1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/* Copyright (c) 2014, Linaro Limited
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef ODP_IPSEC_CACHE_H_
#define ODP_IPSEC_CACHE_H_
#ifdef __cplusplus
extern "C" {
#endif
#include <odp.h>
#include <odp/helper/ipsec.h>
#include <odp_ipsec_misc.h>
#include <odp_ipsec_sa_db.h>
/**
* Mode specified on command line indicating how to exercise API
*/
typedef enum {
CRYPTO_API_SYNC, /**< Synchronous mode */
CRYPTO_API_ASYNC_IN_PLACE, /**< Asynchronous in place */
CRYPTO_API_ASYNC_NEW_BUFFER /**< Asynchronous new buffer */
} crypto_api_mode_e;
/**
* IPsec cache data base entry
*/
typedef struct ipsec_cache_entry_s {
struct ipsec_cache_entry_s *next; /**< Next entry on list */
odp_bool_t in_place; /**< Crypto API mode */
uint32_t src_ip; /**< Source v4 address */
uint32_t dst_ip; /**< Destination v4 address */
struct {
enum odp_cipher_alg alg; /**< Cipher algorithm */
uint32_t spi; /**< Cipher SPI */
uint32_t block_len; /**< Cipher block length */
uint32_t iv_len; /**< Cipher IV length */
ipsec_key_t key; /**< Cipher key */
} esp;
struct {
enum odp_auth_alg alg; /**< Auth algorithm */
uint32_t spi; /**< Auth SPI */
uint32_t icv_len; /**< Auth ICV length */
ipsec_key_t key; /**< Auth key */
} ah;
/* Per SA state */
struct {
odp_crypto_session_t session; /**< Crypto session handle */
uint32_t esp_seq; /**< ESP TX sequence number */
uint32_t ah_seq; /**< AH TX sequence number */
uint8_t iv[MAX_IV_LEN]; /**< ESP IV storage */
} state;
} ipsec_cache_entry_t;
/**
* IPsec cache data base global structure
*/
typedef struct ipsec_cache_s {
uint32_t index; /**< Index of next available entry */
ipsec_cache_entry_t *in_list; /**< List of active input entries */
ipsec_cache_entry_t *out_list; /**< List of active output entries */
ipsec_cache_entry_t array[MAX_DB]; /**< Entry storage */
} ipsec_cache_t;
/** Global pointer to ipsec_cache db */
extern ipsec_cache_t *ipsec_cache;
/** Initialize IPsec cache */
void init_ipsec_cache(void);
/**
* Create an entry in the IPsec cache
*
* @param cipher_sa Cipher SA DB entry pointer
* @param auth_sa Auth SA DB entry pointer
* @param api_mode Crypto API mode for testing
* @param in Direction (input versus output)
* @param completionq Completion queue
* @param out_pool Output buffer pool
*
* @return 0 if successful else -1
*/
int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa,
sa_db_entry_t *auth_sa,
crypto_api_mode_e api_mode,
odp_bool_t in,
odp_queue_t completionq,
odp_pool_t out_pool);
/**
* Find a matching IPsec cache entry for input packet
*
* @param src_ip Source IPv4 address
* @param dst_ip Destination IPv4 address
* @param ah Pointer to AH header in packet else NULL
* @param esp Pointer to ESP header in packet else NULL
*
* @return pointer to IPsec cache entry else NULL
*/
ipsec_cache_entry_t *find_ipsec_cache_entry_in(uint32_t src_ip,
uint32_t dst_ip,
odph_ahhdr_t *ah,
odph_esphdr_t *esp);
/**
* Find a matching IPsec cache entry for output packet
*
* @param src_ip Source IPv4 address
* @param dst_ip Destination IPv4 address
* @param proto IPv4 protocol (currently all protocols match)
*
* @return pointer to IPsec cache entry else NULL
*/
ipsec_cache_entry_t *find_ipsec_cache_entry_out(uint32_t src_ip,
uint32_t dst_ip,
uint8_t proto);
#ifdef __cplusplus
}
#endif
#endif
|
