Changeset View
Changeset View
Standalone View
Standalone View
sys/dev/ice/virtchnl_inline_ipsec.h
| Context not available. | |||||
| #define VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER 2 | #define VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER 2 | ||||
| #define VIRTCHNL_IPSEC_MAX_KEY_LEN 128 | #define VIRTCHNL_IPSEC_MAX_KEY_LEN 128 | ||||
| #define VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM 8 | #define VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM 8 | ||||
| #define VIRTCHNL_IPSEC_SELECTED_SA_DESTROY 0 | #define VIRTCHNL_IPSEC_SA_DESTROY 0 | ||||
| #define VIRTCHNL_IPSEC_ALL_SA_DESTROY 1 | #define VIRTCHNL_IPSEC_BROADCAST_VFID 0xFFFFFFFF | ||||
| /* crypto type */ | /* crypto type */ | ||||
| #define VIRTCHNL_AUTH 1 | #define VIRTCHNL_AUTH 1 | ||||
| Context not available. | |||||
| /* algorithm type */ | /* algorithm type */ | ||||
| /* Hash Algorithm */ | /* Hash Algorithm */ | ||||
| #define VIRTCHNL_NO_ALG 0 /* NULL algorithm */ | #define VIRTCHNL_HASH_NO_ALG 0 /* NULL algorithm */ | ||||
| #define VIRTCHNL_AES_CBC_MAC 1 /* AES-CBC-MAC algorithm */ | #define VIRTCHNL_AES_CBC_MAC 1 /* AES-CBC-MAC algorithm */ | ||||
| #define VIRTCHNL_AES_CMAC 2 /* AES CMAC algorithm */ | #define VIRTCHNL_AES_CMAC 2 /* AES CMAC algorithm */ | ||||
| #define VIRTCHNL_AES_GMAC 3 /* AES GMAC algorithm */ | #define VIRTCHNL_AES_GMAC 3 /* AES GMAC algorithm */ | ||||
| Context not available. | |||||
| #define VIRTCHNL_SHA3_384_HMAC 13 /* HMAC using 384 bit SHA3 algorithm */ | #define VIRTCHNL_SHA3_384_HMAC 13 /* HMAC using 384 bit SHA3 algorithm */ | ||||
| #define VIRTCHNL_SHA3_512_HMAC 14 /* HMAC using 512 bit SHA3 algorithm */ | #define VIRTCHNL_SHA3_512_HMAC 14 /* HMAC using 512 bit SHA3 algorithm */ | ||||
| /* Cipher Algorithm */ | /* Cipher Algorithm */ | ||||
| #define VIRTCHNL_3DES_CBC 15 /* Triple DES algorithm in CBC mode */ | #define VIRTCHNL_CIPHER_NO_ALG 15 /* NULL algorithm */ | ||||
| #define VIRTCHNL_AES_CBC 16 /* AES algorithm in CBC mode */ | #define VIRTCHNL_3DES_CBC 16 /* Triple DES algorithm in CBC mode */ | ||||
| #define VIRTCHNL_AES_CTR 17 /* AES algorithm in Counter mode */ | #define VIRTCHNL_AES_CBC 17 /* AES algorithm in CBC mode */ | ||||
| #define VIRTCHNL_AES_CTR 18 /* AES algorithm in Counter mode */ | |||||
| /* AEAD Algorithm */ | /* AEAD Algorithm */ | ||||
| #define VIRTCHNL_AES_CCM 18 /* AES algorithm in CCM mode */ | #define VIRTCHNL_AES_CCM 19 /* AES algorithm in CCM mode */ | ||||
| #define VIRTCHNL_AES_GCM 19 /* AES algorithm in GCM mode */ | #define VIRTCHNL_AES_GCM 20 /* AES algorithm in GCM mode */ | ||||
| #define VIRTCHNL_CHACHA20_POLY1305 20 /* algorithm of ChaCha20-Poly1305 */ | #define VIRTCHNL_CHACHA20_POLY1305 21 /* algorithm of ChaCha20-Poly1305 */ | ||||
| /* protocol type */ | /* protocol type */ | ||||
| #define VIRTCHNL_PROTO_ESP 1 | #define VIRTCHNL_PROTO_ESP 1 | ||||
| Context not available. | |||||
| #define VIRTCHNL_IPV4 1 | #define VIRTCHNL_IPV4 1 | ||||
| #define VIRTCHNL_IPV6 2 | #define VIRTCHNL_IPV6 2 | ||||
| /* Detailed opcodes for DPDK and IPsec use */ | |||||
| enum inline_ipsec_ops { | |||||
| INLINE_IPSEC_OP_GET_CAP = 0, | |||||
| INLINE_IPSEC_OP_GET_STATUS = 1, | |||||
| INLINE_IPSEC_OP_SA_CREATE = 2, | |||||
| INLINE_IPSEC_OP_SA_UPDATE = 3, | |||||
| INLINE_IPSEC_OP_SA_DESTROY = 4, | |||||
| INLINE_IPSEC_OP_SP_CREATE = 5, | |||||
| INLINE_IPSEC_OP_SP_DESTROY = 6, | |||||
| INLINE_IPSEC_OP_SA_READ = 7, | |||||
| INLINE_IPSEC_OP_EVENT = 8, | |||||
| INLINE_IPSEC_OP_RESP = 9, | |||||
| }; | |||||
| #pragma pack(1) | |||||
| /* Not all valid, if certain field is invalid, set 1 for all bits */ | /* Not all valid, if certain field is invalid, set 1 for all bits */ | ||||
| struct virtchnl_algo_cap { | struct virtchnl_algo_cap { | ||||
| u32 algo_type; | u32 algo_type; | ||||
| Context not available. | |||||
| u16 max_aad_size; | u16 max_aad_size; | ||||
| u16 inc_aad_size; | u16 inc_aad_size; | ||||
| }; | }; | ||||
| #pragma pack() | |||||
| /* vf record the capability of crypto from the virtchnl */ | /* vf record the capability of crypto from the virtchnl */ | ||||
| struct virtchnl_sym_crypto_cap { | struct virtchnl_sym_crypto_cap { | ||||
| Context not available. | |||||
| struct virtchnl_sym_crypto_cap cap[VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM]; | struct virtchnl_sym_crypto_cap cap[VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM]; | ||||
| }; | }; | ||||
| /* using desc_id to record the format of rx descriptor */ | #pragma pack(1) | ||||
| struct virtchnl_rx_desc_fmt { | |||||
| u16 desc_id; | |||||
| }; | |||||
| /* using desc_id to record the format of tx descriptor */ | |||||
| struct virtchnl_tx_desc_fmt { | |||||
| u8 desc_num; | |||||
| u16 desc_ids[VIRTCHNL_IPSEC_MAX_TX_DESC_NUM]; | |||||
| }; | |||||
| /* configuration of crypto function */ | /* configuration of crypto function */ | ||||
| struct virtchnl_ipsec_crypto_cfg_item { | struct virtchnl_ipsec_crypto_cfg_item { | ||||
| u8 crypto_type; | u8 crypto_type; | ||||
| Context not available. | |||||
| /* Length of digest */ | /* Length of digest */ | ||||
| u16 digest_len; | u16 digest_len; | ||||
| /* SA salt */ | |||||
| u32 salt; | |||||
| /* The length of the symmetric key */ | /* The length of the symmetric key */ | ||||
| u16 key_len; | u16 key_len; | ||||
| /* key data buffer */ | /* key data buffer */ | ||||
| u8 key_data[VIRTCHNL_IPSEC_MAX_KEY_LEN]; | u8 key_data[VIRTCHNL_IPSEC_MAX_KEY_LEN]; | ||||
| }; | }; | ||||
| #pragma pack() | |||||
| struct virtchnl_ipsec_sym_crypto_cfg { | struct virtchnl_ipsec_sym_crypto_cfg { | ||||
| struct virtchnl_ipsec_crypto_cfg_item | struct virtchnl_ipsec_crypto_cfg_item | ||||
| items[VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER]; | items[VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER]; | ||||
| }; | }; | ||||
| #pragma pack(1) | |||||
| /* VIRTCHNL_OP_IPSEC_SA_CREATE | /* VIRTCHNL_OP_IPSEC_SA_CREATE | ||||
| * VF send this SA configuration to PF using virtchnl; | * VF send this SA configuration to PF using virtchnl; | ||||
| * PF create SA as configuration and PF driver will return | * PF create SA as configuration and PF driver will return | ||||
| Context not available. | |||||
| /* outer dst ip address */ | /* outer dst ip address */ | ||||
| u8 dst_addr[16]; | u8 dst_addr[16]; | ||||
| /* SA salt */ | |||||
| u32 salt; | |||||
| /* SPD reference. Used to link an SA with its policy. | /* SPD reference. Used to link an SA with its policy. | ||||
| * PF drivers may ignore this field. | * PF drivers may ignore this field. | ||||
| */ | */ | ||||
| Context not available. | |||||
| /* crypto configuration */ | /* crypto configuration */ | ||||
| struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg; | struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg; | ||||
| }; | }; | ||||
| #pragma pack() | |||||
| /* VIRTCHNL_OP_IPSEC_SA_UPDATE | /* VIRTCHNL_OP_IPSEC_SA_UPDATE | ||||
| * VF send configuration of index of SA to PF | * VF send configuration of index of SA to PF | ||||
| Context not available. | |||||
| u32 esn_low; /* low 32 bits of esn */ | u32 esn_low; /* low 32 bits of esn */ | ||||
| }; | }; | ||||
| #pragma pack(1) | |||||
| /* VIRTCHNL_OP_IPSEC_SA_DESTROY | /* VIRTCHNL_OP_IPSEC_SA_DESTROY | ||||
| * VF send configuration of index of SA to PF | * VF send configuration of index of SA to PF | ||||
| * PF will destroy SA according to configuration | * PF will destroy SA according to configuration | ||||
| Context not available. | |||||
| * be destroyed | * be destroyed | ||||
| */ | */ | ||||
| struct virtchnl_ipsec_sa_destroy { | struct virtchnl_ipsec_sa_destroy { | ||||
| /* VIRTCHNL_SELECTED_SA_DESTROY: selected SA will be destroyed. | /* All zero bitmap indicates all SA will be destroyed. | ||||
| * VIRTCHNL_ALL_SA_DESTROY: all SA will be destroyed. | * Non-zero bitmap indicates the selected SA in | ||||
| * array sa_index will be destroyed. | |||||
| */ | */ | ||||
| u8 flag; | u8 flag; | ||||
| u8 pad1; /* pading */ | |||||
| u16 pad2; /* pading */ | |||||
| /* selected SA index */ | /* selected SA index */ | ||||
| u32 sa_index[VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM]; | u32 sa_index[VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM]; | ||||
| }; | }; | ||||
| Context not available. | |||||
| /* crypto configuration. Salt and keys are set to 0 */ | /* crypto configuration. Salt and keys are set to 0 */ | ||||
| struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg; | struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg; | ||||
| }; | }; | ||||
| #pragma pack() | |||||
| /* Add whitelist entry in IES */ | |||||
| struct virtchnl_ipsec_sp_cfg { | |||||
| u32 spi; | |||||
| u32 dip[4]; | |||||
| /* Drop frame if true or redirect to QAT if false. */ | |||||
| u8 drop; | |||||
| /* Congestion domain. For future use. */ | |||||
| u8 cgd; | |||||
| /* 0 for IPv4 table, 1 for IPv6 table. */ | |||||
| u8 table_id; | |||||
| /* Set TC (congestion domain) if true. For future use. */ | |||||
| u8 set_tc; | |||||
| }; | |||||
| #pragma pack(1) | |||||
| /* Delete whitelist entry in IES */ | |||||
| struct virtchnl_ipsec_sp_destroy { | |||||
| /* 0 for IPv4 table, 1 for IPv6 table. */ | |||||
| u8 table_id; | |||||
| u32 rule_id; | |||||
| }; | |||||
| #pragma pack() | |||||
| /* Response from IES to whitelist operations */ | |||||
| struct virtchnl_ipsec_sp_cfg_resp { | |||||
| u32 rule_id; | |||||
| }; | |||||
| struct virtchnl_ipsec_sa_cfg_resp { | |||||
| u32 sa_handle; | |||||
| }; | |||||
| #define INLINE_IPSEC_EVENT_RESET 0x1 | |||||
| #define INLINE_IPSEC_EVENT_CRYPTO_ON 0x2 | |||||
| #define INLINE_IPSEC_EVENT_CRYPTO_OFF 0x4 | |||||
| struct virtchnl_ipsec_event { | |||||
| u32 ipsec_event_data; | |||||
| }; | |||||
| #define INLINE_IPSEC_STATUS_AVAILABLE 0x1 | |||||
| #define INLINE_IPSEC_STATUS_UNAVAILABLE 0x2 | |||||
| struct virtchnl_ipsec_status { | |||||
| u32 status; | |||||
| }; | |||||
| struct virtchnl_ipsec_resp { | |||||
| u32 resp; | |||||
| }; | |||||
| /* Internal message descriptor for VF <-> IPsec communication */ | |||||
| struct inline_ipsec_msg { | |||||
| u16 ipsec_opcode; | |||||
| u16 req_id; | |||||
| union { | |||||
| /* IPsec request */ | |||||
| struct virtchnl_ipsec_sa_cfg sa_cfg[0]; | |||||
| struct virtchnl_ipsec_sp_cfg sp_cfg[0]; | |||||
| struct virtchnl_ipsec_sa_update sa_update[0]; | |||||
| struct virtchnl_ipsec_sa_destroy sa_destroy[0]; | |||||
| struct virtchnl_ipsec_sp_destroy sp_destroy[0]; | |||||
| /* IPsec response */ | |||||
| struct virtchnl_ipsec_sa_cfg_resp sa_cfg_resp[0]; | |||||
| struct virtchnl_ipsec_sp_cfg_resp sp_cfg_resp[0]; | |||||
| struct virtchnl_ipsec_cap ipsec_cap[0]; | |||||
| struct virtchnl_ipsec_status ipsec_status[0]; | |||||
| /* response to del_sa, del_sp, update_sa */ | |||||
| struct virtchnl_ipsec_resp ipsec_resp[0]; | |||||
| /* IPsec event (no req_id is required) */ | |||||
| struct virtchnl_ipsec_event event[0]; | |||||
| /* Reserved */ | |||||
| struct virtchnl_ipsec_sa_read sa_read[0]; | |||||
| } ipsec_data; | |||||
| }; | |||||
| static inline u16 virtchnl_inline_ipsec_val_msg_len(u16 opcode) | |||||
| { | |||||
| u16 valid_len = sizeof(struct inline_ipsec_msg); | |||||
| switch (opcode) { | |||||
| case INLINE_IPSEC_OP_GET_CAP: | |||||
| case INLINE_IPSEC_OP_GET_STATUS: | |||||
| break; | |||||
| case INLINE_IPSEC_OP_SA_CREATE: | |||||
| valid_len += sizeof(struct virtchnl_ipsec_sa_cfg); | |||||
| break; | |||||
| case INLINE_IPSEC_OP_SP_CREATE: | |||||
| valid_len += sizeof(struct virtchnl_ipsec_sp_cfg); | |||||
| break; | |||||
| case INLINE_IPSEC_OP_SA_UPDATE: | |||||
| valid_len += sizeof(struct virtchnl_ipsec_sa_update); | |||||
| break; | |||||
| case INLINE_IPSEC_OP_SA_DESTROY: | |||||
| valid_len += sizeof(struct virtchnl_ipsec_sa_destroy); | |||||
| break; | |||||
| case INLINE_IPSEC_OP_SP_DESTROY: | |||||
| valid_len += sizeof(struct virtchnl_ipsec_sp_destroy); | |||||
| break; | |||||
| /* Only for msg length caculation of response to VF in case of | |||||
| * inline ipsec failure. | |||||
| */ | |||||
| case INLINE_IPSEC_OP_RESP: | |||||
| valid_len += sizeof(struct virtchnl_ipsec_resp); | |||||
| break; | |||||
| default: | |||||
| valid_len = 0; | |||||
| break; | |||||
| } | |||||
| return valid_len; | |||||
| } | |||||
| #endif /* _VIRTCHNL_INLINE_IPSEC_H_ */ | #endif /* _VIRTCHNL_INLINE_IPSEC_H_ */ | ||||
| Context not available. | |||||