From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D9B9DA0524; Wed, 2 Jun 2021 19:12:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C9DF44069F; Wed, 2 Jun 2021 19:12:26 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id DF98D40689 for ; Wed, 2 Jun 2021 19:12:25 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 152H6A8e025799; Wed, 2 Jun 2021 10:12:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=HBYR4K/p/FSTA3UDlfSzhiB/RDLCp+sCdtqCPkFLG/4=; b=QDMluOJ0vovxbd3spRFBOslv2nWPlI8M64X2WO720TA/RasXnG+0fv/XenB4g1HHdx1O 8B/SIapy2wtE/+VPVl+IkBqv075L4/Qbt4PxC4AIzJpUZ5fWJ7G+2HJzbWwgsSz5sY+1 tlyUf7/vZBmRjcvHE1afZyERXMTwUOrJfXzcaU383RmLgNHzS9UeOHJ39sa46X4BWyF0 bqotiJ7q7L1rLe+L7YcyXEM3zIUdPG79PAWMOvPdmIZrmrrU4zIwL0KZWU6VhnV4Jszx 7yGfVLdM/LGTeMHj9yojK6YAFYuijSLwzZ+ljXy5AXkF8z5+Xkzge5REakhEhD0vM0lR Wg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 38wufguunj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 02 Jun 2021 10:12:25 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 2 Jun 2021 10:12:22 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 2 Jun 2021 10:12:22 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.1]) by maili.marvell.com (Postfix) with ESMTP id CDB8D3F703F; Wed, 2 Jun 2021 10:12:18 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Tejasree Kondoj , Jerin Jacob , Ankur Dwivedi , , Anoob Joseph , Srujana Challa Date: Wed, 2 Jun 2021 22:41:02 +0530 Message-ID: <1622653862-22830-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1622653862-22830-1-git-send-email-anoobj@marvell.com> References: <1622653862-22830-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: 0PLeD7VRdh09xxVSDeJUnV_rXoiQeVtt X-Proofpoint-GUID: 0PLeD7VRdh09xxVSDeJUnV_rXoiQeVtt X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-06-02_09:2021-06-02, 2021-06-02 signatures=0 Subject: [dpdk-dev] [PATCH 4/4] crypto/cnxk: add security handling in datapath ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Add security handling in enqueue dequeue ops. Signed-off-by: Anoob Joseph Signed-off-by: Srujana Challa Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 78 ++++++++++++++++++++++++++++++- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 74 +++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 22704df..68093ea 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -4,9 +4,12 @@ #include #include +#include #include "cn10k_cryptodev.h" #include "cn10k_cryptodev_ops.h" +#include "cn10k_ipsec_la_ops.h" +#include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" #include "cnxk_se.h" @@ -42,6 +45,38 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) } static __rte_always_inline int __rte_hot +cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess, + struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + union roc_ot_ipsec_sa_word2 *w2; + struct cn10k_ipsec_sa *sa; + int ret; + + if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { + CPT_LOG_DP_ERR("Out of place is not supported"); + return -ENOTSUP; + } + + if (unlikely(!rte_pktmbuf_is_contiguous(sym_op->m_src))) { + CPT_LOG_DP_ERR("Scatter Gather mode is not supported"); + return -ENOTSUP; + } + + sa = &sess->sa; + w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; + + if (w2->s.dir == ROC_IE_OT_SA_DIR_OUTBOUND) + ret = process_outb_sa(op, sa, inst); + else { + infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND; + ret = process_inb_sa(op, sa, inst); + } + + return ret; +} + +static __rte_always_inline int __rte_hot cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cnxk_se_sess *sess, struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) @@ -64,6 +99,7 @@ static inline int cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], struct cpt_inst_s inst[], struct cpt_inflight_req *infl_req) { + struct cn10k_sec_session *sec_sess; struct rte_crypto_sym_op *sym_op; struct cnxk_se_sess *sess; struct rte_crypto_op *op; @@ -79,7 +115,15 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], sym_op = op->sym; if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + sec_sess = get_sec_session_private_data( + sym_op->sec_session); + ret = cpt_sec_inst_fill(op, sec_sess, infl_req, + &inst[0]); + if (unlikely(ret)) + return 0; + w7 = sec_sess->sa.inst.w7; + } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { sess = get_sym_session_private_data( sym_op->session, cn10k_cryptodev_driver_id); ret = cpt_sym_inst_fill(qp, op, sess, infl_req, @@ -196,6 +240,34 @@ cn10k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) } static inline void +cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, + struct cpt_inflight_req *infl_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip; + uint16_t m_len; + + if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) { + ip = (struct rte_ipv4_hdr *)rte_pktmbuf_mtod(m, char *); + + if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == + IPVERSION) { + m_len = rte_be_to_cpu_16(ip->total_length); + } else { + PLT_ASSERT(((ip->version_ihl & 0xf0) >> + RTE_IPV4_IHL_MULTIPLIER) == IPV6_VERSION); + ip6 = (struct rte_ipv6_hdr *)ip; + m_len = rte_be_to_cpu_16(ip6->payload_len) + + sizeof(struct rte_ipv6_hdr); + } + m->data_len = m_len; + m->pkt_len = m_len; + } +} + +static inline void cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, struct cpt_inflight_req *infl_req) @@ -219,6 +291,10 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + cn10k_cpt_sec_post_process(cop, infl_req); + return; + } /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h new file mode 100644 index 0000000..dc547d1 --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -0,0 +1,74 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN10K_IPSEC_LA_OPS_H__ +#define __CN10K_IPSEC_LA_OPS_H__ + +#include +#include + +#include "cn10k_cryptodev.h" +#include "cn10k_ipsec.h" +#include "cnxk_cryptodev.h" + +static __rte_always_inline int32_t +ipsec_po_out_rlen_get(struct cn10k_ipsec_sa *sess, uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = + RTE_ALIGN_CEIL(plen + sess->roundup_len, sess->roundup_byte); + + return sess->partial_len + enc_payload_len; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen, rlen, extend_tail; + char *mdata; + + dlen = rte_pktmbuf_pkt_len(m_src); + rlen = ipsec_po_out_rlen_get(sess, dlen); + + extend_tail = rlen - dlen; + + mdata = rte_pktmbuf_append(m_src, extend_tail); + if (unlikely(mdata == NULL)) { + CPT_LOG_DP_ERR("Not enough tail room"); + return -ENOMEM; + } + + /* Prepare CPT instruction */ + inst->w4.u64 = sess->inst.w4; + inst->w4.s.dlen = dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + + return 0; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen; + + dlen = rte_pktmbuf_pkt_len(m_src); + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4; + inst->w4.s.dlen = dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + + return 0; +} + +#endif /* __CN10K_IPSEC_LA_OPS_H__ */ -- 2.7.4