Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 76403,
    "url": "http://patches.dpdk.org/api/patches/76403/?format=api",
    "web_url": "http://patches.dpdk.org/project/dpdk/patch/20200903111836.6864-2-adwivedi@marvell.com/",
    "project": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20200903111836.6864-2-adwivedi@marvell.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20200903111836.6864-2-adwivedi@marvell.com",
    "date": "2020-09-03T11:18:35",
    "name": "[1/2] net/octeontx2: add anti replay support in security session",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "ebbd6d1310e602552882aeb6e1adcb3d49695cf6",
    "submitter": {
        "id": 1561,
        "url": "http://patches.dpdk.org/api/people/1561/?format=api",
        "name": "Ankur Dwivedi",
        "email": "adwivedi@marvell.com"
    },
    "delegate": {
        "id": 310,
        "url": "http://patches.dpdk.org/api/users/310/?format=api",
        "username": "jerin",
        "first_name": "Jerin",
        "last_name": "Jacob",
        "email": "jerinj@marvell.com"
    },
    "mbox": "http://patches.dpdk.org/project/dpdk/patch/20200903111836.6864-2-adwivedi@marvell.com/mbox/",
    "series": [
        {
            "id": 11925,
            "url": "http://patches.dpdk.org/api/series/11925/?format=api",
            "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=11925",
            "date": "2020-09-03T11:18:34",
            "name": "add anti replay support in OCTEON TX2 security",
            "version": 1,
            "mbox": "http://patches.dpdk.org/series/11925/mbox/"
        }
    ],
    "comments": "http://patches.dpdk.org/api/patches/76403/comments/",
    "check": "success",
    "checks": "http://patches.dpdk.org/api/patches/76403/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id CA398A04C5;\n\tThu,  3 Sep 2020 13:20:06 +0200 (CEST)",
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 3CF511C0B7;\n\tThu,  3 Sep 2020 13:20:06 +0200 (CEST)",
            "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id EE8221C0B6\n for <dev@dpdk.org>; Thu,  3 Sep 2020 13:20:04 +0200 (CEST)",
            "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 083BFa5S006631; Thu, 3 Sep 2020 04:20:04 -0700",
            "from sc-exch03.marvell.com ([199.233.58.183])\n by mx0b-0016f401.pphosted.com with ESMTP id 337phqb5fk-3\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 03 Sep 2020 04:20:04 -0700",
            "from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com\n (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Thu, 3 Sep 2020 04:20:02 -0700",
            "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Thu, 3 Sep 2020 04:20:03 -0700",
            "from hyd1349.t110.caveonetworks.com (unknown [10.29.45.13])\n by maili.marvell.com (Postfix) with ESMTP id 37BFF3F7043;\n Thu,  3 Sep 2020 04:20:00 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=bYQdmYxGsH7Z3LeXrasHxi5rApbXLPvqTAjrR/3qKzU=;\n b=VIpt166hvfLF2zLb+zz3fqzACy7guO6YdidnDlt8uLyonZ/N+JF2yymxoqFyafSnwwuC\n vrv3gkexjLKZ/PIai6VJt3jy6NXPBh3ZDg+oOGAoAc6u+rfmy61T7a/QrdQS751jI9yN\n qQX81GzeYbwNZ6ekLllQpoyD7r/dBsBthybHmSaluotv7reMTlwQSMGITRbIqhHx2KRP\n VcZdPrMELZD/E3wf00XXEuw7d+w8sP6+C5p5++ziyXsGcFWbPn9sCSrMlSSz7/KJJjio\n watwmfaxKpKNhhdufe3CeZ9Fr1JjflEwxvWC76h2o++mm3vjsOxe/tuL2LrV8ZBBwaHR sQ==",
        "From": "Ankur Dwivedi <adwivedi@marvell.com>",
        "To": "<dev@dpdk.org>",
        "CC": "<akhil.goyal@nxp.com>, <radu.nicolau@intel.com>, <anoobj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>",
        "Date": "Thu, 3 Sep 2020 16:48:35 +0530",
        "Message-ID": "<20200903111836.6864-2-adwivedi@marvell.com>",
        "X-Mailer": "git-send-email 2.28.0",
        "In-Reply-To": "<20200903111836.6864-1-adwivedi@marvell.com>",
        "References": "<20200903111836.6864-1-adwivedi@marvell.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Content-Type": "text/plain",
        "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687\n definitions=2020-09-03_05:2020-09-03,\n 2020-09-03 signatures=0",
        "Subject": "[dpdk-dev] [PATCH 1/2] net/octeontx2: add anti replay support in\n\tsecurity session",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "Initialize the inbound session for anti replay. The replay\nwindow is allocated during session create and freed in session destroy.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\n---\n drivers/crypto/octeontx2/otx2_ipsec_fp.h | 29 ++++++++++++++--\n drivers/crypto/octeontx2/otx2_security.h |  3 ++\n drivers/net/octeontx2/otx2_ethdev_sec.c  | 42 ++++++++++++++++++++++++\n 3 files changed, 71 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\nindex 52b3b41e2..a33041d77 100644\n--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n@@ -8,6 +8,17 @@\n #include <rte_crypto_sym.h>\n #include <rte_security.h>\n \n+/* Macros for anti replay and ESN */\n+#define OTX2_IPSEC_MAX_REPLAY_WIN_SZ\t1024\n+#define OTX2_IPSEC_SAINDEX_SZ\t\t4\n+#define OTX2_IPSEC_SEQNO_LO\t\t4\n+\n+#define OTX2_IPSEC_SEQNO_LO_INDEX\t(RTE_ETHER_HDR_LEN + \\\n+\t\t\t\t\t OTX2_IPSEC_SAINDEX_SZ)\n+\n+#define OTX2_IPSEC_SEQNO_HI_INDEX\t(OTX2_IPSEC_SEQNO_LO_INDEX + \\\n+\t\t\t\t\t OTX2_IPSEC_SEQNO_LO)\n+\n enum {\n \tOTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,\n \tOTX2_IPSEC_FP_SA_DIRECTION_OUTBOUND = 1,\n@@ -105,6 +116,14 @@ struct otx2_ipsec_fp_out_sa {\n \tuint8_t hmac_key[48];\n };\n \n+struct otx2_ipsec_replay {\n+\trte_spinlock_t lock;\n+\tuint32_t winb;\n+\tuint32_t wint;\n+\tuint64_t base; /**< base of the anti-replay window */\n+\tuint64_t window[17]; /**< anti-replay window */\n+};\n+\n struct otx2_ipsec_fp_in_sa {\n \t/* w0 */\n \tstruct otx2_ipsec_fp_sa_ctl ctl;\n@@ -114,8 +133,8 @@ struct otx2_ipsec_fp_in_sa {\n \tuint32_t unused;\n \n \t/* w2 */\n-\tuint32_t esn_low;\n \tuint32_t esn_hi;\n+\tuint32_t esn_low;\n \n \t/* w3-w6 */\n \tuint8_t cipher_key[32];\n@@ -128,9 +147,13 @@ struct otx2_ipsec_fp_in_sa {\n \t\tvoid *userdata;\n \t\tuint64_t udata64;\n \t};\n+\tunion {\n+\t\tstruct otx2_ipsec_replay *replay;\n+\t\tuint64_t replay64;\n+\t};\n+\tuint32_t replay_win_sz;\n \n-\tuint64_t reserved1;\n-\tuint64_t reserved2;\n+\tuint32_t reserved1;\n };\n \n static inline int\ndiff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h\nindex 086b50604..33d3b1515 100644\n--- a/drivers/crypto/octeontx2/otx2_security.h\n+++ b/drivers/crypto/octeontx2/otx2_security.h\n@@ -5,6 +5,8 @@\n #ifndef __OTX2_SECURITY_H__\n #define __OTX2_SECURITY_H__\n \n+#include <rte_security.h>\n+\n #include \"otx2_cryptodev_sec.h\"\n #include \"otx2_ethdev_sec.h\"\n \n@@ -20,6 +22,7 @@\n union otx2_sec_session_ipsec {\n \tstruct otx2_sec_session_ipsec_ip ip;\n \tstruct otx2_sec_session_ipsec_lp lp;\n+\tenum rte_security_ipsec_sa_direction dir;\n };\n \n struct otx2_sec_session {\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c\nindex a155594e2..af91e30f4 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c\n@@ -360,6 +360,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \tstruct otx2_cpt_qp *qp;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n+\tpriv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;\n \tsess = &priv->ipsec.ip;\n \n \tsa = &sess->out_sa;\n@@ -482,6 +483,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \tctl = &sa->ctl;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n+\tpriv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n \tsess = &priv->ipsec.ip;\n \n \tif (ctl->valid) {\n@@ -519,6 +521,8 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \n \tsa->userdata = priv->userdata;\n \n+\tsa->replay_win_sz = ipsec->replay_win_sz;\n+\n \tif (lookup_mem_sa_index_update(eth_dev, ipsec->spi, sa))\n \t\treturn -EINVAL;\n \n@@ -533,7 +537,32 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \t\t\treturn ret;\n \t\tret = hmac_init(ctl, qp, auth_key, auth_key_len, sa->hmac_key);\n \t\totx2_sec_idev_tx_cpt_qp_put(qp);\n+\t\tif (ret)\n+\t\t\treturn ret;\n \t}\n+\n+\tif (sa->replay_win_sz) {\n+\t\tif (sa->replay_win_sz > OTX2_IPSEC_MAX_REPLAY_WIN_SZ) {\n+\t\t\totx2_err(\"Replay window size is not supported\");\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\tsa->replay = rte_zmalloc(NULL, sizeof(struct otx2_ipsec_replay),\n+\t\t\t\t0);\n+\t\tif (sa->replay == NULL)\n+\t\t\treturn -ENOMEM;\n+\n+\t\trte_spinlock_init(&sa->replay->lock);\n+\t\t/*\n+\t\t * Set window bottom to 1, base and top to size of\n+\t\t * window\n+\t\t */\n+\t\tsa->replay->winb = 1;\n+\t\tsa->replay->wint = sa->replay_win_sz;\n+\t\tsa->replay->base = sa->replay_win_sz;\n+\t\tsa->esn_low = 0;\n+\t\tsa->esn_hi = 0;\n+\t}\n+\n \treturn ret;\n }\n \n@@ -600,6 +629,15 @@ otx2_eth_sec_session_create(void *device,\n \treturn ret;\n }\n \n+static void\n+otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)\n+{\n+\tif (sa != NULL) {\n+\t\tif (sa->replay_win_sz && sa->replay)\n+\t\t\trte_free(sa->replay);\n+\t}\n+}\n+\n static int\n otx2_eth_sec_session_destroy(void *device __rte_unused,\n \t\t\t     struct rte_security_session *sess)\n@@ -615,6 +653,10 @@ otx2_eth_sec_session_destroy(void *device __rte_unused,\n \n \tsess_ip = &priv->ipsec.ip;\n \n+\t/* Release the anti replay window */\n+\tif (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\totx2_eth_sec_free_anti_replay(sess_ip->in_sa);\n+\n \t/* Release CPT LF used for this session */\n \tif (sess_ip->qp != NULL) {\n \t\tret = otx2_sec_idev_tx_cpt_qp_put(sess_ip->qp);\n",
    "prefixes": [
        "1/2"
    ]
}