From patchwork Tue Sep 7 14:20:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 98193 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 03E96A0C40; Tue, 7 Sep 2021 16:21:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8D7DB41198; Tue, 7 Sep 2021 16:21:19 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id EA16F41196 for ; Tue, 7 Sep 2021 16:21:17 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 187C16UX025501 for ; Tue, 7 Sep 2021 07:21:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=6dBNYbI/RJUP6yBJGa4VGlWAoI+rjXdJmcQZmjuD74g=; b=IotBIYuxcr/kHCxMrmEkvNEQO9XIxvIb01s4FnYte7Ka40kXjwp0egf3Z1MhNup5jIpC kxwvmqQbA4dAvdQiil0s/ei5c9AcW6XU7VGptWJMHn8SblO6AVagE6oEHNk6e29kuYq/ GktTkhikvWLqUw96GVrf+OENuI+6ldWJIXRXEeP8IktAFDsaDNSqHT2IUYD2vBzrbP1B 8xKkXSxCrjIut+vCz6qoUN20XWLfEWCv47waRRrusrNKj1rJ6HUHuQlDXp9fBlj3M/6B mGPoJ8M1/SkqkhMTC56D0DLsMeAPtu97/IhkyzXSMN/XQfkLwEkfuxqag7iVHgoHyoTK lQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3awty5tmrc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 07 Sep 2021 07:21:17 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 07:21:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 07:21:15 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id D08703F7091; Tue, 7 Sep 2021 07:21:12 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Tue, 7 Sep 2021 19:50:58 +0530 Message-ID: <20210907142103.18807-2-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210907142103.18807-1-marchana@marvell.com> References: <20210907142103.18807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: KHxBFiUHTQMCTKKyBZgK0opeWt68lDqL X-Proofpoint-ORIG-GUID: KHxBFiUHTQMCTKKyBZgK0opeWt68lDqL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_04,2021-09-07_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 1/6] crypto/cnxk: add cn9k security ctx X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add security ctx in cn9k crypto PMD. Signed-off-by: Archana Muniganti Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn9k_cryptodev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/crypto/cnxk/cn9k_cryptodev.c b/drivers/crypto/cnxk/cn9k_cryptodev.c index 9ff2383d98..db2e085161 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev.c @@ -14,6 +14,7 @@ #include "cn9k_cryptodev_ops.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" +#include "cnxk_cryptodev_sec.h" #include "roc_api.h" @@ -77,6 +78,11 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, plt_err("Failed to add engine group rc=%d", rc); goto dev_fini; } + + /* Create security context */ + rc = cnxk_crypto_sec_ctx_create(dev); + if (rc) + goto dev_fini; } dev->dev_ops = &cn9k_cpt_ops; @@ -117,6 +123,9 @@ cn9k_cpt_pci_remove(struct rte_pci_device *pci_dev) if (dev == NULL) return -ENODEV; + /* Destroy security context */ + cnxk_crypto_sec_ctx_destroy(dev); + if (rte_eal_process_type() == RTE_PROC_PRIMARY) { vf = dev->data->dev_private; ret = roc_cpt_dev_fini(&vf->cpt); From patchwork Tue Sep 7 14:20:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 98194 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1E6FDA0C40; Tue, 7 Sep 2021 16:21:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AB14D411A6; Tue, 7 Sep 2021 16:21:22 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 67762411A6 for ; Tue, 7 Sep 2021 16:21:21 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 187C3wcS025669 for ; Tue, 7 Sep 2021 07:21:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=45VGvkBrPjr0YiKSbxJ9FkmGLxxd/wazEkNmJCTnZEw=; b=gIAdQyHbMPMxdj9UA31qK0s39MR2A7jzghmIH7ovmki8apQrcd+sQEERtUqhsEfmBZ4Q tU6zaqd9EnTQFwuXDsik6syyyYnR5VcZs+tKhQmMtBCvXJM9T0WgoI8IsOX/MMzJ3s3w Jet6HUubpt8disVVEmiFbEYvatllleCsJ67pOX2WJxQh8nDphRADRWaWJ4L3cgZxhWeg e4XTdQ6ugevVFrvtKPNVocgenFJ+ScELnqvol+8Ati6OYdn4NbtNZnt22r07BOam7tl0 40sqVij8VfFXWAjdE7Nj2B7qZ+Y1wi5zhOPu5rXP2OvP2NWRxQwGbSBRD9/i+j/cdii2 hA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3awty5tmrq-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 07 Sep 2021 07:21:20 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 07:21:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 07:21:18 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id DBD843F7097; Tue, 7 Sep 2021 07:21:15 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Tue, 7 Sep 2021 19:50:59 +0530 Message-ID: <20210907142103.18807-3-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210907142103.18807-1-marchana@marvell.com> References: <20210907142103.18807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: KJlTbpCiZK9Zvv9MzOfi06LdWTOyn_j2 X-Proofpoint-ORIG-GUID: KJlTbpCiZK9Zvv9MzOfi06LdWTOyn_j2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_04,2021-09-07_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 2/6] common/cnxk: add cn9k IPsec microcode defines X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Microcode IE opcodes support IPsec operations. Add defines and structs defined by microcode. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/common/cnxk/roc_cpt.h | 1 + drivers/common/cnxk/roc_ie_on.h | 158 ++++++++++++++++++++++++++++++-- 2 files changed, 150 insertions(+), 9 deletions(-) diff --git a/drivers/common/cnxk/roc_cpt.h b/drivers/common/cnxk/roc_cpt.h index f0f505a8c2..9e63073a52 100644 --- a/drivers/common/cnxk/roc_cpt.h +++ b/drivers/common/cnxk/roc_cpt.h @@ -47,6 +47,7 @@ #define ROC_CPT_AES_GCM_MAC_LEN 16 #define ROC_CPT_AES_CBC_IV_LEN 16 #define ROC_CPT_SHA1_HMAC_LEN 12 +#define ROC_CPT_SHA2_HMAC_LEN 16 #define ROC_CPT_AUTH_KEY_LEN_MAX 64 #define ROC_CPT_DES3_KEY_LEN 24 diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h index 222c298a53..53591c6f02 100644 --- a/drivers/common/cnxk/roc_ie_on.h +++ b/drivers/common/cnxk/roc_ie_on.h @@ -5,18 +5,24 @@ #ifndef __ROC_IE_ON_H__ #define __ROC_IE_ON_H__ -/* CN9K IPSEC LA opcodes */ -#define ROC_IE_ONL_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20 -#define ROC_IE_ONL_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21 -#define ROC_IE_ONL_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23 -#define ROC_IE_ONL_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24 +/* CN9K IPsec LA */ -/* CN9K IPSEC FP opcodes */ -#define ROC_IE_ONF_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x25UL -#define ROC_IE_ONF_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x26UL +/* CN9K IPsec LA opcodes */ +#define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20 +#define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21 +#define ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23 +#define ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24 /* Ucode completion codes */ -#define ROC_IE_ONF_UCC_SUCCESS 0 +enum roc_ie_on_ucc_ipsec { + ROC_IE_ON_UCC_SUCCESS = 0, + ROC_IE_ON_AUTH_UNSUPPORTED = 0xB0, + ROC_IE_ON_ENCRYPT_UNSUPPORTED = 0xB1, +}; + +/* Helper macros */ +#define ROC_IE_ON_PER_PKT_IV BIT(11) +#define ROC_IE_ON_INB_RPTR_HDR 0x8 enum { ROC_IE_ON_SA_ENC_NULL = 0, @@ -50,6 +56,140 @@ enum { ROC_IE_ON_SA_ENCAP_UDP = 1, }; +struct roc_ie_on_outb_hdr { + uint32_t ip_id; + uint32_t seq; + uint8_t iv[16]; +}; + +union roc_ie_on_bit_perfect_iv { + uint8_t aes_iv[16]; + uint8_t des_iv[8]; + struct { + uint8_t nonce[4]; + uint8_t iv[8]; + uint8_t counter[4]; + } gcm; +}; + +struct roc_ie_on_traffic_selector { + uint16_t src_port[2]; + uint16_t dst_port[2]; + union { + struct { + uint32_t src_addr[2]; + uint32_t dst_addr[2]; + } ipv4; + struct { + uint8_t src_addr[32]; + uint8_t dst_addr[32]; + } ipv6; + }; +}; + +struct roc_ie_on_ip_template { + union { + struct { + uint8_t ipv4_hdr[20]; + uint16_t udp_src; + uint16_t udp_dst; + } ip4; + struct { + uint8_t ipv6_hdr[40]; + uint16_t udp_src; + uint16_t udp_dst; + } ip6; + }; +}; + +struct roc_ie_on_sa_ctl { + uint64_t spi : 32; + uint64_t exp_proto_inter_frag : 8; + uint64_t copy_df : 1; + uint64_t frag_type : 1; + uint64_t explicit_iv_en : 1; + uint64_t esn_en : 1; + uint64_t rsvd_45_44 : 2; + uint64_t encap_type : 2; + uint64_t enc_type : 3; + uint64_t rsvd_48 : 1; + uint64_t auth_type : 4; + uint64_t valid : 1; + uint64_t direction : 1; + uint64_t outer_ip_ver : 1; + uint64_t inner_ip_ver : 1; + uint64_t ipsec_mode : 1; + uint64_t ipsec_proto : 1; + uint64_t aes_key_len : 2; +}; + +struct roc_ie_on_common_sa { + /* w0 */ + struct roc_ie_on_sa_ctl ctl; + + /* w1-w4 */ + uint8_t cipher_key[32]; + + /* w5-w6 */ + union roc_ie_on_bit_perfect_iv iv; + + /* w7 */ + uint32_t esn_hi; + uint32_t esn_low; +}; + +struct roc_ie_on_outb_sa { + /* w0 - w7 */ + struct roc_ie_on_common_sa common_sa; + + /* w8-w55 */ + union { + struct { + struct roc_ie_on_ip_template template; + } aes_gcm; + struct { + uint8_t hmac_key[24]; + uint8_t unused[24]; + struct roc_ie_on_ip_template template; + } sha1; + struct { + uint8_t hmac_key[64]; + uint8_t hmac_iv[64]; + struct roc_ie_on_ip_template template; + } sha2; + }; +}; + +struct roc_ie_on_inb_sa { + /* w0 - w7 */ + struct roc_ie_on_common_sa common_sa; + + /* w8 */ + uint8_t udp_encap[8]; + + /* w9-w33 */ + union { + struct { + uint8_t hmac_key[48]; + struct roc_ie_on_traffic_selector selector; + } sha1_or_gcm; + struct { + uint8_t hmac_key[64]; + uint8_t hmac_iv[64]; + struct roc_ie_on_traffic_selector selector; + } sha2; + }; +}; + +/* CN9K IPsec FP */ + +/* CN9K IPsec FP opcodes */ +#define ROC_IE_ONF_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x25UL +#define ROC_IE_ONF_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x26UL + +/* Ucode completion codes */ +#define ROC_IE_ONF_UCC_SUCCESS 0 + struct roc_ie_onf_sa_ctl { uint32_t spi; uint64_t exp_proto_inter_frag : 8; From patchwork Tue Sep 7 14:21:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 98195 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 66002A0C40; Tue, 7 Sep 2021 16:21:31 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0B1AC4119A; Tue, 7 Sep 2021 16:21:27 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 937D1411AE for ; Tue, 7 Sep 2021 16:21:24 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1879Y6bP015883 for ; Tue, 7 Sep 2021 07:21:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=nw44dcU07ZG99TROeSwUPvBtw2MEDxRJmSx06WrroLA=; b=i58D+vUeI0vt9nWlyGOQrQIOJTpoM6reDfMLu84P1uFO1rsWAoEGbvai7WA1h6//r+ru WqHWSdoe2qMn8IbF5YwppNY0MqZ0jxYe1K2pIKo33NRrACXXBwbrBLsUU/owmPS845jt YmQ4UkB81ymhHDnt3z5IAlilvxXMv5reS52++m7SH4AHoONOiwiFFou2Vd9qljrR8muJ a8wn0be4QNxmyjFroY8Hmkqn0knBtxtTbb/tu5W82ToHaNmEkY3rf/vx+9E2JCX4UB7t 7wZbWhlOS5NabUu6bmO9W2Ge1fzSKvs4WlOYU4oUbxsjVzomf8R/7kC97RGfS/r8rw2y TA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3ax5jjgurv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 07 Sep 2021 07:21:23 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 07:21:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 07:21:21 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 71F5B3F7087; Tue, 7 Sep 2021 07:21:19 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Tue, 7 Sep 2021 19:51:00 +0530 Message-ID: <20210907142103.18807-4-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210907142103.18807-1-marchana@marvell.com> References: <20210907142103.18807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 8ycYlidL5en_aKnXOZEAj5_qNl9rtjMp X-Proofpoint-ORIG-GUID: 8ycYlidL5en_aKnXOZEAj5_qNl9rtjMp X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_04,2021-09-07_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 3/6] crypto/cnxk: add cn9k security session ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add security session ops. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_cryptodev.c | 2 + drivers/crypto/cnxk/cn9k_ipsec.c | 610 +++++++++++++++++++++++++++ drivers/crypto/cnxk/cn9k_ipsec.h | 46 ++ drivers/crypto/cnxk/meson.build | 1 + 4 files changed, 659 insertions(+) create mode 100644 drivers/crypto/cnxk/cn9k_ipsec.c create mode 100644 drivers/crypto/cnxk/cn9k_ipsec.h diff --git a/drivers/crypto/cnxk/cn9k_cryptodev.c b/drivers/crypto/cnxk/cn9k_cryptodev.c index db2e085161..e60b352fac 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev.c @@ -12,6 +12,7 @@ #include "cn9k_cryptodev.h" #include "cn9k_cryptodev_ops.h" +#include "cn9k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" #include "cnxk_cryptodev_sec.h" @@ -92,6 +93,7 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, cnxk_cpt_caps_populate(vf); cn9k_cpt_set_enqdeq_fns(dev); + cn9k_sec_ops_override(); return 0; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c new file mode 100644 index 0000000000..0b63cc408a --- /dev/null +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -0,0 +1,610 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include +#include +#include +#include + +#include "cnxk_cryptodev.h" +#include "cnxk_cryptodev_ops.h" +#include "cnxk_ipsec.h" +#include "cnxk_security.h" +#include "cn9k_ipsec.h" + +#include "roc_api.h" + +static inline int +cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp, + uint8_t opcode, size_t ctx_len) +{ + uint64_t lmtline = qp->lmtline.lmt_base; + uint64_t io_addr = qp->lmtline.io_addr; + uint64_t lmt_status, time_out; + struct cpt_cn9k_res_s *res; + struct cpt_inst_s inst; + uint64_t *mdata; + int ret = 0; + + if (unlikely(rte_mempool_get(qp->meta_info.pool, (void **)&mdata) < 0)) + return -ENOMEM; + + res = (struct cpt_cn9k_res_s *)RTE_PTR_ALIGN(mdata, 16); + res->compcode = CPT_COMP_NOT_DONE; + + inst.w4.s.opcode_major = opcode; + inst.w4.s.opcode_minor = ctx_len >> 3; + inst.w4.s.param1 = 0; + inst.w4.s.param2 = 0; + inst.w4.s.dlen = ctx_len; + inst.dptr = rte_mempool_virt2iova(sa); + inst.rptr = 0; + inst.w7.s.cptr = rte_mempool_virt2iova(sa); + inst.w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + + inst.w0.u64 = 0; + inst.w2.u64 = 0; + inst.w3.u64 = 0; + inst.res_addr = rte_mempool_virt2iova(res); + + rte_io_wmb(); + + do { + /* Copy CPT command to LMTLINE */ + roc_lmt_mov((void *)lmtline, &inst, 2); + lmt_status = roc_lmt_submit_ldeor(io_addr); + } while (lmt_status == 0); + + time_out = rte_get_timer_cycles() + + DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz(); + + while (res->compcode == CPT_COMP_NOT_DONE) { + if (rte_get_timer_cycles() > time_out) { + rte_mempool_put(qp->meta_info.pool, mdata); + plt_err("Request timed out"); + return -ETIMEDOUT; + } + rte_io_rmb(); + } + + if (unlikely(res->compcode != CPT_COMP_GOOD)) { + ret = res->compcode; + switch (ret) { + case CPT_COMP_INSTERR: + plt_err("Request failed with instruction error"); + break; + case CPT_COMP_FAULT: + plt_err("Request failed with DMA fault"); + break; + case CPT_COMP_HWERR: + plt_err("Request failed with hardware error"); + break; + default: + plt_err("Request failed with unknown hardware " + "completion code : 0x%x", + ret); + } + ret = -EINVAL; + goto mempool_put; + } + + if (unlikely(res->uc_compcode != ROC_IE_ON_UCC_SUCCESS)) { + ret = res->uc_compcode; + switch (ret) { + case ROC_IE_ON_AUTH_UNSUPPORTED: + plt_err("Invalid auth type"); + break; + case ROC_IE_ON_ENCRYPT_UNSUPPORTED: + plt_err("Invalid encrypt type"); + break; + default: + plt_err("Request failed with unknown microcode " + "completion code : 0x%x", + ret); + } + ret = -ENOTSUP; + } + +mempool_put: + rte_mempool_put(qp->meta_info.pool, mdata); + return ret; +} + +static inline int +ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct roc_ie_on_sa_ctl *ctl) +{ + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; + int aes_key_len; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ctl->direction = ROC_IE_SA_DIR_OUTBOUND; + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + ctl->direction = ROC_IE_SA_DIR_INBOUND; + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + } else { + return -EINVAL; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) + ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_4; + else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) + ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_6; + else + return -EINVAL; + } + + ctl->inner_ip_ver = ctl->outer_ip_ver; + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) + ctl->ipsec_mode = ROC_IE_SA_MODE_TRANSPORT; + else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) + ctl->ipsec_mode = ROC_IE_SA_MODE_TUNNEL; + else + return -EINVAL; + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) + ctl->ipsec_proto = ROC_IE_SA_PROTOCOL_AH; + else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) + ctl->ipsec_proto = ROC_IE_SA_PROTOCOL_ESP; + else + return -EINVAL; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + ctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM; + aes_key_len = crypto_xform->aead.key.length; + } else { + return -ENOTSUP; + } + } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC; + aes_key_len = cipher_xform->cipher.key.length; + } else { + return -ENOTSUP; + } + + switch (aes_key_len) { + case 16: + ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128; + break; + case 24: + ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_192; + break; + case 32: + ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_256; + break; + default: + return -EINVAL; + } + + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) { + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + ctl->auth_type = ROC_IE_ON_SA_AUTH_NULL; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_MD5; + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_224; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_256; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_384; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_GMAC; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_XCBC_128; + break; + default: + return -ENOTSUP; + } + } + + if (ipsec->options.esn) + ctl->esn_en = 1; + + if (ipsec->options.udp_encap == 1) + ctl->encap_type = ROC_IE_ON_SA_ENCAP_UDP; + + ctl->spi = rte_cpu_to_be_32(ipsec->spi); + + rte_io_wmb(); + + ctl->valid = 1; + + return 0; +} + +static inline int +fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct roc_ie_on_common_sa *common_sa) +{ + struct rte_crypto_sym_xform *cipher_xform; + const uint8_t *cipher_key; + int cipher_key_len = 0; + int ret; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + cipher_xform = crypto_xform->next; + else + cipher_xform = crypto_xform; + + ret = ipsec_sa_ctl_set(ipsec, crypto_xform, &common_sa->ctl); + if (ret) + return ret; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) + memcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 4); + cipher_key = crypto_xform->aead.key.data; + cipher_key_len = crypto_xform->aead.key.length; + } else { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + } + + if (cipher_key_len != 0) + memcpy(common_sa->cipher_key, cipher_key, cipher_key_len); + else + return -EINVAL; + + return 0; +} + +static int +cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; + struct roc_ie_on_ip_template *template = NULL; + struct cnxk_cpt_inst_tmpl *inst_tmpl; + struct roc_ie_on_outb_sa *out_sa; + struct cn9k_sec_session *sess; + struct roc_ie_on_sa_ctl *ctl; + struct cn9k_ipsec_sa *sa; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip4; + const uint8_t *auth_key; + union cpt_inst_w4 w4; + union cpt_inst_w7 w7; + int auth_key_len = 0; + size_t ctx_len; + int ret; + + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + out_sa = &sa->out_sa; + ctl = &out_sa->common_sa.ctl; + + memset(sa, 0, sizeof(struct cn9k_ipsec_sa)); + + /* Initialize lookaside IPsec private data */ + sa->dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; + /* Start ip id from 1 */ + sa->ip_id = 1; + sa->seq_lo = 1; + sa->seq_hi = 0; + + ret = fill_ipsec_common_sa(ipsec, crypto_xform, &out_sa->common_sa); + if (ret) + return ret; + + ret = cnxk_ipsec_outb_rlens_get(&sa->rlens, ipsec, crypto_xform); + if (ret) + return ret; + + if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) { + template = &out_sa->aes_gcm.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template); + } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) { + template = &out_sa->sha1.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, sha1.template); + } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA2_256) { + template = &out_sa->sha2.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, sha2.template); + } else { + return -EINVAL; + } + + ip4 = (struct rte_ipv4_hdr *)&template->ip4.ipv4_hdr; + if (ipsec->options.udp_encap) { + ip4->next_proto_id = IPPROTO_UDP; + template->ip4.udp_src = rte_be_to_cpu_16(4500); + template->ip4.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip4->next_proto_id = IPPROTO_ESP; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + ctx_len += sizeof(template->ip4); + + ip4->version_ihl = RTE_IPV4_VHL_DEF; + ip4->time_to_live = ipsec->tunnel.ipv4.ttl; + ip4->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2); + if (ipsec->tunnel.ipv4.df) + ip4->fragment_offset = BIT(14); + memcpy(&ip4->src_addr, &ipsec->tunnel.ipv4.src_ip, + sizeof(struct in_addr)); + memcpy(&ip4->dst_addr, &ipsec->tunnel.ipv4.dst_ip, + sizeof(struct in_addr)); + } else if (ipsec->tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV6) { + ctx_len += sizeof(template->ip6); + + ip6 = (struct rte_ipv6_hdr *)&template->ip6.ipv6_hdr; + if (ipsec->options.udp_encap) { + ip6->proto = IPPROTO_UDP; + template->ip6.udp_src = rte_be_to_cpu_16(4500); + template->ip6.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip6->proto = (ipsec->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? + IPPROTO_ESP : + IPPROTO_AH; + } + ip6->vtc_flow = + rte_cpu_to_be_32(0x60000000 | + ((ipsec->tunnel.ipv6.dscp + << RTE_IPV6_HDR_TC_SHIFT) & + RTE_IPV6_HDR_TC_MASK) | + ((ipsec->tunnel.ipv6.flabel + << RTE_IPV6_HDR_FL_SHIFT) & + RTE_IPV6_HDR_FL_MASK)); + ip6->hop_limits = ipsec->tunnel.ipv6.hlimit; + memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr, + sizeof(struct in6_addr)); + memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr, + sizeof(struct in6_addr)); + } + } else + ctx_len += sizeof(template->ip4); + + ctx_len += RTE_ALIGN_CEIL(ctx_len, 8); + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->cipher_iv_off = crypto_xform->aead.iv.offset; + sa->cipher_iv_len = crypto_xform->aead.iv.length; + } else { + sa->cipher_iv_off = crypto_xform->cipher.iv.offset; + sa->cipher_iv_len = crypto_xform->cipher.iv.length; + + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + memcpy(out_sa->sha1.hmac_key, auth_key, auth_key_len); + else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + memcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len); + } + + inst_tmpl = &sa->inst; + + w4.u64 = 0; + w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC; + w4.s.opcode_minor = ctx_len >> 3; + w4.s.param1 = ROC_IE_ON_PER_PKT_IV; + inst_tmpl->w4 = w4.u64; + + w7.u64 = 0; + w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + w7.s.cptr = rte_mempool_virt2iova(out_sa); + inst_tmpl->w7 = w7.u64; + + return cn9k_cpt_enq_sa_write( + sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len); +} + +static int +cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + struct rte_crypto_sym_xform *auth_xform = crypto_xform; + struct cnxk_cpt_inst_tmpl *inst_tmpl; + struct roc_ie_on_inb_sa *in_sa; + struct cn9k_sec_session *sess; + struct cn9k_ipsec_sa *sa; + const uint8_t *auth_key; + union cpt_inst_w4 w4; + union cpt_inst_w7 w7; + int auth_key_len = 0; + size_t ctx_len = 0; + int ret; + + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + in_sa = &sa->in_sa; + + memset(sa, 0, sizeof(struct cn9k_ipsec_sa)); + + sa->dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + + ret = fill_ipsec_common_sa(ipsec, crypto_xform, &in_sa->common_sa); + if (ret) + return ret; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + ctx_len = offsetof(struct roc_ie_on_inb_sa, + sha1_or_gcm.hmac_key[0]); + } else { + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + memcpy(in_sa->sha1_or_gcm.hmac_key, auth_key, + auth_key_len); + ctx_len = offsetof(struct roc_ie_on_inb_sa, + sha1_or_gcm.selector); + } else if (auth_xform->auth.algo == + RTE_CRYPTO_AUTH_SHA256_HMAC) { + memcpy(in_sa->sha2.hmac_key, auth_key, auth_key_len); + ctx_len = offsetof(struct roc_ie_on_inb_sa, + sha2.selector); + } + } + + inst_tmpl = &sa->inst; + + w4.u64 = 0; + w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC; + w4.s.opcode_minor = ctx_len >> 3; + inst_tmpl->w4 = w4.u64; + + w7.u64 = 0; + w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + w7.s.cptr = rte_mempool_virt2iova(in_sa); + inst_tmpl->w7 = w7.u64; + + return cn9k_cpt_enq_sa_write( + sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len); +} + +static inline int +cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec) +{ + RTE_SET_USED(ipsec); + + return 0; +} + +static int +cn9k_ipsec_session_create(void *dev, + struct rte_security_ipsec_xform *ipsec_xform, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sess) +{ + struct rte_cryptodev *crypto_dev = dev; + struct cnxk_cpt_qp *qp; + int ret; + + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) { + plt_err("CPT queue pairs need to be setup for creating security" + " session"); + return -EPERM; + } + + ret = cnxk_ipsec_xform_verify(ipsec_xform, crypto_xform); + if (ret) + return ret; + + ret = cn9k_ipsec_xform_verify(ipsec_xform); + if (ret) + return ret; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return cn9k_ipsec_inb_sa_create(qp, ipsec_xform, crypto_xform, + sess); + else + return cn9k_ipsec_outb_sa_create(qp, ipsec_xform, crypto_xform, + sess); +} + +static int +cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + struct cn9k_sec_session *priv; + int ret; + + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) + return -EINVAL; + + if (rte_mempool_get(mempool, (void **)&priv)) { + plt_err("Could not allocate security session private data"); + return -ENOMEM; + } + + memset(priv, 0, sizeof(*priv)); + + set_sec_session_private_data(sess, priv); + + if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { + ret = -ENOTSUP; + goto mempool_put; + } + + ret = cn9k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, sess); + if (ret) + goto mempool_put; + + return 0; + +mempool_put: + rte_mempool_put(mempool, priv); + set_sec_session_private_data(sess, NULL); + return ret; +} + +static int +cn9k_sec_session_destroy(void *device __rte_unused, + struct rte_security_session *sess) +{ + struct roc_ie_on_outb_sa *out_sa; + struct cn9k_sec_session *priv; + struct rte_mempool *sess_mp; + struct roc_ie_on_sa_ctl *ctl; + struct cn9k_ipsec_sa *sa; + + priv = get_sec_session_private_data(sess); + if (priv == NULL) + return 0; + + sa = &priv->sa; + out_sa = &sa->out_sa; + + ctl = &out_sa->common_sa.ctl; + ctl->valid = 0; + + rte_io_wmb(); + + sess_mp = rte_mempool_from_obj(priv); + + memset(priv, 0, sizeof(*priv)); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, priv); + + return 0; +} + +static unsigned int +cn9k_sec_session_get_size(void *device __rte_unused) +{ + return sizeof(struct cn9k_sec_session); +} + +/* Update platform specific security ops */ +void +cn9k_sec_ops_override(void) +{ + /* Update platform specific ops */ + cnxk_sec_ops.session_create = cn9k_sec_session_create; + cnxk_sec_ops.session_destroy = cn9k_sec_session_destroy; + cnxk_sec_ops.session_get_size = cn9k_sec_session_get_size; +} diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h new file mode 100644 index 0000000000..13d522ec6f --- /dev/null +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -0,0 +1,46 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN9K_IPSEC_H__ +#define __CN9K_IPSEC_H__ + +#include "cnxk_ipsec.h" +#include "cnxk_security.h" + +struct cn9k_ipsec_sa { + union { + /** Inbound SA */ + struct roc_ie_on_inb_sa in_sa; + /** Outbound SA */ + struct roc_ie_on_outb_sa out_sa; + }; + /** IPsec SA direction */ + enum rte_security_ipsec_sa_direction dir; + /** Pre-populated CPT inst words */ + struct cnxk_cpt_inst_tmpl inst; + /** Cipher IV offset in bytes */ + uint16_t cipher_iv_off; + /** Cipher IV length in bytes */ + uint8_t cipher_iv_len; + /** Response length calculation data */ + struct cnxk_ipsec_outb_rlens rlens; + /** Outbound IP-ID */ + uint16_t ip_id; + /** ESN */ + union { + uint64_t esn; + struct { + uint32_t seq_lo; + uint32_t seq_hi; + }; + }; +}; + +struct cn9k_sec_session { + struct cn9k_ipsec_sa sa; +} __rte_cache_aligned; + +void cn9k_sec_ops_override(void); + +#endif /* __CN9K_IPSEC_H__ */ diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index e076783629..e40d132f80 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -11,6 +11,7 @@ endif sources = files( 'cn9k_cryptodev.c', 'cn9k_cryptodev_ops.c', + 'cn9k_ipsec.c', 'cn10k_cryptodev.c', 'cn10k_cryptodev_ops.c', 'cn10k_ipsec.c', From patchwork Tue Sep 7 14:21:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 98196 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C10EDA0C40; Tue, 7 Sep 2021 16:21:39 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9A92D411B8; Tue, 7 Sep 2021 16:21:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id C60EC411B0 for ; Tue, 7 Sep 2021 16:21:27 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 187CEH2t020314 for ; Tue, 7 Sep 2021 07:21:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=GCROpATEU3YCxjquoBFH31KH09yRyzp5CMOvefBxqHM=; b=J8FFx2hvlQhGwTdpagiWWvbie7gXfxcSOMv8ELajmrQlcyxbKsSoN2dlsxI0q0bDkNRS SzikgwA07HQ2mpDPK3+kZXIjaSEL4QSVb4H0I2U/RGukMbvPDrz6kMfs5zjgjSHyNXBC xL3Cv7l0dACiQbX9c5JiqFRTjnaZcU9jyo5OmcIXodQlxtZGABuBS8sJt4IIT4jVwYYs NpoAJDwJa1Ecmw4bh/Lla6b5LCqCmCQklgfvwEXYbxj6fsKnpsOFWaTapj1AvxmzB8YJ UOIY6yqjUJGkA9yk+SYGScmiEMauoUuzlViu5k6+v67M5WhYxu1ANNhhPuMbaepogZL8 Ow== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3awty5tmse-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 07 Sep 2021 07:21:27 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 07:21:24 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 07:21:24 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 87F453F708F; Tue, 7 Sep 2021 07:21:22 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Tue, 7 Sep 2021 19:51:01 +0530 Message-ID: <20210907142103.18807-5-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210907142103.18807-1-marchana@marvell.com> References: <20210907142103.18807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 8cR3isb2cbE48fS92UpxmfBKr3s07Oxw X-Proofpoint-ORIG-GUID: 8cR3isb2cbE48fS92UpxmfBKr3s07Oxw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_04,2021-09-07_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 4/6] crypto/cnxk: add cn9k lookaside IPsec datapath X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adds support for cn9k lookaside enqueue and dequeue operations. Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 78 +++++++++++++++++++- drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 90 ++++++++++++++++++++++++ 2 files changed, 166 insertions(+), 2 deletions(-) create mode 100644 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index 8ade1977e1..40109acc3f 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -5,10 +5,13 @@ #include #include #include +#include #include #include "cn9k_cryptodev.h" #include "cn9k_cryptodev_ops.h" +#include "cn9k_ipsec.h" +#include "cn9k_ipsec_la_ops.h" #include "cnxk_ae.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" @@ -34,6 +37,36 @@ cn9k_cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, return ret; } +static __rte_always_inline int __rte_hot +cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, + struct cpt_inflight_req *infl_req, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + struct cn9k_sec_session *priv; + struct cn9k_ipsec_sa *sa; + + if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { + plt_dp_err("Out of place is not supported"); + return -ENOTSUP; + } + + if (unlikely(!rte_pktmbuf_is_contiguous(sym_op->m_src))) { + plt_dp_err("Scatter Gather mode is not supported"); + return -ENOTSUP; + } + + priv = get_sec_session_private_data(op->sym->sec_session); + sa = &priv->sa; + + if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + return process_outb_sa(op, sa, inst); + + infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND; + + return process_inb_sa(op, sa, inst); +} + static inline struct cnxk_se_sess * cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) { @@ -80,7 +113,10 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, sym_op->session, cn9k_cryptodev_driver_id); ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req, inst); - } else { + inst->w7.u64 = sess->cpt_inst_w7; + } else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) + ret = cn9k_cpt_sec_inst_fill(op, infl_req, inst); + else { sess = cn9k_cpt_sym_temp_sess_create(qp, op); if (unlikely(sess == NULL)) { plt_dp_err("Could not create temp session"); @@ -94,8 +130,8 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, op->sym->session); rte_mempool_put(qp->sess_mp, op->sym->session); } + inst->w7.u64 = sess->cpt_inst_w7; } - inst->w7.u64 = sess->cpt_inst_w7; } else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { struct rte_crypto_asym_op *asym_op; struct cnxk_ae_sess *sess; @@ -348,6 +384,39 @@ cn9k_cpt_crypto_adapter_enqueue(uintptr_t tag_op, struct rte_crypto_op *op) return 1; } +static inline void +cn9k_cpt_sec_post_process(struct rte_crypto_op *cop, + struct cpt_inflight_req *infl_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip; + uint16_t m_len = 0; + char *data; + + if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) { + data = rte_pktmbuf_mtod(m, char *); + + ip = (struct rte_ipv4_hdr *)(data + ROC_IE_ON_INB_RPTR_HDR); + + if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == + IPVERSION) { + m_len = rte_be_to_cpu_16(ip->total_length); + } else { + PLT_ASSERT(((ip->version_ihl & 0xf0) >> + RTE_IPV4_IHL_MULTIPLIER) == 6); + ip6 = (struct rte_ipv6_hdr *)ip; + m_len = rte_be_to_cpu_16(ip6->payload_len) + + sizeof(struct rte_ipv6_hdr); + } + + m->data_len = m_len; + m->pkt_len = m_len; + m->data_off += ROC_IE_ON_INB_RPTR_HDR; + } +} + static inline void cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, struct cpt_inflight_req *infl_req) @@ -370,6 +439,11 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + cn9k_cpt_sec_post_process(cop, infl_req); + return; + } + /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_AUTH_VERIFY)) { diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h new file mode 100644 index 0000000000..b7a88e1b35 --- /dev/null +++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN9K_IPSEC_LA_OPS_H__ +#define __CN9K_IPSEC_LA_OPS_H__ + +#include +#include + +#include "cn9k_ipsec.h" + +static __rte_always_inline int32_t +ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = RTE_ALIGN_CEIL(plen + sa->rlens.roundup_len, + sa->rlens.roundup_byte); + + return sa->rlens.partial_len + enc_payload_len; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr); + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen, rlen, extend_tail; + struct roc_ie_on_outb_sa *out_sa; + struct roc_ie_on_outb_hdr *hdr; + + out_sa = &sa->out_sa; + + dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len; + rlen = ipsec_po_out_rlen_get(sa, dlen - hdr_len); + + extend_tail = rlen - dlen; + if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) { + plt_dp_err("Not enough tail room"); + return -ENOMEM; + } + + m_src->data_len += extend_tail; + m_src->pkt_len += extend_tail; + + hdr = (struct roc_ie_on_outb_hdr *)rte_pktmbuf_prepend(m_src, hdr_len); + if (unlikely(hdr == NULL)) { + plt_dp_err("Not enough head room"); + return -ENOMEM; + } + + memcpy(&hdr->iv[0], + rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off), + sa->cipher_iv_len); + hdr->seq = rte_cpu_to_be_32(sa->seq_lo); + hdr->ip_id = rte_cpu_to_be_32(sa->ip_id); + + out_sa->common_sa.esn_hi = sa->seq_hi; + + sa->ip_id++; + sa->esn++; + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4 | dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + inst->w7.u64 = sa->inst.w7; + + return 0; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src); + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + inst->w7.u64 = sa->inst.w7; + + return 0; +} +#endif /* __CN9K_IPSEC_LA_OPS_H__ */ From patchwork Tue Sep 7 14:21:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 98197 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AB10FA0C40; Tue, 7 Sep 2021 16:21:46 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C337B411BA; Tue, 7 Sep 2021 16:21:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 3BA19411BA for ; Tue, 7 Sep 2021 16:21:30 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1879YACP015949 for ; Tue, 7 Sep 2021 07:21:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=NzafTWgiJCCn9Ui7/pCgyxce8RdEqfUnl/fixgdnj1w=; b=aUmTvP0WmUqy1tXGVNnTDyJzDWGOvcg+NxshDHuTH0lG6uObSJS6i6dOVfE90mbwDBDe YfmZ5BuIiB4y+KoRq0uAlo8iMJMQrS8Ns6+VckANOUYQebN9KB/UygJklnMgxca4m4gs fbA/byJ82ez55E+H5cQWPCnxr0kv2RBOv4DG4goQAz/a0qYDtKcgohhYiuF6CFU0JrcF G67uq29qvvRlDYGGP88uof0Jv1AF/Aewqc+eF+d2loM9P1DDgnw0OXy5pbOIxx7I2MM8 PAMOCaO98Aj5bxdbyN7fz3pUyBztDHoOz1Pk8S22WuoAJDz9Pj6bdmb76dPfmgTIQwXD bQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3ax5jjgusb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 07 Sep 2021 07:21:29 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 07:21:27 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 07:21:27 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 97D4A3F7087; Tue, 7 Sep 2021 07:21:25 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , Date: Tue, 7 Sep 2021 19:51:02 +0530 Message-ID: <20210907142103.18807-6-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210907142103.18807-1-marchana@marvell.com> References: <20210907142103.18807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: mvn5VsZW6VKr4HspbhGZf8RXvYMPi-TC X-Proofpoint-ORIG-GUID: mvn5VsZW6VKr4HspbhGZf8RXvYMPi-TC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_04,2021-09-07_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 5/6] crypto/cnxk: update tailroom requirement X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update min tailroom to reflect IPsec additions. PMD crypto_cn9k & crypto_cn10k would have packet grow into tailroom post IPsec processing. Signed-off-by: Archana Muniganti --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 2 +- drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 440dbc3adb..957c78063f 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -155,7 +155,7 @@ cnxk_cpt_dev_info_get(struct rte_cryptodev *dev, info->capabilities = cnxk_crypto_capabilities_get(vf); info->sym.max_nb_sessions = 0; info->min_mbuf_headroom_req = CNXK_CPT_MIN_HEADROOM_REQ; - info->min_mbuf_tailroom_req = 0; + info->min_mbuf_tailroom_req = CNXK_CPT_MIN_TAILROOM_REQ; } static void diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h index 0d02d44799..c5332dec53 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h @@ -11,6 +11,7 @@ #include "roc_api.h" #define CNXK_CPT_MIN_HEADROOM_REQ 24 +#define CNXK_CPT_MIN_TAILROOM_REQ 102 /* Default command timeout in seconds */ #define DEFAULT_COMMAND_TIMEOUT 4 From patchwork Tue Sep 7 14:21:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 98198 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id BDC7AA0C40; Tue, 7 Sep 2021 16:21:51 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F14D6411AE; Tue, 7 Sep 2021 16:21:34 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id B74E0411A3 for ; Tue, 7 Sep 2021 16:21:33 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 187CEH2u020314 for ; Tue, 7 Sep 2021 07:21:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Y+NrzRx7BFvyi9ifwLO2hXBIcp9zi+AnFtSQBgvjIVI=; b=E+/4fDr2kXL764/0xYJHixlQNPfEneHfzrVboIGwM+e2LwA14bB6EXSOk/LVGUyeO2T4 nBFBNCT7eVxpSGlwnOYKqnB7WwDvoa8+uY/vxPlbeEvjOHr3/VnXXXw4CC+Hjt5wpGxl JJ/wDI/DdHU1iyE5MDULJHdjq1kNMzO1yYmnpvMvdUjt7nchdV6o+T9wUu2esJc+zomK h8mbnOeXNCzJrXs2Mg+J6h50w5SUZrmRh/2BlX1sAqd+01U05rJkDrNM2QaHS4r2DQDz 1HDc5YnfkD8rG5KeQMQQmHigCsGQvgS0mzGfP2HL07C+SfpFXuoAT36gp+L4LWoVbnPm +A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3awty5tmsr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 07 Sep 2021 07:21:33 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 07:21:31 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 07:21:31 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 7A4F13F708F; Tue, 7 Sep 2021 07:21:28 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Tue, 7 Sep 2021 19:51:03 +0530 Message-ID: <20210907142103.18807-7-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210907142103.18807-1-marchana@marvell.com> References: <20210907142103.18807-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: v3hQXH1sCE0TWWd_vpVUKIuPSsw1Ib-A X-Proofpoint-ORIG-GUID: v3hQXH1sCE0TWWd_vpVUKIuPSsw1Ib-A X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_04,2021-09-07_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 6/6] crypto/cnxk: update feature flag for cn9k lookaside IPsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update device feature flag to support lookaside IPsec for cn9k. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- doc/guides/cryptodevs/cnxk.rst | 14 ++++++++++++-- doc/guides/cryptodevs/features/cn9k.ini | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/crypto/cnxk/cnxk_cryptodev.c | 6 ++---- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 1eb72282db..752316fd37 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -222,10 +222,20 @@ This feature can be tested with ipsec-secgw sample application. Supported OCTEON cnxk SoCs ~~~~~~~~~~~~~~~~~~~~~~~~~~ +- CN9XX - CN10XX -Features supported -~~~~~~~~~~~~~~~~~~ +CN9XX Features supported +~~~~~~~~~~~~~~~~~~~~~~~~ + +* IPv4 +* ESP +* Tunnel mode +* UDP Encapsulation +* AES-128/192/256-GCM + +CN10XX Features supported +~~~~~~~~~~~~~~~~~~~~~~~~~ * IPv4 * ESP diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini index d69dbe8512..dd935d439d 100644 --- a/doc/guides/cryptodevs/features/cn9k.ini +++ b/doc/guides/cryptodevs/features/cn9k.ini @@ -8,6 +8,7 @@ Symmetric crypto = Y Asymmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y +Protocol offload = Y In Place SGL = Y OOP SGL In LB Out = Y OOP SGL In SGL Out = Y diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index b55900936d..411fa9530a 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -67,6 +67,7 @@ New Features * Added AES-CBC SHA1-HMAC support in lookaside protocol (IPsec) for CN10K. * Added Transport mode support in lookaside protocol (IPsec) for CN10K. * Added UDP encapsulation support in lookaside protocol (IPsec) for CN10K. + * Added support for lookaside protocol (IPsec) offload for CN9K. * **Added support for event crypto adapter on Marvell CN10K and CN9K.** diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c index 9c7dc6297a..5c7801ec48 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev.c @@ -21,10 +21,8 @@ cnxk_cpt_default_ff_get(void) RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; - - if (roc_model_is_cn10k()) - ff |= RTE_CRYPTODEV_FF_SECURITY; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_SECURITY; return ff; }