12 static void ixgbe_ipsec_del_sa(struct xfrm_state *xs);
324 				ixgbe_ipsec_del_sa(r->xs);
326 				ixgbe_ipsec_set_rx_sa(hw, i, r->xs->id.spi,
333 				ixgbe_ipsec_del_sa(t->xs);
404 		if (spi == rsa->xs->id.spi &&
405 		    ((ip4 && *daddr == rsa->xs->id.daddr.a4) ||
406 		      (!ip4 && !memcmp(daddr, &rsa->xs->id.daddr.a6,
407 				       sizeof(rsa->xs->id.daddr.a6)))) &&
408 		    proto == rsa->xs->id.proto) {
409 			ret = rsa->xs;
420  * @xs: pointer to xfrm_state struct
427 static int ixgbe_ipsec_parse_proto_keys(struct xfrm_state *xs,
430 	struct net_device *dev = xs->xso.real_dev;
435 	if (!xs->aead) {
440 	if (xs->aead->alg_icv_len != IXGBE_IPSEC_AUTH_BITS) {
446 	key_data = &xs->aead->alg_key[0];
447 	key_len = xs->aead->alg_key_len;
448 	alg_name = xs->aead->alg_name;
476  * @xs: pointer to transformer state struct
478 static int ixgbe_ipsec_check_mgmt_ip(struct xfrm_state *xs)
480 	struct net_device *dev = xs->xso.real_dev;
505 	if (xs->props.family == AF_INET) {
514 				if (reg == (__force u32)xs->id.daddr.a4)
521 			if (reg == (__force u32)xs->id.daddr.a4)
536 				if (reg != (__force u32)xs->id.daddr.a6[j])
546 				if (reg != (__force u32)xs->id.daddr.a6[j])
559  * @xs: pointer to transformer state struct
562 static int ixgbe_ipsec_add_sa(struct xfrm_state *xs,
565 	struct net_device *dev = xs->xso.real_dev;
574 	if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) {
579 	if (xs->props.mode != XFRM_MODE_TRANSPORT) {
584 	if (ixgbe_ipsec_check_mgmt_ip(xs)) {
589 	if (xs->xso.type != XFRM_DEV_OFFLOAD_CRYPTO) {
594 	if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
597 		if (xs->calg) {
612 		rsa.xs = xs;
614 		if (rsa.xs->id.proto & IPPROTO_ESP)
615 			rsa.decrypt = xs->ealg || xs->aead;
618 		ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
625 		if (xs->props.family == AF_INET6)
626 			memcpy(rsa.ipaddr, &xs->id.daddr.a6, 16);
628 			memcpy(&rsa.ipaddr[3], &xs->id.daddr.a4, 4);
686 		if (rsa.xs->id.proto & IPPROTO_ESP)
690 		if (rsa.xs->props.family == AF_INET6)
696 		ixgbe_ipsec_set_rx_sa(hw, sa_idx, rsa.xs->id.spi, rsa.key,
698 		xs->xso.offload_handle = sa_idx + IXGBE_IPSEC_BASE_RX_INDEX;
704 			     (__force u32)rsa.xs->id.spi);
722 		tsa.xs = xs;
724 		if (xs->id.proto & IPPROTO_ESP)
725 			tsa.encrypt = xs->ealg || xs->aead;
727 		ret = ixgbe_ipsec_parse_proto_keys(xs, tsa.key, &tsa.salt);
739 		xs->xso.offload_handle = sa_idx + IXGBE_IPSEC_BASE_TX_INDEX;
755  * @xs: pointer to transformer state struct
757 static void ixgbe_ipsec_del_sa(struct xfrm_state *xs)
759 	struct net_device *dev = xs->xso.real_dev;
766 	if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) {
770 		sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX;
775 				   sa_idx, xs->xso.offload_handle);
800 		sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;
804 				   sa_idx, xs->xso.offload_handle);
823  * @xs: pointer to transformer state struct
825 static bool ixgbe_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
827 	if (xs->props.family == AF_INET) {
865 			ixgbe_ipsec_del_sa(ipsec->rx_tbl[i].xs);
874 			ixgbe_ipsec_del_sa(ipsec->tx_tbl[i].xs);
884  * Make up a new xs and algorithm info from the data sent by the VF.
895 	struct xfrm_state *xs;
923 	xs = kzalloc(sizeof(*xs), GFP_ATOMIC);
924 	if (unlikely(!xs)) {
929 	xs->xso.dir = sam->dir;
930 	xs->id.spi = sam->spi;
931 	xs->id.proto = sam->proto;
932 	xs->props.family = sam->family;
933 	if (xs->props.family == AF_INET6)
934 		memcpy(&xs->id.daddr.a6, sam->addr, sizeof(xs->id.daddr.a6));
936 		memcpy(&xs->id.daddr.a4, sam->addr, sizeof(xs->id.daddr.a4));
937 	xs->xso.dev = adapter->netdev;
939 	aead_len = sizeof(*xs->aead) + IXGBE_IPSEC_KEY_BITS / 8;
940 	xs->aead = kzalloc(aead_len, GFP_ATOMIC);
941 	if (unlikely(!xs->aead)) {
946 	xs->props.ealgo = algo->desc.sadb_alg_id;
947 	xs->geniv = algo->uinfo.aead.geniv;
948 	xs->aead->alg_icv_len = IXGBE_IPSEC_AUTH_BITS;
949 	xs->aead->alg_key_len = IXGBE_IPSEC_KEY_BITS;
950 	memcpy(xs->aead->alg_key, sam->key, sizeof(sam->key));
951 	memcpy(xs->aead->alg_name, aes_gcm_name, sizeof(aes_gcm_name));
954 	err = ixgbe_ipsec_add_sa(xs, NULL);
958 	pfsa = xs->xso.offload_handle;
969 	msgbuf[1] = xs->xso.offload_handle;
974 	kfree_sensitive(xs->aead);
976 	kfree_sensitive(xs);
989  * entry and use its xs field to call for a delete of the SA.
1003 	struct xfrm_state *xs;
1033 		xs = ipsec->rx_tbl[sa_idx].xs;
1055 		xs = ipsec->tx_tbl[sa_idx].xs;
1058 	ixgbe_ipsec_del_sa(xs);
1060 	/* remove the xs that was made-up in the add request */
1061 	kfree_sensitive(xs);
1078 	struct xfrm_state *xs;
1089 	xs = xfrm_input_state(first->skb);
1090 	if (unlikely(!xs)) {
1091 		netdev_err(tx_ring->netdev, "%s: no xfrm_input_state() xs = %p\n",
1092 			   __func__, xs);
1096 	itd->sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_TX_INDEX;
1099 			   __func__, itd->sa_idx, xs->xso.offload_handle);
1112 	if (xs->id.proto == IPPROTO_ESP) {
1122 		 * as the static value found in xs->props.trailer_len (21).
1130 			 *    authlen = crypto_aead_authsize(xs->data);
1172 	struct xfrm_state *xs = NULL;
1211 	xs = ixgbe_ipsec_find_rx_state(ipsec, daddr, proto, spi, !!ip4);
1212 	if (unlikely(!xs))
1219 	sp->xvec[sp->len++] = xs;

Indexes created Mon May 06 08:30:49 MDT 2024