@@ -5,6 +5,9 @@
#include <rte_string_fns.h>
#include <rte_ethdev_pci.h>
#include <rte_alarm.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+#include <rte_cryptodev.h>
#include "atl_ethdev.h"
#include "atl_common.h"
@@ -122,6 +125,7 @@ static int eth_atl_pci_remove(struct rte_pci_device *pci_dev);
static void atl_dev_info_get(struct rte_eth_dev *dev,
struct rte_eth_dev_info *dev_info);
+static int atl_macsec_ctx_create(struct rte_eth_dev *dev);
int atl_logtype_init;
int atl_logtype_driver;
@@ -412,6 +416,10 @@ eth_atl_dev_init(struct rte_eth_dev *eth_dev)
hw->aq_nic_cfg = &adapter->hw_cfg;
+ /* Initialize security_ctx only for primary process*/
+ if (atl_macsec_ctx_create(eth_dev))
+ return -ENOMEM;
+
/* disable interrupt */
atl_disable_intr(hw);
@@ -475,6 +483,8 @@ eth_atl_dev_uninit(struct rte_eth_dev *eth_dev)
rte_free(eth_dev->data->mac_addrs);
eth_dev->data->mac_addrs = NULL;
+ rte_free(eth_dev->security_ctx);
+
return 0;
}
@@ -1872,6 +1882,112 @@ atl_rss_hash_conf_get(struct rte_eth_dev *dev,
return 0;
}
+static const struct rte_security_capability *
+atl_crypto_capabilities_get(void *device __rte_unused)
+{
+ static const struct rte_cryptodev_capabilities
+ aes_gcm_gmac_crypto_capabilities[] = {
+ { /* AES GMAC (128-bit) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+ };
+
+ static const struct rte_security_capability
+ alt_security_capabilities[] = {
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+ {.macsec = {
+ /*
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .options = { 0 }
+ */
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = 0
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+ };
+
+ return alt_security_capabilities;
+}
+
+static int atl_macsec_create_session(void *device,
+ struct rte_security_session_conf *conf,
+ struct rte_security_session *sess,
+ struct rte_mempool *mp)
+{
+
+}
+
+static int atl_macsec_update_session(void *device,
+ struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+
+}
+
+static unsigned int atl_macsec_session_get_size(void *device)
+{
+
+}
+
+static int atl_macsec_destroy_session(void *device,
+ struct rte_security_session *sess)
+{
+
+}
+
+static const struct rte_security_capability *atl_macsec_capabilities_get(
+ void *device)
+{
+
+}
+
+static struct rte_security_ops atl_security_ops = {
+ .session_create = atl_macsec_create_session,
+ .session_update = atl_macsec_update_session,
+ .session_get_size = atl_macsec_session_get_size,
+ .session_stats_get = NULL,
+ .session_destroy = atl_macsec_destroy_session,
+ .set_pkt_metadata = NULL,
+ .capabilities_get = atl_macsec_capabilities_get,
+};
+
+static int
+atl_macsec_ctx_create(struct rte_eth_dev *dev)
+{
+ struct rte_security_ctx *ctx = NULL;
+
+ ctx = rte_malloc("rte_security_instances_ops",
+ sizeof(struct rte_security_ctx), 0);
+ if (ctx) {
+ ctx->device = (void *)dev;
+ ctx->ops = &atl_security_ops;
+ ctx->sess_cnt = 0;
+ dev->security_ctx = ctx;
+ } else {
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+
static bool
is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv)
{
@@ -11,3 +11,4 @@ sources = files(
'hw_atl/hw_atl_utils.c',
'rte_pmd_atlantic.c',
)
+deps += ['security']
\ No newline at end of file