1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34#ifndef __MLX5_ACCEL_TLS_H__
35#define __MLX5_ACCEL_TLS_H__
36
37#include <linux/mlx5/driver.h>
38#include <linux/tls.h>
39
40#ifdef CONFIG_MLX5_TLS
41int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,
42 struct tls_crypto_info *crypto_info,
43 u32 *p_key_id);
44void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id);
45
46static inline bool mlx5_accel_is_ktls_tx(struct mlx5_core_dev *mdev)
47{
48 return MLX5_CAP_GEN(mdev, tls_tx);
49}
50
51static inline bool mlx5_accel_is_ktls_rx(struct mlx5_core_dev *mdev)
52{
53 return MLX5_CAP_GEN(mdev, tls_rx);
54}
55
56static inline bool mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev)
57{
58 if (!mlx5_accel_is_ktls_tx(mdev) &&
59 !mlx5_accel_is_ktls_rx(mdev))
60 return false;
61
62 if (!MLX5_CAP_GEN(mdev, log_max_dek))
63 return false;
64
65 return MLX5_CAP_TLS(mdev, tls_1_2_aes_gcm_128);
66}
67
68static inline bool mlx5e_ktls_type_check(struct mlx5_core_dev *mdev,
69 struct tls_crypto_info *crypto_info)
70{
71 switch (crypto_info->cipher_type) {
72 case TLS_CIPHER_AES_GCM_128:
73 if (crypto_info->version == TLS_1_2_VERSION)
74 return MLX5_CAP_TLS(mdev, tls_1_2_aes_gcm_128);
75 break;
76 }
77
78 return false;
79}
80#else
81static inline bool mlx5_accel_is_ktls_tx(struct mlx5_core_dev *mdev)
82{ return false; }
83
84static inline bool mlx5_accel_is_ktls_rx(struct mlx5_core_dev *mdev)
85{ return false; }
86
87static inline int
88mlx5_ktls_create_key(struct mlx5_core_dev *mdev,
89 struct tls_crypto_info *crypto_info,
90 u32 *p_key_id) { return -ENOTSUPP; }
91static inline void
92mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id) {}
93
94static inline bool
95mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev) { return false; }
96static inline bool
97mlx5e_ktls_type_check(struct mlx5_core_dev *mdev,
98 struct tls_crypto_info *crypto_info) { return false; }
99#endif
100
101enum {
102 MLX5_ACCEL_TLS_TX = BIT(0),
103 MLX5_ACCEL_TLS_RX = BIT(1),
104 MLX5_ACCEL_TLS_V12 = BIT(2),
105 MLX5_ACCEL_TLS_V13 = BIT(3),
106 MLX5_ACCEL_TLS_LRO = BIT(4),
107 MLX5_ACCEL_TLS_IPV6 = BIT(5),
108 MLX5_ACCEL_TLS_AES_GCM128 = BIT(30),
109 MLX5_ACCEL_TLS_AES_GCM256 = BIT(31),
110};
111
112struct mlx5_ifc_tls_flow_bits {
113 u8 src_port[0x10];
114 u8 dst_port[0x10];
115 union mlx5_ifc_ipv6_layout_ipv4_layout_auto_bits src_ipv4_src_ipv6;
116 union mlx5_ifc_ipv6_layout_ipv4_layout_auto_bits dst_ipv4_dst_ipv6;
117 u8 ipv6[0x1];
118 u8 direction_sx[0x1];
119 u8 reserved_at_2[0x1e];
120};
121
122#ifdef CONFIG_MLX5_FPGA_TLS
123int mlx5_accel_tls_add_flow(struct mlx5_core_dev *mdev, void *flow,
124 struct tls_crypto_info *crypto_info,
125 u32 start_offload_tcp_sn, u32 *p_swid,
126 bool direction_sx);
127void mlx5_accel_tls_del_flow(struct mlx5_core_dev *mdev, u32 swid,
128 bool direction_sx);
129int mlx5_accel_tls_resync_rx(struct mlx5_core_dev *mdev, __be32 handle,
130 u32 seq, __be64 rcd_sn);
131bool mlx5_accel_is_tls_device(struct mlx5_core_dev *mdev);
132u32 mlx5_accel_tls_device_caps(struct mlx5_core_dev *mdev);
133int mlx5_accel_tls_init(struct mlx5_core_dev *mdev);
134void mlx5_accel_tls_cleanup(struct mlx5_core_dev *mdev);
135
136#else
137
138static inline int
139mlx5_accel_tls_add_flow(struct mlx5_core_dev *mdev, void *flow,
140 struct tls_crypto_info *crypto_info,
141 u32 start_offload_tcp_sn, u32 *p_swid,
142 bool direction_sx) { return -ENOTSUPP; }
143static inline void mlx5_accel_tls_del_flow(struct mlx5_core_dev *mdev, u32 swid,
144 bool direction_sx) { }
145static inline int mlx5_accel_tls_resync_rx(struct mlx5_core_dev *mdev, __be32 handle,
146 u32 seq, __be64 rcd_sn) { return 0; }
147static inline bool mlx5_accel_is_tls_device(struct mlx5_core_dev *mdev)
148{
149 return mlx5_accel_is_ktls_device(mdev);
150}
151static inline u32 mlx5_accel_tls_device_caps(struct mlx5_core_dev *mdev) { return 0; }
152static inline int mlx5_accel_tls_init(struct mlx5_core_dev *mdev) { return 0; }
153static inline void mlx5_accel_tls_cleanup(struct mlx5_core_dev *mdev) { }
154#endif
155
156#endif
157