From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
roy.fan.zhang@intel.com, konstantin.ananyev@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
brendan.ryan@intel.com, hemant.agrawal@nxp.com,
anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com,
rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com,
jianjay.zhou@huawei.com, ravi1.kumar@amd.com,
bruce.richardson@intel.com, olivier.matz@6wind.com,
honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
alexr@mellanox.com, jerinj@marvell.com,
David Coyle <david.coyle@intel.com>,
Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Subject: [dpdk-dev] [PATCH v4 3/7] crypto/aesni_mb: add support for DOCSIS protocol
Date: Fri, 3 Jul 2020 13:39:29 +0100 [thread overview]
Message-ID: <20200703123933.52351-4-david.coyle@intel.com> (raw)
In-Reply-To: <20200703123933.52351-1-david.coyle@intel.com>
Add support to the AESNI-MB PMD for the DOCSIS protocol, through the
rte_security API. This, therefore, includes adding support for the
rte_security API to this PMD.
Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 8 +
doc/guides/cryptodevs/features/aesni_mb.ini | 1 +
doc/guides/rel_notes/release_20_08.rst | 5 +
.../crypto/aesni_mb/aesni_mb_pmd_private.h | 19 +-
drivers/crypto/aesni_mb/meson.build | 2 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 301 +++++++++++++++++-
.../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 125 ++++++++
7 files changed, 454 insertions(+), 7 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
index cc64f1243..15388d20a 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -55,10 +55,18 @@ AEAD algorithms:
* RTE_CRYPTO_AEAD_AES_CCM
* RTE_CRYPTO_AEAD_AES_GCM
+Protocol offloads:
+
+* RTE_SECURITY_PROTOCOL_DOCSIS
+
Limitations
-----------
* Chained mbufs are not supported.
+* Out-of-place is not supported for combined Crypto-CRC DOCSIS security
+ protocol.
+* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
+ DOCSIS security protocol.
Installation
diff --git a/doc/guides/cryptodevs/features/aesni_mb.ini b/doc/guides/cryptodevs/features/aesni_mb.ini
index 49cb82a39..38d255aff 100644
--- a/doc/guides/cryptodevs/features/aesni_mb.ini
+++ b/doc/guides/cryptodevs/features/aesni_mb.ini
@@ -6,6 +6,7 @@
[Features]
Symmetric crypto = Y
Sym operation chaining = Y
+Protocol offload = Y
CPU SSE = Y
CPU AVX = Y
CPU AVX2 = Y
diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst
index 13f8f621e..19fc043f2 100644
--- a/doc/guides/rel_notes/release_20_08.rst
+++ b/doc/guides/rel_notes/release_20_08.rst
@@ -96,6 +96,11 @@ New Features
* Added support for DCF datapath configuration.
+* **Updated the AESNI MB crypto PMD.**
+
+ Added support for lookaside protocol offload for DOCSIS through the
+ ``rte_security`` API.
+
* **Added support for BPF_ABS/BPF_IND load instructions.**
Added support for two BPF non-generic instructions:
diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index 347b4b7e0..e0c7b4f7c 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -7,6 +7,12 @@
#include <intel-ipsec-mb.h>
+#if defined(RTE_LIBRTE_SECURITY) && (IMB_VERSION_NUM) >= IMB_VERSION(0, 54, 0)
+#define AESNI_MB_DOCSIS_SEC_ENABLED 1
+#include <rte_security.h>
+#include <rte_security_driver.h>
+#endif
+
enum aesni_mb_vector_mode {
RTE_AESNI_MB_NOT_SUPPORTED = 0,
RTE_AESNI_MB_SSE,
@@ -272,8 +278,19 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
struct aesni_mb_session *sess,
const struct rte_crypto_sym_xform *xform);
-/** device specific operations function pointer structure */
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+extern int
+aesni_mb_set_docsis_sec_session_parameters(
+ __rte_unused struct rte_cryptodev *dev,
+ struct rte_security_session_conf *conf,
+ void *sess);
+#endif
+
+/** device specific operations function pointer structures */
extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops;
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+extern struct rte_security_ops *rte_aesni_mb_pmd_sec_ops;
+#endif
extern uint32_t
aesni_mb_cpu_crypto_process_bulk(struct rte_cryptodev *dev,
diff --git a/drivers/crypto/aesni_mb/meson.build b/drivers/crypto/aesni_mb/meson.build
index e557e0103..419b4743f 100644
--- a/drivers/crypto/aesni_mb/meson.build
+++ b/drivers/crypto/aesni_mb/meson.build
@@ -22,4 +22,4 @@ else
endif
sources = files('rte_aesni_mb_pmd.c', 'rte_aesni_mb_pmd_ops.c')
-deps += ['bus_vdev']
+deps += ['bus_vdev', 'net', 'security']
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 2d688f4d3..59e76fb8e 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -12,6 +12,7 @@
#include <rte_malloc.h>
#include <rte_cpuflags.h>
#include <rte_per_lcore.h>
+#include <rte_ether.h>
#include "aesni_mb_pmd_private.h"
@@ -720,6 +721,134 @@ aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,
return 0;
}
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+/** Check DOCSIS security session configuration is valid */
+static int
+check_docsis_sec_session(struct rte_security_session_conf *conf)
+{
+ struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform;
+ struct rte_security_docsis_xform *docsis = &conf->docsis;
+
+ /* Downlink: CRC generate -> Cipher encrypt */
+ if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) {
+
+ if (crypto_sym != NULL &&
+ crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+ crypto_sym->cipher.algo ==
+ RTE_CRYPTO_CIPHER_AES_DOCSISBPI &&
+ (crypto_sym->cipher.key.length == IMB_KEY_AES_128_BYTES ||
+ crypto_sym->cipher.key.length == IMB_KEY_AES_256_BYTES) &&
+ crypto_sym->cipher.iv.length == AES_BLOCK_SIZE &&
+ crypto_sym->next == NULL) {
+ return 0;
+ }
+ /* Uplink: Cipher decrypt -> CRC verify */
+ } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) {
+
+ if (crypto_sym != NULL &&
+ crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+ crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
+ crypto_sym->cipher.algo ==
+ RTE_CRYPTO_CIPHER_AES_DOCSISBPI &&
+ (crypto_sym->cipher.key.length == IMB_KEY_AES_128_BYTES ||
+ crypto_sym->cipher.key.length == IMB_KEY_AES_256_BYTES) &&
+ crypto_sym->cipher.iv.length == AES_BLOCK_SIZE &&
+ crypto_sym->next == NULL) {
+ return 0;
+ }
+ }
+
+ return -EINVAL;
+}
+
+/** Set DOCSIS security session auth (CRC) parameters */
+static int
+aesni_mb_set_docsis_sec_session_auth_parameters(struct aesni_mb_session *sess,
+ struct rte_security_docsis_xform *xform)
+{
+ if (xform == NULL) {
+ AESNI_MB_LOG(ERR, "Invalid DOCSIS xform");
+ return -EINVAL;
+ }
+
+ /* Select CRC generate/verify */
+ if (xform->direction == RTE_SECURITY_DOCSIS_UPLINK) {
+ sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY;
+ } else if (xform->direction == RTE_SECURITY_DOCSIS_DOWNLINK) {
+ sess->auth.algo = IMB_AUTH_DOCSIS_CRC32;
+ sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE;
+ } else {
+ AESNI_MB_LOG(ERR, "Unsupported DOCSIS direction");
+ return -ENOTSUP;
+ }
+
+ sess->auth.req_digest_len = RTE_ETHER_CRC_LEN;
+ sess->auth.gen_digest_len = RTE_ETHER_CRC_LEN;
+
+ return 0;
+}
+
+/**
+ * Parse DOCSIS security session configuration and set private session
+ * parameters
+ */
+int
+aesni_mb_set_docsis_sec_session_parameters(
+ __rte_unused struct rte_cryptodev *dev,
+ struct rte_security_session_conf *conf,
+ void *sess)
+{
+ struct rte_security_docsis_xform *docsis_xform;
+ struct rte_crypto_sym_xform *cipher_xform;
+ struct aesni_mb_session *aesni_sess = sess;
+ struct aesni_mb_private *internals = dev->data->dev_private;
+ int ret;
+
+ ret = check_docsis_sec_session(conf);
+ if (ret) {
+ AESNI_MB_LOG(ERR, "Unsupported DOCSIS security configuration");
+ return ret;
+ }
+
+ switch (conf->docsis.direction) {
+ case RTE_SECURITY_DOCSIS_UPLINK:
+ aesni_sess->chain_order = IMB_ORDER_CIPHER_HASH;
+ docsis_xform = &conf->docsis;
+ cipher_xform = conf->crypto_xform;
+ break;
+ case RTE_SECURITY_DOCSIS_DOWNLINK:
+ aesni_sess->chain_order = IMB_ORDER_HASH_CIPHER;
+ cipher_xform = conf->crypto_xform;
+ docsis_xform = &conf->docsis;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ /* Default IV length = 0 */
+ aesni_sess->iv.length = 0;
+
+ ret = aesni_mb_set_docsis_sec_session_auth_parameters(aesni_sess,
+ docsis_xform);
+ if (ret != 0) {
+ AESNI_MB_LOG(ERR, "Invalid/unsupported DOCSIS parameters");
+ return -EINVAL;
+ }
+
+ ret = aesni_mb_set_session_cipher_parameters(internals->mb_mgr,
+ aesni_sess, cipher_xform);
+
+ if (ret != 0) {
+ AESNI_MB_LOG(ERR, "Invalid/unsupported cipher parameters");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+#endif
+
/**
* burst enqueue, place crypto operations on ingress queue for processing.
*
@@ -758,6 +887,13 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
get_sym_session_private_data(
op->sym->session,
cryptodev_driver_id);
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ } else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+ if (likely(op->sym->sec_session != NULL))
+ sess = (struct aesni_mb_session *)
+ get_sec_session_private_data(
+ op->sym->sec_session);
+#endif
} else {
void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
void *_sess_private_data = NULL;
@@ -1158,6 +1294,106 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
return 0;
}
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+/**
+ * Process a crypto operation containing a security op and complete a
+ * JOB_AES_HMAC job structure for submission to the multi buffer library for
+ * processing.
+ */
+static inline int
+set_sec_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
+ struct rte_crypto_op *op, uint8_t *digest_idx)
+{
+ struct rte_mbuf *m_src, *m_dst;
+ struct rte_crypto_sym_op *sym;
+ struct aesni_mb_session *session;
+
+ session = get_session(qp, op);
+ if (unlikely(session == NULL)) {
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+ return -1;
+ }
+
+ /* Only DOCSIS protocol operations supported now */
+ if (session->cipher.mode != IMB_CIPHER_DOCSIS_SEC_BPI ||
+ session->auth.algo != IMB_AUTH_DOCSIS_CRC32) {
+ op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return -1;
+ }
+
+ sym = op->sym;
+ m_src = sym->m_src;
+
+ if (likely(sym->m_dst == NULL || sym->m_dst == m_src)) {
+ /* in-place operation */
+ m_dst = m_src;
+ } else {
+ /* out-of-place operation not supported */
+ op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return -ENOTSUP;
+ }
+
+ /* Set crypto operation */
+ job->chain_order = session->chain_order;
+
+ /* Set cipher parameters */
+ job->cipher_direction = session->cipher.direction;
+ job->cipher_mode = session->cipher.mode;
+
+ job->aes_key_len_in_bytes = session->cipher.key_length_in_bytes;
+ job->aes_enc_key_expanded = session->cipher.expanded_aes_keys.encode;
+ job->aes_dec_key_expanded = session->cipher.expanded_aes_keys.decode;
+
+ /* Set IV parameters */
+ job->iv_len_in_bytes = session->iv.length;
+ job->iv = (uint8_t *)op + session->iv.offset;
+
+ /* Set authentication parameters */
+ job->hash_alg = session->auth.algo;
+
+ /* Set digest output location */
+ job->auth_tag_output = qp->temp_digests[*digest_idx];
+ *digest_idx = (*digest_idx + 1) % MAX_JOBS;
+
+ /* Set digest length */
+ job->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;
+
+ /* Set data parameters */
+ job->src = rte_pktmbuf_mtod(m_src, uint8_t *);
+ job->dst = rte_pktmbuf_mtod_offset(m_dst, uint8_t *,
+ sym->cipher.data.offset);
+
+ job->cipher_start_src_offset_in_bytes = sym->cipher.data.offset;
+ job->msg_len_to_cipher_in_bytes = sym->cipher.data.length;
+
+ job->hash_start_src_offset_in_bytes = sym->auth.data.offset;
+ job->msg_len_to_hash_in_bytes = sym->auth.data.length;
+
+ job->user_data = op;
+
+ return 0;
+}
+
+static inline void
+verify_docsis_sec_crc(JOB_AES_HMAC *job, uint8_t *status)
+{
+ uint16_t crc_offset;
+ uint8_t *crc;
+
+ if (!job->msg_len_to_hash_in_bytes)
+ return;
+
+ crc_offset = job->hash_start_src_offset_in_bytes +
+ job->msg_len_to_hash_in_bytes -
+ job->cipher_start_src_offset_in_bytes;
+ crc = job->dst + crc_offset;
+
+ /* Verify CRC (at the end of the message) */
+ if (memcmp(job->auth_tag_output, crc, RTE_ETHER_CRC_LEN) != 0)
+ *status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+}
+#endif
+
static inline void
verify_digest(JOB_AES_HMAC *job, void *digest, uint16_t len, uint8_t *status)
{
@@ -1196,9 +1432,25 @@ static inline struct rte_crypto_op *
post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
{
struct rte_crypto_op *op = (struct rte_crypto_op *)job->user_data;
- struct aesni_mb_session *sess = get_sym_session_private_data(
- op->sym->session,
- cryptodev_driver_id);
+ struct aesni_mb_session *sess = NULL;
+
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ uint8_t is_docsis_sec = 0;
+
+ if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+ /*
+ * Assuming at this point that if it's a security type op, that
+ * this is for DOCSIS
+ */
+ is_docsis_sec = 1;
+ sess = get_sec_session_private_data(op->sym->sec_session);
+ } else
+#endif
+ {
+ sess = get_sym_session_private_data(op->sym->session,
+ cryptodev_driver_id);
+ }
+
if (unlikely(sess == NULL)) {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
return op;
@@ -1220,6 +1472,11 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)
op->sym->aead.digest.data,
sess->auth.req_digest_len,
&op->status);
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ else if (is_docsis_sec)
+ verify_docsis_sec_crc(job,
+ &op->status);
+#endif
else
verify_digest(job,
op->sym->auth.digest.data,
@@ -1382,7 +1639,14 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,
if (retval < 0)
break;
- retval = set_mb_job_params(job, qp, op, &digest_idx);
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
+ retval = set_sec_mb_job_params(job, qp, op,
+ &digest_idx);
+ else
+#endif
+ retval = set_mb_job_params(job, qp, op, &digest_idx);
+
if (unlikely(retval != 0)) {
qp->stats.dequeue_err_count++;
set_job_null_op(job, op);
@@ -1619,6 +1883,9 @@ cryptodev_aesni_mb_create(const char *name,
struct aesni_mb_private *internals;
enum aesni_mb_vector_mode vector_mode;
MB_MGR *mb_mgr;
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ struct rte_security_ctx *security_instance;
+#endif
dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
if (dev == NULL) {
@@ -1647,7 +1914,27 @@ cryptodev_aesni_mb_create(const char *name,
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO |
- RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
+ RTE_CRYPTODEV_FF_SYM_SESSIONLESS
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ | RTE_CRYPTODEV_FF_SECURITY
+#endif
+ ;
+
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+ security_instance = rte_malloc("aesni_mb_sec",
+ sizeof(struct rte_security_ctx),
+ RTE_CACHE_LINE_SIZE);
+ if (security_instance == NULL) {
+ AESNI_MB_LOG(ERR, "rte_security_ctx memory alloc failed");
+ rte_cryptodev_pmd_destroy(dev);
+ return -ENOMEM;
+ }
+
+ security_instance->device = (void *)dev;
+ security_instance->ops = rte_aesni_mb_pmd_sec_ops;
+ security_instance->sess_cnt = 0;
+ dev->security_ctx = security_instance;
+#endif
/* Check CPU for support for AES instruction set */
if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES))
@@ -1726,6 +2013,10 @@ cryptodev_aesni_mb_remove(struct rte_vdev_device *vdev)
RTE_PER_LCORE(sync_mb_mgr) = NULL;
}
+#ifdef RTE_LIBRTE_SECURITYY
+ rte_free(cryptodev->security_ctx);
+#endif
+
return rte_cryptodev_pmd_destroy(cryptodev);
}
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 8c5e0cd92..ed93daec7 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -7,6 +7,7 @@
#include <rte_string_fns.h>
#include <rte_common.h>
#include <rte_malloc.h>
+#include <rte_ether.h>
#include <rte_cryptodev_pmd.h>
#include "aesni_mb_pmd_private.h"
@@ -499,6 +500,55 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+static const struct rte_cryptodev_capabilities
+ aesni_mb_pmd_security_crypto_cap[] = {
+ { /* AES DOCSIS BPI */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 16
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+static const struct rte_security_capability aesni_mb_pmd_security_cap[] = {
+ { /* DOCSIS Uplink */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
+ .docsis = {
+ .direction = RTE_SECURITY_DOCSIS_UPLINK
+ },
+ .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
+ },
+ { /* DOCSIS Downlink */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
+ .docsis = {
+ .direction = RTE_SECURITY_DOCSIS_DOWNLINK
+ },
+ .crypto_capabilities = aesni_mb_pmd_security_crypto_cap
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+};
+#endif
/** Configure device */
static int
@@ -810,3 +860,78 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {
};
struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;
+
+#ifdef AESNI_MB_DOCSIS_SEC_ENABLED
+/**
+ * Configure a aesni multi-buffer session from a security session
+ * configuration
+ */
+static int
+aesni_mb_pmd_sec_sess_create(void *dev, struct rte_security_session_conf *conf,
+ struct rte_security_session *sess,
+ struct rte_mempool *mempool)
+{
+ void *sess_private_data;
+ struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
+ int ret;
+
+ if (rte_mempool_get(mempool, &sess_private_data)) {
+ AESNI_MB_LOG(ERR, "Couldn't get object from session mempool");
+ return -ENOMEM;
+ }
+
+ if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) {
+ AESNI_MB_LOG(ERR, "Invalid security protocol");
+ return -EINVAL;
+ }
+
+ ret = aesni_mb_set_docsis_sec_session_parameters(cdev, conf,
+ sess_private_data);
+
+ if (ret != 0) {
+ AESNI_MB_LOG(ERR, "Failed to configure session parameters");
+
+ /* Return session to mempool */
+ rte_mempool_put(mempool, sess_private_data);
+ return ret;
+ }
+
+ set_sec_session_private_data(sess, sess_private_data);
+
+ return ret;
+}
+
+/** Clear the memory of session so it doesn't leave key material behind */
+static int
+aesni_mb_pmd_sec_sess_destroy(void *dev __rte_unused,
+ struct rte_security_session *sess)
+{
+ void *sess_priv = get_sec_session_private_data(sess);
+
+ if (sess_priv) {
+ struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ memset(sess, 0, sizeof(struct aesni_mb_session));
+ set_sec_session_private_data(sess, NULL);
+ rte_mempool_put(sess_mp, sess_priv);
+ }
+ return 0;
+}
+
+/** Get security capabilities for aesni multi-buffer */
+static const struct rte_security_capability *
+aesni_mb_pmd_sec_capa_get(void *device __rte_unused)
+{
+ return aesni_mb_pmd_security_cap;
+}
+
+static struct rte_security_ops aesni_mb_pmd_sec_ops = {
+ .session_create = aesni_mb_pmd_sec_sess_create,
+ .session_update = NULL,
+ .session_stats_get = NULL,
+ .session_destroy = aesni_mb_pmd_sec_sess_destroy,
+ .set_pkt_metadata = NULL,
+ .capabilities_get = aesni_mb_pmd_sec_capa_get
+};
+
+struct rte_security_ops *rte_aesni_mb_pmd_sec_ops = &aesni_mb_pmd_sec_ops;
+#endif
--
2.17.1
next prev parent reply other threads:[~2020-07-03 13:03 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-10 14:27 [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-function processing David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 1/4] raw/common: add multi-function interface David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 2/4] raw/aesni_mb_mfn: add aesni_mb_mfn raw device PMD David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 3/4] test/rawdev: add aesni_mb_mfn raw device tests David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 4/4] doc: update docs for aesni_mb_mfn raw device PMD David Coyle
2020-04-10 22:55 ` [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-function processing Thomas Monjalon
2020-04-14 10:21 ` Ferruh Yigit
2020-04-14 10:32 ` Thomas Monjalon
2020-04-14 13:04 ` Trahe, Fiona
2020-04-14 13:24 ` Thomas Monjalon
2020-04-14 14:02 ` Trahe, Fiona
2020-04-14 14:44 ` Thomas Monjalon
2020-04-15 22:19 ` Doherty, Declan
2020-04-15 22:33 ` Thomas Monjalon
2020-04-21 16:46 ` Doherty, Declan
2020-04-21 17:23 ` Coyle, David
2020-04-22 10:51 ` Akhil Goyal
2020-04-22 13:17 ` Coyle, David
2020-04-22 13:44 ` Akhil Goyal
2020-04-22 14:21 ` Coyle, David
2020-05-01 13:18 ` Zhang, Roy Fan
2020-05-12 17:32 ` Coyle, David
2020-04-22 14:01 ` Kevin Traynor
2020-04-22 14:41 ` Coyle, David
2020-04-21 17:25 ` Thomas Monjalon
2020-04-21 18:37 ` Coyle, David
2020-04-21 21:51 ` Thomas Monjalon
2020-06-04 15:13 ` [dpdk-dev] [PATCH 0/3] add support for DOCSIS protocol to security library David Coyle
2020-06-04 15:13 ` [dpdk-dev] [PATCH 1/3] security: add support for DOCSIS protocol David Coyle
2020-06-04 15:13 ` [dpdk-dev] [PATCH 2/3] cryptodev: add security operation to crypto operation David Coyle
2020-06-09 13:23 ` Ananyev, Konstantin
2020-06-09 13:50 ` Coyle, David
2020-06-10 10:40 ` Ananyev, Konstantin
2020-06-10 12:02 ` Coyle, David
2020-06-11 12:21 ` Ananyev, Konstantin
2020-06-11 14:01 ` Coyle, David
2020-06-23 18:38 ` Akhil Goyal
2020-06-24 14:11 ` Coyle, David
2020-06-04 15:13 ` [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 0/6] " David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 1/6] cryptodev: add security operation to crypto operation David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol David Coyle
2020-06-23 17:29 ` De Lara Guarch, Pablo
2020-06-26 15:15 ` Coyle, David
2020-06-23 18:06 ` Akhil Goyal
2020-06-24 14:25 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 3/6] crypto/aesni_mb: " David Coyle
2020-06-23 17:57 ` De Lara Guarch, Pablo
2020-06-26 15:13 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 4/6] crypto/qat: " David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 5/6] test/crypto: add DOCSIS security test cases David Coyle
2020-06-23 18:04 ` De Lara Guarch, Pablo
2020-06-26 15:14 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 6/6] test/security: add DOCSIS capability check tests David Coyle
2020-06-23 14:51 ` [dpdk-dev] [PATCH v2 0/6] add support for DOCSIS protocol David Marchand
2020-06-23 15:18 ` Coyle, David
2020-06-23 15:38 ` David Marchand
2020-06-23 15:56 ` Coyle, David
2020-06-23 16:22 ` David Marchand
2020-06-23 16:27 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 0/8] " David Coyle
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 1/8] security: " David Coyle
2020-07-01 21:41 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add a note regarding DOCSIS protocol support David Coyle
2020-07-01 21:42 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 3/8] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-07-01 17:04 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 4/8] crypto/qat: " David Coyle
2020-07-01 17:04 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add DOCSIS security test cases David Coyle
2020-07-01 21:43 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 6/8] test/security: add DOCSIS capability check tests David Coyle
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 7/8] app/crypto-perf: add support for DOCSIS protocol David Coyle
2020-07-01 21:44 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 8/8] doc: add doc updates for DOCSIS security protocol David Coyle
2020-06-30 18:33 ` Akhil Goyal
2020-07-01 17:03 ` Coyle, David
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 0/7] add support for DOCSIS protocol David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 1/7] security: " David Coyle
2020-07-03 17:50 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 2/7] cryptodev: add a note regarding DOCSIS protocol support David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` David Coyle [this message]
2020-07-03 17:56 ` [dpdk-dev] [PATCH v4 3/7] crypto/aesni_mb: add support for DOCSIS protocol De Lara Guarch, Pablo
2020-07-04 19:55 ` Akhil Goyal
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 4/7] crypto/qat: " David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 5/7] test/crypto: add DOCSIS security test cases David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 6/7] test/security: add DOCSIS capability check tests David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 7/7] app/crypto-perf: add support for DOCSIS protocol David Coyle
2020-07-03 17:57 ` De Lara Guarch, Pablo
2020-07-04 19:54 ` [dpdk-dev] [PATCH v4 0/7] " Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200703123933.52351-4-david.coyle@intel.com \
--to=david.coyle@intel.com \
--cc=G.Singh@nxp.com \
--cc=akhil.goyal@nxp.com \
--cc=alexr@mellanox.com \
--cc=anoobj@marvell.com \
--cc=brendan.ryan@intel.com \
--cc=bruce.richardson@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=fiona.trahe@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=honnappa.nagarahalli@arm.com \
--cc=jerinj@marvell.com \
--cc=jianjay.zhou@huawei.com \
--cc=jsrikanth@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=lironh@marvell.com \
--cc=mairtin.oloingsigh@intel.com \
--cc=olivier.matz@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=ravi1.kumar@amd.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=stephen@networkplumber.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).