From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CAF8A43B73; Thu, 22 Feb 2024 11:05:51 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5A1DE406A2; Thu, 22 Feb 2024 11:05:46 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C54E1402ED for ; Thu, 22 Feb 2024 11:05:44 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41M9BKKV021841 for ; Thu, 22 Feb 2024 02:05:43 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=oUKF2ZqHdb2zjdqkaeh9WtCsqqtl0bc4aqXWJE7rERE=; b=CYL tER6T1Oz+dTGLeDkYwkRN3kZoTnlgxvy+4naOntBzNdTbGmEGUoPFu/sHmmYaPVR b6FxdT6Rlx3U0hXoAc86BEdrtmSDrStVQprUdw+Z94CsKJvpsVUnxCRk72C9+SOC OKkrlGo/unkxFXLZxjKhKKeUBthZ0OcYi8vg8wgJ5qXYJK+Z6oHPsOw2x200Ws3n BDQWnV8u5uQPGD66OEGkbVWwIhDNE3a2LmwMJKuLJhgO2Jf+hQBlR/VGPeAKkqGg oBoXXZTvLYCH8aa1ZUVJIFDRE+Sl8BzuwFeF+eQ4JP8BZi3NCVVZ4c/dsvv0lPp7 lEraUhWzL/4J7Mv1/uQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3we3dw849a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 22 Feb 2024 02:05:43 -0800 (PST) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 22 Feb 2024 02:05:41 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Thu, 22 Feb 2024 02:05:41 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 22 Feb 2024 02:05:41 -0800 Received: from hyd1588t430.caveonetworks.com (unknown [10.29.52.204]) by maili.marvell.com (Postfix) with ESMTP id DF9393F7133; Thu, 22 Feb 2024 02:05:39 -0800 (PST) From: Nithin Dabilpuram To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao CC: Subject: [PATCH v3 02/14] net/cnxk: add IPsec SA defines for PMD API Date: Thu, 22 Feb 2024 15:35:18 +0530 Message-ID: <20240222100530.2266013-2-ndabilpuram@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240222100530.2266013-1-ndabilpuram@marvell.com> References: <20240222100530.2266013-1-ndabilpuram@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: p7yczD9ymQ673tVM6WxgfOdgXjFr5UHv X-Proofpoint-ORIG-GUID: p7yczD9ymQ673tVM6WxgfOdgXjFr5UHv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-22_08,2024-02-22_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Define inbound and outbound IPsec data type for PMD API's rte_pmd_cnxk_hw_sa_read() and rte_pmd_cnxk_hw_sa_write(). Signed-off-by: Nithin Dabilpuram --- drivers/net/cnxk/cn10k_ethdev_sec.c | 18 +- drivers/net/cnxk/rte_pmd_cnxk.h | 397 +++++++++++++++++++++++++++- 2 files changed, 411 insertions(+), 4 deletions(-) diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c index 575d0fabd5..05ec49d981 100644 --- a/drivers/net/cnxk/cn10k_ethdev_sec.c +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c @@ -14,6 +14,20 @@ #include #include +PLT_STATIC_ASSERT(offsetof(struct rte_pmd_cnxk_ipsec_inb_sa, ctx.ar_winbits) == + offsetof(struct roc_ot_ipsec_inb_sa, ctx.ar_winbits)); + +PLT_STATIC_ASSERT(offsetof(struct rte_pmd_cnxk_ipsec_outb_sa, ctx.mib_pkts) == + offsetof(struct roc_ot_ipsec_outb_sa, ctx.mib_pkts)); + +PLT_STATIC_ASSERT(RTE_PMD_CNXK_CTX_MAX_CKEY_LEN == ROC_CTX_MAX_CKEY_LEN); +PLT_STATIC_ASSERT(RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN == RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN); + +PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WIN_SIZE_MIN == ROC_AR_WIN_SIZE_MIN); +PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WIN_SIZE_MAX == ROC_AR_WIN_SIZE_MAX); +PLT_STATIC_ASSERT(RTE_PMD_CNXK_LOG_MIN_AR_WIN_SIZE_M1 == ROC_LOG_MIN_AR_WIN_SIZE_M1); +PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WINBITS_SZ == ROC_AR_WINBITS_SZ); + static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = { { /* AES GCM */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, @@ -1143,7 +1157,7 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess, int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess, - void *data, uint32_t len) + union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); @@ -1166,7 +1180,7 @@ rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess, int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess, - void *data, uint32_t len) + union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len) { struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device; struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev); diff --git a/drivers/net/cnxk/rte_pmd_cnxk.h b/drivers/net/cnxk/rte_pmd_cnxk.h index 7827c33ac9..43f2a7ed9b 100644 --- a/drivers/net/cnxk/rte_pmd_cnxk.h +++ b/drivers/net/cnxk/rte_pmd_cnxk.h @@ -60,6 +60,399 @@ struct rte_pmd_cnxk_sec_action { enum rte_pmd_cnxk_sec_action_alg alg; }; +#define RTE_PMD_CNXK_CTX_MAX_CKEY_LEN 32 +#define RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN 128 + +/** Anti reply window size supported */ +#define RTE_PMD_CNXK_AR_WIN_SIZE_MIN 64 +#define RTE_PMD_CNXK_AR_WIN_SIZE_MAX 4096 +#define RTE_PMD_CNXK_LOG_MIN_AR_WIN_SIZE_M1 5 + +/** u64 array size to fit anti replay window bits */ +#define RTE_PMD_CNXK_AR_WINBITS_SZ (RTE_ALIGN_CEIL(RTE_PMD_CNXK_AR_WIN_SIZE_MAX, 64) / 64) + +/** Outer header info for Inbound or Outbound */ +union rte_pmd_cnxk_ipsec_outer_ip_hdr { + struct { + /** IPv4 destination */ + uint32_t dst_addr; + /** IPv4 source */ + uint32_t src_addr; + } ipv4; + struct { + /** IPv6 source */ + uint8_t src_addr[16]; + /** IPv6 destination */ + uint8_t dst_addr[16]; + } ipv6; +}; + +/** Inbound IPsec context update region */ +struct rte_pmd_cnxk_ipsec_inb_ctx_update_reg { + /** Highest sequence number received */ + uint64_t ar_base; + /** Valid bit for 64-bit words of replay window */ + uint64_t ar_valid_mask; + /** Hard life for SA */ + uint64_t hard_life; + /** Soft life for SA */ + uint64_t soft_life; + /** MIB octets */ + uint64_t mib_octs; + /** MIB packets */ + uint64_t mib_pkts; + /** AR window bits */ + uint64_t ar_winbits[RTE_PMD_CNXK_AR_WINBITS_SZ]; +}; + +/** Outbound IPsec IV data */ +union rte_pmd_cnxk_ipsec_outb_iv { + uint64_t u64[2]; + /** IV debug - 16B*/ + uint8_t iv_dbg[16]; + struct { + /** IV debug - 8B */ + uint8_t iv_dbg1[4]; + /** Salt */ + uint8_t salt[4]; + + uint32_t rsvd; + /** IV debug - 8B */ + uint8_t iv_dbg2[4]; + } s; +}; + +/** Outbound IPsec context update region */ +struct rte_pmd_cnxk_ipsec_outb_ctx_update_reg { + union { + struct { + uint64_t reserved_0_2 : 3; + uint64_t address : 57; + uint64_t mode : 4; + } s; + uint64_t u64; + } err_ctl; + + uint64_t esn_val; + uint64_t hard_life; + uint64_t soft_life; + uint64_t mib_octs; + uint64_t mib_pkts; +}; + +/** + * Inbound IPsec SA + */ +struct rte_pmd_cnxk_ipsec_inb_sa { + /** Word0 */ + union { + struct { + /** AR window size */ + uint64_t ar_win : 3; + /** Hard life enable */ + uint64_t hard_life_dec : 1; + /** Soft life enable */ + uint64_t soft_life_dec : 1; + + /** Count global octets */ + uint64_t count_glb_octets : 1; + /** Count global pkts */ + uint64_t count_glb_pkts : 1; + /** Count bytes */ + uint64_t count_mib_bytes : 1; + + /** Count pkts */ + uint64_t count_mib_pkts : 1; + /** HW context offset */ + uint64_t hw_ctx_off : 7; + + /** Context ID */ + uint64_t ctx_id : 16; + + /** Original packet free absolute */ + uint64_t orig_pkt_fabs : 1; + /** Original packet free */ + uint64_t orig_pkt_free : 1; + /** PKIND for second pass */ + uint64_t pkind : 6; + + uint64_t rsvd0 : 1; + /** Ether type overwrite */ + uint64_t et_ovrwr : 1; + /** Packet output type */ + uint64_t pkt_output : 2; + /** Packet format type */ + uint64_t pkt_format : 1; + /** Defrag option */ + uint64_t defrag_opt : 2; + /** Reserved for X2P dest */ + uint64_t x2p_dst : 1; + + /** Context push size */ + uint64_t ctx_push_size : 7; + uint64_t rsvd1 : 1; + + /** Context header size */ + uint64_t ctx_hdr_size : 2; + /** AOP enable */ + uint64_t aop_valid : 1; + uint64_t rsvd2 : 1; + /** Context size */ + uint64_t ctx_size : 4; + } s; + uint64_t u64; + } w0; + + /** Word1 */ + union { + struct { + /** Original packet aura */ + uint64_t orig_pkt_aura : 20; + uint64_t rsvd3 : 4; + /** Original packet free offset */ + uint64_t orig_pkt_foff : 8; + /** SA cookie */ + uint64_t cookie : 32; + } s; + uint64_t u64; + } w1; + + /** Word 2 */ + union { + struct { + /** SA valid */ + uint64_t valid : 1; + /** SA direction */ + uint64_t dir : 1; + uint64_t rsvd11 : 1; + uint64_t rsvd4 : 1; + /** IPsec mode */ + uint64_t ipsec_mode : 1; + /** IPsec protocol */ + uint64_t ipsec_protocol : 1; + /** AES key length */ + uint64_t aes_key_len : 2; + + /** Encryption algo */ + uint64_t enc_type : 3; + /** Soft life and hard life unit */ + uint64_t life_unit : 1; + /** Authentication algo */ + uint64_t auth_type : 4; + + /** Encapsulation type */ + uint64_t encap_type : 2; + /** Ether type override enable */ + uint64_t et_ovrwr_ddr_en : 1; + /** ESN enable */ + uint64_t esn_en : 1; + /** Transport mode L4 checksum incrementally update */ + uint64_t tport_l4_incr_csum : 1; + /** Outer IP header verification */ + uint64_t ip_hdr_verify : 2; + /** UDP enacapsulation ports verification */ + uint64_t udp_ports_verify : 1; + + /** Return 64B of L2/L3 header on error */ + uint64_t l3hdr_on_err : 1; + uint64_t rsvd6 : 6; + uint64_t rsvd12 : 1; + + /** SPI */ + uint64_t spi : 32; + } s; + uint64_t u64; + } w2; + + /** Word3 */ + uint64_t rsvd7; + + /** Word4 - Word7 */ + uint8_t cipher_key[RTE_PMD_CNXK_CTX_MAX_CKEY_LEN]; + + /** Word8 - Word9 */ + union { + struct { + uint32_t rsvd8; + /** IV salt */ + uint8_t salt[4]; + } s; + uint64_t u64; + } w8; + uint64_t rsvd9; + + /** Word10 */ + union { + struct { + uint64_t rsvd10 : 32; + /** UDP encapsulation source port */ + uint64_t udp_src_port : 16; + /** UDP encapsulation destination port */ + uint64_t udp_dst_port : 16; + } s; + uint64_t u64; + } w10; + + /** Word11 - Word14 */ + union rte_pmd_cnxk_ipsec_outer_ip_hdr outer_hdr; + + /** Word15 - Word30 */ + uint8_t hmac_opad_ipad[RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN]; + + /** Word31 - Word100 */ + struct rte_pmd_cnxk_ipsec_inb_ctx_update_reg ctx; +}; + +/** + * Outbound IPsec SA + */ +struct rte_pmd_cnxk_ipsec_outb_sa { + /** Word0 */ + union { + struct { + /** ESN enable */ + uint64_t esn_en : 1; + /** IP ID generation type */ + uint64_t ip_id : 1; + uint64_t rsvd0 : 1; + /** Hard life enable */ + uint64_t hard_life_dec : 1; + /** Soft life enable */ + uint64_t soft_life_dec : 1; + + /** Count global octets */ + uint64_t count_glb_octets : 1; + /** Count global pkts */ + uint64_t count_glb_pkts : 1; + /** Count bytes */ + uint64_t count_mib_bytes : 1; + + /** Count pkts */ + uint64_t count_mib_pkts : 1; + /** HW context offset */ + uint64_t hw_ctx_off : 7; + + /** Context ID */ + uint64_t ctx_id : 16; + uint64_t rsvd1 : 16; + + /** Context push size */ + uint64_t ctx_push_size : 7; + uint64_t rsvd2 : 1; + + /** Context header size */ + uint64_t ctx_hdr_size : 2; + /** AOP enable */ + uint64_t aop_valid : 1; + uint64_t rsvd3 : 1; + /** Context size */ + uint64_t ctx_size : 4; + } s; + uint64_t u64; + } w0; + + /** Word1 */ + union { + struct { + uint64_t rsvd4 : 32; + /** SA cookie */ + uint64_t cookie : 32; + } s; + uint64_t u64; + } w1; + + /** Word 2 */ + union { + struct { + /** SA valid */ + uint64_t valid : 1; + /** SA direction */ + uint64_t dir : 1; + uint64_t rsvd11 : 1; + uint64_t rsvd5 : 1; + /** IPsec mode */ + uint64_t ipsec_mode : 1; + /** IPsec protocol */ + uint64_t ipsec_protocol : 1; + + /** AES key length */ + uint64_t aes_key_len : 2; + + /** Encryption algo */ + uint64_t enc_type : 3; + /** Soft life and hard life unit */ + uint64_t life_unit : 1; + /** Authentication algo */ + uint64_t auth_type : 4; + + /** Encapsulation type */ + uint64_t encap_type : 2; + /** DF source */ + uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1; + /** DSCP source */ + uint64_t dscp_src : 1; + /** IV source */ + uint64_t iv_src : 2; + /** IPID value in outer header */ + uint64_t ipid_gen : 1; + uint64_t rsvd6 : 1; + + uint64_t rsvd7 : 7; + uint64_t rsvd12 : 1; + + /** SPI */ + uint64_t spi : 32; + } s; + uint64_t u64; + } w2; + + /** Word3 */ + uint64_t rsvd8; + + /** Word4 - Word7 */ + uint8_t cipher_key[RTE_PMD_CNXK_CTX_MAX_CKEY_LEN]; + + /** Word8 - Word9 */ + union rte_pmd_cnxk_ipsec_outb_iv iv; + + /** Word10 */ + union { + struct { + uint64_t rsvd9 : 4; + /** Outer header IPv4 DF or IPv6 flow label */ + uint64_t ipv4_df_or_ipv6_flw_lbl : 20; + + /** DSCP for outer header */ + uint64_t dscp : 6; + uint64_t rsvd10 : 2; + + /** UDP encapsulation destination port */ + uint64_t udp_dst_port : 16; + + /** UDP encapsulation source port */ + uint64_t udp_src_port : 16; + } s; + uint64_t u64; + } w10; + + /** Word11 - Word14 */ + union rte_pmd_cnxk_ipsec_outer_ip_hdr outer_hdr; + + /** Word15 - Word30 */ + uint8_t hmac_opad_ipad[RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN]; + + /** Word31 - Word36 */ + struct rte_pmd_cnxk_ipsec_outb_ctx_update_reg ctx; +}; + +/** Inbound/Outbound IPsec SA */ +union rte_pmd_cnxk_ipsec_hw_sa { + /** Inbound SA */ + struct rte_pmd_cnxk_ipsec_inb_sa inb; + /** Outbound SA */ + struct rte_pmd_cnxk_ipsec_outb_sa outb; +}; + /** * Read HW SA context from session. * @@ -77,7 +470,7 @@ struct rte_pmd_cnxk_sec_action { */ __rte_experimental int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess, - void *data, uint32_t len); + union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len); /** * Write HW SA context to session. * @@ -95,7 +488,7 @@ int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess, */ __rte_experimental int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess, - void *data, uint32_t len); + union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len); /** * Get pointer to CPT result info for inline inbound processed pkt. -- 2.25.1