19ef6cb1aSKonstantin Ananyev.. SPDX-License-Identifier: BSD-3-Clause 29ef6cb1aSKonstantin Ananyev Copyright(c) 2018 Intel Corporation. 39ef6cb1aSKonstantin Ananyev 49ef6cb1aSKonstantin AnanyevIPsec Packet Processing Library 59ef6cb1aSKonstantin Ananyev=============================== 69ef6cb1aSKonstantin Ananyev 79ef6cb1aSKonstantin AnanyevDPDK provides a library for IPsec data-path processing. 89ef6cb1aSKonstantin AnanyevThe library utilizes the existing DPDK crypto-dev and 99ef6cb1aSKonstantin Ananyevsecurity API to provide the application with a transparent and 109ef6cb1aSKonstantin Ananyevhigh performant IPsec packet processing API. 119ef6cb1aSKonstantin AnanyevThe library is concentrated on data-path protocols processing 129ef6cb1aSKonstantin Ananyev(ESP and AH), IKE protocol(s) implementation is out of scope 139ef6cb1aSKonstantin Ananyevfor this library. 149ef6cb1aSKonstantin Ananyev 159ef6cb1aSKonstantin AnanyevSA level API 169ef6cb1aSKonstantin Ananyev------------ 179ef6cb1aSKonstantin Ananyev 189ef6cb1aSKonstantin AnanyevThis API operates on the IPsec Security Association (SA) level. 199ef6cb1aSKonstantin AnanyevIt provides functionality that allows user for given SA to process 209ef6cb1aSKonstantin Ananyevinbound and outbound IPsec packets. 219ef6cb1aSKonstantin Ananyev 229ef6cb1aSKonstantin AnanyevTo be more specific: 239ef6cb1aSKonstantin Ananyev 249ef6cb1aSKonstantin Ananyev* for inbound ESP/AH packets perform decryption, authentication, integrity checking, remove ESP/AH related headers 259ef6cb1aSKonstantin Ananyev* for outbound packets perform payload encryption, attach ICV, update/add IP headers, add ESP/AH headers/trailers, 269ef6cb1aSKonstantin Ananyev* setup related mbuf fields (ol_flags, tx_offloads, etc.). 279ef6cb1aSKonstantin Ananyev* initialize/un-initialize given SA based on user provided parameters. 289ef6cb1aSKonstantin Ananyev 299ef6cb1aSKonstantin AnanyevThe SA level API is based on top of crypto-dev/security API and relies on 309ef6cb1aSKonstantin Ananyevthem to perform actual cipher and integrity checking. 319ef6cb1aSKonstantin Ananyev 329ef6cb1aSKonstantin AnanyevDue to the nature of the crypto-dev API (enqueue/dequeue model) the library 339ef6cb1aSKonstantin Ananyevintroduces an asynchronous API for IPsec packets destined to be processed by 349ef6cb1aSKonstantin Ananyevthe crypto-device. 359ef6cb1aSKonstantin Ananyev 369ef6cb1aSKonstantin AnanyevThe expected API call sequence for data-path processing would be: 379ef6cb1aSKonstantin Ananyev 389ef6cb1aSKonstantin Ananyev.. code-block:: c 399ef6cb1aSKonstantin Ananyev 409ef6cb1aSKonstantin Ananyev /* enqueue for processing by crypto-device */ 419ef6cb1aSKonstantin Ananyev rte_ipsec_pkt_crypto_prepare(...); 429ef6cb1aSKonstantin Ananyev rte_cryptodev_enqueue_burst(...); 439ef6cb1aSKonstantin Ananyev /* dequeue from crypto-device and do final processing (if any) */ 449ef6cb1aSKonstantin Ananyev rte_cryptodev_dequeue_burst(...); 459ef6cb1aSKonstantin Ananyev rte_ipsec_pkt_crypto_group(...); /* optional */ 469ef6cb1aSKonstantin Ananyev rte_ipsec_pkt_process(...); 479ef6cb1aSKonstantin Ananyev 489ef6cb1aSKonstantin AnanyevFor packets destined for inline processing no extra overhead 499ef6cb1aSKonstantin Ananyevis required and the synchronous API call: rte_ipsec_pkt_process() 509ef6cb1aSKonstantin Ananyevis sufficient for that case. 519ef6cb1aSKonstantin Ananyev 529ef6cb1aSKonstantin Ananyev.. note:: 539ef6cb1aSKonstantin Ananyev 549ef6cb1aSKonstantin Ananyev For more details about the IPsec API, please refer to the *DPDK API Reference*. 559ef6cb1aSKonstantin Ananyev 569ef6cb1aSKonstantin AnanyevThe current implementation supports all four currently defined 579ef6cb1aSKonstantin Ananyevrte_security types: 589ef6cb1aSKonstantin Ananyev 599ef6cb1aSKonstantin AnanyevRTE_SECURITY_ACTION_TYPE_NONE 609ef6cb1aSKonstantin Ananyev~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 619ef6cb1aSKonstantin Ananyev 629ef6cb1aSKonstantin AnanyevIn that mode the library functions perform 639ef6cb1aSKonstantin Ananyev 649ef6cb1aSKonstantin Ananyev* for inbound packets: 659ef6cb1aSKonstantin Ananyev 669ef6cb1aSKonstantin Ananyev - check SQN 679ef6cb1aSKonstantin Ananyev - prepare *rte_crypto_op* structure for each input packet 68d629b7b5SJohn McNamara - verify that integrity check and decryption performed by crypto device 699ef6cb1aSKonstantin Ananyev completed successfully 709ef6cb1aSKonstantin Ananyev - check padding data 719ef6cb1aSKonstantin Ananyev - remove outer IP header (tunnel mode) / update IP header (transport mode) 729ef6cb1aSKonstantin Ananyev - remove ESP header and trailer, padding, IV and ICV data 739ef6cb1aSKonstantin Ananyev - update SA replay window 749ef6cb1aSKonstantin Ananyev 759ef6cb1aSKonstantin Ananyev* for outbound packets: 769ef6cb1aSKonstantin Ananyev 779ef6cb1aSKonstantin Ananyev - generate SQN and IV 789ef6cb1aSKonstantin Ananyev - add outer IP header (tunnel mode) / update IP header (transport mode) 799ef6cb1aSKonstantin Ananyev - add ESP header and trailer, padding and IV data 809ef6cb1aSKonstantin Ananyev - prepare *rte_crypto_op* structure for each input packet 819ef6cb1aSKonstantin Ananyev - verify that crypto device operations (encryption, ICV generation) 829ef6cb1aSKonstantin Ananyev were completed successfully 839ef6cb1aSKonstantin Ananyev 849ef6cb1aSKonstantin AnanyevRTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO 859ef6cb1aSKonstantin Ananyev~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 869ef6cb1aSKonstantin Ananyev 879ef6cb1aSKonstantin AnanyevIn that mode the library functions perform 889ef6cb1aSKonstantin Ananyev 899ef6cb1aSKonstantin Ananyev* for inbound packets: 909ef6cb1aSKonstantin Ananyev 91d629b7b5SJohn McNamara - verify that integrity check and decryption performed by *rte_security* 929ef6cb1aSKonstantin Ananyev device completed successfully 939ef6cb1aSKonstantin Ananyev - check SQN 949ef6cb1aSKonstantin Ananyev - check padding data 959ef6cb1aSKonstantin Ananyev - remove outer IP header (tunnel mode) / update IP header (transport mode) 969ef6cb1aSKonstantin Ananyev - remove ESP header and trailer, padding, IV and ICV data 979ef6cb1aSKonstantin Ananyev - update SA replay window 989ef6cb1aSKonstantin Ananyev 999ef6cb1aSKonstantin Ananyev* for outbound packets: 1009ef6cb1aSKonstantin Ananyev 1019ef6cb1aSKonstantin Ananyev - generate SQN and IV 1029ef6cb1aSKonstantin Ananyev - add outer IP header (tunnel mode) / update IP header (transport mode) 1039ef6cb1aSKonstantin Ananyev - add ESP header and trailer, padding and IV data 104d629b7b5SJohn McNamara - update *ol_flags* inside *struct rte_mbuf* to indicate that 1059ef6cb1aSKonstantin Ananyev inline-crypto processing has to be performed by HW on this packet 1069ef6cb1aSKonstantin Ananyev - invoke *rte_security* device specific *set_pkt_metadata()* to associate 107d629b7b5SJohn McNamara security device specific data with the packet 1089ef6cb1aSKonstantin Ananyev 1099ef6cb1aSKonstantin AnanyevRTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL 1109ef6cb1aSKonstantin Ananyev~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1119ef6cb1aSKonstantin Ananyev 1129ef6cb1aSKonstantin AnanyevIn that mode the library functions perform 1139ef6cb1aSKonstantin Ananyev 1149ef6cb1aSKonstantin Ananyev* for inbound packets: 1159ef6cb1aSKonstantin Ananyev 116d629b7b5SJohn McNamara - verify that integrity check and decryption performed by *rte_security* 1179ef6cb1aSKonstantin Ananyev device completed successfully 1189ef6cb1aSKonstantin Ananyev 1199ef6cb1aSKonstantin Ananyev* for outbound packets: 1209ef6cb1aSKonstantin Ananyev 121d629b7b5SJohn McNamara - update *ol_flags* inside *struct rte_mbuf* to indicate that 1229ef6cb1aSKonstantin Ananyev inline-crypto processing has to be performed by HW on this packet 1239ef6cb1aSKonstantin Ananyev - invoke *rte_security* device specific *set_pkt_metadata()* to associate 124d629b7b5SJohn McNamara security device specific data with the packet 1259ef6cb1aSKonstantin Ananyev 1269ef6cb1aSKonstantin AnanyevRTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL 1279ef6cb1aSKonstantin Ananyev~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1289ef6cb1aSKonstantin Ananyev 1299ef6cb1aSKonstantin AnanyevIn that mode the library functions perform 1309ef6cb1aSKonstantin Ananyev 1319ef6cb1aSKonstantin Ananyev* for inbound packets: 1329ef6cb1aSKonstantin Ananyev 1339ef6cb1aSKonstantin Ananyev - prepare *rte_crypto_op* structure for each input packet 134d629b7b5SJohn McNamara - verify that integrity check and decryption performed by crypto device 1359ef6cb1aSKonstantin Ananyev completed successfully 1369ef6cb1aSKonstantin Ananyev 1379ef6cb1aSKonstantin Ananyev* for outbound packets: 1389ef6cb1aSKonstantin Ananyev 1399ef6cb1aSKonstantin Ananyev - prepare *rte_crypto_op* structure for each input packet 1409ef6cb1aSKonstantin Ananyev - verify that crypto device operations (encryption, ICV generation) 1419ef6cb1aSKonstantin Ananyev were completed successfully 1429ef6cb1aSKonstantin Ananyev 1439ef6cb1aSKonstantin AnanyevTo accommodate future custom implementations function pointers 1449ef6cb1aSKonstantin Ananyevmodel is used for both *crypto_prepare* and *process* implementations. 1459ef6cb1aSKonstantin Ananyev 146401633d9SVladimir MedvedkinSA database API 147401633d9SVladimir Medvedkin---------------- 148401633d9SVladimir Medvedkin 149401633d9SVladimir MedvedkinSA database(SAD) is a table with <key, value> pairs. 150401633d9SVladimir Medvedkin 151401633d9SVladimir MedvedkinValue is an opaque user provided pointer to the user defined SA data structure. 152401633d9SVladimir Medvedkin 153401633d9SVladimir MedvedkinAccording to RFC4301 each SA can be uniquely identified by a key 154401633d9SVladimir Medvedkinwhich is either: 155401633d9SVladimir Medvedkin 156401633d9SVladimir Medvedkin - security parameter index(SPI) 157401633d9SVladimir Medvedkin - or SPI and destination IP(DIP) 158401633d9SVladimir Medvedkin - or SPI, DIP and source IP(SIP) 159401633d9SVladimir Medvedkin 160401633d9SVladimir MedvedkinIn case of multiple matches, longest matching key will be returned. 1619ef6cb1aSKonstantin Ananyev 1623feb2360SVladimir MedvedkinCreate/destroy 1633feb2360SVladimir Medvedkin~~~~~~~~~~~~~~ 1643feb2360SVladimir Medvedkin 1653feb2360SVladimir Medvedkinlibrte_ipsec SAD implementation provides ability to create/destroy SAD tables. 1663feb2360SVladimir Medvedkin 1673feb2360SVladimir MedvedkinTo create SAD table user has to specify how many entries of each key type is 1683feb2360SVladimir Medvedkinrequired and IP protocol type (IPv4/IPv6). 1693feb2360SVladimir MedvedkinAs an example: 1703feb2360SVladimir Medvedkin 1713feb2360SVladimir Medvedkin 1723feb2360SVladimir Medvedkin.. code-block:: c 1733feb2360SVladimir Medvedkin 1743feb2360SVladimir Medvedkin struct rte_ipsec_sad *sad; 1753feb2360SVladimir Medvedkin struct rte_ipsec_sad_conf conf; 1763feb2360SVladimir Medvedkin 1773feb2360SVladimir Medvedkin conf.socket_id = -1; 1783feb2360SVladimir Medvedkin conf.max_sa[RTE_IPSEC_SAD_SPI_ONLY] = some_nb_rules_spi_only; 1793feb2360SVladimir Medvedkin conf.max_sa[RTE_IPSEC_SAD_SPI_DIP] = some_nb_rules_spi_dip; 1803feb2360SVladimir Medvedkin conf.max_sa[RTE_IPSEC_SAD_SPI_DIP_SIP] = some_nb_rules_spi_dip_sip; 1813feb2360SVladimir Medvedkin conf.flags = RTE_IPSEC_SAD_FLAG_RW_CONCURRENCY; 1823feb2360SVladimir Medvedkin 1833feb2360SVladimir Medvedkin sad = rte_ipsec_sad_create("test", &conf); 1843feb2360SVladimir Medvedkin 1853feb2360SVladimir Medvedkin.. note:: 1863feb2360SVladimir Medvedkin 1873feb2360SVladimir Medvedkin for more information please refer to ipsec library API reference 1883feb2360SVladimir Medvedkin 189*b2ee2692SVladimir MedvedkinAdd/delete rules 190*b2ee2692SVladimir Medvedkin~~~~~~~~~~~~~~~~ 191*b2ee2692SVladimir Medvedkin 192*b2ee2692SVladimir MedvedkinLibrary also provides methods to add or delete key/value pairs from the SAD. 193*b2ee2692SVladimir MedvedkinTo add user has to specify key, key type and a value which is an opaque pointer to SA. 194*b2ee2692SVladimir MedvedkinThe key type reflects a set of tuple fields that will be used for lookup of the SA. 195*b2ee2692SVladimir MedvedkinAs mentioned above there are 3 types of a key and the representation of a key type is: 196*b2ee2692SVladimir Medvedkin 197*b2ee2692SVladimir Medvedkin.. code-block:: c 198*b2ee2692SVladimir Medvedkin 199*b2ee2692SVladimir Medvedkin RTE_IPSEC_SAD_SPI_ONLY, 200*b2ee2692SVladimir Medvedkin RTE_IPSEC_SAD_SPI_DIP, 201*b2ee2692SVladimir Medvedkin RTE_IPSEC_SAD_SPI_DIP_SIP, 202*b2ee2692SVladimir Medvedkin 203*b2ee2692SVladimir MedvedkinAs an example, to add new entry into the SAD for IPv4 addresses: 204*b2ee2692SVladimir Medvedkin 205*b2ee2692SVladimir Medvedkin.. code-block:: c 206*b2ee2692SVladimir Medvedkin 207*b2ee2692SVladimir Medvedkin struct rte_ipsec_sa *sa; 208*b2ee2692SVladimir Medvedkin union rte_ipsec_sad_key key; 209*b2ee2692SVladimir Medvedkin 210*b2ee2692SVladimir Medvedkin key.v4.spi = rte_cpu_to_be_32(spi_val); 211*b2ee2692SVladimir Medvedkin if (key_type >= RTE_IPSEC_SAD_SPI_DIP) /* DIP is optional*/ 212*b2ee2692SVladimir Medvedkin key.v4.dip = rte_cpu_to_be_32(dip_val); 213*b2ee2692SVladimir Medvedkin if (key_type == RTE_IPSEC_SAD_SPI_DIP_SIP) /* SIP is optional*/ 214*b2ee2692SVladimir Medvedkin key.v4.sip = rte_cpu_to_be_32(sip_val); 215*b2ee2692SVladimir Medvedkin 216*b2ee2692SVladimir Medvedkin rte_ipsec_sad_add(sad, &key, key_type, sa); 217*b2ee2692SVladimir Medvedkin 218*b2ee2692SVladimir Medvedkin.. note:: 219*b2ee2692SVladimir Medvedkin 220*b2ee2692SVladimir Medvedkin By performance reason it is better to keep spi/dip/sip in net byte order 221*b2ee2692SVladimir Medvedkin to eliminate byteswap on lookup 222*b2ee2692SVladimir Medvedkin 223*b2ee2692SVladimir MedvedkinTo delete user has to specify key and key type. 224*b2ee2692SVladimir Medvedkin 225*b2ee2692SVladimir MedvedkinDelete code would look like: 226*b2ee2692SVladimir Medvedkin 227*b2ee2692SVladimir Medvedkin.. code-block:: c 228*b2ee2692SVladimir Medvedkin 229*b2ee2692SVladimir Medvedkin union rte_ipsec_sad_key key; 230*b2ee2692SVladimir Medvedkin 231*b2ee2692SVladimir Medvedkin key.v4.spi = rte_cpu_to_be_32(necessary_spi); 232*b2ee2692SVladimir Medvedkin if (key_type >= RTE_IPSEC_SAD_SPI_DIP) /* DIP is optional*/ 233*b2ee2692SVladimir Medvedkin key.v4.dip = rte_cpu_to_be_32(necessary_dip); 234*b2ee2692SVladimir Medvedkin if (key_type == RTE_IPSEC_SAD_SPI_DIP_SIP) /* SIP is optional*/ 235*b2ee2692SVladimir Medvedkin key.v4.sip = rte_cpu_to_be_32(necessary_sip); 236*b2ee2692SVladimir Medvedkin 237*b2ee2692SVladimir Medvedkin rte_ipsec_sad_del(sad, &key, key_type); 238*b2ee2692SVladimir Medvedkin 239*b2ee2692SVladimir Medvedkin 240*b2ee2692SVladimir MedvedkinLookup 241*b2ee2692SVladimir Medvedkin~~~~~~ 242*b2ee2692SVladimir MedvedkinLibrary provides lookup by the given {SPI,DIP,SIP} tuple of 243*b2ee2692SVladimir Medvedkininbound ipsec packet as a key. 244*b2ee2692SVladimir Medvedkin 245*b2ee2692SVladimir MedvedkinThe search key is represented by: 246*b2ee2692SVladimir Medvedkin 247*b2ee2692SVladimir Medvedkin.. code-block:: c 248*b2ee2692SVladimir Medvedkin 249*b2ee2692SVladimir Medvedkin union rte_ipsec_sad_key { 250*b2ee2692SVladimir Medvedkin struct rte_ipsec_sadv4_key v4; 251*b2ee2692SVladimir Medvedkin struct rte_ipsec_sadv6_key v6; 252*b2ee2692SVladimir Medvedkin }; 253*b2ee2692SVladimir Medvedkin 254*b2ee2692SVladimir Medvedkinwhere v4 is a tuple for IPv4: 255*b2ee2692SVladimir Medvedkin 256*b2ee2692SVladimir Medvedkin.. code-block:: c 257*b2ee2692SVladimir Medvedkin 258*b2ee2692SVladimir Medvedkin struct rte_ipsec_sadv4_key { 259*b2ee2692SVladimir Medvedkin uint32_t spi; 260*b2ee2692SVladimir Medvedkin uint32_t dip; 261*b2ee2692SVladimir Medvedkin uint32_t sip; 262*b2ee2692SVladimir Medvedkin }; 263*b2ee2692SVladimir Medvedkin 264*b2ee2692SVladimir Medvedkinand v6 is a tuple for IPv6: 265*b2ee2692SVladimir Medvedkin 266*b2ee2692SVladimir Medvedkin.. code-block:: c 267*b2ee2692SVladimir Medvedkin 268*b2ee2692SVladimir Medvedkin struct rte_ipsec_sadv6_key { 269*b2ee2692SVladimir Medvedkin uint32_t spi; 270*b2ee2692SVladimir Medvedkin uint8_t dip[16]; 271*b2ee2692SVladimir Medvedkin uint8_t sip[16]; 272*b2ee2692SVladimir Medvedkin }; 273*b2ee2692SVladimir Medvedkin 274*b2ee2692SVladimir MedvedkinAs an example, lookup related code could look like that: 275*b2ee2692SVladimir Medvedkin 276*b2ee2692SVladimir Medvedkin.. code-block:: c 277*b2ee2692SVladimir Medvedkin 278*b2ee2692SVladimir Medvedkin int i; 279*b2ee2692SVladimir Medvedkin union rte_ipsec_sad_key keys[BURST_SZ]; 280*b2ee2692SVladimir Medvedkin const union rte_ipsec_sad_key *keys_p[BURST_SZ]; 281*b2ee2692SVladimir Medvedkin void *vals[BURST_SZ]; 282*b2ee2692SVladimir Medvedkin 283*b2ee2692SVladimir Medvedkin for (i = 0; i < BURST_SZ_MAX; i++) { 284*b2ee2692SVladimir Medvedkin keys[i].v4.spi = esp_hdr[i]->spi; 285*b2ee2692SVladimir Medvedkin keys[i].v4.dip = ipv4_hdr[i]->dst_addr; 286*b2ee2692SVladimir Medvedkin keys[i].v4.sip = ipv4_hdr[i]->src_addr; 287*b2ee2692SVladimir Medvedkin keys_p[i] = &keys[i]; 288*b2ee2692SVladimir Medvedkin } 289*b2ee2692SVladimir Medvedkin rte_ipsec_sad_lookup(sad, keys_p, vals, BURST_SZ); 290*b2ee2692SVladimir Medvedkin 291*b2ee2692SVladimir Medvedkin for (i = 0; i < BURST_SZ_MAX; i++) { 292*b2ee2692SVladimir Medvedkin if (vals[i] == NULL) 293*b2ee2692SVladimir Medvedkin printf("SA not found for key index %d\n", i); 294*b2ee2692SVladimir Medvedkin else 295*b2ee2692SVladimir Medvedkin printf("SA pointer is %p\n", vals[i]); 296*b2ee2692SVladimir Medvedkin } 297*b2ee2692SVladimir Medvedkin 298*b2ee2692SVladimir Medvedkin 2999ef6cb1aSKonstantin AnanyevSupported features 3009ef6cb1aSKonstantin Ananyev------------------ 3019ef6cb1aSKonstantin Ananyev 3029ef6cb1aSKonstantin Ananyev* ESP protocol tunnel mode both IPv4/IPv6. 3039ef6cb1aSKonstantin Ananyev 3049ef6cb1aSKonstantin Ananyev* ESP protocol transport mode both IPv4/IPv6. 3059ef6cb1aSKonstantin Ananyev 3069ef6cb1aSKonstantin Ananyev* ESN and replay window. 3079ef6cb1aSKonstantin Ananyev 3083ed37e09SFan Zhang* algorithms: 3DES-CBC, AES-CBC, AES-CTR, AES-GCM, HMAC-SHA1, NULL. 3099ef6cb1aSKonstantin Ananyev 3109ef6cb1aSKonstantin Ananyev 3119ef6cb1aSKonstantin AnanyevLimitations 3129ef6cb1aSKonstantin Ananyev----------- 3139ef6cb1aSKonstantin Ananyev 3149ef6cb1aSKonstantin AnanyevThe following features are not properly supported in the current version: 3159ef6cb1aSKonstantin Ananyev 3169ef6cb1aSKonstantin Ananyev* Hard/soft limit for SA lifetime (time interval/byte count). 317