@@ -9,6 +9,7 @@
#include <rte_pmd_cnxk.h>
#include <cn10k_ethdev.h>
+#include <cnxk_ethdev_mcs.h>
#include <cnxk_security.h>
#include <roc_priv.h>
@@ -1059,10 +1060,10 @@ cn10k_eth_sec_ops_override(void)
init_once = 1;
/* Update platform specific ops */
- cnxk_eth_sec_ops.macsec_sa_create = NULL;
- cnxk_eth_sec_ops.macsec_sc_create = NULL;
- cnxk_eth_sec_ops.macsec_sa_destroy = NULL;
- cnxk_eth_sec_ops.macsec_sc_destroy = NULL;
+ cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
+ cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
+ cnxk_eth_sec_ops.macsec_sa_destroy = cnxk_eth_macsec_sa_destroy;
+ cnxk_eth_sec_ops.macsec_sc_destroy = cnxk_eth_macsec_sc_destroy;
cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
@@ -6,6 +6,256 @@
#include <cnxk_ethdev_mcs.h>
#include <roc_mcs.h>
+static int
+mcs_resource_alloc(struct cnxk_mcs_dev *mcs_dev, enum mcs_direction dir, uint8_t rsrc_id[],
+ uint8_t rsrc_cnt, enum cnxk_mcs_rsrc_type type)
+{
+ struct roc_mcs_alloc_rsrc_req req = {0};
+ struct roc_mcs_alloc_rsrc_rsp rsp = {0};
+ int i;
+
+ req.rsrc_type = type;
+ req.rsrc_cnt = rsrc_cnt;
+ req.dir = dir;
+
+ if (roc_mcs_alloc_rsrc(mcs_dev->mdev, &req, &rsp)) {
+ plt_err("Cannot allocate mcs resource.");
+ return -1;
+ }
+
+ for (i = 0; i < rsrc_cnt; i++) {
+ switch (rsp.rsrc_type) {
+ case CNXK_MCS_RSRC_TYPE_FLOWID:
+ rsrc_id[i] = rsp.flow_ids[i];
+ break;
+ case CNXK_MCS_RSRC_TYPE_SECY:
+ rsrc_id[i] = rsp.secy_ids[i];
+ break;
+ case CNXK_MCS_RSRC_TYPE_SC:
+ rsrc_id[i] = rsp.sc_ids[i];
+ break;
+ case CNXK_MCS_RSRC_TYPE_SA:
+ rsrc_id[i] = rsp.sa_ids[i];
+ break;
+ default:
+ plt_err("Invalid mcs resource allocated.");
+ return -1;
+ }
+ }
+ return 0;
+}
+
+int
+cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ uint8_t salt[RTE_SECURITY_MACSEC_SALT_LEN] = {0};
+ struct roc_mcs_pn_table_write_req pn_req = {0};
+ uint8_t hash_key_rev[CNXK_MACSEC_HASH_KEY] = {0};
+ uint8_t hash_key[CNXK_MACSEC_HASH_KEY] = {0};
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ struct roc_mcs_sa_plcy_write_req req = {0};
+ uint8_t ciph_key[32] = {0};
+ enum mcs_direction dir;
+ uint8_t sa_id = 0;
+ int i, ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ ret = mcs_resource_alloc(mcs_dev, dir, &sa_id, 1, CNXK_MCS_RSRC_TYPE_SA);
+ if (ret) {
+ plt_err("Failed to allocate SA id.");
+ return -ENOMEM;
+ }
+ req.sa_index[0] = sa_id;
+ req.sa_cnt = 1;
+ req.dir = dir;
+
+ if (conf->key.length != 16 && conf->key.length != 32)
+ return -EINVAL;
+
+ for (i = 0; i < conf->key.length; i++)
+ ciph_key[i] = conf->key.data[conf->key.length - 1 - i];
+
+ memcpy(&req.plcy[0][0], ciph_key, conf->key.length);
+
+ roc_aes_hash_key_derive(conf->key.data, conf->key.length, hash_key);
+ for (i = 0; i < CNXK_MACSEC_HASH_KEY; i++)
+ hash_key_rev[i] = hash_key[CNXK_MACSEC_HASH_KEY - 1 - i];
+
+ memcpy(&req.plcy[0][4], hash_key_rev, CNXK_MACSEC_HASH_KEY);
+
+ for (i = 0; i < RTE_SECURITY_MACSEC_SALT_LEN; i++)
+ salt[i] = conf->salt[RTE_SECURITY_MACSEC_SALT_LEN - 1 - i];
+ memcpy(&req.plcy[0][6], salt, RTE_SECURITY_MACSEC_SALT_LEN);
+
+ req.plcy[0][7] |= (uint64_t)conf->ssci << 32;
+ req.plcy[0][8] = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? (conf->an & 0x3) : 0;
+
+ ret = roc_mcs_sa_policy_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to write SA policy.");
+ return -EINVAL;
+ }
+ pn_req.next_pn = ((uint64_t)conf->xpn << 32) | rte_be_to_cpu_32(conf->next_pn);
+ pn_req.pn_id = sa_id;
+ pn_req.dir = dir;
+
+ ret = roc_mcs_pn_table_write(mcs_dev->mdev, &pn_req);
+ if (ret) {
+ plt_err("Failed to write PN table.");
+ return -EINVAL;
+ }
+
+ return sa_id;
+}
+
+int
+cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id, enum rte_security_macsec_direction dir)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ struct roc_mcs_clear_stats stats_req = {0};
+ struct roc_mcs_free_rsrc_req req = {0};
+ int ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ stats_req.type = CNXK_MCS_RSRC_TYPE_SA;
+ stats_req.id = sa_id;
+ stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ stats_req.all = 0;
+
+ ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+ if (ret)
+ plt_err("Failed to clear stats for SA id %u, dir %u.", sa_id, dir);
+
+ req.rsrc_id = sa_id;
+ req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ req.rsrc_type = CNXK_MCS_RSRC_TYPE_SA;
+
+ ret = roc_mcs_free_rsrc(mcs_dev->mdev, &req);
+ if (ret)
+ plt_err("Failed to free SA id %u, dir %u.", sa_id, dir);
+
+ return ret;
+}
+
+int
+cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct roc_mcs_set_pn_threshold pn_thresh = {0};
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ enum mcs_direction dir;
+ uint8_t sc_id = 0;
+ int i, ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ ret = mcs_resource_alloc(mcs_dev, dir, &sc_id, 1, CNXK_MCS_RSRC_TYPE_SC);
+ if (ret) {
+ plt_err("Failed to allocate SC id.");
+ return -ENOMEM;
+ }
+
+ if (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {
+ struct roc_mcs_tx_sc_sa_map req = {0};
+
+ req.sa_index0 = conf->sc_tx.sa_id & 0xFF;
+ req.sa_index1 = conf->sc_tx.sa_id_rekey & 0xFF;
+ req.rekey_ena = conf->sc_tx.re_key_en;
+ req.sa_index0_vld = conf->sc_tx.active;
+ req.sa_index1_vld = conf->sc_tx.re_key_en && conf->sc_tx.active;
+ req.tx_sa_active = 0;
+ req.sectag_sci = conf->sc_tx.sci;
+ req.sc_id = sc_id;
+
+ ret = roc_mcs_tx_sc_sa_map_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to map TX SC-SA");
+ return -EINVAL;
+ }
+ pn_thresh.xpn = conf->sc_tx.is_xpn;
+ } else {
+ for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+ struct roc_mcs_rx_sc_sa_map req = {0};
+
+ req.sa_index = conf->sc_rx.sa_id[i] & 0x7F;
+ req.sc_id = sc_id;
+ req.an = i & 0x3;
+ req.sa_in_use = 0;
+ /* Clearing the sa_in_use bit automatically clears
+ * the corresponding pn_thresh_reached bit
+ */
+ ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to map RX SC-SA");
+ return -EINVAL;
+ }
+ req.sa_in_use = conf->sc_rx.sa_in_use[i];
+ ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+ if (ret) {
+ plt_err("Failed to map RX SC-SA");
+ return -EINVAL;
+ }
+ }
+ pn_thresh.xpn = conf->sc_rx.is_xpn;
+ }
+
+ pn_thresh.threshold = conf->pn_threshold;
+ pn_thresh.dir = dir;
+
+ ret = roc_mcs_pn_threshold_set(mcs_dev->mdev, &pn_thresh);
+ if (ret) {
+ plt_err("Failed to write PN threshold.");
+ return -EINVAL;
+ }
+
+ return sc_id;
+}
+
+int
+cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id, enum rte_security_macsec_direction dir)
+{
+ struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+ struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+ struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+ struct roc_mcs_clear_stats stats_req = {0};
+ struct roc_mcs_free_rsrc_req req = {0};
+ int ret = 0;
+
+ if (!roc_feature_nix_has_macsec())
+ return -ENOTSUP;
+
+ stats_req.type = CNXK_MCS_RSRC_TYPE_SC;
+ stats_req.id = sc_id;
+ stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ stats_req.all = 0;
+
+ ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+ if (ret)
+ plt_err("Failed to clear stats for SC id %u, dir %u.", sc_id, dir);
+
+ req.rsrc_id = sc_id;
+ req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+ req.rsrc_type = CNXK_MCS_RSRC_TYPE_SC;
+
+ ret = roc_mcs_free_rsrc(mcs_dev->mdev, &req);
+ if (ret)
+ plt_err("Failed to free SC id.");
+
+ return ret;
+}
+
static int
cnxk_mcs_event_cb(void *userdata, struct roc_mcs_event_desc *desc, void *cb_arg)
{
@@ -13,6 +13,14 @@ struct cnxk_mcs_dev {
uint8_t idx;
};
+enum cnxk_mcs_rsrc_type {
+ CNXK_MCS_RSRC_TYPE_FLOWID,
+ CNXK_MCS_RSRC_TYPE_SECY,
+ CNXK_MCS_RSRC_TYPE_SC,
+ CNXK_MCS_RSRC_TYPE_SA,
+ CNXK_MCS_RSRC_TYPE_PORT,
+};
+
struct cnxk_mcs_event_data {
/* Valid for below events
* - ROC_MCS_EVENT_RX_SA_PN_SOFT_EXP
@@ -59,3 +67,11 @@ struct cnxk_mcs_event_desc {
enum roc_mcs_event_subtype subtype;
struct cnxk_mcs_event_data metadata;
};
+
+int cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf);
+int cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf);
+
+int cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id,
+ enum rte_security_macsec_direction dir);
+int cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id,
+ enum rte_security_macsec_direction dir);