From patchwork Tue Sep 19 13:54:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 131634
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8A65142606;
	Tue, 19 Sep 2023 15:54:33 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id AFC7B40E68;
	Tue, 19 Sep 2023 15:54:25 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id D171C40A8B
 for <dev@dpdk.org>; Tue, 19 Sep 2023 15:54:23 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 38J64dYB022840 for <dev@dpdk.org>; Tue, 19 Sep 2023 06:54:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=k1wrxmCizzeYjWYU8Tfpdr+bcO/NYDbhvdKr4FdZQdM=;
 b=N2ggV8Tiz2eiGFWcOr0urGo29bzGOnbeOWmxNB0XrMrh/kcznPdzvBhFduSv3fs3OiKM
 +HznPrbQVfcNIdHyoJJHR4rFmndFMlUuxJaEUVh4CWGHMfPTn1p2mjEmf9X9c5T44WzJ
 ltYzGfvjC+hlw/Wr0gXJOGRuWsrN/NIRiU6eB+U2Yb9J0b49A3JVHEaKLjt1u8Qt7HWI
 DrKps+Ixxl16DTzM89z3/73DdDo419L1Zo/NotjFXbmCPk2U4TxJrJIshpChetqd7LiS
 MyT3Y3xPgIhhz6U+DOhSYBgVGvwnE0Q+z/A8bW+k9LFsk1Kx3sVZttaTrZfkNfSAsZLN rg==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3t5bvkrmn6-2
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
 for <dev@dpdk.org>; Tue, 19 Sep 2023 06:54:23 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Tue, 19 Sep 2023 06:54:21 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Tue, 19 Sep 2023 06:54:21 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 87FE53F709C;
 Tue, 19 Sep 2023 06:54:19 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <adwivedi@marvell.com>, <jerinj@marvell.com>, <vattunuru@marvell.com>,
 Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v2 2/3] net/cnxk: add MACsec capability
Date: Tue, 19 Sep 2023 19:24:08 +0530
Message-ID: <20230919135409.2544309-3-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230919135409.2544309-1-gakhil@marvell.com>
References: <20230731034447.929506-1-gakhil@marvell.com>
 <20230919135409.2544309-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-GUID: u_pQZnqtvqcnkmH7V9Sqm2VcUMFApRW0
X-Proofpoint-ORIG-GUID: u_pQZnqtvqcnkmH7V9Sqm2VcUMFApRW0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26
 definitions=2023-09-19_06,2023-09-19_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Ankur Dwivedi <adwivedi@marvell.com>

Adds the MACsec capability for CN10K-B.

The ethernet security capability structure is populated based on the
feature supported by the device.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/common/cnxk/roc_features.h  |   6 ++
 drivers/common/cnxk/roc_mcs.h       |   3 +
 drivers/net/cnxk/cn10k_ethdev_sec.c | 120 +++++++++++++++++++++++++++-
 3 files changed, 125 insertions(+), 4 deletions(-)

diff --git a/drivers/common/cnxk/roc_features.h b/drivers/common/cnxk/roc_features.h
index 815f800e7a..d5d0c0c901 100644
--- a/drivers/common/cnxk/roc_features.h
+++ b/drivers/common/cnxk/roc_features.h
@@ -71,4 +71,10 @@ roc_feature_bphy_has_macsec(void)
 {
 	return roc_model_is_cnf10kb();
 }
+
+static inline bool
+roc_feature_nix_has_inl_ipsec(void)
+{
+	return !roc_model_is_cnf10kb();
+}
 #endif
diff --git a/drivers/common/cnxk/roc_mcs.h b/drivers/common/cnxk/roc_mcs.h
index afac6c92e2..602f1cae1d 100644
--- a/drivers/common/cnxk/roc_mcs.h
+++ b/drivers/common/cnxk/roc_mcs.h
@@ -7,6 +7,9 @@
 
 #define MCS_AES_GCM_256_KEYLEN 32
 
+#define ROC_MCS_MAX_AR_WINSZ BIT_ULL(31)
+#define ROC_MCS_MAX_MTU      (BIT_ULL(16) - 1)
+
 struct roc_mcs_alloc_rsrc_req {
 	uint8_t rsrc_type;
 	uint8_t rsrc_cnt; /* Resources count */
diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index b98fc9378e..a7473922af 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -303,7 +303,7 @@ static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
-static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
+static const struct rte_security_capability cn10k_eth_sec_ipsec_capabilities[] = {
 	{	/* IPsec Inline Protocol ESP Tunnel Ingress */
 		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
@@ -401,11 +401,100 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = {
 		.crypto_capabilities = cn10k_eth_sec_crypto_caps,
 		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
 	},
-	{
-		.action = RTE_SECURITY_ACTION_TYPE_NONE
-	}
 };
 
+static const struct rte_security_capability cn10k_eth_sec_macsec_capabilities[] = {
+	{	/* MACsec Inline Protocol, AES-GCM-128 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_128,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-256 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_256,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-XPN-128 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+	{	/* MACsec Inline Protocol, AES-GCM-XPN-256 algo */
+		.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+		.macsec = {
+			.mtu = ROC_MCS_MAX_MTU,
+			.alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256,
+			.max_nb_sc = 128,
+			.max_nb_sa = 256,
+			.max_nb_sess = 256,
+			.replay_win_sz = ROC_MCS_MAX_AR_WINSZ,
+			.relative_sectag_insert = 1,
+			.fixed_sectag_insert = 1,
+			.icv_include_da_sa = 1,
+			.ctrl_port_enable = 1,
+			.preserve_sectag = 1,
+			.preserve_icv = 1,
+			.validate_frames = 1,
+			.re_key = 1,
+			.anti_replay = 1,
+		},
+	},
+};
+
+#define SEC_CAPS_LEN (RTE_DIM(cn10k_eth_sec_ipsec_capabilities) + \
+		RTE_DIM(cn10k_eth_sec_macsec_capabilities) + 1)
+
+static struct rte_security_capability cn10k_eth_sec_capabilities[SEC_CAPS_LEN];
+
 static inline void
 cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf)
 {
@@ -1093,15 +1182,38 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess,
 	return 0;
 }
 
+static void
+eth_sec_caps_add(struct rte_security_capability eth_sec_caps[], uint32_t *idx,
+		 const struct rte_security_capability *caps, uint32_t nb_caps)
+{
+	PLT_VERIFY(*idx + nb_caps < SEC_CAPS_LEN);
+
+	rte_memcpy(&eth_sec_caps[*idx], caps, nb_caps * sizeof(caps[0]));
+	*idx += nb_caps;
+}
+
 void
 cn10k_eth_sec_ops_override(void)
 {
 	static int init_once;
+	uint32_t idx = 0;
 
 	if (init_once)
 		return;
 	init_once = 1;
 
+	if (roc_feature_nix_has_inl_ipsec())
+		eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx,
+				 cn10k_eth_sec_ipsec_capabilities,
+				 RTE_DIM(cn10k_eth_sec_ipsec_capabilities));
+
+	if (roc_feature_nix_has_macsec())
+		eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx,
+				 cn10k_eth_sec_macsec_capabilities,
+				 RTE_DIM(cn10k_eth_sec_macsec_capabilities));
+
+	cn10k_eth_sec_capabilities[idx].action = RTE_SECURITY_ACTION_TYPE_NONE;
+
 	/* Update platform specific ops */
 	cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
 	cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;