From patchwork Fri May 31 16:14:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 53963 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B92D01B997; Fri, 31 May 2019 18:14:49 +0200 (CEST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780041.outbound.protection.outlook.com [40.107.78.41]) by dpdk.org (Postfix) with ESMTP id 9F7E91B957 for ; Fri, 31 May 2019 18:14:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector1-AQUANTIA1COM-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yJf5+83cts6XcFT6Uu6ok+FtrxTz5ahmGfrPl+50Ui4=; b=AHq3kI7XxU4H9ZH9PEY+6kA3owDDJR3fVdbbPLq5/gWxHucFkwriAmwdv/90VhoGkeCdBxbXkucdV88xRE1/eD3vPIiSotrEhowT+oEsI8R2d0S4KfslvBsqQxf9oXV2Y85gwfmfv7XdjYqkiT5psB7l7S4yVpVr/FGc0vQnJnI= Received: from MWHPR11MB1968.namprd11.prod.outlook.com (10.175.54.143) by MWHPR11MB1262.namprd11.prod.outlook.com (10.169.236.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.23; Fri, 31 May 2019 16:14:45 +0000 Received: from MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437]) by MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437%3]) with mapi id 15.20.1943.016; Fri, 31 May 2019 16:14:44 +0000 From: Igor Russkikh To: "dev@dpdk.org" CC: "ferruh.yigit@intel.com" , Pavel Belous , John McNamara , Konstantin Ananyev , Thomas Monjalon , Akhil Goyal , Declan Doherty , Igor Russkikh Thread-Topic: [RFC 1/5] security: MACSEC infrastructure data declarations Thread-Index: AQHVF8v1jmuO5D5LP0mOLcTsnd3wtQ== Date: Fri, 31 May 2019 16:14:44 +0000 Message-ID: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0401CA0056.eurprd04.prod.outlook.com (2603:10a6:3:19::24) To MWHPR11MB1968.namprd11.prod.outlook.com (2603:10b6:300:111::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Igor.Russkikh@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9239e69a-6fdb-4f24-6f16-08d6e5e31785 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MWHPR11MB1262; x-ms-traffictypediagnostic: MWHPR11MB1262: x-ms-exchange-purlcount: 1 x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5797; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39850400004)(366004)(346002)(376002)(189003)(199004)(256004)(14444005)(5024004)(50226002)(66946007)(81166006)(8676002)(44832011)(81156014)(14454004)(7736002)(478600001)(72206003)(5660300002)(1730700003)(476003)(2351001)(2616005)(26005)(66446008)(71200400001)(186003)(7110500001)(73956011)(71190400001)(68736007)(966005)(66556008)(15650500001)(66476007)(64756008)(118296001)(2420400007)(2501003)(25786009)(99286004)(6916009)(305945005)(6116002)(6436002)(4326008)(5640700003)(6512007)(3846002)(6306002)(102836004)(52116002)(36756003)(2906002)(8936002)(86362001)(6506007)(54906003)(316002)(107886003)(66066001)(386003)(53936002)(6486002)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1262; H:MWHPR11MB1968.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ERngUgjTDXyfUWQRdUHPf5yP3o29zYr+vuLz17eFDC6BYp9lip7vTOXi4Olqh2JDsMP9/PExHVkfLT8YFuRCSP6bo1E+85CwHS4Dm15Sb38dBtAHxTjq0xt+4b/mlGC+xJ4Xl7VedAXTXmfgeXTDhq4JVgJzCKIp6ing26lBbEdW4B4lvML3bR+znwz1tnfYxx3dXJumGoxZEl282Z9MZiEsEn9pyn5a/1DVBUY05rMuu1ZefIKla0WnvIouLohy+K1uqx21v1GUzLRkOkVg3wAoEJb9/QE26m06VDMdpX7ybyEcLiIEPYRu5CGSO0POGnjf36+K76WZrKN0nEguWiFjCLiGI6uodtQNCpSux3hwv4uGxwYE01+X9jPANCBxxqFjyMzEdhLYotMVH65geJAxmJUjHW9sW55njlJh1LE= MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9239e69a-6fdb-4f24-6f16-08d6e5e31785 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2019 16:14:44.7912 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: irusski@aquantia.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 Subject: [dpdk-dev] [RFC 1/5] security: MACSEC infrastructure data declarations X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This RFC suggest possible API to implement generic MACSEC HW offload in DPDK infrastructure. Right now two PMDs implementing MACSEC hw offload via private API: ixgbe (Intel) and atlantic (Aquantia). During that private API discussion it was decided to go further with well defined public API, based most probably on rte_security infrastructure. Here is that previous discussion: http://inbox.dpdk.org/dev/20190416101145.nVecHKp3w14Ptd_hne-DqHhKyzbre88PwNI-OAowXJM@z/ Declaring macsec API via rte_security gives a good data-centric view on parameters and operations macsec supports. Old, pure functional API (basically ixbe only API) presented function calls with big argument lists which is hard to extend and analyse. However, I'd like to note rte_security has to be used via explicitly created mempools - this hardens abit the usage. It also may be hard to extend the structures in the ABI compatible way. One of the problems with MACSEC is that internally implementation and hardware support could be either very simple, doing only endpoint encryption with a single TX SC (Secure Connection), or quite complex, capable to do flexible filtering and SC matching based on mac, vlan, ethertype and other. Different macsec hardware supports some custom features and from our experience users would like to configure these as well. Therefore there will probably be needed a number of PMD specific macsec operators support. Examples include: custom in-the-clear tag (matched by vlan id or mask), configurable internal logic to allow both secure and unsecure traffic, bypass filters on specific ethertypes. To support such extensions, suggest use rte_security_macsec_op enum with vendor specific operation codes. In context of rte_security, MACSEC operations should normally be based on security session create and update calls. Session create is used to setup overall session. Thats equivalent of old `macsec enable` operation. Session update is used to update security connections and associations. Here xform->op contains the required operation: rx/tx session/association add/update/removal. This RFC contains: - patch 1 is rte_security data structures declaration - patches 2-4 is a draft on how testpmd based invocations of rte_security API will look like - patch 5 is a draft on how PMD driver will implement security infrastructure To be done/decide: - testpmd macsec command layout changes: encryption and repl protection are properties of SC, not the overall connection. - add missing documentation and comments to all the structures - full testpmd macsec API adoption - ixgbe api adoptation - atlantic api adiptation - decide on how to declare SA (Security Associations) auto rollover and some other important features. - interrupt event callback detalization of possible macsec events. Notice that it is not a part of rte_security, but a part of rte_ethdev. - macsec statistics is now part of xstats list. Alternatively it could be moved to rte_security statistics. The hard thing is that stats are often available per SC/SA, a special API is required to fetch that. Signed-off-by: Igor Russkikh --- lib/librte_security/meson.build | 2 +- lib/librte_security/rte_security.h | 115 ++++++++++++++++++++++++++++- 2 files changed, 113 insertions(+), 4 deletions(-) diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build index a5130d2f6d1e..10877d3ae544 100644 --- a/lib/librte_security/meson.build +++ b/lib/librte_security/meson.build @@ -4,4 +4,4 @@ version = 2 sources = files('rte_security.c') headers = files('rte_security.h', 'rte_security_driver.h') -deps += ['mempool', 'cryptodev'] +deps += ['mempool', 'cryptodev', 'net'] diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index 76f54e0e05bb..a3a9204fb62d 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -29,6 +29,7 @@ extern "C" { #include #include #include +#include /** IPSec protocol mode */ enum rte_security_ipsec_sa_mode { @@ -197,12 +198,87 @@ struct rte_security_ipsec_xform { /**< ESN for which the overflow event need to be raised */ }; +/** + * MACSEC global configuration parameters + * + */ +struct rte_security_macsec_param { + uint8_t enabled; +}; + +/** + * MACSEC SC (Secure Connection) parameters + * + */ +struct rte_security_macsec_txsc_param { + struct ether_addr s_mac; + /**< local side mac address */ + struct ether_addr d_mac; + /**< remote side mac address */ + uint32_t sci; + uint32_t tci; + uint8_t encrypt; + uint8_t protect; +}; + +struct rte_security_macsec_rxsc_param { + struct ether_addr s_mac, d_mac; + /**< remote side mac address */ + uint8_t replay_protection; + /**< replay protection */ + uint32_t anti_replay_window; + /**< anti replay window */ + uint16_t port_ident; + /**< remote side port identifier */ + uint8_t auto_rollover_enabled; +}; + +struct rte_security_macsec_sa_param { + uint8_t sa_idx; + uint8_t an; + uint32_t packet_number; + uint8_t key_len; + uint8_t key[32]; +}; + +/** + * Available operations over MACSEC instance + */ +enum rte_security_macsec_op { + RTE_SECURITY_MACSEC_OP_CONFIG, + + RTE_SECURITY_MACSEC_OP_ADD_TXSC, + RTE_SECURITY_MACSEC_OP_DEL_TXSC, + RTE_SECURITY_MACSEC_OP_UPD_TXSC, + + RTE_SECURITY_MACSEC_OP_ADD_RXSC, + RTE_SECURITY_MACSEC_OP_DEL_RXSC, + RTE_SECURITY_MACSEC_OP_UPD_RXSC, + + RTE_SECURITY_MACSEC_OP_ADD_TXSA, + RTE_SECURITY_MACSEC_OP_DEL_TXSA, + RTE_SECURITY_MACSEC_OP_UPD_TXSA, + + RTE_SECURITY_MACSEC_OP_ADD_RXSA, + RTE_SECURITY_MACSEC_OP_DEL_RXSA, + RTE_SECURITY_MACSEC_OP_UPD_RXSA, + + RTE_SECURITY_MACSEC_OP_STATS, + + RTE_SECURITY_MACSEC_OP_VENDOR = 0x100, +}; + /** * MACsec security session configuration */ struct rte_security_macsec_xform { - /** To be Filled */ - int dummy; + enum rte_security_macsec_op op; + union { + struct rte_security_macsec_param config_options; + struct rte_security_macsec_txsc_param txsc_options; + struct rte_security_macsec_rxsc_param rxsc_options; + struct rte_security_macsec_sa_param sa_options; + }; }; /** @@ -467,7 +543,40 @@ rte_security_attach_session(struct rte_crypto_op *op, } struct rte_security_macsec_stats { - uint64_t reserved; + /* Ingress Common Counters */ + uint64_t in_ctl_pkts; + uint64_t in_tagged_miss_pkts; + uint64_t in_untagged_miss_pkts; + uint64_t in_notag_pkts; + uint64_t in_untagged_pkts; + uint64_t in_bad_tag_pkts; + uint64_t in_no_sci_pkts; + uint64_t in_unknown_sci_pkts; + /* Ingress SA Counters */ + uint64_t in_untagged_hit_pkts; + uint64_t in_not_using_sa; + uint64_t in_unused_sa; + uint64_t in_not_valid_pkts; + uint64_t in_invalid_pkts; + uint64_t in_ok_pkts; + uint64_t in_unchecked_pkts; + uint64_t in_validated_octets; + uint64_t in_decrypted_octets; + /* Egress Common Counters */ + uint64_t out_ctl_pkts; + uint64_t out_unknown_sa_pkts; + uint64_t out_untagged_pkts; + uint64_t out_too_long; + /* Egress SC Counters */ + uint64_t out_sc_protected_pkts; + uint64_t out_sc_encrypted_pkts; + uint64_t out_sc_protected_octets; + uint64_t out_sc_encrypted_octets; + /* Egress SA Counters */ + uint64_t out_sa_hit_drop_redirect; + uint64_t out_sa_protected2_pkts; + uint64_t out_sa_protected_pkts; + uint64_t out_sa_encrypted_pkts; }; struct rte_security_ipsec_stats { From patchwork Fri May 31 16:14:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 53964 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8C5CE1B9AF; Fri, 31 May 2019 18:14:52 +0200 (CEST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780070.outbound.protection.outlook.com [40.107.78.70]) by dpdk.org (Postfix) with ESMTP id B164D1B9A3 for ; Fri, 31 May 2019 18:14:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector1-AQUANTIA1COM-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+txudga9IkJsAbOf6uTW8RF1f46g7d5lM1nzilNBvlY=; b=ZSzJmJJeIFKzbHotuHlbbV7YdzpcqH2q9goAEczGyLROvbYkzZwvF+PjIkNxMfwXG3lYPrKjlg+863bEbHD7PdDQKa3jMhzvQA6aX2QcuMdV8jTI0AGD6XgFpgE4ZkSxgHXazNxzfmCgyEZhAcSbaQDwygarp49NCThf7sY7dqI= Received: from MWHPR11MB1968.namprd11.prod.outlook.com (10.175.54.143) by MWHPR11MB1262.namprd11.prod.outlook.com (10.169.236.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.23; Fri, 31 May 2019 16:14:48 +0000 Received: from MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437]) by MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437%3]) with mapi id 15.20.1943.016; Fri, 31 May 2019 16:14:48 +0000 From: Igor Russkikh To: "dev@dpdk.org" CC: "ferruh.yigit@intel.com" , Pavel Belous , John McNamara , Konstantin Ananyev , Thomas Monjalon , Akhil Goyal , Declan Doherty , Igor Russkikh Thread-Topic: [RFC 2/5] app/testpmd: macsec on command draft via security context Thread-Index: AQHVF8v4ZNO8ylb0CUKs+MwCwK9cPg== Date: Fri, 31 May 2019 16:14:48 +0000 Message-ID: References: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> In-Reply-To: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0401CA0056.eurprd04.prod.outlook.com (2603:10a6:3:19::24) To MWHPR11MB1968.namprd11.prod.outlook.com (2603:10b6:300:111::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Igor.Russkikh@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a9a71632-bc50-4a17-1052-08d6e5e31a3b x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MWHPR11MB1262; x-ms-traffictypediagnostic: MWHPR11MB1262: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39850400004)(366004)(346002)(376002)(189003)(199004)(256004)(14444005)(50226002)(66946007)(81166006)(8676002)(11346002)(44832011)(81156014)(14454004)(7736002)(478600001)(72206003)(5660300002)(1730700003)(476003)(2351001)(76176011)(2616005)(26005)(66446008)(71200400001)(186003)(73956011)(71190400001)(68736007)(66556008)(15650500001)(66476007)(64756008)(118296001)(2501003)(25786009)(99286004)(6916009)(305945005)(6116002)(6436002)(4326008)(5640700003)(6512007)(3846002)(102836004)(52116002)(36756003)(2906002)(8936002)(446003)(86362001)(6506007)(54906003)(316002)(107886003)(66066001)(386003)(53936002)(6486002)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1262; H:MWHPR11MB1968.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +qVFct2BhUQtGnNwd5WuIaNYESC7AbIjtHHPzyduzrtBi0T22QWKE1N/htjhYTPZ3261d/oTFztIQ/aMk7pjP97ZCW3hH95jjpkKwDomMMqaJ+csaviijZTBGn2MB8FfNxFn4v6Q3QVBIrPJe1zuUyHBm3g03CmZMlZASpMR+6h0G9aQpcQXXrftCfYpoJYkCM8rAyKCPV+yox+OFck2ogmY9nsK/t5tEdCn3afoL2KICtwIfshwDIsZG4zbU1zrNRxxkmSKoPsp2KHV6AjdgOt9JWLHvg+9uoT5AaDJryOdzOIGJ25Bcrke4rTGE+H/OTmRvp8GYpNcqeNja5Ss3oZ6zNRDPKhVLWumnYGAoAIB/IQd4IAio3uL/jO0JxhPhQLDn7Vd0hg2uEXQJScPmaNvqwUwkZF6lS8QtPtcmqY= MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: a9a71632-bc50-4a17-1052-08d6e5e31a3b X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2019 16:14:48.6284 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: irusski@aquantia.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 Subject: [dpdk-dev] [RFC 2/5] app/testpmd: macsec on command draft via security context X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Here we create/get security mempool, get sec_ctx, and then request session creation with macsec specific session configuration. encrypt and replay_protection parameters are really not a global macsec attributes, they are related to tx and rx security connection properties. But we keep testpmd commands structure the same for now and will redesign it in later commits. Signed-off-by: Igor Russkikh --- app/test-pmd/cmdline.c | 54 +++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 8 deletions(-) diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c index c1042dd98214..dbee3d958c2e 100644 --- a/app/test-pmd/cmdline.c +++ b/app/test-pmd/cmdline.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -13991,6 +13992,12 @@ struct cmd_macsec_offload_on_result { cmdline_fixed_string_t rp_on_off; }; +/* Temporary static storage until testpmd macsec commands get reformatted */ +int macsec_encrypt; +int macsec_replay_protection; +struct rte_security_session_conf macsec_conf; +struct rte_security_session *macsec_session; + /* Common CLI fields for MACsec offload disable */ cmdline_parse_token_string_t cmd_macsec_offload_on_set = TOKEN_STRING_INITIALIZER @@ -14029,6 +14036,23 @@ cmdline_parse_token_string_t cmd_macsec_offload_on_rp_on_off = (struct cmd_macsec_offload_on_result, rp_on_off, "on#off"); +static struct rte_mempool *get_security_pool() +{ + struct rte_mempool *pool = rte_mempool_lookup("testpmd_security_pool"); + int session_size = 256; + + if (!pool) { + pool = rte_mempool_create("testpmd_security_pool", + 256, + session_size, + 256, + 0, NULL, NULL, NULL, + NULL, SOCKET_ID_ANY, + 0); + } + return pool; +} + static void cmd_set_macsec_offload_on_parsed( void *parsed_result, @@ -14036,11 +14060,13 @@ cmd_set_macsec_offload_on_parsed( __attribute__((unused)) void *data) { struct cmd_macsec_offload_on_result *res = parsed_result; - int ret = -ENOTSUP; + int ret = 0; + struct rte_security_ctx *ctx; portid_t port_id = res->port_id; int en = (strcmp(res->en_on_off, "on") == 0) ? 1 : 0; int rp = (strcmp(res->rp_on_off, "on") == 0) ? 1 : 0; struct rte_eth_dev_info dev_info; + struct rte_security_session_conf macsec_conf; if (port_id_is_invalid(port_id, ENABLED_WARN)) return; @@ -14049,17 +14075,29 @@ cmd_set_macsec_offload_on_parsed( return; } - rte_eth_dev_info_get(port_id, &dev_info); - if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) { -#ifdef RTE_LIBRTE_IXGBE_PMD - ret = rte_pmd_ixgbe_macsec_enable(port_id, en, rp); -#endif + ctx = rte_eth_dev_get_sec_ctx(port_id); + if (!ctx) { + ret = ENOTSUP; + goto done; + } + + macsec_conf.action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; + macsec_conf.protocol = RTE_SECURITY_PROTOCOL_MACSEC; + /** should be moved to SC properties */ + macsec_encrypt = en; + macsec_replay_protection = rp; + + /* Use of the same mempool for session header and private data */ + macsec_session = rte_security_session_create(ctx, &macsec_conf, get_security_pool()); + + if (macsec_session == NULL) { + ret = -ENOTSUP; } - RTE_SET_USED(en); - RTE_SET_USED(rp); +done: switch (ret) { case 0: + /* TBD: To delete? */ ports[port_id].dev_conf.txmode.offloads |= DEV_TX_OFFLOAD_MACSEC_INSERT; cmd_reconfig_device_queue(port_id, 1, 1); From patchwork Fri May 31 16:14:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 53965 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D3ED21B9A9; Fri, 31 May 2019 18:14:55 +0200 (CEST) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-eopbgr800072.outbound.protection.outlook.com [40.107.80.72]) by dpdk.org (Postfix) with ESMTP id 057781B957 for ; Fri, 31 May 2019 18:14:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector1-AQUANTIA1COM-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UpDxYPge02aAyK4hIFAqyXmAncC6mNZSWnSTl+fs5zQ=; b=MoCnWdnSJ5XJhH08ROpmV9YHEk0YRz0e3EkZpQ4Tk1PRdm+rd5PNBc11aEJ2A6/s5O/qoAZihzp4pnTrNsQhl8IhRzKlGhzYM26cOCB2fWfzWYsOjlR5zZJt89bpsf1zhNHbNulXyGRyqP9jegrC4dUhveKegvpfkRb0vc6zDrE= Received: from MWHPR11MB1968.namprd11.prod.outlook.com (10.175.54.143) by MWHPR11MB1262.namprd11.prod.outlook.com (10.169.236.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.23; Fri, 31 May 2019 16:14:52 +0000 Received: from MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437]) by MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437%3]) with mapi id 15.20.1943.016; Fri, 31 May 2019 16:14:52 +0000 From: Igor Russkikh To: "dev@dpdk.org" CC: "ferruh.yigit@intel.com" , Pavel Belous , John McNamara , Konstantin Ananyev , Thomas Monjalon , Akhil Goyal , Declan Doherty , Igor Russkikh Thread-Topic: [RFC 3/5] app/testpmd: macsec off command Thread-Index: AQHVF8v68Ya2YMuZyUiwO0qasAoGSQ== Date: Fri, 31 May 2019 16:14:52 +0000 Message-ID: <3abfda8b6646fde5b6c411a2e141bd04a4ec03c5.1559319237.git.igor.russkikh@aquantia.com> References: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> In-Reply-To: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0401CA0056.eurprd04.prod.outlook.com (2603:10a6:3:19::24) To MWHPR11MB1968.namprd11.prod.outlook.com (2603:10b6:300:111::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Igor.Russkikh@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 180d5129-6237-49ae-ab78-08d6e5e31c81 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MWHPR11MB1262; x-ms-traffictypediagnostic: MWHPR11MB1262: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:168; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39850400004)(366004)(346002)(376002)(189003)(199004)(256004)(14444005)(50226002)(66946007)(81166006)(8676002)(11346002)(44832011)(81156014)(14454004)(7736002)(478600001)(72206003)(5660300002)(1730700003)(476003)(2351001)(76176011)(2616005)(26005)(66446008)(71200400001)(186003)(73956011)(71190400001)(68736007)(66556008)(66476007)(64756008)(118296001)(2501003)(25786009)(99286004)(6916009)(305945005)(6116002)(6436002)(4326008)(5640700003)(6512007)(3846002)(102836004)(52116002)(36756003)(2906002)(8936002)(446003)(86362001)(6506007)(54906003)(316002)(107886003)(66066001)(386003)(53936002)(6486002)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1262; H:MWHPR11MB1968.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: tXRrD4w24yMSwFThRCT+WQq6rwR/mDcbLh55GiOHMBRebNIT/p5qslAh/FAwohDwEprBM6+dEt0XnCTX6O0RhCiqBtH6+abOOBoDhuT5dhB4tm0ZqKykSQD6TBpooZapOutlL3OtuRrbJ/JNPPt7Uv9tJIcvDcQ8xBrl3wme5zP4ylBFJJS5hWsO1hGUY+WCOwfizCM2RXhCIznYUwbB7lgyR8cmldZdEthRb69hnzwNE4Icj9bBZeqM9WyVRIpA6lLtAEPig8w+VtFntmdCtd8NAq3QJ8fiGikXPe8dGELk4jctpZ+rihf/WDNu+0Jna6sblvJva8Jf9f3CIg9kgSvyQ+ZH9plIgZOtKxG+4COSFCu5A8iw39tzz4OmsgjvGv4Rr0fLO5zGpYUOUphd31Uw4ZalMK28BFAjtKdTD/U= MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 180d5129-6237-49ae-ab78-08d6e5e31c81 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2019 16:14:52.4055 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: irusski@aquantia.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 Subject: [dpdk-dev] [RFC 3/5] app/testpmd: macsec off command X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" draft on how macsec off command will looks like Signed-off-by: Igor Russkikh --- app/test-pmd/cmdline.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c index dbee3d958c2e..af7c2853fd2c 100644 --- a/app/test-pmd/cmdline.c +++ b/app/test-pmd/cmdline.c @@ -14173,6 +14173,8 @@ cmd_set_macsec_offload_off_parsed( int ret = -ENOTSUP; struct rte_eth_dev_info dev_info; portid_t port_id = res->port_id; + struct rte_security_ctx *ctx; + struct rte_eth_dev_info dev_info; if (port_id_is_invalid(port_id, ENABLED_WARN)) return; @@ -14181,14 +14183,24 @@ cmd_set_macsec_offload_off_parsed( return; } - rte_eth_dev_info_get(port_id, &dev_info); - if (dev_info.tx_offload_capa & DEV_TX_OFFLOAD_MACSEC_INSERT) { -#ifdef RTE_LIBRTE_IXGBE_PMD - ret = rte_pmd_ixgbe_macsec_disable(port_id); -#endif + if (!macsec_session) { + printf("MACsec is not active\n", port_id); + return; + } + + ctx = rte_eth_dev_get_sec_ctx(port_id); + if (!ctx) { + ret = -ENOTSUP; + goto done; } + + /* Use of the same mempool for session header and private data */ + ret = rte_security_session_destroy(ctx, macsec_session); + +done: switch (ret) { case 0: + /* TBD: Remove this offload bit? */ ports[port_id].dev_conf.txmode.offloads &= ~DEV_TX_OFFLOAD_MACSEC_INSERT; cmd_reconfig_device_queue(port_id, 1, 1); From patchwork Fri May 31 16:14:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 53966 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8BD821B9B9; Fri, 31 May 2019 18:14:58 +0200 (CEST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780078.outbound.protection.outlook.com [40.107.78.78]) by dpdk.org (Postfix) with ESMTP id EBE6F1B9B6 for ; Fri, 31 May 2019 18:14:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector1-AQUANTIA1COM-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PAmnaL6Vss8fGGBku9dfpcC8QD6hIQJe27w2vzc7a3M=; b=FGVEvB5zKSctbzbVrUpNPPamXcJs/kj3R/RxUe0WUouPhXLNsEE8i4o9dnuuCk+tnZWhSoZL3PXlNvyhJ2Me0H711SokVCnHY5akyv89yxZShPuaPpDyTylUrs8bqibj5b5OgHuHsLo2W7NV7EwiWFsJnYxuBvWHIcIIMOHZJ68= Received: from MWHPR11MB1968.namprd11.prod.outlook.com (10.175.54.143) by MWHPR11MB1262.namprd11.prod.outlook.com (10.169.236.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.23; Fri, 31 May 2019 16:14:56 +0000 Received: from MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437]) by MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437%3]) with mapi id 15.20.1943.016; Fri, 31 May 2019 16:14:56 +0000 From: Igor Russkikh To: "dev@dpdk.org" CC: "ferruh.yigit@intel.com" , Pavel Belous , John McNamara , Konstantin Ananyev , Thomas Monjalon , Akhil Goyal , Declan Doherty , Igor Russkikh Thread-Topic: [RFC 4/5] app/testpmd: macsec: update set sc command with new interface Thread-Index: AQHVF8v8tsAAKK4XVE2geRTQTNJjQQ== Date: Fri, 31 May 2019 16:14:56 +0000 Message-ID: <9ce5237e4ad0bf1e163d47323027277afb31457d.1559319237.git.igor.russkikh@aquantia.com> References: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> In-Reply-To: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0401CA0056.eurprd04.prod.outlook.com (2603:10a6:3:19::24) To MWHPR11MB1968.namprd11.prod.outlook.com (2603:10b6:300:111::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Igor.Russkikh@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1886dc6b-51f1-4fe9-8ad7-08d6e5e31ec3 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MWHPR11MB1262; x-ms-traffictypediagnostic: MWHPR11MB1262: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:267; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39850400004)(366004)(346002)(376002)(189003)(199004)(256004)(14444005)(50226002)(66946007)(81166006)(8676002)(11346002)(44832011)(81156014)(14454004)(7736002)(478600001)(72206003)(5660300002)(1730700003)(476003)(2351001)(76176011)(2616005)(26005)(66446008)(71200400001)(186003)(73956011)(71190400001)(68736007)(66556008)(66476007)(64756008)(118296001)(2501003)(25786009)(99286004)(6916009)(305945005)(6116002)(6436002)(4326008)(5640700003)(6512007)(3846002)(102836004)(52116002)(36756003)(2906002)(8936002)(446003)(86362001)(6506007)(54906003)(316002)(107886003)(66066001)(386003)(53936002)(6486002)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1262; H:MWHPR11MB1968.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 2AuKKVj289ETDJS3KXetaKAxbkO8YbhPV605Qvmzv+EB4Nqm0Zb+1N4lFAMwa+hZ7PYX7wvv070i3S6bn7CHMYwLDMrjdGZZTr0Y9HDCXCLRbGFnwXnaKHv6TjVBNEXTGMrmRZL/DdNGTEPIA8MC9+NyrTRuRmdItBqcre+rseZoyr2t+eRQiLwK71AsttLarlYVEKle8MD7aeEGtBY7AbhNKkQlvNJ+pcQATk6oAO6b12hG+6jVIkwJCGH4uB8Kr8GR5sPcLb9v4dkcMrrxe68YZJ+YPC2AoS2iJBAeF5iCBn4F0U3hiRtilabNGOmeeY0mN4UVpF48LziAC2W25jFWK5irCrLt78Jd+jm1oBsAlwyqgRCPmYl6aFKfMoVQ7PqB4yFNTodvnEpWAPXEgyDED9PhhiqpoXS7VXpXmfQ= MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1886dc6b-51f1-4fe9-8ad7-08d6e5e31ec3 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2019 16:14:56.2958 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: irusski@aquantia.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 Subject: [dpdk-dev] [RFC 4/5] app/testpmd: macsec: update set sc command with new interface X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" --- app/test-pmd/cmdline.c | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c index af7c2853fd2c..1bcf63e31ee3 100644 --- a/app/test-pmd/cmdline.c +++ b/app/test-pmd/cmdline.c @@ -14083,6 +14083,7 @@ cmd_set_macsec_offload_on_parsed( macsec_conf.action_type = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; macsec_conf.protocol = RTE_SECURITY_PROTOCOL_MACSEC; + macsec_conf.macsec. /** should be moved to SC properties */ macsec_encrypt = en; macsec_replay_protection = rp; @@ -14280,15 +14281,38 @@ cmd_set_macsec_sc_parsed( struct cmd_macsec_sc_result *res = parsed_result; int ret = -ENOTSUP; int is_tx = (strcmp(res->tx_rx, "tx") == 0) ? 1 : 0; + struct rte_security_ctx *ctx; + struct rte_eth_dev_info dev_info; + struct rte_security_session_conf conf = {}; -#ifdef RTE_LIBRTE_IXGBE_PMD - ret = is_tx ? - rte_pmd_ixgbe_macsec_config_txsc(res->port_id, - res->mac.addr_bytes) : - rte_pmd_ixgbe_macsec_config_rxsc(res->port_id, - res->mac.addr_bytes, res->pi); -#endif - RTE_SET_USED(is_tx); + ctx = rte_eth_dev_get_sec_ctx(port_id); + if (!ctx) { + ret = ENOTSUP; + goto done; + } + + if (is_tx) { + conf.macsec.op = RTE_SECURITY_MACSEC_OP_ADD_TXSC; + + rte_memcpy(&conf.macsec.txsc_options.s_mac, res->mac.addr_bytes, + sizeof(struct ether_addr)); + conf.macsec.txsc_options.encrypt = macsec_encrypt; + conf.macsec.txsc_options.protect = 1; + + ret = rte_security_session_update(ctx, macsec_session, &conf); + } else { + conf.macsec.op = RTE_SECURITY_MACSEC_OP_ADD_RXSC; + + rte_memcpy(&conf.macsec.rxsc_options.s_mac, res->mac.addr_bytes, + sizeof(struct ether_addr)); + /* Default */ + conf.macsec.rxsc_options.anti_replay_window = 0; + conf.macsec.rxsc_options.replay_protection = macsec_replay_protection; + conf.macsec.rxsc_options.auto_rollover_enabled = true; + + ret = rte_security_session_update(ctx, macsec_session, &conf); + + } switch (ret) { case 0: From patchwork Fri May 31 16:15:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 53967 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9CBAE1B9BC; Fri, 31 May 2019 18:15:02 +0200 (CEST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780078.outbound.protection.outlook.com [40.107.78.78]) by dpdk.org (Postfix) with ESMTP id EBAEA1B9BC for ; Fri, 31 May 2019 18:15:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector1-AQUANTIA1COM-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KcLW/U/n0k6YTgyLvXDCJS+kuTmGePgrd9JxTwpZP+8=; b=eoILzjO00Lxi2HqoY/cNc97HY+bhI++leEVWeEK5mWlrhOnIJJMvfXujeKpY9o/K4VQ+Z1wiPDMOV1Jwub4Vk89CvIztKWknfk1X+fhJsGaHVbBDBTwRMVT0sXfliJ9CMnEf2kPuHnJpRAN5NCIzYfYwzL1wwWb2yWf8EJg9Q3E= Received: from MWHPR11MB1968.namprd11.prod.outlook.com (10.175.54.143) by MWHPR11MB1262.namprd11.prod.outlook.com (10.169.236.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.23; Fri, 31 May 2019 16:15:00 +0000 Received: from MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437]) by MWHPR11MB1968.namprd11.prod.outlook.com ([fe80::fd20:d79e:4027:a437%3]) with mapi id 15.20.1943.016; Fri, 31 May 2019 16:15:00 +0000 From: Igor Russkikh To: "dev@dpdk.org" CC: "ferruh.yigit@intel.com" , Pavel Belous , John McNamara , Konstantin Ananyev , Thomas Monjalon , Akhil Goyal , Declan Doherty , Igor Russkikh Thread-Topic: [RFC 5/5] net/atlantic: macsec security context draft Thread-Index: AQHVF8v+3LcRfvTRE0iMnFrOR5xg8g== Date: Fri, 31 May 2019 16:15:00 +0000 Message-ID: References: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> In-Reply-To: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0401CA0056.eurprd04.prod.outlook.com (2603:10a6:3:19::24) To MWHPR11MB1968.namprd11.prod.outlook.com (2603:10b6:300:111::15) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Igor.Russkikh@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.17.1 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 56e5f9c2-335e-4817-24d8-08d6e5e32115 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MWHPR11MB1262; x-ms-traffictypediagnostic: MWHPR11MB1262: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2803; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(39850400004)(366004)(346002)(376002)(189003)(199004)(256004)(14444005)(50226002)(66946007)(81166006)(8676002)(11346002)(44832011)(81156014)(14454004)(7736002)(478600001)(72206003)(5660300002)(1730700003)(476003)(2351001)(76176011)(2616005)(26005)(66446008)(71200400001)(186003)(73956011)(71190400001)(68736007)(66556008)(15650500001)(66476007)(64756008)(118296001)(2501003)(25786009)(99286004)(6916009)(305945005)(6116002)(6436002)(4326008)(5640700003)(6512007)(3846002)(102836004)(52116002)(36756003)(2906002)(8936002)(446003)(86362001)(6506007)(54906003)(316002)(107886003)(66066001)(386003)(53936002)(6486002)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1262; H:MWHPR11MB1968.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 4PRvcUsr2Sg3y6FhK0w/RYFh+C7oYv33UvaHj0PGjh8vhQmds3CV8U1HqEjZRiUVpei1V+LH/h7KYLG6GjJKh+LfrJsG/h9h15/MSPqyzdrHEceYDP40YcaKrilTg+DUNv28jELWzKwI5el1LA+57d0680GaCin8kZk5W0AXo1AAD5k8acm+b6+XLoPzbS9WF9ZrDYQB0GCP6i2eCVOGzsR1HywF3/E+GBTucyTgnNpAnUxUWq7XIHMPQZb/MPcwQpb/J9UNkInfe3/gyFf3LDl/FHYc70oudov+ZzlWe7Qhhb7jgpGFGTPE4SNRHh2HyahnI8pu9PDGWuSwkIVWxQiAAakls3gQmXK+Qm0Z2a76OE/ztgs1eCRjPrZfeaqiVBukIh1Yzrons8xfoB2EiYXT6BxH42PUVkgJrsu3upo= MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 56e5f9c2-335e-4817-24d8-08d6e5e32115 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2019 16:15:00.0669 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: irusski@aquantia.com X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1262 Subject: [dpdk-dev] [RFC 5/5] net/atlantic: macsec security context draft X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" --- drivers/net/atlantic/atl_ethdev.c | 116 ++++++++++++++++++++++++++++++ drivers/net/atlantic/meson.build | 1 + 2 files changed, 117 insertions(+) diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c index c9c1795a1639..b6fcf36f0f27 100644 --- a/drivers/net/atlantic/atl_ethdev.c +++ b/drivers/net/atlantic/atl_ethdev.c @@ -5,6 +5,9 @@ #include #include #include +#include +#include +#include #include "atl_ethdev.h" #include "atl_common.h" @@ -122,6 +125,7 @@ static int eth_atl_pci_remove(struct rte_pci_device *pci_dev); static void atl_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info); +static int atl_macsec_ctx_create(struct rte_eth_dev *dev); int atl_logtype_init; int atl_logtype_driver; @@ -412,6 +416,10 @@ eth_atl_dev_init(struct rte_eth_dev *eth_dev) hw->aq_nic_cfg = &adapter->hw_cfg; + /* Initialize security_ctx only for primary process*/ + if (atl_macsec_ctx_create(eth_dev)) + return -ENOMEM; + /* disable interrupt */ atl_disable_intr(hw); @@ -475,6 +483,8 @@ eth_atl_dev_uninit(struct rte_eth_dev *eth_dev) rte_free(eth_dev->data->mac_addrs); eth_dev->data->mac_addrs = NULL; + rte_free(eth_dev->security_ctx); + return 0; } @@ -1872,6 +1882,112 @@ atl_rss_hash_conf_get(struct rte_eth_dev *dev, return 0; } +static const struct rte_security_capability * +atl_crypto_capabilities_get(void *device __rte_unused) +{ + static const struct rte_cryptodev_capabilities + aes_gcm_gmac_crypto_capabilities[] = { + { /* AES GMAC (128-bit) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + }, } + }, } + }, + }; + + static const struct rte_security_capability + alt_security_capabilities[] = { + { + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + {.macsec = { + /* + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .options = { 0 } + */ + } }, + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, + .ol_flags = 0 + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } + }; + + return alt_security_capabilities; +} + +static int atl_macsec_create_session(void *device, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mp) +{ + +} + +static int atl_macsec_update_session(void *device, + struct rte_security_session *sess, + struct rte_security_session_conf *conf) +{ + +} + +static unsigned int atl_macsec_session_get_size(void *device) +{ + +} + +static int atl_macsec_destroy_session(void *device, + struct rte_security_session *sess) +{ + +} + +static const struct rte_security_capability *atl_macsec_capabilities_get( + void *device) +{ + +} + +static struct rte_security_ops atl_security_ops = { + .session_create = atl_macsec_create_session, + .session_update = atl_macsec_update_session, + .session_get_size = atl_macsec_session_get_size, + .session_stats_get = NULL, + .session_destroy = atl_macsec_destroy_session, + .set_pkt_metadata = NULL, + .capabilities_get = atl_macsec_capabilities_get, +}; + +static int +atl_macsec_ctx_create(struct rte_eth_dev *dev) +{ + struct rte_security_ctx *ctx = NULL; + + ctx = rte_malloc("rte_security_instances_ops", + sizeof(struct rte_security_ctx), 0); + if (ctx) { + ctx->device = (void *)dev; + ctx->ops = &atl_security_ops; + ctx->sess_cnt = 0; + dev->security_ctx = ctx; + } else { + return -ENOMEM; + } + return 0; +} + + static bool is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv) { diff --git a/drivers/net/atlantic/meson.build b/drivers/net/atlantic/meson.build index 60b84684ec0a..d14855bdb218 100644 --- a/drivers/net/atlantic/meson.build +++ b/drivers/net/atlantic/meson.build @@ -11,3 +11,4 @@ sources = files( 'hw_atl/hw_atl_utils.c', 'rte_pmd_atlantic.c', ) +deps += ['security'] \ No newline at end of file