common/cnxk: remove CN9K inline IPsec FP opcodes

[ upstream commit 930d94170e044ce1a2a2f222306c7dad50898728 ]

Since now Inline IPsec in cn9k is using same opcode as LA,
remove the definitions of fast path opcode.

Also fix devarg handling for ipsec_out_max_sa to allow 32-bit.

Fixes: fe5846b ("net/cnxk: add devargs for min-max SPI")

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>

drivers/common/cnxk/cnxk_security.c

@@ -614,235 +614,6 @@ cnxk_ot_ipsec_outb_sa_valid(struct roc_ot_ipsec_outb_sa *sa)
 	return !!sa->w2.s.valid;
 }
 
-static inline int
-ipsec_xfrm_verify(struct rte_security_ipsec_xform *ipsec_xfrm,
-		  struct rte_crypto_sym_xform *crypto_xfrm)
-{
-	if (crypto_xfrm->next == NULL)
-		return -EINVAL;
-
-	if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
-		if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_AUTH ||
-		    crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)
-			return -EINVAL;
-	} else {
-		if (crypto_xfrm->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||
-		    crypto_xfrm->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)
-			return -EINVAL;
-	}
-
-	return 0;
-}
-
-static int
-onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
-			       uint8_t *cipher_key, uint8_t *hmac_opad_ipad,
-			       struct rte_security_ipsec_xform *ipsec_xfrm,
-			       struct rte_crypto_sym_xform *crypto_xfrm)
-{
-	struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;
-	int rc, length, auth_key_len;
-	const uint8_t *key = NULL;
-	uint8_t ccm_flag = 0;
-
-	/* Set direction */
-	switch (ipsec_xfrm->direction) {
-	case RTE_SECURITY_IPSEC_SA_DIR_INGRESS:
-		ctl->direction = ROC_IE_SA_DIR_INBOUND;
-		auth_xfrm = crypto_xfrm;
-		cipher_xfrm = crypto_xfrm->next;
-		break;
-	case RTE_SECURITY_IPSEC_SA_DIR_EGRESS:
-		ctl->direction = ROC_IE_SA_DIR_OUTBOUND;
-		cipher_xfrm = crypto_xfrm;
-		auth_xfrm = crypto_xfrm->next;
-		break;
-	default:
-		return -EINVAL;
-	}
-
-	/* Set protocol - ESP vs AH */
-	switch (ipsec_xfrm->proto) {
-	case RTE_SECURITY_IPSEC_SA_PROTO_ESP:
-		ctl->ipsec_proto = ROC_IE_SA_PROTOCOL_ESP;
-		break;
-	case RTE_SECURITY_IPSEC_SA_PROTO_AH:
-		return -ENOTSUP;
-	default:
-		return -EINVAL;
-	}
-
-	/* Set mode - transport vs tunnel */
-	switch (ipsec_xfrm->mode) {
-	case RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT:
-		ctl->ipsec_mode = ROC_IE_SA_MODE_TRANSPORT;
-		break;
-	case RTE_SECURITY_IPSEC_SA_MODE_TUNNEL:
-		ctl->ipsec_mode = ROC_IE_SA_MODE_TUNNEL;
-		break;
-	default:
-		return -EINVAL;
-	}
-
-	/* Set encryption algorithm */
-	if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-		length = crypto_xfrm->aead.key.length;
-
-		switch (crypto_xfrm->aead.algo) {
-		case RTE_CRYPTO_AEAD_AES_GCM:
-			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM;
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_NULL;
-			memcpy(salt, &ipsec_xfrm->salt, 4);
-			key = crypto_xfrm->aead.key.data;
-			break;
-		case RTE_CRYPTO_AEAD_AES_CCM:
-			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CCM;
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_NULL;
-			ccm_flag = 0x07 & ~ROC_CPT_AES_CCM_CTR_LEN;
-			*salt = ccm_flag;
-			memcpy(PLT_PTR_ADD(salt, 1), &ipsec_xfrm->salt, 3);
-			key = crypto_xfrm->aead.key.data;
-			break;
-		default:
-			return -ENOTSUP;
-		}
-
-	} else {
-		rc = ipsec_xfrm_verify(ipsec_xfrm, crypto_xfrm);
-		if (rc)
-			return rc;
-
-		switch (cipher_xfrm->cipher.algo) {
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
-			break;
-		default:
-			return -ENOTSUP;
-		}
-
-		switch (auth_xfrm->auth.algo) {
-		case RTE_CRYPTO_AUTH_SHA1_HMAC:
-			ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA1;
-			break;
-		default:
-			return -ENOTSUP;
-		}
-		auth_key_len = auth_xfrm->auth.key.length;
-		if (auth_key_len < 20 || auth_key_len > 64)
-			return -ENOTSUP;
-
-		key = cipher_xfrm->cipher.key.data;
-		length = cipher_xfrm->cipher.key.length;
-
-		ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
-	}
-
-	switch (length) {
-	case ROC_CPT_AES128_KEY_LEN:
-		ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;
-		break;
-	case ROC_CPT_AES192_KEY_LEN:
-		ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;
-		break;
-	case ROC_CPT_AES256_KEY_LEN:
-		ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;
-		break;
-	default:
-		return -EINVAL;
-	}
-
-	memcpy(cipher_key, key, length);
-
-	if (ipsec_xfrm->options.esn)
-		ctl->esn_en = 1;
-
-	ctl->spi = rte_cpu_to_be_32(ipsec_xfrm->spi);
-	return 0;
-}
-
-int
-cnxk_onf_ipsec_inb_sa_fill(struct roc_onf_ipsec_inb_sa *sa,
-			   struct rte_security_ipsec_xform *ipsec_xfrm,
-			   struct rte_crypto_sym_xform *crypto_xfrm)
-{
-	struct roc_ie_onf_sa_ctl *ctl = &sa->ctl;
-	int rc;
-
-	rc = onf_ipsec_sa_common_param_fill(ctl, sa->nonce, sa->cipher_key,
-					    sa->hmac_key, ipsec_xfrm,
-					    crypto_xfrm);
-	if (rc)
-		return rc;
-
-	rte_wmb();
-
-	/* Enable SA */
-	ctl->valid = 1;
-	return 0;
-}
-
-int
-cnxk_onf_ipsec_outb_sa_fill(struct roc_onf_ipsec_outb_sa *sa,
-			    struct rte_security_ipsec_xform *ipsec_xfrm,
-			    struct rte_crypto_sym_xform *crypto_xfrm)
-{
-	struct rte_security_ipsec_tunnel_param *tunnel = &ipsec_xfrm->tunnel;
-	struct roc_ie_onf_sa_ctl *ctl = &sa->ctl;
-	int rc;
-
-	/* Fill common params */
-	rc = onf_ipsec_sa_common_param_fill(ctl, sa->nonce, sa->cipher_key,
-					    sa->hmac_key, ipsec_xfrm,
-					    crypto_xfrm);
-	if (rc)
-		return rc;
-
-	if (ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
-		goto skip_tunnel_info;
-
-	/* Tunnel header info */
-	switch (tunnel->type) {
-	case RTE_SECURITY_IPSEC_TUNNEL_IPV4:
-		memcpy(&sa->ip_src, &tunnel->ipv4.src_ip,
-		       sizeof(struct in_addr));
-		memcpy(&sa->ip_dst, &tunnel->ipv4.dst_ip,
-		       sizeof(struct in_addr));
-		break;
-	case RTE_SECURITY_IPSEC_TUNNEL_IPV6:
-		return -ENOTSUP;
-	default:
-		return -EINVAL;
-	}
-
-	/* Update udp encap ports */
-	if (ipsec_xfrm->options.udp_encap == 1) {
-		sa->udp_src = 4500;
-		sa->udp_dst = 4500;
-	}
-
-skip_tunnel_info:
-	rte_wmb();
-
-	/* Enable SA */
-	ctl->valid = 1;
-	return 0;
-}
-
-bool
-cnxk_onf_ipsec_inb_sa_valid(struct roc_onf_ipsec_inb_sa *sa)
-{
-	return !!sa->ctl.valid;
-}
-
-bool
-cnxk_onf_ipsec_outb_sa_valid(struct roc_onf_ipsec_outb_sa *sa)
-{
-	return !!sa->ctl.valid;
-}
-
 uint8_t
 cnxk_ipsec_ivlen_get(enum rte_crypto_cipher_algorithm c_algo,
 		     enum rte_crypto_auth_algorithm a_algo,

drivers/common/cnxk/cnxk_security.h

@@ -47,18 +47,6 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,
 bool __roc_api cnxk_ot_ipsec_inb_sa_valid(struct roc_ot_ipsec_inb_sa *sa);
 bool __roc_api cnxk_ot_ipsec_outb_sa_valid(struct roc_ot_ipsec_outb_sa *sa);
 
-/* [CN9K, CN10K) */
-int __roc_api
-cnxk_onf_ipsec_inb_sa_fill(struct roc_onf_ipsec_inb_sa *sa,
-			   struct rte_security_ipsec_xform *ipsec_xfrm,
-			   struct rte_crypto_sym_xform *crypto_xfrm);
-int __roc_api
-cnxk_onf_ipsec_outb_sa_fill(struct roc_onf_ipsec_outb_sa *sa,
-			    struct rte_security_ipsec_xform *ipsec_xfrm,
-			    struct rte_crypto_sym_xform *crypto_xfrm);
-bool __roc_api cnxk_onf_ipsec_inb_sa_valid(struct roc_onf_ipsec_inb_sa *sa);
-bool __roc_api cnxk_onf_ipsec_outb_sa_valid(struct roc_onf_ipsec_outb_sa *sa);
-
 /* [CN9K] */
 int __roc_api
 cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,

drivers/common/cnxk/roc_ie_on.h

@@ -268,66 +268,6 @@ struct roc_ie_on_inb_sa {
 #define ROC_IE_ON_UCC_L2_HDR_INFO_ERR	  0xCF
 #define ROC_IE_ON_UCC_L2_HDR_LEN_ERR	  0xE0
 
-struct roc_ie_onf_sa_ctl {
-	uint32_t spi;
-	uint64_t exp_proto_inter_frag : 8;
-	uint64_t rsvd_41_40 : 2;
-	/* Disable SPI, SEQ data in RPTR for Inbound inline */
-	uint64_t spi_seq_dis : 1;
-	uint64_t esn_en : 1;
-	uint64_t rsvd_44_45 : 2;
-	uint64_t encap_type : 2;
-	uint64_t enc_type : 3;
-	uint64_t rsvd_48 : 1;
-	uint64_t auth_type : 4;
-	uint64_t valid : 1;
-	uint64_t direction : 1;
-	uint64_t outer_ip_ver : 1;
-	uint64_t inner_ip_ver : 1;
-	uint64_t ipsec_mode : 1;
-	uint64_t ipsec_proto : 1;
-	uint64_t aes_key_len : 2;
-};
-
-struct roc_onf_ipsec_outb_sa {
-	/* w0 */
-	struct roc_ie_onf_sa_ctl ctl;
-
-	/* w1 */
-	uint8_t nonce[4];
-	uint16_t udp_src;
-	uint16_t udp_dst;
-
-	/* w2 */
-	uint32_t ip_src;
-	uint32_t ip_dst;
-
-	/* w3-w6 */
-	uint8_t cipher_key[32];
-
-	/* w7-w12 */
-	uint8_t hmac_key[48];
-};
-
-struct roc_onf_ipsec_inb_sa {
-	/* w0 */
-	struct roc_ie_onf_sa_ctl ctl;
-
-	/* w1 */
-	uint8_t nonce[4]; /* Only for AES-GCM */
-	uint32_t unused;
-
-	/* w2 */
-	uint32_t esn_hi;
-	uint32_t esn_low;
-
-	/* w3-w6 */
-	uint8_t cipher_key[32];
-
-	/* w7-w12 */
-	uint8_t hmac_key[48];
-};
-
 #define ROC_ONF_IPSEC_INB_MAX_L2_SZ	  32UL
 #define ROC_ONF_IPSEC_OUTB_MAX_L2_SZ	  30UL
 #define ROC_ONF_IPSEC_OUTB_MAX_L2_INFO_SZ (ROC_ONF_IPSEC_OUTB_MAX_L2_SZ + 2)

drivers/common/cnxk/roc_nix_inl.h

@@ -4,24 +4,6 @@
 #ifndef _ROC_NIX_INL_H_
 #define _ROC_NIX_INL_H_
 
-/* ONF INB HW area */
-#define ROC_NIX_INL_ONF_IPSEC_INB_HW_SZ                                        \
-	PLT_ALIGN(sizeof(struct roc_onf_ipsec_inb_sa), ROC_ALIGN)
-/* ONF INB SW reserved area */
-#define ROC_NIX_INL_ONF_IPSEC_INB_SW_RSVD 384
-#define ROC_NIX_INL_ONF_IPSEC_INB_SA_SZ                                        \
-	(ROC_NIX_INL_ONF_IPSEC_INB_HW_SZ + ROC_NIX_INL_ONF_IPSEC_INB_SW_RSVD)
-#define ROC_NIX_INL_ONF_IPSEC_INB_SA_SZ_LOG2 9
-
-/* ONF OUTB HW area */
-#define ROC_NIX_INL_ONF_IPSEC_OUTB_HW_SZ                                       \
-	PLT_ALIGN(sizeof(struct roc_onf_ipsec_outb_sa), ROC_ALIGN)
-/* ONF OUTB SW reserved area */
-#define ROC_NIX_INL_ONF_IPSEC_OUTB_SW_RSVD 128
-#define ROC_NIX_INL_ONF_IPSEC_OUTB_SA_SZ                                       \
-	(ROC_NIX_INL_ONF_IPSEC_OUTB_HW_SZ + ROC_NIX_INL_ONF_IPSEC_OUTB_SW_RSVD)
-#define ROC_NIX_INL_ONF_IPSEC_OUTB_SA_SZ_LOG2 8
-
 /* ON INB HW area */
 #define ROC_NIX_INL_ON_IPSEC_INB_HW_SZ                                         \
 	PLT_ALIGN(sizeof(struct roc_ie_on_inb_sa), ROC_ALIGN)
@@ -31,10 +13,10 @@
 	(ROC_NIX_INL_ON_IPSEC_INB_HW_SZ + ROC_NIX_INL_ON_IPSEC_INB_SW_RSVD)
 #define ROC_NIX_INL_ON_IPSEC_INB_SA_SZ_LOG2 10
 
-/* ONF OUTB HW area */
+/* ON OUTB HW area */
 #define ROC_NIX_INL_ON_IPSEC_OUTB_HW_SZ                                        \
 	PLT_ALIGN(sizeof(struct roc_ie_on_outb_sa), ROC_ALIGN)
-/* ONF OUTB SW reserved area */
+/* ON OUTB SW reserved area */
 #define ROC_NIX_INL_ON_IPSEC_OUTB_SW_RSVD 256
 #define ROC_NIX_INL_ON_IPSEC_OUTB_SA_SZ                                        \
 	(ROC_NIX_INL_ON_IPSEC_OUTB_HW_SZ + ROC_NIX_INL_ON_IPSEC_OUTB_SW_RSVD)
@@ -107,34 +89,6 @@ roc_nix_inl_on_ipsec_outb_sa_sw_rsvd(void *sa)
 	return PLT_PTR_ADD(sa, ROC_NIX_INL_ON_IPSEC_OUTB_HW_SZ);
 }
 
-static inline struct roc_onf_ipsec_inb_sa *
-roc_nix_inl_onf_ipsec_inb_sa(uintptr_t base, uint64_t idx)
-{
-	uint64_t off = idx << ROC_NIX_INL_ONF_IPSEC_INB_SA_SZ_LOG2;
-
-	return PLT_PTR_ADD(base, off);
-}
-
-static inline struct roc_onf_ipsec_outb_sa *
-roc_nix_inl_onf_ipsec_outb_sa(uintptr_t base, uint64_t idx)
-{
-	uint64_t off = idx << ROC_NIX_INL_ONF_IPSEC_OUTB_SA_SZ_LOG2;
-
-	return PLT_PTR_ADD(base, off);
-}
-
-static inline void *
-roc_nix_inl_onf_ipsec_inb_sa_sw_rsvd(void *sa)
-{
-	return PLT_PTR_ADD(sa, ROC_NIX_INL_ONF_IPSEC_INB_HW_SZ);
-}
-
-static inline void *
-roc_nix_inl_onf_ipsec_outb_sa_sw_rsvd(void *sa)
-{
-	return PLT_PTR_ADD(sa, ROC_NIX_INL_ONF_IPSEC_OUTB_HW_SZ);
-}
-
 static inline struct roc_ot_ipsec_inb_sa *
 roc_nix_inl_ot_ipsec_inb_sa(uintptr_t base, uint64_t idx)
 {