crypto/octeontx2: support security session create

[dpdk.git] / drivers / net / octeontx2 / otx2_ethdev_sec.c

diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index 9ea0dc4..a155594 100644 (file)
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -19,17 +19,7 @@
 #include "otx2_ethdev_sec.h"
 #include "otx2_ipsec_fp.h"
 #include "otx2_sec_idev.h"
-
-#define ETH_SEC_MAX_PKT_LEN    1450
-
-#define AH_HDR_LEN     12
-#define AES_GCM_IV_LEN 8
-#define AES_GCM_MAC_LEN        16
-#define AES_CBC_IV_LEN 16
-#define SHA1_HMAC_LEN  12
-
-#define AES_GCM_ROUNDUP_BYTE_LEN       4
-#define AES_CBC_ROUNDUP_BYTE_LEN       16
+#include "otx2_security.h"
 
 struct eth_sec_tag_const {
        RTE_STD_C11
@@ -239,7 +229,7 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
                sess->partial_len += sizeof(struct rte_esp_hdr);
                sess->roundup_len = sizeof(struct rte_esp_tail);
        } else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {
-               sess->partial_len += AH_HDR_LEN;
+               sess->partial_len += OTX2_SEC_AH_HDR_LEN;
        } else {
                return -EINVAL;
        }
@@ -249,9 +239,9 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
 
        if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
                if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
-                       sess->partial_len += AES_GCM_IV_LEN;
-                       sess->partial_len += AES_GCM_MAC_LEN;
-                       sess->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN;
+                       sess->partial_len += OTX2_SEC_AES_GCM_IV_LEN;
+                       sess->partial_len += OTX2_SEC_AES_GCM_MAC_LEN;
+                       sess->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN;
                }
                return 0;
        }
@@ -266,14 +256,14 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
                return -EINVAL;
        }
        if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
-               sess->partial_len += AES_CBC_IV_LEN;
-               sess->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN;
+               sess->partial_len += OTX2_SEC_AES_CBC_IV_LEN;
+               sess->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN;
        } else {
                return -EINVAL;
        }
 
        if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
-               sess->partial_len += SHA1_HMAC_LEN;
+               sess->partial_len += OTX2_SEC_SHA1_HMAC_LEN;
        else
                return -EINVAL;
 
@@ -745,7 +735,7 @@ eth_sec_ipsec_cfg(struct rte_eth_dev *eth_dev, uint8_t tt)
 
        req->ipsec_cfg0.sa_pow2_size =
                        rte_log2_u32(sizeof(struct otx2_ipsec_fp_in_sa));
-       req->ipsec_cfg0.lenm1_max = ETH_SEC_MAX_PKT_LEN - 1;
+       req->ipsec_cfg0.lenm1_max = NIX_MAX_FRS - 1;
 
        req->ipsec_cfg1.sa_idx_w = rte_log2_u32(dev->ipsec_in_max_spi);
        req->ipsec_cfg1.sa_idx_max = dev->ipsec_in_max_spi - 1;
@@ -753,6 +743,34 @@ eth_sec_ipsec_cfg(struct rte_eth_dev *eth_dev, uint8_t tt)
        return otx2_mbox_process(mbox);
 }
 
+int
+otx2_eth_sec_update_tag_type(struct rte_eth_dev *eth_dev)
+{
+       struct otx2_eth_dev *dev = otx2_eth_pmd_priv(eth_dev);
+       struct otx2_mbox *mbox = dev->mbox;
+       struct nix_aq_enq_rsp *rsp;
+       struct nix_aq_enq_req *aq;
+       int ret;
+
+       aq = otx2_mbox_alloc_msg_nix_aq_enq(mbox);
+       aq->qidx = 0; /* Read RQ:0 context */
+       aq->ctype = NIX_AQ_CTYPE_RQ;
+       aq->op = NIX_AQ_INSTOP_READ;
+
+       ret = otx2_mbox_process_msg(mbox, (void *)&rsp);
+       if (ret < 0) {
+               otx2_err("Could not read RQ context");
+               return ret;
+       }
+
+       /* Update tag type */
+       ret = eth_sec_ipsec_cfg(eth_dev, rsp->rq.sso_tt);
+       if (ret < 0)
+               otx2_err("Could not update sec eth tag type");
+
+       return ret;
+}
+
 int
 otx2_eth_sec_init(struct rte_eth_dev *eth_dev)
 {