199a2dd95SBruce Richardson /* SPDX-License-Identifier: BSD-3-Clause 299a2dd95SBruce Richardson * Copyright(c) 2018-2020 Intel Corporation 399a2dd95SBruce Richardson */ 499a2dd95SBruce Richardson 599a2dd95SBruce Richardson #ifndef _SA_H_ 699a2dd95SBruce Richardson #define _SA_H_ 799a2dd95SBruce Richardson 899a2dd95SBruce Richardson 999a2dd95SBruce Richardson #define IPSEC_MAX_HDR_SIZE 64 1099a2dd95SBruce Richardson #define IPSEC_MAX_IV_SIZE 16 1199a2dd95SBruce Richardson #define IPSEC_MAX_IV_QWORD (IPSEC_MAX_IV_SIZE / sizeof(uint64_t)) 1299a2dd95SBruce Richardson #define TUN_HDR_MSK (RTE_IPSEC_SATP_ECN_MASK | RTE_IPSEC_SATP_DSCP_MASK) 1399a2dd95SBruce Richardson 1499a2dd95SBruce Richardson /* padding alignment for different algorithms */ 1599a2dd95SBruce Richardson enum { 1699a2dd95SBruce Richardson IPSEC_PAD_DEFAULT = 4, 1799a2dd95SBruce Richardson IPSEC_PAD_3DES_CBC = 8, 1899a2dd95SBruce Richardson IPSEC_PAD_AES_CBC = IPSEC_MAX_IV_SIZE, 1999a2dd95SBruce Richardson IPSEC_PAD_AES_CTR = IPSEC_PAD_DEFAULT, 2099a2dd95SBruce Richardson IPSEC_PAD_AES_GCM = IPSEC_PAD_DEFAULT, 21c99d2619SRadu Nicolau IPSEC_PAD_AES_CCM = IPSEC_PAD_DEFAULT, 22c99d2619SRadu Nicolau IPSEC_PAD_CHACHA20_POLY1305 = IPSEC_PAD_DEFAULT, 2399a2dd95SBruce Richardson IPSEC_PAD_NULL = IPSEC_PAD_DEFAULT, 24c99d2619SRadu Nicolau IPSEC_PAD_AES_GMAC = IPSEC_PAD_DEFAULT, 2599a2dd95SBruce Richardson }; 2699a2dd95SBruce Richardson 2799a2dd95SBruce Richardson /* iv sizes for different algorithms */ 2899a2dd95SBruce Richardson enum { 2999a2dd95SBruce Richardson IPSEC_IV_SIZE_DEFAULT = IPSEC_MAX_IV_SIZE, 3099a2dd95SBruce Richardson IPSEC_AES_CTR_IV_SIZE = sizeof(uint64_t), 3199a2dd95SBruce Richardson /* TripleDES supports IV size of 32bits or 64bits but he library 3299a2dd95SBruce Richardson * only supports 64bits. 3399a2dd95SBruce Richardson */ 3499a2dd95SBruce Richardson IPSEC_3DES_IV_SIZE = sizeof(uint64_t), 3599a2dd95SBruce Richardson }; 3699a2dd95SBruce Richardson 3799a2dd95SBruce Richardson /* these definitions probably has to be in rte_crypto_sym.h */ 3899a2dd95SBruce Richardson union sym_op_ofslen { 3999a2dd95SBruce Richardson uint64_t raw; 4099a2dd95SBruce Richardson struct { 4199a2dd95SBruce Richardson uint32_t offset; 4299a2dd95SBruce Richardson uint32_t length; 4399a2dd95SBruce Richardson }; 4499a2dd95SBruce Richardson }; 4599a2dd95SBruce Richardson 4699a2dd95SBruce Richardson union sym_op_data { 4799a2dd95SBruce Richardson #ifdef __SIZEOF_INT128__ 4899a2dd95SBruce Richardson __uint128_t raw; 4999a2dd95SBruce Richardson #endif 5099a2dd95SBruce Richardson struct { 5199a2dd95SBruce Richardson uint8_t *va; 5299a2dd95SBruce Richardson rte_iova_t pa; 5399a2dd95SBruce Richardson }; 5499a2dd95SBruce Richardson }; 5599a2dd95SBruce Richardson 5699a2dd95SBruce Richardson #define REPLAY_SQN_NUM 2 5799a2dd95SBruce Richardson #define REPLAY_SQN_NEXT(n) ((n) ^ 1) 5899a2dd95SBruce Richardson 5999a2dd95SBruce Richardson struct replay_sqn { 6099a2dd95SBruce Richardson rte_rwlock_t rwl; 6199a2dd95SBruce Richardson uint64_t sqn; 623401a4afSDavid Marchand uint64_t window[]; 6399a2dd95SBruce Richardson }; 6499a2dd95SBruce Richardson 6599a2dd95SBruce Richardson /*IPSEC SA supported algorithms */ 6699a2dd95SBruce Richardson enum sa_algo_type { 6799a2dd95SBruce Richardson ALGO_TYPE_NULL = 0, 6899a2dd95SBruce Richardson ALGO_TYPE_3DES_CBC, 6999a2dd95SBruce Richardson ALGO_TYPE_AES_CBC, 7099a2dd95SBruce Richardson ALGO_TYPE_AES_CTR, 7199a2dd95SBruce Richardson ALGO_TYPE_AES_GCM, 72c99d2619SRadu Nicolau ALGO_TYPE_AES_CCM, 73c99d2619SRadu Nicolau ALGO_TYPE_CHACHA20_POLY1305, 74c99d2619SRadu Nicolau ALGO_TYPE_AES_GMAC, 7599a2dd95SBruce Richardson ALGO_TYPE_MAX 7699a2dd95SBruce Richardson }; 7799a2dd95SBruce Richardson 78c6552d9aSTyler Retzlaff struct __rte_cache_aligned rte_ipsec_sa { 7999a2dd95SBruce Richardson 8099a2dd95SBruce Richardson uint64_t type; /* type of given SA */ 8199a2dd95SBruce Richardson uint64_t udata; /* user defined */ 8299a2dd95SBruce Richardson uint32_t size; /* size of given sa object */ 8399a2dd95SBruce Richardson uint32_t spi; 8499a2dd95SBruce Richardson /* sqn calculations related */ 8599a2dd95SBruce Richardson uint64_t sqn_mask; 8699a2dd95SBruce Richardson struct { 8799a2dd95SBruce Richardson uint32_t win_sz; 8899a2dd95SBruce Richardson uint16_t nb_bucket; 8999a2dd95SBruce Richardson uint16_t bucket_index_mask; 9099a2dd95SBruce Richardson } replay; 9199a2dd95SBruce Richardson /* template for crypto op fields */ 9299a2dd95SBruce Richardson struct { 9399a2dd95SBruce Richardson union sym_op_ofslen cipher; 9499a2dd95SBruce Richardson union sym_op_ofslen auth; 9599a2dd95SBruce Richardson } ctp; 9699a2dd95SBruce Richardson /* cpu-crypto offsets */ 9799a2dd95SBruce Richardson union rte_crypto_sym_ofs cofs; 9899a2dd95SBruce Richardson /* tx_offload template for tunnel mbuf */ 9999a2dd95SBruce Richardson struct { 10099a2dd95SBruce Richardson uint64_t msk; 10199a2dd95SBruce Richardson uint64_t val; 10299a2dd95SBruce Richardson } tx_offload; 10399a2dd95SBruce Richardson uint32_t salt; 10499a2dd95SBruce Richardson uint8_t algo_type; 10599a2dd95SBruce Richardson uint8_t proto; /* next proto */ 10699a2dd95SBruce Richardson uint8_t aad_len; 10799a2dd95SBruce Richardson uint8_t hdr_len; 10899a2dd95SBruce Richardson uint8_t hdr_l3_off; 10999a2dd95SBruce Richardson uint8_t icv_len; 11099a2dd95SBruce Richardson uint8_t sqh_len; 11199a2dd95SBruce Richardson uint8_t iv_ofs; /* offset for algo-specific IV inside crypto op */ 11299a2dd95SBruce Richardson uint8_t iv_len; 11399a2dd95SBruce Richardson uint8_t pad_align; 11499a2dd95SBruce Richardson uint8_t tos_mask; 11599a2dd95SBruce Richardson 11699a2dd95SBruce Richardson /* template for tunnel header */ 11799a2dd95SBruce Richardson uint8_t hdr[IPSEC_MAX_HDR_SIZE]; 11899a2dd95SBruce Richardson 11999a2dd95SBruce Richardson /* 12099a2dd95SBruce Richardson * sqn and replay window 12199a2dd95SBruce Richardson * In case of SA handled by multiple threads *sqn* cacheline 12299a2dd95SBruce Richardson * could be shared by multiple cores. 12399a2dd95SBruce Richardson * To minimise performance impact, we try to locate in a separate 1244a6672c2SStephen Hemminger * place from other frequently accessed data. 12599a2dd95SBruce Richardson */ 12699a2dd95SBruce Richardson union { 12727779857STyler Retzlaff RTE_ATOMIC(uint64_t) outb; 12899a2dd95SBruce Richardson struct { 12999a2dd95SBruce Richardson uint32_t rdidx; /* read index */ 13099a2dd95SBruce Richardson uint32_t wridx; /* write index */ 13199a2dd95SBruce Richardson struct replay_sqn *rsn[REPLAY_SQN_NUM]; 13299a2dd95SBruce Richardson } inb; 13399a2dd95SBruce Richardson } sqn; 13468977baaSRadu Nicolau /* Statistics */ 13568977baaSRadu Nicolau struct { 13668977baaSRadu Nicolau uint64_t count; 13768977baaSRadu Nicolau uint64_t bytes; 13868977baaSRadu Nicolau struct { 13968977baaSRadu Nicolau uint64_t count; 14068977baaSRadu Nicolau uint64_t authentication_failed; 14168977baaSRadu Nicolau } errors; 14268977baaSRadu Nicolau } statistics; 14399a2dd95SBruce Richardson 144c6552d9aSTyler Retzlaff }; 14599a2dd95SBruce Richardson 14699a2dd95SBruce Richardson int 14799a2dd95SBruce Richardson ipsec_sa_pkt_func_select(const struct rte_ipsec_session *ss, 14899a2dd95SBruce Richardson const struct rte_ipsec_sa *sa, struct rte_ipsec_sa_pkt_func *pf); 14999a2dd95SBruce Richardson 15099a2dd95SBruce Richardson /* inbound processing */ 15199a2dd95SBruce Richardson 15299a2dd95SBruce Richardson uint16_t 15399a2dd95SBruce Richardson esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 15499a2dd95SBruce Richardson struct rte_crypto_op *cop[], uint16_t num); 15599a2dd95SBruce Richardson 15699a2dd95SBruce Richardson uint16_t 15799a2dd95SBruce Richardson esp_inb_tun_pkt_process(const struct rte_ipsec_session *ss, 15899a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 15999a2dd95SBruce Richardson 16099a2dd95SBruce Richardson uint16_t 16199a2dd95SBruce Richardson inline_inb_tun_pkt_process(const struct rte_ipsec_session *ss, 16299a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 16399a2dd95SBruce Richardson 16499a2dd95SBruce Richardson uint16_t 16599a2dd95SBruce Richardson esp_inb_trs_pkt_process(const struct rte_ipsec_session *ss, 16699a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 16799a2dd95SBruce Richardson 16899a2dd95SBruce Richardson uint16_t 16999a2dd95SBruce Richardson inline_inb_trs_pkt_process(const struct rte_ipsec_session *ss, 17099a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 17199a2dd95SBruce Richardson 17299a2dd95SBruce Richardson uint16_t 17399a2dd95SBruce Richardson cpu_inb_pkt_prepare(const struct rte_ipsec_session *ss, 17499a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 17599a2dd95SBruce Richardson 17699a2dd95SBruce Richardson /* outbound processing */ 17799a2dd95SBruce Richardson 17899a2dd95SBruce Richardson uint16_t 17999a2dd95SBruce Richardson esp_outb_tun_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 18099a2dd95SBruce Richardson struct rte_crypto_op *cop[], uint16_t num); 18199a2dd95SBruce Richardson 18299a2dd95SBruce Richardson uint16_t 183*aae98b8cSAakash Sasidharan esp_outb_tun_prepare_stateless(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 184*aae98b8cSAakash Sasidharan struct rte_crypto_op *cop[], uint16_t num, struct rte_ipsec_state *state); 185*aae98b8cSAakash Sasidharan 186*aae98b8cSAakash Sasidharan uint16_t 18799a2dd95SBruce Richardson esp_outb_trs_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 18899a2dd95SBruce Richardson struct rte_crypto_op *cop[], uint16_t num); 18999a2dd95SBruce Richardson 19099a2dd95SBruce Richardson uint16_t 19199a2dd95SBruce Richardson esp_outb_sqh_process(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[], 19299a2dd95SBruce Richardson uint16_t num); 19399a2dd95SBruce Richardson 19499a2dd95SBruce Richardson uint16_t 19599a2dd95SBruce Richardson pkt_flag_process(const struct rte_ipsec_session *ss, 19699a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 19799a2dd95SBruce Richardson 19899a2dd95SBruce Richardson uint16_t 19999a2dd95SBruce Richardson inline_outb_tun_pkt_process(const struct rte_ipsec_session *ss, 20099a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 20199a2dd95SBruce Richardson 20299a2dd95SBruce Richardson uint16_t 20399a2dd95SBruce Richardson inline_outb_trs_pkt_process(const struct rte_ipsec_session *ss, 20499a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 20599a2dd95SBruce Richardson 20699a2dd95SBruce Richardson uint16_t 20799a2dd95SBruce Richardson inline_proto_outb_pkt_process(const struct rte_ipsec_session *ss, 20899a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 20999a2dd95SBruce Richardson 21099a2dd95SBruce Richardson uint16_t 21199a2dd95SBruce Richardson cpu_outb_tun_pkt_prepare(const struct rte_ipsec_session *ss, 21299a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 21399a2dd95SBruce Richardson uint16_t 214*aae98b8cSAakash Sasidharan cpu_outb_tun_pkt_prepare_stateless(const struct rte_ipsec_session *ss, 215*aae98b8cSAakash Sasidharan struct rte_mbuf *mb[], uint16_t num, struct rte_ipsec_state *state); 216*aae98b8cSAakash Sasidharan 217*aae98b8cSAakash Sasidharan uint16_t 21899a2dd95SBruce Richardson cpu_outb_trs_pkt_prepare(const struct rte_ipsec_session *ss, 21999a2dd95SBruce Richardson struct rte_mbuf *mb[], uint16_t num); 22099a2dd95SBruce Richardson 22199a2dd95SBruce Richardson #endif /* _SA_H_ */ 222