From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50077.outbound.protection.outlook.com [40.107.5.77]) by dpdk.org (Postfix) with ESMTP id 3C9E71B9AB for ; Fri, 12 Oct 2018 16:41:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2KZSsnYlg/MvFKJXliXGBwQnpRQCGbM4MzShBdN9UQE=; b=ZAp5YM2Bt/SSxFum04tx5j0hPDurx6frtoIG9yvhEnaN+zNC5W4T7xqIkMLixjPvIkOKHh+XHZJDCkOYRotip4XW9EUTDfijTZ7zD1fmf4K/WZvWZHNwQesZSN8nT+RdPQevRC6JpoJkycuWKzxoDZ90yiq7BRZHupOlgej4iPU= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=G.Singh@nxp.com; Received: from Tophie.ap.freescale.net (14.142.187.166) by HE1PR04MB1530.eurprd04.prod.outlook.com (2a01:111:e400:59a8::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.23; Fri, 12 Oct 2018 14:41:55 +0000 From: Gagandeep Singh To: dev@dpdk.org, akhil.goyal@nxp.com Cc: Hemant Agrawal Date: Fri, 12 Oct 2018 20:10:54 +0530 Message-Id: <20181012144055.9461-14-g.singh@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181012144055.9461-1-g.singh@nxp.com> References: <20180913060846.29930-1-g.singh@nxp.com> <20181012144055.9461-1-g.singh@nxp.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [14.142.187.166] X-ClientProxiedBy: PN1PR0101CA0039.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c00:c::25) To HE1PR04MB1530.eurprd04.prod.outlook.com (2a01:111:e400:59a8::20) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ac15e7e6-2de6-494f-d9fe-08d63050dbcd X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:HE1PR04MB1530; X-Microsoft-Exchange-Diagnostics: 1; HE1PR04MB1530; 3:MVMgDnmXg5einsEfd4wkld0ALH+m9Z/v/Luqts9VKr2jeB344oGRi66yxPTc7bZVWnKrbfIOJX1q5OpegqVYDrAdoCxRzIeQ4+5oZHoG4Rz9rNzWZIlEKWDxuoSYqEnZQqH7ALPIXEMXFmY7//k59jXh5H3Blz6xi3EWneviF0qgR6cPJZnqE4f+fTItpuqWZxhm8y9m+wAjNSn7tTqbqxQY5p3hZTR0zLd8KrlZcVTgjPjlszbn35g8T/u+xwBj; 25:TII3TXw1C843l0VkEWfRhf2jmivxlGgX+iszgxe7W/LU4rXckXBFeTxVvQ6CJ4XRBNtbX8HepACtUqWVl66T5xaXlLse60F9BPtt/E5jV4iWZ5WY+2Ptbp/hONpJqaMZA+BqvgSBsDClf3U/IFgDjUHWU8Hnvx+Ekf09g51zwrqx4fRgmOinxMX7S+KbOxhRMsaF6usrcX2MY+PYqbahs12BoftvNz3DQs1BkKvrh8MblgrAcHRKz+jtbgfzOE0gQJA21PkxF3Rx94zoS5cyghyrHXKHP8rGKVAXMN00czll+C6SN6L8HShaB1y5xVW4Y6F+kfUsDhSE+jGvhhZhfA==; 31:4bTh037KFhBcw902wiWO6kuuRyuWpLG7kQhnkXAU7MlpuU9xLjogT83UiVKsbH0O57wrhm3AQZcjsKLh01Rwno3S1dCUiU9uE1OVNIxGHfzNkPhY2BZ6Y4mpvKzwcnCZzI6gCSYlTdIev184IF6zV9x+ZtPE5pGYzfVpKudKtSPxSNAuBZ4CJk0SWh58xtSTv7lYBoRI82GFE08wCxAUup2RW31sJNF5lYc5ErBWYsY= X-MS-TrafficTypeDiagnostic: HE1PR04MB1530: X-Microsoft-Exchange-Diagnostics: 1; HE1PR04MB1530; 20:ZRgA+yQFHKhlwR7dQPuCDNo3agIAkHkLrEA9oqqGsptUoKV6hNeL9Le63ZGXSsRtKfq8n8bRDQp9pUi0ncBucXbe/fWIOChl4i+dhUToaLFCSCmZAAcQ5ubjRfogpKQKZ/VCykbl/kBYmp66KwChRu0oz19DwIRPovN/cVR0qYJOgAwVsZ7jxVPd4JxuZOXO43DFuTUP1yeA+Ei4r8yGOYfVio9DYcTyM59NmEYiJiX14gb4iuy8YQcKwxMVXoAquCN4GlXdqd8XnIfZMwEuMPxeLd7Ih1keO+VOKrwnF5BUyAV9Xhi6gVzHUJvqcnMUN1JFzq1okBNGJTUoFRLTQd9QOZsfct51XHu7PtmfWpKimdyWpPrwLOUxQEBJyZRAz0NTzL7L2OsqBSknOr68ziBwcMbJJ3hGPfBPUz8bGV0iJ8P5LcM2YX8zAeh85DVirVbAugMe8Lb/bce8Sal/KMWZyrevo3wLnzOf2Bupb+xXo2O6spuUT2dJUId2uj/O; 4:olJWYA8wKc5322lHBdfpVCegrilfzjEn4Ae7YwN0C7lE5h36yPzEhqizaBfrzEzS+iiI1lLoC8GxLk7A7pACDdGPmieYGogzIu02pZeQ27EuFRsICgZYjHFUTQgNFlRcXwtZXQrIRQEfiQu8JHQKp2NOZC8uwqo3JFKLNl3sYcjLKcJR6+fuHuR4oJ5twNlf9qrmLw9HI0LJoH2QyXGbjs3Wl95PgkQgRYq/wT1vZ2TLWZ2RYFBCWKyYB14ZWS6RZRBpyGbJoOnCA6G5099FRPxPcDxg4C5qYDuUH6RiHWaC5D9EmGLJVQ3IEFvCjPZnNAcjUntlUWD+4Q/bLg+DONm8ZK+ADLaYFE49vRHJemg= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705)(185117386973197); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231355)(944501410)(52105095)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123562045)(201708071742011)(7699051); SRVR:HE1PR04MB1530; BCL:0; PCL:0; RULEID:; SRVR:HE1PR04MB1530; X-Forefront-PRVS: 0823A5777B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(376002)(366004)(396003)(136003)(39860400002)(189003)(199004)(316002)(305945005)(8936002)(386003)(55236004)(6636002)(6506007)(106356001)(25786009)(36756003)(4744004)(16586007)(5660300001)(72206003)(52116002)(53936002)(26005)(6512007)(478600001)(68736007)(186003)(16526019)(50226002)(7736002)(105586002)(51416003)(97736004)(76176011)(78486009)(3846002)(15650500001)(2906002)(66066001)(1076002)(4326008)(956004)(446003)(2616005)(47776003)(11346002)(1006002)(6116002)(486006)(14444005)(476003)(8676002)(50466002)(48376002)(81156014)(86362001)(81166006)(6486002)(110426005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR04MB1530; H:Tophie.ap.freescale.net; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; HE1PR04MB1530; 23:PQkj9r6iOf4c2L+jpy+t4ZkRw6eoUUXTkY4OyluTP?= =?us-ascii?Q?5uMM6s16iitTM2gtsECZ1+8dGZ2H+ZYc+NomZjUzeMsc+6zHLFMuztvswcip?= =?us-ascii?Q?8DHG/ommRDFhk0JeolbeiplIUiZSHnQnSle3ptErD5FkOpCqdUObkFx/04Cr?= =?us-ascii?Q?b1XoGXWIw8anQqvfWegzx6rgAyUSB1KB3DfrK2B5LHxF9D2sdCXQ4G7H6BEA?= =?us-ascii?Q?gGFvm6eY81EB5P0AzOEfEPRkTMNDrUkehRIRiSGeRPhCyhwpKGF1GBuOxda0?= =?us-ascii?Q?FNdLfAWGlQTGfORnuPt559Dgxm0y4C3Iclb4+fG3Y9uFaQMQA035fTmbFtXh?= =?us-ascii?Q?oZveKc2L8CUi6AwxnFhk3K+6ghwtlzyCN7TWU05Ot3DEO3vfIOZpSfKYSe/z?= =?us-ascii?Q?J9EhMGubD5i5faxq5cAiLnUQngAgLDworZvSoABXGFGUQstAuyvhMIMGH0nr?= =?us-ascii?Q?+JY+BGwnZPs5I520r10Le46X7hK9hj0E0DNcd6TRQtg53ElMz1qcpEV3XAgP?= =?us-ascii?Q?36HevZVxZtYKl61sqmbq0JZXmGbf8makHrMTmjj9sUz/WL5RqyHk+obVqMyY?= =?us-ascii?Q?QijQ0Ky927s/FyCy1Ern4TR9LTMEfe5r2wLnu1GnALIXJUXzWb0/ooC/DJjt?= =?us-ascii?Q?fpuc/i39+mU3LfCIEbrSxkerMRwc01r/NRhfYFKor64ZxjgcgVK3KFDsIzfG?= =?us-ascii?Q?q4ezcwTTAE7NUBatD6jmFQcbZIq0SzVegxyFatjByHExZu9Hm2wecYZkJ0mQ?= =?us-ascii?Q?wT1o7QHMZVLwf+UOn6nk/srHbZu2GMGopxopndbT6ZgUY0NH5NFGKPtq47w9?= =?us-ascii?Q?QW4/hkOfPoLHochnWRFhlMwPsqDsID6gVstBu+bbqD+Lqn2JVtSzuSN0vxpz?= =?us-ascii?Q?te57tu4vg2eXfsDh0oJIkWVPuNogUqePj/OAMzyM5g/XpgmAEr+OuFi+Xw4l?= =?us-ascii?Q?aC01ccPpFiCPLBxetZ1eltkFyLHYuAlASqrfskw8hdh9r4HC/CUS38m9yoyn?= =?us-ascii?Q?3Qxpy3ydOYaR8r3jNjXugXd3KJUsV1dqfMkWM7jnp1bYgXkjE4Muy4hAv/WL?= =?us-ascii?Q?/S075gqwMrF0eRzzfQj/0FWTU0EpKcbz0VdknYiU2rHR8fgf9UAMRQFy7mKJ?= =?us-ascii?Q?Wt5hblrTmvhd99HLgFv8WQQ1FinFQ3TES+WUmgLfOzPeJnKQZ16+XL6zV2ak?= =?us-ascii?Q?6X8fCX/nEtqN8aXJdd8/VypKPi1O9tazvrAL6+MUNN18/bnbO6NpR3R2JRsF?= =?us-ascii?Q?c2OWCqfRsdJSFeiD4kyUgRpPua6fXnA6dPu2c85syowax12/8p7pSSvSLJJO?= =?us-ascii?Q?QURgiGlByVvMCpkYgnOVIT8MR5R4tjG8lXm0OyRUVuS?= X-Microsoft-Antispam-Message-Info: 9+XZmkOtpN2XPqYbTivA5iXWLkZh7rLPBSrbZqPWq1Bftv9/+FQMP1bSeUxZSMuOO4kuLQJ7Huc1Lzvd+mqL9Fd9dnx3Phc7P1CGgH/ntex87/YJJnIOQRPMBzlOmB91bz4oVLc6PKuBcRLlGZc5+9m+msMOtVbe6ixj/ExzAeLiKe0APskpgnnpHJPrSgwUH34TfdMmO9lJVuJ4g3U/oBAWewahf0XgQhR7aeMDl86VwR65JoUklBVZG6KapWm4EY57+s8HU0N4tpvtGG+FdLKTrHXJSSeDyVU4vGFDAL6tnd5spp7P9KIXGm/x/fdxP/v+d88g1sYbU/L+E/AL3LSDa4kSlfze8iL5Ne9+lt8= X-Microsoft-Exchange-Diagnostics: 1; HE1PR04MB1530; 6:OhBFA++osu2uaik1vaXqiE0Qryi5MjDvY7xdAWa+s2xmqsa3f8SvoGmRWDUwYjFsyleaRnPkaL6+F5YZDEIoCeOUxKqaFlw72At3tzTHYdzFrvcGCatjpCmMyvq7KnVN8BZ69Ty/fzEemfr1Dl9DUavohjp109ZrxNUz4XTmkdZLoiN3vKp2wHH88Ag8ko2ofb8UAPCWTuG4a6Hlo2V0jy9YXXLcEV28jmOZb8QzN9EdnfYrtAL51dUKyuCtMGIeHz5c4fFY3CcT18bW5bAYAZgEUKoB/CPH/VEq9MVkIU0ID8b2kQobvEmwMU/2of8eJOOwOp2ebfZaHG4LLsv7UDUby96MIcRSorubzbx1F+QchpYsME3Tu2s8tHHcrWZK7Gt40jDmg8gsWXxeB9fekr6X4qce8YpK0VPKJhg07n1USuY26YezxthKRKNfTtGdQcMgjrugfe0pPgWigOJO4Q==; 5:otzSGBzGVQSv4vS8PBr8HiZtxzelXIM3O3oCMUzQk9c+/RXFczX813MiFk6Jnt+9ezJS6TLP2+BdY8F+6mh5n98d2W1rKtRXnEbCjm4sC12B0x24qJtQW8/hO0+JDJGtMS9HRf2WgEQxxPhJZGCs5xVJCGB7klSbfWmn8CBDnCw=; 7:nukMBuyFolE3wn8CZRwkuA9fQ6yjrCZjd20Zybd2IQT6P8O2GEdCsoQWLfYP0IArTIXOMFITvr5IschK61p5mM874fkAYLAkupikeQfUg0OXXr0Ht/J9kFCBjaERvRO0et2//i7CqysPXPJdMJjxjQbVEf6VTWXe5Y5NnscNMIMQDcT8bsbjdPNM/ic8ezhJBrbeRhCPId6M5v00BvqVo6yUgwSpPfqMjFHHLUQDeYM8J+flXJW2HiE9ZEZHYDdO SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2018 14:41:55.2408 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ac15e7e6-2de6-494f-d9fe-08d63050dbcd X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR04MB1530 Subject: [dpdk-dev] [PATCH v2 13/14] crypto/caam_jr: add security offload X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2018 14:41:58 -0000 From: Hemant Agrawal This patch provides the support for protocol offload to the hardware. following security operations are added: - session_create - session_destroy - capabilities_get Signed-off-by: Hemant Agrawal --- drivers/crypto/caam_jr/caam_jr.c | 360 ++++++++++++++++++++++++++- drivers/crypto/caam_jr/caam_jr_pvt.h | 5 + 2 files changed, 354 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index beb54d5da..e3002d6fb 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -27,7 +27,6 @@ /* RTA header files */ #include #include -#include #include #define CAAM_JR_DBG 0 @@ -186,7 +185,15 @@ is_auth_cipher(struct caam_jr_session *ses) { PMD_INIT_FUNC_TRACE(); return ((ses->cipher_alg != RTE_CRYPTO_CIPHER_NULL) && - (ses->auth_alg != RTE_CRYPTO_AUTH_NULL)); + (ses->auth_alg != RTE_CRYPTO_AUTH_NULL) && + (ses->proto_alg != RTE_SECURITY_PROTOCOL_IPSEC)); +} + +static inline int +is_proto_ipsec(struct caam_jr_session *ses) +{ + PMD_INIT_FUNC_TRACE(); + return (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC); } static inline int @@ -212,27 +219,39 @@ caam_auth_alg(struct caam_jr_session *ses, struct alginfo *alginfo_a) ses->digest_length = 0; break; case RTE_CRYPTO_AUTH_MD5_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_MD5; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA1_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA1; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA224_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA224; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA256_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA256; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA384_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA384; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; case RTE_CRYPTO_AUTH_SHA512_HMAC: - alginfo_a->algtype = OP_ALG_ALGSEL_SHA512; + alginfo_a->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512; alginfo_a->algmode = OP_ALG_AAI_HMAC; break; default: @@ -248,15 +267,21 @@ caam_cipher_alg(struct caam_jr_session *ses, struct alginfo *alginfo_c) case RTE_CRYPTO_CIPHER_NULL: break; case RTE_CRYPTO_CIPHER_AES_CBC: - alginfo_c->algtype = OP_ALG_ALGSEL_AES; + alginfo_c->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES; alginfo_c->algmode = OP_ALG_AAI_CBC; break; case RTE_CRYPTO_CIPHER_3DES_CBC: - alginfo_c->algtype = OP_ALG_ALGSEL_3DES; + alginfo_c->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES; alginfo_c->algmode = OP_ALG_AAI_CBC; break; case RTE_CRYPTO_CIPHER_AES_CTR: - alginfo_c->algtype = OP_ALG_ALGSEL_AES; + alginfo_c->algtype = + (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ? + OP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES; alginfo_c->algmode = OP_ALG_AAI_CTR; break; default: @@ -420,6 +445,22 @@ caam_jr_prep_cdb(struct caam_jr_session *ses) cdb->sh_desc[0] = 0; cdb->sh_desc[1] = 0; cdb->sh_desc[2] = 0; + if (is_proto_ipsec(ses)) { + if (ses->dir == DIR_ENC) { + shared_desc_len = cnstr_shdsc_ipsec_new_encap( + cdb->sh_desc, + true, swap, SHR_SERIAL, + &ses->encap_pdb, + (uint8_t *)&ses->ip4_hdr, + &alginfo_c, &alginfo_a); + } else if (ses->dir == DIR_DEC) { + shared_desc_len = cnstr_shdsc_ipsec_new_decap( + cdb->sh_desc, + true, swap, SHR_SERIAL, + &ses->decap_pdb, + &alginfo_c, &alginfo_a); + } + } else { /* Auth_only_len is set as 0 here and it will be * overwritten in fd for each packet. */ @@ -427,6 +468,7 @@ caam_jr_prep_cdb(struct caam_jr_session *ses) true, swap, &alginfo_c, &alginfo_a, ses->iv.length, 0, ses->digest_length, ses->dir); + } } if (shared_desc_len < 0) { @@ -1281,6 +1323,50 @@ build_cipher_auth(struct rte_crypto_op *op, struct caam_jr_session *ses) return ctx; } + +static inline struct caam_jr_op_ctx * +build_proto(struct rte_crypto_op *op, struct caam_jr_session *ses) +{ + struct rte_crypto_sym_op *sym = op->sym; + struct caam_jr_op_ctx *ctx = NULL; + phys_addr_t src_start_addr, dst_start_addr; + struct sec_cdb *cdb; + uint64_t sdesc_offset; + struct sec_job_descriptor_t *jobdescr; + + PMD_INIT_FUNC_TRACE(); + ctx = caam_jr_alloc_ctx(ses); + if (!ctx) + return NULL; + ctx->op = op; + + src_start_addr = rte_pktmbuf_iova(sym->m_src); + if (sym->m_dst) + dst_start_addr = rte_pktmbuf_iova(sym->m_dst); + else + dst_start_addr = src_start_addr; + + cdb = ses->cdb; + sdesc_offset = (size_t) ((char *)&cdb->sh_desc - (char *)cdb); + + jobdescr = (struct sec_job_descriptor_t *) ctx->jobdes.desc; + + SEC_JD_INIT(jobdescr); + SEC_JD_SET_SD(jobdescr, + (phys_addr_t)(caam_jr_dma_vtop(cdb)) + sdesc_offset, + cdb->sh_hdr.hi.field.idlen); + + /* output */ + SEC_JD_SET_OUT_PTR(jobdescr, (uint64_t)dst_start_addr, 0, + sym->m_src->buf_len - sym->m_src->data_off); + /* input */ + SEC_JD_SET_IN_PTR(jobdescr, (uint64_t)src_start_addr, 0, + sym->m_src->pkt_len); + sym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK; + + return ctx; +} + static int caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) { @@ -1296,6 +1382,11 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) get_sym_session_private_data(op->sym->session, cryptodev_driver_id); break; + case RTE_CRYPTO_OP_SECURITY_SESSION: + ses = (struct caam_jr_session *) + get_sec_session_private_data( + op->sym->sec_session); + break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); qp->tx_errs++; @@ -1317,6 +1408,8 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) ctx = build_auth_only(op, ses); else if (is_cipher_only(ses)) ctx = build_cipher_only(op, ses); + else if (is_proto_ipsec(ses)) + ctx = build_proto(op, ses); } else { if (is_auth_cipher(ses)) ctx = build_cipher_auth_sg(op, ses); @@ -1687,6 +1780,228 @@ caam_jr_sym_session_clear(struct rte_cryptodev *dev, } } +static int +caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, + void *sess) +{ + struct sec_job_ring_t *internals = dev->data->dev_private; + struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec; + struct rte_crypto_auth_xform *auth_xform; + struct rte_crypto_cipher_xform *cipher_xform; + struct caam_jr_session *session = (struct caam_jr_session *)sess; + + PMD_INIT_FUNC_TRACE(); + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + cipher_xform = &conf->crypto_xform->cipher; + auth_xform = &conf->crypto_xform->next->auth; + } else { + auth_xform = &conf->crypto_xform->auth; + cipher_xform = &conf->crypto_xform->next->cipher; + } + session->proto_alg = conf->protocol; + session->cipher_key.data = rte_zmalloc(NULL, + cipher_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->cipher_key.data == NULL && + cipher_xform->key.length > 0) { + CAAM_JR_ERR("No Memory for cipher key\n"); + return -ENOMEM; + } + + session->cipher_key.length = cipher_xform->key.length; + session->auth_key.data = rte_zmalloc(NULL, + auth_xform->key.length, + RTE_CACHE_LINE_SIZE); + if (session->auth_key.data == NULL && + auth_xform->key.length > 0) { + CAAM_JR_ERR("No Memory for auth key\n"); + rte_free(session->cipher_key.data); + return -ENOMEM; + } + session->auth_key.length = auth_xform->key.length; + memcpy(session->cipher_key.data, cipher_xform->key.data, + cipher_xform->key.length); + memcpy(session->auth_key.data, auth_xform->key.data, + auth_xform->key.length); + + switch (auth_xform->algo) { + case RTE_CRYPTO_AUTH_SHA1_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA1_HMAC; + break; + case RTE_CRYPTO_AUTH_MD5_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_MD5_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA256_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA384_HMAC; + break; + case RTE_CRYPTO_AUTH_SHA512_HMAC: + session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC; + break; + case RTE_CRYPTO_AUTH_NULL: + session->auth_alg = RTE_CRYPTO_AUTH_NULL; + break; + case RTE_CRYPTO_AUTH_SHA224_HMAC: + case RTE_CRYPTO_AUTH_AES_XCBC_MAC: + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + case RTE_CRYPTO_AUTH_SHA1: + case RTE_CRYPTO_AUTH_SHA256: + case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA224: + case RTE_CRYPTO_AUTH_SHA384: + case RTE_CRYPTO_AUTH_MD5: + case RTE_CRYPTO_AUTH_AES_GMAC: + case RTE_CRYPTO_AUTH_KASUMI_F9: + case RTE_CRYPTO_AUTH_AES_CBC_MAC: + case RTE_CRYPTO_AUTH_ZUC_EIA3: + CAAM_JR_ERR("Crypto: Unsupported auth alg %u\n", + auth_xform->algo); + goto out; + default: + CAAM_JR_ERR("Crypto: Undefined Auth specified %u\n", + auth_xform->algo); + goto out; + } + + switch (cipher_xform->algo) { + case RTE_CRYPTO_CIPHER_AES_CBC: + session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CBC; + break; + case RTE_CRYPTO_CIPHER_3DES_CBC: + session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR; + break; + case RTE_CRYPTO_CIPHER_NULL: + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + case RTE_CRYPTO_CIPHER_3DES_ECB: + case RTE_CRYPTO_CIPHER_AES_ECB: + case RTE_CRYPTO_CIPHER_KASUMI_F8: + CAAM_JR_ERR("Crypto: Unsupported Cipher alg %u\n", + cipher_xform->algo); + goto out; + default: + CAAM_JR_ERR("Crypto: Undefined Cipher specified %u\n", + cipher_xform->algo); + goto out; + } + + if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + memset(&session->encap_pdb, 0, sizeof(struct ipsec_encap_pdb) + + sizeof(session->ip4_hdr)); + session->ip4_hdr.ip_v = IPVERSION; + session->ip4_hdr.ip_hl = 5; + session->ip4_hdr.ip_len = rte_cpu_to_be_16( + sizeof(session->ip4_hdr)); + session->ip4_hdr.ip_tos = ipsec_xform->tunnel.ipv4.dscp; + session->ip4_hdr.ip_id = 0; + session->ip4_hdr.ip_off = 0; + session->ip4_hdr.ip_ttl = ipsec_xform->tunnel.ipv4.ttl; + session->ip4_hdr.ip_p = (ipsec_xform->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? IPPROTO_ESP + : IPPROTO_AH; + session->ip4_hdr.ip_sum = 0; + session->ip4_hdr.ip_src = ipsec_xform->tunnel.ipv4.src_ip; + session->ip4_hdr.ip_dst = ipsec_xform->tunnel.ipv4.dst_ip; + session->ip4_hdr.ip_sum = calc_chksum((uint16_t *) + (void *)&session->ip4_hdr, + sizeof(struct ip)); + + session->encap_pdb.options = + (IPVERSION << PDBNH_ESP_ENCAP_SHIFT) | + PDBOPTS_ESP_OIHI_PDB_INL | + PDBOPTS_ESP_IVSRC | + PDBHMO_ESP_ENCAP_DTTL; + session->encap_pdb.spi = ipsec_xform->spi; + session->encap_pdb.ip_hdr_len = sizeof(struct ip); + + session->dir = DIR_ENC; + } else if (ipsec_xform->direction == + RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { + memset(&session->decap_pdb, 0, sizeof(struct ipsec_decap_pdb)); + session->decap_pdb.options = sizeof(struct ip) << 16; + session->dir = DIR_DEC; + } else + goto out; + session->ctx_pool = internals->ctx_pool; + + return 0; +out: + rte_free(session->auth_key.data); + rte_free(session->cipher_key.data); + memset(session, 0, sizeof(struct caam_jr_session)); + return -1; +} + +static int +caam_jr_security_session_create(void *dev, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + PMD_INIT_FUNC_TRACE(); + if (rte_mempool_get(mempool, &sess_private_data)) { + CAAM_JR_ERR("Couldn't get object from session mempool"); + return -ENOMEM; + } + + switch (conf->protocol) { + case RTE_SECURITY_PROTOCOL_IPSEC: + ret = caam_jr_set_ipsec_session(cdev, conf, + sess_private_data); + break; + case RTE_SECURITY_PROTOCOL_MACSEC: + return -ENOTSUP; + default: + return -EINVAL; + } + if (ret != 0) { + CAAM_JR_ERR("failed to configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +/* Clear the memory of session so it doesn't leave key material behind */ +static int +caam_jr_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + PMD_INIT_FUNC_TRACE(); + void *sess_priv = get_sec_session_private_data(sess); + + struct caam_jr_session *s = (struct caam_jr_session *)sess_priv; + + if (sess_priv) { + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + + rte_free(s->cipher_key.data); + rte_free(s->auth_key.data); + memset(sess, 0, sizeof(struct caam_jr_session)); + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} + + static int caam_jr_dev_configure(struct rte_cryptodev *dev, struct rte_cryptodev_config *config __rte_unused) @@ -1778,6 +2093,14 @@ static struct rte_cryptodev_ops caam_jr_ops = { .sym_session_clear = caam_jr_sym_session_clear }; +static struct rte_security_ops caam_jr_security_ops = { + .session_create = caam_jr_security_session_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = caam_jr_security_session_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = caam_jr_get_security_capabilities +}; /* @brief Flush job rings of any processed descs. * The processed descs are silently dropped, @@ -1997,6 +2320,7 @@ caam_jr_dev_init(const char *name, struct rte_cryptodev_pmd_init_params *init_params) { struct rte_cryptodev *dev; + struct rte_security_ctx *security_instance; struct uio_job_ring *job_ring; char str[RTE_CRYPTODEV_NAME_MAX_LEN]; @@ -2066,6 +2390,20 @@ caam_jr_dev_init(const char *name, return 0; } + /*TODO free it during teardown*/ + security_instance = rte_malloc("caam_jr", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) { + CAAM_JR_ERR("memory allocation failed\n"); + //todo error handling. + goto cleanup2; + } + + security_instance->device = (void *)dev; + security_instance->ops = &caam_jr_security_ops; + security_instance->sess_cnt = 0; + dev->security_ctx = security_instance; + RTE_LOG(INFO, PMD, "%s cryptodev init\n", dev->data->name); return 0; diff --git a/drivers/crypto/caam_jr/caam_jr_pvt.h b/drivers/crypto/caam_jr/caam_jr_pvt.h index 58fd257fc..9f1adabc7 100644 --- a/drivers/crypto/caam_jr/caam_jr_pvt.h +++ b/drivers/crypto/caam_jr/caam_jr_pvt.h @@ -5,6 +5,8 @@ #ifndef CAAM_JR_PVT_H #define CAAM_JR_PVT_H +#include + /* NXP CAAM JR PMD device name */ #define CAAM_JR_ALG_UNSUPPORT (-1) @@ -110,6 +112,7 @@ struct caam_jr_session { enum rte_crypto_cipher_algorithm cipher_alg; /* Cipher Algorithm*/ enum rte_crypto_auth_algorithm auth_alg; /* Authentication Algorithm*/ enum rte_crypto_aead_algorithm aead_alg; /* AEAD Algorithm*/ + enum rte_security_session_protocol proto_alg; /* Security Algorithm*/ union { struct { uint8_t *data; /* pointer to key data */ @@ -132,7 +135,9 @@ struct caam_jr_session { } iv; /* Initialisation vector parameters */ uint16_t auth_only_len; /* Length of data for Auth only */ uint32_t digest_length; + struct ipsec_encap_pdb encap_pdb; struct ip ip4_hdr; + struct ipsec_decap_pdb decap_pdb; struct caam_jr_qp *qp; struct sec_cdb *cdb; /* cmd block associated with qp */ struct rte_mempool *ctx_pool; /* session mempool for caam_jr_op_ctx */ -- 2.17.1