[dpdk-dev] [PATCH v3 2/6] net/atlantic: enable macsec configuration

[Igor Russkikh]

From: Pavel Belous <pavel.belous at aquantia.com>

These are driver macsec configuration routines.
They fill in config structures and prepare these
to be send to FW. Actual configuration will happen in
link interrupt handler.

We declare macsec offload bits in DPDK offload capabilities
and provide external experimental macsec API wrappers.

Also update documentation with feature matrix for the
enabled feature.

Signed-off-by: Pavel Belous <pavel.belous at aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh at aquantia.com>
---
 doc/guides/nics/atlantic.rst                  |   6 +
 doc/guides/nics/features/atlantic.ini         |   1 +
 drivers/net/atlantic/Makefile                 |   1 +
 drivers/net/atlantic/atl_ethdev.c             |  93 ++++++++++++++
 drivers/net/atlantic/atl_ethdev.h             |  12 ++
 drivers/net/atlantic/meson.build              |   1 +
 drivers/net/atlantic/rte_pmd_atlantic.c       | 102 +++++++++++++++
 drivers/net/atlantic/rte_pmd_atlantic.h       | 120 ++++++++++++++++++
 .../net/atlantic/rte_pmd_atlantic_version.map |  12 ++
 9 files changed, 348 insertions(+)
 create mode 100644 drivers/net/atlantic/rte_pmd_atlantic.c
 create mode 100644 drivers/net/atlantic/rte_pmd_atlantic.h

diff --git a/doc/guides/nics/atlantic.rst b/doc/guides/nics/atlantic.rst
index 80591b13c185..22f2410d0e9a 100644
--- a/doc/guides/nics/atlantic.rst
+++ b/doc/guides/nics/atlantic.rst
@@ -19,6 +19,12 @@ Supported features
 - RSS (Receive Side Scaling)
 - Checksum offload
 - Jumbo Frame upto 16K
+- MACSEC offload
+
+Experimental API features
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- MACSEC PMD API is considered as experimental and is subject to change/removal in next DPDK releases.
 
 Configuration Information
 ^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/doc/guides/nics/features/atlantic.ini b/doc/guides/nics/features/atlantic.ini
index 5ed095b14323..2bb8ecc01789 100644
--- a/doc/guides/nics/features/atlantic.ini
+++ b/doc/guides/nics/features/atlantic.ini
@@ -20,6 +20,7 @@ VLAN filter          = Y
 Flow control         = Y
 CRC offload          = Y
 VLAN offload         = Y
+MACsec offload       = Y
 L3 checksum offload  = Y
 L4 checksum offload  = Y
 Packet type parsing  = Y
diff --git a/drivers/net/atlantic/Makefile b/drivers/net/atlantic/Makefile
index 62dcdbffa69c..263f12b5575f 100644
--- a/drivers/net/atlantic/Makefile
+++ b/drivers/net/atlantic/Makefile
@@ -31,5 +31,6 @@ SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_utils.c
 SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_llh.c
 SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_utils_fw2x.c
 SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += hw_atl_b0.c
+SRCS-$(CONFIG_RTE_LIBRTE_ATLANTIC_PMD) += rte_pmd_atlantic.c
 
 include $(RTE_SDK)/mk/rte.lib.mk
diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index 8327863cd9b6..7ea6919ff1ca 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -167,6 +167,7 @@ static struct rte_pci_driver rte_atl_pmd = {
 			| DEV_RX_OFFLOAD_UDP_CKSUM \
 			| DEV_RX_OFFLOAD_TCP_CKSUM \
 			| DEV_RX_OFFLOAD_JUMBO_FRAME \
+			| DEV_RX_OFFLOAD_MACSEC_STRIP \
 			| DEV_RX_OFFLOAD_VLAN_FILTER)
 
 #define ATL_TX_OFFLOADS (DEV_TX_OFFLOAD_VLAN_INSERT \
@@ -174,6 +175,7 @@ static struct rte_pci_driver rte_atl_pmd = {
 			| DEV_TX_OFFLOAD_UDP_CKSUM \
 			| DEV_TX_OFFLOAD_TCP_CKSUM \
 			| DEV_TX_OFFLOAD_TCP_TSO \
+			| DEV_TX_OFFLOAD_MACSEC_INSERT \
 			| DEV_TX_OFFLOAD_MULTI_SEGS)
 
 static const struct rte_eth_desc_lim rx_desc_lim = {
@@ -698,6 +700,82 @@ atl_dev_reset(struct rte_eth_dev *dev)
 	return ret;
 }
 
+int atl_macsec_enable(struct rte_eth_dev *dev,
+		      uint8_t encr, uint8_t repl_prot)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.common.macsec_enabled = 1;
+	cfg->aq_macsec.common.encryption_enabled = encr;
+	cfg->aq_macsec.common.replay_protection_enabled = repl_prot;
+
+	return 0;
+}
+
+int atl_macsec_disable(struct rte_eth_dev *dev)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.common.macsec_enabled = 0;
+
+	return 0;
+}
+
+int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	memset(&cfg->aq_macsec.txsc.mac, 0, sizeof(cfg->aq_macsec.txsc.mac));
+	memcpy((uint8_t *)&cfg->aq_macsec.txsc.mac + 2, mac, ETHER_ADDR_LEN);
+
+	return 0;
+}
+
+int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+			   uint8_t *mac, uint16_t pi)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	memset(&cfg->aq_macsec.rxsc.mac, 0, sizeof(cfg->aq_macsec.rxsc.mac));
+	memcpy((uint8_t *)&cfg->aq_macsec.rxsc.mac + 2, mac, ETHER_ADDR_LEN);
+	cfg->aq_macsec.rxsc.pi = pi;
+
+	return 0;
+}
+
+int atl_macsec_select_txsa(struct rte_eth_dev *dev,
+			   uint8_t idx, uint8_t an,
+			   uint32_t pn, uint8_t *key)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.txsa.idx = idx;
+	cfg->aq_macsec.txsa.pn = pn;
+	cfg->aq_macsec.txsa.an = an;
+
+	memcpy(&cfg->aq_macsec.txsa.key, key, 16);
+	return 0;
+}
+
+int atl_macsec_select_rxsa(struct rte_eth_dev *dev,
+			   uint8_t idx, uint8_t an,
+			   uint32_t pn, uint8_t *key)
+{
+	struct aq_hw_cfg_s *cfg =
+		ATL_DEV_PRIVATE_TO_CFG(dev->data->dev_private);
+
+	cfg->aq_macsec.rxsa.idx = idx;
+	cfg->aq_macsec.rxsa.pn = pn;
+	cfg->aq_macsec.rxsa.an = an;
+
+	memcpy(&cfg->aq_macsec.rxsa.key, key, 16);
+	return 0;
+}
 
 static int
 atl_dev_stats_get(struct rte_eth_dev *dev, struct rte_eth_stats *stats)
@@ -1532,6 +1610,21 @@ atl_rss_hash_conf_get(struct rte_eth_dev *dev,
 	return 0;
 }
 
+static bool
+is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv)
+{
+	if (strcmp(dev->device->driver->name, drv->driver.name))
+		return false;
+
+	return true;
+}
+
+bool
+is_atlantic_supported(struct rte_eth_dev *dev)
+{
+	return is_device_supported(dev, &rte_atl_pmd);
+}
+
 RTE_PMD_REGISTER_PCI(net_atlantic, rte_atl_pmd);
 RTE_PMD_REGISTER_PCI_TABLE(net_atlantic, pci_id_atl_map);
 RTE_PMD_REGISTER_KMOD_DEP(net_atlantic, "* igb_uio | uio_pci_generic");
diff --git a/drivers/net/atlantic/atl_ethdev.h b/drivers/net/atlantic/atl_ethdev.h
index 1e29999b539c..b162138c59d3 100644
--- a/drivers/net/atlantic/atl_ethdev.h
+++ b/drivers/net/atlantic/atl_ethdev.h
@@ -104,4 +104,16 @@ uint16_t atl_xmit_pkts(void *tx_queue, struct rte_mbuf **tx_pkts,
 uint16_t atl_prep_pkts(void *tx_queue, struct rte_mbuf **tx_pkts,
 		uint16_t nb_pkts);
 
+int atl_macsec_enable(struct rte_eth_dev *dev, uint8_t encr, uint8_t repl_prot);
+int atl_macsec_disable(struct rte_eth_dev *dev);
+int atl_macsec_config_txsc(struct rte_eth_dev *dev, uint8_t *mac);
+int atl_macsec_config_rxsc(struct rte_eth_dev *dev,
+			   uint8_t *mac, uint16_t pi);
+int atl_macsec_select_txsa(struct rte_eth_dev *dev, uint8_t idx,
+			   uint8_t an, uint32_t pn, uint8_t *key);
+int atl_macsec_select_rxsa(struct rte_eth_dev *dev, uint8_t idx,
+			   uint8_t an, uint32_t pn, uint8_t *key);
+
+bool is_atlantic_supported(struct rte_eth_dev *dev);
+
 #endif /* _ATLANTIC_ETHDEV_H_ */
diff --git a/drivers/net/atlantic/meson.build b/drivers/net/atlantic/meson.build
index 28fb97cace6e..60b84684ec0a 100644
--- a/drivers/net/atlantic/meson.build
+++ b/drivers/net/atlantic/meson.build
@@ -9,4 +9,5 @@ sources = files(
 	'hw_atl/hw_atl_llh.c',
 	'hw_atl/hw_atl_utils_fw2x.c',
 	'hw_atl/hw_atl_utils.c',
+	'rte_pmd_atlantic.c',
 )
diff --git a/drivers/net/atlantic/rte_pmd_atlantic.c b/drivers/net/atlantic/rte_pmd_atlantic.c
new file mode 100644
index 000000000000..5bf4da27fdd0
--- /dev/null
+++ b/drivers/net/atlantic/rte_pmd_atlantic.c
@@ -0,0 +1,102 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Aquantia Corporation
+ */
+
+#include <rte_ethdev_driver.h>
+
+#include "rte_pmd_atlantic.h"
+#include "atl_ethdev.h"
+
+
+__rte_experimental int
+rte_pmd_atl_macsec_enable(uint16_t port,
+			  uint8_t encr, uint8_t repl_prot)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+
+	if (!is_atlantic_supported(dev))
+		return -ENOTSUP;
+
+	return atl_macsec_enable(dev, encr, repl_prot);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_disable(uint16_t port)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+
+	if (!is_atlantic_supported(dev))
+		return -ENOTSUP;
+
+	return atl_macsec_disable(dev);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_config_txsc(uint16_t port, uint8_t *mac)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+
+	if (!is_atlantic_supported(dev))
+		return -ENOTSUP;
+
+	return atl_macsec_config_txsc(dev, mac);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_config_rxsc(uint16_t port, uint8_t *mac, uint16_t pi)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+
+	if (!is_atlantic_supported(dev))
+		return -ENOTSUP;
+
+	return atl_macsec_config_rxsc(dev, mac, pi);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_select_txsa(uint16_t port, uint8_t idx, uint8_t an,
+				 uint32_t pn, uint8_t *key)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+
+	if (!is_atlantic_supported(dev))
+		return -ENOTSUP;
+
+	return atl_macsec_select_txsa(dev, idx, an, pn, key);
+}
+
+__rte_experimental int
+rte_pmd_atl_macsec_select_rxsa(uint16_t port, uint8_t idx, uint8_t an,
+				 uint32_t pn, uint8_t *key)
+{
+	struct rte_eth_dev *dev;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+
+	if (!is_atlantic_supported(dev))
+		return -ENOTSUP;
+
+	return atl_macsec_select_rxsa(dev, idx, an, pn, key);
+}
diff --git a/drivers/net/atlantic/rte_pmd_atlantic.h b/drivers/net/atlantic/rte_pmd_atlantic.h
new file mode 100644
index 000000000000..e4db7c6c278c
--- /dev/null
+++ b/drivers/net/atlantic/rte_pmd_atlantic.h
@@ -0,0 +1,120 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Aquantia Corporation
+ */
+
+/**
+ * @file rte_pmd_atlantic.h
+ * atlantic PMD specific functions.
+ *
+ **/
+
+#ifndef _PMD_ATLANTIC_H_
+#define _PMD_ATLANTIC_H_
+
+#include <rte_ethdev_driver.h>
+
+/**
+ * Enable MACsec offload.
+ *
+ * @param port
+ *   The port identifier of the Ethernet device.
+ * @param encr
+ *    1 - Enable encryption (encrypt and add integrity signature).
+ *    0 - Disable encryption (only add integrity signature).
+ * @param repl_prot
+ *    1 - Enable replay protection.
+ *    0 - Disable replay protection.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_enable(uint16_t port, uint8_t encr, uint8_t repl_prot);
+
+/**
+ * Disable MACsec offload.
+ *
+ * @param port
+ *   The port identifier of the Ethernet device.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_disable(uint16_t port);
+
+/**
+ * Configure Tx SC (Secure Connection).
+ *
+ * @param port
+ *   The port identifier of the Ethernet device.
+ * @param mac
+ *   The MAC address on the local side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_config_txsc(uint16_t port, uint8_t *mac);
+
+/**
+ * Configure Rx SC (Secure Connection).
+ *
+ * @param port
+ *   The port identifier of the Ethernet device.
+ * @param mac
+ *   The MAC address on the remote side.
+ * @param pi
+ *   The PI (port identifier) on the remote side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int rte_pmd_atl_macsec_config_rxsc(uint16_t port, uint8_t *mac, uint16_t pi);
+
+/**
+ * Enable Tx SA (Secure Association).
+ *
+ * @param port
+ *   The port identifier of the Ethernet device.
+ * @param idx
+ *   The SA to be enabled (0 or 1).
+ * @param an
+ *   The association number on the local side.
+ * @param pn
+ *   The packet number on the local side.
+ * @param key
+ *   The key on the local side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ *   - (-EINVAL) if bad parameter.
+ */
+int rte_pmd_atl_macsec_select_txsa(uint16_t port, uint8_t idx, uint8_t an,
+				   uint32_t pn, uint8_t *key);
+
+/**
+ * Enable Rx SA (Secure Association).
+ *
+ * @param port
+ *   The port identifier of the Ethernet device.
+ * @param idx
+ *   The SA to be enabled (0 or 1)
+ * @param an
+ *   The association number on the remote side.
+ * @param pn
+ *   The packet number on the remote side.
+ * @param key
+ *   The key on the remote side.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-ENOTSUP) if hardware doesn't support this feature.
+ *   - (-EINVAL) if bad parameter.
+ */
+int rte_pmd_atl_macsec_select_rxsa(uint16_t port, uint8_t idx, uint8_t an,
+				   uint32_t pn, uint8_t *key);
+
+#endif /* _PMD_ATLANTIC_H_ */
diff --git a/drivers/net/atlantic/rte_pmd_atlantic_version.map b/drivers/net/atlantic/rte_pmd_atlantic_version.map
index 521e51f411fb..b16faa999f43 100644
--- a/drivers/net/atlantic/rte_pmd_atlantic_version.map
+++ b/drivers/net/atlantic/rte_pmd_atlantic_version.map
@@ -2,3 +2,15 @@ DPDK_18.11 {
 
 	local: *;
 };
+
+EXPERIMENTAL {
+	global:
+
+	rte_pmd_atl_macsec_enable;
+	rte_pmd_atl_macsec_disable;
+	rte_pmd_atl_macsec_config_txsc;
+	rte_pmd_atl_macsec_config_rxsc;
+	rte_pmd_atl_macsec_select_txsa;
+	rte_pmd_atl_macsec_select_rxsa;
+};
+
-- 
2.17.1