From patchwork Tue Jun 29 07:34:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94946 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1A6F5A0A0C; Tue, 29 Jun 2021 09:35:03 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D26834117F; Tue, 29 Jun 2021 09:35:02 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C9D9C4117D for ; Tue, 29 Jun 2021 09:34:58 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QR8k006831; Tue, 29 Jun 2021 00:34:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=KpDQMKCDXJ00fRC0tAJKPOPYOHAvWf/xvR/FwGEaKAk=; b=fkat9km3u/KbaZ+E8Wgaz3akgXmvBkXygfqbJaCwJx6FbVvm+T25JCZB6onoTu85cNZq o4cLZtAno4k0CjMf0ox70Na1mdEdVlmUlrmb1x40utRvk8In9SV/DJlG2zdTcVsi1iDq vDLy6MDmzE7tc5m+8wCMfcHTVBoZ/gLtihiVlaxC4qGW3UkY5WVHV9Qa0fyxoT+uniHs s+iRTPnIKAYLNZb8ybpuhBc4AKuP0dLeQpr6IzuRmjcyRDC8M3gSZceboO5XG6RXEaKQ V27Z7wvhAWfdzwDI++BdHB8blh5LZxW4Rc7llzjYzS0qtULwcwROSwrig9fXBUG5Rj0d Tw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s4s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:34:57 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:34:56 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:34:56 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id F16705B6925; Tue, 29 Jun 2021 00:34:52 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Srujana Challa , Jerin Jacob , Ankur Dwivedi , Tejasree Kondoj , , Anoob Joseph Date: Tue, 29 Jun 2021 13:04:29 +0530 Message-ID: <1624952076-30928-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: a1_iqzU2N19GrgLowdGbH7d2OsFgEX9p X-Proofpoint-GUID: a1_iqzU2N19GrgLowdGbH7d2OsFgEX9p X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 1/8] crypto/cnxk: add security ctx skeleton X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Srujana Challa Add security ctx in cn10k crypto PMD. Signed-off-by: Anoob Joseph Signed-off-by: Srujana Challa Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_cryptodev.c | 9 ++++++ drivers/crypto/cnxk/cnxk_cryptodev_sec.c | 47 ++++++++++++++++++++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_sec.h | 14 ++++++++++ drivers/crypto/cnxk/meson.build | 3 +- 4 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/cnxk/cnxk_cryptodev_sec.c create mode 100644 drivers/crypto/cnxk/cnxk_cryptodev_sec.h diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c b/drivers/crypto/cnxk/cn10k_cryptodev.c index 559aaef..ffe654c 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev.c @@ -14,6 +14,7 @@ #include "cn10k_cryptodev_ops.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" +#include "cnxk_cryptodev_sec.h" #include "roc_api.h" @@ -77,6 +78,11 @@ cn10k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, plt_err("Failed to add engine group rc=%d", rc); goto dev_fini; } + + /* Create security context */ + rc = cnxk_crypto_sec_ctx_create(dev); + if (rc) + goto dev_fini; } cnxk_cpt_caps_populate(vf); @@ -126,6 +132,9 @@ cn10k_cpt_pci_remove(struct rte_pci_device *pci_dev) if (dev == NULL) return -ENODEV; + /* Destroy security context */ + cnxk_crypto_sec_ctx_destroy(dev); + if (rte_eal_process_type() == RTE_PROC_PRIMARY) { vf = dev->data->dev_private; ret = roc_cpt_dev_fini(&vf->cpt); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c new file mode 100644 index 0000000..f03d2ed --- /dev/null +++ b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c @@ -0,0 +1,47 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include +#include +#include +#include + +#include "cnxk_cryptodev_sec.h" + +/* Common security ops */ +struct rte_security_ops cnxk_sec_ops = { + .session_create = NULL, + .session_destroy = NULL, + .session_get_size = NULL, + .set_pkt_metadata = NULL, + .get_userdata = NULL, + .capabilities_get = NULL, +}; + +int +cnxk_crypto_sec_ctx_create(struct rte_cryptodev *cdev) +{ + struct rte_security_ctx *ctx; + + ctx = rte_malloc("cnxk_cpt_dev_sec_ctx", + sizeof(struct rte_security_ctx), 0); + + if (ctx == NULL) + return -ENOMEM; + + /* Populate ctx */ + ctx->device = cdev; + ctx->ops = &cnxk_sec_ops; + ctx->sess_cnt = 0; + + cdev->security_ctx = ctx; + + return 0; +} + +void +cnxk_crypto_sec_ctx_destroy(struct rte_cryptodev *cdev) +{ + rte_free(cdev->security_ctx); +} diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_sec.h b/drivers/crypto/cnxk/cnxk_cryptodev_sec.h new file mode 100644 index 0000000..9ab0e9e --- /dev/null +++ b/drivers/crypto/cnxk/cnxk_cryptodev_sec.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CNXK_CRYPTODEV_SEC_H__ +#define __CNXK_CRYPTODEV_SEC_H__ + +#include + +int cnxk_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev); + +void cnxk_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev); + +#endif /* __CNXK_CRYPTODEV_SEC_H__ */ diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index fa6be06..a2b461e 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -16,6 +16,7 @@ sources = files( 'cnxk_cryptodev.c', 'cnxk_cryptodev_capabilities.c', 'cnxk_cryptodev_ops.c', + 'cnxk_cryptodev_sec.c', ) -deps += ['bus_pci', 'common_cnxk'] +deps += ['bus_pci', 'common_cnxk', 'security'] From patchwork Tue Jun 29 07:34:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94947 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 38E20A0A0C; Tue, 29 Jun 2021 09:35:09 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 230C741187; Tue, 29 Jun 2021 09:35:07 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 322C241187 for ; Tue, 29 Jun 2021 09:35:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QRdD006855; Tue, 29 Jun 2021 00:35:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=3U4crViiU1o79ZT/Q3WXZtPBtcVmI+2M6giCIBZo66I=; b=APVWUbY/Dmfc5LJbn67Bs01AffjpAotzaBnAJGtXpX0npIKBj+KGbESwFcHH3T9zjKFB xP43Y/LYFg1ZB+W9TiqOx5MRcwNWF1JOVpe7LAFeeF0zBIrhtYrGMUS7mSkW3OkWvzJS 53fsajI7SsctMztnVXhGN/ydp+tq/ipUEU2YVe9jjwj/AJMx53M5/Tb+imoI1aTXysLF 4AhF8P1yeG110QvDXqnKPax2qwgGZBHuQvfvFOzXIkrzbbMDlhA0AQaCr7nJBMZyTyoN 7F70tigLeDjlkUZXNiEvyOHG7O4IMRYJ8pjrZqLKF1cNnz4pa7qZI6ZjqQe23Ar4dr7B CQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s5f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:04 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:02 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id F3D7D5B6925; Tue, 29 Jun 2021 00:34:57 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Tejasree Kondoj , Jerin Jacob , Ankur Dwivedi , , Anoob Joseph , Archana Muniganti , "Srujana Challa" Date: Tue, 29 Jun 2021 13:04:30 +0530 Message-ID: <1624952076-30928-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: J5c7P70OF0vZkJr5BHcwrPWuDe_jNoPb X-Proofpoint-GUID: J5c7P70OF0vZkJr5BHcwrPWuDe_jNoPb X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 2/8] crypto/cnxk: add security session ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Add security session ops in cn10k crypto PMD. Signed-off-by: Anoob Joseph Signed-off-by: Archana Muniganti Signed-off-by: Srujana Challa Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_cryptodev.c | 2 + drivers/crypto/cnxk/cn10k_ipsec.c | 275 ++++++++++++++++++++++++++++++++++ drivers/crypto/cnxk/cn10k_ipsec.h | 36 +++++ drivers/crypto/cnxk/cnxk_ipsec.h | 20 +++ drivers/crypto/cnxk/meson.build | 3 + 5 files changed, 336 insertions(+) create mode 100644 drivers/crypto/cnxk/cn10k_ipsec.c create mode 100644 drivers/crypto/cnxk/cn10k_ipsec.h create mode 100644 drivers/crypto/cnxk/cnxk_ipsec.h diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c b/drivers/crypto/cnxk/cn10k_cryptodev.c index ffe654c..cacf9c2 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev.c @@ -12,6 +12,7 @@ #include "cn10k_cryptodev.h" #include "cn10k_cryptodev_ops.h" +#include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" #include "cnxk_cryptodev_sec.h" @@ -101,6 +102,7 @@ cn10k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; cn10k_cpt_set_enqdeq_fns(dev); + cn10k_sec_ops_override(); return 0; diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c new file mode 100644 index 0000000..1d567bf --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -0,0 +1,275 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "cnxk_cryptodev.h" +#include "cnxk_ipsec.h" +#include "cnxk_security.h" +#include "cn10k_ipsec.h" + +#include "roc_api.h" + +static int +ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xfrm, + struct rte_crypto_sym_xform *crypto_xfrm) +{ + if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) + return -EINVAL; + + if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + crypto_xfrm->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) + return -EINVAL; + + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + switch (crypto_xfrm->aead.key.length) { + case ROC_CPT_AES128_KEY_LEN: + case ROC_CPT_AES192_KEY_LEN: + case ROC_CPT_AES256_KEY_LEN: + break; + default: + return -EINVAL; + } + return 0; + } + + return -ENOTSUP; +} + +static int +cn10k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xfrm, + struct rte_crypto_sym_xform *crypto_xfrm) +{ + if ((ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) && + (ipsec_xfrm->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS)) + return -EINVAL; + + if ((ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) && + (ipsec_xfrm->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH)) + return -EINVAL; + + if ((ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) && + (ipsec_xfrm->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) + return -EINVAL; + + if ((ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && + (ipsec_xfrm->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) + return -EINVAL; + + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) + return ipsec_xform_aead_verify(ipsec_xfrm, crypto_xfrm); + + return -ENOTSUP; +} + +static uint64_t +ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa) +{ + union cpt_inst_w7 w7; + + w7.u64 = 0; + w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE]; + w7.s.ctx_val = 1; + w7.s.cptr = (uint64_t)sa; + rte_mb(); + + return w7.u64; +} + +static int +cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, + struct rte_security_ipsec_xform *ipsec_xfrm, + struct rte_crypto_sym_xform *crypto_xfrm, + struct rte_security_session *sec_sess) +{ + struct roc_ot_ipsec_outb_sa *out_sa; + struct cnxk_ipsec_outb_rlens rlens; + struct cn10k_sec_session *sess; + struct cn10k_ipsec_sa *sa; + union cpt_inst_w4 inst_w4; + int ret; + + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + out_sa = &sa->out_sa; + + memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa)); + + /* Translate security parameters to SA */ + ret = cnxk_ot_ipsec_outb_sa_fill(out_sa, ipsec_xfrm, crypto_xfrm); + if (ret) + return ret; + + sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); + + /* Get Rlen calculation data */ + ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); + if (ret) + return ret; + + sa->partial_len = rlens.partial_len; + sa->roundup_byte = rlens.roundup_byte; + sa->roundup_len = rlens.roundup_len; + + /* pre-populate CPT INST word 4 */ + inst_w4.u64 = 0; + inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC; + inst_w4.s.param1 = 0; + sa->inst.w4 = inst_w4.u64; + + return 0; +} + +static int +cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, + struct rte_security_ipsec_xform *ipsec_xfrm, + struct rte_crypto_sym_xform *crypto_xfrm, + struct rte_security_session *sec_sess) +{ + struct roc_ot_ipsec_inb_sa *in_sa; + struct cn10k_sec_session *sess; + struct cn10k_ipsec_sa *sa; + union cpt_inst_w4 inst_w4; + int ret; + + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + in_sa = &sa->in_sa; + + /* Translate security parameters to SA */ + ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm); + if (ret) + return ret; + + /* TODO add support for antireplay */ + sa->in_sa.w0.s.ar_win = 0; + + /* TODO add support for udp encap */ + + sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); + + /* pre-populate CPT INST word 4 */ + inst_w4.u64 = 0; + inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC; + + /* Disable checksum verification for now */ + inst_w4.s.param1 = 7; + sa->inst.w4 = inst_w4.u64; + + return 0; +} + +static int +cn10k_ipsec_session_create(void *dev, + struct rte_security_ipsec_xform *ipsec_xfrm, + struct rte_crypto_sym_xform *crypto_xfrm, + struct rte_security_session *sess) +{ + struct rte_cryptodev *crypto_dev = dev; + struct roc_cpt *roc_cpt; + struct cnxk_cpt_vf *vf; + int ret; + + vf = crypto_dev->data->dev_private; + roc_cpt = &vf->cpt; + + if (crypto_dev->data->queue_pairs[0] == NULL) { + plt_err("Setup cpt queue pair before creating security session"); + return -EPERM; + } + + ret = cn10k_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm); + if (ret) + return ret; + + if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return cn10k_ipsec_inb_sa_create(roc_cpt, ipsec_xfrm, + crypto_xfrm, sess); + else + return cn10k_ipsec_outb_sa_create(roc_cpt, ipsec_xfrm, + crypto_xfrm, sess); +} + +static int +cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + struct cn10k_sec_session *priv; + int ret; + + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) + return -EINVAL; + + if (rte_security_dynfield_register() < 0) + return -ENOTSUP; + + if (rte_mempool_get(mempool, (void **)&priv)) { + plt_err("Could not allocate security session private data"); + return -ENOMEM; + } + + set_sec_session_private_data(sess, priv); + + priv->userdata = conf->userdata; + + if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { + ret = -ENOTSUP; + goto mempool_put; + } + ret = cn10k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, sess); + if (ret) + goto mempool_put; + + return 0; + +mempool_put: + rte_mempool_put(mempool, priv); + set_sec_session_private_data(sess, NULL); + return ret; +} + +static int +cn10k_sec_session_destroy(void *device __rte_unused, + struct rte_security_session *sess) +{ + struct cn10k_sec_session *priv; + struct rte_mempool *sess_mp; + + priv = get_sec_session_private_data(sess); + + if (priv == NULL) + return 0; + + sess_mp = rte_mempool_from_obj(priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, priv); + + return 0; +} + +static unsigned int +cn10k_sec_session_get_size(void *device __rte_unused) +{ + return sizeof(struct cn10k_sec_session); +} + +/* Update platform specific security ops */ +void +cn10k_sec_ops_override(void) +{ + /* Update platform specific ops */ + cnxk_sec_ops.session_create = cn10k_sec_session_create; + cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy; + cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size; +} diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h new file mode 100644 index 0000000..668282f --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -0,0 +1,36 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN10K_IPSEC_H__ +#define __CN10K_IPSEC_H__ + +#include + +#include "cnxk_ipsec.h" + +#define CN10K_IPSEC_SA_CTX_HDR_SIZE 1 + +struct cn10k_ipsec_sa { + union { + /** Inbound SA */ + struct roc_ot_ipsec_inb_sa in_sa; + /** Outbound SA */ + struct roc_ot_ipsec_outb_sa out_sa; + }; + /** Pre-populated CPT inst words */ + struct cnxk_cpt_inst_tmpl inst; + uint8_t partial_len; + uint8_t roundup_len; + uint8_t roundup_byte; +}; + +struct cn10k_sec_session { + struct cn10k_ipsec_sa sa; + void *userdata; + /**< Userdata registered by the application */ +} __rte_cache_aligned; + +void cn10k_sec_ops_override(void); + +#endif /* __CN10K_IPSEC_H__ */ diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h new file mode 100644 index 0000000..f6897a0 --- /dev/null +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ +#ifndef __CNXK_IPSEC_H__ +#define __CNXK_IPSEC_H__ + +#include +#include + +#include "roc_api.h" + +extern struct rte_security_ops cnxk_sec_ops; + +struct cnxk_cpt_inst_tmpl { + uint64_t w2; + uint64_t w4; + uint64_t w7; +}; + +#endif /* __CNXK_IPSEC_H__ */ diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index a2b461e..c56d6cf 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -13,6 +13,7 @@ sources = files( 'cn9k_cryptodev_ops.c', 'cn10k_cryptodev.c', 'cn10k_cryptodev_ops.c', + 'cn10k_ipsec.c', 'cnxk_cryptodev.c', 'cnxk_cryptodev_capabilities.c', 'cnxk_cryptodev_ops.c', @@ -20,3 +21,5 @@ sources = files( ) deps += ['bus_pci', 'common_cnxk', 'security'] + +includes += include_directories('../../../lib/net') From patchwork Tue Jun 29 07:34:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94948 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 61EEBA0A0C; Tue, 29 Jun 2021 09:35:15 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 665694117C; Tue, 29 Jun 2021 09:35:12 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1880F40E3C for ; Tue, 29 Jun 2021 09:35:09 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QR8w006831; Tue, 29 Jun 2021 00:35:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=10aXaPj0hUALXpEO5C+c/T939Gtg+4E45fK5PZmNPXA=; b=aGZ0VfPC2ZRVkB7oIAqL6+F9WYJC//nJRephFx+BVlOE5/xAv/cD9iKxqFMpOvt0bXa8 V2Z2JUImNGw1/xS7Owfq4rBdEjEjVdFquiEGwyjfSJ05Yh33SBoF4rHWCycXBGPOaqvn VQ5uns47OS1KMOEaTF/jB6z4DLh5xIw7C8LhXBxgy2tc5uTIir2ynRcSAeg7JhSI8Qxp cGxdRawuyqxvzQsndd0EenWMoE2I5XgF+a0IHWfcZ/crRZy5KiWx3FwirhaCgYcsFsrx a/ZXeWddDKj0ARC0y+mij7V44Ehf/3E6LJuIBVbrn2YWHxNk+tU9IoTW7/KnDXNv9fOt Tg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s60-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:09 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:07 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:07 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 85F425B6923; Tue, 29 Jun 2021 00:35:03 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Tejasree Kondoj , Jerin Jacob , Ankur Dwivedi , , Anoob Joseph , Srujana Challa Date: Tue, 29 Jun 2021 13:04:31 +0530 Message-ID: <1624952076-30928-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 52mfo77dW9lBdexyzvWmXv3Fx9nTBQdj X-Proofpoint-GUID: 52mfo77dW9lBdexyzvWmXv3Fx9nTBQdj X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 3/8] crypto/cnxk: add security handling in datapath ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Add security handling in enqueue dequeue ops. Signed-off-by: Anoob Joseph Signed-off-by: Srujana Challa Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 78 ++++++++++++++++++++++++++++++- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 74 +++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 1a30908..8005a25 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -4,9 +4,12 @@ #include #include +#include #include "cn10k_cryptodev.h" #include "cn10k_cryptodev_ops.h" +#include "cn10k_ipsec_la_ops.h" +#include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" #include "cnxk_se.h" @@ -42,6 +45,38 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) } static __rte_always_inline int __rte_hot +cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess, + struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + union roc_ot_ipsec_sa_word2 *w2; + struct cn10k_ipsec_sa *sa; + int ret; + + if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { + plt_dp_err("Out of place is not supported"); + return -ENOTSUP; + } + + if (unlikely(!rte_pktmbuf_is_contiguous(sym_op->m_src))) { + plt_dp_err("Scatter Gather mode is not supported"); + return -ENOTSUP; + } + + sa = &sess->sa; + w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; + + if (w2->s.dir == ROC_IE_OT_SA_DIR_OUTBOUND) + ret = process_outb_sa(op, sa, inst); + else { + infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND; + ret = process_inb_sa(op, sa, inst); + } + + return ret; +} + +static __rte_always_inline int __rte_hot cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cnxk_se_sess *sess, struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) @@ -64,6 +99,7 @@ static inline int cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], struct cpt_inst_s inst[], struct cpt_inflight_req *infl_req) { + struct cn10k_sec_session *sec_sess; struct rte_crypto_sym_op *sym_op; struct cnxk_se_sess *sess; struct rte_crypto_op *op; @@ -79,7 +115,15 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], sym_op = op->sym; if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + sec_sess = get_sec_session_private_data( + sym_op->sec_session); + ret = cpt_sec_inst_fill(op, sec_sess, infl_req, + &inst[0]); + if (unlikely(ret)) + return 0; + w7 = sec_sess->sa.inst.w7; + } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { sess = get_sym_session_private_data( sym_op->session, cn10k_cryptodev_driver_id); ret = cpt_sym_inst_fill(qp, op, sess, infl_req, @@ -196,6 +240,34 @@ cn10k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) } static inline void +cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, + struct cpt_inflight_req *infl_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip; + uint16_t m_len; + + if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) { + ip = (struct rte_ipv4_hdr *)rte_pktmbuf_mtod(m, char *); + + if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == + IPVERSION) { + m_len = rte_be_to_cpu_16(ip->total_length); + } else { + PLT_ASSERT(((ip->version_ihl & 0xf0) >> + RTE_IPV4_IHL_MULTIPLIER) == IPV6_VERSION); + ip6 = (struct rte_ipv6_hdr *)ip; + m_len = rte_be_to_cpu_16(ip6->payload_len) + + sizeof(struct rte_ipv6_hdr); + } + m->data_len = m_len; + m->pkt_len = m_len; + } +} + +static inline void cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, struct cpt_inflight_req *infl_req) @@ -219,6 +291,10 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + cn10k_cpt_sec_post_process(cop, infl_req); + return; + } /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h new file mode 100644 index 0000000..1e9ebb5 --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -0,0 +1,74 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN10K_IPSEC_LA_OPS_H__ +#define __CN10K_IPSEC_LA_OPS_H__ + +#include +#include + +#include "cn10k_cryptodev.h" +#include "cn10k_ipsec.h" +#include "cnxk_cryptodev.h" + +static __rte_always_inline int32_t +ipsec_po_out_rlen_get(struct cn10k_ipsec_sa *sess, uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = + RTE_ALIGN_CEIL(plen + sess->roundup_len, sess->roundup_byte); + + return sess->partial_len + enc_payload_len; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen, rlen, extend_tail; + char *mdata; + + dlen = rte_pktmbuf_pkt_len(m_src); + rlen = ipsec_po_out_rlen_get(sess, dlen); + + extend_tail = rlen - dlen; + + mdata = rte_pktmbuf_append(m_src, extend_tail); + if (unlikely(mdata == NULL)) { + plt_dp_err("Not enough tail room"); + return -ENOMEM; + } + + /* Prepare CPT instruction */ + inst->w4.u64 = sess->inst.w4; + inst->w4.s.dlen = dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + + return 0; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen; + + dlen = rte_pktmbuf_pkt_len(m_src); + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4; + inst->w4.s.dlen = dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + + return 0; +} + +#endif /* __CN10K_IPSEC_LA_OPS_H__ */ From patchwork Tue Jun 29 07:34:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94949 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 56A1DA0A0F; Tue, 29 Jun 2021 09:35:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1541C41195; Tue, 29 Jun 2021 09:35:17 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E57E241195 for ; Tue, 29 Jun 2021 09:35:15 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7P4qu015223; Tue, 29 Jun 2021 00:35:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=N6rM+RXq27KWzAv7wHjpNy8HqnfoJrb2/9jNiU0U2nk=; b=FVPiVLrhpKZBdey7pnnd+U1uQzHTz94F08doZoWQWEZz5eZV0ekLSLvCR3YQtAgSO6l8 d2iwvqXFIUgrqj9SBANITpPng8zx4tKiFpPfwdaQ2v2/450G34BiHtK4GJw74YOk1Suh Pgh0jAUnBGZr9tiy5xqEvT5oQz9E5WKRSfbMQrq+h6nhXED3kPc4FPyxufSCJaWtuqMk DaoIaZwFDiIbAFiOElyWm+qbvQTnviyawgFfgJ1mCXJj+Ja3dxduepEzKwXXA9PMtnYw E93T0qX8KOCeA2LMkjIE+jwiwpkKrP1B+yFYKnbnM6tFCTlwyRHE4k5gkJlwbMiwDSij Ow== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 39f964cqw0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:14 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:12 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:11 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 99A935B6925; Tue, 29 Jun 2021 00:35:08 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Anoob Joseph , Jerin Jacob , "Ankur Dwivedi" , Tejasree Kondoj , , Srujana Challa Date: Tue, 29 Jun 2021 13:04:32 +0530 Message-ID: <1624952076-30928-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: K88Wvtq6NRddwPns6onusL3G_8-SvlKf X-Proofpoint-GUID: K88Wvtq6NRddwPns6onusL3G_8-SvlKf X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 4/8] crypto/cnxk: add security capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add security capabilities supported by crypto cn10k PMD. Signed-off-by: Anoob Joseph Signed-off-by: Srujana Challa Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 24 +++++ doc/guides/cryptodevs/features/cn10k.ini | 1 + drivers/crypto/cnxk/cn10k_cryptodev.c | 1 + drivers/crypto/cnxk/cnxk_cryptodev.h | 4 + drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 114 ++++++++++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h | 9 +- drivers/crypto/cnxk/cnxk_cryptodev_sec.c | 3 +- 7 files changed, 154 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 66b0b63..db949fa 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -185,6 +185,30 @@ running the test application: ./dpdk-test RTE>>cryptodev_cn10k_autotest +Lookaside IPsec Support +----------------------- + +The OCTEON cnxk SoCs can accelerate IPsec traffic in lookaside protocol mode, +with its **cryptographic accelerator (CPT)**. ``OCTEON cnxk crypto PMD`` implements +this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload. + +Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads. + +This feature can be tested with ipsec-secgw sample application. + +Supported OCTEON cnxk SoCs +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- CN10XX + +Features supported +~~~~~~~~~~~~~~~~~~ + +* IPv4 +* ESP +* Tunnel mode +* AES-128/192/256-GCM + Limitations ----------- diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini index 77c4a2d..b268f84 100644 --- a/doc/guides/cryptodevs/features/cn10k.ini +++ b/doc/guides/cryptodevs/features/cn10k.ini @@ -7,6 +7,7 @@ Symmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y +Protocol offload = Y In Place SGL = Y OOP SGL In LB Out = Y OOP SGL In SGL Out = Y diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c b/drivers/crypto/cnxk/cn10k_cryptodev.c index cacf9c2..22ae810 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev.c @@ -99,6 +99,7 @@ cn10k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | + RTE_CRYPTODEV_FF_SECURITY | RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; cn10k_cpt_set_enqdeq_fns(dev); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 03af4af..6760c13 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -6,6 +6,7 @@ #define _CNXK_CRYPTODEV_H_ #include +#include #include "roc_cpt.h" @@ -19,6 +20,9 @@ struct cnxk_cpt_vf { struct roc_cpt cpt; struct rte_cryptodev_capabilities crypto_caps[CNXK_CPT_MAX_CAPS]; + struct rte_cryptodev_capabilities + sec_crypto_caps[CNXK_SEC_CRYPTO_MAX_CAPS]; + struct rte_security_capability sec_caps[CNXK_SEC_MAX_CAPS]; }; int cnxk_cpt_eng_grp_add(struct roc_cpt *roc_cpt); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index a5195e8..d52fa89 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -3,6 +3,7 @@ */ #include +#include #include "roc_api.h" @@ -18,6 +19,15 @@ RTE_DIM(caps_##name)); \ } while (0) +#define SEC_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name) \ + do { \ + if ((hw_caps[CPT_ENG_TYPE_SE].name) || \ + (hw_caps[CPT_ENG_TYPE_IE].name) || \ + (hw_caps[CPT_ENG_TYPE_AE].name)) \ + sec_caps_add(cnxk_caps, cur_pos, sec_caps_##name, \ + RTE_DIM(sec_caps_##name)); \ + } while (0) + static const struct rte_cryptodev_capabilities caps_sha1_sha2[] = { { /* SHA1 */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, @@ -658,6 +668,69 @@ static const struct rte_cryptodev_capabilities caps_end[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +static const struct rte_cryptodev_capabilities sec_caps_aes[] = { + { /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 8, + .max = 12, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, +}; + +static const struct rte_security_capability sec_caps_templ[] = { + { /* IPsec Lookaside Protocol ESP Tunnel Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 } + }, + .crypto_capabilities = NULL, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { /* IPsec Lookaside Protocol ESP Tunnel Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 } + }, + .crypto_capabilities = NULL, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; + static void cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos, const struct rte_cryptodev_capabilities *caps, int nb_caps) @@ -692,8 +765,49 @@ cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf) return vf->crypto_caps; } +static void +sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos, + const struct rte_cryptodev_capabilities *caps, int nb_caps) +{ + if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS) + return; + + memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0])); + *cur_pos += nb_caps; +} + +static void +sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], + union cpt_eng_caps *hw_caps) +{ + int cur_pos = 0; + + SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes); + + sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); +} + void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) { + unsigned long i; + crypto_caps_populate(vf->crypto_caps, vf->cpt.hw_caps); + sec_crypto_caps_populate(vf->sec_crypto_caps, vf->cpt.hw_caps); + + PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps)); + memcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ)); + + for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++) + vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps; +} + +const struct rte_security_capability * +cnxk_crypto_sec_capabilities_get(void *device) +{ + struct rte_cryptodev *dev = device; + struct cnxk_cpt_vf *vf; + + vf = dev->data->dev_private; + return vf->sec_caps; } diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h index 85f5ad2..fe07e43 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h @@ -10,7 +10,7 @@ #include "cnxk_cryptodev.h" /* - * Initialize crypto capabilities for the device + * Initialize crypto and IPsec capabilities for the device * */ void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf); @@ -22,4 +22,11 @@ void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf); const struct rte_cryptodev_capabilities * cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf); +/* + * Get security capabilities list for the device + * + */ +const struct rte_security_capability * +cnxk_crypto_sec_capabilities_get(void *device); + #endif /* _CNXK_CRYPTODEV_CAPABILITIES_H_ */ diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c index f03d2ed..8d04d4b 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c @@ -7,6 +7,7 @@ #include #include +#include "cnxk_cryptodev_capabilities.h" #include "cnxk_cryptodev_sec.h" /* Common security ops */ @@ -16,7 +17,7 @@ struct rte_security_ops cnxk_sec_ops = { .session_get_size = NULL, .set_pkt_metadata = NULL, .get_userdata = NULL, - .capabilities_get = NULL, + .capabilities_get = cnxk_crypto_sec_capabilities_get }; int From patchwork Tue Jun 29 07:34:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94950 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 60A9FA0A0C; Tue, 29 Jun 2021 09:35:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 552F441193; Tue, 29 Jun 2021 09:35:21 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 8B7534119E for ; Tue, 29 Jun 2021 09:35:19 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QRdL006855; Tue, 29 Jun 2021 00:35:18 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=pWTTYODcNVGd/Su10C7vGNibIvcYBI14JAIBBUro/Xg=; b=Mfk2Mlv84Syt5bln1mvnrYb0V61ldDIJsQfpWSoK56tA+iVmN44eUfblh/deNtd1BV5M GchuA1ShfKahU1e4GlwDkKxUnzkVkYQAcrpZFmWvOgOCqjSlq69hb3aW/v7+pB3TDeLy SGST3F5dQL4GvVoH/48suB+GxGizLUkPUG+oJkHdejvkWdXnAKwLXmYJEj2NCPBBpIlo pmmACwmYAUfyvNXHp9NpRqFHxO/+P9CJWGjZcdTZZOABZZrP3WhXC+51+GhrvbgvLzx7 LIcU/kMxHry8yBnnyof3zJyWMXmsG10LfxB7h5kk4qKwZJewu0qhgv5bDEKngCgfQnkZ Pg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s7j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:18 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:16 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:16 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 922595B6928; Tue, 29 Jun 2021 00:35:13 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Kiran Kumar K , Jerin Jacob , Ankur Dwivedi , Tejasree Kondoj , Date: Tue, 29 Jun 2021 13:04:33 +0530 Message-ID: <1624952076-30928-6-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 5DDhGBxHuFVtfEvzG4SB-wAgPTqzFrY9 X-Proofpoint-GUID: 5DDhGBxHuFVtfEvzG4SB-wAgPTqzFrY9 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 5/8] crypto/cnxk: add asymmetric session ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Kiran Kumar K Add asymmetric crypto session ops. Signed-off-by: Kiran Kumar K --- doc/guides/cryptodevs/features/cn10k.ini | 13 ++ doc/guides/cryptodevs/features/cn9k.ini | 13 ++ drivers/crypto/cnxk/cn10k_cryptodev.c | 2 + drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 6 +- drivers/crypto/cnxk/cn9k_cryptodev.c | 4 +- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 6 +- drivers/crypto/cnxk/cnxk_ae.h | 211 ++++++++++++++++++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev.h | 4 +- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 106 +++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 8 ++ 10 files changed, 365 insertions(+), 8 deletions(-) create mode 100644 drivers/crypto/cnxk/cnxk_ae.h diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini index b268f84..f5552fe 100644 --- a/doc/guides/cryptodevs/features/cn10k.ini +++ b/doc/guides/cryptodevs/features/cn10k.ini @@ -5,6 +5,7 @@ ; [Features] Symmetric crypto = Y +Asymmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y Protocol offload = Y @@ -65,3 +66,15 @@ AES GCM (128) = Y AES GCM (192) = Y AES GCM (256) = Y CHACHA20-POLY1305 = Y + +; +; Supported Asymmetric algorithms of the 'cn10k' crypto driver. +; +[Asymmetric] +RSA = Y +DSA = +Modular Exponentiation = Y +Modular Inversion = +Diffie-hellman = +ECDSA = Y +ECPM = Y diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini index 7b310e6..d69dbe8 100644 --- a/doc/guides/cryptodevs/features/cn9k.ini +++ b/doc/guides/cryptodevs/features/cn9k.ini @@ -5,6 +5,7 @@ ; [Features] Symmetric crypto = Y +Asymmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y In Place SGL = Y @@ -64,3 +65,15 @@ AES GCM (128) = Y AES GCM (192) = Y AES GCM (256) = Y CHACHA20-POLY1305 = Y + +; +; Supported Asymmetric algorithms of the 'cn9k' crypto driver. +; +[Asymmetric] +RSA = Y +DSA = +Modular Exponentiation = Y +Modular Inversion = +Diffie-hellman = +ECDSA = Y +ECPM = Y diff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c b/drivers/crypto/cnxk/cn10k_cryptodev.c index 22ae810..10a621f 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev.c @@ -92,7 +92,9 @@ cn10k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, dev->driver_id = cn10k_cryptodev_driver_id; dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | + RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_IN_PLACE_SGL | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 8005a25..aa615b2 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -426,8 +426,8 @@ struct rte_cryptodev_ops cn10k_cpt_ops = { .sym_session_clear = cnxk_cpt_sym_session_clear, /* Asymmetric crypto ops */ - .asym_session_get_size = NULL, - .asym_session_configure = NULL, - .asym_session_clear = NULL, + .asym_session_get_size = cnxk_ae_session_size_get, + .asym_session_configure = cnxk_ae_session_cfg, + .asym_session_clear = cnxk_ae_session_clear, }; diff --git a/drivers/crypto/cnxk/cn9k_cryptodev.c b/drivers/crypto/cnxk/cn9k_cryptodev.c index d3dc084..e74e739 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev.c @@ -83,6 +83,7 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, cnxk_cpt_caps_populate(vf); dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_IN_PLACE_SGL | @@ -90,7 +91,8 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT; cn9k_cpt_set_enqdeq_fns(dev); diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index b939d99..6d1537b 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -312,8 +312,8 @@ struct rte_cryptodev_ops cn9k_cpt_ops = { .sym_session_clear = cnxk_cpt_sym_session_clear, /* Asymmetric crypto ops */ - .asym_session_get_size = NULL, - .asym_session_configure = NULL, - .asym_session_clear = NULL, + .asym_session_get_size = cnxk_ae_session_size_get, + .asym_session_configure = cnxk_ae_session_cfg, + .asym_session_clear = cnxk_ae_session_clear, }; diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h new file mode 100644 index 0000000..e3dd63b --- /dev/null +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -0,0 +1,211 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef _CNXK_AE_H_ +#define _CNXK_AE_H_ + +#include +#include +#include + +#include "roc_api.h" +#include "cnxk_cryptodev_ops.h" + +struct cnxk_ae_sess { + enum rte_crypto_asym_xform_type xfrm_type; + union { + struct rte_crypto_rsa_xform rsa_ctx; + struct rte_crypto_modex_xform mod_ctx; + struct roc_ae_ec_ctx ec_ctx; + }; + uint64_t *cnxk_fpm_iova; + struct roc_ae_ec_group **ec_grp; + uint64_t cpt_inst_w7; +}; + +static __rte_always_inline void +cnxk_ae_modex_param_normalize(uint8_t **data, size_t *len) +{ + size_t i; + + /* Strip leading NUL bytes */ + for (i = 0; i < *len; i++) { + if ((*data)[i] != 0) + break; + } + *data += i; + *len -= i; +} + +static __rte_always_inline int +cnxk_ae_fill_modex_params(struct cnxk_ae_sess *sess, + struct rte_crypto_asym_xform *xform) +{ + struct rte_crypto_modex_xform *ctx = &sess->mod_ctx; + size_t exp_len = xform->modex.exponent.length; + size_t mod_len = xform->modex.modulus.length; + uint8_t *exp = xform->modex.exponent.data; + uint8_t *mod = xform->modex.modulus.data; + + cnxk_ae_modex_param_normalize(&mod, &mod_len); + cnxk_ae_modex_param_normalize(&exp, &exp_len); + + if (unlikely(exp_len == 0 || mod_len == 0)) + return -EINVAL; + + if (unlikely(exp_len > mod_len)) + return -ENOTSUP; + + /* Allocate buffer to hold modexp params */ + ctx->modulus.data = rte_malloc(NULL, mod_len + exp_len, 0); + if (ctx->modulus.data == NULL) + return -ENOMEM; + + /* Set up modexp prime modulus and private exponent */ + memcpy(ctx->modulus.data, mod, mod_len); + ctx->exponent.data = ctx->modulus.data + mod_len; + memcpy(ctx->exponent.data, exp, exp_len); + + ctx->modulus.length = mod_len; + ctx->exponent.length = exp_len; + + return 0; +} + +static __rte_always_inline int +cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess, + struct rte_crypto_asym_xform *xform) +{ + struct rte_crypto_rsa_priv_key_qt qt = xform->rsa.qt; + struct rte_crypto_rsa_xform *xfrm_rsa = &xform->rsa; + struct rte_crypto_rsa_xform *rsa = &sess->rsa_ctx; + size_t mod_len = xfrm_rsa->n.length; + size_t exp_len = xfrm_rsa->e.length; + size_t len = (mod_len / 2); + uint64_t total_size; + + /* Make sure key length used is not more than mod_len/2 */ + if (qt.p.data != NULL) + len = RTE_MIN(len, qt.p.length); + + /* Total size required for RSA key params(n,e,(q,dQ,p,dP,qInv)) */ + total_size = mod_len + exp_len + 5 * len; + + /* Allocate buffer to hold all RSA keys */ + rsa->n.data = rte_malloc(NULL, total_size, 0); + if (rsa->n.data == NULL) + return -ENOMEM; + + /* Set up RSA prime modulus and public key exponent */ + memcpy(rsa->n.data, xfrm_rsa->n.data, mod_len); + rsa->e.data = rsa->n.data + mod_len; + memcpy(rsa->e.data, xfrm_rsa->e.data, exp_len); + + /* Private key in quintuple format */ + if (len != 0) { + rsa->qt.q.data = rsa->e.data + exp_len; + memcpy(rsa->qt.q.data, qt.q.data, qt.q.length); + rsa->qt.dQ.data = rsa->qt.q.data + qt.q.length; + memcpy(rsa->qt.dQ.data, qt.dQ.data, qt.dQ.length); + rsa->qt.p.data = rsa->qt.dQ.data + qt.dQ.length; + memcpy(rsa->qt.p.data, qt.p.data, qt.p.length); + rsa->qt.dP.data = rsa->qt.p.data + qt.p.length; + memcpy(rsa->qt.dP.data, qt.dP.data, qt.dP.length); + rsa->qt.qInv.data = rsa->qt.dP.data + qt.dP.length; + memcpy(rsa->qt.qInv.data, qt.qInv.data, qt.qInv.length); + + rsa->qt.q.length = qt.q.length; + rsa->qt.dQ.length = qt.dQ.length; + rsa->qt.p.length = qt.p.length; + rsa->qt.dP.length = qt.dP.length; + rsa->qt.qInv.length = qt.qInv.length; + } + rsa->n.length = mod_len; + rsa->e.length = exp_len; + + return 0; +} + +static __rte_always_inline int +cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess, + struct rte_crypto_asym_xform *xform) +{ + struct roc_ae_ec_ctx *ec = &sess->ec_ctx; + + switch (xform->ec.curve_id) { + case RTE_CRYPTO_EC_GROUP_SECP192R1: + ec->curveid = ROC_AE_EC_ID_P192; + break; + case RTE_CRYPTO_EC_GROUP_SECP224R1: + ec->curveid = ROC_AE_EC_ID_P224; + break; + case RTE_CRYPTO_EC_GROUP_SECP256R1: + ec->curveid = ROC_AE_EC_ID_P256; + break; + case RTE_CRYPTO_EC_GROUP_SECP384R1: + ec->curveid = ROC_AE_EC_ID_P384; + break; + case RTE_CRYPTO_EC_GROUP_SECP521R1: + ec->curveid = ROC_AE_EC_ID_P521; + break; + default: + /* Only NIST curves (FIPS 186-4) are supported */ + return -EINVAL; + } + + return 0; +} + +static __rte_always_inline int +cnxk_ae_fill_session_parameters(struct cnxk_ae_sess *sess, + struct rte_crypto_asym_xform *xform) +{ + int ret; + + sess->xfrm_type = xform->xform_type; + + switch (xform->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + ret = cnxk_ae_fill_rsa_params(sess, xform); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + ret = cnxk_ae_fill_modex_params(sess, xform); + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + /* Fall through */ + case RTE_CRYPTO_ASYM_XFORM_ECPM: + ret = cnxk_ae_fill_ec_params(sess, xform); + break; + default: + return -ENOTSUP; + } + return ret; +} + +static inline void +cnxk_ae_free_session_parameters(struct cnxk_ae_sess *sess) +{ + struct rte_crypto_modex_xform *mod; + struct rte_crypto_rsa_xform *rsa; + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + rsa = &sess->rsa_ctx; + if (rsa->n.data) + rte_free(rsa->n.data); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + mod = &sess->mod_ctx; + if (mod->modulus.data) + rte_free(mod->modulus.data); + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + /* Fall through */ + case RTE_CRYPTO_ASYM_XFORM_ECPM: + break; + default: + break; + } +} +#endif /* _CNXK_AE_H_ */ diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 6760c13..5e38933 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -13,7 +13,7 @@ #define CNXK_CPT_MAX_CAPS 34 #define CNXK_SEC_CRYPTO_MAX_CAPS 4 #define CNXK_SEC_MAX_CAPS 3 - +#define CNXK_AE_EC_ID_MAX 5 /** * Device private data */ @@ -23,6 +23,8 @@ struct cnxk_cpt_vf { struct rte_cryptodev_capabilities sec_crypto_caps[CNXK_SEC_CRYPTO_MAX_CAPS]; struct rte_security_capability sec_caps[CNXK_SEC_MAX_CAPS]; + uint64_t cnxk_fpm_iova[CNXK_AE_EC_ID_MAX]; + struct roc_ae_ec_group *ec_grp[CNXK_AE_EC_ID_MAX]; }; int cnxk_cpt_eng_grp_add(struct roc_cpt *roc_cpt); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 0d81785..7322539 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -8,11 +8,15 @@ #include "roc_cpt.h" +#include "cnxk_ae.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" #include "cnxk_cryptodev_capabilities.h" #include "cnxk_se.h" +#define CNXK_CPT_MAX_ASYM_OP_NUM_PARAMS 5 +#define CNXK_CPT_MAX_ASYM_OP_MOD_LEN 1024 + static int cnxk_cpt_get_mlen(void) { @@ -31,6 +35,20 @@ cnxk_cpt_get_mlen(void) return len; } +static int +cnxk_cpt_asym_get_mlen(void) +{ + uint32_t len; + + /* To hold RPTR */ + len = sizeof(uint64_t); + + /* Get meta len for asymmetric operations */ + len += CNXK_CPT_MAX_ASYM_OP_NUM_PARAMS * CNXK_CPT_MAX_ASYM_OP_MOD_LEN; + + return len; +} + int cnxk_cpt_dev_config(struct rte_cryptodev *dev, struct rte_cryptodev_config *conf) @@ -54,6 +72,23 @@ cnxk_cpt_dev_config(struct rte_cryptodev *dev, return ret; } + if (dev->feature_flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO) { + /* Initialize shared FPM table */ + ret = roc_ae_fpm_get(vf->cnxk_fpm_iova); + if (ret) { + plt_err("Could not get FPM table"); + return ret; + } + + /* Init EC grp table */ + ret = roc_ae_ec_grp_get(vf->ec_grp); + if (ret) { + plt_err("Could not get EC grp table"); + roc_ae_fpm_put(); + return ret; + } + } + return 0; } @@ -86,6 +121,11 @@ cnxk_cpt_dev_close(struct rte_cryptodev *dev) } } + if (dev->feature_flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO) { + roc_ae_fpm_put(); + roc_ae_ec_grp_put(); + } + roc_cpt_dev_clear(&vf->cpt); return 0; @@ -128,6 +168,12 @@ cnxk_cpt_metabuf_mempool_create(const struct rte_cryptodev *dev, mlen = cnxk_cpt_get_mlen(); } + if (dev->feature_flags & RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO) { + + /* Get meta len required for asymmetric operations */ + mlen = RTE_MAX(mlen, cnxk_cpt_asym_get_mlen()); + } + cache_sz = RTE_MIN(RTE_MEMPOOL_CACHE_MAX_SIZE, nb_elements / 1.5); /* Allocate mempool */ @@ -549,3 +595,63 @@ cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, { return sym_session_clear(dev->driver_id, sess); } + +unsigned int +cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct cnxk_ae_sess); +} + +void +cnxk_ae_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_asym_session *sess) +{ + struct rte_mempool *sess_mp; + struct cnxk_ae_sess *priv; + + priv = get_asym_session_private_data(sess, dev->driver_id); + if (priv == NULL) + return; + + /* Free resources allocated in session_cfg */ + cnxk_ae_free_session_parameters(priv); + + /* Reset and free object back to pool */ + memset(priv, 0, cnxk_ae_session_size_get(dev)); + sess_mp = rte_mempool_from_obj(priv); + set_asym_session_private_data(sess, dev->driver_id, NULL); + rte_mempool_put(sess_mp, priv); +} + +int +cnxk_ae_session_cfg(struct rte_cryptodev *dev, + struct rte_crypto_asym_xform *xform, + struct rte_cryptodev_asym_session *sess, + struct rte_mempool *pool) +{ + struct cnxk_cpt_vf *vf = dev->data->dev_private; + struct roc_cpt *roc_cpt = &vf->cpt; + struct cnxk_ae_sess *priv; + union cpt_inst_w7 w7; + int ret; + + if (rte_mempool_get(pool, (void **)&priv)) + return -ENOMEM; + + memset(priv, 0, sizeof(struct cnxk_ae_sess)); + + ret = cnxk_ae_fill_session_parameters(priv, xform); + if (ret) { + rte_mempool_put(pool, priv); + return ret; + } + + w7.u64 = 0; + w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_AE]; + priv->cpt_inst_w7 = w7.u64; + priv->cnxk_fpm_iova = vf->cnxk_fpm_iova; + priv->ec_grp = vf->ec_grp; + set_asym_session_private_data(sess, dev->driver_id, priv); + + return 0; +} diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h index 7995959..c317f40 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h @@ -105,4 +105,12 @@ void cnxk_cpt_sym_session_clear(struct rte_cryptodev *dev, void sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess); +unsigned int cnxk_ae_session_size_get(struct rte_cryptodev *dev __rte_unused); + +void cnxk_ae_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_asym_session *sess); +int cnxk_ae_session_cfg(struct rte_cryptodev *dev, + struct rte_crypto_asym_xform *xform, + struct rte_cryptodev_asym_session *sess, + struct rte_mempool *pool); #endif /* _CNXK_CRYPTODEV_OPS_H_ */ From patchwork Tue Jun 29 07:34:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94951 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 54BBAA0A0C; Tue, 29 Jun 2021 09:35:39 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 045AD41197; Tue, 29 Jun 2021 09:35:26 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 08955411A3 for ; Tue, 29 Jun 2021 09:35:23 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QRls006833; Tue, 29 Jun 2021 00:35:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=swypZPBehHzcCGQjoUHi5yo2fsWOLsQstvg+Yy0d0GM=; b=hX8ThRXqgRlYhvATPM8pa9z+bzZ1dC/8Hk8rkPOq52b3CgLMIHeHJSvb6BehF7SXIRVG UWaFI1qGVm/Z9UaD3SB21cEpQzSlvRdwDkASAcREkETJBtiky6M3l/QFL5AEaNzxLwOs qJEML/Klf4xDMxZvmtsLnffylJXuMOHtaxZYTQya9Dg++yx6TT38XgcDWHtffGJ6nUal 6u0JXUT5zcsvt861dgg8ASFVztSHcJyWZOdGAQoTB7uA+WgkboncPSMRtDwNH2pDjPzD 3wElKL1rFvPqGwFBgxtrlhKf0h7A1AEhk6BaUUXFj1Bs8KHu01wtkrDmyGr3JpkPfJlE kw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s82-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:23 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:21 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 5C7385B6925; Tue, 29 Jun 2021 00:35:17 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Kiran Kumar K , Jerin Jacob , Ankur Dwivedi , Tejasree Kondoj , Date: Tue, 29 Jun 2021 13:04:34 +0530 Message-ID: <1624952076-30928-7-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 0-zVePaDciW4fnADdBE_ZKwzX4_Ukwzo X-Proofpoint-GUID: 0-zVePaDciW4fnADdBE_ZKwzX4_Ukwzo X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 6/8] crypto/cnxk: add asymmetric datapath ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Kiran Kumar K Add asymmetric crypto datapath ops. Signed-off-by: Kiran Kumar K --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 27 ++ drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 29 +- drivers/crypto/cnxk/cnxk_ae.h | 625 ++++++++++++++++++++++++++++++ 3 files changed, 679 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index aa615b2..6d322a9 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -10,6 +10,7 @@ #include "cn10k_cryptodev_ops.h" #include "cn10k_ipsec_la_ops.h" #include "cn10k_ipsec.h" +#include "cnxk_ae.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" #include "cnxk_se.h" @@ -100,7 +101,9 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], struct cpt_inst_s inst[], struct cpt_inflight_req *infl_req) { struct cn10k_sec_session *sec_sess; + struct rte_crypto_asym_op *asym_op; struct rte_crypto_sym_op *sym_op; + struct cnxk_ae_sess *ae_sess; struct cnxk_se_sess *sess; struct rte_crypto_op *op; uint64_t w7; @@ -148,6 +151,21 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], } w7 = sess->cpt_inst_w7; } + } else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { + + if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + asym_op = op->asym; + ae_sess = get_asym_session_private_data( + asym_op->session, cn10k_cryptodev_driver_id); + ret = cnxk_ae_enqueue(qp, op, infl_req, &inst[0], + ae_sess); + if (unlikely(ret)) + return 0; + w7 = ae_sess->cpt_inst_w7; + } else { + plt_dp_err("Not supported Asym op without session"); + return 0; + } } else { plt_dp_err("Unsupported op type"); return 0; @@ -303,6 +321,15 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, compl_auth_verify(cop, (uint8_t *)rsp[0], rsp[1]); } + } else if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { + struct rte_crypto_asym_op *op = cop->asym; + uintptr_t *mdata = infl_req->mdata; + struct cnxk_ae_sess *sess; + + sess = get_asym_session_private_data( + op->session, cn10k_cryptodev_driver_id); + + cnxk_ae_post_process(cop, sess, (uint8_t *)mdata[0]); } } else { cop->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index 6d1537b..724965b 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -7,6 +7,7 @@ #include "cn9k_cryptodev.h" #include "cn9k_cryptodev_ops.h" +#include "cnxk_ae.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" #include "cnxk_se.h" @@ -65,11 +66,11 @@ static uint16_t cn9k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) { struct cpt_inflight_req *infl_req; + struct rte_crypto_asym_op *asym_op; struct rte_crypto_sym_op *sym_op; uint16_t nb_allowed, count = 0; struct cnxk_cpt_qp *qp = qptr; struct pending_queue *pend_q; - struct cnxk_se_sess *sess; struct rte_crypto_op *op; struct cpt_inst_s inst; uint64_t lmt_status; @@ -95,6 +96,8 @@ cn9k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) infl_req->op_flags = 0; if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + struct cnxk_se_sess *sess; + if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { sym_op = op->sym; sess = get_sym_session_private_data( @@ -120,6 +123,20 @@ cn9k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) op->sym->session); } } + inst.w7.u64 = sess->cpt_inst_w7; + } else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { + struct cnxk_ae_sess *sess; + + ret = -EINVAL; + if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + asym_op = op->asym; + sess = get_asym_session_private_data( + asym_op->session, + cn9k_cryptodev_driver_id); + ret = cnxk_ae_enqueue(qp, op, infl_req, &inst, + sess); + inst.w7.u64 = sess->cpt_inst_w7; + } } else { plt_dp_err("Unsupported op type"); break; @@ -134,7 +151,6 @@ cn9k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) infl_req->res.cn9k.compcode = CPT_COMP_NOT_DONE; inst.res_addr = (uint64_t)&infl_req->res; - inst.w7.u64 = sess->cpt_inst_w7; do { /* Copy CPT command to LMTLINE */ @@ -189,6 +205,15 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, compl_auth_verify(cop, (uint8_t *)rsp[0], rsp[1]); } + } else if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { + struct rte_crypto_asym_op *op = cop->asym; + uintptr_t *mdata = infl_req->mdata; + struct cnxk_ae_sess *sess; + + sess = get_asym_session_private_data( + op->session, cn9k_cryptodev_driver_id); + + cnxk_ae_post_process(cop, sess, (uint8_t *)mdata[0]); } } else { cop->status = RTE_CRYPTO_OP_STATUS_ERROR; diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index e3dd63b..c752e62 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -208,4 +208,629 @@ cnxk_ae_free_session_parameters(struct cnxk_ae_sess *sess) break; } } + +static __rte_always_inline int +cnxk_ae_modex_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, + struct rte_crypto_modex_xform *mod, struct cpt_inst_s *inst) +{ + uint32_t exp_len = mod->exponent.length; + uint32_t mod_len = mod->modulus.length; + struct rte_crypto_mod_op_param mod_op; + uint64_t total_key_len; + union cpt_inst_w4 w4; + uint32_t base_len; + uint32_t dlen; + uint8_t *dptr; + + mod_op = op->asym->modex; + + base_len = mod_op.base.length; + if (unlikely(base_len > mod_len)) { + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + return -ENOTSUP; + } + + total_key_len = mod_len + exp_len; + + /* Input buffer */ + dptr = meta_buf->vaddr; + inst->dptr = (uintptr_t)dptr; + memcpy(dptr, mod->modulus.data, total_key_len); + dptr += total_key_len; + memcpy(dptr, mod_op.base.data, base_len); + dptr += base_len; + dlen = total_key_len + base_len; + + /* Setup opcodes */ + w4.s.opcode_major = ROC_AE_MAJOR_OP_MODEX; + w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX; + + w4.s.param1 = mod_len; + w4.s.param2 = exp_len; + w4.s.dlen = dlen; + + inst->w4.u64 = w4.u64; + inst->rptr = (uintptr_t)dptr; + + return 0; +} + +static __rte_always_inline void +cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, + struct rte_crypto_rsa_xform *rsa, + rte_crypto_param *crypto_param, struct cpt_inst_s *inst) +{ + struct rte_crypto_rsa_op_param rsa_op; + uint32_t mod_len = rsa->n.length; + uint32_t exp_len = rsa->e.length; + uint64_t total_key_len; + union cpt_inst_w4 w4; + uint32_t in_size; + uint32_t dlen; + uint8_t *dptr; + + rsa_op = op->asym->rsa; + total_key_len = mod_len + exp_len; + + /* Input buffer */ + dptr = meta_buf->vaddr; + inst->dptr = (uintptr_t)dptr; + memcpy(dptr, rsa->n.data, total_key_len); + dptr += total_key_len; + + in_size = crypto_param->length; + memcpy(dptr, crypto_param->data, in_size); + + dptr += in_size; + dlen = total_key_len + in_size; + + if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + /* Use mod_exp operation for no_padding type */ + w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX; + w4.s.param2 = exp_len; + } else { + if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { + w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_ENC; + /* Public key encrypt, use BT2*/ + w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE2 | + ((uint16_t)(exp_len) << 1); + } else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) { + w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_DEC; + /* Public key decrypt, use BT1 */ + w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE1; + } + } + + w4.s.opcode_major = ROC_AE_MAJOR_OP_MODEX; + + w4.s.param1 = mod_len; + w4.s.dlen = dlen; + + inst->w4.u64 = w4.u64; + inst->rptr = (uintptr_t)dptr; +} + +static __rte_always_inline void +cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, + struct rte_crypto_rsa_xform *rsa, + rte_crypto_param *crypto_param, struct cpt_inst_s *inst) +{ + uint32_t qInv_len = rsa->qt.qInv.length; + struct rte_crypto_rsa_op_param rsa_op; + uint32_t dP_len = rsa->qt.dP.length; + uint32_t dQ_len = rsa->qt.dQ.length; + uint32_t p_len = rsa->qt.p.length; + uint32_t q_len = rsa->qt.q.length; + uint32_t mod_len = rsa->n.length; + uint64_t total_key_len; + union cpt_inst_w4 w4; + uint32_t in_size; + uint32_t dlen; + uint8_t *dptr; + + rsa_op = op->asym->rsa; + total_key_len = p_len + q_len + dP_len + dQ_len + qInv_len; + + /* Input buffer */ + dptr = meta_buf->vaddr; + inst->dptr = (uintptr_t)dptr; + memcpy(dptr, rsa->qt.q.data, total_key_len); + dptr += total_key_len; + + in_size = crypto_param->length; + memcpy(dptr, crypto_param->data, in_size); + + dptr += in_size; + dlen = total_key_len + in_size; + + if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + /*Use mod_exp operation for no_padding type */ + w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX_CRT; + } else { + if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_SIGN) { + w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_ENC_CRT; + /* Private encrypt, use BT1 */ + w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE1; + } else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { + w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_DEC_CRT; + /* Private decrypt, use BT2 */ + w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE2; + } + } + + w4.s.opcode_major = ROC_AE_MAJOR_OP_MODEX; + + w4.s.param1 = mod_len; + w4.s.dlen = dlen; + + inst->w4.u64 = w4.u64; + inst->rptr = (uintptr_t)dptr; +} + +static __rte_always_inline int __rte_hot +cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op, + struct roc_ae_buf_ptr *meta_buf, + struct cnxk_ae_sess *sess, struct cpt_inst_s *inst) +{ + struct rte_crypto_rsa_op_param *rsa = &op->asym->rsa; + + switch (rsa->op_type) { + case RTE_CRYPTO_ASYM_OP_VERIFY: + cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->sign, + inst); + break; + case RTE_CRYPTO_ASYM_OP_ENCRYPT: + cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->message, + inst); + break; + case RTE_CRYPTO_ASYM_OP_SIGN: + cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx, + &rsa->message, inst); + break; + case RTE_CRYPTO_ASYM_OP_DECRYPT: + cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx, &rsa->cipher, + inst); + break; + default: + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + return -EINVAL; + } + return 0; +} + +static __rte_always_inline void +cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa, + struct roc_ae_buf_ptr *meta_buf, + uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp, + uint8_t curveid, struct cpt_inst_s *inst) +{ + uint16_t message_len = ecdsa->message.length; + uint16_t pkey_len = ecdsa->pkey.length; + uint16_t p_align, k_align, m_align; + uint16_t k_len = ecdsa->k.length; + uint16_t order_len, prime_len; + uint16_t o_offset, pk_offset; + union cpt_inst_w4 w4; + uint16_t dlen; + uint8_t *dptr; + + prime_len = ec_grp->prime.length; + order_len = ec_grp->order.length; + + /* Truncate input length to curve prime length */ + if (message_len > prime_len) + message_len = prime_len; + m_align = RTE_ALIGN_CEIL(message_len, 8); + + p_align = RTE_ALIGN_CEIL(prime_len, 8); + k_align = RTE_ALIGN_CEIL(k_len, 8); + + /* Set write offset for order and private key */ + o_offset = prime_len - order_len; + pk_offset = prime_len - pkey_len; + + /* Input buffer */ + dptr = meta_buf->vaddr; + inst->dptr = (uintptr_t)dptr; + + /* + * Set dlen = sum(sizeof(fpm address), ROUNDUP8(scalar len, input len), + * ROUNDUP8(priv key len, prime len, order len)). + * Please note, private key, order cannot exceed prime + * length i.e 3 * p_align. + */ + dlen = sizeof(fpm_table_iova) + k_align + m_align + p_align * 3; + + memset(dptr, 0, dlen); + + *(uint64_t *)dptr = fpm_table_iova; + dptr += sizeof(fpm_table_iova); + + memcpy(dptr, ecdsa->k.data, k_len); + dptr += k_align; + + memcpy(dptr, ec_grp->prime.data, prime_len); + dptr += p_align; + + memcpy(dptr + o_offset, ec_grp->order.data, order_len); + dptr += p_align; + + memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len); + dptr += p_align; + + memcpy(dptr, ecdsa->message.data, message_len); + dptr += m_align; + + /* Setup opcodes */ + w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA; + w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN; + + w4.s.param1 = curveid | (message_len << 8); + w4.s.param2 = k_len; + w4.s.dlen = dlen; + + inst->w4.u64 = w4.u64; + inst->rptr = (uintptr_t)dptr; +} + +static __rte_always_inline void +cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa, + struct roc_ae_buf_ptr *meta_buf, + uint64_t fpm_table_iova, + struct roc_ae_ec_group *ec_grp, uint8_t curveid, + struct cpt_inst_s *inst) +{ + uint32_t message_len = ecdsa->message.length; + uint16_t o_offset, r_offset, s_offset; + uint16_t qx_len = ecdsa->q.x.length; + uint16_t qy_len = ecdsa->q.y.length; + uint16_t r_len = ecdsa->r.length; + uint16_t s_len = ecdsa->s.length; + uint16_t order_len, prime_len; + uint16_t qx_offset, qy_offset; + uint16_t p_align, m_align; + union cpt_inst_w4 w4; + uint16_t dlen; + uint8_t *dptr; + + prime_len = ec_grp->prime.length; + order_len = ec_grp->order.length; + + /* Truncate input length to curve prime length */ + if (message_len > prime_len) + message_len = prime_len; + + m_align = RTE_ALIGN_CEIL(message_len, 8); + p_align = RTE_ALIGN_CEIL(prime_len, 8); + + /* Set write offset for sign, order and public key coordinates */ + o_offset = prime_len - order_len; + qx_offset = prime_len - qx_len; + qy_offset = prime_len - qy_len; + r_offset = prime_len - r_len; + s_offset = prime_len - s_len; + + /* Input buffer */ + dptr = meta_buf->vaddr; + inst->dptr = (uintptr_t)dptr; + + /* + * Set dlen = sum(sizeof(fpm address), ROUNDUP8(message len), + * ROUNDUP8(sign len(r and s), public key len(x and y coordinates), + * prime len, order len)). + * Please note sign, public key and order can not exceed prime length + * i.e. 6 * p_align + */ + dlen = sizeof(fpm_table_iova) + m_align + (6 * p_align); + + memset(dptr, 0, dlen); + + *(uint64_t *)dptr = fpm_table_iova; + dptr += sizeof(fpm_table_iova); + + memcpy(dptr + r_offset, ecdsa->r.data, r_len); + dptr += p_align; + + memcpy(dptr + s_offset, ecdsa->s.data, s_len); + dptr += p_align; + + memcpy(dptr, ecdsa->message.data, message_len); + dptr += m_align; + + memcpy(dptr + o_offset, ec_grp->order.data, order_len); + dptr += p_align; + + memcpy(dptr, ec_grp->prime.data, prime_len); + dptr += p_align; + + memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len); + dptr += p_align; + + memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len); + dptr += p_align; + + /* Setup opcodes */ + w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA; + w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY; + + w4.s.param1 = curveid | (message_len << 8); + w4.s.param2 = 0; + w4.s.dlen = dlen; + + inst->w4.u64 = w4.u64; + inst->rptr = (uintptr_t)dptr; +} + +static __rte_always_inline int __rte_hot +cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op, + struct roc_ae_buf_ptr *meta_buf, + struct cnxk_ae_sess *sess, uint64_t *fpm_iova, + struct roc_ae_ec_group **ec_grp, + struct cpt_inst_s *inst) +{ + struct rte_crypto_ecdsa_op_param *ecdsa = &op->asym->ecdsa; + uint8_t curveid = sess->ec_ctx.curveid; + + if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN) + cnxk_ae_ecdsa_sign_prep(ecdsa, meta_buf, fpm_iova[curveid], + ec_grp[curveid], curveid, inst); + else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY) + cnxk_ae_ecdsa_verify_prep(ecdsa, meta_buf, fpm_iova[curveid], + ec_grp[curveid], curveid, inst); + else { + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + return -EINVAL; + } + return 0; +} + +static __rte_always_inline int +cnxk_ae_ecpm_prep(struct rte_crypto_ecpm_op_param *ecpm, + struct roc_ae_buf_ptr *meta_buf, + struct roc_ae_ec_group *ec_grp, uint8_t curveid, + struct cpt_inst_s *inst) +{ + uint16_t x1_len = ecpm->p.x.length; + uint16_t y1_len = ecpm->p.y.length; + uint16_t scalar_align, p_align; + uint16_t x1_offset, y1_offset; + uint16_t dlen, prime_len; + union cpt_inst_w4 w4; + uint8_t *dptr; + + prime_len = ec_grp->prime.length; + + /* Input buffer */ + dptr = meta_buf->vaddr; + inst->dptr = (uintptr_t)dptr; + + p_align = RTE_ALIGN_CEIL(prime_len, 8); + scalar_align = RTE_ALIGN_CEIL(ecpm->scalar.length, 8); + + /* + * Set dlen = sum(ROUNDUP8(input point(x and y coordinates), prime, + * scalar length), + * Please note point length is equivalent to prime of the curve + */ + dlen = 3 * p_align + scalar_align; + + x1_offset = prime_len - x1_len; + y1_offset = prime_len - y1_len; + + memset(dptr, 0, dlen); + + /* Copy input point, scalar, prime */ + memcpy(dptr + x1_offset, ecpm->p.x.data, x1_len); + dptr += p_align; + memcpy(dptr + y1_offset, ecpm->p.y.data, y1_len); + dptr += p_align; + memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length); + dptr += scalar_align; + memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length); + dptr += p_align; + + /* Setup opcodes */ + w4.s.opcode_major = ROC_AE_MAJOR_OP_ECC; + w4.s.opcode_minor = ROC_AE_MINOR_OP_ECC_UMP; + + w4.s.param1 = curveid; + w4.s.param2 = ecpm->scalar.length; + w4.s.dlen = dlen; + + inst->w4.u64 = w4.u64; + inst->rptr = (uintptr_t)dptr; + + return 0; +} + +static __rte_always_inline void +cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, + struct rte_crypto_rsa_xform *rsa_ctx) +{ + struct rte_crypto_rsa_op_param *rsa = &cop->asym->rsa; + + switch (rsa->op_type) { + case RTE_CRYPTO_ASYM_OP_ENCRYPT: + rsa->cipher.length = rsa_ctx->n.length; + memcpy(rsa->cipher.data, rptr, rsa->cipher.length); + break; + case RTE_CRYPTO_ASYM_OP_DECRYPT: + if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) { + rsa->message.length = rsa_ctx->n.length; + memcpy(rsa->message.data, rptr, rsa->message.length); + } else { + /* Get length of decrypted output */ + rsa->message.length = + rte_cpu_to_be_16(*((uint16_t *)rptr)); + /* + * Offset output data pointer by length field + * (2 bytes) and copy decrypted data. + */ + memcpy(rsa->message.data, rptr + 2, + rsa->message.length); + } + break; + case RTE_CRYPTO_ASYM_OP_SIGN: + rsa->sign.length = rsa_ctx->n.length; + memcpy(rsa->sign.data, rptr, rsa->sign.length); + break; + case RTE_CRYPTO_ASYM_OP_VERIFY: + if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) { + rsa->sign.length = rsa_ctx->n.length; + memcpy(rsa->sign.data, rptr, rsa->sign.length); + } else { + /* Get length of signed output */ + rsa->sign.length = + rte_cpu_to_be_16(*((uint16_t *)rptr)); + /* + * Offset output data pointer by length field + * (2 bytes) and copy signed data. + */ + memcpy(rsa->sign.data, rptr + 2, rsa->sign.length); + } + if (memcmp(rsa->sign.data, rsa->message.data, + rsa->message.length)) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + break; + default: + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } +} + +static __rte_always_inline void +cnxk_ae_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa, uint8_t *rptr, + struct roc_ae_ec_ctx *ec, + struct roc_ae_ec_group **ec_grp) +{ + int prime_len = ec_grp[ec->curveid]->prime.length; + + if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY) + return; + + /* Separate out sign r and s components */ + memcpy(ecdsa->r.data, rptr, prime_len); + memcpy(ecdsa->s.data, rptr + RTE_ALIGN_CEIL(prime_len, 8), prime_len); + ecdsa->r.length = prime_len; + ecdsa->s.length = prime_len; +} + +static __rte_always_inline void +cnxk_ae_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm, uint8_t *rptr, + struct roc_ae_ec_ctx *ec, + struct roc_ae_ec_group **ec_grp) +{ + int prime_len = ec_grp[ec->curveid]->prime.length; + + memcpy(ecpm->r.x.data, rptr, prime_len); + memcpy(ecpm->r.y.data, rptr + RTE_ALIGN_CEIL(prime_len, 8), prime_len); + ecpm->r.x.length = prime_len; + ecpm->r.y.length = prime_len; +} + +static __rte_always_inline void * +cnxk_ae_alloc_meta(struct roc_ae_buf_ptr *buf, + struct rte_mempool *cpt_meta_pool, + struct cpt_inflight_req *infl_req) +{ + uint8_t *mdata; + + if (unlikely(rte_mempool_get(cpt_meta_pool, (void **)&mdata) < 0)) + return NULL; + + buf->vaddr = mdata; + + infl_req->mdata = mdata; + infl_req->op_flags |= CPT_OP_FLAGS_METABUF; + + return mdata; +} + +static __rte_always_inline int32_t __rte_hot +cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, + struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst, + struct cnxk_ae_sess *sess) +{ + struct cpt_qp_meta_info *minfo = &qp->meta_info; + struct rte_crypto_asym_op *asym_op = op->asym; + struct roc_ae_buf_ptr meta_buf; + uint64_t *mop; + void *mdata; + int ret; + + mdata = cnxk_ae_alloc_meta(&meta_buf, minfo->pool, infl_req); + if (mdata == NULL) + return -ENOMEM; + + /* Reserve 8B for RPTR */ + meta_buf.vaddr = PLT_PTR_ADD(mdata, sizeof(uint64_t)); + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_MODEX: + ret = cnxk_ae_modex_prep(op, &meta_buf, &sess->mod_ctx, inst); + if (unlikely(ret)) + goto req_fail; + break; + case RTE_CRYPTO_ASYM_XFORM_RSA: + ret = cnxk_ae_enqueue_rsa_op(op, &meta_buf, sess, inst); + if (unlikely(ret)) + goto req_fail; + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + ret = cnxk_ae_enqueue_ecdsa_op(op, &meta_buf, sess, + sess->cnxk_fpm_iova, + sess->ec_grp, inst); + if (unlikely(ret)) + goto req_fail; + break; + case RTE_CRYPTO_ASYM_XFORM_ECPM: + ret = cnxk_ae_ecpm_prep(&asym_op->ecpm, &meta_buf, + sess->ec_grp[sess->ec_ctx.curveid], + sess->ec_ctx.curveid, inst); + if (unlikely(ret)) + goto req_fail; + break; + default: + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + ret = -EINVAL; + goto req_fail; + } + + mop = mdata; + mop[0] = inst->rptr; + return 0; + +req_fail: + rte_mempool_put(minfo->pool, infl_req->mdata); + return ret; +} + +static __rte_always_inline void +cnxk_ae_post_process(struct rte_crypto_op *cop, struct cnxk_ae_sess *sess, + uint8_t *rptr) +{ + struct rte_crypto_asym_op *op = cop->asym; + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + cnxk_ae_dequeue_rsa_op(cop, rptr, &sess->rsa_ctx); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + op->modex.result.length = sess->mod_ctx.modulus.length; + memcpy(op->modex.result.data, rptr, op->modex.result.length); + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + cnxk_ae_dequeue_ecdsa_op(&op->ecdsa, rptr, &sess->ec_ctx, + sess->ec_grp); + break; + case RTE_CRYPTO_ASYM_XFORM_ECPM: + cnxk_ae_dequeue_ecpm_op(&op->ecpm, rptr, &sess->ec_ctx, + sess->ec_grp); + break; + default: + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } +} #endif /* _CNXK_AE_H_ */ From patchwork Tue Jun 29 07:34:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94952 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 56F45A0A0C; Tue, 29 Jun 2021 09:35:46 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3A30C41198; Tue, 29 Jun 2021 09:35:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 18EB041191 for ; Tue, 29 Jun 2021 09:35:28 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QwVe007232; Tue, 29 Jun 2021 00:35:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=PdPZ/ivNTfOUZJztBXfomih3c/gayduMNwQE5k0IIF8=; b=LE4snyba9xFlBPWMJd6tVXrDA9K+iwU7Jg7DzqKZ57AIkDFXSKL4wMtB7Gf3Cbfa7oVF qi/WpRGfYM4a2qKXdd8zNPEyyTA3cidBxctIWJvsHyedrvg6zDrCkS2ti8v0rfBBrOOp /zTLoh8x9e8OQenu0jsgQ0hwiOB627Zlmw2Zl3rNx88bZ0q5MjgXaJlQj4YlneWyP3dB If9jopwevTSTjwa1oAY88vRVii+nxA4yXRF65LspViJyk+kBnCdsgRJlyEenTGbhssUu wxL7JOhJraHbuiKObR3d/vVV1CBcB1tN3VZYSXXe0AaOS+57bapC8srz4FmAyfCKmxE+ DA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s96-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:28 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:26 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:26 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 130AA5B6923; Tue, 29 Jun 2021 00:35:23 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Anoob Joseph , Jerin Jacob , "Ankur Dwivedi" , Tejasree Kondoj , Date: Tue, 29 Jun 2021 13:04:35 +0530 Message-ID: <1624952076-30928-8-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 1wPtRMLZZWGOLbcsO-hVaXNr647YbYVY X-Proofpoint-GUID: 1wPtRMLZZWGOLbcsO-hVaXNr647YbYVY X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 7/8] crypto/cnxk: add asymmetric capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add asymmetric capabilities supported. Signed-off-by: Anoob Joseph --- doc/guides/cryptodevs/cnxk.rst | 6 +++ drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 56 +++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index db949fa..bbc6daa 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -67,6 +67,12 @@ AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` * ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305`` +Asymmetric Crypto Algorithms +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* ``RTE_CRYPTO_ASYM_XFORM_RSA`` +* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` + Installation ------------ diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index d52fa89..ab37f9c 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -28,6 +28,61 @@ RTE_DIM(sec_caps_##name)); \ } while (0) +static const struct rte_cryptodev_capabilities caps_mul[] = { + { /* RSA */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + {.modlen = { + .min = 17, + .max = 1024, + .increment = 1 + }, } + } + }, } + }, + { /* MOD_EXP */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .op_types = 0, + {.modlen = { + .min = 17, + .max = 1024, + .increment = 1 + }, } + } + }, } + }, + { /* ECDSA */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA, + .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), + } + }, + } + }, + { /* ECPM */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM, + .op_types = 0 + } + }, + } + }, +}; + static const struct rte_cryptodev_capabilities caps_sha1_sha2[] = { { /* SHA1 */ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, @@ -748,6 +803,7 @@ crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], { int cur_pos = 0; + CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, mul); CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2); CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, chacha20); CPT_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, zuc_snow3g); From patchwork Tue Jun 29 07:34:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 94953 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0C142A0A0C; Tue, 29 Jun 2021 09:35:54 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B5781411B3; Tue, 29 Jun 2021 09:35:34 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 811E6411A0 for ; Tue, 29 Jun 2021 09:35:33 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QwVf007232; Tue, 29 Jun 2021 00:35:32 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=1ylNmQsyLEBdQCR/bZc58uLZ88oIvR9kInLFp+bDFgQ=; b=H4iLo+vZ0EL39kLZPJuWnxKbjVzZVKpRTteK5/mgzgBw18CAMFYL74kUmH1fiWxcCWv/ c3TOZdh3KAOP/SqD1nVkZ9+3J8dqk7VMbKM+ZV4WbTbvCGFj6iPqhZRWCJczkX8U7cXz h5IRm7MWSbzS+JeAHXfNVZEu9af7Z4AD2525NRX7iSxPWHttI9YwmSQz/tNT/GmSt+6A v6Xb6HLJaBYNnRDjULNnLnxLtL+3WRLm7bduDY8OobFe8btjged4aQYaQrF91iXFtu1b aP4uc1hvRNdP9saL1KB4dDuXYi38j8gvB2M3M3AoYfuNuC687fw8bmvzyxhQO74Q5OlC aA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s9p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:32 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:31 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:31 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 5796E5B6923; Tue, 29 Jun 2021 00:35:28 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Kiran Kumar K , Jerin Jacob , Ankur Dwivedi , Tejasree Kondoj , Date: Tue, 29 Jun 2021 13:04:36 +0530 Message-ID: <1624952076-30928-9-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ptZT2ZxYpfYH_pbH6E-OARvNRaclTEx9 X-Proofpoint-GUID: ptZT2ZxYpfYH_pbH6E-OARvNRaclTEx9 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 8/8] test/crypto: add cnxk for asymmetric cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Kiran Kumar K Adding autotest for cn9k and cn10k. Signed-off-by: Kiran Kumar K --- app/test/test_cryptodev_asym.c | 30 ++++++++++++++++++++++++++++++ doc/guides/cryptodevs/cnxk.rst | 17 +++++++++++++++++ doc/guides/rel_notes/release_21_08.rst | 4 ++++ 3 files changed, 51 insertions(+) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index b36eec9..847b074 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -2390,6 +2390,34 @@ test_cryptodev_octeontx2_asym(void) return unit_test_suite_runner(&cryptodev_octeontx_asym_testsuite); } +static int +test_cryptodev_cn9k_asym(void) +{ + gbl_driver_id = rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_CN9K_PMD)); + if (gbl_driver_id == -1) { + RTE_LOG(ERR, USER1, "CN9K PMD must be loaded.\n"); + return TEST_FAILED; + } + + /* Use test suite registered for crypto_octeontx PMD */ + return unit_test_suite_runner(&cryptodev_octeontx_asym_testsuite); +} + +static int +test_cryptodev_cn10k_asym(void) +{ + gbl_driver_id = rte_cryptodev_driver_id_get( + RTE_STR(CRYPTODEV_NAME_CN10K_PMD)); + if (gbl_driver_id == -1) { + RTE_LOG(ERR, USER1, "CN10K PMD must be loaded.\n"); + return TEST_FAILED; + } + + /* Use test suite registered for crypto_octeontx PMD */ + return unit_test_suite_runner(&cryptodev_octeontx_asym_testsuite); +} + REGISTER_TEST_COMMAND(cryptodev_openssl_asym_autotest, test_cryptodev_openssl_asym); @@ -2400,3 +2428,5 @@ REGISTER_TEST_COMMAND(cryptodev_octeontx_asym_autotest, REGISTER_TEST_COMMAND(cryptodev_octeontx2_asym_autotest, test_cryptodev_octeontx2_asym); +REGISTER_TEST_COMMAND(cryptodev_cn9k_asym_autotest, test_cryptodev_cn9k_asym); +REGISTER_TEST_COMMAND(cryptodev_cn10k_asym_autotest, test_cryptodev_cn10k_asym); diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index bbc6daa..98c7118 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -191,6 +191,23 @@ running the test application: ./dpdk-test RTE>>cryptodev_cn10k_autotest +The asymmetric crypto operations on OCTEON cnxk crypto PMD may be verified by +running the test application: + +``CN9K`` + +.. code-block:: console + + ./dpdk-test + RTE>>cryptodev_cn9k_asym_autotest + +``CN10K`` + +.. code-block:: console + + ./dpdk-test + RTE>>cryptodev_cn10k_asym_autotest + Lookaside IPsec Support ----------------------- diff --git a/doc/guides/rel_notes/release_21_08.rst b/doc/guides/rel_notes/release_21_08.rst index 72652ac..cd51b49 100644 --- a/doc/guides/rel_notes/release_21_08.rst +++ b/doc/guides/rel_notes/release_21_08.rst @@ -59,6 +59,10 @@ New Features * Added cnxk crypto PMD which provides support for an integrated crypto driver for CN9K and CN10K series of SOCs. + * Added 'cn9k_crypto' PMD which supports symmetric & asymmetric + offloads + * Added 'cn10k_crypto' PMD which supports symmetric, asymmetric + and lookaside protocol (IPsec) offloads. Removed Items