@@ -12,7 +12,7 @@
#include "cn10k_cryptodev.h"
#include "cn10k_cryptodev_ops.h"
-#include "cn10k_ipsec.h"
+#include "cn10k_cryptodev_sec.h"
#include "cnxk_cryptodev.h"
#include "cnxk_cryptodev_capabilities.h"
#include "cnxk_cryptodev_sec.h"
new file mode 100644
@@ -0,0 +1,127 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include <rte_security.h>
+
+#include "cn10k_cryptodev_ops.h"
+#include "cn10k_cryptodev_sec.h"
+#include "cnxk_cryptodev_ops.h"
+
+static int
+cn10k_sec_session_create(void *dev, struct rte_security_session_conf *conf,
+ struct rte_security_session *sess)
+{
+ struct rte_cryptodev *crypto_dev = dev;
+ struct cnxk_cpt_vf *vf;
+ struct cnxk_cpt_qp *qp;
+
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL) {
+ plt_err("Setup cryptodev queue pair before creating security session");
+ return -EPERM;
+ }
+
+ vf = crypto_dev->data->dev_private;
+
+ if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
+ ((struct cn10k_sec_session *)sess)->userdata = conf->userdata;
+ return cn10k_ipsec_session_create(vf, qp, &conf->ipsec, conf->crypto_xform, sess);
+ }
+
+ return -ENOTSUP;
+}
+
+static int
+cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
+{
+ struct cn10k_sec_session *cn10k_sec_sess;
+ struct rte_cryptodev *crypto_dev = dev;
+ struct cnxk_cpt_qp *qp;
+
+ if (unlikely(sec_sess == NULL))
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (unlikely(qp == NULL))
+ return -ENOTSUP;
+
+ cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess;
+
+ if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+ return cn10k_sec_ipsec_session_destroy(qp, cn10k_sec_sess);
+
+ return -EINVAL;
+}
+
+static unsigned int
+cn10k_sec_session_get_size(void *dev __rte_unused)
+{
+ return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session);
+}
+
+static int
+cn10k_sec_session_stats_get(void *dev, struct rte_security_session *sec_sess,
+ struct rte_security_stats *stats)
+{
+ struct cn10k_sec_session *cn10k_sec_sess;
+ struct rte_cryptodev *crypto_dev = dev;
+ struct cnxk_cpt_qp *qp;
+
+ if (unlikely(sec_sess == NULL))
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (unlikely(qp == NULL))
+ return -ENOTSUP;
+
+ cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess;
+
+ if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+ return cn10k_ipsec_stats_get(qp, cn10k_sec_sess, stats);
+
+ return -ENOTSUP;
+}
+
+static int
+cn10k_sec_session_update(void *dev, struct rte_security_session *sec_sess,
+ struct rte_security_session_conf *conf)
+{
+ struct cn10k_sec_session *cn10k_sec_sess;
+ struct rte_cryptodev *crypto_dev = dev;
+ struct cnxk_cpt_qp *qp;
+ struct cnxk_cpt_vf *vf;
+
+ if (sec_sess == NULL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL)
+ return -EINVAL;
+
+ vf = crypto_dev->data->dev_private;
+
+ cn10k_sec_sess = (struct cn10k_sec_session *)sec_sess;
+
+ if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC)
+ return cn10k_ipsec_session_update(vf, qp, cn10k_sec_sess, conf);
+
+ return -ENOTSUP;
+}
+
+/* Update platform specific security ops */
+void
+cn10k_sec_ops_override(void)
+{
+ /* Update platform specific ops */
+ cnxk_sec_ops.session_create = cn10k_sec_session_create;
+ cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
+ cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;
+ cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get;
+ cnxk_sec_ops.session_update = cn10k_sec_session_update;
+ cnxk_sec_ops.inb_pkt_rx_inject = cn10k_cryptodev_sec_inb_rx_inject;
+ cnxk_sec_ops.rx_inject_configure = cn10k_cryptodev_sec_rx_inject_configure;
+}
new file mode 100644
@@ -0,0 +1,61 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef __CN10K_CRYPTODEV_SEC_H__
+#define __CN10K_CRYPTODEV_SEC_H__
+
+#include <rte_security.h>
+
+#include "roc_constants.h"
+#include "roc_cpt.h"
+
+#include "cn10k_ipsec.h"
+
+struct cn10k_sec_session {
+ struct rte_security_session rte_sess;
+
+ /** PMD private space */
+
+ enum rte_security_session_protocol proto;
+ /** Pre-populated CPT inst words */
+ struct cnxk_cpt_inst_tmpl inst;
+ uint16_t max_extended_len;
+ uint16_t iv_offset;
+ uint8_t iv_length;
+ union {
+ struct {
+ uint8_t ip_csum;
+ bool is_outbound;
+ } ipsec;
+ };
+ /** Queue pair */
+ struct cnxk_cpt_qp *qp;
+ /** Userdata to be set for Rx inject */
+ void *userdata;
+
+ /**
+ * End of SW mutable area
+ */
+ union {
+ struct cn10k_ipsec_sa sa;
+ };
+} __rte_aligned(ROC_ALIGN);
+
+static inline uint64_t
+cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *cptr)
+{
+ union cpt_inst_w7 w7;
+
+ w7.u64 = 0;
+ w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
+ w7.s.ctx_val = 1;
+ w7.s.cptr = (uint64_t)cptr;
+ rte_mb();
+
+ return w7.u64;
+}
+
+void cn10k_sec_ops_override(void);
+
+#endif /* __CN10K_CRYPTODEV_SEC_H__ */
@@ -11,6 +11,7 @@
#include <rte_udp.h>
#include "cn10k_cryptodev_ops.h"
+#include "cn10k_cryptodev_sec.h"
#include "cn10k_ipsec.h"
#include "cnxk_cryptodev.h"
#include "cnxk_cryptodev_ops.h"
@@ -19,20 +20,6 @@
#include "roc_api.h"
-static uint64_t
-cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa)
-{
- union cpt_inst_w7 w7;
-
- w7.u64 = 0;
- w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
- w7.s.ctx_val = 1;
- w7.s.cptr = (uint64_t)sa;
- rte_mb();
-
- return w7.u64;
-}
-
static int
cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
struct rte_security_ipsec_xform *ipsec_xfrm,
@@ -260,29 +247,19 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
return ret;
}
-static int
-cn10k_ipsec_session_create(void *dev,
+int
+cn10k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
struct rte_security_ipsec_xform *ipsec_xfrm,
struct rte_crypto_sym_xform *crypto_xfrm,
struct rte_security_session *sess)
{
- struct rte_cryptodev *crypto_dev = dev;
struct roc_cpt *roc_cpt;
- struct cnxk_cpt_vf *vf;
- struct cnxk_cpt_qp *qp;
int ret;
- qp = crypto_dev->data->queue_pairs[0];
- if (qp == NULL) {
- plt_err("Setup cpt queue pair before creating security session");
- return -EPERM;
- }
-
ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm);
if (ret)
return ret;
- vf = crypto_dev->data->dev_private;
roc_cpt = &vf->cpt;
if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
@@ -293,38 +270,15 @@ cn10k_ipsec_session_create(void *dev,
(struct cn10k_sec_session *)sess);
}
-static int
-cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
- struct rte_security_session *sess)
-{
- if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
- return -EINVAL;
-
- if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
- ((struct cn10k_sec_session *)sess)->userdata = conf->userdata;
- return cn10k_ipsec_session_create(device, &conf->ipsec, conf->crypto_xform, sess);
- }
- return -ENOTSUP;
-}
-
-static int
-cn10k_sec_ipsec_session_destroy(void *dev, struct rte_security_session *sec_sess)
+int
+cn10k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess)
{
- struct rte_cryptodev *crypto_dev = dev;
union roc_ot_ipsec_sa_word2 *w2;
- struct cn10k_sec_session *sess;
struct cn10k_ipsec_sa *sa;
- struct cnxk_cpt_qp *qp;
struct roc_cpt_lf *lf;
void *sa_dptr = NULL;
int ret;
- sess = (struct cn10k_sec_session *)sec_sess;
-
- qp = crypto_dev->data->queue_pairs[0];
- if (unlikely(qp == NULL))
- return -ENOTSUP;
-
lf = &qp->lf;
sa = &sess->sa;
@@ -374,48 +328,18 @@ cn10k_sec_ipsec_session_destroy(void *dev, struct rte_security_session *sec_sess
return 0;
}
-static int
-cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess)
+int
+cn10k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess,
+ struct rte_security_stats *stats)
{
- if (unlikely(sec_sess == NULL))
- return -EINVAL;
-
- if (((struct cn10k_sec_session *)sec_sess)->proto == RTE_SECURITY_PROTOCOL_IPSEC)
- return cn10k_sec_ipsec_session_destroy(dev, sec_sess);
-
- return -EINVAL;
-}
-
-static unsigned int
-cn10k_sec_session_get_size(void *device __rte_unused)
-{
- return sizeof(struct cn10k_sec_session) - sizeof(struct rte_security_session);
-}
-
-static int
-cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
- struct rte_security_stats *stats)
-{
- struct rte_cryptodev *crypto_dev = device;
struct roc_ot_ipsec_outb_sa *out_sa;
struct roc_ot_ipsec_inb_sa *in_sa;
- struct cn10k_sec_session *priv;
struct cn10k_ipsec_sa *sa;
- struct cnxk_cpt_qp *qp;
-
- if (unlikely(sess == NULL))
- return -EINVAL;
-
- priv = (struct cn10k_sec_session *)sess;
-
- qp = crypto_dev->data->queue_pairs[0];
- if (qp == NULL)
- return -EINVAL;
stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
- sa = &priv->sa;
+ sa = &sess->sa;
- if (priv->ipsec.is_outbound) {
+ if (sess->ipsec.is_outbound) {
out_sa = &sa->out_sa;
roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
rte_delay_ms(1);
@@ -432,23 +356,13 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
return 0;
}
-static int
-cn10k_sec_session_update(void *device, struct rte_security_session *sess,
- struct rte_security_session_conf *conf)
+int
+cn10k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct cn10k_sec_session *sess, struct rte_security_session_conf *conf)
{
- struct rte_cryptodev *crypto_dev = device;
struct roc_cpt *roc_cpt;
- struct cnxk_cpt_qp *qp;
- struct cnxk_cpt_vf *vf;
int ret;
- if (sess == NULL)
- return -EINVAL;
-
- qp = crypto_dev->data->queue_pairs[0];
- if (qp == NULL)
- return -EINVAL;
-
if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
return -ENOTSUP;
@@ -456,23 +370,8 @@ cn10k_sec_session_update(void *device, struct rte_security_session *sess,
if (ret)
return ret;
- vf = crypto_dev->data->dev_private;
roc_cpt = &vf->cpt;
return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, conf->crypto_xform,
(struct cn10k_sec_session *)sess);
}
-
-/* Update platform specific security ops */
-void
-cn10k_sec_ops_override(void)
-{
- /* Update platform specific ops */
- cnxk_sec_ops.session_create = cn10k_sec_session_create;
- cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
- cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;
- cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get;
- cnxk_sec_ops.session_update = cn10k_sec_session_update;
- cnxk_sec_ops.inb_pkt_rx_inject = cn10k_cryptodev_sec_inb_rx_inject;
- cnxk_sec_ops.rx_inject_configure = cn10k_cryptodev_sec_rx_inject_configure;
-}
@@ -11,9 +11,12 @@
#include "roc_constants.h"
#include "roc_ie_ot.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
#include "cnxk_ipsec.h"
-typedef void *CN10K_SA_CONTEXT_MARKER[0];
+/* Forward declaration */
+struct cn10k_sec_session;
struct cn10k_ipsec_sa {
union {
@@ -24,34 +27,14 @@ struct cn10k_ipsec_sa {
};
} __rte_aligned(ROC_ALIGN);
-struct cn10k_sec_session {
- struct rte_security_session rte_sess;
-
- /** PMD private space */
-
- enum rte_security_session_protocol proto;
- /** Pre-populated CPT inst words */
- struct cnxk_cpt_inst_tmpl inst;
- uint16_t max_extended_len;
- uint16_t iv_offset;
- uint8_t iv_length;
- union {
- struct {
- uint8_t ip_csum;
- bool is_outbound;
- } ipsec;
- };
- /** Queue pair */
- struct cnxk_cpt_qp *qp;
- /** Userdata to be set for Rx inject */
- void *userdata;
-
- /**
- * End of SW mutable area
- */
- struct cn10k_ipsec_sa sa;
-} __rte_aligned(ROC_ALIGN);
-
-void cn10k_sec_ops_override(void);
-
+int cn10k_ipsec_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct rte_security_ipsec_xform *ipsec_xfrm,
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ struct rte_security_session *sess);
+int cn10k_sec_ipsec_session_destroy(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess);
+int cn10k_ipsec_stats_get(struct cnxk_cpt_qp *qp, struct cn10k_sec_session *sess,
+ struct rte_security_stats *stats);
+int cn10k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct cn10k_sec_session *sess,
+ struct rte_security_session_conf *conf);
#endif /* __CN10K_IPSEC_H__ */
@@ -11,6 +11,7 @@
#include "roc_ie.h"
#include "cn10k_cryptodev.h"
+#include "cn10k_cryptodev_sec.h"
#include "cn10k_ipsec.h"
#include "cnxk_cryptodev.h"
#include "cnxk_cryptodev_ops.h"
@@ -14,6 +14,7 @@ sources = files(
'cn9k_ipsec.c',
'cn10k_cryptodev.c',
'cn10k_cryptodev_ops.c',
+ 'cn10k_cryptodev_sec.c',
'cn10k_ipsec.c',
'cnxk_cryptodev.c',
'cnxk_cryptodev_capabilities.c',