From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B261942F93; Mon, 31 Jul 2023 05:45:00 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7604E43067; Mon, 31 Jul 2023 05:45:00 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 5370E40150 for ; Mon, 31 Jul 2023 05:44:59 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 36ULo53E007212 for ; Sun, 30 Jul 2023 20:44:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=1hWbqjAz4ZhEyiollPX3zWhPRxkgCdrVhgsqrsjt+jk=; b=fIHYsMuzT79lzzlNTF2IXGpJciFcYfCB5X1uTusA6ie66MQ12jk2GXB4CnwxdRBh0W46 8PPoPRsWKO+z5x9J/aF+gWp0yCQSZw/eLjjmFKMP+4YzQQNfuYc6DJhxq69F4VroF5zA pmlsSXDDr/PGoDDoytXtYJUREJsr53MxyZU7DPqKuI+sJrnwWEISWf9ztRzic4D/wjHx lxCpmDjtO+epgBQsrl1zzS8AcmLtFGD0Be6q8A5pdHSelP1I9H4DDbFSCBjhaCXyVxxA 7HtJ+Km6L+8DzLUMOovHKvZDKvJVIql1g4zsfgFKKOfAZbrQeU9T0/sVPBkW40rKm07t 4g== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3s504nm4q8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sun, 30 Jul 2023 20:44:58 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Sun, 30 Jul 2023 20:44:56 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Sun, 30 Jul 2023 20:44:56 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 2BC603F70C2; Sun, 30 Jul 2023 20:44:54 -0700 (PDT) From: Akhil Goyal To: CC: , , Subject: [PATCH 2/3] net/cnxk: add MACsec capability Date: Mon, 31 Jul 2023 09:14:46 +0530 Message-ID: <20230731034447.929506-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230731034447.929506-1-gakhil@marvell.com> References: <20230731034447.929506-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: lK3PttOGAa08n4tv5VjvnnDvnmirybAK X-Proofpoint-GUID: lK3PttOGAa08n4tv5VjvnnDvnmirybAK X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-27_10,2023-07-26_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi Adds the MACsec capability for CN10K-B. The ethernet security capability structure is populated based on the feature supported by the device. Signed-off-by: Ankur Dwivedi --- drivers/common/cnxk/roc_features.h | 6 ++ drivers/common/cnxk/roc_mcs.h | 3 + drivers/net/cnxk/cn10k_ethdev_sec.c | 120 +++++++++++++++++++++++++++- 3 files changed, 125 insertions(+), 4 deletions(-) diff --git a/drivers/common/cnxk/roc_features.h b/drivers/common/cnxk/roc_features.h index 815f800e7a..d5d0c0c901 100644 --- a/drivers/common/cnxk/roc_features.h +++ b/drivers/common/cnxk/roc_features.h @@ -71,4 +71,10 @@ roc_feature_bphy_has_macsec(void) { return roc_model_is_cnf10kb(); } + +static inline bool +roc_feature_nix_has_inl_ipsec(void) +{ + return !roc_model_is_cnf10kb(); +} #endif diff --git a/drivers/common/cnxk/roc_mcs.h b/drivers/common/cnxk/roc_mcs.h index afac6c92e2..602f1cae1d 100644 --- a/drivers/common/cnxk/roc_mcs.h +++ b/drivers/common/cnxk/roc_mcs.h @@ -7,6 +7,9 @@ #define MCS_AES_GCM_256_KEYLEN 32 +#define ROC_MCS_MAX_AR_WINSZ BIT_ULL(31) +#define ROC_MCS_MAX_MTU (BIT_ULL(16) - 1) + struct roc_mcs_alloc_rsrc_req { uint8_t rsrc_type; uint8_t rsrc_cnt; /* Resources count */ diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c index b98fc9378e..a7473922af 100644 --- a/drivers/net/cnxk/cn10k_ethdev_sec.c +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c @@ -303,7 +303,7 @@ static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -static const struct rte_security_capability cn10k_eth_sec_capabilities[] = { +static const struct rte_security_capability cn10k_eth_sec_ipsec_capabilities[] = { { /* IPsec Inline Protocol ESP Tunnel Ingress */ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, .protocol = RTE_SECURITY_PROTOCOL_IPSEC, @@ -401,11 +401,100 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = { .crypto_capabilities = cn10k_eth_sec_crypto_caps, .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA }, - { - .action = RTE_SECURITY_ACTION_TYPE_NONE - } }; +static const struct rte_security_capability cn10k_eth_sec_macsec_capabilities[] = { + { /* MACsec Inline Protocol, AES-GCM-128 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, + { /* MACsec Inline Protocol, AES-GCM-256 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, + { /* MACsec Inline Protocol, AES-GCM-XPN-128 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, + { /* MACsec Inline Protocol, AES-GCM-XPN-256 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, +}; + +#define SEC_CAPS_LEN (RTE_DIM(cn10k_eth_sec_ipsec_capabilities) + \ + RTE_DIM(cn10k_eth_sec_macsec_capabilities) + 1) + +static struct rte_security_capability cn10k_eth_sec_capabilities[SEC_CAPS_LEN]; + static inline void cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf) { @@ -1093,15 +1182,38 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, return 0; } +static void +eth_sec_caps_add(struct rte_security_capability eth_sec_caps[], uint32_t *idx, + const struct rte_security_capability *caps, uint32_t nb_caps) +{ + PLT_VERIFY(*idx + nb_caps < SEC_CAPS_LEN); + + rte_memcpy(ð_sec_caps[*idx], caps, nb_caps * sizeof(caps[0])); + *idx += nb_caps; +} + void cn10k_eth_sec_ops_override(void) { static int init_once; + uint32_t idx = 0; if (init_once) return; init_once = 1; + if (roc_feature_nix_has_inl_ipsec()) + eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx, + cn10k_eth_sec_ipsec_capabilities, + RTE_DIM(cn10k_eth_sec_ipsec_capabilities)); + + if (roc_feature_nix_has_macsec()) + eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx, + cn10k_eth_sec_macsec_capabilities, + RTE_DIM(cn10k_eth_sec_macsec_capabilities)); + + cn10k_eth_sec_capabilities[idx].action = RTE_SECURITY_ACTION_TYPE_NONE; + /* Update platform specific ops */ cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create; cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create; -- 2.25.1