1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
5 #include <rte_malloc.h>
6 #include <rte_cryptodev.h>
9 #include <rte_security.h>
10 #include <rte_security_driver.h>
13 #include "cnxk_cryptodev.h"
14 #include "cnxk_ipsec.h"
15 #include "cnxk_security.h"
16 #include "cn10k_ipsec.h"
21 ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa)
26 w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
28 w7.s.cptr = (uint64_t)sa;
35 cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
36 struct rte_security_ipsec_xform *ipsec_xfrm,
37 struct rte_crypto_sym_xform *crypto_xfrm,
38 struct rte_security_session *sec_sess)
40 struct roc_ot_ipsec_outb_sa *out_sa;
41 struct cnxk_ipsec_outb_rlens rlens;
42 struct cn10k_sec_session *sess;
43 struct cn10k_ipsec_sa *sa;
44 union cpt_inst_w4 inst_w4;
47 sess = get_sec_session_private_data(sec_sess);
51 memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));
53 /* Translate security parameters to SA */
54 ret = cnxk_ot_ipsec_outb_sa_fill(out_sa, ipsec_xfrm, crypto_xfrm);
58 sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);
61 /* Use IV from application in debug mode */
62 if (ipsec_xfrm->options.iv_gen_disable == 1) {
63 out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
64 if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
65 sa->iv_offset = crypto_xfrm->aead.iv.offset;
66 sa->iv_length = crypto_xfrm->aead.iv.length;
70 if (ipsec_xfrm->options.iv_gen_disable != 0) {
71 plt_err("Application provided IV not supported");
76 /* Get Rlen calculation data */
77 ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
81 sa->max_extended_len = rlens.max_extended_len;
83 /* pre-populate CPT INST word 4 */
85 inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;
87 sa->inst.w4 = inst_w4.u64;
93 cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
94 struct rte_security_ipsec_xform *ipsec_xfrm,
95 struct rte_crypto_sym_xform *crypto_xfrm,
96 struct rte_security_session *sec_sess)
98 struct roc_ot_ipsec_inb_sa *in_sa;
99 struct cn10k_sec_session *sess;
100 struct cn10k_ipsec_sa *sa;
101 union cpt_inst_w4 inst_w4;
104 sess = get_sec_session_private_data(sec_sess);
108 /* Translate security parameters to SA */
109 ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm);
113 /* TODO add support for antireplay */
114 sa->in_sa.w0.s.ar_win = 0;
116 /* TODO add support for udp encap */
118 sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);
120 /* pre-populate CPT INST word 4 */
122 inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC;
124 /* Disable checksum verification for now */
125 inst_w4.s.param1 = 7;
126 sa->inst.w4 = inst_w4.u64;
132 cn10k_ipsec_session_create(void *dev,
133 struct rte_security_ipsec_xform *ipsec_xfrm,
134 struct rte_crypto_sym_xform *crypto_xfrm,
135 struct rte_security_session *sess)
137 struct rte_cryptodev *crypto_dev = dev;
138 struct roc_cpt *roc_cpt;
139 struct cnxk_cpt_vf *vf;
142 vf = crypto_dev->data->dev_private;
145 if (crypto_dev->data->queue_pairs[0] == NULL) {
146 plt_err("Setup cpt queue pair before creating security session");
150 ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm);
154 if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
155 return cn10k_ipsec_inb_sa_create(roc_cpt, ipsec_xfrm,
158 return cn10k_ipsec_outb_sa_create(roc_cpt, ipsec_xfrm,
163 cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
164 struct rte_security_session *sess,
165 struct rte_mempool *mempool)
167 struct cn10k_sec_session *priv;
170 if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
173 if (rte_mempool_get(mempool, (void **)&priv)) {
174 plt_err("Could not allocate security session private data");
178 set_sec_session_private_data(sess, priv);
180 if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
184 ret = cn10k_ipsec_session_create(device, &conf->ipsec,
185 conf->crypto_xform, sess);
192 rte_mempool_put(mempool, priv);
193 set_sec_session_private_data(sess, NULL);
198 cn10k_sec_session_destroy(void *device __rte_unused,
199 struct rte_security_session *sess)
201 struct cn10k_sec_session *priv;
202 struct rte_mempool *sess_mp;
204 priv = get_sec_session_private_data(sess);
209 sess_mp = rte_mempool_from_obj(priv);
211 set_sec_session_private_data(sess, NULL);
212 rte_mempool_put(sess_mp, priv);
218 cn10k_sec_session_get_size(void *device __rte_unused)
220 return sizeof(struct cn10k_sec_session);
223 /* Update platform specific security ops */
225 cn10k_sec_ops_override(void)
227 /* Update platform specific ops */
228 cnxk_sec_ops.session_create = cn10k_sec_session_create;
229 cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
230 cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;