From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 77A3A437F8; Tue, 2 Jan 2024 05:56:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 679AE40A75; Tue, 2 Jan 2024 05:56:18 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id B4F854067B for ; Tue, 2 Jan 2024 05:56:16 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4020STm6013185 for ; Mon, 1 Jan 2024 20:56:15 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=cMICx3xSH7h8+wI7RU/qhkuhn+dc7a/7NJls34bYNXg=; b=RVt Gxg8HG2f5Q86nqapEZpg7ZEm4WMa4x/6FbEpiqtSW/o+47Qh/fsyCZA8X0PJzXHU t6GON0v3KCJqFT4nVaSKp94fi5ZehewIGkV1k7wcFB0evLCYGpFrdveNW9hdcOj/ iAazQ/rH3/LYOoTy7eHCMcfeAvs7n+0rVDcutsn4GzS24BlYIXOGxeF5+ubbyhsv KBBkhQEjoVxWb3lrh58oNMJvqEFyrIvOunF0zaLjIv8IZXPE6sgbFbyxOtdWD/Wk /U8aGZjAe3MxUG8PlTaAjofWV3nA1fh5e3Zq6kEynA6PgHI22Y3UCVFJokYKYggA Ha1N6t2+fl2FB24KDHA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3vb5c3468k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Mon, 01 Jan 2024 20:56:15 -0800 (PST) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 1 Jan 2024 20:56:14 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Mon, 1 Jan 2024 20:56:14 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 5C2B33F7081; Mon, 1 Jan 2024 20:56:07 -0800 (PST) From: Anoob Joseph To: Akhil Goyal CC: Jerin Jacob , Vidya Sagar Velumuri , Tejasree Kondoj , Subject: [PATCH v2 14/24] crypto/cnxk: separate IPsec from security common code Date: Tue, 2 Jan 2024 10:24:07 +0530 Message-ID: <20240102045417.115-15-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240102045417.115-1-anoobj@marvell.com> References: <20231221123545.510-1-anoobj@marvell.com> <20240102045417.115-1-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: kgYxUS5ddlTA395hspCisziYdx__8j5d X-Proofpoint-ORIG-GUID: kgYxUS5ddlTA395hspCisziYdx__8j5d X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-09_02,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The current structs and functions assume only IPsec offload. Separate it out to allow for addition of TLS. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_cryptodev.c | 2 +- drivers/crypto/cnxk/cn10k_cryptodev_sec.c | 127 ++++++++++++++++++++++ drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 61 +++++++++++ drivers/crypto/cnxk/cn10k_ipsec.c | 127 +++------------------- drivers/crypto/cnxk/cn10k_ipsec.h | 45 +++----- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 1 + drivers/crypto/cnxk/meson.build | 1 + 7 files changed, 218 insertions(+), 146 deletions(-) create mode 100644 drivers/crypto/cnxk/cn10k_cryptodev_sec.c create mode 100644 drivers/crypto/cnxk/cn10k_cryptodev_sec.h diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c b/drivers/crypto/cnxk/cn10k_cryptodev.c index 2fd4df3c5d..5ed918e18e 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev.c @@ -12,7 +12,7 @@ #include "cn10k_cryptodev.h" #include "cn10k_cryptodev_ops.h" -#include "cn10k_ipsec.h" +#include "cn10k_cryptodev_sec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" #include "cnxk_cryptodev_sec.h" diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.c b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c new file mode 100644 index 0000000000..0fd0a5b03c --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c @@ -0,0 +1,127 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#include + +#include "cn10k_cryptodev_ops.h" +#include "cn10k_cryptodev_sec.h" +#include "cnxk_cryptodev_ops.h" + +static int +cn10k_sec_session_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess) +{ + struct rte_cryptodev *crypto_dev = dev; + struct cnxk_cpt_vf *vf; + struct cnxk_cpt_qp *qp; + + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) + return -EINVAL; + + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) { + plt_err("Setup cryptodev queue pair before creating security session"); + return -EPERM; + } + + vf = crypto_dev->data->dev_private; + + if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) { + ((struct cn10k_sec_session *)sess)->userdata = conf->userdata; + return cn10k_ipsec_session_create(vf, qp, &conf->ipsec, conf->crypto_xform, sess); + } + + return -ENOTSUP; +} + +static int +cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) +{ + struct cn10k_sec_session *cn10k_sec_sess; + struct rte_cryptodev *crypto_dev = dev; + struct cnxk_cpt_qp *qp; + + if (unlikely(sec_sess == NULL)) + return -EINVAL; + + qp = crypto_dev->data->queue_pairs[0]; + if (unlikely(qp == NULL)) + return -ENOTSUP; + + cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess; + + if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC) + return cn10k_sec_ipsec_session_destroy(qp, cn10k_sec_sess); + + return -EINVAL; +} + +static unsigned int +cn10k_sec_session_get_size(void *dev __rte_unused) +{ + return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session); +} + +static int +cn10k_sec_session_stats_get(void *dev, struct rte_security_session *sec_sess, + struct rte_security_stats *stats) +{ + struct cn10k_sec_session *cn10k_sec_sess; + struct rte_cryptodev *crypto_dev = dev; + struct cnxk_cpt_qp *qp; + + if (unlikely(sec_sess == NULL)) + return -EINVAL; + + qp = crypto_dev->data->queue_pairs[0]; + if (unlikely(qp == NULL)) + return -ENOTSUP; + + cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess; + + if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC) + return cn10k_ipsec_stats_get(qp, cn10k_sec_sess, stats); + + return -ENOTSUP; +} + +static int +cn10k_sec_session_update(void *dev, struct rte_security_session *sec_sess, + struct rte_security_session_conf *conf) +{ + struct cn10k_sec_session *cn10k_sec_sess; + struct rte_cryptodev *crypto_dev = dev; + struct cnxk_cpt_qp *qp; + struct cnxk_cpt_vf *vf; + + if (sec_sess == NULL) + return -EINVAL; + + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) + return -EINVAL; + + vf = crypto_dev->data->dev_private; + + cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess; + + if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC) + return cn10k_ipsec_session_update(vf, qp, cn10k_sec_sess, conf); + + return -ENOTSUP; +} + +/* Update platform specific security ops */ +void +cn10k_sec_ops_override(void) +{ + /* Update platform specific ops */ + cnxk_sec_ops.session_create = cn10k_sec_session_create; + cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy; + cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size; + cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get; + cnxk_sec_ops.session_update = cn10k_sec_session_update; + cnxk_sec_ops.inb_pkt_rx_inject = cn10k_cryptodev_sec_inb_rx_inject; + cnxk_sec_ops.rx_inject_configure = cn10k_cryptodev_sec_rx_inject_configure; +} diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h new file mode 100644 index 0000000000..02fd35eab7 --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h @@ -0,0 +1,61 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#ifndef __CN10K_CRYPTODEV_SEC_H__ +#define __CN10K_CRYPTODEV_SEC_H__ + +#include + +#include "roc_constants.h" +#include "roc_cpt.h" + +#include "cn10k_ipsec.h" + +struct cn10k_sec_session { + struct rte_security_session rte_sess; + + /** PMD private space */ + + enum rte_security_session_protocol proto; + /** Pre-populated CPT inst words */ + struct cnxk_cpt_inst_tmpl inst; + uint16_t max_extended_len; + uint16_t iv_offset; + uint8_t iv_length; + union { + struct { + uint8_t ip_csum; + bool is_outbound; + } ipsec; + }; + /** Queue pair */ + struct cnxk_cpt_qp *qp; + /** Userdata to be set for Rx inject */ + void *userdata; + + /** + * End of SW mutable area + */ + union { + struct cn10k_ipsec_sa sa; + }; +} __rte_aligned(ROC_ALIGN); + +static inline uint64_t +cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *cptr) +{ + union cpt_inst_w7 w7; + + w7.u64 = 0; + w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE]; + w7.s.ctx_val = 1; + w7.s.cptr = (uint64_t)cptr; + rte_mb(); + + return w7.u64; +} + +void cn10k_sec_ops_override(void); + +#endif /* __CN10K_CRYPTODEV_SEC_H__ */ diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index a9c673ea83..74d6cd70d1 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -11,6 +11,7 @@ #include #include "cn10k_cryptodev_ops.h" +#include "cn10k_cryptodev_sec.h" #include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" @@ -19,20 +20,6 @@ #include "roc_api.h" -static uint64_t -cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa) -{ - union cpt_inst_w7 w7; - - w7.u64 = 0; - w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE]; - w7.s.ctx_val = 1; - w7.s.cptr = (uint64_t)sa; - rte_mb(); - - return w7.u64; -} - static int cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, struct rte_security_ipsec_xform *ipsec_xfrm, @@ -260,29 +247,19 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, return ret; } -static int -cn10k_ipsec_session_create(void *dev, +int +cn10k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, struct rte_security_ipsec_xform *ipsec_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, struct rte_security_session *sess) { - struct rte_cryptodev *crypto_dev = dev; struct roc_cpt *roc_cpt; - struct cnxk_cpt_vf *vf; - struct cnxk_cpt_qp *qp; int ret; - qp = crypto_dev->data->queue_pairs[0]; - if (qp == NULL) { - plt_err("Setup cpt queue pair before creating security session"); - return -EPERM; - } - ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm); if (ret) return ret; - vf = crypto_dev->data->dev_private; roc_cpt = &vf->cpt; if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) @@ -293,38 +270,15 @@ cn10k_ipsec_session_create(void *dev, (struct cn10k_sec_session *)sess); } -static int -cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, - struct rte_security_session *sess) -{ - if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) - return -EINVAL; - - if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) { - ((struct cn10k_sec_session *)sess)->userdata = conf->userdata; - return cn10k_ipsec_session_create(device, &conf->ipsec, conf->crypto_xform, sess); - } - return -ENOTSUP; -} - -static int -cn10k_sec_ipsec_session_destroy(void *dev, struct rte_security_session *sec_sess) +int +cn10k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess) { - struct rte_cryptodev *crypto_dev = dev; union roc_ot_ipsec_sa_word2 *w2; - struct cn10k_sec_session *sess; struct cn10k_ipsec_sa *sa; - struct cnxk_cpt_qp *qp; struct roc_cpt_lf *lf; void *sa_dptr = NULL; int ret; - sess = (struct cn10k_sec_session *)sec_sess; - - qp = crypto_dev->data->queue_pairs[0]; - if (unlikely(qp == NULL)) - return -ENOTSUP; - lf = &qp->lf; sa = &sess->sa; @@ -374,48 +328,18 @@ cn10k_sec_ipsec_session_destroy(void *dev, struct rte_security_session *sec_sess return 0; } -static int -cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) +int +cn10k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess, + struct rte_security_stats *stats) { - if (unlikely(sec_sess == NULL)) - return -EINVAL; - - if (((struct cn10k_sec_session *)sec_sess)->proto == RTE_SECURITY_PROTOCOL_IPSEC) - return cn10k_sec_ipsec_session_destroy(dev, sec_sess); - - return -EINVAL; -} - -static unsigned int -cn10k_sec_session_get_size(void *device __rte_unused) -{ - return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session); -} - -static int -cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess, - struct rte_security_stats *stats) -{ - struct rte_cryptodev *crypto_dev = device; struct roc_ot_ipsec_outb_sa *out_sa; struct roc_ot_ipsec_inb_sa *in_sa; - struct cn10k_sec_session *priv; struct cn10k_ipsec_sa *sa; - struct cnxk_cpt_qp *qp; - - if (unlikely(sess == NULL)) - return -EINVAL; - - priv = (struct cn10k_sec_session *)sess; - - qp = crypto_dev->data->queue_pairs[0]; - if (qp == NULL) - return -EINVAL; stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC; - sa = &priv->sa; + sa = &sess->sa; - if (priv->ipsec.is_outbound) { + if (sess->ipsec.is_outbound) { out_sa = &sa->out_sa; roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false); rte_delay_ms(1); @@ -432,23 +356,13 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess, return 0; } -static int -cn10k_sec_session_update(void *device, struct rte_security_session *sess, - struct rte_security_session_conf *conf) +int +cn10k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, + struct cn10k_sec_session *sess, struct rte_security_session_conf *conf) { - struct rte_cryptodev *crypto_dev = device; struct roc_cpt *roc_cpt; - struct cnxk_cpt_qp *qp; - struct cnxk_cpt_vf *vf; int ret; - if (sess == NULL) - return -EINVAL; - - qp = crypto_dev->data->queue_pairs[0]; - if (qp == NULL) - return -EINVAL; - if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) return -ENOTSUP; @@ -456,23 +370,8 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess, if (ret) return ret; - vf = crypto_dev->data->dev_private; roc_cpt = &vf->cpt; return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, conf->crypto_xform, (struct cn10k_sec_session *)sess); } - -/* Update platform specific security ops */ -void -cn10k_sec_ops_override(void) -{ - /* Update platform specific ops */ - cnxk_sec_ops.session_create = cn10k_sec_session_create; - cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy; - cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size; - cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get; - cnxk_sec_ops.session_update = cn10k_sec_session_update; - cnxk_sec_ops.inb_pkt_rx_inject = cn10k_cryptodev_sec_inb_rx_inject; - cnxk_sec_ops.rx_inject_configure = cn10k_cryptodev_sec_rx_inject_configure; -} diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index 2b7a3e6acf..0d1e14a065 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -11,9 +11,12 @@ #include "roc_constants.h" #include "roc_ie_ot.h" +#include "cnxk_cryptodev.h" +#include "cnxk_cryptodev_ops.h" #include "cnxk_ipsec.h" -typedef void *CN10K_SA_CONTEXT_MARKER[0]; +/* Forward declaration */ +struct cn10k_sec_session; struct cn10k_ipsec_sa { union { @@ -24,34 +27,14 @@ struct cn10k_ipsec_sa { }; } __rte_aligned(ROC_ALIGN); -struct cn10k_sec_session { - struct rte_security_session rte_sess; - - /** PMD private space */ - - enum rte_security_session_protocol proto; - /** Pre-populated CPT inst words */ - struct cnxk_cpt_inst_tmpl inst; - uint16_t max_extended_len; - uint16_t iv_offset; - uint8_t iv_length; - union { - struct { - uint8_t ip_csum; - bool is_outbound; - } ipsec; - }; - /** Queue pair */ - struct cnxk_cpt_qp *qp; - /** Userdata to be set for Rx inject */ - void *userdata; - - /** - * End of SW mutable area - */ - struct cn10k_ipsec_sa sa; -} __rte_aligned(ROC_ALIGN); - -void cn10k_sec_ops_override(void); - +int cn10k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, + struct rte_security_ipsec_xform *ipsec_xfrm, + struct rte_crypto_sym_xform *crypto_xfrm, + struct rte_security_session *sess); +int cn10k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess); +int cn10k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess, + struct rte_security_stats *stats); +int cn10k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, + struct cn10k_sec_session *sess, + struct rte_security_session_conf *conf); #endif /* __CN10K_IPSEC_H__ */ diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index af2c85022e..a30b8e413d 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -11,6 +11,7 @@ #include "roc_ie.h" #include "cn10k_cryptodev.h" +#include "cn10k_cryptodev_sec.h" #include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index 3d9a0dbbf0..d6fafd43d9 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -14,6 +14,7 @@ sources = files( 'cn9k_ipsec.c', 'cn10k_cryptodev.c', 'cn10k_cryptodev_ops.c', + 'cn10k_cryptodev_sec.c', 'cn10k_ipsec.c', 'cnxk_cryptodev.c', 'cnxk_cryptodev_capabilities.c', -- 2.25.1