From patchwork Thu Jul 16 08:39:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74181 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 38A89A0546; Thu, 16 Jul 2020 09:45:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 08B6F2C4F; Thu, 16 Jul 2020 09:45:23 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 35EFF4F9A for ; Thu, 16 Jul 2020 09:45:22 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7YjPC004489; Thu, 16 Jul 2020 00:45:21 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=wAogfNgD83m6IeEyNXpN3zgiGLFU6u1Pp8Fnf4Tzv3o=; b=BJHjcw92L2NeY1K6r88e1HxlEn5Axh3YiWWRgaJtMVULGq5Vg8qbXGJYwsWWn0ujO/S2 awkZRIJ/eV4OLQFSphjIddPoqSMYeXANmbA9Cyg9+L6i8Q8/S5jQrXlqqx7jMYWRGUuo 9JYC5A+fdF4iAcnhMWMmbwBN2VAd0t+vpepRjxoWTS8pfwN7bNOo5eDv8vqL6a9caiG5 FV49xTavpT6bX0ASz6egtr8QrSJgHG1qq14dpoaynya/ryd5NT5ligseROUrTSFHw35s 4Y0V+OycGhvzeNcAKGKNoQufSDWnUfFVvSks9kQu359vhoeE2WwZgw9OIPQQbR5D82f/ /w== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxm6q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:45:21 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:20 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:19 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:45:19 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id B3F1F3F7044; Thu, 16 Jul 2020 00:45:16 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Thu, 16 Jul 2020 14:09:24 +0530 Message-ID: <20200716083931.29092-2-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 1/8] crypto/octeontx2: move capabilities initialization into probe X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch moves capabilities initialization into probe. Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev.c | 2 ++ drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c | 9 ++++++--- drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h | 8 +++++++- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 2 +- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index 9aa0fe35b4..a51d532553 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -101,6 +101,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, goto otx2_dev_fini; } + otx2_crypto_capabilities_init(vf->hw_caps); + dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c index f6f4dee6cf..f0ed1e2df9 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c @@ -737,10 +737,9 @@ cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps) cur_pos += nb_caps; } -const struct rte_cryptodev_capabilities * -otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps) +void +otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps) { - CPT_CAPS_ADD(hw_caps, mul); CPT_CAPS_ADD(hw_caps, sha1_sha2); CPT_CAPS_ADD(hw_caps, chacha20); @@ -751,6 +750,10 @@ otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps) cpt_caps_add(caps_null, RTE_DIM(caps_null)); cpt_caps_add(caps_end, RTE_DIM(caps_end)); +} +const struct rte_cryptodev_capabilities * +otx2_cpt_capabilities_get(void) +{ return otx2_cpt_caps; } diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h index e07a2a8c92..a439cbefd3 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h @@ -16,11 +16,17 @@ enum otx2_cpt_egrp { OTX2_CPT_EGRP_MAX, }; +/* + * Initialize crypto capabilities for the device + * + */ +void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps); + /* * Get capabilities list for the device * */ const struct rte_cryptodev_capabilities * -otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps); +otx2_cpt_capabilities_get(void); #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */ diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index a3703682a0..229b719b42 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -1071,7 +1071,7 @@ otx2_cpt_dev_info_get(struct rte_cryptodev *dev, if (info != NULL) { info->max_nb_queue_pairs = vf->max_queues; info->feature_flags = dev->feature_flags; - info->capabilities = otx2_cpt_capabilities_get(vf->hw_caps); + info->capabilities = otx2_cpt_capabilities_get(); info->sym.max_nb_sessions = 0; info->driver_id = otx2_cryptodev_driver_id; info->min_mbuf_headroom_req = OTX2_CPT_MIN_HEADROOM_REQ; From patchwork Thu Jul 16 08:39:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74182 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 07319A0546; Thu, 16 Jul 2020 09:45:31 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 923631BED7; Thu, 16 Jul 2020 09:45:30 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 2C1394F9A for ; Thu, 16 Jul 2020 09:45:29 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7j0An025173; Thu, 16 Jul 2020 00:45:28 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=O/Ea4Y+EKdyttE091dvexh/gnhoIxDM9v8a9JSw8d3w=; b=CXw8P5mUDcyOV84XtVZJOKHEd2g7LM+N6TmKCCj6qguedla0U0EB2nL9bX2JL04+g0ya URBaVzChuFOk9z6ZxeGUK7+OOONObuEo0xCbbK7+6BtC2ccdsqzgF3lA1Gey50S3iYMi VPd8uGXwQn3kTm1WRnDnjd1NuKH0VAmhBa2evfZpDfJu+kn3B1QufxVBJX+eN72GxDks h1YdYszCXnn3wCAylgWsA27mKK/cN19VvbohUYP+UMvPNH3Hd0eJdo/SLPD1zHCQE3HH guvDecMxzCozQa/WBdDfxCRHC87BaRa/BIFw8jTsfa/ZwDRX7YAqX1MfCkknJlsns0sv mQ== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0a-0016f401.pphosted.com with ESMTP id 327asnnkwc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:45:28 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:27 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:26 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:45:26 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 320D43F7040; Thu, 16 Jul 2020 00:45:23 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Thu, 16 Jul 2020 14:09:25 +0530 Message-ID: <20200716083931.29092-3-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 2/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch moves otx2_sec_session structure to otx2_security.h to make it common for inline and lookaside protocol. Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_security.h | 20 ++++++++++++++++++++ drivers/net/octeontx2/otx2_ethdev_sec.c | 1 + drivers/net/octeontx2/otx2_ethdev_sec.h | 10 ---------- drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 1 + 4 files changed, 22 insertions(+), 10 deletions(-) create mode 100644 drivers/crypto/octeontx2/otx2_security.h diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h new file mode 100644 index 0000000000..9790c709d6 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2020 Marvell International Ltd. + */ + +#ifndef __OTX2_SECURITY_H__ +#define __OTX2_SECURITY_H__ + +#include "otx2_ethdev_sec.h" + +union otx2_sec_session_ipsec { + struct otx2_sec_session_ipsec_ip ip; +}; + +struct otx2_sec_session { + union otx2_sec_session_ipsec ipsec; + void *userdata; + /**< Userdata registered by the application */ +} __rte_cache_aligned; + +#endif /* __OTX2_SECURITY_H__ */ diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index 5f6140f70b..c2ad32cf0c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -19,6 +19,7 @@ #include "otx2_ethdev_sec.h" #include "otx2_ipsec_fp.h" #include "otx2_sec_idev.h" +#include "otx2_security.h" #define AH_HDR_LEN 12 #define AES_GCM_IV_LEN 8 diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h index e24358a05a..22025d0d0c 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec.h @@ -116,16 +116,6 @@ struct otx2_sec_session_ipsec_ip { struct otx2_cpt_qp *qp; }; -struct otx2_sec_session_ipsec { - struct otx2_sec_session_ipsec_ip ip; -}; - -struct otx2_sec_session { - struct otx2_sec_session_ipsec ipsec; - void *userdata; - /**< Userdata registered by the application */ -} __rte_cache_aligned; - int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev); void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev); diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h index 2e35a8c773..f8130ca624 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h @@ -9,6 +9,7 @@ #include #include "otx2_ethdev_sec.h" +#include "otx2_security.h" struct otx2_ipsec_fp_out_hdr { uint32_t ip_id; From patchwork Thu Jul 16 08:39:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74183 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B61D6A0546; Thu, 16 Jul 2020 09:45:41 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id DD13A1BEDD; Thu, 16 Jul 2020 09:45:37 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id E4F611BEDD for ; Thu, 16 Jul 2020 09:45:35 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7YjMv004450; Thu, 16 Jul 2020 00:45:34 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=Net+S/KymjvZC1VEgxewMIj6ksEiudSl+GjMR8AlZtI=; b=hvtTkcddHz0H8aQpx10Rc3sIPCd8RcOPEuZlMPaRCdrMLLNWYu2lSTNGYf2dEc5uit/e 1JbyGwLYSOfllz6zRruQT99bX2rBHSkHkKIn5LI3mDEvk0JMZtHPmeS6SNEo77H6XhR8 8FeX4rjUHzhtAa2HXgIJ5Adl0vBRt9YaYJk7Z1njUqIamjCbAPZ3KbjxIeNjOVbOb9b1 y+kapZc15v9Mt4QzVfbMtMaddJzoeu02WpYuzWFu6IIXS0Zn7eQHV/PJaexmmyVnn0D3 YELoQgFxMSy6fbi1XKifrJGMIYuVQsVNTWG5HcEDeW2l+N9oYRkIblOhtmx0izMLnDwP Hw== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxm7p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:45:34 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:45:33 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id D2DF63F703F; Thu, 16 Jul 2020 00:45:30 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Thu, 16 Jul 2020 14:09:26 +0530 Message-ID: <20200716083931.29092-4-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 3/8] crypto/octeontx2: add lookaside SA context definitions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds lookaside IPsec SA context definitions. Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 58 +++++++++ drivers/crypto/octeontx2/otx2_ipsec_po.h | 110 ++++++++++++++++++ drivers/crypto/octeontx2/otx2_security.h | 2 + drivers/net/octeontx2/otx2_ethdev_sec.h | 1 + 4 files changed, 171 insertions(+) create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h new file mode 100644 index 0000000000..253f62d873 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h @@ -0,0 +1,58 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2020 Marvell International Ltd. + */ + +#ifndef __OTX2_CRYPTODEV_SEC_H__ +#define __OTX2_CRYPTODEV_SEC_H__ + +#include "otx2_ipsec_po.h" + +struct otx2_sec_session_ipsec_lp { + RTE_STD_C11 + union { + /* Inbound SA */ + struct otx2_ipsec_po_in_sa in_sa; + /* Outbound SA */ + struct otx2_ipsec_po_out_sa out_sa; + }; + + uint64_t ucmd_w3; + union { + uint64_t ucmd_w0; + struct { + uint16_t ucmd_dlen; + uint16_t ucmd_param2; + uint16_t ucmd_param1; + uint16_t ucmd_opcode; + }; + }; + + uint8_t partial_len; + uint8_t roundup_len; + uint8_t roundup_byte; + uint16_t ip_id; + union { + uint64_t esn; + struct { + uint32_t seq_lo; + uint32_t seq_hi; + }; + }; + + /** Context length in 8-byte words */ + size_t ctx_len; + /** Auth IV offset in bytes */ + uint16_t auth_iv_offset; + /** IV offset in bytes */ + uint16_t iv_offset; + /** AAD length */ + uint16_t aad_length; + /** MAC len in bytes */ + uint8_t mac_len; + /** IV length in bytes */ + uint8_t iv_length; + /** Auth IV length in bytes */ + uint8_t auth_iv_length; +}; + +#endif /* __OTX2_CRYPTODEV_SEC_H__ */ diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h new file mode 100644 index 0000000000..217dfeaff0 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -0,0 +1,110 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2020 Marvell International Ltd. + */ + +#ifndef __OTX2_IPSEC_PO_H__ +#define __OTX2_IPSEC_PO_H__ + +#include +#include +#include + +union otx2_ipsec_po_bit_perfect_iv { + uint8_t aes_iv[16]; + uint8_t des_iv[8]; + struct { + uint8_t nonce[4]; + uint8_t iv[8]; + uint8_t counter[4]; + } gcm; +}; + +struct otx2_ipsec_po_traffic_selector { + rte_be16_t src_port[2]; + rte_be16_t dst_port[2]; + RTE_STD_C11 + union { + struct { + rte_be32_t src_addr[2]; + rte_be32_t dst_addr[2]; + } ipv4; + struct { + uint8_t src_addr[32]; + uint8_t dst_addr[32]; + } ipv6; + }; +}; + +struct otx2_ipsec_po_sa_ctl { + rte_be32_t spi : 32; + uint64_t exp_proto_inter_frag : 8; + uint64_t rsvd_42_40 : 3; + uint64_t esn_en : 1; + uint64_t rsvd_45_44 : 2; + uint64_t encap_type : 2; + uint64_t enc_type : 3; + uint64_t rsvd_48 : 1; + uint64_t auth_type : 4; + uint64_t valid : 1; + uint64_t direction : 1; + uint64_t outer_ip_ver : 1; + uint64_t inner_ip_ver : 1; + uint64_t ipsec_mode : 1; + uint64_t ipsec_proto : 1; + uint64_t aes_key_len : 2; +}; + +struct otx2_ipsec_po_in_sa { + /* w0 */ + struct otx2_ipsec_po_sa_ctl ctl; + + /* w1-w4 */ + uint8_t cipher_key[32]; + + /* w5-w6 */ + union otx2_ipsec_po_bit_perfect_iv iv; + + /* w7 */ + uint32_t esn_hi; + uint32_t esn_low; + + /* w8 */ + uint8_t udp_encap[8]; + + /* w9-w23 */ + struct { + uint8_t hmac_key[48]; + struct otx2_ipsec_po_traffic_selector selector; + } aes_gcm; +}; + +struct otx2_ipsec_po_ip_template { + RTE_STD_C11 + union { + uint8_t raw[252]; + struct rte_ipv4_hdr ipv4_hdr; + struct rte_ipv6_hdr ipv6_hdr; + }; +}; + +struct otx2_ipsec_po_out_sa { + /* w0 */ + struct otx2_ipsec_po_sa_ctl ctl; + + /* w1-w4 */ + uint8_t cipher_key[32]; + + /* w5-w6 */ + union otx2_ipsec_po_bit_perfect_iv iv; + + /* w7 */ + uint32_t esn_hi; + uint32_t esn_low; + + /* w8-w39 */ + struct otx2_ipsec_po_ip_template template; + uint16_t udp_src; + uint16_t udp_dst; +}; + +#endif /* __OTX2_IPSEC_PO_H__ */ diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h index 9790c709d6..9b4fe263c4 100644 --- a/drivers/crypto/octeontx2/otx2_security.h +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -5,10 +5,12 @@ #ifndef __OTX2_SECURITY_H__ #define __OTX2_SECURITY_H__ +#include "otx2_cryptodev_sec.h" #include "otx2_ethdev_sec.h" union otx2_sec_session_ipsec { struct otx2_sec_session_ipsec_ip ip; + struct otx2_sec_session_ipsec_lp lp; }; struct otx2_sec_session { diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h index 22025d0d0c..298b00bf89 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec.h @@ -8,6 +8,7 @@ #include #include "otx2_ipsec_fp.h" +#include "otx2_ipsec_po.h" #define OTX2_CPT_RES_ALIGN 16 #define OTX2_NIX_SEND_DESC_ALIGN 16 From patchwork Thu Jul 16 08:39:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74184 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id AB8B7A0546; Thu, 16 Jul 2020 09:45:56 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9D2F21BEB2; Thu, 16 Jul 2020 09:45:49 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 325AD4F9A for ; Thu, 16 Jul 2020 09:45:48 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7YjkK004484; Thu, 16 Jul 2020 00:45:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=owoKJPQzIiw4SfZLF4/r8sBqoHnLCBcpfSc2m49RVto=; b=UZt2Z7TvBHA+QOvO30xf7UQ6AncbUv/AZK56+Ns34YPAb1juenX2Me/2tPgG2IOQPr5y cNc65+EHQrhkZiSnkTIKRNYff94shT+2H77pURAdpBuQ0joh9nOpi/NXoJQAdcBVTNRH hERsdJTyYlWqtn71swXvnioiQKwvJKTFHCsYqVoSmRxt01X4BKiq2iOVuL34lomxZ2yh ryzXZAIBPrstfTaDYls0wzVkQ1W8hGu+5LmrQevBJw5xXA3wKhx4amC3i4lcE3j51LvF H1cUHO+JFatWOi7zqW96OkhEGEzmIrZvPDC1g0zFW/NXhww9IKX4oXkWOH88Xuvep1ze KA== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxm89-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:45:47 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:45 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:45:46 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id A35223F7041; Thu, 16 Jul 2020 00:45:43 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Thu, 16 Jul 2020 14:09:27 +0530 Message-ID: <20200716083931.29092-5-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 4/8] crypto/octeontx2: add cryptodev sec registration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch registers security operations with cryptodev. Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/features/octeontx2.ini | 1 + drivers/crypto/octeontx2/Makefile | 1 + drivers/crypto/octeontx2/meson.build | 3 +- drivers/crypto/octeontx2/otx2_cryptodev.c | 12 ++++- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 46 +++++++++++++++++++ drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 6 +++ 6 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.c diff --git a/doc/guides/cryptodevs/features/octeontx2.ini b/doc/guides/cryptodevs/features/octeontx2.ini index e865466b8c..c7e418d826 100644 --- a/doc/guides/cryptodevs/features/octeontx2.ini +++ b/doc/guides/cryptodevs/features/octeontx2.ini @@ -8,6 +8,7 @@ Symmetric crypto = Y Asymmetric crypto = Y Sym operation chaining = Y HW Accelerated = Y +Protocol offload = Y In Place SGL = Y OOP SGL In LB Out = Y OOP SGL In SGL Out = Y diff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile index 5f9a6a0e3f..14152c6117 100644 --- a/drivers/crypto/octeontx2/Makefile +++ b/drivers/crypto/octeontx2/Makefile @@ -38,6 +38,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_capabilities.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_hw_access.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_mbox.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_ops.c +SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_sec.c # export include files SYMLINK-y-include += diff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build index 0948e73607..148ec184a6 100644 --- a/drivers/crypto/octeontx2/meson.build +++ b/drivers/crypto/octeontx2/meson.build @@ -17,7 +17,8 @@ sources = files('otx2_cryptodev.c', 'otx2_cryptodev_capabilities.c', 'otx2_cryptodev_hw_access.c', 'otx2_cryptodev_mbox.c', - 'otx2_cryptodev_ops.c') + 'otx2_cryptodev_ops.c', + 'otx2_cryptodev_sec.c') extra_flags = [] # This integrated controller runs only on a arm64 machine, remove 32bit warnings diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index a51d532553..e9b7c1cc04 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -17,6 +17,7 @@ #include "otx2_cryptodev_capabilities.h" #include "otx2_cryptodev_mbox.h" #include "otx2_cryptodev_ops.h" +#include "otx2_cryptodev_sec.h" #include "otx2_dev.h" /* CPT common headers */ @@ -103,6 +104,11 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, otx2_crypto_capabilities_init(vf->hw_caps); + /* Create security ctx */ + ret = otx2_crypto_sec_ctx_create(dev); + if (ret) + goto otx2_dev_fini; + dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | @@ -111,7 +117,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | - RTE_CRYPTODEV_FF_SYM_SESSIONLESS; + RTE_CRYPTODEV_FF_SYM_SESSIONLESS | + RTE_CRYPTODEV_FF_SECURITY; return 0; @@ -140,6 +147,9 @@ otx2_cpt_pci_remove(struct rte_pci_device *pci_dev) if (dev == NULL) return -ENODEV; + /* Destroy security ctx */ + otx2_crypto_sec_ctx_destroy(dev); + return rte_cryptodev_pmd_destroy(dev); } diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c new file mode 100644 index 0000000000..d937e6f37a --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -0,0 +1,46 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (C) 2020 Marvell International Ltd. + */ + +#include +#include +#include +#include + +#include "otx2_cryptodev_sec.h" + +static struct rte_security_ops otx2_crypto_sec_ops = { + .session_create = NULL, + .session_destroy = NULL, + .session_get_size = NULL, + .set_pkt_metadata = NULL, + .get_userdata = NULL, + .capabilities_get = NULL +}; + +int +otx2_crypto_sec_ctx_create(struct rte_cryptodev *cdev) +{ + struct rte_security_ctx *ctx; + + ctx = rte_malloc("otx2_cpt_dev_sec_ctx", + sizeof(struct rte_security_ctx), 0); + + if (ctx == NULL) + return -ENOMEM; + + /* Populate ctx */ + ctx->device = cdev; + ctx->ops = &otx2_crypto_sec_ops; + ctx->sess_cnt = 0; + + cdev->security_ctx = ctx; + + return 0; +} + +void +otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *cdev) +{ + rte_free(cdev->security_ctx); +} diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h index 253f62d873..b989251e71 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h @@ -5,6 +5,8 @@ #ifndef __OTX2_CRYPTODEV_SEC_H__ #define __OTX2_CRYPTODEV_SEC_H__ +#include + #include "otx2_ipsec_po.h" struct otx2_sec_session_ipsec_lp { @@ -55,4 +57,8 @@ struct otx2_sec_session_ipsec_lp { uint8_t auth_iv_length; }; +int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev); + +void otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev); + #endif /* __OTX2_CRYPTODEV_SEC_H__ */ From patchwork Thu Jul 16 08:39:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74185 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1CAA8A0546; Thu, 16 Jul 2020 09:46:09 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 00FC81BEAA; Thu, 16 Jul 2020 09:45:59 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id A125A1BE98 for ; Thu, 16 Jul 2020 09:45:56 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7YkgA004597; Thu, 16 Jul 2020 00:45:56 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=HJE5/N+XWV+djikGJYAi8QTaK0ZdJpQ0UyJtZMnrO24=; b=xyT+R2AD/G9xYrOzsHXXnmcHyqfHUAfJYD+BEMSLM11stQfeXjGTtU3+uGYNkGRZOaTx ejLaAZU7vk8oBuTkmel3oPa6ttVHwNGI8JshvyD3KHnEJDKlpu+IdxBbxQBAN5NQetdw CDH6pq7rw0Wh4kGtFobt004sf+6XgQNKzin2r/cfjm/uvlxDtrZXUoD1Z+YVQ04e0B9G 7we1PY5Rmwy9x9v5iESWTXG1KRh6E90xWFWeSKaedFO1ojUTZGRZV+qTBJxyzQelmNvd NAtdTqbe3RQPN7D473psPIoAzl/mXthH5MCKIY/fssYwBqFztmUJxpBKzmuihYp8E72Y XQ== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxm8v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:45:56 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:54 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:53 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:45:53 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 1B9B33F703F; Thu, 16 Jul 2020 00:45:50 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Tejasree Kondoj , Narayana Prasad , Anoob Joseph , Vamsi Attunuru , Date: Thu, 16 Jul 2020 14:09:28 +0530 Message-ID: <20200716083931.29092-6-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 5/8] crypto/octeontx2: add cryptodev sec capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds lookaside IPsec capabilities. Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev.c | 1 + .../octeontx2/otx2_cryptodev_capabilities.c | 101 ++++++++++++++++++ .../octeontx2/otx2_cryptodev_capabilities.h | 13 +++ drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 4 +- 4 files changed, 118 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c index e9b7c1cc04..02d2fd83bd 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev.c @@ -103,6 +103,7 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, } otx2_crypto_capabilities_init(vf->hw_caps); + otx2_crypto_sec_capabilities_init(vf->hw_caps); /* Create security ctx */ ret = otx2_crypto_sec_ctx_create(dev); diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c index f0ed1e2df9..80f3729995 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c @@ -3,7 +3,9 @@ */ #include +#include +#include "otx2_cryptodev.h" #include "otx2_cryptodev_capabilities.h" #include "otx2_mbox.h" @@ -26,9 +28,18 @@ cpt_caps_add(caps_##name, RTE_DIM(caps_##name)); \ } while (0) +#define SEC_CAPS_ADD(hw_caps, name) do { \ + enum otx2_cpt_egrp egrp; \ + CPT_EGRP_GET(hw_caps, name, &egrp); \ + if (egrp < OTX2_CPT_EGRP_MAX) \ + sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\ +} while (0) + #define OTX2_CPT_MAX_CAPS 34 +#define OTX2_SEC_MAX_CAPS 4 static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS]; +static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS]; static const struct rte_cryptodev_capabilities caps_mul[] = { { /* RSA */ @@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +static const struct rte_cryptodev_capabilities sec_caps_aes[] = { + { /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 8, + .max = 12, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, +}; + +static const struct rte_security_capability +otx2_crypto_sec_capabilities[] = { + { /* IPsec Lookaside Protocol ESP Tunnel Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 } + }, + .crypto_capabilities = otx2_cpt_sec_caps, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { /* IPsec Lookaside Protocol ESP Tunnel Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 } + }, + .crypto_capabilities = otx2_cpt_sec_caps, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; + static void cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps) { @@ -757,3 +832,29 @@ otx2_cpt_capabilities_get(void) { return otx2_cpt_caps; } + +static void +sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps) +{ + static int cur_pos; + + if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS) + return; + + memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0])); + cur_pos += nb_caps; +} + +void +otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps) +{ + SEC_CAPS_ADD(hw_caps, aes); + + sec_caps_add(caps_end, RTE_DIM(caps_end)); +} + +const struct rte_security_capability * +otx2_crypto_sec_capabilities_get(void *device __rte_unused) +{ + return otx2_crypto_sec_capabilities; +} diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h index a439cbefd3..c1e0001190 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h @@ -29,4 +29,17 @@ void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps); const struct rte_cryptodev_capabilities * otx2_cpt_capabilities_get(void); +/* + * Initialize security capabilities for the device + * + */ +void otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps); + +/* + * Get security capabilities list for the device + * + */ +const struct rte_security_capability * +otx2_crypto_sec_capabilities_get(void *device __rte_unused); + #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */ diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index d937e6f37a..906a87b9e5 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -7,6 +7,8 @@ #include #include +#include "otx2_cryptodev.h" +#include "otx2_cryptodev_capabilities.h" #include "otx2_cryptodev_sec.h" static struct rte_security_ops otx2_crypto_sec_ops = { @@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = { .session_get_size = NULL, .set_pkt_metadata = NULL, .get_userdata = NULL, - .capabilities_get = NULL + .capabilities_get = otx2_crypto_sec_capabilities_get }; int From patchwork Thu Jul 16 08:39:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74186 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 51A90A0546; Thu, 16 Jul 2020 09:46:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AE0351BF60; Thu, 16 Jul 2020 09:46:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 6E2781BF5B for ; Thu, 16 Jul 2020 09:46:00 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7YjMW004466; Thu, 16 Jul 2020 00:45:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=KzILYc0MQ10OsqHb1iNeZZpmKRyLus4tVvST8fIw5WM=; b=Dt2tNa5lpD5cA7QyDERnuIlhMFc4+C2wKDLEkKw78gBUR02xt5FcCs3zBKqVOyDNew+U Tevfhz6DeY+R3nfzTYWp1Hh4tBd3eciqS01rDs2TUXiCKndECK8Kt5HLdc6RpZK17rca PkCnnmBfSN179dw3TFHVXlb3WJrCpc8jiq5rfAY5YjyWD0oIRYfcb5VQpHZQMEh4kvjN qQGF57ceFQKhewwVHvqusSgigwQZcA4XVynRBfYBoSYBP0dVHXyqgAnrQyKXVmlAiZcY KpDvCVlGgWdOtyzevgH9g5WDWb1MyXgkz/lLJeZJ0/mFFD07W/sb3EQBEKoMbUAgJqYN MQ== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxm9d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:45:59 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:45:58 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:45:58 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 210933F703F; Thu, 16 Jul 2020 00:45:55 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Thu, 16 Jul 2020 14:09:29 +0530 Message-ID: <20200716083931.29092-7-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 6/8] crypto/octeontx2: add cryptodev sec misc callbacks X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru This patch adds lookaside IPsec callback functions. Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 906a87b9e5..6e14b37a68 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -10,13 +10,41 @@ #include "otx2_cryptodev.h" #include "otx2_cryptodev_capabilities.h" #include "otx2_cryptodev_sec.h" +#include "otx2_security.h" + +static unsigned int +otx2_crypto_sec_session_get_size(void *device __rte_unused) +{ + return sizeof(struct otx2_sec_session); +} + +static int +otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused, + struct rte_security_session *session, + struct rte_mbuf *m, void *params __rte_unused) +{ + /* Set security session as the pkt metadata */ + m->udata64 = (uint64_t)session; + + return 0; +} + +static int +otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md, + void **userdata) +{ + /* Retrieve userdata */ + *userdata = (void *)md; + + return 0; +} static struct rte_security_ops otx2_crypto_sec_ops = { .session_create = NULL, .session_destroy = NULL, - .session_get_size = NULL, - .set_pkt_metadata = NULL, - .get_userdata = NULL, + .session_get_size = otx2_crypto_sec_session_get_size, + .set_pkt_metadata = otx2_crypto_sec_set_pkt_mdata, + .get_userdata = otx2_crypto_sec_get_userdata, .capabilities_get = otx2_crypto_sec_capabilities_get }; From patchwork Thu Jul 16 08:39:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74187 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8EF8CA0546; Thu, 16 Jul 2020 09:46:34 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 053941BEA1; Thu, 16 Jul 2020 09:46:07 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 6E7BA2C4F for ; Thu, 16 Jul 2020 09:46:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7j0mP025172; Thu, 16 Jul 2020 00:46:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=RXh9OZPXNJBGy9FW0ufvkr2qzLKLLs/erhZy+4+n718=; b=HNXaOP6u+trQgO0iBPslE8CbtARFielrbiTWInz6Up0U/QB/2eScRpU8by2iYEUCmYjp /SY7nWJAlSbFGH3D2NAHOxT1Yss3kPIXGiyPP49HCNHKrzr3k05HZKR4C6EIJB8cgF/D JQGDSUsWlMCvX9Y2YtLpJ6yemz9+43yERn32mH3kXvhatZ0j40+zpzVwYYNMIAWNgJxh ZNrrusT8ORC4KjpLDkXc0qLF3RVJOPE6qAUQdtT4Xc8xPoPCOua6DPZqKVcAJlIw6dhe Tkq3f6QhGeYWcryqas3jx57n7BqwIwwsd/TgrTG9UJBj+JtNp4LJuA2VgCu2YegL6oBS hg== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0a-0016f401.pphosted.com with ESMTP id 327asnnkyg-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:46:04 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:46:03 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:46:03 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 5C8863F7040; Thu, 16 Jul 2020 00:46:01 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Thu, 16 Jul 2020 14:09:30 +0530 Message-ID: <20200716083931.29092-8-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 7/8] crypto/octeontx2: add cryptodev sec session create X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru This patch creates session for lookaside IPsec. Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 468 +++++++++++++++++- drivers/crypto/octeontx2/otx2_ipsec_po.h | 295 +++++++++++ drivers/crypto/octeontx2/otx2_security.h | 9 + drivers/net/octeontx2/otx2_ethdev_sec.c | 23 +- 4 files changed, 777 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 6e14b37a68..0741a592cd 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -3,15 +3,479 @@ */ #include +#include +#include +#include #include #include #include +#include #include "otx2_cryptodev.h" #include "otx2_cryptodev_capabilities.h" +#include "otx2_cryptodev_hw_access.h" +#include "otx2_cryptodev_ops.h" #include "otx2_cryptodev_sec.h" #include "otx2_security.h" +static int +ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform, + struct otx2_sec_session_ipsec_lp *lp) +{ + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; + + lp->partial_len = sizeof(struct rte_ipv4_hdr); + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) { + lp->partial_len += sizeof(struct rte_esp_hdr); + lp->roundup_len = sizeof(struct rte_esp_tail); + } else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) { + lp->partial_len += OTX2_SEC_AH_HDR_LEN; + } else { + return -EINVAL; + } + + if (ipsec->options.udp_encap) + lp->partial_len += sizeof(struct rte_udp_hdr); + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + lp->partial_len += OTX2_SEC_AES_GCM_IV_LEN; + lp->partial_len += OTX2_SEC_AES_GCM_MAC_LEN; + lp->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN; + return 0; + } else { + return -EINVAL; + } + } + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + cipher_xform = xform; + auth_xform = xform->next; + } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + auth_xform = xform; + cipher_xform = xform->next; + } else { + return -EINVAL; + } + + if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + lp->partial_len += OTX2_SEC_AES_CBC_IV_LEN; + lp->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN; + } else { + return -EINVAL; + } + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + lp->partial_len += OTX2_SEC_SHA1_HMAC_LEN; + else + return -EINVAL; + + return 0; +} + +static int +otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp, + struct otx2_cpt_qp *qptr, uint8_t opcode) +{ + uint64_t lmt_status, time_out; + void *lmtline = qptr->lmtline; + struct otx2_cpt_inst_s inst; + struct otx2_cpt_res *res; + uint64_t *mdata; + int ret = 0; + + if (unlikely(rte_mempool_get(qptr->meta_info.pool, + (void **)&mdata) < 0)) + return -ENOMEM; + + res = (struct otx2_cpt_res *)RTE_PTR_ALIGN(mdata, 16); + res->compcode = CPT_9X_COMP_E_NOTDONE; + + inst.opcode = opcode | (lp->ctx_len << 8); + inst.param1 = 0; + inst.param2 = 0; + inst.dlen = lp->ctx_len << 3; + inst.dptr = rte_mempool_virt2iova(lp); + inst.rptr = 0; + inst.cptr = rte_mempool_virt2iova(lp); + inst.egrp = OTX2_CPT_EGRP_SE; + + inst.u64[0] = 0; + inst.u64[2] = 0; + inst.u64[3] = 0; + inst.res_addr = rte_mempool_virt2iova(res); + + rte_cio_wmb(); + + do { + /* Copy CPT command to LMTLINE */ + otx2_lmt_mov(lmtline, &inst, 2); + lmt_status = otx2_lmt_submit(qptr->lf_nq_reg); + } while (lmt_status == 0); + + time_out = rte_get_timer_cycles() + + DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz(); + + while (res->compcode == CPT_9X_COMP_E_NOTDONE) { + if (rte_get_timer_cycles() > time_out) { + rte_mempool_put(qptr->meta_info.pool, mdata); + otx2_err("Request timed out"); + return -ETIMEDOUT; + } + rte_cio_rmb(); + } + + if (unlikely(res->compcode != CPT_9X_COMP_E_GOOD)) { + ret = res->compcode; + switch (ret) { + case CPT_9X_COMP_E_INSTERR: + otx2_err("Request failed with instruction error"); + break; + case CPT_9X_COMP_E_FAULT: + otx2_err("Request failed with DMA fault"); + break; + case CPT_9X_COMP_E_HWERR: + otx2_err("Request failed with hardware error"); + break; + default: + otx2_err("Request failed with unknown hardware " + "completion code : 0x%x", ret); + } + goto mempool_put; + } + + if (unlikely(res->uc_compcode != OTX2_IPSEC_PO_CC_SUCCESS)) { + ret = res->uc_compcode; + switch (ret) { + case OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED: + otx2_err("Invalid auth type"); + break; + case OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED: + otx2_err("Invalid encrypt type"); + break; + default: + otx2_err("Request failed with unknown microcode " + "completion code : 0x%x", ret); + } + } + +mempool_put: + rte_mempool_put(qptr->meta_info.pool, mdata); + return ret; +} + +static void +set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_crypto_sym_xform *auth_xform, + struct rte_crypto_sym_xform *cipher_xform) +{ + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sess->iv_offset = crypto_xform->aead.iv.offset; + sess->iv_length = crypto_xform->aead.iv.length; + sess->aad_length = crypto_xform->aead.aad_length; + sess->mac_len = crypto_xform->aead.digest_length; + } else { + sess->iv_offset = cipher_xform->cipher.iv.offset; + sess->iv_length = cipher_xform->cipher.iv.length; + sess->auth_iv_offset = auth_xform->auth.iv.offset; + sess->auth_iv_length = auth_xform->auth.iv.length; + sess->mac_len = auth_xform->auth.digest_length; + } + + sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV; + sess->ucmd_param2 = 0; +} + +static int +crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + const uint8_t *cipher_key, *auth_key; + struct otx2_sec_session_ipsec_lp *lp; + struct otx2_ipsec_po_sa_ctl *ctl; + int cipher_key_len, auth_key_len; + struct otx2_ipsec_po_out_sa *sa; + struct otx2_sec_session *sess; + struct otx2_cpt_inst_s inst; + struct rte_ipv4_hdr *ip; + int ret; + + sess = get_sec_session_private_data(sec_sess); + lp = &sess->ipsec.lp; + + sa = &lp->out_sa; + ctl = &sa->ctl; + if (ctl->valid) { + otx2_err("SA already registered"); + return -EINVAL; + } + + memset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa)); + + /* Initialize lookaside ipsec private data */ + lp->ip_id = 0; + lp->seq_lo = 1; + lp->seq_hi = 0; + + ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl); + if (ret) + return ret; + + ret = ipsec_lp_len_precalc(ipsec, crypto_xform, lp); + if (ret) + return ret; + + memcpy(sa->iv.gcm.nonce, &ipsec->salt, 4); + + if (ipsec->options.udp_encap) { + sa->udp_src = 4500; + sa->udp_dst = 4500; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + /* Start ip id from 1 */ + lp->ip_id = 1; + + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + ip = &sa->template.ipv4_hdr; + ip->version_ihl = RTE_IPV4_VHL_DEF; + ip->next_proto_id = IPPROTO_ESP; + ip->time_to_live = ipsec->tunnel.ipv4.ttl; + ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2); + if (ipsec->tunnel.ipv4.df) + ip->fragment_offset = BIT(14); + memcpy(&ip->src_addr, &ipsec->tunnel.ipv4.src_ip, + sizeof(struct in_addr)); + memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip, + sizeof(struct in_addr)); + } else { + return -EINVAL; + } + } else { + return -EINVAL; + } + + cipher_xform = crypto_xform; + auth_xform = crypto_xform->next; + + cipher_key_len = 0; + auth_key_len = 0; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + cipher_key = crypto_xform->aead.key.data; + cipher_key_len = crypto_xform->aead.key.length; + + lp->ctx_len = sizeof(struct otx2_ipsec_po_out_sa); + lp->ctx_len >>= 3; + RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN); + } else { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + /* TODO: check the ctx len for supporting ALGO */ + lp->ctx_len = sizeof(struct otx2_ipsec_po_out_sa) >> 3; + RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN); + } + + if (cipher_key_len != 0) + memcpy(sa->cipher_key, cipher_key, cipher_key_len); + else + return -EINVAL; + + /* Use OPAD & IPAD */ + RTE_SET_USED(auth_key); + RTE_SET_USED(auth_key_len); + + inst.u64[7] = 0; + inst.egrp = OTX2_CPT_EGRP_SE; + inst.cptr = rte_mempool_virt2iova(sa); + + lp->ucmd_w3 = inst.u64[7]; + lp->ucmd_opcode = (lp->ctx_len << 8) | + (OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB); + + set_session_misc_attributes(lp, crypto_xform, + auth_xform, cipher_xform); + + return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0], + OTX2_IPSEC_PO_WRITE_IPSEC_OUTB); +} + +static int +crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sec_sess) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + struct otx2_sec_session_ipsec_lp *lp; + struct otx2_ipsec_po_sa_ctl *ctl; + const uint8_t *cipher_key, *auth_key; + int cipher_key_len, auth_key_len; + struct otx2_ipsec_po_in_sa *sa; + struct otx2_sec_session *sess; + struct otx2_cpt_inst_s inst; + int ret; + + sess = get_sec_session_private_data(sec_sess); + lp = &sess->ipsec.lp; + + sa = &lp->in_sa; + ctl = &sa->ctl; + + if (ctl->valid) { + otx2_err("SA already registered"); + return -EINVAL; + } + + memset(sa, 0, sizeof(struct otx2_ipsec_po_in_sa)); + + ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl); + if (ret) + return ret; + + auth_xform = crypto_xform; + cipher_xform = crypto_xform->next; + + cipher_key_len = 0; + auth_key_len = 0; + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) + memcpy(sa->iv.gcm.nonce, &ipsec->salt, 4); + cipher_key = crypto_xform->aead.key.data; + cipher_key_len = crypto_xform->aead.key.length; + + lp->ctx_len = offsetof(struct otx2_ipsec_po_in_sa, + aes_gcm.hmac_key[0]) >> 3; + RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN); + } else { + cipher_key = cipher_xform->cipher.key.data; + cipher_key_len = cipher_xform->cipher.key.length; + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + /* TODO: check the ctx len for supporting ALGO */ + lp->ctx_len = sizeof(struct otx2_ipsec_po_in_sa) >> 2; + RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_MAX_INB_CTX_LEN); + } + + if (cipher_key_len != 0) + memcpy(sa->cipher_key, cipher_key, cipher_key_len); + else + return -EINVAL; + + /* Use OPAD & IPAD */ + RTE_SET_USED(auth_key); + RTE_SET_USED(auth_key_len); + + inst.u64[7] = 0; + inst.egrp = OTX2_CPT_EGRP_SE; + inst.cptr = rte_mempool_virt2iova(sa); + + lp->ucmd_w3 = inst.u64[7]; + lp->ucmd_opcode = (lp->ctx_len << 8) | + (OTX2_IPSEC_PO_PROCESS_IPSEC_INB); + + set_session_misc_attributes(lp, crypto_xform, + auth_xform, cipher_xform); + + return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0], + OTX2_IPSEC_PO_WRITE_IPSEC_INB); +} + +static int +crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev, + struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *crypto_xform, + struct rte_security_session *sess) +{ + int ret; + + if (crypto_dev->data->queue_pairs[0] == NULL) { + otx2_err("Setup cpt queue pair before creating sec session"); + return -EPERM; + } + + ret = ipsec_po_xform_verify(ipsec, crypto_xform); + if (ret) + return ret; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec, + crypto_xform, sess); + else + return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec, + crypto_xform, sess); +} + +static int +otx2_crypto_sec_session_create(void *device, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + struct otx2_sec_session *priv; + int ret; + + if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL) + return -ENOTSUP; + + if (rte_mempool_get(mempool, (void **)&priv)) { + otx2_err("Could not allocate security session private data"); + return -ENOMEM; + } + + set_sec_session_private_data(sess, priv); + + priv->userdata = conf->userdata; + + if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC) + ret = crypto_sec_ipsec_session_create(device, &conf->ipsec, + conf->crypto_xform, + sess); + else + ret = -ENOTSUP; + + if (ret) + goto mempool_put; + + return 0; + +mempool_put: + rte_mempool_put(mempool, priv); + set_sec_session_private_data(sess, NULL); + return ret; +} + +static int +otx2_crypto_sec_session_destroy(void *device __rte_unused, + struct rte_security_session *sess) +{ + struct otx2_sec_session *priv; + struct rte_mempool *sess_mp; + + priv = get_sec_session_private_data(sess); + + if (priv == NULL) + return 0; + + sess_mp = rte_mempool_from_obj(priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, priv); + + return 0; +} + static unsigned int otx2_crypto_sec_session_get_size(void *device __rte_unused) { @@ -40,8 +504,8 @@ otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md, } static struct rte_security_ops otx2_crypto_sec_ops = { - .session_create = NULL, - .session_destroy = NULL, + .session_create = otx2_crypto_sec_session_create, + .session_destroy = otx2_crypto_sec_session_destroy, .session_get_size = otx2_crypto_sec_session_get_size, .set_pkt_metadata = otx2_crypto_sec_set_pkt_mdata, .get_userdata = otx2_crypto_sec_get_userdata, diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index 217dfeaff0..f2167f220a 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -9,6 +9,83 @@ #include #include +#define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN 0x09 +#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN 0x28 + +#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN 0x22 +#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN 0x38 + +#define OTX2_IPSEC_PO_PER_PKT_IV BIT(11) + +#define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB 0x20 +#define OTX2_IPSEC_PO_WRITE_IPSEC_INB 0x21 +#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23 +#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24 + +enum otx2_ipsec_po_comp_e { + OTX2_IPSEC_PO_CC_SUCCESS = 0x00, + OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0, + OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1, +}; + +enum { + OTX2_IPSEC_PO_SA_DIRECTION_INBOUND = 0, + OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_IP_VERSION_4 = 0, + OTX2_IPSEC_PO_SA_IP_VERSION_6 = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_MODE_TRANSPORT = 0, + OTX2_IPSEC_PO_SA_MODE_TUNNEL = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_PROTOCOL_AH = 0, + OTX2_IPSEC_PO_SA_PROTOCOL_ESP = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_AES_KEY_LEN_128 = 1, + OTX2_IPSEC_PO_SA_AES_KEY_LEN_192 = 2, + OTX2_IPSEC_PO_SA_AES_KEY_LEN_256 = 3, +}; + +enum { + OTX2_IPSEC_PO_SA_ENC_NULL = 0, + OTX2_IPSEC_PO_SA_ENC_DES_CBC = 1, + OTX2_IPSEC_PO_SA_ENC_3DES_CBC = 2, + OTX2_IPSEC_PO_SA_ENC_AES_CBC = 3, + OTX2_IPSEC_PO_SA_ENC_AES_CTR = 4, + OTX2_IPSEC_PO_SA_ENC_AES_GCM = 5, + OTX2_IPSEC_PO_SA_ENC_AES_CCM = 6, +}; + +enum { + OTX2_IPSEC_PO_SA_AUTH_NULL = 0, + OTX2_IPSEC_PO_SA_AUTH_MD5 = 1, + OTX2_IPSEC_PO_SA_AUTH_SHA1 = 2, + OTX2_IPSEC_PO_SA_AUTH_SHA2_224 = 3, + OTX2_IPSEC_PO_SA_AUTH_SHA2_256 = 4, + OTX2_IPSEC_PO_SA_AUTH_SHA2_384 = 5, + OTX2_IPSEC_PO_SA_AUTH_SHA2_512 = 6, + OTX2_IPSEC_PO_SA_AUTH_AES_GMAC = 7, + OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128 = 8, +}; + +enum { + OTX2_IPSEC_PO_SA_FRAG_POST = 0, + OTX2_IPSEC_PO_SA_FRAG_PRE = 1, +}; + +enum { + OTX2_IPSEC_PO_SA_ENCAP_NONE = 0, + OTX2_IPSEC_PO_SA_ENCAP_UDP = 1, +}; + union otx2_ipsec_po_bit_perfect_iv { uint8_t aes_iv[16]; uint8_t des_iv[8]; @@ -107,4 +184,222 @@ struct otx2_ipsec_po_out_sa { uint16_t udp_dst; }; +static inline int +ipsec_po_xform_cipher_verify(struct rte_crypto_sym_xform *xform) +{ + if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + switch (xform->cipher.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -ENOTSUP; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform) +{ + uint16_t keylen = xform->auth.key.length; + + if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { + if (keylen >= 20 && keylen <= 64) + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_po_xform_aead_verify(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform) +{ + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT) + return -EINVAL; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT) + return -EINVAL; + + if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + switch (xform->aead.key.length) { + case 16: + case 24: + case 32: + break; + default: + return -EINVAL; + } + return 0; + } + + return -ENOTSUP; +} + +static inline int +ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform) +{ + struct rte_crypto_sym_xform *auth_xform, *cipher_xform; + int ret; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + return ipsec_po_xform_aead_verify(ipsec, xform); + + if (xform->next == NULL) + return -EINVAL; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + /* Ingress */ + if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH || + xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER) + return -EINVAL; + auth_xform = xform; + cipher_xform = xform->next; + } else { + /* Egress */ + if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER || + xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH) + return -EINVAL; + cipher_xform = xform; + auth_xform = xform->next; + } + + ret = ipsec_po_xform_cipher_verify(cipher_xform); + if (ret) + return ret; + + ret = ipsec_po_xform_auth_verify(auth_xform); + if (ret) + return ret; + + return 0; +} + +static inline int +ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec, + struct rte_crypto_sym_xform *xform, + struct otx2_ipsec_po_sa_ctl *ctl) +{ + struct rte_crypto_sym_xform *cipher_xform, *auth_xform; + int aes_key_len; + + if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND; + cipher_xform = xform; + auth_xform = xform->next; + } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_INBOUND; + auth_xform = xform; + cipher_xform = xform->next; + } else { + return -EINVAL; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) + ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4; + else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) + ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_6; + else + return -EINVAL; + } + + ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4; + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) + ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT; + else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) + ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TUNNEL; + else + return -EINVAL; + + if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) + ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_AH; + else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) + ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_ESP; + else + return -EINVAL; + + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_GCM; + aes_key_len = xform->aead.key.length; + } else { + return -ENOTSUP; + } + } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { + ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM; + aes_key_len = xform->cipher.key.length; + } else { + return -ENOTSUP; + } + + + switch (aes_key_len) { + case 16: + ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_128; + break; + case 24: + ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_192; + break; + case 32: + ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_256; + break; + default: + return -EINVAL; + } + + if (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) { + switch (auth_xform->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_NULL; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_MD5; + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA1; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_224; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_256; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_384; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_512; + break; + case RTE_CRYPTO_AUTH_AES_GMAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_GMAC; + break; + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128; + break; + default: + return -ENOTSUP; + } + } + + if (ipsec->options.esn) + ctl->esn_en = 1; + + if (ipsec->options.udp_encap == 1) + ctl->encap_type = OTX2_IPSEC_PO_SA_ENCAP_UDP; + + ctl->spi = rte_cpu_to_be_32(ipsec->spi); + ctl->valid = 1; + + return 0; +} + #endif /* __OTX2_IPSEC_PO_H__ */ diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h index 9b4fe263c4..086b506047 100644 --- a/drivers/crypto/octeontx2/otx2_security.h +++ b/drivers/crypto/octeontx2/otx2_security.h @@ -8,6 +8,15 @@ #include "otx2_cryptodev_sec.h" #include "otx2_ethdev_sec.h" +#define OTX2_SEC_AH_HDR_LEN 12 +#define OTX2_SEC_AES_GCM_IV_LEN 8 +#define OTX2_SEC_AES_GCM_MAC_LEN 16 +#define OTX2_SEC_AES_CBC_IV_LEN 16 +#define OTX2_SEC_SHA1_HMAC_LEN 12 + +#define OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN 4 +#define OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN 16 + union otx2_sec_session_ipsec { struct otx2_sec_session_ipsec_ip ip; struct otx2_sec_session_ipsec_lp lp; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index c2ad32cf0c..a155594e25 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -21,15 +21,6 @@ #include "otx2_sec_idev.h" #include "otx2_security.h" -#define AH_HDR_LEN 12 -#define AES_GCM_IV_LEN 8 -#define AES_GCM_MAC_LEN 16 -#define AES_CBC_IV_LEN 16 -#define SHA1_HMAC_LEN 12 - -#define AES_GCM_ROUNDUP_BYTE_LEN 4 -#define AES_CBC_ROUNDUP_BYTE_LEN 16 - struct eth_sec_tag_const { RTE_STD_C11 union { @@ -238,7 +229,7 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec, sess->partial_len += sizeof(struct rte_esp_hdr); sess->roundup_len = sizeof(struct rte_esp_tail); } else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) { - sess->partial_len += AH_HDR_LEN; + sess->partial_len += OTX2_SEC_AH_HDR_LEN; } else { return -EINVAL; } @@ -248,9 +239,9 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec, if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { - sess->partial_len += AES_GCM_IV_LEN; - sess->partial_len += AES_GCM_MAC_LEN; - sess->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN; + sess->partial_len += OTX2_SEC_AES_GCM_IV_LEN; + sess->partial_len += OTX2_SEC_AES_GCM_MAC_LEN; + sess->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN; } return 0; } @@ -265,14 +256,14 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec, return -EINVAL; } if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) { - sess->partial_len += AES_CBC_IV_LEN; - sess->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN; + sess->partial_len += OTX2_SEC_AES_CBC_IV_LEN; + sess->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN; } else { return -EINVAL; } if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) - sess->partial_len += SHA1_HMAC_LEN; + sess->partial_len += OTX2_SEC_SHA1_HMAC_LEN; else return -EINVAL; From patchwork Thu Jul 16 08:39:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejasree Kondoj X-Patchwork-Id: 74188 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id DDC03A0546; Thu, 16 Jul 2020 09:46:49 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id CD1551BED7; Thu, 16 Jul 2020 09:46:17 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 2A4381BEBF for ; Thu, 16 Jul 2020 09:46:16 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06G7YkgG004597; Thu, 16 Jul 2020 00:46:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=a33ddeoBxUNHR+fURBAtoZilmwUm6RhheJHKqoo8Qfw=; b=t63JTT3r69dvVc7wwBIMg2bWn9F2Yl3Q6k03A+/nV54mV6gutmSCVXEQxSMe9ynGqOKD iwnr3NNo3VqTBWwl9sZn8FSo2o/kjLyh0KEBXn1WyT7Xm01qh8cg3ICt76Z1PkYm5wTx 0yYToxr0P6MWrTIvV74dZeEUPJawevBoPbZx4fo4ugDjW4QoYfIms0wE+2WkX2srSy6g TPqOovTRlSsPc0pa3Jhv6gCPzh+yOA/xQcNLHBCEsGZmXmd1bfeltp2ZvRUyJ81QP2Aq i4Zzt+Og5UW87jpqgnaAT3O2t7SkLeLf8+iKoC8GZ0CxK/I1sL269tTpJLfkkYWbhoyw 8Q== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxma7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 16 Jul 2020 00:46:15 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:46:14 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Jul 2020 00:46:12 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Thu, 16 Jul 2020 00:46:12 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 84B2A3F7041; Thu, 16 Jul 2020 00:46:10 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal , Radu Nicolau CC: Vamsi Attunuru , Narayana Prasad , Anoob Joseph , Tejasree Kondoj , Date: Thu, 16 Jul 2020 14:09:31 +0530 Message-ID: <20200716083931.29092-9-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com> References: <20200716083931.29092-1-ktejasree@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-16_04:2020-07-16, 2020-07-16 signatures=0 Subject: [dpdk-dev] [PATCH v3 8/8] crypto/octeontx2: add cryptodev sec enqueue and dequeue routines X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Vamsi Attunuru This patch adds lookaside IPsec enqueue and dequeue routines. Signed-off-by: Vamsi Attunuru Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/octeontx2.rst | 21 +++ doc/guides/rel_notes/release_20_08.rst | 5 + drivers/crypto/octeontx2/otx2_cryptodev.h | 8 + drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 73 +++++++- drivers/crypto/octeontx2/otx2_ipsec_po.h | 8 + drivers/crypto/octeontx2/otx2_ipsec_po_ops.h | 175 ++++++++++++++++++ 6 files changed, 289 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h diff --git a/doc/guides/cryptodevs/octeontx2.rst b/doc/guides/cryptodevs/octeontx2.rst index 085d669e49..432146db04 100644 --- a/doc/guides/cryptodevs/octeontx2.rst +++ b/doc/guides/cryptodevs/octeontx2.rst @@ -158,3 +158,24 @@ application: ./test RTE>>cryptodev_octeontx2_asym_autotest + + +Lookaside IPsec Support +----------------------- + +The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode, +with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD`` implements +this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload. + +Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads. + +This feature can be tested with ipsec-secgw sample application. + + +Features supported +~~~~~~~~~~~~~~~~~~ + +* IPv4 +* ESP +* Tunnel mode +* AES-128/192/256-GCM diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst index f19b748728..53cd13455f 100644 --- a/doc/guides/rel_notes/release_20_08.rst +++ b/doc/guides/rel_notes/release_20_08.rst @@ -196,6 +196,11 @@ New Features Added Chacha20-Poly1305 AEAD algorithm support in OCTEON TX2 crypto PMD. +* **Updated the OCTEON TX2 crypto PMD to support rte_security.** + + Updated the OCTEON TX2 crypto PMD to support ``rte_security`` lookaside + protocol offload for IPsec. + * **Added support for BPF_ABS/BPF_IND load instructions.** Added support for two BPF non-generic instructions: diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.h b/drivers/crypto/octeontx2/otx2_cryptodev.h index e7a1730b22..f329741b38 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev.h +++ b/drivers/crypto/octeontx2/otx2_cryptodev.h @@ -6,6 +6,7 @@ #define _OTX2_CRYPTODEV_H_ #include "cpt_common.h" +#include "cpt_hw_types.h" #include "otx2_dev.h" @@ -33,6 +34,13 @@ struct otx2_cpt_vf { /**< CPT device capabilities */ }; +struct cpt_meta_info { + uint64_t deq_op_info[4]; + uint64_t comp_code_sz; + union cpt_res_s cpt_res __rte_aligned(16); + struct cpt_request_info cpt_req __rte_aligned(8); +}; + #define CPT_LOGTYPE otx2_cpt_logtype extern int otx2_cpt_logtype; diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 229b719b42..9d51b17ddd 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -13,8 +13,10 @@ #include "otx2_cryptodev_hw_access.h" #include "otx2_cryptodev_mbox.h" #include "otx2_cryptodev_ops.h" +#include "otx2_ipsec_po_ops.h" #include "otx2_mbox.h" #include "otx2_sec_idev.h" +#include "otx2_security.h" #include "cpt_hw_types.h" #include "cpt_pmd_logs.h" @@ -606,6 +608,36 @@ otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, return ret; } +static __rte_always_inline int __rte_hot +otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, + struct pending_queue *pend_q) +{ + struct otx2_sec_session_ipsec_lp *sess; + struct otx2_ipsec_po_sa_ctl *ctl_wrd; + struct otx2_sec_session *priv; + struct cpt_request_info *req; + int ret; + + priv = get_sec_session_private_data(op->sym->sec_session); + sess = &priv->ipsec.lp; + + ctl_wrd = &sess->in_sa.ctl; + + if (ctl_wrd->direction == OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND) + ret = process_outb_sa(op, sess, &qp->meta_info, (void **)&req); + else + ret = process_inb_sa(op, sess, &qp->meta_info, (void **)&req); + + if (unlikely(ret)) { + otx2_err("Crypto req : op %p, ret 0x%x", op, ret); + return ret; + } + + ret = otx2_cpt_enqueue_req(qp, pend_q, req); + + return ret; +} + static __rte_always_inline int __rte_hot otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op, struct pending_queue *pend_q) @@ -659,7 +691,9 @@ otx2_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) for (count = 0; count < nb_ops; count++) { op = ops[count]; if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) + ret = otx2_cpt_enqueue_sec(qp, op, pend_q); + else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) ret = otx2_cpt_enqueue_sym(qp, op, pend_q); else ret = otx2_cpt_enqueue_sym_sessless(qp, op, @@ -801,11 +835,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop, } } +static void +otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp) +{ + struct cpt_request_info *req = (struct cpt_request_info *)rsp[2]; + vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0; + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv4_hdr *ip; + uint16_t m_len; + int mdata_len; + char *data; + + mdata_len = (int)rsp[3]; + rte_pktmbuf_trim(m, mdata_len); + + if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) { + data = rte_pktmbuf_mtod(m, char *); + ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR); + + m_len = rte_be_to_cpu_16(ip->total_length); + + m->data_len = m_len; + m->pkt_len = m_len; + m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR; + } +} + static inline void otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop, uintptr_t *rsp, uint8_t cc) { if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) { + otx2_cpt_sec_post_process(cop, rsp); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + + return; + } + if (likely(cc == NO_ERR)) { /* Verify authentication data if required */ if (unlikely(rsp[2])) diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index f2167f220a..020748609e 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -22,6 +22,8 @@ #define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23 #define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24 +#define OTX2_IPSEC_PO_INB_RPTR_HDR 0x8 + enum otx2_ipsec_po_comp_e { OTX2_IPSEC_PO_CC_SUCCESS = 0x00, OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0, @@ -86,6 +88,12 @@ enum { OTX2_IPSEC_PO_SA_ENCAP_UDP = 1, }; +struct otx2_ipsec_po_out_hdr { + uint32_t ip_id; + uint32_t seq; + uint8_t iv[16]; +}; + union otx2_ipsec_po_bit_perfect_iv { uint8_t aes_iv[16]; uint8_t des_iv[8]; diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h new file mode 100644 index 0000000000..dd29c413d3 --- /dev/null +++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h @@ -0,0 +1,175 @@ + +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2019 Marvell International Ltd. + */ + +#ifndef __OTX2_IPSEC_PO_OPS_H__ +#define __OTX2_IPSEC_PO_OPS_H__ + +#include +#include + +#include "otx2_cryptodev.h" +#include "otx2_security.h" + +static __rte_always_inline int32_t +otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess, + uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = RTE_ALIGN_CEIL(plen + sess->roundup_len, + sess->roundup_byte); + + return sess->partial_len + enc_payload_len; +} + +static __rte_always_inline struct cpt_request_info * +alloc_request_struct(char *maddr, void *cop, int mdata_len) +{ + struct cpt_request_info *req; + struct cpt_meta_info *meta; + uint8_t *resp_addr; + uintptr_t *op; + + meta = (void *)RTE_PTR_ALIGN((uint8_t *)maddr, 16); + + op = (uintptr_t *)meta->deq_op_info; + req = &meta->cpt_req; + resp_addr = (uint8_t *)&meta->cpt_res; + + req->completion_addr = (uint64_t *)((uint8_t *)resp_addr); + *req->completion_addr = COMPLETION_CODE_INIT; + req->comp_baddr = rte_mem_virt2iova(resp_addr); + req->op = op; + + op[0] = (uintptr_t)((uint64_t)meta | 1ull); + op[1] = (uintptr_t)cop; + op[2] = (uintptr_t)req; + op[3] = mdata_len; + + return req; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, + struct otx2_sec_session_ipsec_lp *sess, + struct cpt_qp_meta_info *m_info, void **prep_req) +{ + uint32_t dlen, rlen, extend_head, extend_tail; + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + struct otx2_ipsec_po_sa_ctl *ctl_wrd; + struct cpt_request_info *req = NULL; + struct otx2_ipsec_po_out_hdr *hdr; + struct otx2_ipsec_po_out_sa *sa; + int hdr_len, mdata_len, ret = 0; + vq_cmd_word0_t word0; + char *mdata, *data; + + sa = &sess->out_sa; + ctl_wrd = &sa->ctl; + hdr_len = sizeof(*hdr); + + dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len; + rlen = otx2_ipsec_po_out_rlen_get(sess, dlen - hdr_len); + + extend_head = hdr_len + RTE_ETHER_HDR_LEN; + extend_tail = rlen - dlen; + mdata_len = m_info->lb_mlen + 8; + + mdata = rte_pktmbuf_append(m_src, extend_tail + mdata_len); + if (unlikely(mdata == NULL)) { + otx2_err("Not enough tail room\n"); + ret = -ENOMEM; + goto exit; + } + + mdata += extend_tail; /* mdata follows encrypted data */ + req = alloc_request_struct(mdata, (void *)cop, mdata_len); + + data = rte_pktmbuf_prepend(m_src, extend_head); + if (unlikely(data == NULL)) { + otx2_err("Not enough head room\n"); + ret = -ENOMEM; + goto exit; + } + + /* + * Move the Ethernet header, to insert otx2_ipsec_po_out_hdr prior + * to the IP header + */ + memcpy(data, data + hdr_len, RTE_ETHER_HDR_LEN); + + hdr = (struct otx2_ipsec_po_out_hdr *)rte_pktmbuf_adj(m_src, + RTE_ETHER_HDR_LEN); + + if (ctl_wrd->enc_type == OTX2_IPSEC_FP_SA_ENC_AES_GCM) { + memcpy(&hdr->iv[0], &sa->iv.gcm.nonce, 4); + memcpy(&hdr->iv[4], rte_crypto_op_ctod_offset(cop, uint8_t *, + sess->iv_offset), sess->iv_length); + } else if (ctl_wrd->auth_type == OTX2_IPSEC_FP_SA_ENC_AES_CBC) { + memcpy(&hdr->iv[0], rte_crypto_op_ctod_offset(cop, uint8_t *, + sess->iv_offset), sess->iv_length); + } + + /* Prepare CPT instruction */ + word0.u64 = sess->ucmd_w0; + word0.s.dlen = dlen; + + req->ist.ei0 = word0.u64; + req->ist.ei1 = rte_pktmbuf_iova(m_src); + req->ist.ei2 = req->ist.ei1; + req->ist.ei3 = sess->ucmd_w3; + + hdr->seq = rte_cpu_to_be_32(sess->seq_lo); + hdr->ip_id = rte_cpu_to_be_32(sess->ip_id); + + sess->ip_id++; + sess->esn++; + +exit: + *prep_req = req; + + return ret; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, + struct otx2_sec_session_ipsec_lp *sess, + struct cpt_qp_meta_info *m_info, void **prep_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + struct cpt_request_info *req = NULL; + int mdata_len, ret = 0; + vq_cmd_word0_t word0; + uint32_t dlen; + char *mdata; + + dlen = rte_pktmbuf_pkt_len(m_src); + mdata_len = m_info->lb_mlen + 8; + + mdata = rte_pktmbuf_append(m_src, mdata_len); + if (unlikely(mdata == NULL)) { + otx2_err("Not enough tail room\n"); + ret = -ENOMEM; + goto exit; + } + + req = alloc_request_struct(mdata, (void *)cop, mdata_len); + + /* Prepare CPT instruction */ + word0.u64 = sess->ucmd_w0; + word0.s.dlen = dlen; + + req->ist.ei0 = word0.u64; + req->ist.ei1 = rte_pktmbuf_iova(m_src); + req->ist.ei2 = req->ist.ei1; + req->ist.ei3 = sess->ucmd_w3; + +exit: + *prep_req = req; + return ret; +} +#endif /* __OTX2_IPSEC_PO_OPS_H__ */