Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/76403/?format=api
http://patches.dpdk.org/api/patches/76403/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20200903111836.6864-2-adwivedi@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20200903111836.6864-2-adwivedi@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20200903111836.6864-2-adwivedi@marvell.com", "date": "2020-09-03T11:18:35", "name": "[1/2] net/octeontx2: add anti replay support in security session", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "ebbd6d1310e602552882aeb6e1adcb3d49695cf6", "submitter": { "id": 1561, "url": "http://patches.dpdk.org/api/people/1561/?format=api", "name": "Ankur Dwivedi", "email": "adwivedi@marvell.com" }, "delegate": { "id": 310, "url": "http://patches.dpdk.org/api/users/310/?format=api", "username": "jerin", "first_name": "Jerin", "last_name": "Jacob", "email": "jerinj@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20200903111836.6864-2-adwivedi@marvell.com/mbox/", "series": [ { "id": 11925, "url": "http://patches.dpdk.org/api/series/11925/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=11925", "date": "2020-09-03T11:18:34", "name": "add anti replay support in OCTEON TX2 security", "version": 1, "mbox": "http://patches.dpdk.org/series/11925/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/76403/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/76403/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id CA398A04C5;\n\tThu, 3 Sep 2020 13:20:06 +0200 (CEST)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 3CF511C0B7;\n\tThu, 3 Sep 2020 13:20:06 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id EE8221C0B6\n for <dev@dpdk.org>; Thu, 3 Sep 2020 13:20:04 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 083BFa5S006631; Thu, 3 Sep 2020 04:20:04 -0700", "from sc-exch03.marvell.com ([199.233.58.183])\n by mx0b-0016f401.pphosted.com with ESMTP id 337phqb5fk-3\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 03 Sep 2020 04:20:04 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com\n (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Thu, 3 Sep 2020 04:20:02 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Thu, 3 Sep 2020 04:20:03 -0700", "from hyd1349.t110.caveonetworks.com (unknown [10.29.45.13])\n by maili.marvell.com (Postfix) with ESMTP id 37BFF3F7043;\n Thu, 3 Sep 2020 04:20:00 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=bYQdmYxGsH7Z3LeXrasHxi5rApbXLPvqTAjrR/3qKzU=;\n b=VIpt166hvfLF2zLb+zz3fqzACy7guO6YdidnDlt8uLyonZ/N+JF2yymxoqFyafSnwwuC\n vrv3gkexjLKZ/PIai6VJt3jy6NXPBh3ZDg+oOGAoAc6u+rfmy61T7a/QrdQS751jI9yN\n qQX81GzeYbwNZ6ekLllQpoyD7r/dBsBthybHmSaluotv7reMTlwQSMGITRbIqhHx2KRP\n VcZdPrMELZD/E3wf00XXEuw7d+w8sP6+C5p5++ziyXsGcFWbPn9sCSrMlSSz7/KJJjio\n watwmfaxKpKNhhdufe3CeZ9Fr1JjflEwxvWC76h2o++mm3vjsOxe/tuL2LrV8ZBBwaHR sQ==", "From": "Ankur Dwivedi <adwivedi@marvell.com>", "To": "<dev@dpdk.org>", "CC": "<akhil.goyal@nxp.com>, <radu.nicolau@intel.com>, <anoobj@marvell.com>,\n Ankur Dwivedi <adwivedi@marvell.com>", "Date": "Thu, 3 Sep 2020 16:48:35 +0530", "Message-ID": "<20200903111836.6864-2-adwivedi@marvell.com>", "X-Mailer": "git-send-email 2.28.0", "In-Reply-To": "<20200903111836.6864-1-adwivedi@marvell.com>", "References": "<20200903111836.6864-1-adwivedi@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687\n definitions=2020-09-03_05:2020-09-03,\n 2020-09-03 signatures=0", "Subject": "[dpdk-dev] [PATCH 1/2] net/octeontx2: add anti replay support in\n\tsecurity session", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Initialize the inbound session for anti replay. The replay\nwindow is allocated during session create and freed in session destroy.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\n---\n drivers/crypto/octeontx2/otx2_ipsec_fp.h | 29 ++++++++++++++--\n drivers/crypto/octeontx2/otx2_security.h | 3 ++\n drivers/net/octeontx2/otx2_ethdev_sec.c | 42 ++++++++++++++++++++++++\n 3 files changed, 71 insertions(+), 3 deletions(-)", "diff": "diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\nindex 52b3b41e2..a33041d77 100644\n--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n@@ -8,6 +8,17 @@\n #include <rte_crypto_sym.h>\n #include <rte_security.h>\n \n+/* Macros for anti replay and ESN */\n+#define OTX2_IPSEC_MAX_REPLAY_WIN_SZ\t1024\n+#define OTX2_IPSEC_SAINDEX_SZ\t\t4\n+#define OTX2_IPSEC_SEQNO_LO\t\t4\n+\n+#define OTX2_IPSEC_SEQNO_LO_INDEX\t(RTE_ETHER_HDR_LEN + \\\n+\t\t\t\t\t OTX2_IPSEC_SAINDEX_SZ)\n+\n+#define OTX2_IPSEC_SEQNO_HI_INDEX\t(OTX2_IPSEC_SEQNO_LO_INDEX + \\\n+\t\t\t\t\t OTX2_IPSEC_SEQNO_LO)\n+\n enum {\n \tOTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,\n \tOTX2_IPSEC_FP_SA_DIRECTION_OUTBOUND = 1,\n@@ -105,6 +116,14 @@ struct otx2_ipsec_fp_out_sa {\n \tuint8_t hmac_key[48];\n };\n \n+struct otx2_ipsec_replay {\n+\trte_spinlock_t lock;\n+\tuint32_t winb;\n+\tuint32_t wint;\n+\tuint64_t base; /**< base of the anti-replay window */\n+\tuint64_t window[17]; /**< anti-replay window */\n+};\n+\n struct otx2_ipsec_fp_in_sa {\n \t/* w0 */\n \tstruct otx2_ipsec_fp_sa_ctl ctl;\n@@ -114,8 +133,8 @@ struct otx2_ipsec_fp_in_sa {\n \tuint32_t unused;\n \n \t/* w2 */\n-\tuint32_t esn_low;\n \tuint32_t esn_hi;\n+\tuint32_t esn_low;\n \n \t/* w3-w6 */\n \tuint8_t cipher_key[32];\n@@ -128,9 +147,13 @@ struct otx2_ipsec_fp_in_sa {\n \t\tvoid *userdata;\n \t\tuint64_t udata64;\n \t};\n+\tunion {\n+\t\tstruct otx2_ipsec_replay *replay;\n+\t\tuint64_t replay64;\n+\t};\n+\tuint32_t replay_win_sz;\n \n-\tuint64_t reserved1;\n-\tuint64_t reserved2;\n+\tuint32_t reserved1;\n };\n \n static inline int\ndiff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h\nindex 086b50604..33d3b1515 100644\n--- a/drivers/crypto/octeontx2/otx2_security.h\n+++ b/drivers/crypto/octeontx2/otx2_security.h\n@@ -5,6 +5,8 @@\n #ifndef __OTX2_SECURITY_H__\n #define __OTX2_SECURITY_H__\n \n+#include <rte_security.h>\n+\n #include \"otx2_cryptodev_sec.h\"\n #include \"otx2_ethdev_sec.h\"\n \n@@ -20,6 +22,7 @@\n union otx2_sec_session_ipsec {\n \tstruct otx2_sec_session_ipsec_ip ip;\n \tstruct otx2_sec_session_ipsec_lp lp;\n+\tenum rte_security_ipsec_sa_direction dir;\n };\n \n struct otx2_sec_session {\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c\nindex a155594e2..af91e30f4 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c\n@@ -360,6 +360,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \tstruct otx2_cpt_qp *qp;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n+\tpriv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;\n \tsess = &priv->ipsec.ip;\n \n \tsa = &sess->out_sa;\n@@ -482,6 +483,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \tctl = &sa->ctl;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n+\tpriv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n \tsess = &priv->ipsec.ip;\n \n \tif (ctl->valid) {\n@@ -519,6 +521,8 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \n \tsa->userdata = priv->userdata;\n \n+\tsa->replay_win_sz = ipsec->replay_win_sz;\n+\n \tif (lookup_mem_sa_index_update(eth_dev, ipsec->spi, sa))\n \t\treturn -EINVAL;\n \n@@ -533,7 +537,32 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \t\t\treturn ret;\n \t\tret = hmac_init(ctl, qp, auth_key, auth_key_len, sa->hmac_key);\n \t\totx2_sec_idev_tx_cpt_qp_put(qp);\n+\t\tif (ret)\n+\t\t\treturn ret;\n \t}\n+\n+\tif (sa->replay_win_sz) {\n+\t\tif (sa->replay_win_sz > OTX2_IPSEC_MAX_REPLAY_WIN_SZ) {\n+\t\t\totx2_err(\"Replay window size is not supported\");\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\tsa->replay = rte_zmalloc(NULL, sizeof(struct otx2_ipsec_replay),\n+\t\t\t\t0);\n+\t\tif (sa->replay == NULL)\n+\t\t\treturn -ENOMEM;\n+\n+\t\trte_spinlock_init(&sa->replay->lock);\n+\t\t/*\n+\t\t * Set window bottom to 1, base and top to size of\n+\t\t * window\n+\t\t */\n+\t\tsa->replay->winb = 1;\n+\t\tsa->replay->wint = sa->replay_win_sz;\n+\t\tsa->replay->base = sa->replay_win_sz;\n+\t\tsa->esn_low = 0;\n+\t\tsa->esn_hi = 0;\n+\t}\n+\n \treturn ret;\n }\n \n@@ -600,6 +629,15 @@ otx2_eth_sec_session_create(void *device,\n \treturn ret;\n }\n \n+static void\n+otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)\n+{\n+\tif (sa != NULL) {\n+\t\tif (sa->replay_win_sz && sa->replay)\n+\t\t\trte_free(sa->replay);\n+\t}\n+}\n+\n static int\n otx2_eth_sec_session_destroy(void *device __rte_unused,\n \t\t\t struct rte_security_session *sess)\n@@ -615,6 +653,10 @@ otx2_eth_sec_session_destroy(void *device __rte_unused,\n \n \tsess_ip = &priv->ipsec.ip;\n \n+\t/* Release the anti replay window */\n+\tif (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\totx2_eth_sec_free_anti_replay(sess_ip->in_sa);\n+\n \t/* Release CPT LF used for this session */\n \tif (sess_ip->qp != NULL) {\n \t\tret = otx2_sec_idev_tx_cpt_qp_put(sess_ip->qp);\n", "prefixes": [ "1/2" ] }{ "id": 76403, "url": "