From: Jiawen Wu <jiawenwu@trustnetic.com> To: dev@dpdk.org Cc: Jiawen Wu <jiawenwu@trustnetic.com> Subject: [dpdk-dev] [PATCH v2 33/37] net/txgbe: add IPsec context creation Date: Wed, 11 Nov 2020 14:49:32 +0800 Message-ID: <20201111064936.768604-34-jiawenwu@trustnetic.com> (raw) In-Reply-To: <20201111064936.768604-1-jiawenwu@trustnetic.com> Initialize securiry context, and add support to get security capabilities. Signed-off-by: Jiawen Wu <jiawenwu@trustnetic.com> --- doc/guides/nics/features/txgbe.ini | 1 + drivers/net/txgbe/meson.build | 3 +- drivers/net/txgbe/txgbe_ethdev.c | 13 +++ drivers/net/txgbe/txgbe_ethdev.h | 3 + drivers/net/txgbe/txgbe_ipsec.c | 181 +++++++++++++++++++++++++++++ drivers/net/txgbe/txgbe_ipsec.h | 13 +++ 6 files changed, 213 insertions(+), 1 deletion(-) create mode 100644 drivers/net/txgbe/txgbe_ipsec.c create mode 100644 drivers/net/txgbe/txgbe_ipsec.h diff --git a/doc/guides/nics/features/txgbe.ini b/doc/guides/nics/features/txgbe.ini index 6f721ff1c..3436563b1 100644 --- a/doc/guides/nics/features/txgbe.ini +++ b/doc/guides/nics/features/txgbe.ini @@ -28,6 +28,7 @@ VLAN filter = Y Flow control = Y Flow API = Y Rate limitation = Y +Inline crypto = Y CRC offload = P VLAN offload = P QinQ offload = P diff --git a/drivers/net/txgbe/meson.build b/drivers/net/txgbe/meson.build index 352baad8b..f6a51a998 100644 --- a/drivers/net/txgbe/meson.build +++ b/drivers/net/txgbe/meson.build @@ -8,13 +8,14 @@ sources = files( 'txgbe_ethdev.c', 'txgbe_fdir.c', 'txgbe_flow.c', + 'txgbe_ipsec.c', 'txgbe_ptypes.c', 'txgbe_pf.c', 'txgbe_rxtx.c', 'txgbe_tm.c', ) -deps += ['hash'] +deps += ['hash', 'security'] includes += include_directories('base') diff --git a/drivers/net/txgbe/txgbe_ethdev.c b/drivers/net/txgbe/txgbe_ethdev.c index 5f7db6b7b..a10e13749 100644 --- a/drivers/net/txgbe/txgbe_ethdev.c +++ b/drivers/net/txgbe/txgbe_ethdev.c @@ -16,6 +16,9 @@ #include <rte_memory.h> #include <rte_eal.h> #include <rte_alarm.h> +#ifdef RTE_LIB_SECURITY +#include <rte_security_driver.h> +#endif #include "txgbe_logs.h" #include "base/txgbe.h" @@ -549,6 +552,12 @@ eth_txgbe_dev_init(struct rte_eth_dev *eth_dev, void *init_params __rte_unused) /* Unlock any pending hardware semaphore */ txgbe_swfw_lock_reset(hw); +#ifdef RTE_LIB_SECURITY + /* Initialize security_ctx only for primary process*/ + if (txgbe_ipsec_ctx_create(eth_dev)) + return -ENOMEM; +#endif + /* Initialize DCB configuration*/ memset(dcb_config, 0, sizeof(struct txgbe_dcb_config)); txgbe_dcb_init(hw, dcb_config); @@ -1971,6 +1980,10 @@ txgbe_dev_close(struct rte_eth_dev *dev) /* Remove all Traffic Manager configuration */ txgbe_tm_conf_uninit(dev); +#ifdef RTE_LIB_SECURITY + rte_free(dev->security_ctx); +#endif + return ret; } diff --git a/drivers/net/txgbe/txgbe_ethdev.h b/drivers/net/txgbe/txgbe_ethdev.h index 73e3fe8da..db4b73e3e 100644 --- a/drivers/net/txgbe/txgbe_ethdev.h +++ b/drivers/net/txgbe/txgbe_ethdev.h @@ -9,6 +9,9 @@ #include "base/txgbe.h" #include "txgbe_ptypes.h" +#ifdef RTE_LIB_SECURITY +#include "txgbe_ipsec.h" +#endif #include <rte_flow.h> #include <rte_time.h> #include <rte_hash.h> diff --git a/drivers/net/txgbe/txgbe_ipsec.c b/drivers/net/txgbe/txgbe_ipsec.c new file mode 100644 index 000000000..b21bba237 --- /dev/null +++ b/drivers/net/txgbe/txgbe_ipsec.c @@ -0,0 +1,181 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2015-2020 + */ + +#include <rte_ethdev_pci.h> +#include <rte_ip.h> +#include <rte_jhash.h> +#include <rte_security_driver.h> +#include <rte_cryptodev.h> +#include <rte_flow.h> + +#include "base/txgbe.h" +#include "txgbe_ethdev.h" +#include "txgbe_ipsec.h" + +static const struct rte_security_capability * +txgbe_crypto_capabilities_get(void *device __rte_unused) +{ + static const struct rte_cryptodev_capabilities + aes_gcm_gmac_crypto_capabilities[] = { + { /* AES GMAC (128-bit) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_AES_GMAC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, + { /* AES GCM (128-bit) */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 0, + .max = 65535, + .increment = 1 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, + { + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED + }, } + }, + }; + + static const struct rte_security_capability + txgbe_security_capabilities[] = { + { /* IPsec Inline Crypto ESP Transport Egress */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + {.ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 } + } }, + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { /* IPsec Inline Crypto ESP Transport Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + {.ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 } + } }, + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, + .ol_flags = 0 + }, + { /* IPsec Inline Crypto ESP Tunnel Egress */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + {.ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 } + } }, + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { /* IPsec Inline Crypto ESP Tunnel Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + {.ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 } + } }, + .crypto_capabilities = aes_gcm_gmac_crypto_capabilities, + .ol_flags = 0 + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } + }; + + return txgbe_security_capabilities; +} + +static struct rte_security_ops txgbe_security_ops = { + .capabilities_get = txgbe_crypto_capabilities_get +}; + +static int +txgbe_crypto_capable(struct rte_eth_dev *dev) +{ + struct txgbe_hw *hw = TXGBE_DEV_HW(dev); + uint32_t reg_i, reg, capable = 1; + /* test if rx crypto can be enabled and then write back initial value*/ + reg_i = rd32(hw, TXGBE_SECRXCTL); + wr32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA, 0); + reg = rd32m(hw, TXGBE_SECRXCTL, TXGBE_SECRXCTL_ODSA); + if (reg != 0) + capable = 0; + wr32(hw, TXGBE_SECRXCTL, reg_i); + return capable; +} + +int +txgbe_ipsec_ctx_create(struct rte_eth_dev *dev) +{ + struct rte_security_ctx *ctx = NULL; + + if (txgbe_crypto_capable(dev)) { + ctx = rte_malloc("rte_security_instances_ops", + sizeof(struct rte_security_ctx), 0); + if (ctx) { + ctx->device = (void *)dev; + ctx->ops = &txgbe_security_ops; + ctx->sess_cnt = 0; + dev->security_ctx = ctx; + } else { + return -ENOMEM; + } + } + if (rte_security_dynfield_register() < 0) + return -rte_errno; + return 0; +} diff --git a/drivers/net/txgbe/txgbe_ipsec.h b/drivers/net/txgbe/txgbe_ipsec.h new file mode 100644 index 000000000..f58ebab3d --- /dev/null +++ b/drivers/net/txgbe/txgbe_ipsec.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2015-2020 + */ + +#ifndef TXGBE_IPSEC_H_ +#define TXGBE_IPSEC_H_ + +#include <rte_ethdev_core.h> +#include <rte_security.h> + +int txgbe_ipsec_ctx_create(struct rte_eth_dev *dev); + +#endif /*TXGBE_IPSEC_H_*/ -- 2.18.4
next prev parent reply other threads:[~2020-11-11 7:00 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-11-11 6:48 [dpdk-dev] [PATCH v2 00/37] net: add txgbe PMD part 2 Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 01/37] net/txgbe: add ntuple filter init and uninit Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 02/37] net/txgbe: support ntuple filter add and delete Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 03/37] net/txgbe: add ntuple parse rule Jiawen Wu 2020-11-11 16:06 ` Ferruh Yigit 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 04/37] net/txgbe: support ntuple filter remove operaion Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 05/37] net/txgbe: support ethertype filter add and delete Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 06/37] net/txgbe: add ethertype parse rule Jiawen Wu 2020-11-11 16:02 ` Ferruh Yigit 2020-11-11 16:04 ` Ferruh Yigit 2020-11-12 1:57 ` Wang, Haiyue 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 07/37] net/txgbe: support syn filter add and delete Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 08/37] net/txgbe: add syn filter parse rule Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 09/37] net/txgbe: add L2 tunnel filter init and uninit Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 10/37] net/txgbe: config L2 tunnel filter with e-tag Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 11/37] net/txgbe: support L2 tunnel filter add and delete Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 12/37] net/txgbe: add L2 tunnel filter parse rule Jiawen Wu 2020-11-11 16:10 ` Ferruh Yigit 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 13/37] net/txgbe: add FDIR filter init and uninit Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 14/37] net/txgbe: configure FDIR filter Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 15/37] net/txgbe: support FDIR add and delete operations Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 16/37] net/txgbe: add FDIR parse normal rule Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 17/37] net/txgbe: add FDIR parse tunnel rule Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 18/37] net/txgbe: add FDIR restore operation Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 19/37] net/txgbe: add RSS filter parse rule Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 20/37] net/txgbe: add RSS filter restore operation Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 21/37] net/txgbe: add filter list init and uninit Jiawen Wu 2020-11-11 16:10 ` Ferruh Yigit 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 22/37] net/txgbe: add generic flow API Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 23/37] net/txgbe: add flow API create function Jiawen Wu 2020-11-11 16:11 ` Ferruh Yigit 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 24/37] net/txgbe: add flow API destroy function Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 25/37] net/txgbe: add flow API flush function Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 26/37] net/txgbe: support UDP tunnel port add and delete Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 27/37] net/txgbe: add TM configuration init and uninit Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 28/37] net/txgbe: add TM capabilities get operation Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 29/37] net/txgbe: support TM shaper profile add and delete Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 30/37] net/txgbe: support TM node " Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 31/37] net/txgbe: add TM hierarchy commit Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 32/37] net/txgbe: add macsec setting Jiawen Wu 2020-11-11 16:13 ` Ferruh Yigit 2020-11-11 6:49 ` Jiawen Wu [this message] 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 34/37] net/txgbe: add security session create operation Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 35/37] net/txgbe: support security session destroy Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 36/37] net/txgbe: add security offload in Rx and Tx process Jiawen Wu 2020-11-11 6:49 ` [dpdk-dev] [PATCH v2 37/37] net/txgbe: add security type in flow action Jiawen Wu 2020-11-11 16:00 ` [dpdk-dev] [PATCH v2 00/37] net: add txgbe PMD part 2 Ferruh Yigit 2020-11-11 16:09 ` Ferruh Yigit
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201111064936.768604-34-jiawenwu@trustnetic.com \ --to=jiawenwu@trustnetic.com \ --cc=dev@dpdk.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git