From patchwork Mon Apr 25 05:38:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 110214 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2B9B3A00BE; Mon, 25 Apr 2022 07:39:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E2B76427EE; Mon, 25 Apr 2022 07:39:21 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id D6264410E6 for ; Mon, 25 Apr 2022 07:39:20 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23ON0knq009429 for ; Sun, 24 Apr 2022 22:39:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=VCkL6jCXI2uE+6+jA5lgQNlljcDlzGw6HXH1tgCP08c=; b=jmSfsYwmmd+5jATiIDtFhL+Ev8BgVQNXoANpnfJm/TIBPaIO65tarAmhmLYChPZZSJSk lMYh87szUYH6zwFpG1tcLuP7dAZtsvO6OeLxdhd/37tpmNkpZFy87haIslJvcaf8gZOU qupdxwEhi0SMp1Hr8RQ1Jev8qS6fF8mSf0oAecSbv0DfQNhsZ9alwJsjthb+XHSaZ0TA bLGo+xPQTlMyeblBFYnHTb0CVKlAiKm6Ztb18nFUyhOiORUre3Stn1BC3rGguptZ7Q5w 8bR1DilhqpUY0AY7n6RWzvOwkWPUAN1xu4mPyZ3U3/n7ysLx3yWwwWYeTbWIxnkVk7w3 mw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3fmetqmhxc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sun, 24 Apr 2022 22:39:19 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Sun, 24 Apr 2022 22:39:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Sun, 24 Apr 2022 22:39:18 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.69.240]) by maili.marvell.com (Postfix) with ESMTP id 4A6D13F709F; Sun, 24 Apr 2022 22:39:15 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 1/5] crypto/cnxk: support AH mode Date: Mon, 25 Apr 2022 11:08:21 +0530 Message-ID: <1650865105-66-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1650865105-66-1-git-send-email-anoobj@marvell.com> References: <1650865105-66-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: gz7-62Mn_IQqwqiWx-5JDMu99KIONtjQ X-Proofpoint-GUID: gz7-62Mn_IQqwqiWx-5JDMu99KIONtjQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-25_01,2022-04-22_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Archana Muniganti Added IPsec AH mode support in CN9K and CN10K PMD Signed-off-by: Archana Muniganti Acked-by: Anoob Joseph --- doc/guides/cryptodevs/cnxk.rst | 2 + doc/guides/rel_notes/release_22_07.rst | 4 ++ drivers/common/cnxk/cnxk_security.c | 61 ++++++++-------- drivers/crypto/cnxk/cn10k_ipsec.c | 2 +- drivers/crypto/cnxk/cn9k_ipsec.c | 85 +++++++++++++---------- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 44 ++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 73 ++++++++++++++----- 8 files changed, 188 insertions(+), 85 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 46431dd..19c4a8b 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -252,6 +252,7 @@ CN9XX Features supported * Tunnel mode * Transport mode(IPv4) * UDP Encapsulation +* AH AEAD algorithms +++++++++++++++ @@ -284,6 +285,7 @@ CN10XX Features supported * Tunnel mode * Transport mode * UDP Encapsulation +* AH AEAD algorithms +++++++++++++++ diff --git a/doc/guides/rel_notes/release_22_07.rst b/doc/guides/rel_notes/release_22_07.rst index 42a5f2d..68857d4 100644 --- a/doc/guides/rel_notes/release_22_07.rst +++ b/doc/guides/rel_notes/release_22_07.rst @@ -55,6 +55,10 @@ New Features Also, make sure to start the actual text at the margin. ======================================================= +* **Updated Marvell cnxk crypto PMD.** + + * Added AH mode support in lookaside protocol (IPsec) for CN9K & CN10K. + Removed Items ------------- diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index ec808c0..afefbd2 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -57,25 +57,23 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, struct rte_crypto_sym_xform *crypto_xfrm) { struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm; - const uint8_t *key; + const uint8_t *key = NULL; uint32_t *tmp_salt; uint64_t *tmp_key; - int length, i; + int i, length = 0; /* Set direction */ - switch (ipsec_xfrm->direction) { - case RTE_SECURITY_IPSEC_SA_DIR_INGRESS: + if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + w2->s.dir = ROC_IE_SA_DIR_OUTBOUND; + else w2->s.dir = ROC_IE_SA_DIR_INBOUND; + + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AUTH) { auth_xfrm = crypto_xfrm; cipher_xfrm = crypto_xfrm->next; - break; - case RTE_SECURITY_IPSEC_SA_DIR_EGRESS: - w2->s.dir = ROC_IE_SA_DIR_OUTBOUND; + } else { cipher_xfrm = crypto_xfrm; auth_xfrm = crypto_xfrm->next; - break; - default: - return -EINVAL; } /* Set protocol - ESP vs AH */ @@ -119,18 +117,23 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, return -ENOTSUP; } } else { - switch (cipher_xfrm->cipher.algo) { - case RTE_CRYPTO_CIPHER_NULL: - w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL; - break; - case RTE_CRYPTO_CIPHER_AES_CBC: - w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC; - break; - case RTE_CRYPTO_CIPHER_AES_CTR: - w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR; - break; - default: - return -ENOTSUP; + if (cipher_xfrm != NULL) { + switch (cipher_xfrm->cipher.algo) { + case RTE_CRYPTO_CIPHER_NULL: + w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR; + break; + default: + return -ENOTSUP; + } + + key = cipher_xfrm->cipher.key.data; + length = cipher_xfrm->cipher.key.length; } switch (auth_xfrm->auth.algo) { @@ -169,8 +172,6 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, i++) tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); - key = cipher_xfrm->cipher.key.data; - length = cipher_xfrm->cipher.key.length; } /* Set encapsulation type */ @@ -179,11 +180,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, w2->s.spi = ipsec_xfrm->spi; - /* Copy encryption key */ - memcpy(cipher_key, key, length); - tmp_key = (uint64_t *)cipher_key; - for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++) - tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); + if (key != NULL && length != 0) { + /* Copy encryption key */ + memcpy(cipher_key, key, length); + tmp_key = (uint64_t *)cipher_key; + for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++) + tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); + } /* Set AES key length */ if (w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CBC || diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 15ebd57..0c9e244 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -74,7 +74,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { sa->iv_offset = crypto_xfrm->aead.iv.offset; sa->iv_length = crypto_xfrm->aead.iv.length; - } else { + } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { sa->iv_offset = crypto_xfrm->cipher.iv.offset; sa->iv_length = crypto_xfrm->cipher.iv.length; } diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 737bafd..eaa3698 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -120,18 +120,19 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *cipher_xform, *auth_xform; int aes_key_len = 0; - if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { - ctl->direction = ROC_IE_SA_DIR_OUTBOUND; - cipher_xform = crypto_xform; - auth_xform = crypto_xform->next; - } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { - ctl->direction = ROC_IE_SA_DIR_INBOUND; + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { auth_xform = crypto_xform; cipher_xform = crypto_xform->next; } else { - return -EINVAL; + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; } + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) + ctl->direction = ROC_IE_SA_DIR_OUTBOUND; + else + ctl->direction = ROC_IE_SA_DIR_INBOUND; + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_4; @@ -167,21 +168,23 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, return -ENOTSUP; } } else { - switch (cipher_xform->cipher.algo) { - case RTE_CRYPTO_CIPHER_NULL: - ctl->enc_type = ROC_IE_ON_SA_ENC_NULL; - break; - case RTE_CRYPTO_CIPHER_AES_CBC: - ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC; - aes_key_len = cipher_xform->cipher.key.length; - break; - case RTE_CRYPTO_CIPHER_AES_CTR: - ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR; - aes_key_len = cipher_xform->cipher.key.length; - break; - default: - plt_err("Unsupported cipher algorithm"); - return -ENOTSUP; + if (cipher_xform != NULL) { + switch (cipher_xform->cipher.algo) { + case RTE_CRYPTO_CIPHER_NULL: + ctl->enc_type = ROC_IE_ON_SA_ENC_NULL; + break; + case RTE_CRYPTO_CIPHER_AES_CBC: + ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC; + aes_key_len = cipher_xform->cipher.key.length; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR; + aes_key_len = cipher_xform->cipher.key.length; + break; + default: + plt_err("Unsupported cipher algorithm"); + return -ENOTSUP; + } } switch (auth_xform->auth.algo) { @@ -267,15 +270,23 @@ fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, int cipher_key_len = 0; int ret; + ret = ipsec_sa_ctl_set(ipsec, crypto_xform, &common_sa->ctl); + if (ret) + return ret; + + if (ipsec->esn.value) { + common_sa->esn_low = ipsec->esn.low; + common_sa->esn_hi = ipsec->esn.hi; + } + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) + return 0; + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) cipher_xform = crypto_xform->next; else cipher_xform = crypto_xform; - ret = ipsec_sa_ctl_set(ipsec, crypto_xform, &common_sa->ctl); - if (ret) - return ret; - if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) memcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 4); @@ -289,11 +300,6 @@ fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, if (cipher_key_len != 0) memcpy(common_sa->cipher_key, cipher_key, cipher_key_len); - if (ipsec->esn.value) { - common_sa->esn_low = ipsec->esn.low; - common_sa->esn_hi = ipsec->esn.hi; - } - return 0; } @@ -303,9 +309,9 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, struct rte_crypto_sym_xform *crypto_xform, struct rte_security_session *sec_sess) { - struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; struct roc_ie_on_ip_template *template = NULL; struct roc_cpt *roc_cpt = qp->lf.roc_cpt; + struct rte_crypto_sym_xform *auth_xform; union roc_on_ipsec_outb_param1 param1; struct cnxk_cpt_inst_tmpl *inst_tmpl; struct roc_ie_on_outb_sa *out_sa; @@ -338,6 +344,11 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, if (ipsec->esn.value) sa->esn = ipsec->esn.value; + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) + auth_xform = crypto_xform; + else + auth_xform = crypto_xform->next; + ret = fill_ipsec_common_sa(ipsec, crypto_xform, &out_sa->common_sa); if (ret) return ret; @@ -381,7 +392,10 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, template->ip4.udp_src = rte_be_to_cpu_16(4500); template->ip4.udp_dst = rte_be_to_cpu_16(4500); } else { - ip4->next_proto_id = IPPROTO_ESP; + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) + ip4->next_proto_id = IPPROTO_AH; + else + ip4->next_proto_id = IPPROTO_ESP; } if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { @@ -480,7 +494,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { sa->cipher_iv_off = crypto_xform->aead.iv.offset; sa->cipher_iv_len = crypto_xform->aead.iv.length; - } else { + } else if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { sa->cipher_iv_off = crypto_xform->cipher.iv.offset; sa->cipher_iv_len = crypto_xform->cipher.iv.length; } @@ -621,7 +635,8 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec, ipsec->life.packets_soft_limit != 0) return -ENOTSUP; - if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) { + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT && + ipsec->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH) { enum rte_crypto_sym_xform_type type = crypto->type; if (type == RTE_CRYPTO_SYM_XFORM_AEAD) { diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 16e7572..542c93b 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -12,7 +12,7 @@ #define CNXK_CPT_MAX_CAPS 34 #define CNXK_SEC_CRYPTO_MAX_CAPS 11 -#define CNXK_SEC_MAX_CAPS 5 +#define CNXK_SEC_MAX_CAPS 9 #define CNXK_AE_EC_ID_MAX 8 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 5cb27aa..efd53db 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -988,6 +988,50 @@ static const struct rte_security_capability sec_caps_templ[] = { }, .crypto_capabilities = NULL, }, + { /* IPsec Lookaside Protocol AH Tunnel Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, + { /* IPsec Lookaside Protocol AH Tunnel Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, + { /* IPsec Lookaside Protocol AH Transport Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, + { /* IPsec Lookaside Protocol AH Transport Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_AH, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index f50d9fa..1524217 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -122,28 +122,63 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform, if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) return ipsec_xform_aead_verify(ipsec_xform, crypto_xform); - if (crypto_xform->next == NULL) - return -EINVAL; - - if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { - /* Ingress */ - if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH || - crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) - return -EINVAL; - auth_xform = crypto_xform; - cipher_xform = crypto_xform->next; + if (ipsec_xform->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) { + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + + if ((cipher_xform != NULL) && ((cipher_xform->type != + RTE_CRYPTO_SYM_XFORM_CIPHER) || + (cipher_xform->cipher.algo != + RTE_CRYPTO_CIPHER_NULL))) + return -EINVAL; + } else { + /* Egress */ + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + + if (auth_xform == NULL || + cipher_xform->cipher.algo != + RTE_CRYPTO_CIPHER_NULL) + return -EINVAL; + } else if (crypto_xform->type == + RTE_CRYPTO_SYM_XFORM_AUTH) + auth_xform = crypto_xform; + else + return -EINVAL; + } } else { - /* Egress */ - if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER || - crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) + if (crypto_xform->next == NULL) return -EINVAL; - cipher_xform = crypto_xform; - auth_xform = crypto_xform->next; - } - ret = ipsec_xform_cipher_verify(cipher_xform); - if (ret) - return ret; + if (ipsec_xform->direction == + RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH || + crypto_xform->next->type != + RTE_CRYPTO_SYM_XFORM_CIPHER) + return -EINVAL; + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + } else { + /* Egress */ + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER || + crypto_xform->next->type != + RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + } + + ret = ipsec_xform_cipher_verify(cipher_xform); + if (ret) + return ret; + } return ipsec_xform_auth_verify(auth_xform); } From patchwork Mon Apr 25 05:38:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 110215 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5A9A2A00BE; Mon, 25 Apr 2022 07:39:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D2EDD427F6; Mon, 25 Apr 2022 07:39:24 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 27500410E6 for ; Mon, 25 Apr 2022 07:39:24 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23ONPmRG028740 for ; Sun, 24 Apr 2022 22:39:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=3qd8kY8cncc72FgZ1wzSgo8vcOcynD7TKec60RXEsl8=; b=W7SoVO7NIphFn7dMW/NJrzWjncxdlmaOXilysp2CvZmJhdxrBAsmrxif7lrZbJFvh2+p j9Wc2uoDzJRcZ0kBwCsFLElZd8MxsSz5X7nT/OlfT4YKF8ufHytecJ+XC5lVsB9nbspT K/IcIRqq2S/NSNyQX1sGgSkWHeFd/ikbRGBMCfOpcrDl59HSkPwmHzP5BJJtjCHjDba/ IX4p+yrnza2TmL2XxzUPBEzNP5Rx/renxnZzytqLUedQ3h48We5pVTWbzB+z2wihZavh yrVHc+on8RiQl4hOZTJkJQZKKOi7L42NtrQodu95iKyi+HmwpvYDeoGsmYTBzcx9SNWe jQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3fmgymcb0a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sun, 24 Apr 2022 22:39:23 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 24 Apr 2022 22:39:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sun, 24 Apr 2022 22:39:21 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.69.240]) by maili.marvell.com (Postfix) with ESMTP id 3241D3F7073; Sun, 24 Apr 2022 22:39:18 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 2/5] crypto/cnxk: support AES-GMAC Date: Mon, 25 Apr 2022 11:08:22 +0530 Message-ID: <1650865105-66-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1650865105-66-1-git-send-email-anoobj@marvell.com> References: <1650865105-66-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: _TO5jb0CzKjEu2nDBlxcb7mjpkUzEb87 X-Proofpoint-ORIG-GUID: _TO5jb0CzKjEu2nDBlxcb7mjpkUzEb87 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-25_01,2022-04-22_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Archana Muniganti Added lookaside IPsec AES-GMAC support in CNXK PMD. Signed-off-by: Archana Muniganti Acked-by: Anoob Joseph --- doc/guides/cryptodevs/cnxk.rst | 2 ++ doc/guides/rel_notes/release_22_07.rst | 1 + drivers/common/cnxk/cnxk_security.c | 8 ++++++ drivers/crypto/cnxk/cn10k_ipsec.c | 3 ++ drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 3 +- drivers/crypto/cnxk/cn9k_ipsec.c | 35 ++++++++++++++++------- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 25 ++++++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++ 9 files changed, 70 insertions(+), 12 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 19c4a8b..baf0e3c 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -274,6 +274,7 @@ Auth algorithms * SHA384-192-HMAC * SHA512-256-HMAC * AES-XCBC-96 +* AES-GMAC CN10XX Features supported ~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -308,3 +309,4 @@ Auth algorithms * SHA384-192-HMAC * SHA512-256-HMAC * AES-XCBC-96 +* AES-GMAC diff --git a/doc/guides/rel_notes/release_22_07.rst b/doc/guides/rel_notes/release_22_07.rst index 68857d4..a5ac90d 100644 --- a/doc/guides/rel_notes/release_22_07.rst +++ b/doc/guides/rel_notes/release_22_07.rst @@ -58,6 +58,7 @@ New Features * **Updated Marvell cnxk crypto PMD.** * Added AH mode support in lookaside protocol (IPsec) for CN9K & CN10K. + * Added AES-GMAC support in lookaside protocol (IPsec) for CN9K & CN10K. Removed Items diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index afefbd2..69a962d 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -155,6 +155,14 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, case RTE_CRYPTO_AUTH_AES_XCBC_MAC: w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_XCBC_128; break; + case RTE_CRYPTO_AUTH_AES_GMAC: + w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_GMAC; + key = auth_xfrm->auth.key.data; + length = auth_xfrm->auth.key.length; + memcpy(salt_key, &ipsec_xfrm->salt, 4); + tmp_salt = (uint32_t *)salt_key; + *tmp_salt = rte_be_to_cpu_32(*tmp_salt); + break; default: return -ENOTSUP; } diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 0c9e244..3a2bf0f 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -77,6 +77,9 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { sa->iv_offset = crypto_xfrm->cipher.iv.offset; sa->iv_length = crypto_xfrm->cipher.iv.length; + } else { + sa->iv_offset = crypto_xfrm->auth.iv.offset; + sa->iv_length = crypto_xfrm->auth.iv.length; } } #else diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index f2d8122..66cfe6c 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -65,7 +65,8 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, #ifdef LA_IPSEC_DEBUG if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) { - if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM) + if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM || + sess->out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) ipsec_po_sa_aes_gcm_iv_set(sess, cop); else ipsec_po_sa_iv_set(sess, cop); diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index eaa3698..82b8dae 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -211,6 +211,7 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, break; case RTE_CRYPTO_AUTH_AES_GMAC: ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_GMAC; + aes_key_len = auth_xform->auth.key.length; break; case RTE_CRYPTO_AUTH_AES_XCBC_MAC: ctl->auth_type = ROC_IE_ON_SA_AUTH_AES_XCBC_128; @@ -265,7 +266,7 @@ fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *crypto_xform, struct roc_ie_on_common_sa *common_sa) { - struct rte_crypto_sym_xform *cipher_xform; + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; const uint8_t *cipher_key; int cipher_key_len = 0; int ret; @@ -279,13 +280,13 @@ fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, common_sa->esn_hi = ipsec->esn.hi; } - if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) - return 0; - - if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + auth_xform = crypto_xform; cipher_xform = crypto_xform->next; - else + } else { cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + } if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) @@ -293,8 +294,16 @@ fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec, cipher_key = crypto_xform->aead.key.data; cipher_key_len = crypto_xform->aead.key.length; } else { - cipher_key = cipher_xform->cipher.key.data; - cipher_key_len = cipher_xform->cipher.key.length; + if (cipher_xform) { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + } + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + memcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 4); + cipher_key = auth_xform->auth.key.data; + cipher_key_len = auth_xform->auth.key.length; + } } if (cipher_key_len != 0) @@ -358,7 +367,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, return ret; if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM || - ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL) { + ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL || + ctl->auth_type == ROC_IE_ON_SA_AUTH_AES_GMAC) { template = &out_sa->aes_gcm.template; ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template); } else { @@ -453,6 +463,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, auth_key_len = auth_xform->auth.key.length; switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_AES_GMAC: case RTE_CRYPTO_AUTH_NULL: break; case RTE_CRYPTO_AUTH_SHA1_HMAC: @@ -497,6 +508,9 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, } else if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { sa->cipher_iv_off = crypto_xform->cipher.iv.offset; sa->cipher_iv_len = crypto_xform->cipher.iv.length; + } else { + sa->cipher_iv_off = crypto_xform->auth.iv.offset; + sa->cipher_iv_len = crypto_xform->auth.iv.length; } } #else @@ -553,7 +567,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, return ret; if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD || - auth_xform->auth.algo == RTE_CRYPTO_AUTH_NULL) { + auth_xform->auth.algo == RTE_CRYPTO_AUTH_NULL || + auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { ctx_len = offsetof(struct roc_ie_on_inb_sa, sha1_or_gcm.hmac_key[0]); } else { diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 542c93b..fe2904b 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -11,7 +11,7 @@ #include "roc_cpt.h" #define CNXK_CPT_MAX_CAPS 34 -#define CNXK_SEC_CRYPTO_MAX_CAPS 11 +#define CNXK_SEC_CRYPTO_MAX_CAPS 12 #define CNXK_SEC_MAX_CAPS 9 #define CNXK_AE_EC_ID_MAX 8 /** diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index efd53db..98b002d 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -835,6 +835,31 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = { }, } }, } }, + { /* AES GMAC (AUTH) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 8, + .max = 16, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, }; static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = { diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index 1524217..171ea27 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -59,6 +59,9 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA512_HMAC) { if (keylen == 64) return 0; + } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { + if (keylen >= 16 && keylen <= 32) + return 0; } if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC && From patchwork Mon Apr 25 05:38:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 110216 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 342A2A00BE; Mon, 25 Apr 2022 07:39:37 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 19C99427FC; Mon, 25 Apr 2022 07:39:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 7713B42802 for ; Mon, 25 Apr 2022 07:39:27 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23OLR4D4023382 for ; Sun, 24 Apr 2022 22:39:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=7pbaEzk96jwtIbr8G4HTKHA6aSzeW6RFhZbp6jqjoFg=; b=ZsqyCLYDT5coOZQBsr8F0VCDyW7u7nCn4tn0koAi9EIMxVO3DxOlY9oNPagQYz/9FlQM A7jq1Vw+U0ngED5Pv5ax8Z2TKVQEFNkta3Y3heYPeUZcIvpAfMM6WESe9vQkjgTYsWos rqsPHY2RlNREdYlC/4dEFr21EAghiWuDYUmpZJlXgBYXmUOAd1DXK611kBzf6mJXDTqa MKn+sH5IlwF9u0zu4q33pXmftMd7lWnKhTbxJVihNeqacYAc0yefOxMg8ARQssJdzQfy Pl5SwVSx5u1FVtTw2J6jaX1IJMwJg5IwZDkRloXY7qz2PCCmKp4TvcLhSbr7cV+AY7OL Gw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3fmetqmhxs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sun, 24 Apr 2022 22:39:26 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Sun, 24 Apr 2022 22:39:25 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Sun, 24 Apr 2022 22:39:25 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.69.240]) by maili.marvell.com (Postfix) with ESMTP id BDD983F7073; Sun, 24 Apr 2022 22:39:22 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 3/5] crypto/cnxk: remove redundant return Date: Mon, 25 Apr 2022 11:08:23 +0530 Message-ID: <1650865105-66-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1650865105-66-1-git-send-email-anoobj@marvell.com> References: <1650865105-66-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: ThZ1nW2Rd82_VfffSo4mbcmY27IWjUta X-Proofpoint-GUID: ThZ1nW2Rd82_VfffSo4mbcmY27IWjUta X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-25_01,2022-04-22_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The function doesn't return error. Remove return. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cnxk_se.h | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h index e988d57..ce7ca2e 100644 --- a/drivers/crypto/cnxk/cnxk_se.h +++ b/drivers/crypto/cnxk/cnxk_se.h @@ -2047,7 +2047,7 @@ prepare_iov_from_pkt(struct rte_mbuf *pkt, struct roc_se_iov_ptr *iovec, return 0; } -static __rte_always_inline uint32_t +static __rte_always_inline void prepare_iov_from_pkt_inplace(struct rte_mbuf *pkt, struct roc_se_fc_params *param, uint32_t *flags) { @@ -2070,7 +2070,7 @@ prepare_iov_from_pkt_inplace(struct rte_mbuf *pkt, param->bufs[0].vaddr = seg_data; param->bufs[0].size = seg_size; - return 0; + return; } iovec = param->src_iov; iovec->bufs[index].vaddr = seg_data; @@ -2094,7 +2094,7 @@ prepare_iov_from_pkt_inplace(struct rte_mbuf *pkt, } iovec->buf_cnt = index; - return 0; + return; } static __rte_always_inline int @@ -2254,12 +2254,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess, */ fc_params.dst_iov = fc_params.src_iov = (void *)src; - if (unlikely(prepare_iov_from_pkt_inplace(m_src, &fc_params, - &flags))) { - plt_dp_err("Prepare inplace src iov failed"); - ret = -EINVAL; - goto err_exit; - } + prepare_iov_from_pkt_inplace(m_src, &fc_params, &flags); } else { /* Out of place processing */ From patchwork Mon Apr 25 05:38:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 110218 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B02B8A00BE; Mon, 25 Apr 2022 07:39:48 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D3312427FB; Mon, 25 Apr 2022 07:39:33 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 47B0642809 for ; Mon, 25 Apr 2022 07:39:32 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23OMoWks011219 for ; Sun, 24 Apr 2022 22:39:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=kPYlc318d0Hx+/Ozwi4ny//GXnJh9ZYemxPr2Z8XyDI=; b=Whe0Dqu5JCvU1oFNtEtgyJGfd+ENMe4pEQKT5S5nqpqYyG+Ae9xfySHo7Mpk/XewPe6a 0PKm/UvEQX9YJ++Ow950rC6Gw1YZjkBcZW7hYde+bpLV7TvAlsM+Ums/kQ8uDBlwGjE7 weEvvyM5MnDD558A+h/TmYrZG6Xzj2RYEZdMcSk1vjR5f9M3Ox55WXKW8WAnUvTZTMlo oLf3gJCHQ00+82M88XhWElz5cWYo1fd/B91XxnQQ9P4+m+nlfGywXBZGS5s/j91ZHhHz QFADYfHar5sTJ0Xi8tI9HGpfMdZ4t6RiIgWp+9dT1/p4S1Qh/T1T4ZmRs5+N9fhlc9Q0 KA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3fmgymcb10-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sun, 24 Apr 2022 22:39:31 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 24 Apr 2022 22:39:29 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sun, 24 Apr 2022 22:39:29 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.69.240]) by maili.marvell.com (Postfix) with ESMTP id 298473F7073; Sun, 24 Apr 2022 22:39:26 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 4/5] common/cnxk: add timeout for ctx write operation Date: Mon, 25 Apr 2022 11:08:24 +0530 Message-ID: <1650865105-66-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1650865105-66-1-git-send-email-anoobj@marvell.com> References: <1650865105-66-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: iJGnR3hGMoJnD4T6h_yKJmanqUTKfIqF X-Proofpoint-ORIG-GUID: iJGnR3hGMoJnD4T6h_yKJmanqUTKfIqF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-25_01,2022-04-22_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add busy wait and polling for ctx write operation rather than waiting with 1 ms delay. Signed-off-by: Anoob Joseph --- drivers/common/cnxk/roc_cpt.c | 31 +++++++++++++++++++++---------- drivers/common/cnxk/roc_platform.h | 7 ++++--- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/drivers/common/cnxk/roc_cpt.c b/drivers/common/cnxk/roc_cpt.c index b3a3649..742723a 100644 --- a/drivers/common/cnxk/roc_cpt.c +++ b/drivers/common/cnxk/roc_cpt.c @@ -915,9 +915,9 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr, uint16_t sa_len) { uintptr_t lmt_base = lf->lmt_base; + union cpt_res_s res, *hw_res; uint64_t lmt_arg, io_addr; struct cpt_inst_s *inst; - union cpt_res_s *res; uint16_t lmt_id; uint64_t *dptr; int i; @@ -927,8 +927,8 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr, memset(inst, 0, sizeof(struct cpt_inst_s)); - res = plt_zmalloc(sizeof(*res), ROC_CPT_RES_ALIGN); - if (res == NULL) { + hw_res = plt_zmalloc(sizeof(*hw_res), ROC_CPT_RES_ALIGN); + if (hw_res == NULL) { plt_err("Couldn't allocate memory for result address"); return -ENOMEM; } @@ -936,7 +936,7 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr, dptr = plt_zmalloc(sa_len, 8); if (dptr == NULL) { plt_err("Couldn't allocate memory for SA dptr"); - plt_free(res); + plt_free(hw_res); return -ENOMEM; } @@ -944,8 +944,8 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr, dptr[i] = plt_cpu_to_be_64(((uint64_t *)sa_dptr)[i]); /* Fill CPT_INST_S for WRITE_SA microcode op */ - res->cn10k.compcode = CPT_COMP_NOT_DONE; - inst->res_addr = (uint64_t)res; + hw_res->cn10k.compcode = CPT_COMP_NOT_DONE; + inst->res_addr = (uint64_t)hw_res; inst->dptr = (uint64_t)dptr; inst->w4.s.param2 = sa_len >> 3; inst->w4.s.dlen = sa_len; @@ -959,14 +959,25 @@ roc_cpt_ctx_write(struct roc_cpt_lf *lf, void *sa_dptr, void *sa_cptr, io_addr = lf->io_addr | ROC_CN10K_CPT_INST_DW_M1 << 4; roc_lmt_submit_steorl(lmt_arg, io_addr); - plt_wmb(); + plt_io_wmb(); + + /* Use 1 min timeout for the poll */ + const uint64_t timeout = plt_tsc_cycles() + 60 * plt_tsc_hz(); /* Wait until CPT instruction completes */ - while (res->cn10k.compcode == CPT_COMP_NOT_DONE) - plt_delay_ms(1); + do { + res.u64[0] = __atomic_load_n(&hw_res->u64[0], __ATOMIC_RELAXED); + if (unlikely(plt_tsc_cycles() > timeout)) + break; + } while (res.cn10k.compcode == CPT_COMP_NOT_DONE); - plt_free(res); plt_free(dptr); + plt_free(hw_res); + + if (res.cn10k.compcode != CPT_COMP_WARN) { + plt_err("Write SA operation timed out"); + return -ETIMEDOUT; + } return 0; } diff --git a/drivers/common/cnxk/roc_platform.h b/drivers/common/cnxk/roc_platform.h index 28004b1..86987ae 100644 --- a/drivers/common/cnxk/roc_platform.h +++ b/drivers/common/cnxk/roc_platform.h @@ -184,9 +184,10 @@ #define plt_memzone_reserve_aligned(name, len, flags, align) \ rte_memzone_reserve_aligned((name), (len), 0, (flags), (align)) -#define plt_tsc_hz rte_get_tsc_hz -#define plt_delay_ms rte_delay_ms -#define plt_delay_us rte_delay_us +#define plt_tsc_hz rte_get_tsc_hz +#define plt_tsc_cycles rte_get_tsc_cycles +#define plt_delay_ms rte_delay_ms +#define plt_delay_us rte_delay_us #define plt_lcore_id rte_lcore_id From patchwork Mon Apr 25 05:38:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 110220 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D92E4A00BE; Mon, 25 Apr 2022 07:40:00 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8DDC34280C; Mon, 25 Apr 2022 07:39:37 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 183054280F for ; Mon, 25 Apr 2022 07:39:35 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 23ON1FwA009631 for ; Sun, 24 Apr 2022 22:39:35 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=vlX8YSzRaY0ln6k3w4F6zBuVYIn05xBihNeUfJFTxLQ=; b=eluSkbXwvbAw8Bo14vg4dyBq39jm+Bt9FxPmaMCLTT28juEfEfFusQ94pKynLAZeExV0 A1TOtX34uhIpR1TgNzN2i533E+JraJUdIC+gumMoe0B8dFaqBjFMWe5IKQgZlhcC2JuR tm5hAZ6IgbPIGuZBOD2gYAg8AkgJZ86K5WXfxhVIe0YmjBhogWOUkIc3p2y/xc+aLtF8 OX5Nz84IFs/bm4kDzPt48qfAkq8XqtjjD9bF0Dl3Ei7tZBM28JGNu0Wkz5GfXSSJPYHS Q7rXIzfdgjS2d4RYdOzQCaCwi+VhP/9raJrrsHsSBHkMW3lCj1dX+Kx++9WqBUbx5ACs WA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3fmetqmhy2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sun, 24 Apr 2022 22:39:35 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Sun, 24 Apr 2022 22:39:33 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Sun, 24 Apr 2022 22:39:33 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.69.240]) by maili.marvell.com (Postfix) with ESMTP id 63FFD3F7073; Sun, 24 Apr 2022 22:39:31 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Subject: [PATCH 5/5] crypto/cnxk: use set ctx operation for session destroy Date: Mon, 25 Apr 2022 11:08:25 +0530 Message-ID: <1650865105-66-6-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1650865105-66-1-git-send-email-anoobj@marvell.com> References: <1650865105-66-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: A-UahNsaroVJKYogtaEs_7C7VnTIjzGX X-Proofpoint-GUID: A-UahNsaroVJKYogtaEs_7C7VnTIjzGX X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-25_01,2022-04-22_01,2022-02-23_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Usage of flush and invalidate would involve delays to account for flush delay. Use set_ctx operation instead. When set_ctx fails, fall back to flush + invalidate scheme. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cn10k_ipsec.c | 44 ++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 3a2bf0f..d6ff134 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -333,6 +333,8 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) struct cn10k_ipsec_sa *sa; struct cnxk_cpt_qp *qp; struct roc_cpt_lf *lf; + void *sa_dptr = NULL; + int ret; sess = get_sec_session_private_data(sec_sess); if (sess == NULL) @@ -349,16 +351,44 @@ cn10k_sec_session_destroy(void *dev, struct rte_security_session *sec_sess) /* Trigger CTX flush to write dirty data back to DRAM */ roc_cpt_lf_ctx_flush(lf, &sa->in_sa, false); - /* Wait for 1 ms so that flush is complete */ - rte_delay_ms(1); + ret = -1; - w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; - w2->s.valid = 0; + if (sa->is_outbound) { + sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_outb_sa), 8); + if (sa_dptr != NULL) { + roc_ot_ipsec_outb_sa_init(sa_dptr); - plt_atomic_thread_fence(__ATOMIC_SEQ_CST); + ret = roc_cpt_ctx_write( + lf, sa_dptr, &sa->out_sa, + sizeof(struct roc_ot_ipsec_outb_sa)); + } + } else { + sa_dptr = plt_zmalloc(sizeof(struct roc_ot_ipsec_inb_sa), 8); + if (sa_dptr != NULL) { + roc_ot_ipsec_inb_sa_init(sa_dptr, false); + + ret = roc_cpt_ctx_write( + lf, sa_dptr, &sa->in_sa, + sizeof(struct roc_ot_ipsec_inb_sa)); + } + } - /* Trigger CTX reload to fetch new data from DRAM */ - roc_cpt_lf_ctx_reload(lf, &sa->in_sa); + plt_free(sa_dptr); + + if (ret) { + /* MC write_ctx failed. Attempt reload of CTX */ + + /* Wait for 1 ms so that flush is complete */ + rte_delay_ms(1); + + w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; + w2->s.valid = 0; + + plt_atomic_thread_fence(__ATOMIC_SEQ_CST); + + /* Trigger CTX reload to fetch new data from DRAM */ + roc_cpt_lf_ctx_reload(lf, &sa->in_sa); + } sess_mp = rte_mempool_from_obj(sess);