From patchwork Fri Sep 4 15:24:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 76565 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 48848A04C5; Fri, 4 Sep 2020 16:30:48 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A53221C0C6; Fri, 4 Sep 2020 16:30:47 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 4F71B1C0C0 for ; Fri, 4 Sep 2020 16:30:46 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 084EKjmT010747; Fri, 4 Sep 2020 07:30:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=bI7yy+C7uUmzLuyr1tNosB909sQ30TAfG4ySvPHvuWU=; b=F3UNwCoxPzqQtJBHcE69/x3N9LwHAZ9QODWnOeeWN+5IhOwPoCH2QbBfKrIxtjya2Cvl F7XX0lceCya0FblmyrghHJ+3/ArxW799unVhAU9VVuPx9fdTHRdtWsqcpV86YWHmp8Tg VtleGyoOIbHkOH3j6j4hPRPMVvCqxXdr3wNFLjpcG8jGTrIzYDzDINTnOgqt+BV1jmZL qsyc52MgSrnmsWrkKpBm8fkczU4mppEE3i1vIpuUTN6sH4np7KI3XqUfxIO38jtw5Y+s HZhoELgkkolfAhoc3TbCDEapElyCvXgZoLuERP8y0zzz2toF2BfjDyJnmPCet7n5glZY aQ== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0a-0016f401.pphosted.com with ESMTP id 337mcqtynn-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 04 Sep 2020 07:30:45 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 4 Sep 2020 07:30:44 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 4 Sep 2020 07:30:43 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 4 Sep 2020 07:30:43 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 3DC5A3F7048; Fri, 4 Sep 2020 07:30:41 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Date: Fri, 4 Sep 2020 20:54:13 +0530 Message-ID: <20200904152413.24955-1-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-04_07:2020-09-04, 2020-09-04 signatures=0 Subject: [dpdk-dev] [PATCH] crypto/octeontx2: add lookaside IPsec IPv6 support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding IPv6 tunnel mode support in lookaside IPsec PMD. Signed-off-by: Tejasree Kondoj Acked-by: Anoob Joseph --- drivers/crypto/octeontx2/otx2_cryptodev.h | 2 +- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 13 +++++++-- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 28 ++++++++++++++++++- drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 2 ++ drivers/crypto/octeontx2/otx2_ipsec_po.h | 2 +- drivers/crypto/octeontx2/otx2_ipsec_po_ops.h | 10 +++++-- 6 files changed, 49 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.h b/drivers/crypto/octeontx2/otx2_cryptodev.h index a00f3d696..fe5eeccfe 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev.h @@ -35,7 +35,7 @@ struct otx2_cpt_vf { }; struct cpt_meta_info { - uint64_t deq_op_info[4]; + uint64_t deq_op_info[5]; uint64_t comp_code_sz; union cpt_res_s cpt_res __rte_aligned(16); struct cpt_request_info cpt_req; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 9d51b17dd..82d8889ab 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -842,6 +842,7 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp) vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0; struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv6_hdr *ip6; struct rte_ipv4_hdr *ip; uint16_t m_len; int mdata_len; @@ -852,9 +853,17 @@ otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp) if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) { data = rte_pktmbuf_mtod(m, char *); - ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR); - m_len = rte_be_to_cpu_16(ip->total_length); + if (rsp[4] == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + ip = (struct rte_ipv4_hdr *)(data + + OTX2_IPSEC_PO_INB_RPTR_HDR); + m_len = rte_be_to_cpu_16(ip->total_length); + } else { + ip6 = (struct rte_ipv6_hdr *)(data + + OTX2_IPSEC_PO_INB_RPTR_HDR); + m_len = rte_be_to_cpu_16(ip6->payload_len) + + sizeof(struct rte_ipv6_hdr); + } m->data_len = m_len; m->pkt_len = m_len; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 0741a592c..5d8766682 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -25,7 +25,12 @@ ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec, { struct rte_crypto_sym_xform *cipher_xform, *auth_xform; - lp->partial_len = sizeof(struct rte_ipv4_hdr); + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) + lp->partial_len = sizeof(struct rte_ipv4_hdr); + else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) + lp->partial_len = sizeof(struct rte_ipv6_hdr); + else + return -EINVAL; if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) { lp->partial_len += sizeof(struct rte_esp_hdr); @@ -203,6 +208,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_out_sa *sa; struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; + struct rte_ipv6_hdr *ip6; struct rte_ipv4_hdr *ip; int ret; @@ -222,6 +228,7 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, lp->ip_id = 0; lp->seq_lo = 1; lp->seq_hi = 0; + lp->tunnel_type = ipsec->tunnel.type; ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl); if (ret) @@ -254,6 +261,24 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, sizeof(struct in_addr)); memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip, sizeof(struct in_addr)); + } else if (ipsec->tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV6) { + ip6 = &sa->template.ipv6_hdr; + ip6->vtc_flow = rte_cpu_to_be_32(0x60000000 | + ((ipsec->tunnel.ipv6.dscp << + RTE_IPV6_HDR_TC_SHIFT) & + RTE_IPV6_HDR_TC_MASK) | + ((ipsec->tunnel.ipv6.flabel << + RTE_IPV6_HDR_FL_SHIFT) & + RTE_IPV6_HDR_FL_MASK)); + ip6->hop_limits = ipsec->tunnel.ipv6.hlimit; + ip6->proto = (ipsec->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? + IPPROTO_ESP : IPPROTO_AH; + memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr, + sizeof(struct in6_addr)); + memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr, + sizeof(struct in6_addr)); } else { return -EINVAL; } @@ -342,6 +367,7 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, if (ret) return ret; + lp->tunnel_type = ipsec->tunnel.type; auth_xform = crypto_xform; cipher_xform = crypto_xform->next; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h index b989251e7..b4a39d2fe 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h @@ -55,6 +55,8 @@ struct otx2_sec_session_ipsec_lp { uint8_t iv_length; /** Auth IV length in bytes */ uint8_t auth_iv_length; + /** IPsec tunnel type */ + enum rte_security_ipsec_tunnel_type tunnel_type; }; int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev); diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index 020748609..da24f6a5d 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -319,7 +319,7 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, return -EINVAL; } - ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4; + ctl->inner_ip_ver = ctl->outer_ip_ver; if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT; diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h index dd29c413d..5dd0b391a 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h @@ -25,7 +25,8 @@ otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess, } static __rte_always_inline struct cpt_request_info * -alloc_request_struct(char *maddr, void *cop, int mdata_len) +alloc_request_struct(char *maddr, void *cop, int mdata_len, + enum rte_security_ipsec_tunnel_type tunnel_type) { struct cpt_request_info *req; struct cpt_meta_info *meta; @@ -47,6 +48,7 @@ alloc_request_struct(char *maddr, void *cop, int mdata_len) op[1] = (uintptr_t)cop; op[2] = (uintptr_t)req; op[3] = mdata_len; + op[4] = tunnel_type; return req; } @@ -86,7 +88,8 @@ process_outb_sa(struct rte_crypto_op *cop, } mdata += extend_tail; /* mdata follows encrypted data */ - req = alloc_request_struct(mdata, (void *)cop, mdata_len); + req = alloc_request_struct(mdata, (void *)cop, mdata_len, + sess->tunnel_type); data = rte_pktmbuf_prepend(m_src, extend_head); if (unlikely(data == NULL)) { @@ -157,7 +160,8 @@ process_inb_sa(struct rte_crypto_op *cop, goto exit; } - req = alloc_request_struct(mdata, (void *)cop, mdata_len); + req = alloc_request_struct(mdata, (void *)cop, mdata_len, + sess->tunnel_type); /* Prepare CPT instruction */ word0.u64 = sess->ucmd_w0;