From patchwork Wed Jun  7 15:28:17 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 128351
X-Patchwork-Delegate: jerinj@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D444442C4E;
	Wed,  7 Jun 2023 17:29:58 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 88D8F42D0C;
	Wed,  7 Jun 2023 17:29:07 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id B5E3442DBA
 for <dev@dpdk.org>; Wed,  7 Jun 2023 17:29:05 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 357Dvh25028122; Wed, 7 Jun 2023 08:29:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=yBzz8Ap6aQ/hQRfsDrv5YvP4uoJiN4MFJcW+zvHQ7Ow=;
 b=VOtaU43nmQkRy/WJbZisNS2tbllqJgwVGAs0yVrt7oDLyGTEcmOIGbNhtXDKaR88mrTc
 Z9AqUcbWaDR8O2yb1CfT8UMveyWk8WsKBQBk1bS7zzohaFFGJ7uN8LMoXKPy0l+32aef
 rexiugO1PtdXoeSxJvUknRDd9z2u9wRXu9pvC9FjgYo5CY2bWr/KpVsThRqgFZ1UB4oT
 e1vb8+j2NjoZ9WrH8qlCSQnVXQB4U9faJUkdjYBYp7PP5bS+0+x8qQSnlt//Y901g3bN
 qvm7u02QbmHHmjFb4GS/DVONdLh3bSBpF/45RKn3G3jQ5RTwHvDAO+MDd0UkWlFdKxzd cA==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3r2a7bv7yh-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 07 Jun 2023 08:29:04 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Wed, 7 Jun 2023 08:29:02 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Wed, 7 Jun 2023 08:29:02 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 201E23F7088;
 Wed,  7 Jun 2023 08:28:59 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <david.marchand@redhat.com>,
 <vattunuru@marvell.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>,
 <ndabilpuram@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v2 13/15] net/cnxk: create/destroy MACsec SC/SA
Date: Wed, 7 Jun 2023 20:58:17 +0530
Message-ID: <20230607152819.226838-14-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230607152819.226838-1-gakhil@marvell.com>
References: <20230523200401.1945974-1-gakhil@marvell.com>
 <20230607152819.226838-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: KXvxD96CuR8oS8epd1ZR-P6R919uETMq
X-Proofpoint-GUID: KXvxD96CuR8oS8epd1ZR-P6R919uETMq
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26
 definitions=2023-06-07_07,2023-06-07_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added support to create/destroy MACsec SA and SC.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/net/cnxk/cn10k_ethdev_sec.c |   9 +-
 drivers/net/cnxk/cnxk_ethdev_mcs.c  | 250 ++++++++++++++++++++++++++++
 drivers/net/cnxk/cnxk_ethdev_mcs.h  |  16 ++
 3 files changed, 271 insertions(+), 4 deletions(-)

diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c
index 8dd2c8b7a5..1db29a0b55 100644
--- a/drivers/net/cnxk/cn10k_ethdev_sec.c
+++ b/drivers/net/cnxk/cn10k_ethdev_sec.c
@@ -9,6 +9,7 @@
 #include <rte_pmd_cnxk.h>
 
 #include <cn10k_ethdev.h>
+#include <cnxk_ethdev_mcs.h>
 #include <cnxk_security.h>
 #include <roc_priv.h>
 
@@ -1090,10 +1091,10 @@ cn10k_eth_sec_ops_override(void)
 	init_once = 1;
 
 	/* Update platform specific ops */
-	cnxk_eth_sec_ops.macsec_sa_create = NULL;
-	cnxk_eth_sec_ops.macsec_sc_create = NULL;
-	cnxk_eth_sec_ops.macsec_sa_destroy = NULL;
-	cnxk_eth_sec_ops.macsec_sc_destroy = NULL;
+	cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create;
+	cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create;
+	cnxk_eth_sec_ops.macsec_sa_destroy = cnxk_eth_macsec_sa_destroy;
+	cnxk_eth_sec_ops.macsec_sc_destroy = cnxk_eth_macsec_sc_destroy;
 	cnxk_eth_sec_ops.session_create = cn10k_eth_sec_session_create;
 	cnxk_eth_sec_ops.session_destroy = cn10k_eth_sec_session_destroy;
 	cnxk_eth_sec_ops.capabilities_get = cn10k_eth_sec_capabilities_get;
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.c b/drivers/net/cnxk/cnxk_ethdev_mcs.c
index b0205f45c5..89876abc57 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.c
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.c
@@ -6,6 +6,256 @@
 #include <cnxk_ethdev_mcs.h>
 #include <roc_mcs.h>
 
+static int
+mcs_resource_alloc(struct cnxk_mcs_dev *mcs_dev, enum mcs_direction dir, uint8_t rsrc_id[],
+		   uint8_t rsrc_cnt, enum cnxk_mcs_rsrc_type type)
+{
+	struct roc_mcs_alloc_rsrc_req req = {0};
+	struct roc_mcs_alloc_rsrc_rsp rsp = {0};
+	int i;
+
+	req.rsrc_type = type;
+	req.rsrc_cnt = rsrc_cnt;
+	req.dir = dir;
+
+	if (roc_mcs_rsrc_alloc(mcs_dev->mdev, &req, &rsp)) {
+		plt_err("Cannot allocate mcs resource.");
+		return -1;
+	}
+
+	for (i = 0; i < rsrc_cnt; i++) {
+		switch (rsp.rsrc_type) {
+		case CNXK_MCS_RSRC_TYPE_FLOWID:
+			rsrc_id[i] = rsp.flow_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SECY:
+			rsrc_id[i] = rsp.secy_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SC:
+			rsrc_id[i] = rsp.sc_ids[i];
+			break;
+		case CNXK_MCS_RSRC_TYPE_SA:
+			rsrc_id[i] = rsp.sa_ids[i];
+			break;
+		default:
+			plt_err("Invalid mcs resource allocated.");
+			return -1;
+		}
+	}
+	return 0;
+}
+
+int
+cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	uint8_t salt[RTE_SECURITY_MACSEC_SALT_LEN] = {0};
+	struct roc_mcs_pn_table_write_req pn_req = {0};
+	uint8_t hash_key_rev[CNXK_MACSEC_HASH_KEY] = {0};
+	uint8_t hash_key[CNXK_MACSEC_HASH_KEY] = {0};
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_sa_plcy_write_req req = {0};
+	uint8_t ciph_key[32] = {0};
+	enum mcs_direction dir;
+	uint8_t sa_id = 0;
+	int i, ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	ret = mcs_resource_alloc(mcs_dev, dir, &sa_id, 1, CNXK_MCS_RSRC_TYPE_SA);
+	if (ret) {
+		plt_err("Failed to allocate SA id.");
+		return -ENOMEM;
+	}
+	req.sa_index[0] = sa_id;
+	req.sa_cnt = 1;
+	req.dir = dir;
+
+	if (conf->key.length != 16 && conf->key.length != 32)
+		return -EINVAL;
+
+	for (i = 0; i < conf->key.length; i++)
+		ciph_key[i] = conf->key.data[conf->key.length - 1 - i];
+
+	memcpy(&req.plcy[0][0], ciph_key, conf->key.length);
+
+	roc_aes_hash_key_derive(conf->key.data, conf->key.length, hash_key);
+	for (i = 0; i < CNXK_MACSEC_HASH_KEY; i++)
+		hash_key_rev[i] = hash_key[CNXK_MACSEC_HASH_KEY - 1 - i];
+
+	memcpy(&req.plcy[0][4], hash_key_rev, CNXK_MACSEC_HASH_KEY);
+
+	for (i = 0; i < RTE_SECURITY_MACSEC_SALT_LEN; i++)
+		salt[i] = conf->salt[RTE_SECURITY_MACSEC_SALT_LEN - 1 - i];
+	memcpy(&req.plcy[0][6], salt, RTE_SECURITY_MACSEC_SALT_LEN);
+
+	req.plcy[0][7] |= (uint64_t)conf->ssci << 32;
+	req.plcy[0][8] = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? (conf->an & 0x3) : 0;
+
+	ret = roc_mcs_sa_policy_write(mcs_dev->mdev, &req);
+	if (ret) {
+		plt_err("Failed to write SA policy.");
+		return -EINVAL;
+	}
+	pn_req.next_pn = ((uint64_t)conf->xpn << 32) | rte_be_to_cpu_32(conf->next_pn);
+	pn_req.pn_id = sa_id;
+	pn_req.dir = dir;
+
+	ret = roc_mcs_pn_table_write(mcs_dev->mdev, &pn_req);
+	if (ret) {
+		plt_err("Failed to write PN table.");
+		return -EINVAL;
+	}
+
+	return sa_id;
+}
+
+int
+cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id, enum rte_security_macsec_direction dir)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_clear_stats stats_req = {0};
+	struct roc_mcs_free_rsrc_req req = {0};
+	int ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	stats_req.type = CNXK_MCS_RSRC_TYPE_SA;
+	stats_req.id = sa_id;
+	stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	stats_req.all = 0;
+
+	ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+	if (ret)
+		plt_err("Failed to clear stats for SA id %u, dir %u.", sa_id, dir);
+
+	req.rsrc_id = sa_id;
+	req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	req.rsrc_type = CNXK_MCS_RSRC_TYPE_SA;
+
+	ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+	if (ret)
+		plt_err("Failed to free SA id %u, dir %u.", sa_id, dir);
+
+	return ret;
+}
+
+int
+cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct roc_mcs_set_pn_threshold pn_thresh = {0};
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	enum mcs_direction dir;
+	uint8_t sc_id = 0;
+	int i, ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	dir = (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	ret = mcs_resource_alloc(mcs_dev, dir, &sc_id, 1, CNXK_MCS_RSRC_TYPE_SC);
+	if (ret) {
+		plt_err("Failed to allocate SC id.");
+		return -ENOMEM;
+	}
+
+	if (conf->dir == RTE_SECURITY_MACSEC_DIR_TX) {
+		struct roc_mcs_tx_sc_sa_map req = {0};
+
+		req.sa_index0 = conf->sc_tx.sa_id & 0xFF;
+		req.sa_index1 = conf->sc_tx.sa_id_rekey & 0xFF;
+		req.rekey_ena = conf->sc_tx.re_key_en;
+		req.sa_index0_vld = conf->sc_tx.active;
+		req.sa_index1_vld = conf->sc_tx.re_key_en && conf->sc_tx.active;
+		req.tx_sa_active = 0;
+		req.sectag_sci = conf->sc_tx.sci;
+		req.sc_id = sc_id;
+
+		ret = roc_mcs_tx_sc_sa_map_write(mcs_dev->mdev, &req);
+		if (ret) {
+			plt_err("Failed to map TX SC-SA");
+			return -EINVAL;
+		}
+		pn_thresh.xpn = conf->sc_tx.is_xpn;
+	} else {
+		for (i = 0; i < RTE_SECURITY_MACSEC_NUM_AN; i++) {
+			struct roc_mcs_rx_sc_sa_map req = {0};
+
+			req.sa_index = conf->sc_rx.sa_id[i] & 0x7F;
+			req.sc_id = sc_id;
+			req.an = i & 0x3;
+			req.sa_in_use = 0;
+			/* Clearing the sa_in_use bit automatically clears
+			 * the corresponding pn_thresh_reached bit
+			 */
+			ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+			if (ret) {
+				plt_err("Failed to map RX SC-SA");
+				return -EINVAL;
+			}
+			req.sa_in_use = conf->sc_rx.sa_in_use[i];
+			ret = roc_mcs_rx_sc_sa_map_write(mcs_dev->mdev, &req);
+			if (ret) {
+				plt_err("Failed to map RX SC-SA");
+				return -EINVAL;
+			}
+		}
+		pn_thresh.xpn = conf->sc_rx.is_xpn;
+	}
+
+	pn_thresh.threshold = conf->pn_threshold;
+	pn_thresh.dir = dir;
+
+	ret = roc_mcs_pn_threshold_set(mcs_dev->mdev, &pn_thresh);
+	if (ret) {
+		plt_err("Failed to write PN threshold.");
+		return -EINVAL;
+	}
+
+	return sc_id;
+}
+
+int
+cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id, enum rte_security_macsec_direction dir)
+{
+	struct rte_eth_dev *eth_dev = (struct rte_eth_dev *)device;
+	struct cnxk_eth_dev *dev = cnxk_eth_pmd_priv(eth_dev);
+	struct cnxk_mcs_dev *mcs_dev = dev->mcs_dev;
+	struct roc_mcs_clear_stats stats_req = {0};
+	struct roc_mcs_free_rsrc_req req = {0};
+	int ret = 0;
+
+	if (!roc_feature_nix_has_macsec())
+		return -ENOTSUP;
+
+	stats_req.type = CNXK_MCS_RSRC_TYPE_SC;
+	stats_req.id = sc_id;
+	stats_req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	stats_req.all = 0;
+
+	ret = roc_mcs_stats_clear(mcs_dev->mdev, &stats_req);
+	if (ret)
+		plt_err("Failed to clear stats for SC id %u, dir %u.", sc_id, dir);
+
+	req.rsrc_id = sc_id;
+	req.dir = (dir == RTE_SECURITY_MACSEC_DIR_TX) ? MCS_TX : MCS_RX;
+	req.rsrc_type = CNXK_MCS_RSRC_TYPE_SC;
+
+	ret = roc_mcs_rsrc_free(mcs_dev->mdev, &req);
+	if (ret)
+		plt_err("Failed to free SC id.");
+
+	return ret;
+}
+
 static int
 cnxk_mcs_event_cb(void *userdata, struct roc_mcs_event_desc *desc, void *cb_arg)
 {
diff --git a/drivers/net/cnxk/cnxk_ethdev_mcs.h b/drivers/net/cnxk/cnxk_ethdev_mcs.h
index 762c299fb8..68c6493169 100644
--- a/drivers/net/cnxk/cnxk_ethdev_mcs.h
+++ b/drivers/net/cnxk/cnxk_ethdev_mcs.h
@@ -13,6 +13,14 @@ struct cnxk_mcs_dev {
 	uint8_t idx;
 };
 
+enum cnxk_mcs_rsrc_type {
+	CNXK_MCS_RSRC_TYPE_FLOWID,
+	CNXK_MCS_RSRC_TYPE_SECY,
+	CNXK_MCS_RSRC_TYPE_SC,
+	CNXK_MCS_RSRC_TYPE_SA,
+	CNXK_MCS_RSRC_TYPE_PORT,
+};
+
 struct cnxk_mcs_event_data {
 	/* Valid for below events
 	 * - ROC_MCS_EVENT_RX_SA_PN_SOFT_EXP
@@ -59,3 +67,11 @@ struct cnxk_mcs_event_desc {
 	enum roc_mcs_event_subtype subtype;
 	struct cnxk_mcs_event_data metadata;
 };
+
+int cnxk_eth_macsec_sa_create(void *device, struct rte_security_macsec_sa *conf);
+int cnxk_eth_macsec_sc_create(void *device, struct rte_security_macsec_sc *conf);
+
+int cnxk_eth_macsec_sa_destroy(void *device, uint16_t sa_id,
+			       enum rte_security_macsec_direction dir);
+int cnxk_eth_macsec_sc_destroy(void *device, uint16_t sc_id,
+			       enum rte_security_macsec_direction dir);