From patchwork Thu Sep 2 13:42:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97810 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72EA4A0C4C; Thu, 2 Sep 2021 15:43:51 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 576344003E; Thu, 2 Sep 2021 15:43:51 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 1E96E4003C for ; Thu, 2 Sep 2021 15:43:50 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18280SvP010729 for ; Thu, 2 Sep 2021 06:43:49 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=6dBNYbI/RJUP6yBJGa4VGlWAoI+rjXdJmcQZmjuD74g=; b=jRDa7MD1A5r1Ut1Ikm4yGFf/Lqa7G5JDLA26emctdEA8mcNRd5gvzURj1roOozewhRnI l67FeVPBdCy1gEt8dG2I6nGxgV2ebkhqweNLapWk+jIt2t4xJclIElcJrPLN3o7OUtBS mq88w+pq42mONIFK4ZCEa8pEThwAQvcn81xvoFVugSr0mG2j7g7Ov5u2YWDuQBOpOA81 UnXdhyeUuAPp82hdRV5pkXPc4NM52c7h+hoOyQSoAMQfFQeX+u9Whjf0HaLQHJfOSXR7 M9PfOoiTWDsPmY8+X1TOCDtrL5W/9H3BLbcBiLfvnFRy8UvqMHsqf6pEMJxD2R8dLWnZ 0g== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3attqmh4fa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:43:49 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:43:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:43:47 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id EA5243F705E; Thu, 2 Sep 2021 06:43:44 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:47 +0530 Message-ID: <20210902134254.28373-2-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: HaIdCZuIvDYFL8rM3aX7fsqNWrPMK0fL X-Proofpoint-ORIG-GUID: HaIdCZuIvDYFL8rM3aX7fsqNWrPMK0fL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 1/8] crypto/cnxk: add cn9k security ctx X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add security ctx in cn9k crypto PMD. Signed-off-by: Archana Muniganti Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn9k_cryptodev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/crypto/cnxk/cn9k_cryptodev.c b/drivers/crypto/cnxk/cn9k_cryptodev.c index 9ff2383d98..db2e085161 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev.c @@ -14,6 +14,7 @@ #include "cn9k_cryptodev_ops.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" +#include "cnxk_cryptodev_sec.h" #include "roc_api.h" @@ -77,6 +78,11 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, plt_err("Failed to add engine group rc=%d", rc); goto dev_fini; } + + /* Create security context */ + rc = cnxk_crypto_sec_ctx_create(dev); + if (rc) + goto dev_fini; } dev->dev_ops = &cn9k_cpt_ops; @@ -117,6 +123,9 @@ cn9k_cpt_pci_remove(struct rte_pci_device *pci_dev) if (dev == NULL) return -ENODEV; + /* Destroy security context */ + cnxk_crypto_sec_ctx_destroy(dev); + if (rte_eal_process_type() == RTE_PROC_PRIMARY) { vf = dev->data->dev_private; ret = roc_cpt_dev_fini(&vf->cpt); From patchwork Thu Sep 2 13:42:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97811 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9377FA0C4C; Thu, 2 Sep 2021 15:43:56 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8036740686; Thu, 2 Sep 2021 15:43:56 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 0DA824067E for ; Thu, 2 Sep 2021 15:43:54 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1825LHBn028347 for ; Thu, 2 Sep 2021 06:43:54 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=LFlhFZbQoGNXDwPk5KwfIL1Ni0BF846rGNBcmd3/pCc=; b=PWqUEcbBpHruABXm7DS5tIpHrSLXRHVMlyAFQvz2rJqGr3t8XIJocs9XxR20KMOdfHTO mmK8V2xXbr55qb1XxckVXLJqk31ZzN7T5XNkdEMAxfeoK4hUb9y9sy0oI1egaHOdbJEn 8YDbhL9nOToqKPTCX8hqi7rs7QmRYIkotSYX5uGBrd8A6WE1moy3ok146B8YA4xqb5b5 F/LEa/CeTLjAPI+Q4IwnnL5k0qwSSVSw8NctO0QYjC3zBJBJyqMbXMlppmZmg6bE1ZJk YDUowqDLOx4NqGmkpE3oElIA9dm4TsZhW7UmcRLvgnzB4Y4ayMSsQ6TFCHWhvYjW8d9Y yw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3atrd2hryp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:43:54 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:43:52 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:43:52 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 4FA9D3F7064; Thu, 2 Sep 2021 06:43:50 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:48 +0530 Message-ID: <20210902134254.28373-3-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: hOVsIMHEbOxiM4soMbM0CDJIncOsntLG X-Proofpoint-ORIG-GUID: hOVsIMHEbOxiM4soMbM0CDJIncOsntLG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 2/8] common/cnxk: add cn9k IPsec microcode defines X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Microcode IE opcodes support IPsec operations. Add defines and structs defined by microcode. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/common/cnxk/roc_cpt.h | 1 + drivers/common/cnxk/roc_ie_on.h | 158 ++++++++++++++++++++++++++++++-- 2 files changed, 150 insertions(+), 9 deletions(-) diff --git a/drivers/common/cnxk/roc_cpt.h b/drivers/common/cnxk/roc_cpt.h index f0f505a8c2..9e63073a52 100644 --- a/drivers/common/cnxk/roc_cpt.h +++ b/drivers/common/cnxk/roc_cpt.h @@ -47,6 +47,7 @@ #define ROC_CPT_AES_GCM_MAC_LEN 16 #define ROC_CPT_AES_CBC_IV_LEN 16 #define ROC_CPT_SHA1_HMAC_LEN 12 +#define ROC_CPT_SHA2_HMAC_LEN 16 #define ROC_CPT_AUTH_KEY_LEN_MAX 64 #define ROC_CPT_DES3_KEY_LEN 24 diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h index 222c298a53..7b4983ca8a 100644 --- a/drivers/common/cnxk/roc_ie_on.h +++ b/drivers/common/cnxk/roc_ie_on.h @@ -5,18 +5,24 @@ #ifndef __ROC_IE_ON_H__ #define __ROC_IE_ON_H__ -/* CN9K IPSEC LA opcodes */ -#define ROC_IE_ONL_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20 -#define ROC_IE_ONL_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21 -#define ROC_IE_ONL_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23 -#define ROC_IE_ONL_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24 +/* CN9K IPsec LA */ -/* CN9K IPSEC FP opcodes */ -#define ROC_IE_ONF_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x25UL -#define ROC_IE_ONF_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x26UL +/* CN9K IPsec LA opcodes */ +#define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND 0x20 +#define ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND 0x21 +#define ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x23 +#define ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x24 /* Ucode completion codes */ -#define ROC_IE_ONF_UCC_SUCCESS 0 +enum roc_ie_on_ucc_ipsec { + ROC_IE_ON_UCC_SUCCESS = 0, + ROC_IE_ON_AUTH_UNSUPPORTED = 0xB0, + ROC_IE_ON_ENCRYPT_UNSUPPORTED = 0xB1, +}; + +/* Helper macros */ +#define ROC_IE_ON_PER_PKT_IV BIT(11) +#define ROC_IE_ON_INB_RPTR_HDR 0x8 enum { ROC_IE_ON_SA_ENC_NULL = 0, @@ -50,6 +56,140 @@ enum { ROC_IE_ON_SA_ENCAP_UDP = 1, }; +struct roc_ie_on_outb_hdr { + uint32_t ip_id; + uint32_t seq; + uint8_t iv[16]; +}; + +union roc_ie_on_bit_perfect_iv { + uint8_t aes_iv[16]; + uint8_t des_iv[8]; + struct { + uint8_t nonce[4]; + uint8_t iv[8]; + uint8_t counter[4]; + } gcm; +}; + +struct roc_ie_on_traffic_selector { + uint16_t src_port[2]; + uint16_t dst_port[2]; + union { + struct { + uint32_t src_addr[2]; + uint32_t dst_addr[2]; + } ipv4; + struct { + uint8_t src_addr[32]; + uint8_t dst_addr[32]; + } ipv6; + }; +}; + +struct roc_ie_on_ip_template { + union { + struct { + uint8_t ipv4_hdr[20]; + uint16_t udp_src; + uint16_t udp_dst; + } ip4; + struct { + uint8_t ipv6_hdr[40]; + uint16_t udp_src; + uint16_t udp_dst; + } ip6; + }; +}; + +struct roc_ie_on_sa_ctl { + uint64_t spi : 32; + uint64_t exp_proto_inter_frag : 8; + uint64_t copy_df : 1; + uint64_t frag_type : 1; + uint64_t explicit_iv_en : 1; + uint64_t esn_en : 1; + uint64_t rsvd_45_44 : 2; + uint64_t encap_type : 2; + uint64_t enc_type : 3; + uint64_t rsvd_48 : 1; + uint64_t auth_type : 4; + uint64_t valid : 1; + uint64_t direction : 1; + uint64_t outer_ip_ver : 1; + uint64_t inner_ip_ver : 1; + uint64_t ipsec_mode : 1; + uint64_t ipsec_proto : 1; + uint64_t aes_key_len : 2; +}; + +struct roc_ie_on_common_sa { + /* w0 */ + struct roc_ie_on_sa_ctl ctl; + + /* w1-w4 */ + uint8_t cipher_key[32]; + + /* w5-w6 */ + union roc_ie_on_bit_perfect_iv iv; + + /* w7 */ + uint32_t esn_hi; + uint32_t esn_low; +}; + +struct roc_ie_on_outb_sa { + /* w0 - w7 */ + struct roc_ie_on_common_sa common_sa; + + /* w8-w55 */ + union { + struct { + struct roc_ie_on_ip_template template; + } aes_gcm; + struct { + uint8_t hmac_key[24]; + uint8_t unused[24]; + struct roc_ie_on_ip_template template; + } sha1; + struct { + uint8_t hmac_key[64]; + uint8_t hmac_iv[64]; + struct roc_ie_on_ip_template template; + } sha2; + }; +}; + +struct roc_ie_on_inb_sa { + /* w0 - w7 */ + struct roc_ie_on_common_sa common_sa; + + /* w8 */ + uint8_t udp_encap[8]; + + /* w9-w33 */ + union { + struct { + uint8_t hmac_key[48]; + struct roc_ie_on_traffic_selector selector; + } sha1_or_gcm; + struct { + uint8_t hmac_key[64]; + uint8_t hmac_iv[64]; + struct roc_ie_on_traffic_selector selector; + } sha2; + }; +}; + +/* CN9K IPsec FP */ + +/* CN9K IPsec FP opcodes */ +#define ROC_IE_ONF_MAJOR_OP_PROCESS_OUTBOUND_IPSEC 0x25UL +#define ROC_IE_ONF_MAJOR_OP_PROCESS_INBOUND_IPSEC 0x26UL + +/* Ucode completion codes */ +#define ROC_IE_ONF_UCC_SUCCESS 0 + struct roc_ie_onf_sa_ctl { uint32_t spi; uint64_t exp_proto_inter_frag : 8; From patchwork Thu Sep 2 13:42:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97812 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C9624A0C4C; Thu, 2 Sep 2021 15:44:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BDA62406A2; Thu, 2 Sep 2021 15:44:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 9694840698 for ; Thu, 2 Sep 2021 15:43:59 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1825LH8b028339 for ; Thu, 2 Sep 2021 06:43:58 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=QS9V3lvVDvcnSOA8N7SHScAELU/a//OrY0D7X+ugRr0=; b=ccG3UsUn6ezqkWvZ/K7rmx4lQSlCynJadK8ronRK6LBQGYL4ePwTipKYbW7bpjvUy9lc bzpt/YPECr5wCGTgFoZQ0QG3+G/hw6Y6r+6NXzbk5EvO682iNQHmTVW/Dm6NrZBZr0YS OoMwAymuxWFDs0hK3VlAaoPb7NrVEMKaf4EbtXll0SXLcWZBWjKyf6Ravs1WyKDEcd3U aG+ylE3eo1qnrMpPFlXprUwV3TMwy6j5UziMb3wBJlLz/DLNOoZLVtjHxuUP8hFLII6E JZ2y/KnHVcJwwEZiZNInYFTk37IBPUwxj8vECyUZqZGCQ/RMkEvzuyp3lF7pT8SYxzh7 lQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3atrd2hs04-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:43:58 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:43:57 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:43:57 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id D6EB53F7064; Thu, 2 Sep 2021 06:43:54 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:49 +0530 Message-ID: <20210902134254.28373-4-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: tql7puYnoGmqEKYCaQ5XBS5egocx_5Rg X-Proofpoint-ORIG-GUID: tql7puYnoGmqEKYCaQ5XBS5egocx_5Rg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 3/8] crypto/cnxk: add cn9k IPsec session related functions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add helper functions useful in implementing IPsec outbound and inbound session create apis. Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_cryptodev.c | 2 + drivers/crypto/cnxk/cn9k_ipsec.c | 425 +++++++++++++++++++++++++++ drivers/crypto/cnxk/cn9k_ipsec.h | 29 ++ drivers/crypto/cnxk/meson.build | 1 + 4 files changed, 457 insertions(+) create mode 100644 drivers/crypto/cnxk/cn9k_ipsec.c create mode 100644 drivers/crypto/cnxk/cn9k_ipsec.h diff --git a/drivers/crypto/cnxk/cn9k_cryptodev.c b/drivers/crypto/cnxk/cn9k_cryptodev.c index db2e085161..e60b352fac 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev.c @@ -12,6 +12,7 @@ #include "cn9k_cryptodev.h" #include "cn9k_cryptodev_ops.h" +#include "cn9k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_capabilities.h" #include "cnxk_cryptodev_sec.h" @@ -92,6 +93,7 @@ cn9k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, cnxk_cpt_caps_populate(vf); cn9k_cpt_set_enqdeq_fns(dev); + cn9k_sec_ops_override(); return 0; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c new file mode 100644 index 0000000000..dd02cc7764 --- /dev/null +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -0,0 +1,425 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#include +#include +#include + +#include "cnxk_cryptodev.h" +#include "cnxk_cryptodev_ops.h" +#include "cnxk_ipsec.h" +#include "cnxk_security.h" +#include "cn9k_ipsec.h" + +#include "roc_api.h" + +static inline int +cn9k_cpt_enq_sa_write(struct cn9k_ipsec_sa *sa, struct cnxk_cpt_qp *qp, + uint8_t opcode, size_t ctx_len) +{ + uint64_t lmtline = qp->lmtline.lmt_base; + uint64_t io_addr = qp->lmtline.io_addr; + uint64_t lmt_status, time_out; + struct cpt_cn9k_res_s *res; + struct cpt_inst_s inst; + uint64_t *mdata; + int ret = 0; + + if (unlikely(rte_mempool_get(qp->meta_info.pool, (void **)&mdata) < 0)) + return -ENOMEM; + + res = (struct cpt_cn9k_res_s *)RTE_PTR_ALIGN(mdata, 16); + res->compcode = CPT_COMP_NOT_DONE; + + inst.w4.s.opcode_major = opcode; + inst.w4.s.opcode_minor = ctx_len >> 3; + inst.w4.s.param1 = 0; + inst.w4.s.param2 = 0; + inst.w4.s.dlen = ctx_len; + inst.dptr = rte_mempool_virt2iova(sa); + inst.rptr = 0; + inst.w7.s.cptr = rte_mempool_virt2iova(sa); + inst.w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + + inst.w0.u64 = 0; + inst.w2.u64 = 0; + inst.w3.u64 = 0; + inst.res_addr = rte_mempool_virt2iova(res); + + rte_io_wmb(); + + do { + /* Copy CPT command to LMTLINE */ + roc_lmt_mov((void *)lmtline, &inst, 2); + lmt_status = roc_lmt_submit_ldeor(io_addr); + } while (lmt_status == 0); + + time_out = rte_get_timer_cycles() + + DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz(); + + while (res->compcode == CPT_COMP_NOT_DONE) { + if (rte_get_timer_cycles() > time_out) { + rte_mempool_put(qp->meta_info.pool, mdata); + plt_err("Request timed out"); + return -ETIMEDOUT; + } + rte_io_rmb(); + } + + if (unlikely(res->compcode != CPT_COMP_GOOD)) { + ret = res->compcode; + switch (ret) { + case CPT_COMP_INSTERR: + plt_err("Request failed with instruction error"); + break; + case CPT_COMP_FAULT: + plt_err("Request failed with DMA fault"); + break; + case CPT_COMP_HWERR: + plt_err("Request failed with hardware error"); + break; + default: + plt_err("Request failed with unknown hardware " + "completion code : 0x%x", + ret); + } + ret = -EINVAL; + goto mempool_put; + } + + if (unlikely(res->uc_compcode != ROC_IE_ON_UCC_SUCCESS)) { + ret = res->uc_compcode; + switch (ret) { + case ROC_IE_ON_AUTH_UNSUPPORTED: + plt_err("Invalid auth type"); + break; + case ROC_IE_ON_ENCRYPT_UNSUPPORTED: + plt_err("Invalid encrypt type"); + break; + default: + plt_err("Request failed with unknown microcode " + "completion code : 0x%x", + ret); + } + ret = -ENOTSUP; + } + +mempool_put: + rte_mempool_put(qp->meta_info.pool, mdata); + return ret; +} + +static inline int +ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct roc_ie_on_sa_ctl *ctl) +{ + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; + int aes_key_len; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ctl->direction = ROC_IE_SA_DIR_OUTBOUND; + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + ctl->direction = ROC_IE_SA_DIR_INBOUND; + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + } else { + return -EINVAL; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) + ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_4; + else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) + ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_6; + else + return -EINVAL; + } + + ctl->inner_ip_ver = ctl->outer_ip_ver; + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) + ctl->ipsec_mode = ROC_IE_SA_MODE_TRANSPORT; + else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) + ctl->ipsec_mode = ROC_IE_SA_MODE_TUNNEL; + else + return -EINVAL; + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) + ctl->ipsec_proto = ROC_IE_SA_PROTOCOL_AH; + else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) + ctl->ipsec_proto = ROC_IE_SA_PROTOCOL_ESP; + else + return -EINVAL; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + ctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM; + aes_key_len = crypto_xform->aead.key.length; + } else { + return -ENOTSUP; + } + } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC; + aes_key_len = cipher_xform->cipher.key.length; + } else { + return -ENOTSUP; + } + + switch (aes_key_len) { + case 16: + ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128; + break; + case 24: + ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_192; + break; + case 32: + ctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_256; + break; + default: + return -EINVAL; + } + + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) { + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + ctl->auth_type = ROC_IE_ON_SA_AUTH_NULL; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_MD5; + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_224; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_256; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_384; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_SHA2_512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_GMAC; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_XCBC_128; + break; + default: + return -ENOTSUP; + } + } + + if (ipsec->options.esn) + ctl->esn_en = 1; + + if (ipsec->options.udp_encap == 1) + ctl->encap_type = ROC_IE_ON_SA_ENCAP_UDP; + + ctl->spi = rte_cpu_to_be_32(ipsec->spi); + + rte_io_wmb(); + + ctl->valid = 1; + + return 0; +} + +static inline int +fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct roc_ie_on_common_sa *common_sa) +{ + struct rte_crypto_sym_xform *cipher_xform; + const uint8_t *cipher_key; + int cipher_key_len = 0; + int ret; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + cipher_xform = crypto_xform->next; + else + cipher_xform = crypto_xform; + + ret = ipsec_sa_ctl_set(ipsec, crypto_xform, &common_sa->ctl); + if (ret) + return ret; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) + memcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 4); + cipher_key = crypto_xform->aead.key.data; + cipher_key_len = crypto_xform->aead.key.length; + } else { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + } + + if (cipher_key_len != 0) + memcpy(common_sa->cipher_key, cipher_key, cipher_key_len); + else + return -EINVAL; + + return 0; +} + +static int +cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + RTE_SET_USED(qp); + RTE_SET_USED(ipsec); + RTE_SET_USED(crypto_xform); + RTE_SET_USED(sec_sess); + + return 0; +} + +static int +cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + RTE_SET_USED(qp); + RTE_SET_USED(ipsec); + RTE_SET_USED(crypto_xform); + RTE_SET_USED(sec_sess); + + return 0; +} + +static inline int +cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec) +{ + RTE_SET_USED(ipsec); + + return 0; +} + +static int +cn9k_ipsec_session_create(void *dev, + struct rte_security_ipsec_xform *ipsec_xform, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sess) +{ + struct rte_cryptodev *crypto_dev = dev; + struct cnxk_cpt_qp *qp; + int ret; + + qp = crypto_dev->data->queue_pairs[0]; + if (qp == NULL) { + plt_err("CPT queue pairs need to be setup for creating security" + " session"); + return -EPERM; + } + + ret = cnxk_ipsec_xform_verify(ipsec_xform, crypto_xform); + if (ret) + return ret; + + ret = cn9k_ipsec_xform_verify(ipsec_xform); + if (ret) + return ret; + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return cn9k_ipsec_inb_sa_create(qp, ipsec_xform, crypto_xform, + sess); + else + return cn9k_ipsec_outb_sa_create(qp, ipsec_xform, crypto_xform, + sess); +} + +static int +cn9k_sec_session_create(void *device, struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + struct cn9k_sec_session *priv; + int ret; + + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) + return -EINVAL; + + if (rte_mempool_get(mempool, (void **)&priv)) { + plt_err("Could not allocate security session private data"); + return -ENOMEM; + } + + memset(priv, 0, sizeof(*priv)); + + set_sec_session_private_data(sess, priv); + + if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) { + ret = -ENOTSUP; + goto mempool_put; + } + + ret = cn9k_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, sess); + if (ret) + goto mempool_put; + + return 0; + +mempool_put: + rte_mempool_put(mempool, priv); + set_sec_session_private_data(sess, NULL); + return ret; +} + +static int +cn9k_sec_session_destroy(void *device __rte_unused, + struct rte_security_session *sess) +{ + struct roc_ie_on_outb_sa *out_sa; + struct cn9k_sec_session *priv; + struct rte_mempool *sess_mp; + struct roc_ie_on_sa_ctl *ctl; + struct cn9k_ipsec_sa *sa; + + priv = get_sec_session_private_data(sess); + if (priv == NULL) + return 0; + + sa = &priv->sa; + out_sa = &sa->out_sa; + + ctl = &out_sa->common_sa.ctl; + ctl->valid = 0; + + rte_io_wmb(); + + sess_mp = rte_mempool_from_obj(priv); + + memset(priv, 0, sizeof(*priv)); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, priv); + + return 0; +} + +static unsigned int +cn9k_sec_session_get_size(void *device __rte_unused) +{ + return sizeof(struct cn9k_sec_session); +} + +/* Update platform specific security ops */ +void +cn9k_sec_ops_override(void) +{ + /* Update platform specific ops */ + cnxk_sec_ops.session_create = cn9k_sec_session_create; + cnxk_sec_ops.session_destroy = cn9k_sec_session_destroy; + cnxk_sec_ops.session_get_size = cn9k_sec_session_get_size; +} diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h new file mode 100644 index 0000000000..0fe78df49b --- /dev/null +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN9K_IPSEC_H__ +#define __CN9K_IPSEC_H__ + +#include "cnxk_ipsec.h" + +struct cn9k_ipsec_sa { + union { + /** Inbound SA */ + struct roc_ie_on_inb_sa in_sa; + /** Outbound SA */ + struct roc_ie_on_outb_sa out_sa; + }; + /** IPsec SA direction */ + enum rte_security_ipsec_sa_direction dir; + /** Pre-populated CPT inst words */ + struct cnxk_cpt_inst_tmpl inst; +}; + +struct cn9k_sec_session { + struct cn9k_ipsec_sa sa; +} __rte_cache_aligned; + +void cn9k_sec_ops_override(void); + +#endif /* __CN9K_IPSEC_H__ */ diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index e076783629..e40d132f80 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -11,6 +11,7 @@ endif sources = files( 'cn9k_cryptodev.c', 'cn9k_cryptodev_ops.c', + 'cn9k_ipsec.c', 'cn10k_cryptodev.c', 'cn10k_cryptodev_ops.c', 'cn10k_ipsec.c', From patchwork Thu Sep 2 13:42:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97813 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3A8D4A0C4C; Thu, 2 Sep 2021 15:44:08 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C1B7640E2D; Thu, 2 Sep 2021 15:44:05 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4130940142 for ; Thu, 2 Sep 2021 15:44:04 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18281DLc011516 for ; Thu, 2 Sep 2021 06:44:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=S2MbwPoLkDnW/QIzkYG0Lyov7qPQDNmYALRJeGGRgcE=; b=FfUFpzotWiG31DkcayMLYLSTloN0cDjfECsifl9CObFWXHtwfRWV2WwIH2SBs7P8BR+G 4t0Yy2z8sih2dGzZT0IAfraTHPXMFGShOlUalvkINhBv22hknE0BQ0UE9IqJMsJTnCa+ n5Lik1hnSj5rO2z9w4dupYL9aFii2A3JGC3zUT3/zrWAVukYD7rKKm761EoTpp/YnnDV 1FhFreu87LV3nCYtHRKHDjcM77kkocURFVkvFzb6iPJX3xnGMDzIDVnvywrLEVq+SI4A cTXS9kLAgnY8LdZEHEkD9EgQf7kqX8BSDg8mAT5Wr1o6Co/by0x4GhBknMhCf7DJAlHU Dg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3attqmh4fu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:44:03 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:44:01 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:44:01 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 1B69D3F705E; Thu, 2 Sep 2021 06:43:58 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:50 +0530 Message-ID: <20210902134254.28373-5-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: lq_xQgiJLCRc9UoApHd8Pesvb5t1R9P2 X-Proofpoint-ORIG-GUID: lq_xQgiJLCRc9UoApHd8Pesvb5t1R9P2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 4/8] crypto/cnxk: add cn9k IPsec outbound session create function X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding logic for IPsec outbound session creation. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_ipsec.c | 143 +++++++++++++++++++++++++++++-- drivers/crypto/cnxk/cn9k_ipsec.h | 17 ++++ 2 files changed, 155 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index dd02cc7764..52fbc5e350 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -3,6 +3,7 @@ */ #include +#include #include #include @@ -275,12 +276,144 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, struct rte_crypto_sym_xform *crypto_xform, struct rte_security_session *sec_sess) { - RTE_SET_USED(qp); - RTE_SET_USED(ipsec); - RTE_SET_USED(crypto_xform); - RTE_SET_USED(sec_sess); + struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; + struct roc_ie_on_ip_template *template = NULL; + struct cnxk_cpt_inst_tmpl *inst_tmpl; + struct roc_ie_on_outb_sa *out_sa; + struct cn9k_sec_session *sess; + struct roc_ie_on_sa_ctl *ctl; + struct cn9k_ipsec_sa *sa; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip4; + const uint8_t *auth_key; + union cpt_inst_w4 w4; + union cpt_inst_w7 w7; + int auth_key_len = 0; + size_t ctx_len; + int ret; - return 0; + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + out_sa = &sa->out_sa; + ctl = &out_sa->common_sa.ctl; + + memset(sa, 0, sizeof(struct cn9k_ipsec_sa)); + + /* Initialize lookaside IPsec private data */ + sa->dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; + /* Start ip id from 1 */ + sa->ip_id = 1; + sa->seq_lo = 1; + sa->seq_hi = 0; + + ret = fill_ipsec_common_sa(ipsec, crypto_xform, &out_sa->common_sa); + if (ret) + return ret; + + ret = cnxk_ipsec_outb_rlens_get(&sa->rlens, ipsec, crypto_xform); + if (ret) + return ret; + + if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) { + template = &out_sa->aes_gcm.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template); + } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) { + template = &out_sa->sha1.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, sha1.template); + } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA2_256) { + template = &out_sa->sha2.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, sha2.template); + } else { + return -EINVAL; + } + + ip4 = (struct rte_ipv4_hdr *)&template->ip4.ipv4_hdr; + if (ipsec->options.udp_encap) { + ip4->next_proto_id = IPPROTO_UDP; + template->ip4.udp_src = rte_be_to_cpu_16(4500); + template->ip4.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip4->next_proto_id = IPPROTO_ESP; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + ctx_len += sizeof(template->ip4); + + ip4->version_ihl = RTE_IPV4_VHL_DEF; + ip4->time_to_live = ipsec->tunnel.ipv4.ttl; + ip4->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2); + if (ipsec->tunnel.ipv4.df) + ip4->fragment_offset = BIT(14); + memcpy(&ip4->src_addr, &ipsec->tunnel.ipv4.src_ip, + sizeof(struct in_addr)); + memcpy(&ip4->dst_addr, &ipsec->tunnel.ipv4.dst_ip, + sizeof(struct in_addr)); + } else if (ipsec->tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV6) { + ctx_len += sizeof(template->ip6); + + ip6 = (struct rte_ipv6_hdr *)&template->ip6.ipv6_hdr; + if (ipsec->options.udp_encap) { + ip6->proto = IPPROTO_UDP; + template->ip6.udp_src = rte_be_to_cpu_16(4500); + template->ip6.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip6->proto = (ipsec->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? + IPPROTO_ESP : + IPPROTO_AH; + } + ip6->vtc_flow = + rte_cpu_to_be_32(0x60000000 | + ((ipsec->tunnel.ipv6.dscp + << RTE_IPV6_HDR_TC_SHIFT) & + RTE_IPV6_HDR_TC_MASK) | + ((ipsec->tunnel.ipv6.flabel + << RTE_IPV6_HDR_FL_SHIFT) & + RTE_IPV6_HDR_FL_MASK)); + ip6->hop_limits = ipsec->tunnel.ipv6.hlimit; + memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr, + sizeof(struct in6_addr)); + memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr, + sizeof(struct in6_addr)); + } + } else + ctx_len += sizeof(template->ip4); + + ctx_len += RTE_ALIGN_CEIL(ctx_len, 8); + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->cipher_iv_off = crypto_xform->aead.iv.offset; + sa->cipher_iv_len = crypto_xform->aead.iv.length; + } else { + sa->cipher_iv_off = crypto_xform->cipher.iv.offset; + sa->cipher_iv_len = crypto_xform->cipher.iv.length; + + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + memcpy(out_sa->sha1.hmac_key, auth_key, auth_key_len); + else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + memcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len); + } + + inst_tmpl = &sa->inst; + + w4.u64 = 0; + w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC; + w4.s.opcode_minor = ctx_len >> 3; + w4.s.param1 = ROC_IE_ON_PER_PKT_IV; + inst_tmpl->w4 = w4.u64; + + w7.u64 = 0; + w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + w7.s.cptr = rte_mempool_virt2iova(out_sa); + inst_tmpl->w7 = w7.u64; + + return cn9k_cpt_enq_sa_write( + sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len); } static int diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h index 0fe78df49b..13d522ec6f 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.h +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -6,6 +6,7 @@ #define __CN9K_IPSEC_H__ #include "cnxk_ipsec.h" +#include "cnxk_security.h" struct cn9k_ipsec_sa { union { @@ -18,6 +19,22 @@ struct cn9k_ipsec_sa { enum rte_security_ipsec_sa_direction dir; /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; + /** Cipher IV offset in bytes */ + uint16_t cipher_iv_off; + /** Cipher IV length in bytes */ + uint8_t cipher_iv_len; + /** Response length calculation data */ + struct cnxk_ipsec_outb_rlens rlens; + /** Outbound IP-ID */ + uint16_t ip_id; + /** ESN */ + union { + uint64_t esn; + struct { + uint32_t seq_lo; + uint32_t seq_hi; + }; + }; }; struct cn9k_sec_session { From patchwork Thu Sep 2 13:42:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97814 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E136BA0C4C; Thu, 2 Sep 2021 15:44:15 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 606C2406A3; Thu, 2 Sep 2021 15:44:09 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 4136A40041 for ; Thu, 2 Sep 2021 15:44:08 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1825LHm0028342 for ; Thu, 2 Sep 2021 06:44:07 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=J94Py4agDQfq3Bdn271Ljnmz+xrBCSTYt2PAylEg6Yg=; b=Ev9L4YhH4Lsnl6z/OljY0SfxTKMiPwJ0ipBdS8EKR6ZdHB1k6ra+eDffgv6gI7TmAEYF wz+OTqbviVoG1Xk+bOuMJiGB3UIoiqWa1hZn4qca6eeIBHfrMzI6HHlr8EzTOzHVgefY x01T7u0P1SIWJlHj+6BWJWB5kV58skLcRemzIKsbnFD4E5gC2Y6DbPMwixXfx3rcSKo0 dnYFTRn6clIjjRwFoiTbVcPb/JyexYPFXmRhYbpB6RtKGQuTJfzj+NdnhQSCtqYzqOB5 hcWl1sx47fTY3lFXhYPMJVCmWxU/WpaPi3xwobNtPkctrpY/3UrX2HtoKUvzTNUTMN9C fw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3atrd2hs0u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:44:07 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:44:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:44:06 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 911D23F7065; Thu, 2 Sep 2021 06:44:03 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:51 +0530 Message-ID: <20210902134254.28373-6-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: -QIKmMl9AKnOgrANIR1_d8Iphasmz-gE X-Proofpoint-ORIG-GUID: -QIKmMl9AKnOgrANIR1_d8Iphasmz-gE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 5/8] crypto/cnxk: add cn9k IPsec inbound session create function X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding logic for IPsec inbound session creation. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_ipsec.c | 64 +++++++++++++++++++++++++++++--- 1 file changed, 59 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 52fbc5e350..76d81e83a5 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -422,12 +422,66 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, struct rte_crypto_sym_xform *crypto_xform, struct rte_security_session *sec_sess) { - RTE_SET_USED(qp); - RTE_SET_USED(ipsec); - RTE_SET_USED(crypto_xform); - RTE_SET_USED(sec_sess); + struct rte_crypto_sym_xform *auth_xform = crypto_xform; + struct cnxk_cpt_inst_tmpl *inst_tmpl; + struct roc_ie_on_inb_sa *in_sa; + struct cn9k_sec_session *sess; + struct cn9k_ipsec_sa *sa; + const uint8_t *auth_key; + union cpt_inst_w4 w4; + union cpt_inst_w7 w7; + int auth_key_len = 0; + size_t ctx_len = 0; + int ret; - return 0; + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + in_sa = &sa->in_sa; + + memset(sa, 0, sizeof(struct cn9k_ipsec_sa)); + + sa->dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + + ret = fill_ipsec_common_sa(ipsec, crypto_xform, &in_sa->common_sa); + if (ret) + return ret; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + ctx_len = offsetof(struct roc_ie_on_inb_sa, + sha1_or_gcm.hmac_key[0]); + } else { + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + memcpy(in_sa->sha1_or_gcm.hmac_key, auth_key, + auth_key_len); + ctx_len = offsetof(struct roc_ie_on_inb_sa, + sha1_or_gcm.selector); + } else if (auth_xform->auth.algo == + RTE_CRYPTO_AUTH_SHA256_HMAC) { + memcpy(in_sa->sha2.hmac_key, auth_key, auth_key_len); + ctx_len = offsetof(struct roc_ie_on_inb_sa, + sha2.selector); + } + } + + inst_tmpl = &sa->inst; + + w4.u64 = 0; + w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC; + w4.s.opcode_minor = ctx_len >> 3; + inst_tmpl->w4 = w4.u64; + + w7.u64 = 0; + w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + w7.s.cptr = rte_mempool_virt2iova(in_sa); + inst_tmpl->w7 = w7.u64; + + ret = cn9k_cpt_enq_sa_write( + sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len); + + return ret; } static inline int From patchwork Thu Sep 2 13:42:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97815 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9B62FA0C4C; Thu, 2 Sep 2021 15:44:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9275D410EA; Thu, 2 Sep 2021 15:44:14 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4D92440E64 for ; Thu, 2 Sep 2021 15:44:13 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18280wb9011170 for ; Thu, 2 Sep 2021 06:44:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=GCROpATEU3YCxjquoBFH31KH09yRyzp5CMOvefBxqHM=; b=W/r+a+6lyFnNuxd7sbfby2M1X/WFvtn6V5XJp1AV1gXEPAMsx7WU35K1v6k/taoXInM/ htXaDc/Yo3HGRjSd+gzihB99+siz4njEdWtaB4H+Suf2IAOoNZimYbsZZ/VPMaloNpXr H1hJy50/VHCff9eWaJtt8fyR8YclYuN18MySAbO8u5QLHC/8D6gR3E2lGYFfsdwVWNJ4 adLlJGGSCC7OfR6pZJg81yYeUb9R1blW6qugfWDNQ/uRhliDPOyzA+xRuWZDZe4YbprY VJWgA2BpWF6+AFHH6QuV+K80IB+WnTJvCowHlrjqFWG3NGYGZZt+QSepZENoxLt4Z7vp Xw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3attqmh4gh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:44:12 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:44:10 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:44:10 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id E2C7C3F705F; Thu, 2 Sep 2021 06:44:07 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:52 +0530 Message-ID: <20210902134254.28373-7-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 7NwyFjtsZ5ynCoq09rxYiXrRZbukpek_ X-Proofpoint-ORIG-GUID: 7NwyFjtsZ5ynCoq09rxYiXrRZbukpek_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 6/8] crypto/cnxk: add cn9k lookaside IPsec datapath X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adds support for cn9k lookaside enqueue and dequeue operations. Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 78 +++++++++++++++++++- drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 90 ++++++++++++++++++++++++ 2 files changed, 166 insertions(+), 2 deletions(-) create mode 100644 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index 8ade1977e1..40109acc3f 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -5,10 +5,13 @@ #include #include #include +#include #include #include "cn9k_cryptodev.h" #include "cn9k_cryptodev_ops.h" +#include "cn9k_ipsec.h" +#include "cn9k_ipsec_la_ops.h" #include "cnxk_ae.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" @@ -34,6 +37,36 @@ cn9k_cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, return ret; } +static __rte_always_inline int __rte_hot +cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, + struct cpt_inflight_req *infl_req, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + struct cn9k_sec_session *priv; + struct cn9k_ipsec_sa *sa; + + if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { + plt_dp_err("Out of place is not supported"); + return -ENOTSUP; + } + + if (unlikely(!rte_pktmbuf_is_contiguous(sym_op->m_src))) { + plt_dp_err("Scatter Gather mode is not supported"); + return -ENOTSUP; + } + + priv = get_sec_session_private_data(op->sym->sec_session); + sa = &priv->sa; + + if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + return process_outb_sa(op, sa, inst); + + infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND; + + return process_inb_sa(op, sa, inst); +} + static inline struct cnxk_se_sess * cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) { @@ -80,7 +113,10 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, sym_op->session, cn9k_cryptodev_driver_id); ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req, inst); - } else { + inst->w7.u64 = sess->cpt_inst_w7; + } else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) + ret = cn9k_cpt_sec_inst_fill(op, infl_req, inst); + else { sess = cn9k_cpt_sym_temp_sess_create(qp, op); if (unlikely(sess == NULL)) { plt_dp_err("Could not create temp session"); @@ -94,8 +130,8 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, op->sym->session); rte_mempool_put(qp->sess_mp, op->sym->session); } + inst->w7.u64 = sess->cpt_inst_w7; } - inst->w7.u64 = sess->cpt_inst_w7; } else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { struct rte_crypto_asym_op *asym_op; struct cnxk_ae_sess *sess; @@ -348,6 +384,39 @@ cn9k_cpt_crypto_adapter_enqueue(uintptr_t tag_op, struct rte_crypto_op *op) return 1; } +static inline void +cn9k_cpt_sec_post_process(struct rte_crypto_op *cop, + struct cpt_inflight_req *infl_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip; + uint16_t m_len = 0; + char *data; + + if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) { + data = rte_pktmbuf_mtod(m, char *); + + ip = (struct rte_ipv4_hdr *)(data + ROC_IE_ON_INB_RPTR_HDR); + + if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == + IPVERSION) { + m_len = rte_be_to_cpu_16(ip->total_length); + } else { + PLT_ASSERT(((ip->version_ihl & 0xf0) >> + RTE_IPV4_IHL_MULTIPLIER) == 6); + ip6 = (struct rte_ipv6_hdr *)ip; + m_len = rte_be_to_cpu_16(ip6->payload_len) + + sizeof(struct rte_ipv6_hdr); + } + + m->data_len = m_len; + m->pkt_len = m_len; + m->data_off += ROC_IE_ON_INB_RPTR_HDR; + } +} + static inline void cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, struct cpt_inflight_req *infl_req) @@ -370,6 +439,11 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + cn9k_cpt_sec_post_process(cop, infl_req); + return; + } + /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_AUTH_VERIFY)) { diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h new file mode 100644 index 0000000000..b7a88e1b35 --- /dev/null +++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN9K_IPSEC_LA_OPS_H__ +#define __CN9K_IPSEC_LA_OPS_H__ + +#include +#include + +#include "cn9k_ipsec.h" + +static __rte_always_inline int32_t +ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = RTE_ALIGN_CEIL(plen + sa->rlens.roundup_len, + sa->rlens.roundup_byte); + + return sa->rlens.partial_len + enc_payload_len; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr); + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen, rlen, extend_tail; + struct roc_ie_on_outb_sa *out_sa; + struct roc_ie_on_outb_hdr *hdr; + + out_sa = &sa->out_sa; + + dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len; + rlen = ipsec_po_out_rlen_get(sa, dlen - hdr_len); + + extend_tail = rlen - dlen; + if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) { + plt_dp_err("Not enough tail room"); + return -ENOMEM; + } + + m_src->data_len += extend_tail; + m_src->pkt_len += extend_tail; + + hdr = (struct roc_ie_on_outb_hdr *)rte_pktmbuf_prepend(m_src, hdr_len); + if (unlikely(hdr == NULL)) { + plt_dp_err("Not enough head room"); + return -ENOMEM; + } + + memcpy(&hdr->iv[0], + rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off), + sa->cipher_iv_len); + hdr->seq = rte_cpu_to_be_32(sa->seq_lo); + hdr->ip_id = rte_cpu_to_be_32(sa->ip_id); + + out_sa->common_sa.esn_hi = sa->seq_hi; + + sa->ip_id++; + sa->esn++; + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4 | dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + inst->w7.u64 = sa->inst.w7; + + return 0; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src); + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + inst->w7.u64 = sa->inst.w7; + + return 0; +} +#endif /* __CN9K_IPSEC_LA_OPS_H__ */ From patchwork Thu Sep 2 13:42:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97816 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 47BB3A0C4C; Thu, 2 Sep 2021 15:44:27 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C2F2F40141; Thu, 2 Sep 2021 15:44:19 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E170740696 for ; Thu, 2 Sep 2021 15:44:17 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1825LHBp028347 for ; Thu, 2 Sep 2021 06:44:17 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=NzafTWgiJCCn9Ui7/pCgyxce8RdEqfUnl/fixgdnj1w=; b=EUr8HBRVD2V2xjJ+o1n2YoXlexxHPl6aJop4Z05luzFI8PX9cbGgwa4vIrxE7OsFQN4z WEy2H6TiRNZY65TExgPf2XLzzACRzm4cTE6o32vfWstOrjmDAQnv5MlVd+lFgZ2jGRge gxcb6JfwKnp/WK+Ce5ghCJxWuLzHqcT34lnppZ8t73vJEhxFFl4KKje4J8Gi5rUbGUbh DZhth2RfSyjTABcaFeE7EUMVXlmh0AV4i369HMfKgcmRMwrBHLUcwMbqzO6oDdxWSHbI Gw2Q2dwNTkzSWShezj54JVkizmkvUo5VWw5NDbP7MLpUZqehF959Quk2y3pCzdABtq7x dg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3atrd2hs1c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:44:17 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:44:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:44:15 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id EFE903F705F; Thu, 2 Sep 2021 06:44:12 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , Date: Thu, 2 Sep 2021 19:12:53 +0530 Message-ID: <20210902134254.28373-8-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: IrIp0WfdehxGRTk9TqlfYoUB1BKRtGnV X-Proofpoint-ORIG-GUID: IrIp0WfdehxGRTk9TqlfYoUB1BKRtGnV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 7/8] crypto/cnxk: update tailroom requirement X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update min tailroom to reflect IPsec additions. PMD crypto_cn9k & crypto_cn10k would have packet grow into tailroom post IPsec processing. Signed-off-by: Archana Muniganti --- drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 2 +- drivers/crypto/cnxk/cnxk_cryptodev_ops.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c index 440dbc3adb..957c78063f 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c @@ -155,7 +155,7 @@ cnxk_cpt_dev_info_get(struct rte_cryptodev *dev, info->capabilities = cnxk_crypto_capabilities_get(vf); info->sym.max_nb_sessions = 0; info->min_mbuf_headroom_req = CNXK_CPT_MIN_HEADROOM_REQ; - info->min_mbuf_tailroom_req = 0; + info->min_mbuf_tailroom_req = CNXK_CPT_MIN_TAILROOM_REQ; } static void diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h index 0d02d44799..c5332dec53 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h @@ -11,6 +11,7 @@ #include "roc_api.h" #define CNXK_CPT_MIN_HEADROOM_REQ 24 +#define CNXK_CPT_MIN_TAILROOM_REQ 102 /* Default command timeout in seconds */ #define DEFAULT_COMMAND_TIMEOUT 4 From patchwork Thu Sep 2 13:42:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 97817 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E7FEEA0C4C; Thu, 2 Sep 2021 15:44:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F3456410E3; Thu, 2 Sep 2021 15:44:22 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 962C340DF7 for ; Thu, 2 Sep 2021 15:44:21 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1825LIh9028455 for ; Thu, 2 Sep 2021 06:44:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=zVh/gI1qjGrKQrPC9Y67vJ7utDu/MPToWVcV3pGtaKs=; b=P6q5ItbU9k6/kA6ij1iR5bYA18cO+90T3gX3HDa8LNxNZwrrag1IjeWN0QzBdgsQC/lj MBFYLRiYA6GBVFOMectHgd6DPoIgQBgAcb9LU/6LTd/wZzBht3gPKJMso80391645Sgw 4uWtq3Kl5+GM7MMIYWYFL6HnYvVnU8DCmlQu1W8NvqP2lPJUmYIZTDnjsijUnJLNzaEq AsqGwYozJ9t1DRoKMDT5z/rDNFobaPSpMP6KjxCtnP0J/BpP0zmc1uMtSVJujNtcGXHA 61pLOZMnJBLIvqsBbpOdcGb5unU9tU8hPsI36h3teLwImVLx4taVNzaXuXrhzD6fPdYm pQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3atrd2hs1h-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:44:20 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:44:19 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:44:19 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 027663F7065; Thu, 2 Sep 2021 06:44:16 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:54 +0530 Message-ID: <20210902134254.28373-9-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: B0yFPmO-Ri7eeRitA0WGKPlI8j-IrwA3 X-Proofpoint-ORIG-GUID: B0yFPmO-Ri7eeRitA0WGKPlI8j-IrwA3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 8/8] crypto/cnxk: update feature flag for cn9k lookaside IPsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update device feature flag to support lookaside IPsec for cn9k. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- doc/guides/cryptodevs/cnxk.rst | 14 ++++++++++++-- doc/guides/cryptodevs/features/cn9k.ini | 1 + doc/guides/rel_notes/release_21_11.rst | 3 +++ drivers/crypto/cnxk/cnxk_cryptodev.c | 6 ++---- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 1eb72282db..752316fd37 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -222,10 +222,20 @@ This feature can be tested with ipsec-secgw sample application. Supported OCTEON cnxk SoCs ~~~~~~~~~~~~~~~~~~~~~~~~~~ +- CN9XX - CN10XX -Features supported -~~~~~~~~~~~~~~~~~~ +CN9XX Features supported +~~~~~~~~~~~~~~~~~~~~~~~~ + +* IPv4 +* ESP +* Tunnel mode +* UDP Encapsulation +* AES-128/192/256-GCM + +CN10XX Features supported +~~~~~~~~~~~~~~~~~~~~~~~~~ * IPv4 * ESP diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini index d69dbe8512..dd935d439d 100644 --- a/doc/guides/cryptodevs/features/cn9k.ini +++ b/doc/guides/cryptodevs/features/cn9k.ini @@ -8,6 +8,7 @@ Symmetric crypto = Y Asymmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y +Protocol offload = Y In Place SGL = Y OOP SGL In LB Out = Y OOP SGL In SGL Out = Y diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 70dd1c52f7..96adb93cff 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -61,6 +61,9 @@ New Features * Added transport mode in lookaside protocol (IPsec). * Added UDP encapsulation in lookaside protocol (IPsec). +* **Updated Marvell cn9k_crypto PMD.** + + * Added support for lookaside protocol (IPsec) offload. Removed Items ------------- diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c index 9c7dc6297a..5c7801ec48 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev.c @@ -21,10 +21,8 @@ cnxk_cpt_default_ff_get(void) RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; - - if (roc_model_is_cn10k()) - ff |= RTE_CRYPTODEV_FF_SECURITY; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_SECURITY; return ff; }