]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | /*- |
2 | * BSD LICENSE | |
3 | * | |
4 | * Copyright(c) 2016 Intel Corporation. All rights reserved. | |
5 | * All rights reserved. | |
6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * | |
11 | * * Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * * Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in | |
15 | * the documentation and/or other materials provided with the | |
16 | * distribution. | |
17 | * * Neither the name of Intel Corporation nor the names of its | |
18 | * contributors may be used to endorse or promote products derived | |
19 | * from this software without specific prior written permission. | |
20 | * | |
21 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
22 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
23 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
24 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
25 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
26 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
27 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
28 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
29 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
30 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
31 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
32 | */ | |
33 | ||
34 | #ifndef __IPSEC_H__ | |
35 | #define __IPSEC_H__ | |
36 | ||
37 | #include <stdint.h> | |
38 | ||
39 | #include <rte_byteorder.h> | |
40 | #include <rte_crypto.h> | |
41 | ||
42 | #define RTE_LOGTYPE_IPSEC RTE_LOGTYPE_USER1 | |
43 | #define RTE_LOGTYPE_IPSEC_ESP RTE_LOGTYPE_USER2 | |
44 | #define RTE_LOGTYPE_IPSEC_IPIP RTE_LOGTYPE_USER3 | |
45 | ||
46 | #define MAX_PKT_BURST 32 | |
47 | #define MAX_QP_PER_LCORE 256 | |
48 | ||
49 | #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ | |
50 | ||
51 | #define uint32_t_to_char(ip, a, b, c, d) do {\ | |
52 | *a = (uint8_t)(ip >> 24 & 0xff);\ | |
53 | *b = (uint8_t)(ip >> 16 & 0xff);\ | |
54 | *c = (uint8_t)(ip >> 8 & 0xff);\ | |
55 | *d = (uint8_t)(ip & 0xff);\ | |
56 | } while (0) | |
57 | ||
58 | #define DEFAULT_MAX_CATEGORIES 1 | |
59 | ||
60 | #define IPSEC_SA_MAX_ENTRIES (128) /* must be power of 2, max 2 power 30 */ | |
61 | #define SPI2IDX(spi) (spi & (IPSEC_SA_MAX_ENTRIES - 1)) | |
62 | #define INVALID_SPI (0) | |
63 | ||
64 | #define DISCARD (0x80000000) | |
65 | #define BYPASS (0x40000000) | |
66 | #define PROTECT_MASK (0x3fffffff) | |
67 | #define PROTECT(sa_idx) (SPI2IDX(sa_idx) & PROTECT_MASK) /* SA idx 30 bits */ | |
68 | ||
69 | #define IPSEC_XFORM_MAX 2 | |
70 | ||
71 | #define IP6_VERSION (6) | |
72 | ||
73 | struct rte_crypto_xform; | |
74 | struct ipsec_xform; | |
75 | struct rte_cryptodev_session; | |
76 | struct rte_mbuf; | |
77 | ||
78 | struct ipsec_sa; | |
79 | ||
80 | typedef int32_t (*ipsec_xform_fn)(struct rte_mbuf *m, struct ipsec_sa *sa, | |
81 | struct rte_crypto_op *cop); | |
82 | ||
83 | struct ip_addr { | |
84 | union { | |
85 | uint32_t ip4; | |
86 | union { | |
87 | uint64_t ip6[2]; | |
88 | uint8_t ip6_b[16]; | |
89 | } ip6; | |
90 | } ip; | |
91 | }; | |
92 | ||
93 | #define MAX_KEY_SIZE 20 | |
94 | ||
95 | struct ipsec_sa { | |
96 | uint32_t spi; | |
97 | uint32_t cdev_id_qp; | |
98 | uint64_t seq; | |
99 | uint32_t salt; | |
100 | struct rte_cryptodev_sym_session *crypto_session; | |
101 | enum rte_crypto_cipher_algorithm cipher_algo; | |
102 | enum rte_crypto_auth_algorithm auth_algo; | |
103 | uint16_t digest_len; | |
104 | uint16_t iv_len; | |
105 | uint16_t block_size; | |
106 | uint16_t flags; | |
107 | #define IP4_TUNNEL (1 << 0) | |
108 | #define IP6_TUNNEL (1 << 1) | |
109 | #define TRANSPORT (1 << 2) | |
110 | struct ip_addr src; | |
111 | struct ip_addr dst; | |
112 | uint8_t cipher_key[MAX_KEY_SIZE]; | |
113 | uint16_t cipher_key_len; | |
114 | uint8_t auth_key[MAX_KEY_SIZE]; | |
115 | uint16_t auth_key_len; | |
116 | uint16_t aad_len; | |
117 | struct rte_crypto_sym_xform *xforms; | |
118 | } __rte_cache_aligned; | |
119 | ||
120 | struct ipsec_mbuf_metadata { | |
121 | uint8_t buf[32]; | |
122 | struct ipsec_sa *sa; | |
123 | struct rte_crypto_op cop; | |
124 | struct rte_crypto_sym_op sym_cop; | |
125 | } __rte_cache_aligned; | |
126 | ||
127 | struct cdev_qp { | |
128 | uint16_t id; | |
129 | uint16_t qp; | |
130 | uint16_t in_flight; | |
131 | uint16_t len; | |
132 | struct rte_crypto_op *buf[MAX_PKT_BURST] __rte_aligned(sizeof(void *)); | |
133 | }; | |
134 | ||
135 | struct ipsec_ctx { | |
136 | struct rte_hash *cdev_map; | |
137 | struct sp_ctx *sp4_ctx; | |
138 | struct sp_ctx *sp6_ctx; | |
139 | struct sa_ctx *sa_ctx; | |
140 | uint16_t nb_qps; | |
141 | uint16_t last_qp; | |
142 | struct cdev_qp tbl[MAX_QP_PER_LCORE]; | |
143 | }; | |
144 | ||
145 | struct cdev_key { | |
146 | uint16_t lcore_id; | |
147 | uint8_t cipher_algo; | |
148 | uint8_t auth_algo; | |
149 | }; | |
150 | ||
151 | struct socket_ctx { | |
152 | struct sa_ctx *sa_in; | |
153 | struct sa_ctx *sa_out; | |
154 | struct sp_ctx *sp_ip4_in; | |
155 | struct sp_ctx *sp_ip4_out; | |
156 | struct sp_ctx *sp_ip6_in; | |
157 | struct sp_ctx *sp_ip6_out; | |
158 | struct rt_ctx *rt_ip4; | |
159 | struct rt_ctx *rt_ip6; | |
160 | struct rte_mempool *mbuf_pool; | |
161 | }; | |
162 | ||
163 | struct cnt_blk { | |
164 | uint32_t salt; | |
165 | uint64_t iv; | |
166 | uint32_t cnt; | |
167 | } __attribute__((packed)); | |
168 | ||
169 | uint16_t | |
170 | ipsec_inbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], | |
171 | uint16_t nb_pkts, uint16_t len); | |
172 | ||
173 | uint16_t | |
174 | ipsec_outbound(struct ipsec_ctx *ctx, struct rte_mbuf *pkts[], | |
175 | uint32_t sa_idx[], uint16_t nb_pkts, uint16_t len); | |
176 | ||
177 | static inline uint16_t | |
178 | ipsec_metadata_size(void) | |
179 | { | |
180 | return sizeof(struct ipsec_mbuf_metadata); | |
181 | } | |
182 | ||
183 | static inline struct ipsec_mbuf_metadata * | |
184 | get_priv(struct rte_mbuf *m) | |
185 | { | |
186 | return RTE_PTR_ADD(m, sizeof(struct rte_mbuf)); | |
187 | } | |
188 | ||
189 | static inline void * | |
190 | get_cnt_blk(struct rte_mbuf *m) | |
191 | { | |
192 | struct ipsec_mbuf_metadata *priv = get_priv(m); | |
193 | ||
194 | return &priv->buf[0]; | |
195 | } | |
196 | ||
197 | static inline void * | |
198 | get_aad(struct rte_mbuf *m) | |
199 | { | |
200 | struct ipsec_mbuf_metadata *priv = get_priv(m); | |
201 | ||
202 | return &priv->buf[16]; | |
203 | } | |
204 | ||
205 | static inline void * | |
206 | get_sym_cop(struct rte_crypto_op *cop) | |
207 | { | |
208 | return (cop + 1); | |
209 | } | |
210 | ||
211 | int | |
212 | inbound_sa_check(struct sa_ctx *sa_ctx, struct rte_mbuf *m, uint32_t sa_idx); | |
213 | ||
214 | void | |
215 | inbound_sa_lookup(struct sa_ctx *sa_ctx, struct rte_mbuf *pkts[], | |
216 | struct ipsec_sa *sa[], uint16_t nb_pkts); | |
217 | ||
218 | void | |
219 | outbound_sa_lookup(struct sa_ctx *sa_ctx, uint32_t sa_idx[], | |
220 | struct ipsec_sa *sa[], uint16_t nb_pkts); | |
221 | ||
222 | void | |
223 | sp4_init(struct socket_ctx *ctx, int32_t socket_id); | |
224 | ||
225 | void | |
226 | sp6_init(struct socket_ctx *ctx, int32_t socket_id); | |
227 | ||
228 | void | |
229 | sa_init(struct socket_ctx *ctx, int32_t socket_id); | |
230 | ||
231 | void | |
232 | rt_init(struct socket_ctx *ctx, int32_t socket_id); | |
233 | ||
234 | #endif /* __IPSEC_H__ */ |