From patchwork Tue Jun 23 12:12:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72025 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 45F14A0350; Tue, 23 Jun 2020 13:19:08 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1E94A1D630; Tue, 23 Jun 2020 13:19:08 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 700331D610 for ; Tue, 23 Jun 2020 13:19:06 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBFwJD030186; Tue, 23 Jun 2020 04:19:05 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=l2hN9VLYN7y2IbvJ+dH9Wuz7B6bpxs+nsst322yB7YY=; b=Y9Epir0dK4qebL3O/F4Lb7TMMRO2zlX3dwaK2N4j5c9jgisMO0WR+EXv2J/FvYbNTAhN kockaV802NoaBJhtcChAvJ/RA/bwxIMbxBxe8FVfZwCdOkpZefAhAJs7bPKfK6a4zNFD +y90XEs7Sfk+PoUbHwcuNFPSxDpRES9GqKJe8hddgEbkhgD9rNjZlp6VQ9E289WoOyDJ vshmPD1e/kniDkKRjlAy/yN8BwGBXvOQEhbQr8taI2Bxpm+No6ere9iu2OjyFj4ZUJ+O yMldF6XD7rJ+yjOrHn0/bulp00LeP7PjyUq8UN0Byydc627K/ZtWzaY4FjRDTujYFwTu Yw== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 31shynvyye-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:05 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:02 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 2596C3F703F; Tue, 23 Jun 2020 04:18:59 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Tue, 23 Jun 2020 17:42:21 +0530 Message-ID: <20200623121228.10355-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 1/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch moves otx2_sec_session structure to otx2_security.h to make it common for inline and lookaside protocol Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_security.h | 21 +++++++++++++++++++++ drivers/net/octeontx2/otx2_ethdev_sec.c | 1 + drivers/net/octeontx2/otx2_ethdev_sec.h | 10 ---------- drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 1 + 4 files changed, 23 insertions(+), 10 deletions(-) create mode 100644 drivers/crypto/octeontx2/otx2_security.h diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h new file mode 100644 index 0000000000..275d69b6a5 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2020 Marvell International Ltd. + */ + +#ifndef __OTX2_SECURITY_H__ +#define __OTX2_SECURITY_H__ + +#include "otx2_ethdev_sec.h" +#include "otx2_ipsec_fp.h" + +union otx2_sec_session_ipsec { + struct otx2_sec_session_ipsec_ip ip; +}; + +struct otx2_sec_session { + union otx2_sec_session_ipsec ipsec; + void *userdata; + /**< Userdata registered by the application */ +} __rte_cache_aligned; + +#endif /* __OTX2_SECURITY_H__ */ diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index 5f6140f70b..c2ad32cf0c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -19,6 +19,7 @@ #include "otx2_ethdev_sec.h" #include "otx2_ipsec_fp.h" #include "otx2_sec_idev.h" +#include "otx2_security.h" #define AH_HDR_LEN 12 #define AES_GCM_IV_LEN 8 diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h index e24358a05a..22025d0d0c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec.h @@ -116,16 +116,6 @@ struct otx2_sec_session_ipsec_ip { struct otx2_cpt_qp *qp; }; -struct otx2_sec_session_ipsec { - struct otx2_sec_session_ipsec_ip ip; -}; - -struct otx2_sec_session { - struct otx2_sec_session_ipsec ipsec; - void *userdata; - /**< Userdata registered by the application */ -} __rte_cache_aligned; - int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev); void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev); diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h index 2e35a8c773..f8130ca624 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h @@ -9,6 +9,7 @@ #include #include "otx2_ethdev_sec.h" +#include "otx2_security.h" struct otx2_ipsec_fp_out_hdr { uint32_t ip_id; From patchwork Tue Jun 23 12:12:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72026 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4DEAEA0350; Tue, 23 Jun 2020 13:19:15 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 97DC41D63C; Tue, 23 Jun 2020 13:19:10 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 3BD321D634 for ; Tue, 23 Jun 2020 13:19:09 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBFxrj030220; Tue, 23 Jun 2020 04:19:08 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=YyDGM9wSYaNqu19e59Oo5nmMKEufLNfw+gwfeMLWftA=; b=YeOkpPWHthBg6ZDxaQxPIjW5do2BKd/LC4lrFSg7Oi3c9fiS4siUMsLv+6V59v9cx75f yeW5yTArHPggly9bXJ/HNst8i109QxwigwXIvNQrfoWtC+ux71PzaPgXKtxnDkqrtTHQ D4JK5P70l/v/w2vD2iZlH4vjOoQ9lCP3aO/bEN1q/ue5pCmyWswx9U8XvncySRX6m+L2 I4jlylihSaNccuoqEWfbefVzDnT3CdprZPkpxqWwZbcNZGLIQQmXwZmxsd2qbs0xgwwz MOXl6ft25qjY3i4bZuTqrHPV2jbC6DvhmnMrQSYbzAesS1+/t34L1F7oAh8F0/2ZFLyQ Vw== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0b-0016f401.pphosted.com with ESMTP id 31shynw00m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:08 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:06 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 7703C3F703F; Tue, 23 Jun 2020 04:19:04 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Tue, 23 Jun 2020 17:42:22 +0530 Message-ID: <20200623121228.10355-3-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 2/8] crypto/octeontx2: add lookaside SA context definitions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 52 ++++++++ drivers/crypto/octeontx2/otx2_ipsec_po.h | 119 ++++++++++++++++++ drivers/crypto/octeontx2/otx2_security.h | 2 + drivers/net/octeontx2/otx2_ethdev_sec.h | 1 + 4 files changed, 174 insertions(+) create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h new file mode 100644 index 0000000000..af62207d07 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h @@ -0,0 +1,52 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2020 Marvell International Ltd. + */ + +#ifndef __OTX2_CRYPTODEV_SEC_H__ +#define __OTX2_CRYPTODEV_SEC_H__ + +#include "otx2_ipsec_po.h" + +struct otx2_sec_session_ipsec_lp { + RTE_STD_C11 + union { + /* Inbound SA */ + struct otx2_ipsec_po_in_sa in_sa; + /* Outbound SA */ + struct otx2_ipsec_po_out_sa out_sa; + }; + + uint64_t ucmd_w3; + uint16_t ucmd_opcode; + uint16_t ucmd_param1; + uint16_t ucmd_param2; + + uint8_t partial_len; + uint8_t roundup_len; + uint8_t roundup_byte; + uint16_t ip_id; + union { + uint64_t esn; + struct { + uint32_t seq_lo; + uint32_t seq_hi; + }; + }; + + /** Context length in 8-byte words */ + size_t ctx_len; + /** Auth IV offset in bytes */ + uint16_t auth_iv_offset; + /** IV offset in bytes */ + uint16_t iv_offset; + /** AAD length */ + uint16_t aad_length; + /** MAC len in bytes */ + uint8_t mac_len; + /** IV length in bytes */ + uint8_t iv_length; + /** Auth IV length in bytes */ + uint8_t auth_iv_length; +}; + +#endif /* __OTX2_CRYPTODEV_SEC_H__ */ diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h new file mode 100644 index 0000000000..602b9d10e2 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -0,0 +1,119 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2020 Marvell International Ltd. + */ + +#ifndef __OTX2_IPSEC_PO_H__ +#define __OTX2_IPSEC_PO_H__ + +#include +#include +#include + +union bit_perfect_iv { + uint8_t aes_iv[16]; + uint8_t des_iv[8]; + struct { + uint8_t nonce[4]; + uint8_t iv[8]; + uint8_t counter[4]; + } misc; /* For GCM/GMAC/CTR/CCM */ +}; + +struct ip_selector { + uint8_t src_port[4]; + uint8_t dest_port[4]; + RTE_STD_C11 + union { + struct { + uint8_t src_addr[8]; + uint8_t dest_addr[8]; + } ipv4; + struct { + uint8_t src_addr[32]; + uint8_t dest_addr[32]; + } ipv6; + }; +}; + +struct otx2_ipsec_po_sa_ctl { + rte_be32_t spi : 32; + uint64_t exp_proto_inter_frag : 8; + uint64_t rsvd_42_40 : 3; + uint64_t esn_en : 1; + uint64_t rsvd_45_44 : 2; + uint64_t encap_type : 2; + uint64_t enc_type : 3; + uint64_t rsvd_48 : 1; + uint64_t auth_type : 4; + uint64_t valid : 1; + uint64_t direction : 1; + uint64_t outer_ip_ver : 1; + uint64_t inner_ip_ver : 1; + uint64_t ipsec_mode : 1; + uint64_t ipsec_proto : 1; + uint64_t aes_key_len : 2; +}; + +struct otx2_ipsec_po_in_sa { + /* w0 */ + struct otx2_ipsec_po_sa_ctl ctl; + + /* w1-w4 */ + uint8_t cipher_key[32]; + + /* w5-w6 */ + union bit_perfect_iv iv; + + /* w7 */ + uint32_t esn_hi; + uint32_t esn_low; + + /* w8 */ + uint8_t udp_encap[8]; + + /* w9-w23 */ + RTE_STD_C11 + struct { + uint8_t hmac_key[48]; + struct ip_selector sel_checks; + } aes_gcm; +}; + +struct ip_template { + union { + RTE_STD_C11 + uint8_t raw[252]; + struct { + struct rte_ipv4_hdr hdr; + uint8_t unused[40]; + } ipv4; + + struct { + struct rte_ipv6_hdr hdr; + uint8_t unused[208]; + } ipv6; + }; +}; + +struct otx2_ipsec_po_out_sa { + /* w0 */ + struct otx2_ipsec_po_sa_ctl ctl; + + /* w1-w4 */ + uint8_t cipher_key[32]; + + /* w5-w6 */ + union bit_perfect_iv iv; + + /* w7 */ + uint32_t esn_hi; + uint32_t esn_low; + + /* w8-w39 */ + RTE_STD_C11 + struct ip_template templt; + uint16_t udp_src; + uint16_t udp_dst; +}; + +#endif /* __OTX2_IPSEC_PO_H__ */ diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h index 275d69b6a5..e76cd843c7 100644 --- a/drivers/crypto/octeontx2/otx2_security.h +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -5,11 +5,13 @@ #ifndef __OTX2_SECURITY_H__ #define __OTX2_SECURITY_H__ +#include "otx2_cryptodev_sec.h" #include "otx2_ethdev_sec.h" #include "otx2_ipsec_fp.h" union otx2_sec_session_ipsec { struct otx2_sec_session_ipsec_ip ip; + struct otx2_sec_session_ipsec_lp lp; }; struct otx2_sec_session { diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h index 22025d0d0c..298b00bf89 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec.h @@ -8,6 +8,7 @@ #include #include "otx2_ipsec_fp.h" +#include "otx2_ipsec_po.h" #define OTX2_CPT_RES_ALIGN 16 #define OTX2_NIX_SEND_DESC_ALIGN 16 From patchwork Tue Jun 23 12:12:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72027 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A6D29A0350; Tue, 23 Jun 2020 13:19:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 624A31D62F; Tue, 23 Jun 2020 13:19:14 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 9BFBE1D649 for ; Tue, 23 Jun 2020 13:19:13 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBFwgS030173; Tue, 23 Jun 2020 04:19:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=xBJs5+234e4i1NGFuOORx/rLeJeToAl/lE1SWHXlyfw=; b=httNt6QsDvqpXVre3XydLRjQ4Z2FVMdRW+EtbKiFpOQmc4yW+dBAXtxI9xS29VmKI5ag XVHyjZBvUuCij20sApdBDYS9vf6Cx0QkhUduJbUVgmYJkYPKAqsF1tR3kw3z1GFp1Pbi 6lXu9MF7Vn9jfcPdnSq7q1s9LM/d+URW0mc/JmyGmpny9HH5y5Umcgxx5PEmkmekfFQK cb44VuKbG+OS3X/nBB0UDkqQCCn/uxwZXWQcfhslT+Kj9uaJgGUigfIzbXaLN2pH7xce 0gvnaJVg5a1sY/mbrTiRUQ8hNcIxsbjIQdzlymcjjHXXQ3VYxBgN4SNt2W9r/z909/WF Og== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 31shynw00v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:12 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:11 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:11 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 105F03F703F; Tue, 23 Jun 2020 04:19:08 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Tue, 23 Jun 2020 17:42:23 +0530 Message-ID: <20200623121228.10355-4-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 3/8] crypto/octeontx2: add cryptodev sec registration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/Makefile | 1 + drivers/crypto/octeontx2/meson.build | 3 +- drivers/crypto/octeontx2/otx2_cryptodev.c | 12 ++++- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 46 +++++++++++++++++++ drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 8 +++- 5 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.c diff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile index 5f9a6a0e3f..14152c6117 100644 --- a/drivers/crypto/octeontx2/Makefile +++ b/drivers/crypto/octeontx2/Makefile @@ -38,6 +38,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_capabilities.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_hw_access.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_mbox.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_ops.c +SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_sec.c # export include files SYMLINK-y-include += diff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build index a28c700b9f..2bea53c47b 100644 --- a/drivers/crypto/octeontx2/meson.build +++ b/drivers/crypto/octeontx2/meson.build @@ -16,7 +16,8 @@ sources = files('otx2_cryptodev.c', 'otx2_cryptodev_capabilities.c', 'otx2_cryptodev_hw_access.c', 'otx2_cryptodev_mbox.c', - 'otx2_cryptodev_ops.c') + 'otx2_cryptodev_ops.c', + 'otx2_cryptodev_sec.c') extra_flags = [] # This integrated controller runs only on a arm64 machine, remove 32bit warnings diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index 77aa315dc0..f11773f107 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -17,6 +17,7 @@ #include "otx2_cryptodev_capabilities.h" #include "otx2_cryptodev_mbox.h" #include "otx2_cryptodev_ops.h" +#include "otx2_cryptodev_sec.h" #include "otx2_dev.h" /* CPT common headers */ @@ -103,6 +104,11 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, goto otx2_dev_fini; } + /* Create security ctx */ + ret = otx2_crypto_sec_ctx_create(dev); + if (ret < 0) + goto otx2_dev_fini; + dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | @@ -112,7 +118,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS | + RTE_CRYPTODEV_FF_SECURITY; return 0; @@ -141,6 +148,9 @@ otx2_cpt_pci_remove(struct rte_pci_device *pci_dev) if (dev == NULL) return -ENODEV; + /* Destroy security ctx */ + otx2_crypto_sec_ctx_destroy(dev); + return rte_cryptodev_pmd_destroy(dev); } diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c new file mode 100644 index 0000000000..d937e6f37a --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -0,0 +1,46 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2020 Marvell International Ltd. + */ + +#include +#include +#include +#include + +#include "otx2_cryptodev_sec.h" + +static struct rte_security_ops otx2_crypto_sec_ops = { + .session_create = NULL, + .session_destroy = NULL, + .session_get_size = NULL, + .set_pkt_metadata = NULL, + .get_userdata = NULL, + .capabilities_get = NULL +}; + +int +otx2_crypto_sec_ctx_create(struct rte_cryptodev *cdev) +{ + struct rte_security_ctx *ctx; + + ctx = rte_malloc("otx2_cpt_dev_sec_ctx", + sizeof(struct rte_security_ctx), 0); + + if (ctx == NULL) + return -ENOMEM; + + /* Populate ctx */ + ctx->device = cdev; + ctx->ops = &otx2_crypto_sec_ops; + ctx->sess_cnt = 0; + + cdev->security_ctx = ctx; + + return 0; +} + +void +otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *cdev) +{ + rte_free(cdev->security_ctx); +} diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h index af62207d07..209baf35f4 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h @@ -5,6 +5,8 @@ #ifndef __OTX2_CRYPTODEV_SEC_H__ #define __OTX2_CRYPTODEV_SEC_H__ +#include + #include "otx2_ipsec_po.h" struct otx2_sec_session_ipsec_lp { @@ -49,4 +51,8 @@ struct otx2_sec_session_ipsec_lp { uint8_t auth_iv_length; }; -#endif /* __OTX2_CRYPTODEV_SEC_H__ */ +int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev); + +void otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev); + +#endif /* __OTX2_CRYPTODEEV_SEC_H__ */ From patchwork Tue Jun 23 12:12:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72028 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 22CC4A0350; Tue, 23 Jun 2020 13:19:34 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B0AB61D652; Tue, 23 Jun 2020 13:19:20 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id CC8E91D634 for ; Tue, 23 Jun 2020 13:19:19 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBJDEc001826; Tue, 23 Jun 2020 04:19:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=ybTIhEOHfXiAqFm+u0hSzta1NPNa/Rfv3sksYSWtHtA=; b=ZzZBiHQrIYsL0J4lfaWfGAXF/muRQT3J2TWKuMIGMHUE+iHRE65UWsAzIwMbOkcjpqjj JF0zHImK/mJ7nSq4BtuPsZP1zJwFfcDwqk4A1+gMqlqWHLZ+06jrzjmYekDMEfMAk8eE QTdaOJ+4d684+iiibEQFvp+u0o0XzsEVhiQbxXPVccs59F4TRT9Zes2i9S6ncgsstvL1 /dLuivTkuw9K0fCw2WJmJJKAnrvAG04KLTSjKQSa5plsh8oZuZo4myyT3YSOkts3UJaw fU+5xNE7MT9Ydm6f8SQ8OEGCj0nb1q9Pj5hCYxhfe7RfD7pXfCGk//8u1B0ZM03gInZh oQ== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 31shynw011-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:19 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:16 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:16 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 8C0473F7041; Tue, 23 Jun 2020 04:19:14 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Tue, 23 Jun 2020 17:42:24 +0530 Message-ID: <20200623121228.10355-5-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 4/8] crypto/octeontx2: add cryptodev sec capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- .../octeontx2/otx2_cryptodev_capabilities.c | 108 ++++++++++++++++++ .../octeontx2/otx2_cryptodev_capabilities.h | 3 + drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 4 +- 3 files changed, 114 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c index f6f4dee6cf..88bf1faef7 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c @@ -3,7 +3,9 @@ */ #include +#include +#include "otx2_cryptodev.h" #include "otx2_cryptodev_capabilities.h" #include "otx2_mbox.h" @@ -26,9 +28,18 @@ cpt_caps_add(caps_##name, RTE_DIM(caps_##name)); \ } while (0) +#define SEC_CAPS_ADD(hw_caps, name) do { \ + enum otx2_cpt_egrp egrp; \ + CPT_EGRP_GET(hw_caps, name, &egrp); \ + if (egrp < OTX2_CPT_EGRP_MAX) \ + sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\ +} while (0) + #define OTX2_CPT_MAX_CAPS 34 +#define OTX2_SEC_MAX_CAPS 4 static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS]; +static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS]; static const struct rte_cryptodev_capabilities caps_mul[] = { { /* RSA */ @@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +static const struct rte_cryptodev_capabilities sec_caps_aes[] = { + { /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 8, + .max = 12, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, +}; + +static const struct rte_security_capability +otx2_crypto_sec_capabilities[] = { + { /* IPsec Lookaside Protocol ESP Tunnel Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 } + }, + .crypto_capabilities = otx2_cpt_sec_caps, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { /* IPsec Lookaside Protocol ESP Tunnel Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 } + }, + .crypto_capabilities = otx2_cpt_sec_caps, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; + static void cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps) { @@ -754,3 +829,36 @@ otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps) return otx2_cpt_caps; } + +static void +sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps) +{ + static int cur_pos; + + if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS) + return; + + memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0])); + cur_pos += nb_caps; +} + +static const struct rte_cryptodev_capabilities * +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps) +{ + SEC_CAPS_ADD(hw_caps, aes); + + sec_caps_add(caps_end, RTE_DIM(caps_end)); + + return otx2_cpt_sec_caps; +} + +const struct rte_security_capability * +otx2_crypto_sec_capabilities_get(void *device) +{ + struct rte_cryptodev *dev = (struct rte_cryptodev *)device; + struct otx2_cpt_vf *vf = dev->data->dev_private; + + otx2_cpt_sec_caps_get(vf->hw_caps); + + return otx2_crypto_sec_capabilities; +} diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h index e07a2a8c92..b1ae0d2e54 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h @@ -23,4 +23,7 @@ enum otx2_cpt_egrp { const struct rte_cryptodev_capabilities * otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps); +const struct rte_security_capability * +otx2_crypto_sec_capabilities_get(void *device); + #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */ diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index d937e6f37a..906a87b9e5 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -7,6 +7,8 @@ #include #include +#include "otx2_cryptodev.h" +#include "otx2_cryptodev_capabilities.h" #include "otx2_cryptodev_sec.h" static struct rte_security_ops otx2_crypto_sec_ops = { @@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = { .session_get_size = NULL, .set_pkt_metadata = NULL, .get_userdata = NULL, - .capabilities_get = NULL + .capabilities_get = otx2_crypto_sec_capabilities_get }; int From patchwork Tue Jun 23 12:12:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72029 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D1E97A0350; Tue, 23 Jun 2020 13:19:45 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 15BF41D65D; Tue, 23 Jun 2020 13:19:25 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 145531D663 for ; Tue, 23 Jun 2020 13:19:22 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBErKl024268; Tue, 23 Jun 2020 04:19:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=YBgGwJmG4EXCRPiEdFB2NS5fiNjBdSL+jP+VqBSYVwQ=; b=OzW/2unWnNAN1T5UbK+E7TpSqwll7iIFqWEcCt7ZcSL2ltva3z/hrn3ORGwE0aJ3l6Fb TMWg4tLck55obRqP8doM4AirgUrGgZCbXbIzTMW8Zw5IOD8G88nmq/oa+EmlMOTFw8N9 Z9noA0uIjKWEHPviZYQGFP08j6W09/tQ/1D52uzKxvn+HHmAAh+qEmuAdG/4NTqZAXz1 kPTfZQhmLZqY6zQTh1JNVXEneZ07l6RLPxC4aeanYVSmX3Sp6x79ZBitQooqH+46vIkZ PcqLU0mypDeCiENaSogfawuODbH46csrWThuA9nKP2ltIATZElXUaf2Qofexk+8yRn9B dg== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0a-0016f401.pphosted.com with ESMTP id 31sftpnn2c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:22 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:21 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 0B3BA3F703F; Tue, 23 Jun 2020 04:19:18 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Tue, 23 Jun 2020 17:42:25 +0530 Message-ID: <20200623121228.10355-6-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 5/8] crypto/octeontx2: add cryptodev sec misc callbacks X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 906a87b9e5..6e14b37a68 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -10,13 +10,41 @@ #include "otx2_cryptodev.h" #include "otx2_cryptodev_capabilities.h" #include "otx2_cryptodev_sec.h" +#include "otx2_security.h" + +static unsigned int +otx2_crypto_sec_session_get_size(void *device __rte_unused) +{ + return sizeof(struct otx2_sec_session); +} + +static int +otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, + struct rte_security_session *session, + struct rte_mbuf *m, void *params __rte_unused) +{ + /* Set security session as the pkt metadata */ + m->udata64 = (uint64_t)session; + + return 0; +} + +static int +otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md, + void **userdata) +{ + /* Retrieve userdata */ + *userdata = (void *)md; + + return 0; +} static struct rte_security_ops otx2_crypto_sec_ops = { .session_create = NULL, .session_destroy = NULL, - .session_get_size = NULL, - .set_pkt_metadata = NULL, - .get_userdata = NULL, + .session_get_size = otx2_crypto_sec_session_get_size, + .set_pkt_metadata = otx2_crypto_sec_set_pkt_mdata, + .get_userdata = otx2_crypto_sec_get_userdata, .capabilities_get = otx2_crypto_sec_capabilities_get }; From patchwork Tue Jun 23 12:12:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72030 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3B3C2A0350; Tue, 23 Jun 2020 13:19:54 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E85AC1D65A; Tue, 23 Jun 2020 13:19:28 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 8CB681D66D for ; Tue, 23 Jun 2020 13:19:27 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBFwjr030170; Tue, 23 Jun 2020 04:19:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=d7vXVW1UkyGy9qQxV5m4Rbw3MAcSiaDKmSsbs2xw/Iw=; b=jYrmGDXM47W8x8CMS0SJ9qm6ldNBCLGezhIve8dFo5xUxpXIIFwTaaKyl0Y3uvUJaYuU fGqNCTr9k62bG3aBqh0NYjveXmbV46bR83Cn0RIA5g/mD1GNd02RCWjyu/b70kP4rCoO XLNc7ifAn3PS/VVyt+nPAk02CnQHoI2w4w11DlaRQOU+786Iq2s4p06FI467mljfXEwz +ys5/4DjjTLWAdR7FNRoEnsyk4NBx4ZylbMUe+f8XrKrEnLy1/a1scbiUUqSr1TE+vnS wVc1x5gnjQuv7v04hw2MWwhXs2Iv+UoqMRLISSEbg2/Wv/1D07Z+MwX+xHWx5zWNFnvj KQ== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 31shynw01j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:26 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:25 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:25 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id CAFEA3F7040; Tue, 23 Jun 2020 04:19:22 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Tue, 23 Jun 2020 17:42:26 +0530 Message-ID: <20200623121228.10355-7-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 6/8] crypto/octeontx2: add cryptodev sec session create X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 466 +++++++++++++++++- drivers/crypto/octeontx2/otx2_ipsec_po.h | 295 +++++++++++ drivers/crypto/octeontx2/otx2_security.h | 9 + drivers/net/octeontx2/otx2_ethdev_sec.c | 9 - 4 files changed, 768 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 6e14b37a68..0172bf6aae 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -3,15 +3,477 @@ */ #include +#include +#include +#include +#include #include #include #include +#include #include "otx2_cryptodev.h" #include "otx2_cryptodev_capabilities.h" +#include "otx2_cryptodev_hw_access.h" +#include "otx2_cryptodev_ops.h" #include "otx2_cryptodev_sec.h" #include "otx2_security.h" +static int +ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform, + struct otx2_sec_session_ipsec_lp *priv_lp) +{ + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; + + priv_lp->partial_len += sizeof(struct rte_ipv4_hdr); + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) { + priv_lp->partial_len += sizeof(struct rte_esp_hdr); + priv_lp->roundup_len = sizeof(struct rte_esp_tail); + } else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) { + priv_lp->partial_len += AH_HDR_LEN; + } else { + return -EINVAL; + } + + if (ipsec->options.udp_encap) + priv_lp->partial_len += sizeof(struct rte_udp_hdr); + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + priv_lp->partial_len += AES_GCM_IV_LEN; + priv_lp->partial_len += AES_GCM_MAC_LEN; + priv_lp->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN; + return 0; + } else { + return -EINVAL; + } + } + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + cipher_xform = xform; + auth_xform = xform->next; + } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + auth_xform = xform; + cipher_xform = xform->next; + } else { + return -EINVAL; + } + + if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + priv_lp->partial_len += AES_CBC_IV_LEN; + priv_lp->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN; + } else { + return -EINVAL; + } + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + priv_lp->partial_len += SHA1_HMAC_LEN; + else + return -EINVAL; + + return 0; +} + +static int +otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp, + struct otx2_cpt_qp *qptr, uint8_t opcode) +{ + uint64_t lmt_status, time_out; + void *lmtline = qptr->lmtline; + struct cpt_res_s_9s *res; + union cpt_inst_s inst; + cpt_vq_cmd_t uc_inst; + uint64_t *mdata; + int ret = 0; + + if (unlikely(rte_mempool_get(qptr->meta_info.pool, + (void **)&mdata) < 0)) + return -ENOMEM; + + res = (struct cpt_res_s_9s *)RTE_PTR_ALIGN(mdata, 16); + res->compcode = CPT_9X_COMP_E_NOTDONE; + + uc_inst.cmd.s.opcode = opcode | (lp->ctx_len << 8); + uc_inst.cmd.s.param1 = 0; + uc_inst.cmd.s.param2 = 0; + uc_inst.cmd.s.dlen = lp->ctx_len << 3; + uc_inst.dptr = rte_mempool_virt2iova(lp); + uc_inst.rptr = 0; + uc_inst.cptr.s.cptr = rte_mempool_virt2iova(lp); + uc_inst.cptr.s.grp = OTX2_CPT_EGRP_SE; + + memset(&inst, 0, sizeof(union cpt_inst_s)); + inst.s9x.res_addr = rte_mempool_virt2iova(res); + + rte_memcpy(&inst.s9x.ei0, &uc_inst, sizeof(cpt_vq_cmd_t)); + rte_cio_wmb(); + + do { + /* Copy CPT command to LMTLINE */ + otx2_lmt_mov(lmtline, &inst, 2); + lmt_status = otx2_lmt_submit(qptr->lf_nq_reg); + } while (lmt_status == 0); + + time_out = rte_get_timer_cycles() + + DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz(); + + while (res->compcode == CPT_9X_COMP_E_NOTDONE) { + if (rte_get_timer_cycles() > time_out) { + rte_mempool_put(qptr->meta_info.pool, mdata); + otx2_err("Request timed out"); + ret = -ETIMEDOUT; + goto exit; + } + rte_cio_rmb(); + } + + if (likely(res->compcode == CPT_9X_COMP_E_GOOD)) { + if (unlikely(res->uc_compcode)) { + ret = res->uc_compcode; + otx2_err("Request failed with microcode error"); + otx2_err("MC completion code 0x%x", res->uc_compcode); + ret = res->uc_compcode; + switch (res->uc_compcode) { + case OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED: + otx2_err("Auth type unsupported"); + break; + case OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED: + otx2_err("Encrypt type unsupported"); + } + } + } else { + otx2_err("HW completion code 0x%x", res->compcode); + ret = res->compcode; + switch (res->compcode) { + case CPT_9X_COMP_E_INSTERR: + otx2_err("Request failed with instruction error"); + break; + case CPT_9X_COMP_E_FAULT: + otx2_err("Request failed with DMA fault"); + } + } + + rte_mempool_put(qptr->meta_info.pool, mdata); + +exit: + return ret; +} + +static void +set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_crypto_sym_xform *auth_xform, + struct rte_crypto_sym_xform *cipher_xform) +{ + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sess->iv_offset = crypto_xform->aead.iv.offset; + sess->iv_length = crypto_xform->aead.iv.length; + sess->aad_length = crypto_xform->aead.aad_length; + sess->mac_len = crypto_xform->aead.digest_length; + } else { + sess->iv_offset = cipher_xform->cipher.iv.offset; + sess->iv_length = cipher_xform->cipher.iv.length; + sess->auth_iv_offset = auth_xform->auth.iv.offset; + sess->auth_iv_length = auth_xform->auth.iv.length; + sess->mac_len = auth_xform->auth.digest_length; + } + + sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV; + sess->ucmd_param2 = 0; +} + +static int +crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + struct otx2_sec_session_ipsec_lp *sess; + struct otx2_ipsec_po_sa_ctl *ctl_wrd; + const uint8_t *cipher_key, *auth_key; + int cipher_key_len, auth_key_len; + struct otx2_ipsec_po_out_sa *sa; + struct otx2_sec_session *priv; + struct otx2_cpt_inst_s inst; + int ret; + + priv = get_sec_session_private_data(sec_sess); + sess = &priv->ipsec.lp; + + sa = &sess->out_sa; + ctl_wrd = &sa->ctl; + if (ctl_wrd->valid) { + otx2_err("SA already registered"); + return -EINVAL; + } + + memset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa)); + + /* Initialize inline ipsec private data */ + sess->ip_id = 0; + sess->seq_lo = 1; + sess->seq_hi = 0; + sess->partial_len = 0; + sess->roundup_len = 0; + sess->roundup_byte = 0; + + ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl_wrd); + if (ret) + return ret; + + ret = ipsec_lp_len_precalc(ipsec, crypto_xform, sess); + if (ret < 0) + return ret; + + memcpy(sa->iv.misc.nonce, &ipsec->salt, 4); + + if (ipsec->options.udp_encap == 1) { + sa->udp_src = 4500; + sa->udp_dst = 4500; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + /* Start ip id from 1 */ + sess->ip_id = 1; + + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + struct rte_ipv4_hdr *ip = &sa->templt.ipv4.hdr; + + ip->version_ihl = RTE_IPV4_VHL_DEF; + ip->next_proto_id = IPPROTO_ESP; + ip->time_to_live = ipsec->tunnel.ipv4.ttl; + ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2); + if (ipsec->tunnel.ipv4.df) + ip->fragment_offset = BIT(14); + memcpy(&ip->src_addr, &ipsec->tunnel.ipv4.src_ip, + sizeof(struct in_addr)); + memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip, + sizeof(struct in_addr)); + } else { + return -EINVAL; + } + } else { + return -EINVAL; + } + + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + + cipher_key_len = 0; + auth_key_len = 0; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + cipher_key = crypto_xform->aead.key.data; + cipher_key_len = crypto_xform->aead.key.length; + + sess->ctx_len = sizeof(struct otx2_ipsec_po_out_sa); + sess->ctx_len >>= 3; + RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN); + } else { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + /* TODO: check the ctx len for supporting ALGO */ + sess->ctx_len = sizeof(struct otx2_ipsec_po_out_sa) >> 3; + RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN); + } + + if (cipher_key_len != 0) + memcpy(sa->cipher_key, cipher_key, cipher_key_len); + else + return -EINVAL; + + /* Use OPAD & IPAD */ + RTE_SET_USED(auth_key); + RTE_SET_USED(auth_key_len); + + inst.u64[7] = 0; + inst.egrp = OTX2_CPT_EGRP_SE; + inst.cptr = rte_mempool_virt2iova(sa); + + sess->ucmd_w3 = inst.u64[7]; + sess->ucmd_opcode = (sess->ctx_len << 8) | + (OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB); + + set_session_misc_attributes(sess, crypto_xform, + auth_xform, cipher_xform); + + return otx2_cpt_enq_sa_write(sess, crypto_dev->data->queue_pairs[0], + OTX2_IPSEC_PO_WRITE_IPSEC_OUTB); +} + +static int +crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + struct otx2_sec_session_ipsec_lp *sess; + struct otx2_ipsec_po_sa_ctl *ctl_wrd; + const uint8_t *cipher_key, *auth_key; + int cipher_key_len, auth_key_len; + struct otx2_ipsec_po_in_sa *sa; + struct otx2_sec_session *priv; + struct otx2_cpt_inst_s inst; + int ret; + + priv = get_sec_session_private_data(sec_sess); + sess = &priv->ipsec.lp; + + sa = &sess->in_sa; + ctl_wrd = &sa->ctl; + + if (ctl_wrd->valid) { + otx2_err("SA already registered"); + return -EINVAL; + } + + memset(sa, 0, sizeof(struct otx2_ipsec_po_in_sa)); + + ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl_wrd); + if (ret) + return ret; + + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + + cipher_key_len = 0; + auth_key_len = 0; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) + memcpy(sa->iv.misc.nonce, &ipsec->salt, 4); + cipher_key = crypto_xform->aead.key.data; + cipher_key_len = crypto_xform->aead.key.length; + + sess->ctx_len = offsetof(struct otx2_ipsec_po_in_sa, + aes_gcm.hmac_key[0]) >> 3; + RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN); + } else { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + /* TODO: check the ctx len for supporting ALGO */ + sess->ctx_len = sizeof(struct otx2_ipsec_po_in_sa) >> 2; + RTE_ASSERT(sess->ctx_len == OTX2_IPSEC_PO_MAX_INB_CTX_LEN); + } + + if (cipher_key_len != 0) + memcpy(sa->cipher_key, cipher_key, cipher_key_len); + else + return -EINVAL; + + /* Use OPAD & IPAD */ + RTE_SET_USED(auth_key); + RTE_SET_USED(auth_key_len); + + inst.u64[7] = 0; + inst.egrp = OTX2_CPT_EGRP_SE; + inst.cptr = rte_mempool_virt2iova(sa); + + sess->ucmd_w3 = inst.u64[7]; + sess->ucmd_opcode = (sess->ctx_len << 8) | + (OTX2_IPSEC_PO_PROCESS_IPSEC_INB); + + set_session_misc_attributes(sess, crypto_xform, + auth_xform, cipher_xform); + + return otx2_cpt_enq_sa_write(sess, crypto_dev->data->queue_pairs[0], + OTX2_IPSEC_PO_WRITE_IPSEC_INB); +} + +static int +crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sess) +{ + int ret; + + if (crypto_dev->data->queue_pairs[0] == NULL) { + otx2_err("Setup cpt queue pair before creating sec session"); + return -EPERM; + } + + ret = ipsec_po_xform_verify(ipsec, crypto_xform); + if (ret) + return ret; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec, + crypto_xform, sess); + else + return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec, + crypto_xform, sess); +} + +static int +otx2_crypto_sec_session_create(void *device, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + struct otx2_sec_session *priv; + int ret; + + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) + return -ENOTSUP; + + if (rte_mempool_get(mempool, (void **)&priv)) { + otx2_err("Could not allocate security session private data"); + return -ENOMEM; + } + + set_sec_session_private_data(sess, priv); + + priv->userdata = conf->userdata; + + if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) + ret = crypto_sec_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, + sess); + else + ret = -ENOTSUP; + + if (ret) + goto mempool_put; + + return 0; + +mempool_put: + rte_mempool_put(mempool, priv); + set_sec_session_private_data(sess, NULL); + return ret; +} + +static int +otx2_crypto_sec_session_destroy(void *device __rte_unused, + struct rte_security_session *sess) +{ + struct otx2_sec_session *priv; + struct rte_mempool *sess_mp; + + priv = get_sec_session_private_data(sess); + + if (priv == NULL) + return 0; + + sess_mp = rte_mempool_from_obj(priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, priv); + + return 0; +} + static unsigned int otx2_crypto_sec_session_get_size(void *device __rte_unused) { @@ -40,8 +502,8 @@ otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md, } static struct rte_security_ops otx2_crypto_sec_ops = { - .session_create = NULL, - .session_destroy = NULL, + .session_create = otx2_crypto_sec_session_create, + .session_destroy = otx2_crypto_sec_session_destroy, .session_get_size = otx2_crypto_sec_session_get_size, .set_pkt_metadata = otx2_crypto_sec_set_pkt_mdata, .get_userdata = otx2_crypto_sec_get_userdata, diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index 602b9d10e2..5d9f1393e2 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -9,6 +9,83 @@ #include #include +#define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN 0x09 +#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN 0x28 + +#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN 0x22 +#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN 0x38 + +#define OTX2_IPSEC_PO_PER_PKT_IV BIT(11) + +#define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB 0x20 +#define OTX2_IPSEC_PO_WRITE_IPSEC_INB 0x21 +#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23 +#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24 + +enum otx2_ipsec_po_comp_e { + OTX2_IPSEC_PO_CC_SUCCESS = 0x00, + OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0, + OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1, +}; + +enum { + OTX2_IPSEC_PO_SA_DIRECTION_INBOUND = 0, + OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_IP_VERSION_4 = 0, + OTX2_IPSEC_PO_SA_IP_VERSION_6 = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_MODE_TRANSPORT = 0, + OTX2_IPSEC_PO_SA_MODE_TUNNEL = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_PROTOCOL_AH = 0, + OTX2_IPSEC_PO_SA_PROTOCOL_ESP = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_AES_KEY_LEN_128 = 1, + OTX2_IPSEC_PO_SA_AES_KEY_LEN_192 = 2, + OTX2_IPSEC_PO_SA_AES_KEY_LEN_256 = 3, +}; + +enum { + OTX2_IPSEC_PO_SA_ENC_NULL = 0, + OTX2_IPSEC_PO_SA_ENC_DES_CBC = 1, + OTX2_IPSEC_PO_SA_ENC_3DES_CBC = 2, + OTX2_IPSEC_PO_SA_ENC_AES_CBC = 3, + OTX2_IPSEC_PO_SA_ENC_AES_CTR = 4, + OTX2_IPSEC_PO_SA_ENC_AES_GCM = 5, + OTX2_IPSEC_PO_SA_ENC_AES_CCM = 6, +}; + +enum { + OTX2_IPSEC_PO_SA_AUTH_NULL = 0, + OTX2_IPSEC_PO_SA_AUTH_MD5 = 1, + OTX2_IPSEC_PO_SA_AUTH_SHA1 = 2, + OTX2_IPSEC_PO_SA_AUTH_SHA2_224 = 3, + OTX2_IPSEC_PO_SA_AUTH_SHA2_256 = 4, + OTX2_IPSEC_PO_SA_AUTH_SHA2_384 = 5, + OTX2_IPSEC_PO_SA_AUTH_SHA2_512 = 6, + OTX2_IPSEC_PO_SA_AUTH_AES_GMAC = 7, + OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128 = 8, +}; + +enum { + OTX2_IPSEC_PO_SA_FRAG_POST = 0, + OTX2_IPSEC_PO_SA_FRAG_PRE = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_ENCAP_NONE = 0, + OTX2_IPSEC_PO_SA_ENCAP_UDP = 1, +}; + union bit_perfect_iv { uint8_t aes_iv[16]; uint8_t des_iv[8]; @@ -116,4 +193,222 @@ struct otx2_ipsec_po_out_sa { uint16_t udp_dst; }; +static inline int +ipsec_po_xform_cipher_verify(struct rte_crypto_sym_xform *xform) +{ + if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + switch (xform->cipher.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -ENOTSUP; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform) +{ + uint16_t keylen = xform->auth.key.length; + + if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + if (keylen >= 20 && keylen <= 64) + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_po_xform_aead_verify(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform) +{ + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) + return -EINVAL; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) + return -EINVAL; + + if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + switch (xform->aead.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -EINVAL; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + int ret; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + return ipsec_po_xform_aead_verify(ipsec, xform); + + if (xform->next == NULL) + return -EINVAL; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH || + xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) + return -EINVAL; + auth_xform = xform; + cipher_xform = xform->next; + } else { + /* Egress */ + if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER || + xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + cipher_xform = xform; + auth_xform = xform->next; + } + + ret = ipsec_po_xform_cipher_verify(cipher_xform); + if (ret) + return ret; + + ret = ipsec_po_xform_auth_verify(auth_xform); + if (ret) + return ret; + + return 0; +} + +static inline int +ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform, + struct otx2_ipsec_po_sa_ctl *ctl) +{ + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; + int aes_key_len; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND; + cipher_xform = xform; + auth_xform = xform->next; + } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_INBOUND; + auth_xform = xform; + cipher_xform = xform->next; + } else { + return -EINVAL; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) + ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4; + else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) + ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_6; + else + return -EINVAL; + } + + ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4; + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) + ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT; + else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) + ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TUNNEL; + else + return -EINVAL; + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) + ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_AH; + else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) + ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_ESP; + else + return -EINVAL; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_GCM; + aes_key_len = xform->aead.key.length; + } else { + return -ENOTSUP; + } + } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM; + aes_key_len = xform->cipher.key.length; + } else { + return -ENOTSUP; + } + + + switch (aes_key_len) { + case 16: + ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_128; + break; + case 24: + ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_192; + break; + case 32: + ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_256; + break; + default: + return -EINVAL; + } + + if (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) { + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_NULL; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_MD5; + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_224; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_256; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_384; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_GMAC; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128; + break; + default: + return -ENOTSUP; + } + } + + if (ipsec->options.esn == 1) + ctl->esn_en = 1; + + if (ipsec->options.udp_encap == 1) + ctl->encap_type = OTX2_IPSEC_PO_SA_ENCAP_UDP; + + ctl->spi = rte_cpu_to_be_32(ipsec->spi); + ctl->valid = 1; + + return 0; +} + #endif /* __OTX2_IPSEC_PO_H__ */ diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h index e76cd843c7..da7b33ab0d 100644 --- a/drivers/crypto/octeontx2/otx2_security.h +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -9,6 +9,15 @@ #include "otx2_ethdev_sec.h" #include "otx2_ipsec_fp.h" +#define AH_HDR_LEN 12 +#define AES_GCM_IV_LEN 8 +#define AES_GCM_MAC_LEN 16 +#define AES_CBC_IV_LEN 16 +#define SHA1_HMAC_LEN 12 + +#define AES_GCM_ROUNDUP_BYTE_LEN 4 +#define AES_CBC_ROUNDUP_BYTE_LEN 16 + union otx2_sec_session_ipsec { struct otx2_sec_session_ipsec_ip ip; struct otx2_sec_session_ipsec_lp lp; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index c2ad32cf0c..daff86cd5c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -21,15 +21,6 @@ #include "otx2_sec_idev.h" #include "otx2_security.h" -#define AH_HDR_LEN 12 -#define AES_GCM_IV_LEN 8 -#define AES_GCM_MAC_LEN 16 -#define AES_CBC_IV_LEN 16 -#define SHA1_HMAC_LEN 12 - -#define AES_GCM_ROUNDUP_BYTE_LEN 4 -#define AES_CBC_ROUNDUP_BYTE_LEN 16 - struct eth_sec_tag_const { RTE_STD_C11 union { From patchwork Tue Jun 23 12:12:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72031 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id E3A0BA0350; Tue, 23 Jun 2020 13:20:06 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 43F6C1D67E; Tue, 23 Jun 2020 13:19:32 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id EBD3C1D67A for ; Tue, 23 Jun 2020 13:19:30 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBEvWa024290; Tue, 23 Jun 2020 04:19:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=WMH5nSUcbmonHQ5djw6XRI2Rqz9lYOlb3wvcIh1zpQ0=; b=ZpJ0YGk4EboHjRGnS+KK9axzF2IJHVPKCsb0vJMfzY6SfYKE0JbKP7P7n0JpJ81AOeo+ Wp9FkrDmSF9t3UbxprBj0gpWxKQhAbwxTuHVJmUqtIZkbsMY344ROQEbltR9pjVFCvsg OEsFBveIuCQMWUrYRulLnC9Ze2aVA7hhmXepdATYEK1uZtqOCfinRlfuy6fm/iHsmyHx VWcNtB4yX1v2BiZ2J4eTmOuqG+cO6bj6Do5AfzckPdIc1/ud8q19MBVKU7C8iWw1ykFY h9Kjdb2WGkxYLmGtHd0z+fgq8sjWZbnxtT9fNiaDF9zMxkQ89BFZEyfFn7i0iPQNepfq 0g== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0a-0016f401.pphosted.com with ESMTP id 31sftpnn2w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:30 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:29 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:28 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 8A0623F7040; Tue, 23 Jun 2020 04:19:26 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Tue, 23 Jun 2020 17:42:27 +0530 Message-ID: <20200623121228.10355-8-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 7/8] crypto/octeontx2: add cryptodev sec enqueue routine X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev.h | 8 + drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 36 +++- drivers/crypto/octeontx2/otx2_ipsec_po.h | 6 + drivers/crypto/octeontx2/otx2_ipsec_po_ops.h | 179 ++++++++++++++++++ 4 files changed, 228 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.h b/drivers/crypto/octeontx2/otx2_cryptodev.h index e7a1730b22..f329741b38 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev.h @@ -6,6 +6,7 @@ #define _OTX2_CRYPTODEV_H_ #include "cpt_common.h" +#include "cpt_hw_types.h" #include "otx2_dev.h" @@ -33,6 +34,13 @@ struct otx2_cpt_vf { /**< CPT device capabilities */ }; +struct cpt_meta_info { + uint64_t deq_op_info[4]; + uint64_t comp_code_sz; + union cpt_res_s cpt_res __rte_aligned(16); + struct cpt_request_info cpt_req __rte_aligned(8); +}; + #define CPT_LOGTYPE otx2_cpt_logtype extern int otx2_cpt_logtype; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 08254062e9..d796488def 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -13,8 +13,10 @@ #include "otx2_cryptodev_hw_access.h" #include "otx2_cryptodev_mbox.h" #include "otx2_cryptodev_ops.h" +#include "otx2_ipsec_po_ops.h" #include "otx2_mbox.h" #include "otx2_sec_idev.h" +#include "otx2_security.h" #include "cpt_hw_types.h" #include "cpt_pmd_logs.h" @@ -603,6 +605,36 @@ otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, return ret; } +static __rte_always_inline int __rte_hot +otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, + struct pending_queue *pend_q) +{ + struct otx2_sec_session_ipsec_lp *sess; + struct otx2_ipsec_po_sa_ctl *ctl_wrd; + struct otx2_sec_session *priv; + struct cpt_request_info *req; + int ret; + + priv = get_sec_session_private_data(op->sym->sec_session); + sess = &priv->ipsec.lp; + + ctl_wrd = &sess->in_sa.ctl; + + if (ctl_wrd->direction == OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND) + ret = process_outb_sa(op, sess, &qp->meta_info, (void **)&req); + else + ret = process_inb_sa(op, sess, &qp->meta_info, (void **)&req); + + if (unlikely(ret)) { + otx2_err("Crypto req : op %p, ret 0x%x", op, ret); + return ret; + } + + ret = otx2_cpt_enqueue_req(qp, pend_q, req); + + return ret; +} + static __rte_always_inline int __rte_hot otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, struct pending_queue *pend_q) @@ -656,7 +688,9 @@ otx2_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) for (count = 0; count < nb_ops; count++) { op = ops[count]; if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) + ret = otx2_cpt_enqueue_sec(qp, op, pend_q); + else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) ret = otx2_cpt_enqueue_sym(qp, op, pend_q); else ret = otx2_cpt_enqueue_sym_sessless(qp, op, diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index 5d9f1393e2..d127f310b7 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -86,6 +86,12 @@ enum { OTX2_IPSEC_PO_SA_ENCAP_UDP = 1, }; +struct otx2_ipsec_po_out_hdr { + uint32_t ip_id; + uint32_t seq; + uint8_t iv[16]; +}; + union bit_perfect_iv { uint8_t aes_iv[16]; uint8_t des_iv[8]; diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h new file mode 100644 index 0000000000..1bfcbbe75b --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h @@ -0,0 +1,179 @@ + +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2019 Marvell International Ltd. + */ + +#ifndef __OTX2_IPSEC_PO_OPS_H__ +#define __OTX2_IPSEC_PO_OPS_H__ + +#include +#include + +#include "otx2_cryptodev.h" +#include "otx2_security.h" + +static __rte_always_inline int32_t +otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess, + uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = RTE_ALIGN_CEIL(plen + sess->roundup_len, + sess->roundup_byte); + + return sess->partial_len + enc_payload_len; +} + +static __rte_always_inline struct cpt_request_info * +alloc_request_struct(char *maddr, void *cop, int mdata_len) +{ + struct cpt_request_info *req; + struct cpt_meta_info *meta; + uint8_t *resp_addr; + uintptr_t *op; + + meta = (void *)RTE_PTR_ALIGN((uint8_t *)maddr, 16); + + op = meta->deq_op_info; + req = &meta->cpt_req; + resp_addr = (uint8_t *)&meta->cpt_res; + + req->completion_addr = (uint64_t *)((uint8_t *)resp_addr); + *req->completion_addr = COMPLETION_CODE_INIT; + req->comp_baddr = rte_mem_virt2iova(resp_addr); + req->op = op; + + op[0] = (uintptr_t)((uint64_t)meta | 1ull); + op[1] = (uintptr_t)cop; + op[2] = (uintptr_t)req; + op[3] = mdata_len; + + return req; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, + struct otx2_sec_session_ipsec_lp *sess, + struct cpt_qp_meta_info *m_info, void **prep_req) +{ + uint32_t dlen, rlen, extend_head, extend_tail; + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + struct otx2_ipsec_po_sa_ctl *ctl_wrd; + struct cpt_request_info *req = NULL; + struct otx2_ipsec_po_out_hdr *hdr; + struct otx2_ipsec_po_out_sa *sa; + int hdr_len, mdata_len, ret = 0; + vq_cmd_word0_t word0; + char *mdata, *data; + + sa = &sess->out_sa; + ctl_wrd = &sa->ctl; + hdr_len = sizeof(*hdr); + + dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len; + rlen = otx2_ipsec_po_out_rlen_get(sess, dlen - hdr_len); + + extend_head = hdr_len + RTE_ETHER_HDR_LEN; + extend_tail = rlen - dlen; + mdata_len = m_info->lb_mlen + 8; + + mdata = rte_pktmbuf_append(m_src, extend_tail + mdata_len); + if (unlikely(mdata == NULL)) { + otx2_err("Not enough tail room\n"); + ret = -ENOMEM; + goto exit; + } + + mdata += extend_tail; /* mdata follows encrypted data */ + req = alloc_request_struct(mdata, (void *)cop, mdata_len); + + data = rte_pktmbuf_prepend(m_src, extend_head); + if (unlikely(data == NULL)) { + otx2_err("Not enough head room\n"); + ret = -ENOMEM; + goto exit; + } + + /* + * Move the Ethernet header, to insert otx2_ipsec_po_out_hdr prior + * to the IP header + */ + memcpy(data, data + hdr_len, RTE_ETHER_HDR_LEN); + + hdr = (struct otx2_ipsec_po_out_hdr *)rte_pktmbuf_adj(m_src, + RTE_ETHER_HDR_LEN); + + if (ctl_wrd->enc_type == OTX2_IPSEC_FP_SA_ENC_AES_GCM) { + memcpy(&hdr->iv[0], &sa->iv.misc.nonce, 4); + memcpy(&hdr->iv[4], rte_crypto_op_ctod_offset(cop, uint8_t *, + sess->iv_offset), sess->iv_length); + } else if (ctl_wrd->auth_type == OTX2_IPSEC_FP_SA_ENC_AES_CBC) { + memcpy(&hdr->iv[0], rte_crypto_op_ctod_offset(cop, uint8_t *, + sess->iv_offset), sess->iv_length); + } + + /* Prepare CPT instruction */ + word0.s.opcode = sess->ucmd_opcode; + word0.s.param1 = sess->ucmd_param1; + word0.s.param2 = sess->ucmd_param2; + word0.s.dlen = dlen; + + req->ist.ei0 = word0.u64; + req->ist.ei1 = rte_pktmbuf_iova(m_src); + req->ist.ei2 = req->ist.ei1; + req->ist.ei3 = sess->ucmd_w3; + + hdr->seq = rte_cpu_to_be_32(sess->seq_lo); + hdr->ip_id = rte_cpu_to_be_32(sess->ip_id); + + sess->ip_id++; + sess->esn++; + +exit: + *prep_req = req; + + return ret; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, + struct otx2_sec_session_ipsec_lp *sess, + struct cpt_qp_meta_info *m_info, void **prep_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + struct cpt_request_info *req = NULL; + int mdata_len, ret = 0; + vq_cmd_word0_t word0; + uint32_t dlen; + char *mdata; + + dlen = rte_pktmbuf_pkt_len(m_src); + mdata_len = m_info->lb_mlen + 8; + + mdata = rte_pktmbuf_append(m_src, mdata_len); + if (unlikely(mdata == NULL)) { + otx2_err("Not enough tail room\n"); + ret = -ENOMEM; + goto exit; + } + + req = alloc_request_struct(mdata, (void *)cop, mdata_len); + + /* Prepare CPT instruction */ + word0.s.opcode = sess->ucmd_opcode; + word0.s.param1 = sess->ucmd_param1; + word0.s.param2 = sess->ucmd_param2; + word0.s.dlen = dlen; + + req->ist.ei0 = word0.u64; + req->ist.ei1 = rte_pktmbuf_iova(m_src); + req->ist.ei2 = req->ist.ei1; + req->ist.ei3 = sess->ucmd_w3; + +exit: + *prep_req = req; + return ret; +} +#endif /* __OTX2_IPSEC_PO_OPS_H__ */ From patchwork Tue Jun 23 12:12:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 72032 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 34DB1A0350; Tue, 23 Jun 2020 13:20:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5AB0A1D676; Tue, 23 Jun 2020 13:19:38 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id ACEB31D674 for ; Tue, 23 Jun 2020 13:19:36 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 05NBFxro030220; Tue, 23 Jun 2020 04:19:36 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=MqofnmPDYV8+eqkI4uPi7pUsmTGEV8S71dK5tU2GpCo=; b=P80kwTeWALINFKWfbT4y8W4yhUqJ7xBx0K6jKwlq66gQMFZR8OO46BDO75C83ER6qgUF uDL/xSjl6yHkz1I9SpbQX2EuH1osUbIyigX13fBZnMHWvxyCtsnZaZv63lu9GXArrpcw 2qZEKFwZK6oFWdwXdMvGCFNpNAsTw5EbVFMSuif5YrMLdFCkz6kVAr3RbWOj3GzfLNpx qHmwNf+9fVtff/899MvS8Mw7kALpcNfFQGlrtXQbMG7Og3GhA86LBRZtmpAADg61uUs8 e81UeEE5Usm9rYxZ4eKMOyL60gbLNyTfF9YHVtvCiqTnaXh5/nNqIu91qzqI3XDs7qOr sw== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0b-0016f401.pphosted.com with ESMTP id 31shynw02n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 23 Jun 2020 04:19:36 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 23 Jun 2020 04:19:34 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 23 Jun 2020 04:19:34 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 365C53F7040; Tue, 23 Jun 2020 04:19:31 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Tue, 23 Jun 2020 17:42:28 +0530 Message-ID: <20200623121228.10355-9-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200623121228.10355-1-ktejasree@marvell.com> References: <20200623121228.10355-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-23_06:2020-06-23, 2020-06-23 signatures=0 Subject: [dpdk-dev] [PATCH 8/8] crypto/octeontx2: add cryptodev sec dequeue routine X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++ drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index d796488def..43bb9a5fdf 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -832,11 +832,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop, } } +static void +otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp) +{ + struct cpt_request_info *req = (struct cpt_request_info *)rsp[2]; + vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0; + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv4_hdr *ip; + uint16_t m_len; + int mdata_len; + char *data; + + mdata_len = (int)rsp[3]; + rte_pktmbuf_trim(m, mdata_len); + + if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) { + data = rte_pktmbuf_mtod(m, char *); + ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR); + + m_len = rte_be_to_cpu_16(ip->total_length); + + m->data_len = m_len; + m->pkt_len = m_len; + m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR; + } +} + static inline void otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop, uintptr_t *rsp, uint8_t cc) { if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) { + otx2_cpt_sec_post_process(cop, rsp); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + + return; + } + if (likely(cc == NO_ERR)) { /* Verify authentication data if required */ if (unlikely(rsp[2])) diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index d127f310b7..f74ae2e598 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -22,10 +22,40 @@ #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23 #define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24 +#define OTX2_IPSEC_PO_INB_RPTR_HDR 0x8 + enum otx2_ipsec_po_comp_e { OTX2_IPSEC_PO_CC_SUCCESS = 0x00, OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0, OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1, + OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2, + OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3, + OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4, + OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5, + OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6, + OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7, + OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8, + OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9, + OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA, + OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB, + OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC, + OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD, + OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE, + OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF, + OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0, + OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1, + OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2, + OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3, + OTX2_IPSEC_PO_CC_PADDING = 0xC4, + OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5, + OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6, + OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7, + OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8, + OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9, + OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA, + OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB, + OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC, + OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE, }; enum {