[PATCH 02/13] net/cnxk: add IPsec SA defines for PMD API

[Nithin Dabilpuram <ndabilpuram@marvell.com>]

Define inbound and outbound IPsec data type for PMD API's
rte_pmd_cnxk_hw_sa_read() and rte_pmd_cnxk_hw_sa_write().

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c |  18 +-
 drivers/net/cnxk/rte_pmd_cnxk.h     | 397 +++++++++++++++++++++++++++-
 2 files changed, 411 insertions(+), 4 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 575d0fabd5..05ec49d981 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -14,6 +14,20 @@
 #include <cnxk_security.h>
 #include <roc_priv.h>
 
+PLT_STATIC_ASSERT(offsetof(struct rte_pmd_cnxk_ipsec_inb_sa, ctx.ar_winbits) ==
+		  offsetof(struct roc_ot_ipsec_inb_sa, ctx.ar_winbits));
+
+PLT_STATIC_ASSERT(offsetof(struct rte_pmd_cnxk_ipsec_outb_sa, ctx.mib_pkts) ==
+		  offsetof(struct roc_ot_ipsec_outb_sa, ctx.mib_pkts));
+
+PLT_STATIC_ASSERT(RTE_PMD_CNXK_CTX_MAX_CKEY_LEN == ROC_CTX_MAX_CKEY_LEN);
+PLT_STATIC_ASSERT(RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN == RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN);
+
+PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WIN_SIZE_MIN == ROC_AR_WIN_SIZE_MIN);
+PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WIN_SIZE_MAX == ROC_AR_WIN_SIZE_MAX);
+PLT_STATIC_ASSERT(RTE_PMD_CNXK_LOG_MIN_AR_WIN_SIZE_M1 == ROC_LOG_MIN_AR_WIN_SIZE_M1);
+PLT_STATIC_ASSERT(RTE_PMD_CNXK_AR_WINBITS_SZ == ROC_AR_WINBITS_SZ);
+
 static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = {
 	{	/* AES GCM */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
@@ -1143,7 +1157,7 @@ cn10k_eth_sec_session_update(void *device, struct rte_security_session *sess,
 
 int
 rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
-			void *data, uint32_t len)
+			union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
@@ -1166,7 +1180,7 @@ rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
 
 int
 rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
-			 void *data, uint32_t len)
+			 union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len)
 {
 	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
 	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
diff --git a/drivers/net/cnxk/rte_pmd_cnxk.h b/drivers/net/cnxk/rte_pmd_cnxk.h
index 7827c33ac9..43f2a7ed9b 100644
--- a/drivers/net/cnxk/rte_pmd_cnxk.h
+++ b/drivers/net/cnxk/rte_pmd_cnxk.h
@@ -60,6 +60,399 @@ struct rte_pmd_cnxk_sec_action {
 	enum rte_pmd_cnxk_sec_action_alg alg;
 };
 
+#define RTE_PMD_CNXK_CTX_MAX_CKEY_LEN	   32
+#define RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN 128
+
+/** Anti reply window size supported */
+#define RTE_PMD_CNXK_AR_WIN_SIZE_MIN	    64
+#define RTE_PMD_CNXK_AR_WIN_SIZE_MAX	    4096
+#define RTE_PMD_CNXK_LOG_MIN_AR_WIN_SIZE_M1 5
+
+/** u64 array size to fit anti replay window bits */
+#define RTE_PMD_CNXK_AR_WINBITS_SZ (RTE_ALIGN_CEIL(RTE_PMD_CNXK_AR_WIN_SIZE_MAX, 64) / 64)
+
+/** Outer header info for Inbound or Outbound */
+union rte_pmd_cnxk_ipsec_outer_ip_hdr {
+	struct {
+		/** IPv4 destination */
+		uint32_t dst_addr;
+		/** IPv4 source */
+		uint32_t src_addr;
+	} ipv4;
+	struct {
+		/** IPv6 source */
+		uint8_t src_addr[16];
+		/** IPv6 destination */
+		uint8_t dst_addr[16];
+	} ipv6;
+};
+
+/** Inbound IPsec context update region */
+struct rte_pmd_cnxk_ipsec_inb_ctx_update_reg {
+	/** Highest sequence number received */
+	uint64_t ar_base;
+	/** Valid bit for 64-bit words of replay window */
+	uint64_t ar_valid_mask;
+	/** Hard life for SA */
+	uint64_t hard_life;
+	/** Soft life for SA */
+	uint64_t soft_life;
+	/** MIB octets */
+	uint64_t mib_octs;
+	/** MIB packets */
+	uint64_t mib_pkts;
+	/** AR window bits */
+	uint64_t ar_winbits[RTE_PMD_CNXK_AR_WINBITS_SZ];
+};
+
+/** Outbound IPsec IV data */
+union rte_pmd_cnxk_ipsec_outb_iv {
+	uint64_t u64[2];
+	/** IV debug - 16B*/
+	uint8_t iv_dbg[16];
+	struct {
+		/** IV debug - 8B */
+		uint8_t iv_dbg1[4];
+		/** Salt */
+		uint8_t salt[4];
+
+		uint32_t rsvd;
+		/** IV debug - 8B */
+		uint8_t iv_dbg2[4];
+	} s;
+};
+
+/** Outbound IPsec context update region */
+struct rte_pmd_cnxk_ipsec_outb_ctx_update_reg {
+	union {
+		struct {
+			uint64_t reserved_0_2 : 3;
+			uint64_t address : 57;
+			uint64_t mode : 4;
+		} s;
+		uint64_t u64;
+	} err_ctl;
+
+	uint64_t esn_val;
+	uint64_t hard_life;
+	uint64_t soft_life;
+	uint64_t mib_octs;
+	uint64_t mib_pkts;
+};
+
+/**
+ * Inbound IPsec SA
+ */
+struct rte_pmd_cnxk_ipsec_inb_sa {
+	/** Word0 */
+	union {
+		struct {
+			/** AR window size */
+			uint64_t ar_win : 3;
+			/** Hard life enable */
+			uint64_t hard_life_dec : 1;
+			/** Soft life enable */
+			uint64_t soft_life_dec : 1;
+
+			/** Count global octets */
+			uint64_t count_glb_octets : 1;
+			/** Count global pkts */
+			uint64_t count_glb_pkts : 1;
+			/** Count bytes */
+			uint64_t count_mib_bytes : 1;
+
+			/** Count pkts */
+			uint64_t count_mib_pkts : 1;
+			/** HW context offset */
+			uint64_t hw_ctx_off : 7;
+
+			/** Context ID */
+			uint64_t ctx_id : 16;
+
+			/** Original packet free absolute */
+			uint64_t orig_pkt_fabs : 1;
+			/** Original packet free */
+			uint64_t orig_pkt_free : 1;
+			/** PKIND for second pass */
+			uint64_t pkind : 6;
+
+			uint64_t rsvd0 : 1;
+			/** Ether type overwrite */
+			uint64_t et_ovrwr : 1;
+			/** Packet output type */
+			uint64_t pkt_output : 2;
+			/** Packet format type */
+			uint64_t pkt_format : 1;
+			/** Defrag option */
+			uint64_t defrag_opt : 2;
+			/** Reserved for X2P dest */
+			uint64_t x2p_dst : 1;
+
+			/** Context push size */
+			uint64_t ctx_push_size : 7;
+			uint64_t rsvd1 : 1;
+
+			/** Context header size */
+			uint64_t ctx_hdr_size : 2;
+			/** AOP enable */
+			uint64_t aop_valid : 1;
+			uint64_t rsvd2 : 1;
+			/** Context size */
+			uint64_t ctx_size : 4;
+		} s;
+		uint64_t u64;
+	} w0;
+
+	/** Word1 */
+	union {
+		struct {
+			/** Original packet aura */
+			uint64_t orig_pkt_aura : 20;
+			uint64_t rsvd3 : 4;
+			/** Original packet free offset */
+			uint64_t orig_pkt_foff : 8;
+			/** SA cookie */
+			uint64_t cookie : 32;
+		} s;
+		uint64_t u64;
+	} w1;
+
+	/** Word 2 */
+	union {
+		struct {
+			/** SA valid */
+			uint64_t valid : 1;
+			/** SA direction */
+			uint64_t dir : 1;
+			uint64_t rsvd11 : 1;
+			uint64_t rsvd4 : 1;
+			/** IPsec mode */
+			uint64_t ipsec_mode : 1;
+			/** IPsec protocol */
+			uint64_t ipsec_protocol : 1;
+			/** AES key length */
+			uint64_t aes_key_len : 2;
+
+			/** Encryption algo */
+			uint64_t enc_type : 3;
+			/** Soft life and hard life unit */
+			uint64_t life_unit : 1;
+			/** Authentication algo */
+			uint64_t auth_type : 4;
+
+			/** Encapsulation type */
+			uint64_t encap_type : 2;
+			/** Ether type override enable */
+			uint64_t et_ovrwr_ddr_en : 1;
+			/** ESN enable */
+			uint64_t esn_en : 1;
+			/** Transport mode L4 checksum incrementally update */
+			uint64_t tport_l4_incr_csum : 1;
+			/** Outer IP header verification */
+			uint64_t ip_hdr_verify : 2;
+			/** UDP enacapsulation ports verification */
+			uint64_t udp_ports_verify : 1;
+
+			/** Return 64B of L2/L3 header on error */
+			uint64_t l3hdr_on_err : 1;
+			uint64_t rsvd6 : 6;
+			uint64_t rsvd12 : 1;
+
+			/** SPI */
+			uint64_t spi : 32;
+		} s;
+		uint64_t u64;
+	} w2;
+
+	/** Word3 */
+	uint64_t rsvd7;
+
+	/** Word4 - Word7 */
+	uint8_t cipher_key[RTE_PMD_CNXK_CTX_MAX_CKEY_LEN];
+
+	/** Word8 - Word9 */
+	union {
+		struct {
+			uint32_t rsvd8;
+			/** IV salt */
+			uint8_t salt[4];
+		} s;
+		uint64_t u64;
+	} w8;
+	uint64_t rsvd9;
+
+	/** Word10 */
+	union {
+		struct {
+			uint64_t rsvd10 : 32;
+			/** UDP encapsulation source port */
+			uint64_t udp_src_port : 16;
+			/** UDP encapsulation destination port */
+			uint64_t udp_dst_port : 16;
+		} s;
+		uint64_t u64;
+	} w10;
+
+	/** Word11 - Word14 */
+	union rte_pmd_cnxk_ipsec_outer_ip_hdr outer_hdr;
+
+	/** Word15 - Word30 */
+	uint8_t hmac_opad_ipad[RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN];
+
+	/** Word31 - Word100 */
+	struct rte_pmd_cnxk_ipsec_inb_ctx_update_reg ctx;
+};
+
+/**
+ * Outbound IPsec SA
+ */
+struct rte_pmd_cnxk_ipsec_outb_sa {
+	/** Word0 */
+	union {
+		struct {
+			/** ESN enable */
+			uint64_t esn_en : 1;
+			/** IP ID generation type */
+			uint64_t ip_id : 1;
+			uint64_t rsvd0 : 1;
+			/** Hard life enable */
+			uint64_t hard_life_dec : 1;
+			/** Soft life enable */
+			uint64_t soft_life_dec : 1;
+
+			/** Count global octets */
+			uint64_t count_glb_octets : 1;
+			/** Count global pkts */
+			uint64_t count_glb_pkts : 1;
+			/** Count bytes */
+			uint64_t count_mib_bytes : 1;
+
+			/** Count pkts */
+			uint64_t count_mib_pkts : 1;
+			/** HW context offset */
+			uint64_t hw_ctx_off : 7;
+
+			/** Context ID */
+			uint64_t ctx_id : 16;
+			uint64_t rsvd1 : 16;
+
+			/** Context push size */
+			uint64_t ctx_push_size : 7;
+			uint64_t rsvd2 : 1;
+
+			/** Context header size */
+			uint64_t ctx_hdr_size : 2;
+			/** AOP enable */
+			uint64_t aop_valid : 1;
+			uint64_t rsvd3 : 1;
+			/** Context size */
+			uint64_t ctx_size : 4;
+		} s;
+		uint64_t u64;
+	} w0;
+
+	/** Word1 */
+	union {
+		struct {
+			uint64_t rsvd4 : 32;
+			/** SA cookie */
+			uint64_t cookie : 32;
+		} s;
+		uint64_t u64;
+	} w1;
+
+	/** Word 2 */
+	union {
+		struct {
+			/** SA valid */
+			uint64_t valid : 1;
+			/** SA direction */
+			uint64_t dir : 1;
+			uint64_t rsvd11 : 1;
+			uint64_t rsvd5 : 1;
+			/** IPsec mode */
+			uint64_t ipsec_mode : 1;
+			/** IPsec protocol */
+			uint64_t ipsec_protocol : 1;
+
+			/** AES key length */
+			uint64_t aes_key_len : 2;
+
+			/** Encryption algo */
+			uint64_t enc_type : 3;
+			/** Soft life and hard life unit */
+			uint64_t life_unit : 1;
+			/** Authentication algo */
+			uint64_t auth_type : 4;
+
+			/** Encapsulation type */
+			uint64_t encap_type : 2;
+			/** DF source */
+			uint64_t ipv4_df_src_or_ipv6_flw_lbl_src : 1;
+			/** DSCP source */
+			uint64_t dscp_src : 1;
+			/** IV source */
+			uint64_t iv_src : 2;
+			/** IPID value in outer header */
+			uint64_t ipid_gen : 1;
+			uint64_t rsvd6 : 1;
+
+			uint64_t rsvd7 : 7;
+			uint64_t rsvd12 : 1;
+
+			/** SPI */
+			uint64_t spi : 32;
+		} s;
+		uint64_t u64;
+	} w2;
+
+	/** Word3 */
+	uint64_t rsvd8;
+
+	/** Word4 - Word7 */
+	uint8_t cipher_key[RTE_PMD_CNXK_CTX_MAX_CKEY_LEN];
+
+	/** Word8 - Word9 */
+	union rte_pmd_cnxk_ipsec_outb_iv iv;
+
+	/** Word10 */
+	union {
+		struct {
+			uint64_t rsvd9 : 4;
+			/** Outer header IPv4 DF or IPv6 flow label */
+			uint64_t ipv4_df_or_ipv6_flw_lbl : 20;
+
+			/** DSCP for outer header */
+			uint64_t dscp : 6;
+			uint64_t rsvd10 : 2;
+
+			/** UDP encapsulation destination port */
+			uint64_t udp_dst_port : 16;
+
+			/** UDP encapsulation source port */
+			uint64_t udp_src_port : 16;
+		} s;
+		uint64_t u64;
+	} w10;
+
+	/** Word11 - Word14 */
+	union rte_pmd_cnxk_ipsec_outer_ip_hdr outer_hdr;
+
+	/** Word15 - Word30 */
+	uint8_t hmac_opad_ipad[RTE_PMD_CNXK_CTX_MAX_OPAD_IPAD_LEN];
+
+	/** Word31 - Word36 */
+	struct rte_pmd_cnxk_ipsec_outb_ctx_update_reg ctx;
+};
+
+/** Inbound/Outbound IPsec SA */
+union rte_pmd_cnxk_ipsec_hw_sa {
+	/** Inbound SA */
+	struct rte_pmd_cnxk_ipsec_inb_sa inb;
+	/** Outbound SA */
+	struct rte_pmd_cnxk_ipsec_outb_sa outb;
+};
+
 /**
  * Read HW SA context from session.
  *
@@ -77,7 +470,7 @@ struct rte_pmd_cnxk_sec_action {
  */
 __rte_experimental
 int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
-			    void *data, uint32_t len);
+			    union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len);
 /**
  * Write HW SA context to session.
  *
@@ -95,7 +488,7 @@ int rte_pmd_cnxk_hw_sa_read(void *device, struct rte_security_session *sess,
  */
 __rte_experimental
 int rte_pmd_cnxk_hw_sa_write(void *device, struct rte_security_session *sess,
-			     void *data, uint32_t len);
+			     union rte_pmd_cnxk_ipsec_hw_sa *data, uint32_t len);
 
 /**
  * Get pointer to CPT result info for inline inbound processed pkt.
-- 
2.25.1