From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id CEC9442CB3;
	Wed, 14 Jun 2023 15:11:07 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id EC6E141101;
	Wed, 14 Jun 2023 15:10:11 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 0DFD3410EE
 for <dev@dpdk.org>; Wed, 14 Jun 2023 15:10:09 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 35ECFi4J027105; Wed, 14 Jun 2023 06:10:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=H91ThSAQeLhjIBK/NGa8n6z/V+F4g5TwX0NyIGkvdfk=;
 b=GycPYzHTZg6YAoDSC8tWXPlHKqqefYQHb9UNWcxG6AjdWujCRceRD285FNC7PRD12ylh
 uu3SAf+HRTfYMw05Az5hO93jnDYm6fCkrUii71NTYji2JWA+zr/kkIkm5wdjKTnIp2d4
 QLPIP2nVL30Grwsv240FRvTIHeDWLrCWrRfqpQjZiZU/Y6LnmRocFaNun1BsRW9fSDYA
 DSwIZxaOj1JmiqbWRllE5zVkfjmyhLa6I6thEKrhWSBtDoLA31CnhG+fpF507jMZAuNf
 bGit/wMfE/ChKFwDbCCOJLgteepIq6j0DheDPKXngQK1XWrNzFIpZUmpL0owMbqH4Xlj 6A== 
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r7dd2r5pm-2
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 14 Jun 2023 06:09:50 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Wed, 14 Jun 2023 06:09:46 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Wed, 14 Jun 2023 06:09:46 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 26BB63F7059;
 Wed, 14 Jun 2023 06:09:43 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <david.marchand@redhat.com>,
 <vattunuru@marvell.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>,
 <ndabilpuram@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v5 13/15] net/cnxk: create/destroy MACsec SC/SA
Date: Wed, 14 Jun 2023 18:38:59 +0530
Message-ID: <20230614130901.3245809-14-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230614130901.3245809-1-gakhil@marvell.com>
References: <20230613102009.2390568-1-gakhil@marvell.com>
 <20230614130901.3245809-1-gakhil@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: Mz1DwIRPJG5jYkU_blo-xoN195imRdmo
X-Proofpoint-ORIG-GUID: Mz1DwIRPJG5jYkU_blo-xoN195imRdmo
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26
 definitions=2023-06-14_08,2023-06-14_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added support to create/destroy MACsec SA and SC.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c |   9 +-
 drivers/net/cnxk/cnxk_ethdev_mcs.c  | 253 ++++++++++++++++++++++++++++
 drivers/net/cnxk/cnxk_ethdev_mcs.h  |  16 ++
 3 files changed, 274 insertions(+), 4 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 8dd2c8b7a5..1db29a0b55 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -9,6 +9,7 @@
 #include <rte_pmd_cnxk.h>
 
 #include <cn10k_ethdev.h>
+#include <cnxk_ethdev_mcs.h>
 #include <cnxk_security.h>
 #include <roc_priv.h>
 
@@ -1090,10 +1091,10 @@ cn10k_eth_sec_ops_override(void)
 	init_once = 1;
 
 	/* Update platform specific ops */
-	cnxk_eth_sec_ops.macsec_sa_create = NULL;
-	cnxk_eth_sec_ops.macsec_sc_create = NULL;
-	cnxk_eth_sec_ops.macsec_sa_destroy = NULL;
-	cnxk_eth_sec_ops.macsec_sc_destroy = NULL;
+	cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
+	cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
+	cnxk_eth_sec_ops.macsec_sa_destroy = cnxk_eth_macsec_sa_destroy;
+	cnxk_eth_sec_ops.macsec_sc_destroy = cnxk_eth_macsec_sc_destroy;
 	cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
 	cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
 	cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.c b/drivers/net/cnxk/cnxk_ethdev_mcs.c
index b0205f45c5..8eb21108cb 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.c
@@ -6,6 +6,259 @@
 #include <cnxk_ethdev_mcs.h>
 #include <roc_mcs.h>
 
+static int
+mcs_resource_alloc(struct cnxk_mcs_dev *mcs_dev, enum mcs_direction dir, uint8_t rsrc_id[],
+		   uint8_t rsrc_cnt, enum cnxk_mcs_rsrc_type type)
+{
+	struct roc_mcs_alloc_rsrc_req req = {0};
+	struct roc_mcs_alloc_rsrc_rsp rsp;
+	int i;
+
+	req.rsrc_type = type;
+	req.rsrc_cnt = rsrc_cnt;
+	req.dir = dir;
+
+	memset(&rsp, 0, sizeof(struct roc_mcs_alloc_rsrc_rsp));
+
+	if (roc_mcs_rsrc_alloc(mcs_dev->mdev, &req, &rsp)) {
+		plt_err("Cannot allocate mcs resource.");
+		return -1;
+	}
+
+	for (i = 0; i < rsrc_cnt; i++) {
+		switch (rsp.rsrc_type) {
+		case CNXK_MCS_RSRC_TYPE_FLOWID:
+			rsrc_id[i] = rsp.flow_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SECY:
+			rsrc_id[i] = rsp.secy_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SC:
+			rsrc_id[i] = rsp.sc_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SA:
+			rsrc_id[i] = rsp.sa_ids[i];
+			break;
+		default:
+			plt_err("Invalid mcs resource allocated.");
+			return -1;
+		}
+	}
+	return 0;
+}
+
+int
+cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	uint8_t salt[RTE_SECURITY_MACSEC_SALT_LEN] = {0};
+	struct roc_mcs_pn_table_write_req pn_req = {0};
+	uint8_t hash_key_rev[CNXK_MACSEC_HASH_KEY] = {0};
+	uint8_t hash_key[CNXK_MACSEC_HASH_KEY] = {0};
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_sa_plcy_write_req req;
+	uint8_t ciph_key[32] = {0};
+	enum mcs_direction dir;
+	uint8_t sa_id = 0;
+	int i, ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	ret = mcs_resource_alloc(mcs_dev, dir, &sa_id, 1, CNXK_MCS_RSRC_TYPE_SA);
+	if (ret) {
+		plt_err("Failed to allocate SA id.");
+		return -ENOMEM;
+	}
+	memset(&req, 0, sizeof(struct roc_mcs_sa_plcy_write_req));
+	req.sa_index[0] = sa_id;
+	req.sa_cnt = 1;
+	req.dir = dir;
+
+	if (conf->key.length != 16 && conf->key.length != 32)
+		return -EINVAL;
+
+	for (i = 0; i < conf->key.length; i++)
+		ciph_key[i] = conf->key.data[conf->key.length - 1 - i];
+
+	memcpy(&req.plcy[0][0], ciph_key, conf->key.length);
+
+	roc_aes_hash_key_derive(conf->key.data, conf->key.length, hash_key);
+	for (i = 0; i < CNXK_MACSEC_HASH_KEY; i++)
+		hash_key_rev[i] = hash_key[CNXK_MACSEC_HASH_KEY - 1 - i];
+
+	memcpy(&req.plcy[0][4], hash_key_rev, CNXK_MACSEC_HASH_KEY);
+
+	for (i = 0; i < RTE_SECURITY_MACSEC_SALT_LEN; i++)
+		salt[i] = conf->salt[RTE_SECURITY_MACSEC_SALT_LEN - 1 - i];
+	memcpy(&req.plcy[0][6], salt, RTE_SECURITY_MACSEC_SALT_LEN);
+
+	req.plcy[0][7] |= (uint64_t)conf->ssci << 32;
+	req.plcy[0][8] = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? (conf->an & 0x3) : 0;
+
+	ret = roc_mcs_sa_policy_write(mcs_dev->mdev, &req);
+	if (ret) {
+		plt_err("Failed to write SA policy.");
+		return -EINVAL;
+	}
+	pn_req.next_pn = ((uint64_t)conf->xpn << 32) | rte_be_to_cpu_32(conf->next_pn);
+	pn_req.pn_id = sa_id;
+	pn_req.dir = dir;
+
+	ret = roc_mcs_pn_table_write(mcs_dev->mdev, &pn_req);
+	if (ret) {
+		plt_err("Failed to write PN table.");
+		return -EINVAL;
+	}
+
+	return sa_id;
+}
+
+int
+cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id, enum rte_security_macsec_direction dir)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_clear_stats stats_req = {0};
+	struct roc_mcs_free_rsrc_req req = {0};
+	int ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	stats_req.type = CNXK_MCS_RSRC_TYPE_SA;
+	stats_req.id = sa_id;
+	stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	stats_req.all = 0;
+
+	ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+	if (ret)
+		plt_err("Failed to clear stats for SA id %u, dir %u.", sa_id, dir);
+
+	req.rsrc_id = sa_id;
+	req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	req.rsrc_type = CNXK_MCS_RSRC_TYPE_SA;
+
+	ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+	if (ret)
+		plt_err("Failed to free SA id %u, dir %u.", sa_id, dir);
+
+	return ret;
+}
+
+int
+cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct roc_mcs_set_pn_threshold pn_thresh = {0};
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	enum mcs_direction dir;
+	uint8_t sc_id = 0;
+	int i, ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	ret = mcs_resource_alloc(mcs_dev, dir, &sc_id, 1, CNXK_MCS_RSRC_TYPE_SC);
+	if (ret) {
+		plt_err("Failed to allocate SC id.");
+		return -ENOMEM;
+	}
+
+	if (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {
+		struct roc_mcs_tx_sc_sa_map req = {0};
+
+		req.sa_index0 = conf->sc_tx.sa_id & 0xFF;
+		req.sa_index1 = conf->sc_tx.sa_id_rekey & 0xFF;
+		req.rekey_ena = conf->sc_tx.re_key_en;
+		req.sa_index0_vld = conf->sc_tx.active;
+		req.sa_index1_vld = conf->sc_tx.re_key_en && conf->sc_tx.active;
+		req.tx_sa_active = 0;
+		req.sectag_sci = conf->sc_tx.sci;
+		req.sc_id = sc_id;
+
+		ret = roc_mcs_tx_sc_sa_map_write(mcs_dev->mdev, &req);
+		if (ret) {
+			plt_err("Failed to map TX SC-SA");
+			return -EINVAL;
+		}
+		pn_thresh.xpn = conf->sc_tx.is_xpn;
+	} else {
+		for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+			struct roc_mcs_rx_sc_sa_map req = {0};
+
+			req.sa_index = conf->sc_rx.sa_id[i] & 0x7F;
+			req.sc_id = sc_id;
+			req.an = i & 0x3;
+			req.sa_in_use = 0;
+			/* Clearing the sa_in_use bit automatically clears
+			 * the corresponding pn_thresh_reached bit
+			 */
+			ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+			if (ret) {
+				plt_err("Failed to map RX SC-SA");
+				return -EINVAL;
+			}
+			req.sa_in_use = conf->sc_rx.sa_in_use[i];
+			ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+			if (ret) {
+				plt_err("Failed to map RX SC-SA");
+				return -EINVAL;
+			}
+		}
+		pn_thresh.xpn = conf->sc_rx.is_xpn;
+	}
+
+	pn_thresh.threshold = conf->pn_threshold;
+	pn_thresh.dir = dir;
+
+	ret = roc_mcs_pn_threshold_set(mcs_dev->mdev, &pn_thresh);
+	if (ret) {
+		plt_err("Failed to write PN threshold.");
+		return -EINVAL;
+	}
+
+	return sc_id;
+}
+
+int
+cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id, enum rte_security_macsec_direction dir)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_clear_stats stats_req = {0};
+	struct roc_mcs_free_rsrc_req req = {0};
+	int ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	stats_req.type = CNXK_MCS_RSRC_TYPE_SC;
+	stats_req.id = sc_id;
+	stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	stats_req.all = 0;
+
+	ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+	if (ret)
+		plt_err("Failed to clear stats for SC id %u, dir %u.", sc_id, dir);
+
+	req.rsrc_id = sc_id;
+	req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	req.rsrc_type = CNXK_MCS_RSRC_TYPE_SC;
+
+	ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+	if (ret)
+		plt_err("Failed to free SC id.");
+
+	return ret;
+}
+
 static int
 cnxk_mcs_event_cb(void *userdata, struct roc_mcs_event_desc *desc, void *cb_arg)
 {
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.h b/drivers/net/cnxk/cnxk_ethdev_mcs.h
index 29a2e34a56..1076cd16b5 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.h
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.h
@@ -16,6 +16,14 @@ struct cnxk_mcs_dev {
 	uint8_t idx;
 };
 
+enum cnxk_mcs_rsrc_type {
+	CNXK_MCS_RSRC_TYPE_FLOWID,
+	CNXK_MCS_RSRC_TYPE_SECY,
+	CNXK_MCS_RSRC_TYPE_SC,
+	CNXK_MCS_RSRC_TYPE_SA,
+	CNXK_MCS_RSRC_TYPE_PORT,
+};
+
 struct cnxk_mcs_event_data {
 	/* Valid for below events
 	 * - ROC_MCS_EVENT_RX_SA_PN_SOFT_EXP
@@ -63,4 +71,12 @@ struct cnxk_mcs_event_desc {
 	struct cnxk_mcs_event_data metadata;
 };
 
+int cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf);
+int cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf);
+
+int cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id,
+			       enum rte_security_macsec_direction dir);
+int cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id,
+			       enum rte_security_macsec_direction dir);
+
 #endif /* CNXK_ETHDEV_MCS_H */
-- 
2.25.1