crypto/cnxk: enable allocated queues only

[dpdk.git] / drivers / crypto / cnxk / cn9k_ipsec.c

diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 0b63cc4..6455ef9 100644 (file)
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -2,7 +2,7 @@
  * Copyright(C) 2021 Marvell.
  */
 
-#include <rte_cryptodev.h>
+#include <cryptodev_pmd.h>
 #include <rte_ip.h>
 #include <rte_security.h>
 #include <rte_security_driver.h>
@@ -19,6 +19,7 @@ static inline int
 cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
                      uint8_t opcode, size_t ctx_len)
 {
+       struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
        uint64_t lmtline = qp->lmtline.lmt_base;
        uint64_t io_addr = qp->lmtline.io_addr;
        uint64_t lmt_status, time_out;
@@ -41,7 +42,7 @@ cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp,
        inst.dptr = rte_mempool_virt2iova(sa);
        inst.rptr = 0;
        inst.w7.s.cptr = rte_mempool_virt2iova(sa);
-       inst.w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE;
+       inst.w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
 
        inst.w0.u64 = 0;
        inst.w2.u64 = 0;
@@ -278,6 +279,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 {
        struct rte_crypto_sym_xform *auth_xform = crypto_xform->next;
        struct roc_ie_on_ip_template *template = NULL;
+       struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
+       union roc_on_ipsec_outb_param1 param1;
        struct cnxk_cpt_inst_tmpl *inst_tmpl;
        struct roc_ie_on_outb_sa *out_sa;
        struct cn9k_sec_session *sess;
@@ -314,7 +317,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
        if (ret)
                return ret;
 
-       if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) {
+       if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||
+           ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL) {
                template = &out_sa->aes_gcm.template;
                ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template);
        } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) {
@@ -404,11 +408,16 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
        w4.u64 = 0;
        w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;
        w4.s.opcode_minor = ctx_len >> 3;
-       w4.s.param1 = ROC_IE_ON_PER_PKT_IV;
+
+       param1.u16 = 0;
+       param1.s.ikev2 = 1;
+       param1.s.per_pkt_iv = 1;
+       w4.s.param1 = param1.u16;
+
        inst_tmpl->w4 = w4.u64;
 
        w7.u64 = 0;
-       w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE;
+       w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
        w7.s.cptr = rte_mempool_virt2iova(out_sa);
        inst_tmpl->w7 = w7.u64;
 
@@ -423,6 +432,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
                         struct rte_security_session *sec_sess)
 {
        struct rte_crypto_sym_xform *auth_xform = crypto_xform;
+       struct roc_cpt *roc_cpt = qp->lf.roc_cpt;
+       union roc_on_ipsec_inb_param2 param2;
        struct cnxk_cpt_inst_tmpl *inst_tmpl;
        struct roc_ie_on_inb_sa *in_sa;
        struct cn9k_sec_session *sess;
@@ -441,12 +452,14 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
        memset(sa, 0, sizeof(struct cn9k_ipsec_sa));
 
        sa->dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+       sa->replay_win_sz = ipsec->replay_win_sz;
 
        ret = fill_ipsec_common_sa(ipsec, crypto_xform, &in_sa->common_sa);
        if (ret)
                return ret;
 
-       if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+       if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD ||
+           auth_xform->auth.algo == RTE_CRYPTO_AUTH_NULL) {
                ctx_len = offsetof(struct roc_ie_on_inb_sa,
                                   sha1_or_gcm.hmac_key[0]);
        } else {
@@ -471,13 +484,34 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
        w4.u64 = 0;
        w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC;
        w4.s.opcode_minor = ctx_len >> 3;
+
+       param2.u16 = 0;
+       param2.s.ikev2 = 1;
+       w4.s.param2 = param2.u16;
+
        inst_tmpl->w4 = w4.u64;
 
        w7.u64 = 0;
-       w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE;
+       w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
        w7.s.cptr = rte_mempool_virt2iova(in_sa);
        inst_tmpl->w7 = w7.u64;
 
+       if (sa->replay_win_sz) {
+               if (sa->replay_win_sz > CNXK_ON_AR_WIN_SIZE_MAX) {
+                       plt_err("Replay window size:%u is not supported",
+                               sa->replay_win_sz);
+                       return -ENOTSUP;
+               }
+
+               /* Set window bottom to 1, base and top to size of window */
+               sa->ar.winb = 1;
+               sa->ar.wint = sa->replay_win_sz;
+               sa->ar.base = sa->replay_win_sz;
+
+               in_sa->common_sa.esn_low = 0;
+               in_sa->common_sa.esn_hi = 0;
+       }
+
        return cn9k_cpt_enq_sa_write(
                sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len);
 }
@@ -485,7 +519,11 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
 static inline int
 cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec)
 {
-       RTE_SET_USED(ipsec);
+       if (ipsec->life.bytes_hard_limit != 0 ||
+           ipsec->life.bytes_soft_limit != 0 ||
+           ipsec->life.packets_hard_limit != 0 ||
+           ipsec->life.packets_soft_limit != 0)
+               return -ENOTSUP;
 
        return 0;
 }