From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 1DD8C1B254 for ; Thu, 21 Dec 2017 12:00:13 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Dec 2017 03:00:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,435,1508828400"; d="scan'208";a="188693390" Received: from silpixa00383879.ir.intel.com (HELO silpixa00383879.ger.corp.intel.com) ([10.237.223.127]) by fmsmga005.fm.intel.com with ESMTP; 21 Dec 2017 03:00:11 -0800 From: Radu Nicolau To: dev@dpdk.org Cc: helin.zhang@intel.com, konstantin.ananyev@intel.com, wenzhuo.lu@intel.com, declan.doherty@intel.com, stephen@networkplumber.org, Radu Nicolau Date: Thu, 21 Dec 2017 10:55:50 +0000 Message-Id: <1513853750-14078-1-git-send-email-radu.nicolau@intel.com> X-Mailer: git-send-email 2.7.5 In-Reply-To: <1513769571-16734-1-git-send-email-radu.nicolau@intel.com> References: <1513769571-16734-1-git-send-email-radu.nicolau@intel.com> Subject: [dpdk-dev] [PATCH v3] net/ixgbe: removed ipsec keys from private data X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2017 11:00:14 -0000 All ipsec related setting are being held in the driver private data to allow easy add and remove of SAs. There is no need to keep a record of the keys, and also storing the keys can be a security issue. Signed-off-by: Radu Nicolau Acked-by: Declan Doherty --- v2: updated commit msg v3: removed key local copy drivers/net/ixgbe/ixgbe_ipsec.c | 52 +++++++++++++++-------------------------- drivers/net/ixgbe/ixgbe_ipsec.h | 4 ---- 2 files changed, 19 insertions(+), 37 deletions(-) diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c index 105da11..91254de 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/ixgbe/ixgbe_ipsec.c @@ -70,6 +70,8 @@ static void ixgbe_crypto_clear_ipsec_tables(struct rte_eth_dev *dev) { struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private); + struct ixgbe_ipsec *priv = IXGBE_DEV_PRIVATE_TO_IPSEC( + dev->data->dev_private); int i = 0; /* clear Rx IP table*/ @@ -106,6 +108,10 @@ ixgbe_crypto_clear_ipsec_tables(struct rte_eth_dev *dev) IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, 0); IXGBE_WAIT_TWRITE; } + + memset(priv->rx_ip_tbl, 0, sizeof(priv->rx_ip_tbl)); + memset(priv->rx_sa_tbl, 0, sizeof(priv->rx_sa_tbl)); + memset(priv->tx_sa_tbl, 0, sizeof(priv->tx_sa_tbl)); } static int @@ -173,16 +179,6 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) priv->rx_sa_tbl[sa_index].spi = rte_cpu_to_be_32(ic_session->spi); priv->rx_sa_tbl[sa_index].ip_index = ip_index; - priv->rx_sa_tbl[sa_index].key[3] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]); - priv->rx_sa_tbl[sa_index].key[2] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]); - priv->rx_sa_tbl[sa_index].key[1] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]); - priv->rx_sa_tbl[sa_index].key[0] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]); - priv->rx_sa_tbl[sa_index].salt = - rte_cpu_to_be_32(ic_session->salt); priv->rx_sa_tbl[sa_index].mode = IPSRXMOD_VALID; if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) priv->rx_sa_tbl[sa_index].mode |= @@ -225,15 +221,15 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | IPSRXIDX_TABLE_KEY | (sa_index << 3); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0), - priv->rx_sa_tbl[sa_index].key[0]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1), - priv->rx_sa_tbl[sa_index].key[1]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2), - priv->rx_sa_tbl[sa_index].key[2]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3), - priv->rx_sa_tbl[sa_index].key[3]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0])); IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT, - priv->rx_sa_tbl[sa_index].salt); + rte_cpu_to_be_32(ic_session->salt)); IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD, priv->rx_sa_tbl[sa_index].mode); IXGBE_WAIT_RWRITE; @@ -257,32 +253,22 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) priv->tx_sa_tbl[sa_index].spi = rte_cpu_to_be_32(ic_session->spi); - priv->tx_sa_tbl[sa_index].key[3] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]); - priv->tx_sa_tbl[sa_index].key[2] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]); - priv->tx_sa_tbl[sa_index].key[1] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]); - priv->tx_sa_tbl[sa_index].key[0] = - rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]); - priv->tx_sa_tbl[sa_index].salt = - rte_cpu_to_be_32(ic_session->salt); + priv->tx_sa_tbl[i].used = 1; + ic_session->sa_index = sa_index; + /* write Key table entry*/ reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << 3); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0), - priv->tx_sa_tbl[sa_index].key[0]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1), - priv->tx_sa_tbl[sa_index].key[1]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2), - priv->tx_sa_tbl[sa_index].key[2]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3), - priv->tx_sa_tbl[sa_index].key[3]); + rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0])); IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, - priv->tx_sa_tbl[sa_index].salt); + rte_cpu_to_be_32(ic_session->salt)); IXGBE_WAIT_TWRITE; - - priv->tx_sa_tbl[i].used = 1; - ic_session->sa_index = sa_index; } return 0; diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h index fb8fefc..3932fa2 100644 --- a/drivers/net/ixgbe/ixgbe_ipsec.h +++ b/drivers/net/ixgbe/ixgbe_ipsec.h @@ -107,16 +107,12 @@ struct ixgbe_crypto_rx_ip_table { struct ixgbe_crypto_rx_sa_table { uint32_t spi; uint32_t ip_index; - uint32_t key[4]; - uint32_t salt; uint8_t mode; uint8_t used; }; struct ixgbe_crypto_tx_sa_table { uint32_t spi; - uint32_t key[4]; - uint32_t salt; uint8_t used; }; -- 2.7.5