[PATCH v2 13/15] net/cnxk: create/destroy MACsec SC/SA

[Akhil Goyal <gakhil@marvell.com>]

Added support to create/destroy MACsec SA and SC.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c |   9 +-
 drivers/net/cnxk/cnxk_ethdev_mcs.c  | 250 ++++++++++++++++++++++++++++
 drivers/net/cnxk/cnxk_ethdev_mcs.h  |  16 ++
 3 files changed, 271 insertions(+), 4 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 8dd2c8b7a5..1db29a0b55 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -9,6 +9,7 @@
 #include <rte_pmd_cnxk.h>
 
 #include <cn10k_ethdev.h>
+#include <cnxk_ethdev_mcs.h>
 #include <cnxk_security.h>
 #include <roc_priv.h>
 
@@ -1090,10 +1091,10 @@ cn10k_eth_sec_ops_override(void)
 	init_once = 1;
 
 	/* Update platform specific ops */
-	cnxk_eth_sec_ops.macsec_sa_create = NULL;
-	cnxk_eth_sec_ops.macsec_sc_create = NULL;
-	cnxk_eth_sec_ops.macsec_sa_destroy = NULL;
-	cnxk_eth_sec_ops.macsec_sc_destroy = NULL;
+	cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
+	cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
+	cnxk_eth_sec_ops.macsec_sa_destroy = cnxk_eth_macsec_sa_destroy;
+	cnxk_eth_sec_ops.macsec_sc_destroy = cnxk_eth_macsec_sc_destroy;
 	cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
 	cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
 	cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.c b/drivers/net/cnxk/cnxk_ethdev_mcs.c
index b0205f45c5..89876abc57 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.c
@@ -6,6 +6,256 @@
 #include <cnxk_ethdev_mcs.h>
 #include <roc_mcs.h>
 
+static int
+mcs_resource_alloc(struct cnxk_mcs_dev *mcs_dev, enum mcs_direction dir, uint8_t rsrc_id[],
+		   uint8_t rsrc_cnt, enum cnxk_mcs_rsrc_type type)
+{
+	struct roc_mcs_alloc_rsrc_req req = {0};
+	struct roc_mcs_alloc_rsrc_rsp rsp = {0};
+	int i;
+
+	req.rsrc_type = type;
+	req.rsrc_cnt = rsrc_cnt;
+	req.dir = dir;
+
+	if (roc_mcs_rsrc_alloc(mcs_dev->mdev, &req, &rsp)) {
+		plt_err("Cannot allocate mcs resource.");
+		return -1;
+	}
+
+	for (i = 0; i < rsrc_cnt; i++) {
+		switch (rsp.rsrc_type) {
+		case CNXK_MCS_RSRC_TYPE_FLOWID:
+			rsrc_id[i] = rsp.flow_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SECY:
+			rsrc_id[i] = rsp.secy_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SC:
+			rsrc_id[i] = rsp.sc_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SA:
+			rsrc_id[i] = rsp.sa_ids[i];
+			break;
+		default:
+			plt_err("Invalid mcs resource allocated.");
+			return -1;
+		}
+	}
+	return 0;
+}
+
+int
+cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	uint8_t salt[RTE_SECURITY_MACSEC_SALT_LEN] = {0};
+	struct roc_mcs_pn_table_write_req pn_req = {0};
+	uint8_t hash_key_rev[CNXK_MACSEC_HASH_KEY] = {0};
+	uint8_t hash_key[CNXK_MACSEC_HASH_KEY] = {0};
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_sa_plcy_write_req req = {0};
+	uint8_t ciph_key[32] = {0};
+	enum mcs_direction dir;
+	uint8_t sa_id = 0;
+	int i, ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	ret = mcs_resource_alloc(mcs_dev, dir, &sa_id, 1, CNXK_MCS_RSRC_TYPE_SA);
+	if (ret) {
+		plt_err("Failed to allocate SA id.");
+		return -ENOMEM;
+	}
+	req.sa_index[0] = sa_id;
+	req.sa_cnt = 1;
+	req.dir = dir;
+
+	if (conf->key.length != 16 && conf->key.length != 32)
+		return -EINVAL;
+
+	for (i = 0; i < conf->key.length; i++)
+		ciph_key[i] = conf->key.data[conf->key.length - 1 - i];
+
+	memcpy(&req.plcy[0][0], ciph_key, conf->key.length);
+
+	roc_aes_hash_key_derive(conf->key.data, conf->key.length, hash_key);
+	for (i = 0; i < CNXK_MACSEC_HASH_KEY; i++)
+		hash_key_rev[i] = hash_key[CNXK_MACSEC_HASH_KEY - 1 - i];
+
+	memcpy(&req.plcy[0][4], hash_key_rev, CNXK_MACSEC_HASH_KEY);
+
+	for (i = 0; i < RTE_SECURITY_MACSEC_SALT_LEN; i++)
+		salt[i] = conf->salt[RTE_SECURITY_MACSEC_SALT_LEN - 1 - i];
+	memcpy(&req.plcy[0][6], salt, RTE_SECURITY_MACSEC_SALT_LEN);
+
+	req.plcy[0][7] |= (uint64_t)conf->ssci << 32;
+	req.plcy[0][8] = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? (conf->an & 0x3) : 0;
+
+	ret = roc_mcs_sa_policy_write(mcs_dev->mdev, &req);
+	if (ret) {
+		plt_err("Failed to write SA policy.");
+		return -EINVAL;
+	}
+	pn_req.next_pn = ((uint64_t)conf->xpn << 32) | rte_be_to_cpu_32(conf->next_pn);
+	pn_req.pn_id = sa_id;
+	pn_req.dir = dir;
+
+	ret = roc_mcs_pn_table_write(mcs_dev->mdev, &pn_req);
+	if (ret) {
+		plt_err("Failed to write PN table.");
+		return -EINVAL;
+	}
+
+	return sa_id;
+}
+
+int
+cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id, enum rte_security_macsec_direction dir)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_clear_stats stats_req = {0};
+	struct roc_mcs_free_rsrc_req req = {0};
+	int ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	stats_req.type = CNXK_MCS_RSRC_TYPE_SA;
+	stats_req.id = sa_id;
+	stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	stats_req.all = 0;
+
+	ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+	if (ret)
+		plt_err("Failed to clear stats for SA id %u, dir %u.", sa_id, dir);
+
+	req.rsrc_id = sa_id;
+	req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	req.rsrc_type = CNXK_MCS_RSRC_TYPE_SA;
+
+	ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+	if (ret)
+		plt_err("Failed to free SA id %u, dir %u.", sa_id, dir);
+
+	return ret;
+}
+
+int
+cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct roc_mcs_set_pn_threshold pn_thresh = {0};
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	enum mcs_direction dir;
+	uint8_t sc_id = 0;
+	int i, ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	ret = mcs_resource_alloc(mcs_dev, dir, &sc_id, 1, CNXK_MCS_RSRC_TYPE_SC);
+	if (ret) {
+		plt_err("Failed to allocate SC id.");
+		return -ENOMEM;
+	}
+
+	if (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {
+		struct roc_mcs_tx_sc_sa_map req = {0};
+
+		req.sa_index0 = conf->sc_tx.sa_id & 0xFF;
+		req.sa_index1 = conf->sc_tx.sa_id_rekey & 0xFF;
+		req.rekey_ena = conf->sc_tx.re_key_en;
+		req.sa_index0_vld = conf->sc_tx.active;
+		req.sa_index1_vld = conf->sc_tx.re_key_en && conf->sc_tx.active;
+		req.tx_sa_active = 0;
+		req.sectag_sci = conf->sc_tx.sci;
+		req.sc_id = sc_id;
+
+		ret = roc_mcs_tx_sc_sa_map_write(mcs_dev->mdev, &req);
+		if (ret) {
+			plt_err("Failed to map TX SC-SA");
+			return -EINVAL;
+		}
+		pn_thresh.xpn = conf->sc_tx.is_xpn;
+	} else {
+		for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+			struct roc_mcs_rx_sc_sa_map req = {0};
+
+			req.sa_index = conf->sc_rx.sa_id[i] & 0x7F;
+			req.sc_id = sc_id;
+			req.an = i & 0x3;
+			req.sa_in_use = 0;
+			/* Clearing the sa_in_use bit automatically clears
+			 * the corresponding pn_thresh_reached bit
+			 */
+			ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+			if (ret) {
+				plt_err("Failed to map RX SC-SA");
+				return -EINVAL;
+			}
+			req.sa_in_use = conf->sc_rx.sa_in_use[i];
+			ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+			if (ret) {
+				plt_err("Failed to map RX SC-SA");
+				return -EINVAL;
+			}
+		}
+		pn_thresh.xpn = conf->sc_rx.is_xpn;
+	}
+
+	pn_thresh.threshold = conf->pn_threshold;
+	pn_thresh.dir = dir;
+
+	ret = roc_mcs_pn_threshold_set(mcs_dev->mdev, &pn_thresh);
+	if (ret) {
+		plt_err("Failed to write PN threshold.");
+		return -EINVAL;
+	}
+
+	return sc_id;
+}
+
+int
+cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id, enum rte_security_macsec_direction dir)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_clear_stats stats_req = {0};
+	struct roc_mcs_free_rsrc_req req = {0};
+	int ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	stats_req.type = CNXK_MCS_RSRC_TYPE_SC;
+	stats_req.id = sc_id;
+	stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	stats_req.all = 0;
+
+	ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+	if (ret)
+		plt_err("Failed to clear stats for SC id %u, dir %u.", sc_id, dir);
+
+	req.rsrc_id = sc_id;
+	req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	req.rsrc_type = CNXK_MCS_RSRC_TYPE_SC;
+
+	ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+	if (ret)
+		plt_err("Failed to free SC id.");
+
+	return ret;
+}
+
 static int
 cnxk_mcs_event_cb(void *userdata, struct roc_mcs_event_desc *desc, void *cb_arg)
 {
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.h b/drivers/net/cnxk/cnxk_ethdev_mcs.h
index 762c299fb8..68c6493169 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.h
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.h
@@ -13,6 +13,14 @@ struct cnxk_mcs_dev {
 	uint8_t idx;
 };
 
+enum cnxk_mcs_rsrc_type {
+	CNXK_MCS_RSRC_TYPE_FLOWID,
+	CNXK_MCS_RSRC_TYPE_SECY,
+	CNXK_MCS_RSRC_TYPE_SC,
+	CNXK_MCS_RSRC_TYPE_SA,
+	CNXK_MCS_RSRC_TYPE_PORT,
+};
+
 struct cnxk_mcs_event_data {
 	/* Valid for below events
 	 * - ROC_MCS_EVENT_RX_SA_PN_SOFT_EXP
@@ -59,3 +67,11 @@ struct cnxk_mcs_event_desc {
 	enum roc_mcs_event_subtype subtype;
 	struct cnxk_mcs_event_data metadata;
 };
+
+int cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf);
+int cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf);
+
+int cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id,
+			       enum rte_security_macsec_direction dir);
+int cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id,
+			       enum rte_security_macsec_direction dir);
-- 
2.25.1