From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Vidya Sagar Velumuri <vvelumuri@marvell.com>,
Anoob Joseph <anoobj@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v2 09/25] crypto/cnxk: add cn20k security skeletion
Date: Tue, 3 Jun 2025 17:20:10 +0530 [thread overview]
Message-ID: <20250603115026.2664706-10-ktejasree@marvell.com> (raw)
In-Reply-To: <20250603115026.2664706-1-ktejasree@marvell.com>
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add skeletion for rte_security for cn20k
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/crypto/cnxk/cn20k_cryptodev.c | 2 +
drivers/crypto/cnxk/cn20k_cryptodev_ops.c | 39 +++++++++++++
drivers/crypto/cnxk/cn20k_cryptodev_ops.h | 8 +++
drivers/crypto/cnxk/cn20k_cryptodev_sec.c | 71 +++++++++++++++++++++++
drivers/crypto/cnxk/cn20k_cryptodev_sec.h | 19 ++++++
drivers/crypto/cnxk/cn20k_ipsec.c | 68 ++++++++++++++++++++++
drivers/crypto/cnxk/cn20k_ipsec.h | 41 +++++++++++++
drivers/crypto/cnxk/meson.build | 2 +
8 files changed, 250 insertions(+)
create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_sec.c
create mode 100644 drivers/crypto/cnxk/cn20k_cryptodev_sec.h
create mode 100644 drivers/crypto/cnxk/cn20k_ipsec.c
create mode 100644 drivers/crypto/cnxk/cn20k_ipsec.h
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev.c b/drivers/crypto/cnxk/cn20k_cryptodev.c
index 4c70c15ca9..7b8293cc05 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev.c
@@ -12,6 +12,7 @@
#include "cn20k_cryptodev.h"
#include "cn20k_cryptodev_ops.h"
+#include "cn20k_cryptodev_sec.h"
#include "cnxk_cryptodev.h"
#include "cnxk_cryptodev_capabilities.h"
#include "cnxk_cryptodev_ops.h"
@@ -93,6 +94,7 @@ cn20k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, struct rte_pci_
dev->qp_depth_used = cnxk_cpt_qp_depth_used;
cn20k_cpt_set_enqdeq_fns(dev);
+ cn20k_sec_ops_override();
rte_cryptodev_pmd_probing_finish(dev);
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
index b44f747b02..2e5c6d2dc5 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.c
@@ -3,6 +3,7 @@
*/
#include <cryptodev_pmd.h>
+#include <eal_export.h>
#include <rte_cryptodev.h>
#include <rte_hexdump.h>
@@ -407,6 +408,44 @@ cn20k_sym_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
return 0;
}
+#if defined(RTE_ARCH_ARM64)
+RTE_EXPORT_INTERNAL_SYMBOL(cn20k_cryptodev_sec_inb_rx_inject)
+uint16_t __rte_hot
+cn20k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
+ struct rte_security_session **sess, uint16_t nb_pkts)
+{
+ RTE_SET_USED(dev);
+ RTE_SET_USED(pkts);
+ RTE_SET_USED(sess);
+ RTE_SET_USED(nb_pkts);
+
+ return 0;
+}
+#else
+RTE_EXPORT_INTERNAL_SYMBOL(cn20k_cryptodev_sec_inb_rx_inject)
+uint16_t __rte_hot
+cn20k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
+ struct rte_security_session **sess, uint16_t nb_pkts)
+{
+ RTE_SET_USED(dev);
+ RTE_SET_USED(pkts);
+ RTE_SET_USED(sess);
+ RTE_SET_USED(nb_pkts);
+ return 0;
+}
+#endif
+
+RTE_EXPORT_INTERNAL_SYMBOL(cn20k_cryptodev_sec_rx_inject_configure)
+int
+cn20k_cryptodev_sec_rx_inject_configure(void *device, uint16_t port_id, bool enable)
+{
+ RTE_SET_USED(device);
+ RTE_SET_USED(port_id);
+ RTE_SET_USED(enable);
+
+ return -ENOTSUP;
+}
+
struct rte_cryptodev_ops cn20k_cpt_ops = {
/* Device control ops */
.dev_configure = cnxk_cpt_dev_config,
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
index bdd6f71022..752ca588e0 100644
--- a/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_ops.h
@@ -25,6 +25,14 @@ extern struct rte_cryptodev_ops cn20k_cpt_ops;
void cn20k_cpt_set_enqdeq_fns(struct rte_cryptodev *dev);
+__rte_internal
+uint16_t __rte_hot cn20k_cryptodev_sec_inb_rx_inject(void *dev, struct rte_mbuf **pkts,
+ struct rte_security_session **sess,
+ uint16_t nb_pkts);
+
+__rte_internal
+int cn20k_cryptodev_sec_rx_inject_configure(void *device, uint16_t port_id, bool enable);
+
static __rte_always_inline void __rte_hot
cn20k_cpt_lmtst_dual_submit(uint64_t *io_addr, const uint16_t lmt_id, int *i)
{
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.c b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
new file mode 100644
index 0000000000..ca6af322c0
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.c
@@ -0,0 +1,71 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#include <rte_security.h>
+
+#include "cn20k_cryptodev_ops.h"
+#include "cn20k_cryptodev_sec.h"
+#include "cnxk_cryptodev_ops.h"
+
+static int
+cn20k_sec_session_create(void *dev, struct rte_security_session_conf *conf,
+ struct rte_security_session *sess)
+{
+ RTE_SET_USED(dev);
+ RTE_SET_USED(conf);
+ RTE_SET_USED(sess);
+
+ return -ENOTSUP;
+}
+
+static int
+cn20k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
+{
+ RTE_SET_USED(dev);
+ RTE_SET_USED(sec_sess);
+
+ return -EINVAL;
+}
+
+static unsigned int
+cn20k_sec_session_get_size(void *dev __rte_unused)
+{
+ return 0;
+}
+
+static int
+cn20k_sec_session_stats_get(void *dev, struct rte_security_session *sec_sess,
+ struct rte_security_stats *stats)
+{
+ RTE_SET_USED(dev);
+ RTE_SET_USED(sec_sess);
+ RTE_SET_USED(stats);
+
+ return -ENOTSUP;
+}
+
+static int
+cn20k_sec_session_update(void *dev, struct rte_security_session *sec_sess,
+ struct rte_security_session_conf *conf)
+{
+ RTE_SET_USED(dev);
+ RTE_SET_USED(sec_sess);
+ RTE_SET_USED(conf);
+
+ return -ENOTSUP;
+}
+
+/* Update platform specific security ops */
+void
+cn20k_sec_ops_override(void)
+{
+ /* Update platform specific ops */
+ cnxk_sec_ops.session_create = cn20k_sec_session_create;
+ cnxk_sec_ops.session_destroy = cn20k_sec_session_destroy;
+ cnxk_sec_ops.session_get_size = cn20k_sec_session_get_size;
+ cnxk_sec_ops.session_stats_get = cn20k_sec_session_stats_get;
+ cnxk_sec_ops.session_update = cn20k_sec_session_update;
+ cnxk_sec_ops.inb_pkt_rx_inject = cn20k_cryptodev_sec_inb_rx_inject;
+ cnxk_sec_ops.rx_inject_configure = cn20k_cryptodev_sec_rx_inject_configure;
+}
diff --git a/drivers/crypto/cnxk/cn20k_cryptodev_sec.h b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
new file mode 100644
index 0000000000..5cd0e53017
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_cryptodev_sec.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __CN20K_CRYPTODEV_SEC_H__
+#define __CN20K_CRYPTODEV_SEC_H__
+
+#include <rte_common.h>
+#include <rte_security.h>
+
+#include "roc_constants.h"
+#include "roc_cpt.h"
+
+#include "cn20k_ipsec.h"
+
+#define SEC_SESS_SIZE sizeof(struct rte_security_session)
+
+void cn20k_sec_ops_override(void);
+#endif /* __CN20K_CRYPTODEV_SEC_H__ */
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.c b/drivers/crypto/cnxk/cn20k_ipsec.c
new file mode 100644
index 0000000000..da8f818d87
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_ipsec.c
@@ -0,0 +1,68 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#include <cryptodev_pmd.h>
+#include <rte_esp.h>
+#include <rte_ip.h>
+#include <rte_malloc.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+#include <rte_udp.h>
+
+#include "cn20k_cryptodev_ops.h"
+#include "cn20k_cryptodev_sec.h"
+#include "cn20k_ipsec.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_ipsec.h"
+#include "cnxk_security.h"
+
+#include "roc_api.h"
+
+int
+cn20k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct rte_security_ipsec_xform *ipsec_xfrm,
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ struct rte_security_session *sess)
+{
+ RTE_SET_USED(vf);
+ RTE_SET_USED(qp);
+ RTE_SET_USED(ipsec_xfrm);
+ RTE_SET_USED(crypto_xfrm);
+ RTE_SET_USED(sess);
+
+ return 0;
+}
+
+int
+cn20k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess)
+{
+ RTE_SET_USED(qp);
+ RTE_SET_USED(sess);
+
+ return 0;
+}
+
+int
+cn20k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess,
+ struct rte_security_stats *stats)
+{
+ RTE_SET_USED(qp);
+ RTE_SET_USED(sess);
+ RTE_SET_USED(stats);
+
+ return 0;
+}
+
+int
+cn20k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct cn20k_sec_session *sess, struct rte_security_session_conf *conf)
+{
+ RTE_SET_USED(vf);
+ RTE_SET_USED(qp);
+ RTE_SET_USED(sess);
+ RTE_SET_USED(conf);
+
+ return 0;
+}
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.h b/drivers/crypto/cnxk/cn20k_ipsec.h
new file mode 100644
index 0000000000..202d52405d
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_ipsec.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __CN20K_IPSEC_H__
+#define __CN20K_IPSEC_H__
+
+#include <rte_security.h>
+#include <rte_security_driver.h>
+
+#include "roc_constants.h"
+#include "roc_ie_ow.h"
+
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_ipsec.h"
+
+/* Forward declaration */
+struct cn20k_sec_session;
+
+struct __rte_aligned(ROC_ALIGN) cn20k_ipsec_sa
+{
+ union {
+ /** Inbound SA */
+ struct roc_ow_ipsec_inb_sa in_sa;
+ /** Outbound SA */
+ struct roc_ow_ipsec_outb_sa out_sa;
+ };
+};
+
+int cn20k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct rte_security_ipsec_xform *ipsec_xfrm,
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ struct rte_security_session *sess);
+int cn20k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess);
+int cn20k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess,
+ struct rte_security_stats *stats);
+int cn20k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct cn20k_sec_session *sess,
+ struct rte_security_session_conf *conf);
+#endif /* __CN20K_IPSEC_H__ */
diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build
index 0b078b4d06..f8077e4d4c 100644
--- a/drivers/crypto/cnxk/meson.build
+++ b/drivers/crypto/cnxk/meson.build
@@ -19,6 +19,8 @@ sources = files(
'cn10k_tls.c',
'cn20k_cryptodev.c',
'cn20k_cryptodev_ops.c',
+ 'cn20k_cryptodev_sec.c',
+ 'cn20k_ipsec.c',
'cnxk_cryptodev.c',
'cnxk_cryptodev_capabilities.c',
'cnxk_cryptodev_devargs.c',
--
2.25.1
next prev parent reply other threads:[~2025-06-03 11:51 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-03 11:50 [PATCH v2 00/25] add CN20K support to cnxk crypto PMD Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 01/25] crypto/cnxk: probe cn20k device Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 02/25] crypto/cnxk: add cn20k ops skeleton Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 03/25] crypto/cnxk: add dev info get Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 04/25] crypto/cnxk: add cn20k datapath skeleton Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 05/25] crypto/cnxk: add cn20k lmtst routines Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 06/25] crypto/cnxk: add cn20k enqueue path Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 07/25] crypto/cnxk: add cn20k dequeue path Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 08/25] crypto/cnxk: move debug dumps to common Tejasree Kondoj
2025-06-03 11:50 ` Tejasree Kondoj [this message]
2025-06-03 11:50 ` [PATCH v2 10/25] crypto/cnxk: add security session creation Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 11/25] crypto/cnxk: add security session destroy Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 12/25] crypto/cnxk: move code to common Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 13/25] crypto/cnxk: add IPsec session update Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 14/25] crypto/cnxk: add security datapath Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 15/25] crypto/cnxk: add Rx inject in security lookaside Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 16/25] crypto/cnxk: add TLS skeleton Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 17/25] crypto/cnxk: add TLS read session Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 18/25] crypto/cnxk: add TLS write session Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 19/25] crypto/cnxk: add TLS session destroy Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 20/25] crypto/cnxk: add TLS datapath Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 21/25] crypto/cnxk: add TLS post process Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 22/25] crypto/cnxk: add TLS session update Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 23/25] crypto/cnxk: support raw API for cn20k Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 24/25] crypto/cnxk: add model check " Tejasree Kondoj
2025-06-03 11:50 ` [PATCH v2 25/25] doc: update cn20k CPT documentation Tejasree Kondoj
2025-06-03 14:25 ` [PATCH v2 00/25] add CN20K support to cnxk crypto PMD Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250603115026.2664706-10-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).