Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/94822/?format=api
{ "id": 94822, "url": "https://patches.dpdk.org/api/patches/94822/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/1624599410-29689-17-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1624599410-29689-17-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1624599410-29689-17-git-send-email-anoobj@marvell.com", "date": "2021-06-25T05:36:48", "name": "[v2,16/17] common/cnxk: add IPsec common code", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "8a22daf4208e2cc560d70927acdd503b8347649d", "submitter": { "id": 1205, "url": "https://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/1624599410-29689-17-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 17482, "url": "https://patches.dpdk.org/api/series/17482/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17482", "date": "2021-06-25T05:36:32", "name": "Add CPT in Marvell CNXK common driver", "version": 2, "mbox": "https://patches.dpdk.org/series/17482/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/94822/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/94822/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 37B02A0C40;\n\tFri, 25 Jun 2021 07:39:01 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id A8BC8410E8;\n\tFri, 25 Jun 2021 07:38:37 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 8A90640698\n for <dev@dpdk.org>; Fri, 25 Jun 2021 07:38:35 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id\n 15P5a5VW018455; Thu, 24 Jun 2021 22:38:34 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0a-0016f401.pphosted.com with ESMTP id 39d24dhh7v-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 24 Jun 2021 22:38:34 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 24 Jun 2021 22:38:32 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 24 Jun 2021 22:38:32 -0700", "from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218])\n by maili.marvell.com (Postfix) with ESMTP id 6A64F3F7070;\n Thu, 24 Jun 2021 22:38:29 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=cD/WPDMRUcv+jUAWpMN2nKsPvzyLWYZ1k4friGveRoc=;\n b=aX78KXAdwRAJh9FBjgRoyQN0xeDuFWM/7hHYEIlx/O5cZmNC+/kYd59O0PRypTbEn3EY\n D+XcFg93dY2jFzJoJVbAUeHvV5rs7GULyAIgyJDCD5FS4mr+FAzRXEs4erMvyptK1WvG\n jedfO9nEPgjx0qIiD+7ckqYlIbznuFqP09gOzIKsW+3VDSA55cb1+/1QD8stOmLRMGS4\n m0lCn4VuSktqu9H0Zm5hhTUPecf9quy8ljlMBHDmY5P3/dttYV685MPkXwYfMoNlSEzP\n MXiZv/QZFAqBBtF3+DTSWEAWmvWU7+2Dc5thHlhcyQbWLThkFMxsfNPyiOv7XmsUV1on DQ==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>, Thomas Monjalon <thomas@monjalon.net>", "CC": "Srujana Challa <schalla@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, <dev@dpdk.org>, Nithin Dabilpuram\n <ndabilpuram@marvell.com>", "Date": "Fri, 25 Jun 2021 11:06:48 +0530", "Message-ID": "<1624599410-29689-17-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1624599410-29689-1-git-send-email-anoobj@marvell.com>", "References": "\n <patches.dpdk.org/project/dpdk/patch/1622649385-22652-1-git-send-email-anoobj@marvell.com/>\n <1624599410-29689-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "9zxHz1IQw7q2aWTwBFhxYTEXyUmp0xwS", "X-Proofpoint-ORIG-GUID": "9zxHz1IQw7q2aWTwBFhxYTEXyUmp0xwS", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790\n definitions=2021-06-25_01:2021-06-24,\n 2021-06-25 signatures=0", "Subject": "[dpdk-dev] [PATCH v2 16/17] common/cnxk: add IPsec common code", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Srujana Challa <schalla@marvell.com>\n\nAdd code that can be leveraged across\nlookaside and inline IPsec on cn10k.\n\nSigned-off-by: Srujana Challa <schalla@marvell.com>\nSigned-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n drivers/common/cnxk/cnxk_security.c | 468 ++++++++++++++++++++++++++++++++++++\n drivers/common/cnxk/cnxk_security.h | 49 ++++\n drivers/common/cnxk/meson.build | 6 +-\n drivers/common/cnxk/version.map | 8 +\n 4 files changed, 530 insertions(+), 1 deletion(-)\n create mode 100644 drivers/common/cnxk/cnxk_security.c\n create mode 100644 drivers/common/cnxk/cnxk_security.h", "diff": "diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c\nnew file mode 100644\nindex 0000000..17889bb\n--- /dev/null\n+++ b/drivers/common/cnxk/cnxk_security.c\n@@ -0,0 +1,468 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2021 Marvell.\n+ */\n+\n+#include \"cnxk_security.h\"\n+\n+static int\n+ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n+\t\t\t uint8_t *cipher_key, uint8_t *salt_key,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n+{\n+\tconst uint8_t *key;\n+\tuint32_t *tmp_salt;\n+\tuint64_t *tmp_key;\n+\tint length, i;\n+\n+\t/* Set direction */\n+\tswitch (ipsec_xfrm->direction) {\n+\tcase RTE_SECURITY_IPSEC_SA_DIR_INGRESS:\n+\t\tw2->s.dir = ROC_IE_OT_SA_DIR_INBOUND;\n+\t\tbreak;\n+\tcase RTE_SECURITY_IPSEC_SA_DIR_EGRESS:\n+\t\tw2->s.dir = ROC_IE_OT_SA_DIR_OUTBOUND;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\t/* Set protocol - ESP vs AH */\n+\tswitch (ipsec_xfrm->proto) {\n+\tcase RTE_SECURITY_IPSEC_SA_PROTO_ESP:\n+\t\tw2->s.protocol = ROC_IE_OT_SA_PROTOCOL_ESP;\n+\t\tbreak;\n+\tcase RTE_SECURITY_IPSEC_SA_PROTO_AH:\n+\t\tw2->s.protocol = ROC_IE_OT_SA_PROTOCOL_AH;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\t/* Set mode - transport vs tunnel */\n+\tswitch (ipsec_xfrm->mode) {\n+\tcase RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT:\n+\t\tw2->s.mode = ROC_IE_OT_SA_MODE_TRANSPORT;\n+\t\tbreak;\n+\tcase RTE_SECURITY_IPSEC_SA_MODE_TUNNEL:\n+\t\tw2->s.mode = ROC_IE_OT_SA_MODE_TUNNEL;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\t/* Set encryption algorithm */\n+\tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tkey = crypto_xfrm->aead.key.data;\n+\t\tlength = crypto_xfrm->aead.key.length;\n+\n+\t\tswitch (crypto_xfrm->aead.algo) {\n+\t\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\t\tw2->s.enc_type = ROC_IE_OT_SA_ENC_AES_GCM;\n+\t\t\tw2->s.auth_type = ROC_IE_OT_SA_AUTH_NULL;\n+\t\t\tmemcpy(salt_key, &ipsec_xfrm->salt, 4);\n+\t\t\ttmp_salt = (uint32_t *)salt_key;\n+\t\t\t*tmp_salt = rte_be_to_cpu_32(*tmp_salt);\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t} else {\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\tw2->s.spi = ipsec_xfrm->spi;\n+\n+\t/* Copy encryption key */\n+\tmemcpy(cipher_key, key, length);\n+\ttmp_key = (uint64_t *)cipher_key;\n+\tfor (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)\n+\t\ttmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);\n+\n+\tswitch (length) {\n+\tcase ROC_CPT_AES128_KEY_LEN:\n+\t\tw2->s.aes_key_len = ROC_IE_OT_SA_AES_KEY_LEN_128;\n+\t\tbreak;\n+\tcase ROC_CPT_AES192_KEY_LEN:\n+\t\tw2->s.aes_key_len = ROC_IE_OT_SA_AES_KEY_LEN_192;\n+\t\tbreak;\n+\tcase ROC_CPT_AES256_KEY_LEN:\n+\t\tw2->s.aes_key_len = ROC_IE_OT_SA_AES_KEY_LEN_256;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static size_t\n+ot_ipsec_inb_ctx_size(struct roc_ot_ipsec_inb_sa *sa)\n+{\n+\tsize_t size;\n+\n+\t/* Variable based on Anti-replay Window */\n+\tsize = offsetof(struct roc_ot_ipsec_inb_sa, ctx) +\n+\t offsetof(struct roc_ot_ipsec_inb_ctx_update_reg, ar_winbits);\n+\n+\tif (sa->w0.s.ar_win)\n+\t\tsize += (1 << (sa->w0.s.ar_win - 1)) * sizeof(uint64_t);\n+\n+\treturn size;\n+}\n+\n+int\n+cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n+{\n+\tunion roc_ot_ipsec_sa_word2 w2;\n+\tuint32_t replay_win_sz;\n+\tsize_t offset;\n+\tint rc;\n+\n+\tw2.u64 = 0;\n+\trc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->w8.s.salt,\n+\t\t\t\t\t ipsec_xfrm, crypto_xfrm);\n+\tif (rc)\n+\t\treturn rc;\n+\n+\t/* Updata common word2 data */\n+\tsa->w2.u64 = w2.u64;\n+\n+\t/* Only support power-of-two window sizes supported */\n+\treplay_win_sz = ipsec_xfrm->replay_win_sz;\n+\tif (replay_win_sz) {\n+\t\tif (!rte_is_power_of_2(replay_win_sz) ||\n+\t\t replay_win_sz > ROC_AR_WIN_SIZE_MAX)\n+\t\t\treturn -ENOTSUP;\n+\n+\t\tsa->w0.s.ar_win = rte_log2_u32(replay_win_sz) - 5;\n+\t}\n+\n+\t/* Default options for pkt_out and pkt_fmt are with\n+\t * second pass meta and no defrag.\n+\t */\n+\tsa->w0.s.pkt_format = ROC_IE_OT_SA_PKT_FMT_META;\n+\tsa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG;\n+\tsa->w0.s.pkind = ROC_OT_CPT_META_PKIND;\n+\n+\t/* ESN */\n+\tsa->w2.s.esn_en = !!ipsec_xfrm->options.esn;\n+\n+\toffset = offsetof(struct roc_ot_ipsec_inb_sa, ctx);\n+\t/* Word offset for HW managed SA field */\n+\tsa->w0.s.hw_ctx_off = offset / 8;\n+\t/* Context push size for inbound spans up to hw_ctx including\n+\t * ar_base field, in 8b units\n+\t */\n+\tsa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1;\n+\t/* Entire context size in 128B units */\n+\tsa->w0.s.ctx_size =\n+\t\t(PLT_ALIGN_CEIL(ot_ipsec_inb_ctx_size(sa), ROC_CTX_UNIT_128B) /\n+\t\t ROC_CTX_UNIT_128B) -\n+\t\t1;\n+\n+\t/* There are two words of CPT_CTX_HW_S for ucode to skip */\n+\tsa->w0.s.ctx_hdr_size = 1;\n+\tsa->w0.s.aop_valid = 1;\n+\n+\trte_wmb();\n+\n+\t/* Enable SA */\n+\tsa->w2.s.valid = 1;\n+\treturn 0;\n+}\n+\n+int\n+cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n+{\n+\tstruct rte_security_ipsec_tunnel_param *tunnel = &ipsec_xfrm->tunnel;\n+\tunion roc_ot_ipsec_sa_word2 w2;\n+\tsize_t offset;\n+\tint rc;\n+\n+\tw2.u64 = 0;\n+\trc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->iv.s.salt,\n+\t\t\t\t\t ipsec_xfrm, crypto_xfrm);\n+\tif (rc)\n+\t\treturn rc;\n+\n+\t/* Update common word2 data */\n+\tsa->w2.u64 = w2.u64;\n+\n+\tif (ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)\n+\t\tgoto skip_tunnel_info;\n+\n+\t/* Tunnel header info */\n+\tswitch (tunnel->type) {\n+\tcase RTE_SECURITY_IPSEC_TUNNEL_IPV4:\n+\t\tsa->w2.s.outer_ip_ver = ROC_IE_OT_SA_IP_VERSION_4;\n+\t\tmemcpy(&sa->outer_hdr.ipv4.src_addr, &tunnel->ipv4.src_ip,\n+\t\t sizeof(struct in_addr));\n+\t\tmemcpy(&sa->outer_hdr.ipv4.dst_addr, &tunnel->ipv4.dst_ip,\n+\t\t sizeof(struct in_addr));\n+\n+\t\t/* IP Source and Dest seems to be in LE/CPU endian */\n+\t\tsa->outer_hdr.ipv4.src_addr =\n+\t\t\trte_be_to_cpu_32(sa->outer_hdr.ipv4.src_addr);\n+\t\tsa->outer_hdr.ipv4.dst_addr =\n+\t\t\trte_be_to_cpu_32(sa->outer_hdr.ipv4.dst_addr);\n+\n+\t\t/* Outer header DF bit source */\n+\t\tif (!ipsec_xfrm->options.copy_df) {\n+\t\t\tsa->w2.s.ipv4_df_src_or_ipv6_flw_lbl_src =\n+\t\t\t\tROC_IE_OT_SA_COPY_FROM_SA;\n+\t\t\tsa->w10.s.ipv4_df_or_ipv6_flw_lbl = tunnel->ipv4.df;\n+\t\t} else {\n+\t\t\tsa->w2.s.ipv4_df_src_or_ipv6_flw_lbl_src =\n+\t\t\t\tROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR;\n+\t\t}\n+\n+\t\t/* Outer header DSCP source */\n+\t\tif (!ipsec_xfrm->options.copy_dscp) {\n+\t\t\tsa->w2.s.dscp_src = ROC_IE_OT_SA_COPY_FROM_SA;\n+\t\t\tsa->w10.s.dscp = tunnel->ipv4.dscp;\n+\t\t} else {\n+\t\t\tsa->w2.s.dscp_src = ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR;\n+\t\t}\n+\t\tbreak;\n+\tcase RTE_SECURITY_IPSEC_TUNNEL_IPV6:\n+\t\tsa->w2.s.outer_ip_ver = ROC_IE_OT_SA_IP_VERSION_6;\n+\t\tmemcpy(&sa->outer_hdr.ipv6.src_addr, &tunnel->ipv6.src_addr,\n+\t\t sizeof(struct in6_addr));\n+\t\tmemcpy(&sa->outer_hdr.ipv6.dst_addr, &tunnel->ipv6.dst_addr,\n+\t\t sizeof(struct in6_addr));\n+\n+\t\t/* Outer header flow label source */\n+\t\tif (!ipsec_xfrm->options.copy_flabel) {\n+\t\t\tsa->w2.s.ipv4_df_src_or_ipv6_flw_lbl_src =\n+\t\t\t\tROC_IE_OT_SA_COPY_FROM_SA;\n+\n+\t\t\tsa->w10.s.ipv4_df_or_ipv6_flw_lbl = tunnel->ipv6.flabel;\n+\t\t} else {\n+\t\t\tsa->w2.s.ipv4_df_src_or_ipv6_flw_lbl_src =\n+\t\t\t\tROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR;\n+\t\t}\n+\n+\t\t/* Outer header DSCP source */\n+\t\tif (!ipsec_xfrm->options.copy_dscp) {\n+\t\t\tsa->w2.s.dscp_src = ROC_IE_OT_SA_COPY_FROM_SA;\n+\t\t\tsa->w10.s.dscp = tunnel->ipv6.dscp;\n+\t\t} else {\n+\t\t\tsa->w2.s.dscp_src = ROC_IE_OT_SA_COPY_FROM_INNER_IP_HDR;\n+\t\t}\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\t/* Default options of DSCP and Flow label/DF */\n+\tsa->w2.s.dscp_src = ROC_IE_OT_SA_COPY_FROM_SA;\n+\tsa->w2.s.ipv4_df_src_or_ipv6_flw_lbl_src = ROC_IE_OT_SA_COPY_FROM_SA;\n+\n+skip_tunnel_info:\n+\t/* ESN */\n+\tsa->w0.s.esn_en = !!ipsec_xfrm->options.esn;\n+\n+\toffset = offsetof(struct roc_ot_ipsec_outb_sa, ctx);\n+\t/* Word offset for HW managed SA field */\n+\tsa->w0.s.hw_ctx_off = offset / 8;\n+\t/* Context push size is up to hmac_opad_ipad */\n+\tsa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off;\n+\t/* Entire context size in 128B units */\n+\toffset = sizeof(struct roc_ot_ipsec_outb_sa);\n+\tsa->w0.s.ctx_size = (PLT_ALIGN_CEIL(offset, ROC_CTX_UNIT_128B) /\n+\t\t\t ROC_CTX_UNIT_128B) -\n+\t\t\t 1;\n+\n+\t/* IPID gen */\n+\tsa->w2.s.ipid_gen = 1;\n+\n+\t/* There are two words of CPT_CTX_HW_S for ucode to skip */\n+\tsa->w0.s.ctx_hdr_size = 1;\n+\tsa->w0.s.aop_valid = 1;\n+\n+\trte_wmb();\n+\n+\t/* Enable SA */\n+\tsa->w2.s.valid = 1;\n+\treturn 0;\n+}\n+\n+bool\n+cnxk_ot_ipsec_inb_sa_valid(struct roc_ot_ipsec_inb_sa *sa)\n+{\n+\treturn !!sa->w2.s.valid;\n+}\n+\n+bool\n+cnxk_ot_ipsec_outb_sa_valid(struct roc_ot_ipsec_outb_sa *sa)\n+{\n+\treturn !!sa->w2.s.valid;\n+}\n+\n+uint8_t\n+cnxk_ipsec_ivlen_get(enum rte_crypto_cipher_algorithm c_algo,\n+\t\t enum rte_crypto_auth_algorithm a_algo,\n+\t\t enum rte_crypto_aead_algorithm aead_algo)\n+{\n+\tuint8_t ivlen = 0;\n+\n+\tif (aead_algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\t\tivlen = 8;\n+\n+\tswitch (c_algo) {\n+\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\tivlen = 8;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\tivlen = ROC_CPT_DES_BLOCK_LENGTH;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\tivlen = ROC_CPT_AES_BLOCK_LENGTH;\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+\n+\tswitch (a_algo) {\n+\tcase RTE_CRYPTO_AUTH_AES_GMAC:\n+\t\tivlen = 8;\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+\n+\treturn ivlen;\n+}\n+\n+uint8_t\n+cnxk_ipsec_icvlen_get(enum rte_crypto_cipher_algorithm c_algo,\n+\t\t enum rte_crypto_auth_algorithm a_algo,\n+\t\t enum rte_crypto_aead_algorithm aead_algo)\n+{\n+\tuint8_t icv = 0;\n+\n+\t(void)c_algo;\n+\n+\tswitch (a_algo) {\n+\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\ticv = 0;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA1:\n+\t\ticv = 12;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA256:\n+\tcase RTE_CRYPTO_AUTH_AES_GMAC:\n+\t\ticv = 16;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA384:\n+\t\ticv = 24;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA512:\n+\t\ticv = 32;\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+\n+\tswitch (aead_algo) {\n+\tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\t\ticv = 16;\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+\n+\treturn icv;\n+}\n+\n+uint8_t\n+cnxk_ipsec_outb_roundup_byte(enum rte_crypto_cipher_algorithm c_algo,\n+\t\t\t enum rte_crypto_aead_algorithm aead_algo)\n+{\n+\tuint8_t roundup_byte = 4;\n+\n+\tif (aead_algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\t\treturn roundup_byte;\n+\n+\tswitch (c_algo) {\n+\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\troundup_byte = 4;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\troundup_byte = 16;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\troundup_byte = 8;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\troundup_byte = 4;\n+\t\tbreak;\n+\tdefault:\n+\t\tbreak;\n+\t}\n+\n+\treturn roundup_byte;\n+}\n+\n+int\n+cnxk_ipsec_outb_rlens_get(struct cnxk_ipsec_outb_rlens *rlens,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm)\n+{\n+\tstruct rte_security_ipsec_tunnel_param *tunnel = &ipsec_xfrm->tunnel;\n+\tenum rte_crypto_cipher_algorithm c_algo = RTE_CRYPTO_CIPHER_NULL;\n+\tenum rte_crypto_auth_algorithm a_algo = RTE_CRYPTO_AUTH_NULL;\n+\tenum rte_crypto_aead_algorithm aead_algo = 0;\n+\tuint16_t partial_len = 0;\n+\tuint8_t roundup_byte = 0;\n+\tint8_t roundup_len = 0;\n+\n+\tmemset(rlens, 0, sizeof(struct cnxk_ipsec_outb_rlens));\n+\n+\t/* Get Cipher and Auth algo */\n+\tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\taead_algo = crypto_xfrm->aead.algo;\n+\t} else {\n+\t\tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER)\n+\t\t\tc_algo = crypto_xfrm->cipher.algo;\n+\t\telse\n+\t\t\ta_algo = crypto_xfrm->auth.algo;\n+\n+\t\tif (crypto_xfrm->next) {\n+\t\t\tif (crypto_xfrm->next->type ==\n+\t\t\t RTE_CRYPTO_SYM_XFORM_CIPHER)\n+\t\t\t\tc_algo = crypto_xfrm->next->cipher.algo;\n+\t\t\telse\n+\t\t\t\ta_algo = crypto_xfrm->next->auth.algo;\n+\t\t}\n+\t}\n+\n+\tif (ipsec_xfrm->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {\n+\t\tpartial_len = ROC_CPT_ESP_HDR_LEN;\n+\t\troundup_len = ROC_CPT_ESP_TRL_LEN;\n+\t} else {\n+\t\tpartial_len = ROC_CPT_AH_HDR_LEN;\n+\t}\n+\n+\tif (ipsec_xfrm->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\tif (tunnel->type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)\n+\t\t\tpartial_len += ROC_CPT_TUNNEL_IPV4_HDR_LEN;\n+\t\telse\n+\t\t\tpartial_len += ROC_CPT_TUNNEL_IPV6_HDR_LEN;\n+\t}\n+\n+\tpartial_len += cnxk_ipsec_ivlen_get(c_algo, a_algo, aead_algo);\n+\tpartial_len += cnxk_ipsec_icvlen_get(c_algo, a_algo, aead_algo);\n+\troundup_byte = cnxk_ipsec_outb_roundup_byte(c_algo, aead_algo);\n+\n+\trlens->partial_len = partial_len;\n+\trlens->roundup_len = roundup_len;\n+\trlens->roundup_byte = roundup_byte;\n+\trlens->max_extended_len = partial_len + roundup_len + roundup_byte;\n+\treturn 0;\n+}\ndiff --git a/drivers/common/cnxk/cnxk_security.h b/drivers/common/cnxk/cnxk_security.h\nnew file mode 100644\nindex 0000000..602f583\n--- /dev/null\n+++ b/drivers/common/cnxk/cnxk_security.h\n@@ -0,0 +1,49 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2021 Marvell.\n+ */\n+#ifndef _CNXK_SECURITY_H__\n+#define _CNXK_SECURITY_H__\n+\n+#include <rte_crypto.h>\n+#include <rte_security.h>\n+\n+#include \"roc_api.h\"\n+\n+/* Response length calculation data */\n+struct cnxk_ipsec_outb_rlens {\n+\tuint16_t partial_len;\n+\tuint8_t roundup_byte;\n+\tint8_t roundup_len;\n+\tuint16_t max_extended_len;\n+};\n+\n+int __roc_api\n+cnxk_ipsec_outb_rlens_get(struct cnxk_ipsec_outb_rlens *rlens,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm);\n+uint8_t __roc_api\n+cnxk_ipsec_ivlen_get(enum rte_crypto_cipher_algorithm c_algo,\n+\t\t enum rte_crypto_auth_algorithm a_algo,\n+\t\t enum rte_crypto_aead_algorithm aead_algo);\n+uint8_t __roc_api\n+cnxk_ipsec_icvlen_get(enum rte_crypto_cipher_algorithm c_algo,\n+\t\t enum rte_crypto_auth_algorithm a_algo,\n+\t\t enum rte_crypto_aead_algorithm aead_algo);\n+\n+uint8_t __roc_api\n+cnxk_ipsec_outb_roundup_byte(enum rte_crypto_cipher_algorithm c_algo,\n+\t\t\t enum rte_crypto_aead_algorithm aead_algo);\n+\n+/* [CN10K, .) */\n+int __roc_api\n+cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm);\n+int __roc_api\n+cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,\n+\t\t\t struct rte_security_ipsec_xform *ipsec_xfrm,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xfrm);\n+bool __roc_api cnxk_ot_ipsec_inb_sa_valid(struct roc_ot_ipsec_inb_sa *sa);\n+bool __roc_api cnxk_ot_ipsec_outb_sa_valid(struct roc_ot_ipsec_outb_sa *sa);\n+\n+#endif /* _CNXK_SECURITY_H__ */\ndiff --git a/drivers/common/cnxk/meson.build b/drivers/common/cnxk/meson.build\nindex 4c5d318..1f118ef 100644\n--- a/drivers/common/cnxk/meson.build\n+++ b/drivers/common/cnxk/meson.build\n@@ -9,7 +9,7 @@ if not is_linux or not dpdk_conf.get('RTE_ARCH_64')\n endif\n \n config_flag_fmt = 'RTE_LIBRTE_@0@_COMMON'\n-deps = ['eal', 'pci', 'bus_pci', 'mbuf']\n+deps = ['eal', 'pci', 'bus_pci', 'mbuf', 'security']\n sources = files(\n 'roc_ae.c',\n 'roc_ae_fpm_tables.c',\n@@ -51,4 +51,8 @@ sources = files(\n 'roc_tim_irq.c',\n 'roc_utils.c',\n )\n+\n+# Security common code\n+sources += files('cnxk_security.c')\n+\n includes += include_directories('../../bus/pci')\ndiff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map\nindex 9611217..91e8b40 100644\n--- a/drivers/common/cnxk/version.map\n+++ b/drivers/common/cnxk/version.map\n@@ -1,6 +1,10 @@\n INTERNAL {\n \tglobal:\n \n+\tcnxk_ipsec_icvlen_get;\n+\tcnxk_ipsec_ivlen_get;\n+\tcnxk_ipsec_outb_rlens_get;\n+\tcnxk_ipsec_outb_roundup_byte;\n \tcnxk_logtype_base;\n \tcnxk_logtype_cpt;\n \tcnxk_logtype_mbox;\n@@ -10,6 +14,10 @@ INTERNAL {\n \tcnxk_logtype_sso;\n \tcnxk_logtype_tim;\n \tcnxk_logtype_tm;\n+\tcnxk_ot_ipsec_inb_sa_fill;\n+\tcnxk_ot_ipsec_outb_sa_fill;\n+\tcnxk_ot_ipsec_inb_sa_valid;\n+\tcnxk_ot_ipsec_outb_sa_valid;\n \troc_ae_ec_grp_get;\n \troc_ae_ec_grp_put;\n \troc_ae_fpm_get;\n", "prefixes": [ "v2", "16/17" ] }