From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3A8D4A0C4C;
	Thu,  2 Sep 2021 15:44:08 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id C1B7640E2D;
	Thu,  2 Sep 2021 15:44:05 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 4130940142
 for <dev@dpdk.org>; Thu,  2 Sep 2021 15:44:04 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18281DLc011516
 for <dev@dpdk.org>; Thu, 2 Sep 2021 06:44:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=S2MbwPoLkDnW/QIzkYG0Lyov7qPQDNmYALRJeGGRgcE=;
 b=FfUFpzotWiG31DkcayMLYLSTloN0cDjfECsifl9CObFWXHtwfRWV2WwIH2SBs7P8BR+G
 4t0Yy2z8sih2dGzZT0IAfraTHPXMFGShOlUalvkINhBv22hknE0BQ0UE9IqJMsJTnCa+
 n5Lik1hnSj5rO2z9w4dupYL9aFii2A3JGC3zUT3/zrWAVukYD7rKKm761EoTpp/YnnDV
 1FhFreu87LV3nCYtHRKHDjcM77kkocURFVkvFzb6iPJX3xnGMDzIDVnvywrLEVq+SI4A
 cTXS9kLAgnY8LdZEHEkD9EgQf7kqX8BSDg8mAT5Wr1o6Co/by0x4GhBknMhCf7DJAlHU Dg== 
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0b-0016f401.pphosted.com with ESMTP id 3attqmh4fu-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
 for <dev@dpdk.org>; Thu, 02 Sep 2021 06:44:03 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18;
 Thu, 2 Sep 2021 06:44:01 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend
 Transport; Thu, 2 Sep 2021 06:44:01 -0700
Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15])
 by maili.marvell.com (Postfix) with ESMTP id 1B69D3F705E;
 Thu,  2 Sep 2021 06:43:58 -0700 (PDT)
From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>
CC: Archana Muniganti <marchana@marvell.com>, <ktejasree@marvell.com>,
 <adwivedi@marvell.com>, <anoobj@marvell.com>, <jerinj@marvell.com>,
 <dev@dpdk.org>, Vamsi Attunuru <vattunuru@marvell.com>
Date: Thu, 2 Sep 2021 19:12:50 +0530
Message-ID: <20210902134254.28373-5-marchana@marvell.com>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20210902134254.28373-1-marchana@marvell.com>
References: <20210902134254.28373-1-marchana@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: lq_xQgiJLCRc9UoApHd8Pesvb5t1R9P2
X-Proofpoint-ORIG-GUID: lq_xQgiJLCRc9UoApHd8Pesvb5t1R9P2
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475
 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01
Subject: [dpdk-dev] [PATCH 4/8] crypto/cnxk: add cn9k IPsec outbound session
 create function
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Adding logic for IPsec outbound session creation.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
---
 drivers/crypto/cnxk/cn9k_ipsec.c | 143 +++++++++++++++++++++++++++++--
 drivers/crypto/cnxk/cn9k_ipsec.h |  17 ++++
 2 files changed, 155 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index dd02cc7764..52fbc5e350 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -3,6 +3,7 @@
  */
 
 #include <rte_cryptodev.h>
+#include <rte_ip.h>
 #include <rte_security.h>
 #include <rte_security_driver.h>
 
@@ -275,12 +276,144 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 			  struct rte_crypto_sym_xform *crypto_xform,
 			  struct rte_security_session *sec_sess)
 {
-	RTE_SET_USED(qp);
-	RTE_SET_USED(ipsec);
-	RTE_SET_USED(crypto_xform);
-	RTE_SET_USED(sec_sess);
+	struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
+	struct roc_ie_on_ip_template *template = NULL;
+	struct cnxk_cpt_inst_tmpl *inst_tmpl;
+	struct roc_ie_on_outb_sa *out_sa;
+	struct cn9k_sec_session *sess;
+	struct roc_ie_on_sa_ctl *ctl;
+	struct cn9k_ipsec_sa *sa;
+	struct rte_ipv6_hdr *ip6;
+	struct rte_ipv4_hdr *ip4;
+	const uint8_t *auth_key;
+	union cpt_inst_w4 w4;
+	union cpt_inst_w7 w7;
+	int auth_key_len = 0;
+	size_t ctx_len;
+	int ret;
 
-	return 0;
+	sess = get_sec_session_private_data(sec_sess);
+	sa = &sess->sa;
+	out_sa = &sa->out_sa;
+	ctl = &out_sa->common_sa.ctl;
+
+	memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
+
+	/* Initialize lookaside IPsec private data */
+	sa->dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
+	/* Start ip id from 1 */
+	sa->ip_id = 1;
+	sa->seq_lo = 1;
+	sa->seq_hi = 0;
+
+	ret = fill_ipsec_common_sa(ipsec, crypto_xform, &out_sa->common_sa);
+	if (ret)
+		return ret;
+
+	ret = cnxk_ipsec_outb_rlens_get(&sa->rlens, ipsec, crypto_xform);
+	if (ret)
+		return ret;
+
+	if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) {
+		template = &out_sa->aes_gcm.template;
+		ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template);
+	} else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) {
+		template = &out_sa->sha1.template;
+		ctx_len = offsetof(struct roc_ie_on_outb_sa, sha1.template);
+	} else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA2_256) {
+		template = &out_sa->sha2.template;
+		ctx_len = offsetof(struct roc_ie_on_outb_sa, sha2.template);
+	} else {
+		return -EINVAL;
+	}
+
+	ip4 = (struct rte_ipv4_hdr *)&template->ip4.ipv4_hdr;
+	if (ipsec->options.udp_encap) {
+		ip4->next_proto_id = IPPROTO_UDP;
+		template->ip4.udp_src = rte_be_to_cpu_16(4500);
+		template->ip4.udp_dst = rte_be_to_cpu_16(4500);
+	} else {
+		ip4->next_proto_id = IPPROTO_ESP;
+	}
+
+	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+		if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+			ctx_len += sizeof(template->ip4);
+
+			ip4->version_ihl = RTE_IPV4_VHL_DEF;
+			ip4->time_to_live = ipsec->tunnel.ipv4.ttl;
+			ip4->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
+			if (ipsec->tunnel.ipv4.df)
+				ip4->fragment_offset = BIT(14);
+			memcpy(&ip4->src_addr, &ipsec->tunnel.ipv4.src_ip,
+			       sizeof(struct in_addr));
+			memcpy(&ip4->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
+			       sizeof(struct in_addr));
+		} else if (ipsec->tunnel.type ==
+			   RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
+			ctx_len += sizeof(template->ip6);
+
+			ip6 = (struct rte_ipv6_hdr *)&template->ip6.ipv6_hdr;
+			if (ipsec->options.udp_encap) {
+				ip6->proto = IPPROTO_UDP;
+				template->ip6.udp_src = rte_be_to_cpu_16(4500);
+				template->ip6.udp_dst = rte_be_to_cpu_16(4500);
+			} else {
+				ip6->proto = (ipsec->proto ==
+					      RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
+						     IPPROTO_ESP :
+						     IPPROTO_AH;
+			}
+			ip6->vtc_flow =
+				rte_cpu_to_be_32(0x60000000 |
+						 ((ipsec->tunnel.ipv6.dscp
+						   << RTE_IPV6_HDR_TC_SHIFT) &
+						  RTE_IPV6_HDR_TC_MASK) |
+						 ((ipsec->tunnel.ipv6.flabel
+						   << RTE_IPV6_HDR_FL_SHIFT) &
+						  RTE_IPV6_HDR_FL_MASK));
+			ip6->hop_limits = ipsec->tunnel.ipv6.hlimit;
+			memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr,
+			       sizeof(struct in6_addr));
+			memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr,
+			       sizeof(struct in6_addr));
+		}
+	} else
+		ctx_len += sizeof(template->ip4);
+
+	ctx_len += RTE_ALIGN_CEIL(ctx_len, 8);
+
+	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		sa->cipher_iv_off = crypto_xform->aead.iv.offset;
+		sa->cipher_iv_len = crypto_xform->aead.iv.length;
+	} else {
+		sa->cipher_iv_off = crypto_xform->cipher.iv.offset;
+		sa->cipher_iv_len = crypto_xform->cipher.iv.length;
+
+		auth_key = auth_xform->auth.key.data;
+		auth_key_len = auth_xform->auth.key.length;
+
+		if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+			memcpy(out_sa->sha1.hmac_key, auth_key, auth_key_len);
+		else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
+			memcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len);
+	}
+
+	inst_tmpl = &sa->inst;
+
+	w4.u64 = 0;
+	w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;
+	w4.s.opcode_minor = ctx_len >> 3;
+	w4.s.param1 = ROC_IE_ON_PER_PKT_IV;
+	inst_tmpl->w4 = w4.u64;
+
+	w7.u64 = 0;
+	w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE;
+	w7.s.cptr = rte_mempool_virt2iova(out_sa);
+	inst_tmpl->w7 = w7.u64;
+
+	return cn9k_cpt_enq_sa_write(
+		sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len);
 }
 
 static int
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h
index 0fe78df49b..13d522ec6f 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec.h
@@ -6,6 +6,7 @@
 #define __CN9K_IPSEC_H__
 
 #include "cnxk_ipsec.h"
+#include "cnxk_security.h"
 
 struct cn9k_ipsec_sa {
 	union {
@@ -18,6 +19,22 @@ struct cn9k_ipsec_sa {
 	enum rte_security_ipsec_sa_direction dir;
 	/** Pre-populated CPT inst words */
 	struct cnxk_cpt_inst_tmpl inst;
+	/** Cipher IV offset in bytes */
+	uint16_t cipher_iv_off;
+	/** Cipher IV length in bytes */
+	uint8_t cipher_iv_len;
+	/** Response length calculation data */
+	struct cnxk_ipsec_outb_rlens rlens;
+	/** Outbound IP-ID */
+	uint16_t ip_id;
+	/** ESN */
+	union {
+		uint64_t esn;
+		struct {
+			uint32_t seq_lo;
+			uint32_t seq_hi;
+		};
+	};
 };
 
 struct cn9k_sec_session {
-- 
2.22.0