From patchwork Wed Sep  8 08:37:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jiawen Wu <jiawenwu@trustnetic.com>
X-Patchwork-Id: 98312
X-Patchwork-Delegate: ferruh.yigit@amd.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 723A0A0C56;
	Wed,  8 Sep 2021 10:39:45 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1C2C341217;
	Wed,  8 Sep 2021 10:37:30 +0200 (CEST)
Received: from smtpbgau1.qq.com (smtpbgau1.qq.com [54.206.16.166])
 by mails.dpdk.org (Postfix) with ESMTP id 4DF9E411DF
 for <dev@dpdk.org>; Wed,  8 Sep 2021 10:37:25 +0200 (CEST)
X-QQ-mid: bizesmtp47t1631090239toy06lqa
Received: from wxdbg.localdomain.com (unknown [183.129.236.74])
 by esmtp6.qq.com (ESMTP) with
 id ; Wed, 08 Sep 2021 16:37:18 +0800 (CST)
X-QQ-SSF: 01400000002000E0G000B00A0000000
X-QQ-FEAT: kN2ypXZVqgznlxMdaUdrbTkAYnVx3RMcubpczPvbOyZxBAGvpgbruEfrWfm8p
 ZKuwGFDm2jw8TD1jH0KroXO2+TUEtNe0AYkH805wq/5YprcCCTBkdA1ZMPOVyvy8Zye2b9h
 b2IukLIFA/IXWOF0mhp6cjIrv9F/hRywN7C8MMLpQPRt+6Y84Dhf67R3E0BXqB6x3WJP2Rq
 WDD7blbOcMLVd4YiZHQdcka+Cum30PVoneN3wyaKzOsf0aKCViTpAEPuKctfr1dYVJIpUeg
 b0liOhG92dKPNfdKXvLUsetEulEB0w2pTIxm9LfNIoUCEO0CAQc8wGj+qTCLjJeDjVvj3cS
 0Nyw6WFIEVzwLPu3/fJWSJTGYrxeHR+Epazn1Qx
X-QQ-GoodBg: 2
From: Jiawen Wu <jiawenwu@trustnetic.com>
To: dev@dpdk.org
Cc: Jiawen Wu <jiawenwu@trustnetic.com>
Date: Wed,  8 Sep 2021 16:37:56 +0800
Message-Id: <20210908083758.312055-31-jiawenwu@trustnetic.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20210908083758.312055-1-jiawenwu@trustnetic.com>
References: <20210908083758.312055-1-jiawenwu@trustnetic.com>
MIME-Version: 1.0
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:trustnetic.com:qybgforeign:qybgforeign7
X-QQ-Bgrelay: 1
Subject: [dpdk-dev] [PATCH 30/32] net/ngbe: support security operations
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Support to update a security session and clear a security session
statistics.

Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com>
---
 drivers/net/ngbe/ngbe_ipsec.c | 41 +++++++++++++++++++++++++++++++++++
 drivers/net/ngbe/ngbe_ipsec.h | 15 +++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/drivers/net/ngbe/ngbe_ipsec.c b/drivers/net/ngbe/ngbe_ipsec.c
index 80151d45dc..cc79d7d88f 100644
--- a/drivers/net/ngbe/ngbe_ipsec.c
+++ b/drivers/net/ngbe/ngbe_ipsec.c
@@ -360,6 +360,12 @@ ngbe_crypto_create_session(void *device,
 	return 0;
 }
 
+static unsigned int
+ngbe_crypto_session_get_size(__rte_unused void *device)
+{
+	return sizeof(struct ngbe_crypto_session);
+}
+
 static int
 ngbe_crypto_remove_session(void *device,
 		struct rte_security_session *session)
@@ -385,6 +391,39 @@ ngbe_crypto_remove_session(void *device,
 	return 0;
 }
 
+static inline uint8_t
+ngbe_crypto_compute_pad_len(struct rte_mbuf *m)
+{
+	if (m->nb_segs == 1) {
+		/* 16 bytes ICV + 2 bytes ESP trailer + payload padding size
+		 * payload padding size is stored at <pkt_len - 18>
+		 */
+		uint8_t *esp_pad_len = rte_pktmbuf_mtod_offset(m, uint8_t *,
+					rte_pktmbuf_pkt_len(m) -
+					(ESP_TRAILER_SIZE + ESP_ICV_SIZE));
+		return *esp_pad_len + ESP_TRAILER_SIZE + ESP_ICV_SIZE;
+	}
+	return 0;
+}
+
+static int
+ngbe_crypto_update_mb(void *device __rte_unused,
+		struct rte_security_session *session,
+		       struct rte_mbuf *m, void *params __rte_unused)
+{
+	struct ngbe_crypto_session *ic_session =
+			get_sec_session_private_data(session);
+	if (ic_session->op == NGBE_OP_AUTHENTICATED_ENCRYPTION) {
+		union ngbe_crypto_tx_desc_md *mdata =
+			(union ngbe_crypto_tx_desc_md *)
+				rte_security_dynfield(m);
+		mdata->enc = 1;
+		mdata->sa_idx = ic_session->sa_index;
+		mdata->pad_len = ngbe_crypto_compute_pad_len(m);
+	}
+	return 0;
+}
+
 static const struct rte_security_capability *
 ngbe_crypto_capabilities_get(void *device __rte_unused)
 {
@@ -513,7 +552,9 @@ ngbe_crypto_capabilities_get(void *device __rte_unused)
 
 static struct rte_security_ops ngbe_security_ops = {
 	.session_create = ngbe_crypto_create_session,
+	.session_get_size = ngbe_crypto_session_get_size,
 	.session_destroy = ngbe_crypto_remove_session,
+	.set_pkt_metadata = ngbe_crypto_update_mb,
 	.capabilities_get = ngbe_crypto_capabilities_get
 };
 
diff --git a/drivers/net/ngbe/ngbe_ipsec.h b/drivers/net/ngbe/ngbe_ipsec.h
index 8442bb2157..fa5f21027b 100644
--- a/drivers/net/ngbe/ngbe_ipsec.h
+++ b/drivers/net/ngbe/ngbe_ipsec.h
@@ -18,6 +18,9 @@
 #define IPSEC_MAX_RX_IP_COUNT           16
 #define IPSEC_MAX_SA_COUNT              16
 
+#define ESP_ICV_SIZE 16
+#define ESP_TRAILER_SIZE 2
+
 enum ngbe_operation {
 	NGBE_OP_AUTHENTICATED_ENCRYPTION,
 	NGBE_OP_AUTHENTICATED_DECRYPTION
@@ -69,6 +72,18 @@ struct ngbe_crypto_tx_sa_table {
 	uint8_t  used;
 };
 
+union ngbe_crypto_tx_desc_md {
+	uint64_t data;
+	struct {
+		/**< SA table index */
+		uint32_t sa_idx;
+		/**< ICV and ESP trailer length */
+		uint8_t pad_len;
+		/**< enable encryption */
+		uint8_t enc;
+	};
+};
+
 struct ngbe_ipsec {
 	struct ngbe_crypto_rx_ip_table rx_ip_tbl[IPSEC_MAX_RX_IP_COUNT];
 	struct ngbe_crypto_rx_sa_table rx_sa_tbl[IPSEC_MAX_SA_COUNT];