From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 61EEBA0A0C; Tue, 29 Jun 2021 09:35:15 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 665694117C; Tue, 29 Jun 2021 09:35:12 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1880F40E3C for ; Tue, 29 Jun 2021 09:35:09 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15T7QR8w006831; Tue, 29 Jun 2021 00:35:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=10aXaPj0hUALXpEO5C+c/T939Gtg+4E45fK5PZmNPXA=; b=aGZ0VfPC2ZRVkB7oIAqL6+F9WYJC//nJRephFx+BVlOE5/xAv/cD9iKxqFMpOvt0bXa8 V2Z2JUImNGw1/xS7Owfq4rBdEjEjVdFquiEGwyjfSJ05Yh33SBoF4rHWCycXBGPOaqvn VQ5uns47OS1KMOEaTF/jB6z4DLh5xIw7C8LhXBxgy2tc5uTIir2ynRcSAeg7JhSI8Qxp cGxdRawuyqxvzQsndd0EenWMoE2I5XgF+a0IHWfcZ/crRZy5KiWx3FwirhaCgYcsFsrx a/ZXeWddDKj0ARC0y+mij7V44Ehf/3E6LJuIBVbrn2YWHxNk+tU9IoTW7/KnDXNv9fOt Tg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 39fuw50s60-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 29 Jun 2021 00:35:09 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 29 Jun 2021 00:35:07 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 29 Jun 2021 00:35:07 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 85F425B6923; Tue, 29 Jun 2021 00:35:03 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Thomas Monjalon CC: Tejasree Kondoj , Jerin Jacob , Ankur Dwivedi , , Anoob Joseph , Srujana Challa Date: Tue, 29 Jun 2021 13:04:31 +0530 Message-ID: <1624952076-30928-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1624952076-30928-1-git-send-email-anoobj@marvell.com> References: <1624601708-29991-1-git-send-email-anoobj@marvell.com> <1624952076-30928-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: 52mfo77dW9lBdexyzvWmXv3Fx9nTBQdj X-Proofpoint-GUID: 52mfo77dW9lBdexyzvWmXv3Fx9nTBQdj X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-06-29_02:2021-06-25, 2021-06-29 signatures=0 Subject: [dpdk-dev] [PATCH v3 3/8] crypto/cnxk: add security handling in datapath ops X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Add security handling in enqueue dequeue ops. Signed-off-by: Anoob Joseph Signed-off-by: Srujana Challa Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 78 ++++++++++++++++++++++++++++++- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 74 +++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 drivers/crypto/cnxk/cn10k_ipsec_la_ops.h diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 1a30908..8005a25 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -4,9 +4,12 @@ #include #include +#include #include "cn10k_cryptodev.h" #include "cn10k_cryptodev_ops.h" +#include "cn10k_ipsec_la_ops.h" +#include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" #include "cnxk_cryptodev_ops.h" #include "cnxk_se.h" @@ -42,6 +45,38 @@ cn10k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op) } static __rte_always_inline int __rte_hot +cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn10k_sec_session *sess, + struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + union roc_ot_ipsec_sa_word2 *w2; + struct cn10k_ipsec_sa *sa; + int ret; + + if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { + plt_dp_err("Out of place is not supported"); + return -ENOTSUP; + } + + if (unlikely(!rte_pktmbuf_is_contiguous(sym_op->m_src))) { + plt_dp_err("Scatter Gather mode is not supported"); + return -ENOTSUP; + } + + sa = &sess->sa; + w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2; + + if (w2->s.dir == ROC_IE_OT_SA_DIR_OUTBOUND) + ret = process_outb_sa(op, sa, inst); + else { + infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND; + ret = process_inb_sa(op, sa, inst); + } + + return ret; +} + +static __rte_always_inline int __rte_hot cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cnxk_se_sess *sess, struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst) @@ -64,6 +99,7 @@ static inline int cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], struct cpt_inst_s inst[], struct cpt_inflight_req *infl_req) { + struct cn10k_sec_session *sec_sess; struct rte_crypto_sym_op *sym_op; struct cnxk_se_sess *sess; struct rte_crypto_op *op; @@ -79,7 +115,15 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], sym_op = op->sym; if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + sec_sess = get_sec_session_private_data( + sym_op->sec_session); + ret = cpt_sec_inst_fill(op, sec_sess, infl_req, + &inst[0]); + if (unlikely(ret)) + return 0; + w7 = sec_sess->sa.inst.w7; + } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { sess = get_sym_session_private_data( sym_op->session, cn10k_cryptodev_driver_id); ret = cpt_sym_inst_fill(qp, op, sess, infl_req, @@ -196,6 +240,34 @@ cn10k_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops) } static inline void +cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, + struct cpt_inflight_req *infl_req) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m = sym_op->m_src; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip; + uint16_t m_len; + + if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) { + ip = (struct rte_ipv4_hdr *)rte_pktmbuf_mtod(m, char *); + + if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == + IPVERSION) { + m_len = rte_be_to_cpu_16(ip->total_length); + } else { + PLT_ASSERT(((ip->version_ihl & 0xf0) >> + RTE_IPV4_IHL_MULTIPLIER) == IPV6_VERSION); + ip6 = (struct rte_ipv6_hdr *)ip; + m_len = rte_be_to_cpu_16(ip6->payload_len) + + sizeof(struct rte_ipv6_hdr); + } + m->data_len = m_len; + m->pkt_len = m_len; + } +} + +static inline void cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop, struct cpt_inflight_req *infl_req) @@ -219,6 +291,10 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + cn10k_cpt_sec_post_process(cop, infl_req); + return; + } /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h new file mode 100644 index 0000000..1e9ebb5 --- /dev/null +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -0,0 +1,74 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2021 Marvell. + */ + +#ifndef __CN10K_IPSEC_LA_OPS_H__ +#define __CN10K_IPSEC_LA_OPS_H__ + +#include +#include + +#include "cn10k_cryptodev.h" +#include "cn10k_ipsec.h" +#include "cnxk_cryptodev.h" + +static __rte_always_inline int32_t +ipsec_po_out_rlen_get(struct cn10k_ipsec_sa *sess, uint32_t plen) +{ + uint32_t enc_payload_len; + + enc_payload_len = + RTE_ALIGN_CEIL(plen + sess->roundup_len, sess->roundup_byte); + + return sess->partial_len + enc_payload_len; +} + +static __rte_always_inline int +process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen, rlen, extend_tail; + char *mdata; + + dlen = rte_pktmbuf_pkt_len(m_src); + rlen = ipsec_po_out_rlen_get(sess, dlen); + + extend_tail = rlen - dlen; + + mdata = rte_pktmbuf_append(m_src, extend_tail); + if (unlikely(mdata == NULL)) { + plt_dp_err("Not enough tail room"); + return -ENOMEM; + } + + /* Prepare CPT instruction */ + inst->w4.u64 = sess->inst.w4; + inst->w4.s.dlen = dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + + return 0; +} + +static __rte_always_inline int +process_inb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sa, + struct cpt_inst_s *inst) +{ + struct rte_crypto_sym_op *sym_op = cop->sym; + struct rte_mbuf *m_src = sym_op->m_src; + uint32_t dlen; + + dlen = rte_pktmbuf_pkt_len(m_src); + + /* Prepare CPT instruction */ + inst->w4.u64 = sa->inst.w4; + inst->w4.s.dlen = dlen; + inst->dptr = rte_pktmbuf_iova(m_src); + inst->rptr = inst->dptr; + + return 0; +} + +#endif /* __CN10K_IPSEC_LA_OPS_H__ */ -- 2.7.4