xref: /linux/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c

12 static void ixgbe_ipsec_del_sa(struct xfrm_state *xs);
324 				ixgbe_ipsec_del_sa(r->xs);  in ixgbe_ipsec_restore()
326 				ixgbe_ipsec_set_rx_sa(hw, i, r->xs->id.spi,  in ixgbe_ipsec_restore()
333 				ixgbe_ipsec_del_sa(t->xs);  in ixgbe_ipsec_restore()
404 		if (spi == rsa->xs->id.spi &&  in ixgbe_ipsec_find_rx_state()
405 		    ((ip4 && *daddr == rsa->xs->id.daddr.a4) ||  in ixgbe_ipsec_find_rx_state()
406 		      (!ip4 && !memcmp(daddr, &rsa->xs->id.daddr.a6,  in ixgbe_ipsec_find_rx_state()
407 				       sizeof(rsa->xs->id.daddr.a6)))) &&  in ixgbe_ipsec_find_rx_state()
408 		    proto == rsa->xs->id.proto) {  in ixgbe_ipsec_find_rx_state()
409 			ret = rsa->xs;  in ixgbe_ipsec_find_rx_state()
427 static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,  in ixgbe_ipsec_parse_proto_keys()  argument
430 	struct net_device *dev = xs->xso.real_dev;  in ixgbe_ipsec_parse_proto_keys()
435 	if (!xs->aead) {  in ixgbe_ipsec_parse_proto_keys()
440 	if (xs->aead->alg_icv_len != IXGBE_IPSEC_AUTH_BITS) {  in ixgbe_ipsec_parse_proto_keys()
446 	key_data = &xs->aead->alg_key[0];  in ixgbe_ipsec_parse_proto_keys()
447 	key_len = xs->aead->alg_key_len;  in ixgbe_ipsec_parse_proto_keys()
448 	alg_name = xs->aead->alg_name;  in ixgbe_ipsec_parse_proto_keys()
478 static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)  in ixgbe_ipsec_check_mgmt_ip()  argument
480 	struct net_device *dev = xs->xso.real_dev;  in ixgbe_ipsec_check_mgmt_ip()
505 	if (xs->props.family == AF_INET) {  in ixgbe_ipsec_check_mgmt_ip()
514 				if (reg == (__force u32)xs->id.daddr.a4)  in ixgbe_ipsec_check_mgmt_ip()
521 			if (reg == (__force u32)xs->id.daddr.a4)  in ixgbe_ipsec_check_mgmt_ip()
536 				if (reg != (__force u32)xs->id.daddr.a6[j])  in ixgbe_ipsec_check_mgmt_ip()
546 				if (reg != (__force u32)xs->id.daddr.a6[j])  in ixgbe_ipsec_check_mgmt_ip()
561 static int ixgbe_ipsec_add_sa(struct xfrm_state *xs)  in ixgbe_ipsec_add_sa()  argument
563 	struct net_device *dev = xs->xso.real_dev;  in ixgbe_ipsec_add_sa()
572 	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {  in ixgbe_ipsec_add_sa()
574 			   xs->id.proto);  in ixgbe_ipsec_add_sa()
578 	if (xs->props.mode != XFRM_MODE_TRANSPORT) {  in ixgbe_ipsec_add_sa()
583 	if (ixgbe_ipsec_check_mgmt_ip(xs)) {  in ixgbe_ipsec_add_sa()
588 	if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {  in ixgbe_ipsec_add_sa()
591 		if (xs->calg) {  in ixgbe_ipsec_add_sa()
606 		rsa.xs = xs;  in ixgbe_ipsec_add_sa()
608 		if (rsa.xs->id.proto & IPPROTO_ESP)  in ixgbe_ipsec_add_sa()
609 			rsa.decrypt = xs->ealg || xs->aead;  in ixgbe_ipsec_add_sa()
612 		ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);  in ixgbe_ipsec_add_sa()
619 		if (xs->props.family == AF_INET6)  in ixgbe_ipsec_add_sa()
620 			memcpy(rsa.ipaddr, &xs->id.daddr.a6, 16);  in ixgbe_ipsec_add_sa()
622 			memcpy(&rsa.ipaddr[3], &xs->id.daddr.a4, 4);  in ixgbe_ipsec_add_sa()
680 		if (rsa.xs->id.proto & IPPROTO_ESP)  in ixgbe_ipsec_add_sa()
684 		if (rsa.xs->props.family == AF_INET6)  in ixgbe_ipsec_add_sa()
690 		ixgbe_ipsec_set_rx_sa(hw, sa_idx, rsa.xs->id.spi, rsa.key,  in ixgbe_ipsec_add_sa()
692 		xs->xso.offload_handle = sa_idx + IXGBE_IPSEC_BASE_RX_INDEX;  in ixgbe_ipsec_add_sa()
698 			     (__force u32)rsa.xs->id.spi);  in ixgbe_ipsec_add_sa()
716 		tsa.xs = xs;  in ixgbe_ipsec_add_sa()
718 		if (xs->id.proto & IPPROTO_ESP)  in ixgbe_ipsec_add_sa()
719 			tsa.encrypt = xs->ealg || xs->aead;  in ixgbe_ipsec_add_sa()
721 		ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);  in ixgbe_ipsec_add_sa()
733 		xs->xso.offload_handle = sa_idx + IXGBE_IPSEC_BASE_TX_INDEX;  in ixgbe_ipsec_add_sa()
751 static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)  in ixgbe_ipsec_del_sa()  argument
753 	struct net_device *dev = xs->xso.real_dev;  in ixgbe_ipsec_del_sa()
760 	if (xs->xso.flags & XFRM_OFFLOAD_INBOUND) {  in ixgbe_ipsec_del_sa()
764 		sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX;  in ixgbe_ipsec_del_sa()
769 				   sa_idx, xs->xso.offload_handle);  in ixgbe_ipsec_del_sa()
794 		sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;  in ixgbe_ipsec_del_sa()
798 				   sa_idx, xs->xso.offload_handle);  in ixgbe_ipsec_del_sa()
819 static bool ixgbe_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)  in ixgbe_ipsec_offload_ok()  argument
821 	if (xs->props.family == AF_INET) {  in ixgbe_ipsec_offload_ok()
859 			ixgbe_ipsec_del_sa(ipsec->rx_tbl[i].xs);  in ixgbe_ipsec_vf_clear()
868 			ixgbe_ipsec_del_sa(ipsec->tx_tbl[i].xs);  in ixgbe_ipsec_vf_clear()
889 	struct xfrm_state *xs;  in ixgbe_ipsec_vf_add_sa()  local
911 	xs = kzalloc(sizeof(*xs), GFP_KERNEL);  in ixgbe_ipsec_vf_add_sa()
912 	if (unlikely(!xs)) {  in ixgbe_ipsec_vf_add_sa()
917 	xs->xso.flags = sam->flags;  in ixgbe_ipsec_vf_add_sa()
918 	xs->id.spi = sam->spi;  in ixgbe_ipsec_vf_add_sa()
919 	xs->id.proto = sam->proto;  in ixgbe_ipsec_vf_add_sa()
920 	xs->props.family = sam->family;  in ixgbe_ipsec_vf_add_sa()
921 	if (xs->props.family == AF_INET6)  in ixgbe_ipsec_vf_add_sa()
922 		memcpy(&xs->id.daddr.a6, sam->addr, sizeof(xs->id.daddr.a6));  in ixgbe_ipsec_vf_add_sa()
924 		memcpy(&xs->id.daddr.a4, sam->addr, sizeof(xs->id.daddr.a4));  in ixgbe_ipsec_vf_add_sa()
925 	xs->xso.dev = adapter->netdev;  in ixgbe_ipsec_vf_add_sa()
933 	aead_len = sizeof(*xs->aead) + IXGBE_IPSEC_KEY_BITS / 8;  in ixgbe_ipsec_vf_add_sa()
934 	xs->aead = kzalloc(aead_len, GFP_KERNEL);  in ixgbe_ipsec_vf_add_sa()
935 	if (unlikely(!xs->aead)) {  in ixgbe_ipsec_vf_add_sa()
940 	xs->props.ealgo = algo->desc.sadb_alg_id;  in ixgbe_ipsec_vf_add_sa()
941 	xs->geniv = algo->uinfo.aead.geniv;  in ixgbe_ipsec_vf_add_sa()
942 	xs->aead->alg_icv_len = IXGBE_IPSEC_AUTH_BITS;  in ixgbe_ipsec_vf_add_sa()
943 	xs->aead->alg_key_len = IXGBE_IPSEC_KEY_BITS;  in ixgbe_ipsec_vf_add_sa()
944 	memcpy(xs->aead->alg_key, sam->key, sizeof(sam->key));  in ixgbe_ipsec_vf_add_sa()
945 	memcpy(xs->aead->alg_name, aes_gcm_name, sizeof(aes_gcm_name));  in ixgbe_ipsec_vf_add_sa()
948 	err = ixgbe_ipsec_add_sa(xs);  in ixgbe_ipsec_vf_add_sa()
952 	pfsa = xs->xso.offload_handle;  in ixgbe_ipsec_vf_add_sa()
963 	msgbuf[1] = xs->xso.offload_handle;  in ixgbe_ipsec_vf_add_sa()
968 	kfree_sensitive(xs->aead);  in ixgbe_ipsec_vf_add_sa()
970 	kfree_sensitive(xs);  in ixgbe_ipsec_vf_add_sa()
997 	struct xfrm_state *xs;  in ixgbe_ipsec_vf_del_sa()  local
1027 		xs = ipsec->rx_tbl[sa_idx].xs;  in ixgbe_ipsec_vf_del_sa()
1049 		xs = ipsec->tx_tbl[sa_idx].xs;  in ixgbe_ipsec_vf_del_sa()
1052 	ixgbe_ipsec_del_sa(xs);  in ixgbe_ipsec_vf_del_sa()
1055 	kfree_sensitive(xs);  in ixgbe_ipsec_vf_del_sa()
1072 	struct xfrm_state *xs;  in ixgbe_ipsec_tx()  local
1083 	xs = xfrm_input_state(first->skb);  in ixgbe_ipsec_tx()
1084 	if (unlikely(!xs)) {  in ixgbe_ipsec_tx()
1086 			   __func__, xs);  in ixgbe_ipsec_tx()
1090 	itd->sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;  in ixgbe_ipsec_tx()
1093 			   __func__, itd->sa_idx, xs->xso.offload_handle);  in ixgbe_ipsec_tx()
1106 	if (xs->id.proto == IPPROTO_ESP) {  in ixgbe_ipsec_tx()
1166 	struct xfrm_state *xs = NULL;  in ixgbe_ipsec_rx()  local
1205 	xs = ixgbe_ipsec_find_rx_state(ipsec, daddr, proto, spi, !!ip4);  in ixgbe_ipsec_rx()
1206 	if (unlikely(!xs))  in ixgbe_ipsec_rx()
1213 	sp->xvec[sp->len++] = xs;  in ixgbe_ipsec_rx()

Last Index update Fri Sep 05 17:56:23 CST 2025