From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20069.outbound.protection.outlook.com [40.107.2.69]) by dpdk.org (Postfix) with ESMTP id 1B73958F6 for ; Thu, 13 Sep 2018 08:09:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=35+otj37A8ViFD1n+dIZBlaPwv1d6hsCiGfq4vxP20M=; b=dlo07dmh7gjhXzYPNj7XO75tO2nCHxn2d+PbgOx5JHwpdzUUGt3/cThWgZShbWYAhLT6CQfCEkS7Bf+DbKZx0ndupsoW044mXvoJ9BYrR/F4bl63LwCiU14Xh6hk3a924qe8j7iH4HZvWNN8+ycmJPEqbpZB5s4zPS/z4cDXsGY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=G.Singh@nxp.com; Received: from Tophie.ap.freescale.net (14.142.187.166) by HE1PR04MB1529.eurprd04.prod.outlook.com (2a01:111:e400:59a8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1143.15; Thu, 13 Sep 2018 06:09:38 +0000 From: Gagandeep Singh To: dev@dpdk.org, akhil.goyal@nxp.com Cc: Hemant Agrawal Date: Thu, 13 Sep 2018 11:38:46 +0530 Message-Id: <20180913060846.29930-11-g.singh@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180913060846.29930-1-g.singh@nxp.com> References: <20180913060846.29930-1-g.singh@nxp.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [14.142.187.166] X-ClientProxiedBy: BM1PR01CA0095.INDPRD01.PROD.OUTLOOK.COM (2603:1096:b00::11) To HE1PR04MB1529.eurprd04.prod.outlook.com (2a01:111:e400:59a8::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ff805c9f-ed0c-478c-4bc4-08d6193f7d06 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:HE1PR04MB1529; X-Microsoft-Exchange-Diagnostics: 1; HE1PR04MB1529; 3:Jv+R+Kj2SK1T7E5jSfmY1FfCh5dnlSVm3lewZgBz8qHluKPcgVD/esjckoW0ljzQzrA7NuDn93bNnz152kLn97wU7THdltgpdt23uwkuE29sxbNDwzaJJVsCDXvFHgXaWGHydHkPe8CmO50GPd8FPK02c3ghoxXvTTgWC9a0jGd/neqqIHlAcGaFmHZYedqVbZAYR5iGFgXI0YigSsW4v+RuHjpXBHaf9vQukLbuB630hgEHyVloW9IlfYSBrR3/; 25:6+NJdSO/naom6l3AsvYtci0eMqA9IgdBQNTy4F85pQlIuYkR4NCdsFnX01y/uFiq8iHcTvOED6uS9zQzKHPDXe+cSpBLyrUjOv52qzC2AfwwaV2JUVGY5abXAkenjbG3xIg5A8koHKN8jNMssgssQwSfW1JeDLFYBcc8zLmwg70csxxPhbbw/krp4AR162lmWTY+hsMLUX46xPpCMboqfvt0lEfhq/azbMn+yLltxcSYhXEfuJTjHYZJPDXhd0Xlr3pT4QrT3/6ReEMjpDWT7PDNUOk/0mM4dmU9Lc1hfDEBKHS23ndG5+SuCojpe6LzzQGSGerEsCEGdYBOdonxwQ==; 31:cOndFLsTDrgkWplA+7EGLdKbQDJiWLoUQGtGw0kpIeexJwtyALUlYbdmerzWajp7ORrJXDTJH1eDSKZbM0r4x9/AtPxehOAMzRSZVfaLrroQwp+WwJ8J916SghIcPSvPKKsGeboQ+pgL0Dn/cxCFa92XS4r1yEaW1sDt74XNDPubSJrGqVavG4diXYdnksWvsAq7oasx2dnnK+rtA0hjNPaHwNhXlsWBSVVNQyTMW3o= X-MS-TrafficTypeDiagnostic: HE1PR04MB1529: X-Microsoft-Exchange-Diagnostics: 1; HE1PR04MB1529; 20:ECSS4GILo7UUW8zdzdj1FtGlCplt4ByeARbhraa8WcV9CpSrzEOgRj9t46K9hkTbwahhA5GkIEUTa4qJjXvluVfL5+JJRRRyd6gHgGpgJrO9fP1Wh5dqdj9F0R1F8K4ylHALihYN2hJgGCiGHG+ydepYVhEnIvfW/5U79hcF3LR8YIlPXNdT0+S2MiPHAdWxx7TV9X3iB4auWFUeLxnJhFtt/2TlqPSk3x7mNNgciCrWmPmxLilz86DfPta6JC8/DG/ub2t+T6MmiAwi/2KmzqqWKlsu+drm1nLKFQt6ZISP8OtGKB5fdGRSlWPeLxgoAjxo2Ozr3ztpR6YcBPCMLGg1EkDdj44mYjmcxKIBonzyXVNKvRv47nOiXKs2ndcMXVjcLR9g2fs/EzswPa3XqC5D131OkQWem+76aVTkhsWPBPsyJlkYSPuW/+7qdLBalX4ASEK24b+8idR8Le1R1u9HPMVnq/QKK80kmq0tcXtPJclkGedMGf9Gqme81ktT; 4:+ZZ4C2T15SFApFUbkkCglnTZlBY0aK9iHF5vTjY+BEcm21XpIMvHGMk5d0HL2ze90oSMprNvEY6azPKtBEdNOPjH57h8tGaYm9siaF7TuB9LxAQtwaee3PsJWGRQS4OS5c75FQ+2numuphbuan5yAisWTlEIvaNk19F5VPWxHyudB+SOpibLcfugoL2l05r/XUQsS+lMa2ouYfE/PRRGSj6fsPQ69HnI3ZWpHYD3wDEQ/ohRyl/XcdGPVPumKrSW0lqMQ6H6RvV15vbY3JrtmgfgaPFUf/vV2EbYwxZaOCuam16U6yR7XSbHhOEEoJog3Ikg0XbQ1HgBysFpq+MFE8T2G3MHoDxo8DiV7Jz8Nco= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(185117386973197); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(823301075)(3231311)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699050); SRVR:HE1PR04MB1529; BCL:0; PCL:0; RULEID:; SRVR:HE1PR04MB1529; X-Forefront-PRVS: 07943272E1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(366004)(376002)(39860400002)(136003)(346002)(396003)(189003)(199004)(2906002)(6506007)(386003)(5009440100003)(6486002)(51416003)(6512007)(52116002)(486006)(2616005)(68736007)(956004)(53936002)(476003)(446003)(11346002)(305945005)(26005)(7736002)(55236004)(76176011)(186003)(16526019)(15650500001)(50226002)(478600001)(47776003)(1076002)(3846002)(6116002)(48376002)(105586002)(106356001)(25786009)(14444005)(50466002)(5660300001)(36756003)(72206003)(66066001)(316002)(97736004)(8936002)(81166006)(4326008)(8676002)(86362001)(6636002)(6666003)(575784001)(81156014)(16586007)(110426005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR04MB1529; H:Tophie.ap.freescale.net; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; HE1PR04MB1529; 23:KOJHRc8O4tNUfYhOgXRNEHWhX0HFmAHD+yX0yscvb?= =?us-ascii?Q?adb8Jj3ZRcI/WUjV4t8EBSHSN/07Zrzn3nTWs2YzFDCIGwUrIhmR16HTCiFI?= =?us-ascii?Q?oietzFba7Bt3TvlIIenXw25L1LqQNfvx5Z1AMIRoic7hncxHIUf6AYSHmFpR?= =?us-ascii?Q?w+qPcxKRlEVbqbFeyt5SLY1xrJGqndAGzMHpjOTGHn3O/5pbaPQI97dF0uQn?= =?us-ascii?Q?NGmQt0lIUAF0aECo3tUOuDvqmLbqS1FLGOuFHLg3aPjYAvL+D0k1h3Wbg0f/?= =?us-ascii?Q?VvTeCdMIc4bm9PBTtuBA3zuGsxhb7aY+ta3ui5IgKfr1ooTUSTCz+B0PaCkJ?= =?us-ascii?Q?47gEjeXvtbbFa25C74l3gx9ohOHLLemztWE7zCadKgmxH1HYDZwsoyZ9j+6c?= =?us-ascii?Q?Vs/ZxiTLbfekEONfRZ+FFceIA9O4peVMB+lGdfA10r0WciydvZKD7jtomE2Z?= =?us-ascii?Q?k2WnR80RRTlBtkbxJ71Sp50zFk8GkSxFg0fWVEj6AghLx//cxZoQ1SwG6iXJ?= =?us-ascii?Q?c7boDZdeWQc/FGlQclRGMt6oVQtFeGmU5sjluXUzBy2vEkqk/byXCsKFHcPr?= =?us-ascii?Q?S1Ot3Wj5ruA0KsBUUm8f5YqxTPiZl3rGeIYpd2zmQay1cGIz4qfsl++IIkcy?= =?us-ascii?Q?jt8i1NDnvjQBvE+wLt73SNrgOkj3CAOHm0vXFIZC13d+rgEMm3MlnftB0gZ1?= =?us-ascii?Q?QKzZkdmiRMV9EC/0iPfWzCz7uKXm0kkRvFQxr5LzRfh3nOmmLwfZg81QOgpY?= =?us-ascii?Q?bVUheTtqjWE08W77E232w5UDwTSRQO0Omgeuj71Hq1VBhoNXCOyQxJIGPN1d?= =?us-ascii?Q?cTOq22luHVQG6pwg/OUSz8v9qbNw5qEntK/6CF99j6byk8K2YxYD8oWpTq/V?= =?us-ascii?Q?c93ip6czngsd9qwlxpGsT33PYBb5UIUgFkMEIbRE2HBbso7tNzlbPa626Px3?= =?us-ascii?Q?B11PJamGydwalKUcQnTfe0ld0hoa1rRVIIWshZ/jl38Ncrse2/eG/QKnDnKS?= =?us-ascii?Q?5vXR8fWsYlsFV9dukJNltDf23oyCaY1qg2le9EplgxrjDq3YSYWwQgDSkQi8?= =?us-ascii?Q?SCKLPXGjZ9YRAq9JjEUBVHXRUTpYMX7+Zpo1uKzMfBSkVHA4xDVEhXrcmvNF?= =?us-ascii?Q?c3TW7BvKtA8QHVw3rFIIfpivjxsd2b/Xb+Hd9iTyBkbpmoEADqb6Rogr9oqT?= =?us-ascii?Q?1fqJU3ZWQokWZnS8o/zx711XvXPNH+tMFeGbgAFYeQrlIAypPvDJ++304Hwr?= =?us-ascii?Q?3qqDaZ+lSsYWKXUfiHj6J5MuN+nk+Exfbo0F+6IFFg7Wv4c9N08pw/vgDlkl?= =?us-ascii?Q?DkcZfPALYnP4Miw1tV9BIahGCrfGl105DvmRwnTkf6bHShOnoDneYUOdE0kh?= =?us-ascii?Q?avJcA=3D=3D?= X-Microsoft-Antispam-Message-Info: TdXwPe/74BdWhlrkapDAxVFbHp4vKSGdgUyFp4ya2gyHHzYTEOLjjx8jd2h5RUV73hBj5YfDXFWMHeq3dpc9fyU2D3Pi3FNGk8P84Owhm44qXdS3hpQHVbw3mY6KgxKwNMC7oPS/7OH17He7uVkaT3a7CtW8v1lsksORrSFh9ubWXotdDhDsLJSxD1wtwHZbKF5vvr3rZTj8xD0BHs2mcELZ5LDf8goyVBxjMy4GhJnM8yNVz2iA8xprPbQlhzQ9GfDUsTriRCFWw82+3I7Et/4wZhUyN97FskvFjMZ7Raom3++TwwTjGZI+QrTdgRrAsvHtv6Itzt725iVf1ryqmqg3KCyeNumCJjDhQAmTX2U= X-Microsoft-Exchange-Diagnostics: 1; HE1PR04MB1529; 6:ROxmv89cAe3xU7GyqOqWzeyhbd+TfNptzrNJXnCXLD32X6OPh7IMgW/4PkA4nRomrJAoUlET5jJRPyRdQKhTwaofv0crglT7AtAnTiz29sMYSSDL6q25uOOfi19bB+8xZJYkXW/31VZ3jpuwfxCFTlpdok95XPLMEVkYvgrzU0ahMQuMYXni/P7kajgVPirUUacjxdppANPrpTW4nW6MvO7gkvA3uAcF0Y6xdBW6RjqB2cX0t6ebHXQ8Fg+Hic25foPRcN9t4xXgvYR8RTpUB7fbY6b8uNYYmJeUWazPGOeOxXC4NWUoQZnMjH97mxpGNYK2vLvDlMQO8swXZ4cpBUsOtGMiQJD/huBZYiFxkyUnkA7t/AGlbiGAnruKWxJUCs3d7/ut3udIB5Pz72X9axAcZcg6LFpxPPSz3Ukup9GW8oWH6KGOtGj1jFbSxz7WKawkLsfkAf8iAFEqiJhiig==; 5:GNHFZv0PJ0GclADNHLAFkQjJjKKazri8EDgHLvFpmaDCBvxj2hJQxRifJUgeM+yjPpt2GlXyiE+yOqU87tQheYBPdAR6ihdJGgoybuIo41lzQ0fqhSQT7qx+CgO9kOw81WIAgZTz5hudhAW85J5DEBcb0w3EC/3ikmifjImgZ2U=; 7:E3l7zmdRkcoMwkj6q/aseZPd340IJ2RRUh7TEa/3YlMejToxKU8+NN1fNWNaEix1fNXGf+FezLO7WzEtYFioh7dOtrVkFz4mTj5KbMRqNEz3wfQj2JJwDk9wFUsYrldyNiIPK0PF4+wN3N6yzSxuI3lByu4wZSqaJ4ggaCN5H5Y6T92xuQ0NWbS7GSna9NKowKptMDk0GlIMXeb0TwS0/c9WKtj3BRpfXJSPAhEER78QaOIaTDM/uznVrzy+lPW2 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2018 06:09:38.0702 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ff805c9f-ed0c-478c-4bc4-08d6193f7d06 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR04MB1529 Subject: [dpdk-dev] [PATCH 10/10] crypto/caam_jr: add security offload support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Sep 2018 06:09:41 -0000 From: Hemant Agrawal Signed-off-by: Hemant Agrawal --- drivers/crypto/caam_jr/caam_jr.c | 361 ++++++++++++++++++++++++++- drivers/crypto/caam_jr/caam_jr_pvt.h | 3 + 2 files changed, 354 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index f51ff1093..c4689078a 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -174,7 +174,13 @@ static inline int is_aead(struct caam_jr_session *ses) static inline int is_auth_cipher(struct caam_jr_session *ses) { return ((ses->cipher_alg != RTE_CRYPTO_CIPHER_NULL) && - (ses->auth_alg != RTE_CRYPTO_AUTH_NULL)); + (ses->auth_alg != RTE_CRYPTO_AUTH_NULL) && + (ses->proto_alg != RTE_SECURITY_PROTOCOL_IPSEC)); +} + +static inline int is_proto_ipsec(struct caam_jr_session *ses) +{ + return (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC); } static inline int is_encode(struct caam_jr_session *ses) @@ -195,27 +201,39 @@ caam_auth_alg(struct caam_jr_session *ses, struct alginfo *alginfo_a) ses->digest_length = 0; break; case RTE_CRYPTO_AUTH_MD5_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_MD5; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA1_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA1; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA224_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA224; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA256_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA256; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA384_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA384; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA512_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA512; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; default: @@ -230,15 +248,21 @@ caam_cipher_alg(struct caam_jr_session *ses, struct alginfo *alginfo_c) case RTE_CRYPTO_CIPHER_NULL: break; case RTE_CRYPTO_CIPHER_AES_CBC: - alginfo_c->algtype = OP_ALG_ALGSEL_AES; + alginfo_c->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES; alginfo_c->algmode = OP_ALG_AAI_CBC; break; case RTE_CRYPTO_CIPHER_3DES_CBC: - alginfo_c->algtype = OP_ALG_ALGSEL_3DES; + alginfo_c->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES; alginfo_c->algmode = OP_ALG_AAI_CBC; break; case RTE_CRYPTO_CIPHER_AES_CTR: - alginfo_c->algtype = OP_ALG_ALGSEL_AES; + alginfo_c->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES; alginfo_c->algmode = OP_ALG_AAI_CTR; break; default: @@ -400,6 +424,22 @@ caam_jr_prep_cdb(struct caam_jr_session *ses) cdb->sh_desc[0] = 0; cdb->sh_desc[1] = 0; cdb->sh_desc[2] = 0; + if (is_proto_ipsec(ses)) { + if (ses->dir == DIR_ENC) { + shared_desc_len = cnstr_shdsc_ipsec_new_encap( + cdb->sh_desc, + true, swap, SHR_SERIAL, + &ses->encap_pdb, + (uint8_t *)&ses->ip4_hdr, + &alginfo_c, &alginfo_a); + } else if (ses->dir == DIR_DEC) { + shared_desc_len = cnstr_shdsc_ipsec_new_decap( + cdb->sh_desc, + true, swap, SHR_SERIAL, + &ses->decap_pdb, + &alginfo_c, &alginfo_a); + } + } else { /* Auth_only_len is set as 0 here and it will be * overwritten in fd for each packet. */ @@ -407,6 +447,7 @@ caam_jr_prep_cdb(struct caam_jr_session *ses) true, swap, &alginfo_c, &alginfo_a, ses->iv.length, 0, ses->digest_length, ses->dir); + } } if (shared_desc_len < 0) { @@ -1258,6 +1299,49 @@ build_cipher_auth(struct rte_crypto_op *op, struct caam_jr_session *ses) return ctx; } + +static inline struct caam_jr_op_ctx * +build_proto(struct rte_crypto_op *op, struct caam_jr_session *ses) +{ + struct rte_crypto_sym_op *sym = op->sym; + struct caam_jr_op_ctx *ctx = NULL; + phys_addr_t src_start_addr, dst_start_addr; + struct sec_cdb *cdb; + uint64_t sdesc_offset; + struct sec_job_descriptor_t *jobdescr; + + ctx = caam_jr_alloc_ctx(ses); + if (!ctx) + return NULL; + ctx->op = op; + + src_start_addr = rte_pktmbuf_iova(sym->m_src); + if (sym->m_dst) + dst_start_addr = rte_pktmbuf_iova(sym->m_dst); + else + dst_start_addr = src_start_addr; + + cdb = ses->cdb; + sdesc_offset = (size_t) ((char *)&cdb->sh_desc - (char *)cdb); + + jobdescr = (struct sec_job_descriptor_t *) ctx->jobdes.desc; + + SEC_JD_INIT(jobdescr); + SEC_JD_SET_SD(jobdescr, + (phys_addr_t)(caam_jr_dma_vtop(cdb)) + sdesc_offset, + cdb->sh_hdr.hi.field.idlen); + + /* output */ + SEC_JD_SET_OUT_PTR(jobdescr, (uint64_t)dst_start_addr, 0, + sym->m_src->buf_len - sym->m_src->data_off); + /* input */ + SEC_JD_SET_IN_PTR(jobdescr, (uint64_t)src_start_addr, 0, + sym->m_src->pkt_len); + sym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK; + + return ctx; +} + static int caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) { @@ -1272,6 +1356,11 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) get_sym_session_private_data(op->sym->session, cryptodev_driver_id); break; + case RTE_CRYPTO_OP_SECURITY_SESSION: + ses = (struct caam_jr_session *) + get_sec_session_private_data( + op->sym->sec_session); + break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); qp->tx_errs++; @@ -1293,6 +1382,8 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) ctx = build_auth_only(op, ses); else if (is_cipher_only(ses)) ctx = build_cipher_only(op, ses); + else if (is_proto_ipsec(ses)) + ctx = build_proto(op, ses); } else { if (is_auth_cipher(ses)) ctx = build_cipher_auth_sg(op, ses); @@ -1661,6 +1752,227 @@ caam_jr_sym_session_clear(struct rte_cryptodev *dev, } } +static int +caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess) +{ + struct sec_job_ring_t *internals = dev->data->dev_private; + struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec; + struct rte_crypto_auth_xform *auth_xform; + struct rte_crypto_cipher_xform *cipher_xform; + struct caam_jr_session *session = (struct caam_jr_session *)sess; + + PMD_INIT_FUNC_TRACE(); + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + cipher_xform = &conf->crypto_xform->cipher; + auth_xform = &conf->crypto_xform->next->auth; + } else { + auth_xform = &conf->crypto_xform->auth; + cipher_xform = &conf->crypto_xform->next->cipher; + } + session->proto_alg = conf->protocol; + session->cipher_key.data = rte_zmalloc(NULL, + cipher_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->cipher_key.data == NULL && + cipher_xform->key.length > 0) { + CAAM_JR_ERR("No Memory for cipher key\n"); + return -ENOMEM; + } + + session->cipher_key.length = cipher_xform->key.length; + session->auth_key.data = rte_zmalloc(NULL, + auth_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->auth_key.data == NULL && + auth_xform->key.length > 0) { + CAAM_JR_ERR("No Memory for auth key\n"); + rte_free(session->cipher_key.data); + return -ENOMEM; + } + session->auth_key.length = auth_xform->key.length; + memcpy(session->cipher_key.data, cipher_xform->key.data, + cipher_xform->key.length); + memcpy(session->auth_key.data, auth_xform->key.data, + auth_xform->key.length); + + switch (auth_xform->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA1_HMAC; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_MD5_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA256_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA384_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + break; + case RTE_CRYPTO_AUTH_NULL: + session->auth_alg = RTE_CRYPTO_AUTH_NULL; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + case RTE_CRYPTO_AUTH_SHA1: + case RTE_CRYPTO_AUTH_SHA256: + case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA224: + case RTE_CRYPTO_AUTH_SHA384: + case RTE_CRYPTO_AUTH_MD5: + case RTE_CRYPTO_AUTH_AES_GMAC: + case RTE_CRYPTO_AUTH_KASUMI_F9: + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_ZUC_EIA3: + CAAM_JR_ERR("Crypto: Unsupported auth alg %u\n", + auth_xform->algo); + goto out; + default: + CAAM_JR_ERR("Crypto: Undefined Auth specified %u\n", + auth_xform->algo); + goto out; + } + + switch (cipher_xform->algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CBC; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR; + break; + case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + case RTE_CRYPTO_CIPHER_3DES_ECB: + case RTE_CRYPTO_CIPHER_AES_ECB: + case RTE_CRYPTO_CIPHER_KASUMI_F8: + CAAM_JR_ERR("Crypto: Unsupported Cipher alg %u\n", + cipher_xform->algo); + goto out; + default: + CAAM_JR_ERR("Crypto: Undefined Cipher specified %u\n", + cipher_xform->algo); + goto out; + } + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + memset(&session->encap_pdb, 0, sizeof(struct ipsec_encap_pdb) + + sizeof(session->ip4_hdr)); + session->ip4_hdr.ip_v = IPVERSION; + session->ip4_hdr.ip_hl = 5; + session->ip4_hdr.ip_len = rte_cpu_to_be_16( + sizeof(session->ip4_hdr)); + session->ip4_hdr.ip_tos = ipsec_xform->tunnel.ipv4.dscp; + session->ip4_hdr.ip_id = 0; + session->ip4_hdr.ip_off = 0; + session->ip4_hdr.ip_ttl = ipsec_xform->tunnel.ipv4.ttl; + session->ip4_hdr.ip_p = (ipsec_xform->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? IPPROTO_ESP + : IPPROTO_AH; + session->ip4_hdr.ip_sum = 0; + session->ip4_hdr.ip_src = ipsec_xform->tunnel.ipv4.src_ip; + session->ip4_hdr.ip_dst = ipsec_xform->tunnel.ipv4.dst_ip; + session->ip4_hdr.ip_sum = calc_chksum((uint16_t *) + (void *)&session->ip4_hdr, + sizeof(struct ip)); + + session->encap_pdb.options = + (IPVERSION << PDBNH_ESP_ENCAP_SHIFT) | + PDBOPTS_ESP_OIHI_PDB_INL | + PDBOPTS_ESP_IVSRC | + PDBHMO_ESP_ENCAP_DTTL; + session->encap_pdb.spi = ipsec_xform->spi; + session->encap_pdb.ip_hdr_len = sizeof(struct ip); + + session->dir = DIR_ENC; + } else if (ipsec_xform->direction == + RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + memset(&session->decap_pdb, 0, sizeof(struct ipsec_decap_pdb)); + session->decap_pdb.options = sizeof(struct ip) << 16; + session->dir = DIR_DEC; + } else + goto out; + session->ctx_pool = internals->ctx_pool; + + return 0; +out: + rte_free(session->auth_key.data); + rte_free(session->cipher_key.data); + memset(session, 0, sizeof(struct caam_jr_session)); + return -1; +} + +static int +caam_jr_security_session_create(void *dev, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + CAAM_JR_ERR("Couldn't get object from session mempool"); + return -ENOMEM; + } + + switch (conf->protocol) { + case RTE_SECURITY_PROTOCOL_IPSEC: + ret = caam_jr_set_ipsec_session(cdev, conf, + sess_private_data); + break; + case RTE_SECURITY_PROTOCOL_MACSEC: + return -ENOTSUP; + default: + return -EINVAL; + } + if (ret != 0) { + CAAM_JR_ERR("failed to configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +/* Clear the memory of session so it doesn't leave key material behind */ +static int +caam_jr_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + PMD_INIT_FUNC_TRACE(); + void *sess_priv = get_sec_session_private_data(sess); + + struct caam_jr_session *s = (struct caam_jr_session *)sess_priv; + + if (sess_priv) { + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + + rte_free(s->cipher_key.data); + rte_free(s->auth_key.data); + memset(sess, 0, sizeof(struct caam_jr_session)); + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} + + static int caam_jr_dev_configure(struct rte_cryptodev *dev, struct rte_cryptodev_config *config __rte_unused) @@ -1752,6 +2064,20 @@ static struct rte_cryptodev_ops caam_jr_ops = { .sym_session_clear = caam_jr_sym_session_clear }; +static const struct rte_security_capability * +caam_jr_capabilities_get(void *device __rte_unused) +{ + return caam_jr_security_cap; +} + +static struct rte_security_ops caam_jr_security_ops = { + .session_create = caam_jr_security_session_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = caam_jr_security_session_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = caam_jr_capabilities_get +}; /* @brief Flush job rings of any processed descs. * The processed descs are silently dropped, @@ -1970,6 +2296,7 @@ caam_jr_dev_init(const char *name, struct rte_cryptodev_pmd_init_params *init_params) { struct rte_cryptodev *dev; + struct rte_security_ctx *security_instance; struct uio_job_ring *job_ring; char str[RTE_CRYPTODEV_NAME_MAX_LEN]; @@ -2039,6 +2366,20 @@ caam_jr_dev_init(const char *name, return 0; } + /*TODO free it during teardown*/ + security_instance = rte_malloc("caam_jr", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) { + CAAM_JR_ERR("memory allocation failed\n"); + //todo error handling. + goto cleanup2; + } + + security_instance->device = (void *)dev; + security_instance->ops = &caam_jr_security_ops; + security_instance->sess_cnt = 0; + dev->security_ctx = security_instance; + RTE_LOG(INFO, PMD, "%s cryptodev init\n", dev->data->name); return 0; diff --git a/drivers/crypto/caam_jr/caam_jr_pvt.h b/drivers/crypto/caam_jr/caam_jr_pvt.h index cc0aa65f1..cfa2f78ae 100644 --- a/drivers/crypto/caam_jr/caam_jr_pvt.h +++ b/drivers/crypto/caam_jr/caam_jr_pvt.h @@ -110,6 +110,7 @@ struct caam_jr_session { enum rte_crypto_cipher_algorithm cipher_alg; /* Cipher Algorithm*/ enum rte_crypto_auth_algorithm auth_alg; /* Authentication Algorithm*/ enum rte_crypto_aead_algorithm aead_alg; /* AEAD Algorithm*/ + enum rte_security_session_protocol proto_alg; /* Security Algorithm*/ union { struct { uint8_t *data; /* pointer to key data */ @@ -132,7 +133,9 @@ struct caam_jr_session { } iv; /* Initialisation vector parameters */ uint16_t auth_only_len; /* Length of data for Auth only */ uint32_t digest_length; + struct ipsec_encap_pdb encap_pdb; struct ip ip4_hdr; + struct ipsec_decap_pdb decap_pdb; struct caam_jr_qp *qp; struct sec_cdb *cdb; /* cmd block associated with qp */ struct rte_mempool *ctx_pool; /* session mempool for caam_jr_op_ctx */ -- 2.17.1