1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /* Copyright (c) 2020, Intel Corporation
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Intel Corporation nor the names of its
16 * contributors may be used to endorse or promote products derived from
17 * this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
33 #ifndef _VIRTCHNL_INLINE_IPSEC_H_
34 #define _VIRTCHNL_INLINE_IPSEC_H_
36 #define VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM 3
37 #define VIRTCHNL_IPSEC_MAX_ALGO_CAP_NUM 16
38 #define VIRTCHNL_IPSEC_MAX_TX_DESC_NUM 128
39 #define VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER 2
40 #define VIRTCHNL_IPSEC_MAX_KEY_LEN 128
41 #define VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM 8
42 #define VIRTCHNL_IPSEC_SELECTED_SA_DESTROY 0
43 #define VIRTCHNL_IPSEC_ALL_SA_DESTROY 1
46 #define VIRTCHNL_AUTH 1
47 #define VIRTCHNL_CIPHER 2
48 #define VIRTCHNL_AEAD 3
52 #define VIRTCHNL_NO_ALG 0 /* NULL algorithm */
53 #define VIRTCHNL_AES_CBC_MAC 1 /* AES-CBC-MAC algorithm */
54 #define VIRTCHNL_AES_CMAC 2 /* AES CMAC algorithm */
55 #define VIRTCHNL_AES_GMAC 3 /* AES GMAC algorithm */
56 #define VIRTCHNL_AES_XCBC_MAC 4 /* AES XCBC algorithm */
57 #define VIRTCHNL_MD5_HMAC 5 /* HMAC using MD5 algorithm */
58 #define VIRTCHNL_SHA1_HMAC 6 /* HMAC using 128 bit SHA algorithm */
59 #define VIRTCHNL_SHA224_HMAC 7 /* HMAC using 224 bit SHA algorithm */
60 #define VIRTCHNL_SHA256_HMAC 8 /* HMAC using 256 bit SHA algorithm */
61 #define VIRTCHNL_SHA384_HMAC 9 /* HMAC using 384 bit SHA algorithm */
62 #define VIRTCHNL_SHA512_HMAC 10 /* HMAC using 512 bit SHA algorithm */
63 #define VIRTCHNL_SHA3_224_HMAC 11 /* HMAC using 224 bit SHA3 algorithm */
64 #define VIRTCHNL_SHA3_256_HMAC 12 /* HMAC using 256 bit SHA3 algorithm */
65 #define VIRTCHNL_SHA3_384_HMAC 13 /* HMAC using 384 bit SHA3 algorithm */
66 #define VIRTCHNL_SHA3_512_HMAC 14 /* HMAC using 512 bit SHA3 algorithm */
67 /* Cipher Algorithm */
68 #define VIRTCHNL_3DES_CBC 15 /* Triple DES algorithm in CBC mode */
69 #define VIRTCHNL_AES_CBC 16 /* AES algorithm in CBC mode */
70 #define VIRTCHNL_AES_CTR 17 /* AES algorithm in Counter mode */
72 #define VIRTCHNL_AES_CCM 18 /* AES algorithm in CCM mode */
73 #define VIRTCHNL_AES_GCM 19 /* AES algorithm in GCM mode */
74 #define VIRTCHNL_CHACHA20_POLY1305 20 /* algorithm of ChaCha20-Poly1305 */
77 #define VIRTCHNL_PROTO_ESP 1
78 #define VIRTCHNL_PROTO_AH 2
79 #define VIRTCHNL_PROTO_RSVD1 3
82 #define VIRTCHNL_SA_MODE_TRANSPORT 1
83 #define VIRTCHNL_SA_MODE_TUNNEL 2
84 #define VIRTCHNL_SA_MODE_TRAN_TUN 3
85 #define VIRTCHNL_SA_MODE_UNKNOWN 4
88 #define VIRTCHNL_DIR_INGRESS 1
89 #define VIRTCHNL_DIR_EGRESS 2
90 #define VIRTCHNL_DIR_INGRESS_EGRESS 3
93 #define VIRTCHNL_TERM_SOFTWARE 1
94 #define VIRTCHNL_TERM_HARDWARE 2
97 #define VIRTCHNL_IPV4 1
98 #define VIRTCHNL_IPV6 2
100 /* Not all valid, if certain field is invalid, set 1 for all bits */
101 struct virtchnl_algo_cap {
123 /* vf record the capability of crypto from the virtchnl */
124 struct virtchnl_sym_crypto_cap {
127 struct virtchnl_algo_cap algo_cap_list[VIRTCHNL_IPSEC_MAX_ALGO_CAP_NUM];
130 /* VIRTCHNL_OP_GET_IPSEC_CAP
131 * VF pass virtchnl_ipsec_cap to PF
132 * and PF return capability of ipsec from virtchnl.
134 struct virtchnl_ipsec_cap {
135 /* max number of SA per VF */
138 /* IPsec SA Protocol - value ref VIRTCHNL_PROTO_XXX */
139 u8 virtchnl_protocol_type;
141 /* IPsec SA Mode - value ref VIRTCHNL_SA_MODE_XXX */
144 /* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */
145 u8 virtchnl_direction;
147 /* type of esn - !0:enable/0:disable */
150 /* type of udp_encap - !0:enable/0:disable */
151 u8 udp_encap_enabled;
153 /* termination mode - value ref VIRTCHNL_TERM_XXX */
156 /* SA index mode - !0:enable/0:disable */
157 u8 sa_index_sw_enabled;
159 /* auditing mode - !0:enable/0:disable */
162 /* lifetime byte limit - !0:enable/0:disable */
163 u8 byte_limit_enabled;
165 /* drop on authentication failure - !0:enable/0:disable */
166 u8 drop_on_auth_fail_enabled;
168 /* anti-replay window check - !0:enable/0:disable */
169 u8 arw_check_enabled;
171 /* number of supported crypto capability */
177 /* crypto capabilities */
178 struct virtchnl_sym_crypto_cap cap[VIRTCHNL_IPSEC_MAX_CRYPTO_CAP_NUM];
181 /* using desc_id to record the format of rx descriptor */
182 struct virtchnl_rx_desc_fmt {
186 /* using desc_id to record the format of tx descriptor */
187 struct virtchnl_tx_desc_fmt {
189 u16 desc_ids[VIRTCHNL_IPSEC_MAX_TX_DESC_NUM];
192 /* configuration of crypto function */
193 struct virtchnl_ipsec_crypto_cfg_item {
198 /* Length of valid IV data. */
201 /* Length of digest */
204 /* The length of the symmetric key */
207 /* key data buffer */
208 u8 key_data[VIRTCHNL_IPSEC_MAX_KEY_LEN];
211 struct virtchnl_ipsec_sym_crypto_cfg {
212 struct virtchnl_ipsec_crypto_cfg_item
213 items[VIRTCHNL_IPSEC_MAX_CRYPTO_ITEM_NUMBER];
216 /* VIRTCHNL_OP_IPSEC_SA_CREATE
217 * VF send this SA configuration to PF using virtchnl;
218 * PF create SA as configuration and PF driver will return
219 * an unique index (sa_idx) for the created SA.
221 struct virtchnl_ipsec_sa_cfg {
222 /* IPsec SA Protocol - AH/ESP */
223 u8 virtchnl_protocol_type;
225 /* termination mode - value ref VIRTCHNL_TERM_XXX */
226 u8 virtchnl_termination;
228 /* type of outer IP - IPv4/IPv6 */
231 /* type of esn - !0:enable/0:disable */
234 /* udp encap - !0:enable/0:disable */
235 u8 udp_encap_enabled;
237 /* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */
238 u8 virtchnl_direction;
243 /* SA security parameter index */
246 /* outer src ip address */
249 /* outer dst ip address */
255 /* SPD reference. Used to link an SA with its policy.
256 * PF drivers may ignore this field.
260 /* high 32 bits of esn */
263 /* low 32 bits of esn */
266 /* When enabled, sa_index must be valid */
269 /* SA index when sa_index_en is true */
272 /* auditing mode - enable/disable */
275 /* lifetime byte limit - enable/disable
276 * When enabled, byte_limit_hard and byte_limit_soft
281 /* hard byte limit count */
284 /* soft byte limit count */
287 /* drop on authentication failure - enable/disable */
288 u8 drop_on_auth_fail_en;
290 /* anti-reply window check - enable/disable
291 * When enabled, arw_size must be valid.
295 /* size of arw window, offset by 1. Setting to 0
296 * represents ARW window size of 1. Setting to 127
297 * represents ARW window size of 128
301 /* no ip offload mode - enable/disable
302 * When enabled, ip type and address must not be valid.
306 /* SA Domain. Used to logical separate an SADB into groups.
307 * PF drivers supporting a single group ignore this field.
311 /* crypto configuration */
312 struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg;
315 /* VIRTCHNL_OP_IPSEC_SA_UPDATE
316 * VF send configuration of index of SA to PF
317 * PF will update SA according to configuration
319 struct virtchnl_ipsec_sa_update {
320 u32 sa_index; /* SA to update */
321 u32 esn_hi; /* high 32 bits of esn */
322 u32 esn_low; /* low 32 bits of esn */
325 /* VIRTCHNL_OP_IPSEC_SA_DESTROY
326 * VF send configuration of index of SA to PF
327 * PF will destroy SA according to configuration
328 * flag bitmap indicate all SA or just selected SA will
331 struct virtchnl_ipsec_sa_destroy {
332 /* VIRTCHNL_SELECTED_SA_DESTROY: selected SA will be destroyed.
333 * VIRTCHNL_ALL_SA_DESTROY: all SA will be destroyed.
337 u8 pad1; /* pading */
338 u16 pad2; /* pading */
340 /* selected SA index */
341 u32 sa_index[VIRTCHNL_IPSEC_MAX_SA_DESTROY_NUM];
344 /* VIRTCHNL_OP_IPSEC_SA_READ
345 * VF send this SA configuration to PF using virtchnl;
346 * PF read SA and will return configuration for the created SA.
348 struct virtchnl_ipsec_sa_read {
349 /* SA valid - invalid/valid */
352 /* SA active - inactive/active */
355 /* SA SN rollover - not_rollover/rollover */
358 /* IPsec SA Protocol - AH/ESP */
359 u8 virtchnl_protocol_type;
361 /* termination mode - value ref VIRTCHNL_TERM_XXX */
362 u8 virtchnl_termination;
364 /* auditing mode - enable/disable */
367 /* lifetime byte limit - enable/disable
368 * When set to limit, byte_limit_hard and byte_limit_soft
373 /* hard byte limit count */
376 /* soft byte limit count */
379 /* drop on authentication failure - enable/disable */
380 u8 drop_on_auth_fail_en;
382 /* anti-replay window check - enable/disable
383 * When set to check, arw_size, arw_top, and arw must be valid
387 /* size of arw window, offset by 1. Setting to 0
388 * represents ARW window size of 1. Setting to 127
389 * represents ARW window size of 128
396 /* top of anti-replay-window */
399 /* anti-replay-window */
402 /* packets processed */
403 u64 packets_processed;
405 /* bytes processed */
408 /* packets dropped */
411 /* authentication failures */
414 /* ARW check failures */
417 /* type of esn - enable/disable */
420 /* IPSec SA Direction - value ref VIRTCHNL_DIR_XXX */
421 u8 virtchnl_direction;
423 /* SA security parameter index */
429 /* high 32 bits of esn */
432 /* low 32 bits of esn */
435 /* SA Domain. Used to logical separate an SADB into groups.
436 * PF drivers supporting a single group ignore this field.
440 /* SPD reference. Used to link an SA with its policy.
441 * PF drivers may ignore this field.
445 /* crypto configuration. Salt and keys are set to 0 */
446 struct virtchnl_ipsec_sym_crypto_cfg crypto_cfg;
449 #endif /* _VIRTCHNL_INLINE_IPSEC_H_ */