Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/78090/?format=api
https://patches.dpdk.org/api/patches/78090/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20200918110943.14553-2-adwivedi@marvell.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20200918110943.14553-2-adwivedi@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20200918110943.14553-2-adwivedi@marvell.com", "date": "2020-09-18T11:09:42", "name": "[v2,1/2] net/octeontx2: add anti replay support in security session", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "ebbd6d1310e602552882aeb6e1adcb3d49695cf6", "submitter": { "id": 1561, "url": "https://patches.dpdk.org/api/people/1561/?format=api", "name": "Ankur Dwivedi", "email": "adwivedi@marvell.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20200918110943.14553-2-adwivedi@marvell.com/mbox/", "series": [ { "id": 12347, "url": "https://patches.dpdk.org/api/series/12347/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=12347", "date": "2020-09-18T11:09:41", "name": "add anti replay support in OCTEON TX2 security", "version": 2, "mbox": "https://patches.dpdk.org/series/12347/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/78090/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/78090/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 1B164A04C8;\n\tFri, 18 Sep 2020 13:11:17 +0200 (CEST)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id EDBAB1D9C8;\n\tFri, 18 Sep 2020 13:11:16 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 22A481D9C6\n for <dev@dpdk.org>; Fri, 18 Sep 2020 13:11:15 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 08IB5ZAF022685; Fri, 18 Sep 2020 04:11:14 -0700", "from sc-exch01.marvell.com ([199.233.58.181])\n by mx0b-0016f401.pphosted.com with ESMTP id 33m73p43aa-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Fri, 18 Sep 2020 04:11:14 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH01.marvell.com\n (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Fri, 18 Sep 2020 04:11:12 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Fri, 18 Sep 2020 04:11:11 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Fri, 18 Sep 2020 04:11:11 -0700", "from hyd1349.t110.caveonetworks.com (unknown [10.29.45.13])\n by maili.marvell.com (Postfix) with ESMTP id ED1B73F703F;\n Fri, 18 Sep 2020 04:11:08 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=bYQdmYxGsH7Z3LeXrasHxi5rApbXLPvqTAjrR/3qKzU=;\n b=HwgsrXkgVJfo3KN41ddzXpIChRrjjhLeJwg5QhOknfzKzwOEdBwFpyLsX3KD77eWUNnQ\n 44E0tXd1DP5usm293iDABMN2FBfAic3kt+K6l2qVIlskjfpeFE3ojRga+2YLLi3E9y3e\n bDsRVRIq7ubDellsw9QEbX/gC4kIcs2GC89ChnbNBhdjqdQ/sNv6K2eu5TXkiA+sTaIq\n RKeosijOzrrWVTKf/tQHIb8l/ae5GzsyahohEk92zebZW6AQafpRHsa3cBMtri1fDlw0\n BlKzWIFarbwbr4QZzLAXGHd94LopLUkGjzBJFOLZievNgVS7+g13hmsrCjfluJna3lqw nA==", "From": "Ankur Dwivedi <adwivedi@marvell.com>", "To": "<dev@dpdk.org>", "CC": "<jerinj@marvell.com>, <akhil.goyal@nxp.com>, <radu.nicolau@intel.com>,\n <anoobj@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>", "Date": "Fri, 18 Sep 2020 16:39:42 +0530", "Message-ID": "<20200918110943.14553-2-adwivedi@marvell.com>", "X-Mailer": "git-send-email 2.28.0", "In-Reply-To": "<20200918110943.14553-1-adwivedi@marvell.com>", "References": "<20200903111836.6864-1-adwivedi@marvell.com>\n <20200918110943.14553-1-adwivedi@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687\n definitions=2020-09-18_14:2020-09-16,\n 2020-09-18 signatures=0", "Subject": "[dpdk-dev] [PATCH v2 1/2] net/octeontx2: add anti replay support in\n\tsecurity session", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Initialize the inbound session for anti replay. The replay\nwindow is allocated during session create and freed in session destroy.\n\nSigned-off-by: Ankur Dwivedi <adwivedi@marvell.com>\n---\n drivers/crypto/octeontx2/otx2_ipsec_fp.h | 29 ++++++++++++++--\n drivers/crypto/octeontx2/otx2_security.h | 3 ++\n drivers/net/octeontx2/otx2_ethdev_sec.c | 42 ++++++++++++++++++++++++\n 3 files changed, 71 insertions(+), 3 deletions(-)", "diff": "diff --git a/drivers/crypto/octeontx2/otx2_ipsec_fp.h b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\nindex 52b3b41e2..a33041d77 100644\n--- a/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_fp.h\n@@ -8,6 +8,17 @@\n #include <rte_crypto_sym.h>\n #include <rte_security.h>\n \n+/* Macros for anti replay and ESN */\n+#define OTX2_IPSEC_MAX_REPLAY_WIN_SZ\t1024\n+#define OTX2_IPSEC_SAINDEX_SZ\t\t4\n+#define OTX2_IPSEC_SEQNO_LO\t\t4\n+\n+#define OTX2_IPSEC_SEQNO_LO_INDEX\t(RTE_ETHER_HDR_LEN + \\\n+\t\t\t\t\t OTX2_IPSEC_SAINDEX_SZ)\n+\n+#define OTX2_IPSEC_SEQNO_HI_INDEX\t(OTX2_IPSEC_SEQNO_LO_INDEX + \\\n+\t\t\t\t\t OTX2_IPSEC_SEQNO_LO)\n+\n enum {\n \tOTX2_IPSEC_FP_SA_DIRECTION_INBOUND = 0,\n \tOTX2_IPSEC_FP_SA_DIRECTION_OUTBOUND = 1,\n@@ -105,6 +116,14 @@ struct otx2_ipsec_fp_out_sa {\n \tuint8_t hmac_key[48];\n };\n \n+struct otx2_ipsec_replay {\n+\trte_spinlock_t lock;\n+\tuint32_t winb;\n+\tuint32_t wint;\n+\tuint64_t base; /**< base of the anti-replay window */\n+\tuint64_t window[17]; /**< anti-replay window */\n+};\n+\n struct otx2_ipsec_fp_in_sa {\n \t/* w0 */\n \tstruct otx2_ipsec_fp_sa_ctl ctl;\n@@ -114,8 +133,8 @@ struct otx2_ipsec_fp_in_sa {\n \tuint32_t unused;\n \n \t/* w2 */\n-\tuint32_t esn_low;\n \tuint32_t esn_hi;\n+\tuint32_t esn_low;\n \n \t/* w3-w6 */\n \tuint8_t cipher_key[32];\n@@ -128,9 +147,13 @@ struct otx2_ipsec_fp_in_sa {\n \t\tvoid *userdata;\n \t\tuint64_t udata64;\n \t};\n+\tunion {\n+\t\tstruct otx2_ipsec_replay *replay;\n+\t\tuint64_t replay64;\n+\t};\n+\tuint32_t replay_win_sz;\n \n-\tuint64_t reserved1;\n-\tuint64_t reserved2;\n+\tuint32_t reserved1;\n };\n \n static inline int\ndiff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h\nindex 086b50604..33d3b1515 100644\n--- a/drivers/crypto/octeontx2/otx2_security.h\n+++ b/drivers/crypto/octeontx2/otx2_security.h\n@@ -5,6 +5,8 @@\n #ifndef __OTX2_SECURITY_H__\n #define __OTX2_SECURITY_H__\n \n+#include <rte_security.h>\n+\n #include \"otx2_cryptodev_sec.h\"\n #include \"otx2_ethdev_sec.h\"\n \n@@ -20,6 +22,7 @@\n union otx2_sec_session_ipsec {\n \tstruct otx2_sec_session_ipsec_ip ip;\n \tstruct otx2_sec_session_ipsec_lp lp;\n+\tenum rte_security_ipsec_sa_direction dir;\n };\n \n struct otx2_sec_session {\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c\nindex a155594e2..af91e30f4 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c\n@@ -360,6 +360,7 @@ eth_sec_ipsec_out_sess_create(struct rte_eth_dev *eth_dev,\n \tstruct otx2_cpt_qp *qp;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n+\tpriv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;\n \tsess = &priv->ipsec.ip;\n \n \tsa = &sess->out_sa;\n@@ -482,6 +483,7 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \tctl = &sa->ctl;\n \n \tpriv = get_sec_session_private_data(sec_sess);\n+\tpriv->ipsec.dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n \tsess = &priv->ipsec.ip;\n \n \tif (ctl->valid) {\n@@ -519,6 +521,8 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \n \tsa->userdata = priv->userdata;\n \n+\tsa->replay_win_sz = ipsec->replay_win_sz;\n+\n \tif (lookup_mem_sa_index_update(eth_dev, ipsec->spi, sa))\n \t\treturn -EINVAL;\n \n@@ -533,7 +537,32 @@ eth_sec_ipsec_in_sess_create(struct rte_eth_dev *eth_dev,\n \t\t\treturn ret;\n \t\tret = hmac_init(ctl, qp, auth_key, auth_key_len, sa->hmac_key);\n \t\totx2_sec_idev_tx_cpt_qp_put(qp);\n+\t\tif (ret)\n+\t\t\treturn ret;\n \t}\n+\n+\tif (sa->replay_win_sz) {\n+\t\tif (sa->replay_win_sz > OTX2_IPSEC_MAX_REPLAY_WIN_SZ) {\n+\t\t\totx2_err(\"Replay window size is not supported\");\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\tsa->replay = rte_zmalloc(NULL, sizeof(struct otx2_ipsec_replay),\n+\t\t\t\t0);\n+\t\tif (sa->replay == NULL)\n+\t\t\treturn -ENOMEM;\n+\n+\t\trte_spinlock_init(&sa->replay->lock);\n+\t\t/*\n+\t\t * Set window bottom to 1, base and top to size of\n+\t\t * window\n+\t\t */\n+\t\tsa->replay->winb = 1;\n+\t\tsa->replay->wint = sa->replay_win_sz;\n+\t\tsa->replay->base = sa->replay_win_sz;\n+\t\tsa->esn_low = 0;\n+\t\tsa->esn_hi = 0;\n+\t}\n+\n \treturn ret;\n }\n \n@@ -600,6 +629,15 @@ otx2_eth_sec_session_create(void *device,\n \treturn ret;\n }\n \n+static void\n+otx2_eth_sec_free_anti_replay(struct otx2_ipsec_fp_in_sa *sa)\n+{\n+\tif (sa != NULL) {\n+\t\tif (sa->replay_win_sz && sa->replay)\n+\t\t\trte_free(sa->replay);\n+\t}\n+}\n+\n static int\n otx2_eth_sec_session_destroy(void *device __rte_unused,\n \t\t\t struct rte_security_session *sess)\n@@ -615,6 +653,10 @@ otx2_eth_sec_session_destroy(void *device __rte_unused,\n \n \tsess_ip = &priv->ipsec.ip;\n \n+\t/* Release the anti replay window */\n+\tif (priv->ipsec.dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\totx2_eth_sec_free_anti_replay(sess_ip->in_sa);\n+\n \t/* Release CPT LF used for this session */\n \tif (sess_ip->qp != NULL) {\n \t\tret = otx2_sec_idev_tx_cpt_qp_put(sess_ip->qp);\n", "prefixes": [ "v2", "1/2" ] }{ "id": 78090, "url": "