From patchwork Thu Apr 20 11:00:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Boris Pismenny <borisp@mellanox.com>
X-Patchwork-Id: 9690091
Return-Path: <linux-rdma-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0A6AF6038D for <patchwork-linux-rdma@patchwork.kernel.org>;
	Thu, 20 Apr 2017 11:00:46 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D9BB727F90
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Thu, 20 Apr 2017 11:00:45 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id CE9E82845E; Thu, 20 Apr 2017 11:00:45 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 525A82845B
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Thu, 20 Apr 2017 11:00:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1030674AbdDTLA2 (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Thu, 20 Apr 2017 07:00:28 -0400
Received: from mail-il-dmz.mellanox.com ([193.47.165.129]:36217 "EHLO
	mellanox.co.il" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
	with ESMTP id S934253AbdDTLAY (ORCPT
	<rfc822; linux-rdma@vger.kernel.org>); Thu, 20 Apr 2017 07:00:24 -0400
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
	borisp@mellanox.com)
	with ESMTPS (AES256-SHA encrypted); 20 Apr 2017 14:00:15 +0300
Received: from gen-l-vrt-098.mtl.labs.mlnx (gen-l-vrt-098.mtl.labs.mlnx
	[10.137.170.1])
	by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v3KB0EG2022280;
	Thu, 20 Apr 2017 14:00:14 +0300
From: Boris Pismenny <borisp@mellanox.com>
To: dledford@redhat.com, sean.hefty@intel.com,
	hal.rosenstock@gmail.com, borisp@mellanox.com
Cc: linux-rdma@vger.kernel.org, leonro@mellanox.com,
	ronye@mellanox.com, matanb@mellanox.com, aviadye@mellanox.com,
	alexr@mellanox.com
Subject: [RFC 2/2] IB/core: ESP AES-GCM crypto offload action
Date: Thu, 20 Apr 2017 14:00:10 +0300
Message-Id: 
 <3850eaa87caf22b358f1cb31849028e3545d1e0d.1492685328.git.borisp@mellanox.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <cover.1492685328.git.borisp@mellanox.com>
References: <cover.1492685328.git.borisp@mellanox.com>
In-Reply-To: <cover.1492685328.git.borisp@mellanox.com>
References: <cover.1492685328.git.borisp@mellanox.com>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: borisp <borisp@mellanox.com>

This patch introduces the flow steering specification for IPsec
AES-GCM crypto offload to HW. If a user creates a flow with
this specification, then all packets that hit this flow will
have their payload encrypted and authenticated according to
the key and the salt in this specification as defined in RFC4303.

Signed-off-by: borisp <borisp@mellanox.com>
---
 include/rdma/ib_verbs.h | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 6c1c867..e4e33e4 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -1658,10 +1658,12 @@ enum ib_flow_spec_type {
 	/* L4 headers*/
 	IB_FLOW_SPEC_TCP		= 0x40,
 	IB_FLOW_SPEC_UDP		= 0x41,
+	IB_FLOW_SPEC_ESP		= 0x42,
 	IB_FLOW_SPEC_VXLAN_TUNNEL	= 0x50,
 	IB_FLOW_SPEC_INNER		= 0x100,
 	/* Actions */
 	IB_FLOW_SPEC_ACTION_TAG         = 0x1000,
+	IB_FLOW_SPEC_ACTION_ESP_AES_GCM         = 0x1001,
 };
 #define IB_FLOW_SPEC_LAYER_MASK	0xF0
 #define IB_FLOW_SPEC_SUPPORT_LAYERS 8
@@ -1770,6 +1772,20 @@ struct ib_flow_spec_tcp_udp {
 	struct ib_flow_tcp_udp_filter mask;
 };
 
+struct ib_flow_esp_filter {
+		__be32	spi;
+		__be32  seq;
+		/* Must be last */
+		u8	real_sz[0];
+};
+
+struct ib_flow_spec_esp {
+	u32                           type;
+	u16			      size;
+	struct ib_flow_esp_filter     val;
+	struct ib_flow_esp_filter     mask;
+};
+
 struct ib_flow_tunnel_filter {
 	__be32	tunnel_id;
 	u8	real_sz[0];
@@ -1791,6 +1807,16 @@ struct ib_flow_spec_action_tag {
 	u32                           tag_id;
 };
 
+struct ib_flow_spec_action_esp_aes_gcm {
+	enum ib_flow_spec_type	      type;
+	u16			      size;
+	__u8                          key[32];
+	__u8                          key_length; /* 16, 24 or 32 bytes */
+	__u8                          salt[4]; /* salt according to RFC4106 */
+	__u8                          seqiv_salt[8];
+	__u8			      seq_hi[4];
+};
+
 union ib_flow_spec {
 	struct {
 		u32			type;
@@ -1802,7 +1828,9 @@ struct ib_flow_spec_action_tag {
 	struct ib_flow_spec_tcp_udp	tcp_udp;
 	struct ib_flow_spec_ipv6        ipv6;
 	struct ib_flow_spec_tunnel      tunnel;
+	struct ib_flow_spec_esp		esp;
 	struct ib_flow_spec_action_tag  flow_tag;
+	struct ib_flow_spec_action_esp_aes_gcm  esp_aes_gcm;
 };
 
 struct ib_flow_attr {