From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
by inbox.dpdk.org (Postfix) with ESMTP id CEC9442CB3;
Wed, 14 Jun 2023 15:11:07 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
by mails.dpdk.org (Postfix) with ESMTP id EC6E141101;
Wed, 14 Jun 2023 15:10:11 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
[67.231.148.174])
by mails.dpdk.org (Postfix) with ESMTP id 0DFD3410EE
for <dev@dpdk.org>; Wed, 14 Jun 2023 15:10:09 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
35ECFi4J027105; Wed, 14 Jun 2023 06:10:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : mime-version :
content-transfer-encoding : content-type; s=pfpt0220;
bh=H91ThSAQeLhjIBK/NGa8n6z/V+F4g5TwX0NyIGkvdfk=;
b=GycPYzHTZg6YAoDSC8tWXPlHKqqefYQHb9UNWcxG6AjdWujCRceRD285FNC7PRD12ylh
uu3SAf+HRTfYMw05Az5hO93jnDYm6fCkrUii71NTYji2JWA+zr/kkIkm5wdjKTnIp2d4
QLPIP2nVL30Grwsv240FRvTIHeDWLrCWrRfqpQjZiZU/Y6LnmRocFaNun1BsRW9fSDYA
DSwIZxaOj1JmiqbWRllE5zVkfjmyhLa6I6thEKrhWSBtDoLA31CnhG+fpF507jMZAuNf
bGit/wMfE/ChKFwDbCCOJLgteepIq6j0DheDPKXngQK1XWrNzFIpZUmpL0owMbqH4Xlj 6A==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r7dd2r5pm-2
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
Wed, 14 Jun 2023 06:09:50 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
(10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
Wed, 14 Jun 2023 06:09:46 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
(10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
Transport; Wed, 14 Jun 2023 06:09:46 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
by maili.marvell.com (Postfix) with ESMTP id 26BB63F7059;
Wed, 14 Jun 2023 06:09:43 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <david.marchand@redhat.com>,
<vattunuru@marvell.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>,
<ndabilpuram@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v5 13/15] net/cnxk: create/destroy MACsec SC/SA
Date: Wed, 14 Jun 2023 18:38:59 +0530
Message-ID: <20230614130901.3245809-14-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230614130901.3245809-1-gakhil@marvell.com>
References: <20230613102009.2390568-1-gakhil@marvell.com>
<20230614130901.3245809-1-gakhil@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: Mz1DwIRPJG5jYkU_blo-xoN195imRdmo
X-Proofpoint-ORIG-GUID: Mz1DwIRPJG5jYkU_blo-xoN195imRdmo
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26
definitions=2023-06-14_08,2023-06-14_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Added support to create/destroy MACsec SA and SC.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
drivers/net/cnxk/cn10k_ethdev_sec.c | 9 +-
drivers/net/cnxk/cnxk_ethdev_mcs.c | 253 ++++++++++++++++++++++++++++
drivers/net/cnxk/cnxk_ethdev_mcs.h | 16 ++
3 files changed, 274 insertions(+), 4 deletions(-)
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 8dd2c8b7a5..1db29a0b55 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -9,6 +9,7 @@
#include <rte_pmd_cnxk.h>
#include <cn10k_ethdev.h>
+#include <cnxk_ethdev_mcs.h>
#include <cnxk_security.h>
#include <roc_priv.h>
@@ -1090,10 +1091,10 @@ cn10k_eth_sec_ops_override(void)
init_once = 1;
/* Update platform specific ops */
- cnxk_eth_sec_ops.macsec_sa_create = NULL;
- cnxk_eth_sec_ops.macsec_sc_create = NULL;
- cnxk_eth_sec_ops.macsec_sa_destroy = NULL;
- cnxk_eth_sec_ops.macsec_sc_destroy = NULL;
+ cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
+ cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
+ cnxk_eth_sec_ops.macsec_sa_destroy = cnxk_eth_macsec_sa_destroy;
+ cnxk_eth_sec_ops.macsec_sc_destroy = cnxk_eth_macsec_sc_destroy;
cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.c b/drivers/net/cnxk/cnxk_ethdev_mcs.c
index b0205f45c5..8eb21108cb 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.c
@@ -6,6 +6,259 @@
#include <cnxk_ethdev_mcs.h>
#include <roc_mcs.h>
+static int
+mcs_resource_alloc(struct cnxk_mcs_dev *mcs_dev, enum mcs_direction dir, uint8_t rsrc_id[],
+ uint8_t rsrc_cnt, enum cnxk_mcs_rsrc_type type)
+{
+ struct roc_mcs_alloc_rsrc_req req = {0};
+ struct roc_mcs_alloc_rsrc_rsp rsp;
+ int i;
+
+ req.rsrc_type = type;
+ req.rsrc_cnt = rsrc_cnt;
+ req.dir = dir;
+
+ memset(&rsp, 0, sizeof(struct roc_mcs_alloc_rsrc_rsp));
+
+ if (roc_mcs_rsrc_alloc(mcs_dev->mdev, &req, &rsp)) {
+ plt_err("Cannot allocate mcs resource.");
+ return -1;
+ }
+
+ for (i = 0; i < rsrc_cnt; i++) {
+ switch (rsp.rsrc_type) {
+ case CNXK_MCS_RSRC_TYPE_FLOWID:
+ rsrc_id[i] = rsp.flow_ids[i];
+ break;
+ case CNXK_MCS_RSRC_TYPE_SECY:
+ rsrc_id[i] = rsp.secy_ids[i];
+ break;
+ case CNXK_MCS_RSRC_TYPE_SC:
+ rsrc_id[i] = rsp.sc_ids[i];
+ break;
+ case CNXK_MCS_RSRC_TYPE_SA:
+ rsrc_id[i] = rsp.sa_ids[i];
+ break;
+ default:
+ plt_err("Invalid mcs resource allocated.");
+ return -1;
+ }
+ }
+ return 0;
+}
+
+int
+cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ uint8_t salt[RTE_SECURITY_MACSEC_SALT_LEN] = {0};
+ struct roc_mcs_pn_table_write_req pn_req = {0};
+ uint8_t hash_key_rev[CNXK_MACSEC_HASH_KEY] = {0};
+ uint8_t hash_key[CNXK_MACSEC_HASH_KEY] = {0};
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ struct roc_mcs_sa_plcy_write_req req;
+ uint8_t ciph_key[32] = {0};
+ enum mcs_direction dir;
+ uint8_t sa_id = 0;
+ int i, ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ ret = mcs_resource_alloc(mcs_dev, dir, &sa_id, 1, CNXK_MCS_RSRC_TYPE_SA);
+ if (ret) {
+ plt_err("Failed to allocate SA id.");
+ return -ENOMEM;
+ }
+ memset(&req, 0, sizeof(struct roc_mcs_sa_plcy_write_req));
+ req.sa_index[0] = sa_id;
+ req.sa_cnt = 1;
+ req.dir = dir;
+
+ if (conf->key.length != 16 && conf->key.length != 32)
+ return -EINVAL;
+
+ for (i = 0; i < conf->key.length; i++)
+ ciph_key[i] = conf->key.data[conf->key.length - 1 - i];
+
+ memcpy(&req.plcy[0][0], ciph_key, conf->key.length);
+
+ roc_aes_hash_key_derive(conf->key.data, conf->key.length, hash_key);
+ for (i = 0; i < CNXK_MACSEC_HASH_KEY; i++)
+ hash_key_rev[i] = hash_key[CNXK_MACSEC_HASH_KEY - 1 - i];
+
+ memcpy(&req.plcy[0][4], hash_key_rev, CNXK_MACSEC_HASH_KEY);
+
+ for (i = 0; i < RTE_SECURITY_MACSEC_SALT_LEN; i++)
+ salt[i] = conf->salt[RTE_SECURITY_MACSEC_SALT_LEN - 1 - i];
+ memcpy(&req.plcy[0][6], salt, RTE_SECURITY_MACSEC_SALT_LEN);
+
+ req.plcy[0][7] |= (uint64_t)conf->ssci << 32;
+ req.plcy[0][8] = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? (conf->an & 0x3) : 0;
+
+ ret = roc_mcs_sa_policy_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to write SA policy.");
+ return -EINVAL;
+ }
+ pn_req.next_pn = ((uint64_t)conf->xpn << 32) | rte_be_to_cpu_32(conf->next_pn);
+ pn_req.pn_id = sa_id;
+ pn_req.dir = dir;
+
+ ret = roc_mcs_pn_table_write(mcs_dev->mdev, &pn_req);
+ if (ret) {
+ plt_err("Failed to write PN table.");
+ return -EINVAL;
+ }
+
+ return sa_id;
+}
+
+int
+cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id, enum rte_security_macsec_direction dir)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ struct roc_mcs_clear_stats stats_req = {0};
+ struct roc_mcs_free_rsrc_req req = {0};
+ int ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ stats_req.type = CNXK_MCS_RSRC_TYPE_SA;
+ stats_req.id = sa_id;
+ stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ stats_req.all = 0;
+
+ ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+ if (ret)
+ plt_err("Failed to clear stats for SA id %u, dir %u.", sa_id, dir);
+
+ req.rsrc_id = sa_id;
+ req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ req.rsrc_type = CNXK_MCS_RSRC_TYPE_SA;
+
+ ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+ if (ret)
+ plt_err("Failed to free SA id %u, dir %u.", sa_id, dir);
+
+ return ret;
+}
+
+int
+cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct roc_mcs_set_pn_threshold pn_thresh = {0};
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ enum mcs_direction dir;
+ uint8_t sc_id = 0;
+ int i, ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ ret = mcs_resource_alloc(mcs_dev, dir, &sc_id, 1, CNXK_MCS_RSRC_TYPE_SC);
+ if (ret) {
+ plt_err("Failed to allocate SC id.");
+ return -ENOMEM;
+ }
+
+ if (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {
+ struct roc_mcs_tx_sc_sa_map req = {0};
+
+ req.sa_index0 = conf->sc_tx.sa_id & 0xFF;
+ req.sa_index1 = conf->sc_tx.sa_id_rekey & 0xFF;
+ req.rekey_ena = conf->sc_tx.re_key_en;
+ req.sa_index0_vld = conf->sc_tx.active;
+ req.sa_index1_vld = conf->sc_tx.re_key_en && conf->sc_tx.active;
+ req.tx_sa_active = 0;
+ req.sectag_sci = conf->sc_tx.sci;
+ req.sc_id = sc_id;
+
+ ret = roc_mcs_tx_sc_sa_map_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to map TX SC-SA");
+ return -EINVAL;
+ }
+ pn_thresh.xpn = conf->sc_tx.is_xpn;
+ } else {
+ for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+ struct roc_mcs_rx_sc_sa_map req = {0};
+
+ req.sa_index = conf->sc_rx.sa_id[i] & 0x7F;
+ req.sc_id = sc_id;
+ req.an = i & 0x3;
+ req.sa_in_use = 0;
+ /* Clearing the sa_in_use bit automatically clears
+ * the corresponding pn_thresh_reached bit
+ */
+ ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to map RX SC-SA");
+ return -EINVAL;
+ }
+ req.sa_in_use = conf->sc_rx.sa_in_use[i];
+ ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to map RX SC-SA");
+ return -EINVAL;
+ }
+ }
+ pn_thresh.xpn = conf->sc_rx.is_xpn;
+ }
+
+ pn_thresh.threshold = conf->pn_threshold;
+ pn_thresh.dir = dir;
+
+ ret = roc_mcs_pn_threshold_set(mcs_dev->mdev, &pn_thresh);
+ if (ret) {
+ plt_err("Failed to write PN threshold.");
+ return -EINVAL;
+ }
+
+ return sc_id;
+}
+
+int
+cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id, enum rte_security_macsec_direction dir)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ struct roc_mcs_clear_stats stats_req = {0};
+ struct roc_mcs_free_rsrc_req req = {0};
+ int ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ stats_req.type = CNXK_MCS_RSRC_TYPE_SC;
+ stats_req.id = sc_id;
+ stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ stats_req.all = 0;
+
+ ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+ if (ret)
+ plt_err("Failed to clear stats for SC id %u, dir %u.", sc_id, dir);
+
+ req.rsrc_id = sc_id;
+ req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ req.rsrc_type = CNXK_MCS_RSRC_TYPE_SC;
+
+ ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+ if (ret)
+ plt_err("Failed to free SC id.");
+
+ return ret;
+}
+
static int
cnxk_mcs_event_cb(void *userdata, struct roc_mcs_event_desc *desc, void *cb_arg)
{
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.h b/drivers/net/cnxk/cnxk_ethdev_mcs.h
index 29a2e34a56..1076cd16b5 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.h
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.h
@@ -16,6 +16,14 @@ struct cnxk_mcs_dev {
uint8_t idx;
};
+enum cnxk_mcs_rsrc_type {
+ CNXK_MCS_RSRC_TYPE_FLOWID,
+ CNXK_MCS_RSRC_TYPE_SECY,
+ CNXK_MCS_RSRC_TYPE_SC,
+ CNXK_MCS_RSRC_TYPE_SA,
+ CNXK_MCS_RSRC_TYPE_PORT,
+};
+
struct cnxk_mcs_event_data {
/* Valid for below events
* - ROC_MCS_EVENT_RX_SA_PN_SOFT_EXP
@@ -63,4 +71,12 @@ struct cnxk_mcs_event_desc {
struct cnxk_mcs_event_data metadata;
};
+int cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf);
+int cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf);
+
+int cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id,
+ enum rte_security_macsec_direction dir);
+int cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id,
+ enum rte_security_macsec_direction dir);
+
#endif /* CNXK_ETHDEV_MCS_H */
--
2.25.1