the selected SA in 316993f0d4dSRadu Nicolau * array sa_index will be destroyed. 317993f0d4dSRadu Nicolau */ 318993f0d4dSRadu Nicolau u8 flag; 319993f0d4dSRadu Nicolau 320993f0d4dSRadu Nicolau /* selected SA index */ 321993f0d4dSRadu Nicolau u32 sa_index[VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM]; 322*e7750639SAndre Muezerie } __rte_packed_end; 323993f0d4dSRadu Nicolau 324993f0d4dSRadu Nicolau /* VIRTCHNL_OP_IPSEC_SA_READ 325993f0d4dSRadu Nicolau * VF send this SA configuration to PF using virtchnl; 326993f0d4dSRadu Nicolau * PF read SA and will return configuration for the created SA. 327993f0d4dSRadu Nicolau */ 328*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_sa_read { 329993f0d4dSRadu Nicolau /* SA valid - invalid/valid */ 330993f0d4dSRadu Nicolau u8 valid; 331993f0d4dSRadu Nicolau 332993f0d4dSRadu Nicolau /* SA active - inactive/active */ 333993f0d4dSRadu Nicolau u8 active; 334993f0d4dSRadu Nicolau 335993f0d4dSRadu Nicolau /* SA SN rollover - not_rollover/rollover */ 336993f0d4dSRadu Nicolau u8 sn_rollover; 337993f0d4dSRadu Nicolau 338993f0d4dSRadu Nicolau /* IPsec SA Protocol - AH/ESP */ 339993f0d4dSRadu Nicolau u8 virtchnl_protocol_type; 340993f0d4dSRadu Nicolau 341993f0d4dSRadu Nicolau /* termination mode - value ref VIRTCHNL_TERM_XXX */ 342993f0d4dSRadu Nicolau u8 virtchnl_termination; 343993f0d4dSRadu Nicolau 344993f0d4dSRadu Nicolau /* auditing mode - enable/disable */ 345993f0d4dSRadu Nicolau u8 audit_en; 346993f0d4dSRadu Nicolau 347993f0d4dSRadu Nicolau /* lifetime byte limit - enable/disable 348993f0d4dSRadu Nicolau * When set to limit, byte_limit_hard and byte_limit_soft 349993f0d4dSRadu Nicolau * must be valid. 350993f0d4dSRadu Nicolau */ 351993f0d4dSRadu Nicolau u8 byte_limit_en; 352993f0d4dSRadu Nicolau 353993f0d4dSRadu Nicolau /* hard byte limit count */ 354993f0d4dSRadu Nicolau u64 byte_limit_hard; 355993f0d4dSRadu Nicolau 356993f0d4dSRadu Nicolau /* soft byte limit count */ 357993f0d4dSRadu Nicolau u64 byte_limit_soft; 358993f0d4dSRadu Nicolau 359993f0d4dSRadu Nicolau /* drop on authentication failure - enable/disable */ 360993f0d4dSRadu Nicolau u8 drop_on_auth_fail_en; 361993f0d4dSRadu Nicolau 362993f0d4dSRadu Nicolau /* anti-replay window check - enable/disable 363993f0d4dSRadu Nicolau * When set to check, arw_size, arw_top, and arw must be valid 364993f0d4dSRadu Nicolau */ 365993f0d4dSRadu Nicolau u8 arw_check_en; 366993f0d4dSRadu Nicolau 367993f0d4dSRadu Nicolau /* size of arw window, offset by 1. Setting to 0 368993f0d4dSRadu Nicolau * represents ARW window size of 1. Setting to 127 369993f0d4dSRadu Nicolau * represents ARW window size of 128 370993f0d4dSRadu Nicolau */ 371993f0d4dSRadu Nicolau u8 arw_size; 372993f0d4dSRadu Nicolau 373993f0d4dSRadu Nicolau /* reserved */ 374993f0d4dSRadu Nicolau u8 reserved1; 375993f0d4dSRadu Nicolau 376993f0d4dSRadu Nicolau /* top of anti-replay-window */ 377993f0d4dSRadu Nicolau u64 arw_top; 378993f0d4dSRadu Nicolau 379993f0d4dSRadu Nicolau /* anti-replay-window */ 380993f0d4dSRadu Nicolau u8 arw[16]; 381993f0d4dSRadu Nicolau 382993f0d4dSRadu Nicolau /* packets processed */ 383993f0d4dSRadu Nicolau u64 packets_processed; 384993f0d4dSRadu Nicolau 385993f0d4dSRadu Nicolau /* bytes processed */ 386993f0d4dSRadu Nicolau u64 bytes_processed; 387993f0d4dSRadu Nicolau 388993f0d4dSRadu Nicolau /* packets dropped */ 389993f0d4dSRadu Nicolau u32 packets_dropped; 390993f0d4dSRadu Nicolau 391993f0d4dSRadu Nicolau /* authentication failures */ 392993f0d4dSRadu Nicolau u32 auth_fails; 393993f0d4dSRadu Nicolau 394993f0d4dSRadu Nicolau /* ARW check failures */ 395993f0d4dSRadu Nicolau u32 arw_fails; 396993f0d4dSRadu Nicolau 397993f0d4dSRadu Nicolau /* type of esn - enable/disable */ 398993f0d4dSRadu Nicolau u8 esn; 399993f0d4dSRadu Nicolau 400993f0d4dSRadu Nicolau /* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */ 401993f0d4dSRadu Nicolau u8 virtchnl_direction; 402993f0d4dSRadu Nicolau 403993f0d4dSRadu Nicolau /* SA security parameter index */ 404993f0d4dSRadu Nicolau u32 spi; 405993f0d4dSRadu Nicolau 406993f0d4dSRadu Nicolau /* SA salt */ 407993f0d4dSRadu Nicolau u32 salt; 408993f0d4dSRadu Nicolau 409993f0d4dSRadu Nicolau /* high 32 bits of esn */ 410993f0d4dSRadu Nicolau u32 esn_hi; 411993f0d4dSRadu Nicolau 412993f0d4dSRadu Nicolau /* low 32 bits of esn */ 413993f0d4dSRadu Nicolau u32 esn_low; 414993f0d4dSRadu Nicolau 415993f0d4dSRadu Nicolau /* SA Domain. Used to logical separate an SADB into groups. 416993f0d4dSRadu Nicolau * PF drivers supporting a single group ignore this field. 417993f0d4dSRadu Nicolau */ 418993f0d4dSRadu Nicolau u16 sa_domain; 419993f0d4dSRadu Nicolau 420993f0d4dSRadu Nicolau /* SPD reference. Used to link an SA with its policy. 421993f0d4dSRadu Nicolau * PF drivers may ignore this field. 422993f0d4dSRadu Nicolau */ 423993f0d4dSRadu Nicolau u16 spd_ref; 424993f0d4dSRadu Nicolau 425993f0d4dSRadu Nicolau /* crypto configuration. Salt and keys are set to 0 */ 426993f0d4dSRadu Nicolau struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg; 427*e7750639SAndre Muezerie } __rte_packed_end; 428993f0d4dSRadu Nicolau 429993f0d4dSRadu Nicolau 430993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_INBOUND_SPD_TBL_IPV4 (0) 431993f0d4dSRadu Nicolau #define VIRTCHNL_IPSEC_INBOUND_SPD_TBL_IPV6 (1) 432993f0d4dSRadu Nicolau 433993f0d4dSRadu Nicolau /* Add allowlist entry in IES */ 434*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_sp_cfg { 435993f0d4dSRadu Nicolau u32 spi; 436993f0d4dSRadu Nicolau u32 dip[4]; 437993f0d4dSRadu Nicolau 438993f0d4dSRadu Nicolau /* Drop frame if true or redirect to QAT if false. */ 439993f0d4dSRadu Nicolau u8 drop; 440993f0d4dSRadu Nicolau 441993f0d4dSRadu Nicolau /* Congestion domain. For future use. */ 442993f0d4dSRadu Nicolau u8 cgd; 443993f0d4dSRadu Nicolau 444993f0d4dSRadu Nicolau /* 0 for IPv4 table, 1 for IPv6 table. */ 445993f0d4dSRadu Nicolau u8 table_id; 446993f0d4dSRadu Nicolau 447993f0d4dSRadu Nicolau /* Set TC (congestion domain) if true. For future use. */ 448993f0d4dSRadu Nicolau u8 set_tc; 449578da1bdSRadu Nicolau 450578da1bdSRadu Nicolau /* 0 for NAT-T unsupported, 1 for NAT-T supported */ 451578da1bdSRadu Nicolau u8 is_udp; 452578da1bdSRadu Nicolau 453578da1bdSRadu Nicolau /* reserved */ 454578da1bdSRadu Nicolau u8 reserved; 455578da1bdSRadu Nicolau 456578da1bdSRadu Nicolau /* NAT-T UDP port number. Only valid in case NAT-T supported */ 457578da1bdSRadu Nicolau u16 udp_port; 458*e7750639SAndre Muezerie } __rte_packed_end; 459993f0d4dSRadu Nicolau 460993f0d4dSRadu Nicolau 461993f0d4dSRadu Nicolau /* Delete allowlist entry in IES */ 462*e7750639SAndre Muezerie struct __rte_packed_begin virtchnl_ipsec_sp_destroy { 463993f0d4dSRadu Nicolau /* 0 for IPv4 table, 1 for IPv6 table. */ 464993f0d4dSRadu Nicolau u8 table_id; 465993f0d4dSRadu Nicolau u32 rule_id; 466*e7750639SAndre Muezerie } __rte_packed_end; 467993f0d4dSRadu Nicolau 468993f0d4dSRadu Nicolau /* Response from IES to allowlist operations */ 469993f0d4dSRadu Nicolau struct virtchnl_ipsec_sp_cfg_resp { 470993f0d4dSRadu Nicolau u32 rule_id; 471993f0d4dSRadu Nicolau }; 472993f0d4dSRadu Nicolau 473993f0d4dSRadu Nicolau struct virtchnl_ipsec_sa_cfg_resp { 474993f0d4dSRadu Nicolau u32 sa_handle; 475993f0d4dSRadu Nicolau }; 476993f0d4dSRadu Nicolau 477993f0d4dSRadu Nicolau #define INLINE_IPSEC_EVENT_RESET 0x1 478993f0d4dSRadu Nicolau #define INLINE_IPSEC_EVENT_CRYPTO_ON 0x2 479993f0d4dSRadu Nicolau #define INLINE_IPSEC_EVENT_CRYPTO_OFF 0x4 480993f0d4dSRadu Nicolau 481993f0d4dSRadu Nicolau struct virtchnl_ipsec_event { 482993f0d4dSRadu Nicolau u32 ipsec_event_data; 483993f0d4dSRadu Nicolau }; 484993f0d4dSRadu Nicolau 485993f0d4dSRadu Nicolau #define INLINE_IPSEC_STATUS_AVAILABLE 0x1 486993f0d4dSRadu Nicolau #define INLINE_IPSEC_STATUS_UNAVAILABLE 0x2 487993f0d4dSRadu Nicolau 488993f0d4dSRadu Nicolau struct virtchnl_ipsec_status { 489993f0d4dSRadu Nicolau u32 status; 490993f0d4dSRadu Nicolau }; 491993f0d4dSRadu Nicolau 492993f0d4dSRadu Nicolau struct virtchnl_ipsec_resp { 493993f0d4dSRadu Nicolau u32 resp; 494993f0d4dSRadu Nicolau }; 495993f0d4dSRadu Nicolau 496993f0d4dSRadu Nicolau /* Internal message descriptor for VF <-> IPsec communication */ 497*e7750639SAndre Muezerie struct __rte_packed_begin inline_ipsec_msg { 498993f0d4dSRadu Nicolau u16 ipsec_opcode; 499993f0d4dSRadu Nicolau u16 req_id; 500993f0d4dSRadu Nicolau 501993f0d4dSRadu Nicolau union { 502993f0d4dSRadu Nicolau /* IPsec request */ 503993f0d4dSRadu Nicolau struct virtchnl_ipsec_sa_cfg sa_cfg[0]; 504993f0d4dSRadu Nicolau struct virtchnl_ipsec_sp_cfg sp_cfg[0]; 505993f0d4dSRadu Nicolau struct virtchnl_ipsec_sa_update sa_update[0]; 506993f0d4dSRadu Nicolau struct virtchnl_ipsec_sa_destroy sa_destroy[0]; 507993f0d4dSRadu Nicolau struct virtchnl_ipsec_sp_destroy sp_destroy[0]; 508993f0d4dSRadu Nicolau 509993f0d4dSRadu Nicolau /* IPsec response */ 510993f0d4dSRadu Nicolau struct virtchnl_ipsec_sa_cfg_resp sa_cfg_resp[0]; 511993f0d4dSRadu Nicolau struct virtchnl_ipsec_sp_cfg_resp sp_cfg_resp[0]; 512993f0d4dSRadu Nicolau struct virtchnl_ipsec_cap ipsec_cap[0]; 513993f0d4dSRadu Nicolau struct virtchnl_ipsec_status ipsec_status[0]; 514993f0d4dSRadu Nicolau /* response to del_sa, del_sp, update_sa */ 515993f0d4dSRadu Nicolau struct virtchnl_ipsec_resp ipsec_resp[0]; 516993f0d4dSRadu Nicolau 517993f0d4dSRadu Nicolau /* IPsec event (no req_id is required) */ 518993f0d4dSRadu Nicolau struct virtchnl_ipsec_event event[0]; 519993f0d4dSRadu Nicolau 520993f0d4dSRadu Nicolau /* Reserved */ 521993f0d4dSRadu Nicolau struct virtchnl_ipsec_sa_read sa_read[0]; 522993f0d4dSRadu Nicolau } ipsec_data; 523*e7750639SAndre Muezerie } __rte_packed_end; 524993f0d4dSRadu Nicolau 525993f0d4dSRadu Nicolau static inline u16 virtchnl_inline_ipsec_val_msg_len(u16 opcode) 526993f0d4dSRadu Nicolau { 527993f0d4dSRadu Nicolau u16 valid_len = sizeof(struct inline_ipsec_msg); 528993f0d4dSRadu Nicolau 529993f0d4dSRadu Nicolau switch (opcode) { 530993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_GET_CAP: 531993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_GET_STATUS: 532993f0d4dSRadu Nicolau break; 533993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_SA_CREATE: 534993f0d4dSRadu Nicolau valid_len += sizeof(struct virtchnl_ipsec_sa_cfg); 535993f0d4dSRadu Nicolau break; 536993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_SP_CREATE: 537993f0d4dSRadu Nicolau valid_len += sizeof(struct virtchnl_ipsec_sp_cfg); 538993f0d4dSRadu Nicolau break; 539993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_SA_UPDATE: 540993f0d4dSRadu Nicolau valid_len += sizeof(struct virtchnl_ipsec_sa_update); 541993f0d4dSRadu Nicolau break; 542993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_SA_DESTROY: 543993f0d4dSRadu Nicolau valid_len += sizeof(struct virtchnl_ipsec_sa_destroy); 544993f0d4dSRadu Nicolau break; 545993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_SP_DESTROY: 546993f0d4dSRadu Nicolau valid_len += sizeof(struct virtchnl_ipsec_sp_destroy); 547993f0d4dSRadu Nicolau break; 548993f0d4dSRadu Nicolau /* Only for msg length calculation of response to VF in case of 549993f0d4dSRadu Nicolau * inline ipsec failure. 550993f0d4dSRadu Nicolau */ 551993f0d4dSRadu Nicolau case INLINE_IPSEC_OP_RESP: 552993f0d4dSRadu Nicolau valid_len += sizeof(struct virtchnl_ipsec_resp); 553993f0d4dSRadu Nicolau break; 554993f0d4dSRadu Nicolau default: 555993f0d4dSRadu Nicolau valid_len = 0; 556993f0d4dSRadu Nicolau break; 557993f0d4dSRadu Nicolau } 558993f0d4dSRadu Nicolau 559993f0d4dSRadu Nicolau return valid_len; 560993f0d4dSRadu Nicolau } 561993f0d4dSRadu Nicolau 562993f0d4dSRadu Nicolau #endif /* _VIRTCHNL_INLINE_IPSEC_H_ */ 563