Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/97812/?format=api
{ "id": 97812, "url": "http://patches.dpdk.org/api/patches/97812/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20210902134254.28373-4-marchana@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20210902134254.28373-4-marchana@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20210902134254.28373-4-marchana@marvell.com", "date": "2021-09-02T13:42:49", "name": "[3/8] crypto/cnxk: add cn9k IPsec session related functions", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "7e60e3bc681ce1209f720f92a090df6e0f507aeb", "submitter": { "id": 1515, "url": "http://patches.dpdk.org/api/people/1515/?format=api", "name": "Archana Muniganti", "email": "marchana@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20210902134254.28373-4-marchana@marvell.com/mbox/", "series": [ { "id": 18630, "url": "http://patches.dpdk.org/api/series/18630/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=18630", "date": "2021-09-02T13:42:46", "name": "add cn9k lookaside IPsec support", "version": 1, "mbox": "http://patches.dpdk.org/series/18630/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/97812/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/97812/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id C9624A0C4C;\n\tThu, 2 Sep 2021 15:44:01 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id BDA62406A2;\n\tThu, 2 Sep 2021 15:44:01 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 9694840698\n for <dev@dpdk.org>; Thu, 2 Sep 2021 15:43:59 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1825LH8b028339\n for <dev@dpdk.org>; Thu, 2 Sep 2021 06:43:58 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0a-0016f401.pphosted.com with ESMTP id 3atrd2hs04-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Thu, 02 Sep 2021 06:43:58 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 2 Sep 2021 06:43:57 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 2 Sep 2021 06:43:57 -0700", "from hyd1409.caveonetworks.com.com (unknown [10.29.45.15])\n by maili.marvell.com (Postfix) with ESMTP id D6EB53F7064;\n Thu, 2 Sep 2021 06:43:54 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=QS9V3lvVDvcnSOA8N7SHScAELU/a//OrY0D7X+ugRr0=;\n b=ccG3UsUn6ezqkWvZ/K7rmx4lQSlCynJadK8ronRK6LBQGYL4ePwTipKYbW7bpjvUy9lc\n bzpt/YPECr5wCGTgFoZQ0QG3+G/hw6Y6r+6NXzbk5EvO682iNQHmTVW/Dm6NrZBZr0YS\n OoMwAymuxWFDs0hK3VlAaoPb7NrVEMKaf4EbtXll0SXLcWZBWjKyf6Ravs1WyKDEcd3U\n aG+ylE3eo1qnrMpPFlXprUwV3TMwy6j5UziMb3wBJlLz/DLNOoZLVtjHxuUP8hFLII6E\n JZ2y/KnHVcJwwEZiZNInYFTk37IBPUwxj8vECyUZqZGCQ/RMkEvzuyp3lF7pT8SYxzh7 lQ==", "From": "Archana Muniganti <marchana@marvell.com>", "To": "<gakhil@marvell.com>", "CC": "Archana Muniganti <marchana@marvell.com>, <ktejasree@marvell.com>,\n <adwivedi@marvell.com>, <anoobj@marvell.com>, <jerinj@marvell.com>,\n <dev@dpdk.org>, Vamsi Attunuru <vattunuru@marvell.com>", "Date": "Thu, 2 Sep 2021 19:12:49 +0530", "Message-ID": "<20210902134254.28373-4-marchana@marvell.com>", "X-Mailer": "git-send-email 2.22.0", "In-Reply-To": "<20210902134254.28373-1-marchana@marvell.com>", "References": "<20210902134254.28373-1-marchana@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "tql7puYnoGmqEKYCaQ5XBS5egocx_5Rg", "X-Proofpoint-ORIG-GUID": "tql7puYnoGmqEKYCaQ5XBS5egocx_5Rg", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475\n definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01", "Subject": "[dpdk-dev] [PATCH 3/8] crypto/cnxk: add cn9k IPsec session related\n functions", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add helper functions useful in implementing IPsec outbound\nand inbound session create apis.\n\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\nSigned-off-by: Vamsi Attunuru <vattunuru@marvell.com>\n---\n drivers/crypto/cnxk/cn9k_cryptodev.c | 2 +\n drivers/crypto/cnxk/cn9k_ipsec.c | 425 +++++++++++++++++++++++++++\n drivers/crypto/cnxk/cn9k_ipsec.h | 29 ++\n drivers/crypto/cnxk/meson.build | 1 +\n 4 files changed, 457 insertions(+)\n create mode 100644 drivers/crypto/cnxk/cn9k_ipsec.c\n create mode 100644 drivers/crypto/cnxk/cn9k_ipsec.h", "diff": "diff --git a/drivers/crypto/cnxk/cn9k_cryptodev.c b/drivers/crypto/cnxk/cn9k_cryptodev.c\nindex db2e085161..e60b352fac 100644\n--- a/drivers/crypto/cnxk/cn9k_cryptodev.c\n+++ b/drivers/crypto/cnxk/cn9k_cryptodev.c\n@@ -12,6 +12,7 @@\n \n #include \"cn9k_cryptodev.h\"\n #include \"cn9k_cryptodev_ops.h\"\n+#include \"cn9k_ipsec.h\"\n #include \"cnxk_cryptodev.h\"\n #include \"cnxk_cryptodev_capabilities.h\"\n #include \"cnxk_cryptodev_sec.h\"\n@@ -92,6 +93,7 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,\n \tcnxk_cpt_caps_populate(vf);\n \n \tcn9k_cpt_set_enqdeq_fns(dev);\n+\tcn9k_sec_ops_override();\n \n \treturn 0;\n \ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c\nnew file mode 100644\nindex 0000000000..dd02cc7764\n--- /dev/null\n+++ b/drivers/crypto/cnxk/cn9k_ipsec.c\n@@ -0,0 +1,425 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2021 Marvell.\n+ */\n+\n+#include <rte_cryptodev.h>\n+#include <rte_security.h>\n+#include <rte_security_driver.h>\n+\n+#include \"cnxk_cryptodev.h\"\n+#include \"cnxk_cryptodev_ops.h\"\n+#include \"cnxk_ipsec.h\"\n+#include \"cnxk_security.h\"\n+#include \"cn9k_ipsec.h\"\n+\n+#include \"roc_api.h\"\n+\n+static inline int\n+cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,\n+\t\t uint8_t opcode, size_t ctx_len)\n+{\n+\tuint64_t lmtline = qp->lmtline.lmt_base;\n+\tuint64_t io_addr = qp->lmtline.io_addr;\n+\tuint64_t lmt_status, time_out;\n+\tstruct cpt_cn9k_res_s *res;\n+\tstruct cpt_inst_s inst;\n+\tuint64_t *mdata;\n+\tint ret = 0;\n+\n+\tif (unlikely(rte_mempool_get(qp->meta_info.pool, (void **)&mdata) < 0))\n+\t\treturn -ENOMEM;\n+\n+\tres = (struct cpt_cn9k_res_s *)RTE_PTR_ALIGN(mdata, 16);\n+\tres->compcode = CPT_COMP_NOT_DONE;\n+\n+\tinst.w4.s.opcode_major = opcode;\n+\tinst.w4.s.opcode_minor = ctx_len >> 3;\n+\tinst.w4.s.param1 = 0;\n+\tinst.w4.s.param2 = 0;\n+\tinst.w4.s.dlen = ctx_len;\n+\tinst.dptr = rte_mempool_virt2iova(sa);\n+\tinst.rptr = 0;\n+\tinst.w7.s.cptr = rte_mempool_virt2iova(sa);\n+\tinst.w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE;\n+\n+\tinst.w0.u64 = 0;\n+\tinst.w2.u64 = 0;\n+\tinst.w3.u64 = 0;\n+\tinst.res_addr = rte_mempool_virt2iova(res);\n+\n+\trte_io_wmb();\n+\n+\tdo {\n+\t\t/* Copy CPT command to LMTLINE */\n+\t\troc_lmt_mov((void *)lmtline, &inst, 2);\n+\t\tlmt_status = roc_lmt_submit_ldeor(io_addr);\n+\t} while (lmt_status == 0);\n+\n+\ttime_out = rte_get_timer_cycles() +\n+\t\t DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();\n+\n+\twhile (res->compcode == CPT_COMP_NOT_DONE) {\n+\t\tif (rte_get_timer_cycles() > time_out) {\n+\t\t\trte_mempool_put(qp->meta_info.pool, mdata);\n+\t\t\tplt_err(\"Request timed out\");\n+\t\t\treturn -ETIMEDOUT;\n+\t\t}\n+\t\trte_io_rmb();\n+\t}\n+\n+\tif (unlikely(res->compcode != CPT_COMP_GOOD)) {\n+\t\tret = res->compcode;\n+\t\tswitch (ret) {\n+\t\tcase CPT_COMP_INSTERR:\n+\t\t\tplt_err(\"Request failed with instruction error\");\n+\t\t\tbreak;\n+\t\tcase CPT_COMP_FAULT:\n+\t\t\tplt_err(\"Request failed with DMA fault\");\n+\t\t\tbreak;\n+\t\tcase CPT_COMP_HWERR:\n+\t\t\tplt_err(\"Request failed with hardware error\");\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tplt_err(\"Request failed with unknown hardware \"\n+\t\t\t\t\"completion code : 0x%x\",\n+\t\t\t\tret);\n+\t\t}\n+\t\tret = -EINVAL;\n+\t\tgoto mempool_put;\n+\t}\n+\n+\tif (unlikely(res->uc_compcode != ROC_IE_ON_UCC_SUCCESS)) {\n+\t\tret = res->uc_compcode;\n+\t\tswitch (ret) {\n+\t\tcase ROC_IE_ON_AUTH_UNSUPPORTED:\n+\t\t\tplt_err(\"Invalid auth type\");\n+\t\t\tbreak;\n+\t\tcase ROC_IE_ON_ENCRYPT_UNSUPPORTED:\n+\t\t\tplt_err(\"Invalid encrypt type\");\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tplt_err(\"Request failed with unknown microcode \"\n+\t\t\t\t\"completion code : 0x%x\",\n+\t\t\t\tret);\n+\t\t}\n+\t\tret = -ENOTSUP;\n+\t}\n+\n+mempool_put:\n+\trte_mempool_put(qp->meta_info.pool, mdata);\n+\treturn ret;\n+}\n+\n+static inline int\n+ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t struct roc_ie_on_sa_ctl *ctl)\n+{\n+\tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n+\tint aes_key_len;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tctl->direction = ROC_IE_SA_DIR_OUTBOUND;\n+\t\tcipher_xform = crypto_xform;\n+\t\tauth_xform = crypto_xform->next;\n+\t} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\tctl->direction = ROC_IE_SA_DIR_INBOUND;\n+\t\tauth_xform = crypto_xform;\n+\t\tcipher_xform = crypto_xform->next;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\tif (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)\n+\t\t\tctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_4;\n+\t\telse if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)\n+\t\t\tctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_6;\n+\t\telse\n+\t\t\treturn -EINVAL;\n+\t}\n+\n+\tctl->inner_ip_ver = ctl->outer_ip_ver;\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)\n+\t\tctl->ipsec_mode = ROC_IE_SA_MODE_TRANSPORT;\n+\telse if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)\n+\t\tctl->ipsec_mode = ROC_IE_SA_MODE_TUNNEL;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH)\n+\t\tctl->ipsec_proto = ROC_IE_SA_PROTOCOL_AH;\n+\telse if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP)\n+\t\tctl->ipsec_proto = ROC_IE_SA_PROTOCOL_ESP;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM;\n+\t\t\taes_key_len = crypto_xform->aead.key.length;\n+\t\t} else {\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;\n+\t\taes_key_len = cipher_xform->cipher.key.length;\n+\t} else {\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tswitch (aes_key_len) {\n+\tcase 16:\n+\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;\n+\t\tbreak;\n+\tcase 24:\n+\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;\n+\t\tbreak;\n+\tcase 32:\n+\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tswitch (auth_xform->auth.algo) {\n+\t\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_NULL;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_MD5;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_SHA1;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA224_HMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_224;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_256;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_384;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_512;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_GMAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_AES_GMAC;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_AES_XCBC_128;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t}\n+\n+\tif (ipsec->options.esn)\n+\t\tctl->esn_en = 1;\n+\n+\tif (ipsec->options.udp_encap == 1)\n+\t\tctl->encap_type = ROC_IE_ON_SA_ENCAP_UDP;\n+\n+\tctl->spi = rte_cpu_to_be_32(ipsec->spi);\n+\n+\trte_io_wmb();\n+\n+\tctl->valid = 1;\n+\n+\treturn 0;\n+}\n+\n+static inline int\n+fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t struct roc_ie_on_common_sa *common_sa)\n+{\n+\tstruct rte_crypto_sym_xform *cipher_xform;\n+\tconst uint8_t *cipher_key;\n+\tint cipher_key_len = 0;\n+\tint ret;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\tcipher_xform = crypto_xform->next;\n+\telse\n+\t\tcipher_xform = crypto_xform;\n+\n+\tret = ipsec_sa_ctl_set(ipsec, crypto_xform, &common_sa->ctl);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\t\t\tmemcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 4);\n+\t\tcipher_key = crypto_xform->aead.key.data;\n+\t\tcipher_key_len = crypto_xform->aead.key.length;\n+\t} else {\n+\t\tcipher_key = cipher_xform->cipher.key.data;\n+\t\tcipher_key_len = cipher_xform->cipher.key.length;\n+\t}\n+\n+\tif (cipher_key_len != 0)\n+\t\tmemcpy(common_sa->cipher_key, cipher_key, cipher_key_len);\n+\telse\n+\t\treturn -EINVAL;\n+\n+\treturn 0;\n+}\n+\n+static int\n+cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,\n+\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_security_session *sec_sess)\n+{\n+\tRTE_SET_USED(qp);\n+\tRTE_SET_USED(ipsec);\n+\tRTE_SET_USED(crypto_xform);\n+\tRTE_SET_USED(sec_sess);\n+\n+\treturn 0;\n+}\n+\n+static int\n+cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,\n+\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_security_session *sec_sess)\n+{\n+\tRTE_SET_USED(qp);\n+\tRTE_SET_USED(ipsec);\n+\tRTE_SET_USED(crypto_xform);\n+\tRTE_SET_USED(sec_sess);\n+\n+\treturn 0;\n+}\n+\n+static inline int\n+cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec)\n+{\n+\tRTE_SET_USED(ipsec);\n+\n+\treturn 0;\n+}\n+\n+static int\n+cn9k_ipsec_session_create(void *dev,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xform,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_security_session *sess)\n+{\n+\tstruct rte_cryptodev *crypto_dev = dev;\n+\tstruct cnxk_cpt_qp *qp;\n+\tint ret;\n+\n+\tqp = crypto_dev->data->queue_pairs[0];\n+\tif (qp == NULL) {\n+\t\tplt_err(\"CPT queue pairs need to be setup for creating security\"\n+\t\t\t\" session\");\n+\t\treturn -EPERM;\n+\t}\n+\n+\tret = cnxk_ipsec_xform_verify(ipsec_xform, crypto_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = cn9k_ipsec_xform_verify(ipsec_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\treturn cn9k_ipsec_inb_sa_create(qp, ipsec_xform, crypto_xform,\n+\t\t\t\t\t\tsess);\n+\telse\n+\t\treturn cn9k_ipsec_outb_sa_create(qp, ipsec_xform, crypto_xform,\n+\t\t\t\t\t\t sess);\n+}\n+\n+static int\n+cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf,\n+\t\t\tstruct rte_security_session *sess,\n+\t\t\tstruct rte_mempool *mempool)\n+{\n+\tstruct cn9k_sec_session *priv;\n+\tint ret;\n+\n+\tif (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)\n+\t\treturn -EINVAL;\n+\n+\tif (rte_mempool_get(mempool, (void **)&priv)) {\n+\t\tplt_err(\"Could not allocate security session private data\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tmemset(priv, 0, sizeof(*priv));\n+\n+\tset_sec_session_private_data(sess, priv);\n+\n+\tif (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {\n+\t\tret = -ENOTSUP;\n+\t\tgoto mempool_put;\n+\t}\n+\n+\tret = cn9k_ipsec_session_create(device, &conf->ipsec,\n+\t\t\t\t\tconf->crypto_xform, sess);\n+\tif (ret)\n+\t\tgoto mempool_put;\n+\n+\treturn 0;\n+\n+mempool_put:\n+\trte_mempool_put(mempool, priv);\n+\tset_sec_session_private_data(sess, NULL);\n+\treturn ret;\n+}\n+\n+static int\n+cn9k_sec_session_destroy(void *device __rte_unused,\n+\t\t\t struct rte_security_session *sess)\n+{\n+\tstruct roc_ie_on_outb_sa *out_sa;\n+\tstruct cn9k_sec_session *priv;\n+\tstruct rte_mempool *sess_mp;\n+\tstruct roc_ie_on_sa_ctl *ctl;\n+\tstruct cn9k_ipsec_sa *sa;\n+\n+\tpriv = get_sec_session_private_data(sess);\n+\tif (priv == NULL)\n+\t\treturn 0;\n+\n+\tsa = &priv->sa;\n+\tout_sa = &sa->out_sa;\n+\n+\tctl = &out_sa->common_sa.ctl;\n+\tctl->valid = 0;\n+\n+\trte_io_wmb();\n+\n+\tsess_mp = rte_mempool_from_obj(priv);\n+\n+\tmemset(priv, 0, sizeof(*priv));\n+\n+\tset_sec_session_private_data(sess, NULL);\n+\trte_mempool_put(sess_mp, priv);\n+\n+\treturn 0;\n+}\n+\n+static unsigned int\n+cn9k_sec_session_get_size(void *device __rte_unused)\n+{\n+\treturn sizeof(struct cn9k_sec_session);\n+}\n+\n+/* Update platform specific security ops */\n+void\n+cn9k_sec_ops_override(void)\n+{\n+\t/* Update platform specific ops */\n+\tcnxk_sec_ops.session_create = cn9k_sec_session_create;\n+\tcnxk_sec_ops.session_destroy = cn9k_sec_session_destroy;\n+\tcnxk_sec_ops.session_get_size = cn9k_sec_session_get_size;\n+}\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h\nnew file mode 100644\nindex 0000000000..0fe78df49b\n--- /dev/null\n+++ b/drivers/crypto/cnxk/cn9k_ipsec.h\n@@ -0,0 +1,29 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2021 Marvell.\n+ */\n+\n+#ifndef __CN9K_IPSEC_H__\n+#define __CN9K_IPSEC_H__\n+\n+#include \"cnxk_ipsec.h\"\n+\n+struct cn9k_ipsec_sa {\n+\tunion {\n+\t\t/** Inbound SA */\n+\t\tstruct roc_ie_on_inb_sa in_sa;\n+\t\t/** Outbound SA */\n+\t\tstruct roc_ie_on_outb_sa out_sa;\n+\t};\n+\t/** IPsec SA direction */\n+\tenum rte_security_ipsec_sa_direction dir;\n+\t/** Pre-populated CPT inst words */\n+\tstruct cnxk_cpt_inst_tmpl inst;\n+};\n+\n+struct cn9k_sec_session {\n+\tstruct cn9k_ipsec_sa sa;\n+} __rte_cache_aligned;\n+\n+void cn9k_sec_ops_override(void);\n+\n+#endif /* __CN9K_IPSEC_H__ */\ndiff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build\nindex e076783629..e40d132f80 100644\n--- a/drivers/crypto/cnxk/meson.build\n+++ b/drivers/crypto/cnxk/meson.build\n@@ -11,6 +11,7 @@ endif\n sources = files(\n 'cn9k_cryptodev.c',\n 'cn9k_cryptodev_ops.c',\n+ 'cn9k_ipsec.c',\n 'cn10k_cryptodev.c',\n 'cn10k_cryptodev_ops.c',\n 'cn10k_ipsec.c',\n", "prefixes": [ "3/8" ] }