diff mbox series

[02/15] common/cnxk: add MACsec SA configuration

Message ID	20230523200401.1945974-3-gakhil@marvell.com (mailing list archive)
State	Changes Requested, archived
Delegated to:	Jerin Jacob
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>, <david.marchand@redhat.com>, <vattunuru@marvell.com>, <ferruh.yigit@amd.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>, <ndabilpuram@marvell.com>, Akhil Goyal <gakhil@marvell.com> Subject: [PATCH 02/15] common/cnxk: add MACsec SA configuration Date: Wed, 24 May 2023 01:33:48 +0530 Message-ID: <20230523200401.1945974-3-gakhil@marvell.com> In-Reply-To: <20230523200401.1945974-1-gakhil@marvell.com> References: <20220928124516.93050-1-gakhil@marvell.com> <20230523200401.1945974-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	net/cnxk: add MACsec support \| [00/15] net/cnxk: add MACsec support [01/15] common/cnxk: add ROC MACsec initialization [02/15] common/cnxk: add MACsec SA configuration [03/15] common/cnxk: add MACsec SC configuration APIs [04/15] common/cnxk: add MACsec secy and flow configuration [05/15] common/cnxk: add MACsec PN and LMAC mode configuration [06/15] common/cnxk: add MACsec stats [07/15] common/cnxk: add MACsec interrupt APIs [08/15] common/cnxk: add MACsec port configuration [09/15] common/cnxk: add MACsec control port configuration [10/15] common/cnxk: add MACsec FIPS mbox [11/15] common/cnxk: derive hash key for MACsec [12/15] net/cnxk: add MACsec initialization [13/15] net/cnxk: create/destroy MACsec SC/SA [14/15] net/cnxk: add MACsec session and flow configuration [15/15] net/cnxk: add MACsec stats

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues

Commit Message

Akhil Goyal May 23, 2023, 8:03 p.m. UTC

  Added ROC APIs to allocate/free MACsec resources
and APIs to write SA policy.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/common/cnxk/meson.build       |   1 +
 drivers/common/cnxk/roc_mbox.h        |  12 ++
 drivers/common/cnxk/roc_mcs.h         |  43 ++++++
 drivers/common/cnxk/roc_mcs_sec_cfg.c | 211 ++++++++++++++++++++++++++
 drivers/common/cnxk/version.map       |   4 +
 5 files changed, 271 insertions(+)
 create mode 100644 drivers/common/cnxk/roc_mcs_sec_cfg.c

Comments

Jerin Jacob May 26, 2023, 10:16 a.m. UTC | #1

On Wed, May 24, 2023 at 1:34 AM Akhil Goyal <gakhil@marvell.com> wrote:
>
> Added ROC APIs to allocate/free MACsec resources
> and APIs to write SA policy.
>
> Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---

> index 7593c7c890..9266edd9a1 100644
> --- a/drivers/common/cnxk/version.map
> +++ b/drivers/common/cnxk/version.map
> @@ -133,10 +133,14 @@ INTERNAL {
>         roc_se_auth_key_set;
>         roc_se_ciph_key_set;
>         roc_se_ctx_init;
> +       roc_mcs_alloc_rsrc;

Please change to roc_mcs_rsrc_alloc
i.e keeping action as last


>         roc_mcs_dev_init;
>         roc_mcs_dev_fini;
>         roc_mcs_dev_get;
> +       roc_mcs_free_rsrc;

Same as above.

>         roc_mcs_hw_info_get;
> +       roc_mcs_sa_policy_read;
> +       roc_mcs_sa_policy_write;
>         roc_nix_bpf_alloc;
>         roc_nix_bpf_config;
>         roc_nix_bpf_connect;
> --
> 2.25.1
>

diff mbox series

Patch

diff --git a/drivers/common/cnxk/meson.build b/drivers/common/cnxk/meson.build
index e33c002676..589baf74fe 100644
--- a/drivers/common/cnxk/meson.build
+++ b/drivers/common/cnxk/meson.build
@@ -27,6 +27,7 @@  sources = files(
         'roc_ie_ot.c',
         'roc_mbox.c',
         'roc_mcs.c',
+        'roc_mcs_sec_cfg.c',
         'roc_ml.c',
         'roc_model.c',
         'roc_nix.c',
diff --git a/drivers/common/cnxk/roc_mbox.h b/drivers/common/cnxk/roc_mbox.h
index 2ba35377da..66a6de2cd2 100644
--- a/drivers/common/cnxk/roc_mbox.h
+++ b/drivers/common/cnxk/roc_mbox.h
@@ -280,6 +280,7 @@  struct mbox_msghdr {
 	M(MCS_ALLOC_RESOURCES, 0xa000, mcs_alloc_resources, mcs_alloc_rsrc_req,                    \
 	  mcs_alloc_rsrc_rsp)                                                                      \
 	M(MCS_FREE_RESOURCES, 0xa001, mcs_free_resources, mcs_free_rsrc_req, msg_rsp)              \
+	M(MCS_SA_PLCY_WRITE, 0xa005, mcs_sa_plcy_write, mcs_sa_plcy_write_req, msg_rsp)            \
 	M(MCS_GET_HW_INFO, 0xa00b, mcs_get_hw_info, msg_req, mcs_hw_info)                          \
 
 /* Messages initiated by AF (range 0xC00 - 0xDFF) */
@@ -705,6 +706,17 @@  struct mcs_free_rsrc_req {
 	uint64_t __io rsvd;
 };
 
+struct mcs_sa_plcy_write_req {
+	struct mbox_msghdr hdr;
+	uint64_t __io plcy[2][9]; /* Support 2 SA policy */
+	uint8_t __io sa_index[2];
+	uint8_t __io sa_cnt;
+	uint8_t __io mcs_id;
+	uint8_t __io dir;
+	uint64_t __io rsvd;
+};
+
+
 struct mcs_hw_info {
 	struct mbox_msghdr hdr;
 	uint8_t __io num_mcs_blks; /* Number of MCS blocks */
diff --git a/drivers/common/cnxk/roc_mcs.h b/drivers/common/cnxk/roc_mcs.h
index 504671a833..a345d2a880 100644
--- a/drivers/common/cnxk/roc_mcs.h
+++ b/drivers/common/cnxk/roc_mcs.h
@@ -7,6 +7,39 @@ 
 
 #define MCS_AES_GCM_256_KEYLEN 32
 
+struct roc_mcs_alloc_rsrc_req {
+	uint8_t rsrc_type;
+	uint8_t rsrc_cnt; /* Resources count */
+	uint8_t dir;	  /* Macsec ingress or egress side */
+	uint8_t all;	  /* Allocate all resource type one each */
+};
+
+struct roc_mcs_alloc_rsrc_rsp {
+	uint8_t flow_ids[128]; /* Index of reserved entries */
+	uint8_t secy_ids[128];
+	uint8_t sc_ids[128];
+	uint8_t sa_ids[256];
+	uint8_t rsrc_type;
+	uint8_t rsrc_cnt; /* No of entries reserved */
+	uint8_t dir;
+	uint8_t all;
+};
+
+struct roc_mcs_free_rsrc_req {
+	uint8_t rsrc_id; /* Index of the entry to be freed */
+	uint8_t rsrc_type;
+	uint8_t dir;
+	uint8_t all; /* Free all the cam resources */
+};
+
+
+struct roc_mcs_sa_plcy_write_req {
+	uint64_t plcy[2][9];
+	uint8_t sa_index[2];
+	uint8_t sa_cnt;
+	uint8_t dir;
+};
+
 struct roc_mcs_hw_info {
 	uint8_t num_mcs_blks; /* Number of MCS blocks */
 	uint8_t tcam_entries; /* RX/TX Tcam entries per mcs block */
@@ -36,4 +69,14 @@  __roc_api void roc_mcs_dev_fini(struct roc_mcs *mcs);
 __roc_api struct roc_mcs *roc_mcs_dev_get(uint8_t mcs_idx);
 /* HW info get */
 __roc_api int roc_mcs_hw_info_get(struct roc_mcs_hw_info *hw_info);
+
+/* Resource allocation and free */
+__roc_api int roc_mcs_alloc_rsrc(struct roc_mcs *mcs, struct roc_mcs_alloc_rsrc_req *req,
+				 struct roc_mcs_alloc_rsrc_rsp *rsp);
+__roc_api int roc_mcs_free_rsrc(struct roc_mcs *mcs, struct roc_mcs_free_rsrc_req *req);
+/* SA policy read and write */
+__roc_api int roc_mcs_sa_policy_write(struct roc_mcs *mcs,
+				      struct roc_mcs_sa_plcy_write_req *sa_plcy);
+__roc_api int roc_mcs_sa_policy_read(struct roc_mcs *mcs,
+				     struct roc_mcs_sa_plcy_write_req *sa_plcy);
 #endif /* _ROC_MCS_H_ */
diff --git a/drivers/common/cnxk/roc_mcs_sec_cfg.c b/drivers/common/cnxk/roc_mcs_sec_cfg.c
new file mode 100644
index 0000000000..50f2352c20
--- /dev/null
+++ b/drivers/common/cnxk/roc_mcs_sec_cfg.c
@@ -0,0 +1,211 @@ 
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#include "roc_api.h"
+#include "roc_priv.h"
+
+int
+roc_mcs_alloc_rsrc(struct roc_mcs *mcs, struct roc_mcs_alloc_rsrc_req *req,
+		   struct roc_mcs_alloc_rsrc_rsp *rsp)
+{
+	struct mcs_priv *priv = roc_mcs_to_mcs_priv(mcs);
+	struct mcs_alloc_rsrc_req *rsrc_req;
+	struct mcs_alloc_rsrc_rsp *rsrc_rsp;
+	int rc, i;
+
+	MCS_SUPPORT_CHECK;
+
+	if (req == NULL || rsp == NULL)
+		return -EINVAL;
+
+	rsrc_req = mbox_alloc_msg_mcs_alloc_resources(mcs->mbox);
+	if (rsrc_req == NULL)
+		return -ENOMEM;
+
+	rsrc_req->rsrc_type = req->rsrc_type;
+	rsrc_req->rsrc_cnt = req->rsrc_cnt;
+	rsrc_req->mcs_id = mcs->idx;
+	rsrc_req->dir = req->dir;
+	rsrc_req->all = req->all;
+
+	rc = mbox_process_msg(mcs->mbox, (void *)&rsrc_rsp);
+	if (rc)
+		return rc;
+
+	if (rsrc_rsp->all) {
+		rsrc_rsp->rsrc_cnt = 1;
+		rsrc_rsp->rsrc_type = 0xFF;
+	}
+
+	for (i = 0; i < rsrc_rsp->rsrc_cnt; i++) {
+		switch (rsrc_rsp->rsrc_type) {
+		case MCS_RSRC_TYPE_FLOWID:
+			rsp->flow_ids[i] = rsrc_rsp->flow_ids[i];
+			plt_bitmap_set(priv->dev_rsrc.tcam_bmap,
+				       rsp->flow_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->tcam_entries : 0));
+			break;
+		case MCS_RSRC_TYPE_SECY:
+			rsp->secy_ids[i] = rsrc_rsp->secy_ids[i];
+			plt_bitmap_set(priv->dev_rsrc.secy_bmap,
+				       rsp->secy_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->secy_entries : 0));
+			break;
+		case MCS_RSRC_TYPE_SC:
+			rsp->sc_ids[i] = rsrc_rsp->sc_ids[i];
+			plt_bitmap_set(priv->dev_rsrc.sc_bmap,
+				       rsp->sc_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->sc_entries : 0));
+			break;
+		case MCS_RSRC_TYPE_SA:
+			rsp->sa_ids[i] = rsrc_rsp->sa_ids[i];
+			plt_bitmap_set(priv->dev_rsrc.sa_bmap,
+				       rsp->sa_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->sa_entries : 0));
+			break;
+		default:
+			rsp->flow_ids[i] = rsrc_rsp->flow_ids[i];
+			rsp->secy_ids[i] = rsrc_rsp->secy_ids[i];
+			rsp->sc_ids[i] = rsrc_rsp->sc_ids[i];
+			rsp->sa_ids[i] = rsrc_rsp->sa_ids[i];
+			plt_bitmap_set(priv->dev_rsrc.tcam_bmap,
+				       rsp->flow_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->tcam_entries : 0));
+			plt_bitmap_set(priv->dev_rsrc.secy_bmap,
+				       rsp->secy_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->secy_entries : 0));
+			plt_bitmap_set(priv->dev_rsrc.sc_bmap,
+				       rsp->sc_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->sc_entries : 0));
+			plt_bitmap_set(priv->dev_rsrc.sa_bmap,
+				       rsp->sa_ids[i] +
+					       ((req->dir == MCS_TX) ? priv->sa_entries : 0));
+			break;
+		}
+	}
+	rsp->rsrc_type = rsrc_rsp->rsrc_type;
+	rsp->rsrc_cnt = rsrc_rsp->rsrc_cnt;
+	rsp->dir = rsrc_rsp->dir;
+	rsp->all = rsrc_rsp->all;
+
+	return 0;
+}
+
+int
+roc_mcs_free_rsrc(struct roc_mcs *mcs, struct roc_mcs_free_rsrc_req *free_req)
+{
+	struct mcs_priv *priv = roc_mcs_to_mcs_priv(mcs);
+	struct mcs_free_rsrc_req *req;
+	struct msg_rsp *rsp;
+	uint32_t pos;
+	int rc;
+
+	MCS_SUPPORT_CHECK;
+
+	if (free_req == NULL)
+		return -EINVAL;
+
+	req = mbox_alloc_msg_mcs_free_resources(mcs->mbox);
+	if (req == NULL)
+		return -ENOMEM;
+
+	req->rsrc_id = free_req->rsrc_id;
+	req->rsrc_type = free_req->rsrc_type;
+	req->mcs_id = mcs->idx;
+	req->dir = free_req->dir;
+	req->all = free_req->all;
+
+	rc = mbox_process_msg(mcs->mbox, (void *)&rsp);
+	if (rc)
+		return rc;
+
+	switch (free_req->rsrc_type) {
+	case MCS_RSRC_TYPE_FLOWID:
+		pos = free_req->rsrc_id + ((req->dir == MCS_TX) ? priv->tcam_entries : 0);
+		plt_bitmap_clear(priv->dev_rsrc.tcam_bmap, pos);
+		for (int i = 0; i < MAX_PORTS_PER_MCS; i++) {
+			uint32_t set = plt_bitmap_get(priv->port_rsrc[i].tcam_bmap, pos);
+
+			if (set) {
+				plt_bitmap_clear(priv->port_rsrc[i].tcam_bmap, pos);
+				break;
+			}
+		}
+		break;
+	case MCS_RSRC_TYPE_SECY:
+		pos = free_req->rsrc_id + ((req->dir == MCS_TX) ? priv->secy_entries : 0);
+		plt_bitmap_clear(priv->dev_rsrc.secy_bmap, pos);
+		for (int i = 0; i < MAX_PORTS_PER_MCS; i++) {
+			uint32_t set = plt_bitmap_get(priv->port_rsrc[i].secy_bmap, pos);
+
+			if (set) {
+				plt_bitmap_clear(priv->port_rsrc[i].secy_bmap, pos);
+				break;
+			}
+		}
+		break;
+	case MCS_RSRC_TYPE_SC:
+		pos = free_req->rsrc_id + ((req->dir == MCS_TX) ? priv->sc_entries : 0);
+		plt_bitmap_clear(priv->dev_rsrc.sc_bmap, pos);
+		for (int i = 0; i < MAX_PORTS_PER_MCS; i++) {
+			uint32_t set = plt_bitmap_get(priv->port_rsrc[i].sc_bmap, pos);
+
+			if (set) {
+				plt_bitmap_clear(priv->port_rsrc[i].sc_bmap, pos);
+				break;
+			}
+		}
+		break;
+	case MCS_RSRC_TYPE_SA:
+		pos = free_req->rsrc_id + ((req->dir == MCS_TX) ? priv->sa_entries : 0);
+		plt_bitmap_clear(priv->dev_rsrc.sa_bmap, pos);
+		for (int i = 0; i < MAX_PORTS_PER_MCS; i++) {
+			uint32_t set = plt_bitmap_get(priv->port_rsrc[i].sa_bmap, pos);
+
+			if (set) {
+				plt_bitmap_clear(priv->port_rsrc[i].sa_bmap, pos);
+				break;
+			}
+		}
+		break;
+	default:
+		break;
+	}
+
+	return rc;
+}
+
+int
+roc_mcs_sa_policy_write(struct roc_mcs *mcs, struct roc_mcs_sa_plcy_write_req *sa_plcy)
+{
+	struct mcs_sa_plcy_write_req *sa;
+	struct msg_rsp *rsp;
+
+	MCS_SUPPORT_CHECK;
+
+	if (sa_plcy == NULL)
+		return -EINVAL;
+
+	sa = mbox_alloc_msg_mcs_sa_plcy_write(mcs->mbox);
+	if (sa == NULL)
+		return -ENOMEM;
+
+	mbox_memcpy(sa->plcy, sa_plcy->plcy, sizeof(uint64_t) * 2 * 9);
+	sa->sa_index[0] = sa_plcy->sa_index[0];
+	sa->sa_index[1] = sa_plcy->sa_index[1];
+	sa->sa_cnt = sa_plcy->sa_cnt;
+	sa->mcs_id = mcs->idx;
+	sa->dir = sa_plcy->dir;
+
+	return mbox_process_msg(mcs->mbox, (void *)&rsp);
+}
+
+int
+roc_mcs_sa_policy_read(struct roc_mcs *mcs __plt_unused,
+		       struct roc_mcs_sa_plcy_write_req *sa __plt_unused)
+{
+	MCS_SUPPORT_CHECK;
+
+	return -ENOTSUP;
+}
diff --git a/drivers/common/cnxk/version.map b/drivers/common/cnxk/version.map
index 7593c7c890..9266edd9a1 100644
--- a/drivers/common/cnxk/version.map
+++ b/drivers/common/cnxk/version.map
@@ -133,10 +133,14 @@  INTERNAL {
 	roc_se_auth_key_set;
 	roc_se_ciph_key_set;
 	roc_se_ctx_init;
+	roc_mcs_alloc_rsrc;
 	roc_mcs_dev_init;
 	roc_mcs_dev_fini;
 	roc_mcs_dev_get;
+	roc_mcs_free_rsrc;
 	roc_mcs_hw_info_get;
+	roc_mcs_sa_policy_read;
+	roc_mcs_sa_policy_write;
 	roc_nix_bpf_alloc;
 	roc_nix_bpf_config;
 	roc_nix_bpf_connect;