From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3A8D4A0C4C; Thu, 2 Sep 2021 15:44:08 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C1B7640E2D; Thu, 2 Sep 2021 15:44:05 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4130940142 for ; Thu, 2 Sep 2021 15:44:04 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18281DLc011516 for ; Thu, 2 Sep 2021 06:44:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=S2MbwPoLkDnW/QIzkYG0Lyov7qPQDNmYALRJeGGRgcE=; b=FfUFpzotWiG31DkcayMLYLSTloN0cDjfECsifl9CObFWXHtwfRWV2WwIH2SBs7P8BR+G 4t0Yy2z8sih2dGzZT0IAfraTHPXMFGShOlUalvkINhBv22hknE0BQ0UE9IqJMsJTnCa+ n5Lik1hnSj5rO2z9w4dupYL9aFii2A3JGC3zUT3/zrWAVukYD7rKKm761EoTpp/YnnDV 1FhFreu87LV3nCYtHRKHDjcM77kkocURFVkvFzb6iPJX3xnGMDzIDVnvywrLEVq+SI4A cTXS9kLAgnY8LdZEHEkD9EgQf7kqX8BSDg8mAT5Wr1o6Co/by0x4GhBknMhCf7DJAlHU Dg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3attqmh4fu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 02 Sep 2021 06:44:03 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 2 Sep 2021 06:44:01 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 2 Sep 2021 06:44:01 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 1B69D3F705E; Thu, 2 Sep 2021 06:43:58 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , , , Vamsi Attunuru Date: Thu, 2 Sep 2021 19:12:50 +0530 Message-ID: <20210902134254.28373-5-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20210902134254.28373-1-marchana@marvell.com> References: <20210902134254.28373-1-marchana@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: lq_xQgiJLCRc9UoApHd8Pesvb5t1R9P2 X-Proofpoint-ORIG-GUID: lq_xQgiJLCRc9UoApHd8Pesvb5t1R9P2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-02_04,2021-09-02_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 4/8] crypto/cnxk: add cn9k IPsec outbound session create function X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding logic for IPsec outbound session creation. Signed-off-by: Ankur Dwivedi Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/crypto/cnxk/cn9k_ipsec.c | 143 +++++++++++++++++++++++++++++-- drivers/crypto/cnxk/cn9k_ipsec.h | 17 ++++ 2 files changed, 155 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index dd02cc7764..52fbc5e350 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -3,6 +3,7 @@ */ #include +#include #include #include @@ -275,12 +276,144 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, struct rte_crypto_sym_xform *crypto_xform, struct rte_security_session *sec_sess) { - RTE_SET_USED(qp); - RTE_SET_USED(ipsec); - RTE_SET_USED(crypto_xform); - RTE_SET_USED(sec_sess); + struct rte_crypto_sym_xform *auth_xform = crypto_xform->next; + struct roc_ie_on_ip_template *template = NULL; + struct cnxk_cpt_inst_tmpl *inst_tmpl; + struct roc_ie_on_outb_sa *out_sa; + struct cn9k_sec_session *sess; + struct roc_ie_on_sa_ctl *ctl; + struct cn9k_ipsec_sa *sa; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip4; + const uint8_t *auth_key; + union cpt_inst_w4 w4; + union cpt_inst_w7 w7; + int auth_key_len = 0; + size_t ctx_len; + int ret; - return 0; + sess = get_sec_session_private_data(sec_sess); + sa = &sess->sa; + out_sa = &sa->out_sa; + ctl = &out_sa->common_sa.ctl; + + memset(sa, 0, sizeof(struct cn9k_ipsec_sa)); + + /* Initialize lookaside IPsec private data */ + sa->dir = RTE_SECURITY_IPSEC_SA_DIR_EGRESS; + /* Start ip id from 1 */ + sa->ip_id = 1; + sa->seq_lo = 1; + sa->seq_hi = 0; + + ret = fill_ipsec_common_sa(ipsec, crypto_xform, &out_sa->common_sa); + if (ret) + return ret; + + ret = cnxk_ipsec_outb_rlens_get(&sa->rlens, ipsec, crypto_xform); + if (ret) + return ret; + + if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) { + template = &out_sa->aes_gcm.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template); + } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) { + template = &out_sa->sha1.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, sha1.template); + } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA2_256) { + template = &out_sa->sha2.template; + ctx_len = offsetof(struct roc_ie_on_outb_sa, sha2.template); + } else { + return -EINVAL; + } + + ip4 = (struct rte_ipv4_hdr *)&template->ip4.ipv4_hdr; + if (ipsec->options.udp_encap) { + ip4->next_proto_id = IPPROTO_UDP; + template->ip4.udp_src = rte_be_to_cpu_16(4500); + template->ip4.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip4->next_proto_id = IPPROTO_ESP; + } + + if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) { + if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { + ctx_len += sizeof(template->ip4); + + ip4->version_ihl = RTE_IPV4_VHL_DEF; + ip4->time_to_live = ipsec->tunnel.ipv4.ttl; + ip4->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2); + if (ipsec->tunnel.ipv4.df) + ip4->fragment_offset = BIT(14); + memcpy(&ip4->src_addr, &ipsec->tunnel.ipv4.src_ip, + sizeof(struct in_addr)); + memcpy(&ip4->dst_addr, &ipsec->tunnel.ipv4.dst_ip, + sizeof(struct in_addr)); + } else if (ipsec->tunnel.type == + RTE_SECURITY_IPSEC_TUNNEL_IPV6) { + ctx_len += sizeof(template->ip6); + + ip6 = (struct rte_ipv6_hdr *)&template->ip6.ipv6_hdr; + if (ipsec->options.udp_encap) { + ip6->proto = IPPROTO_UDP; + template->ip6.udp_src = rte_be_to_cpu_16(4500); + template->ip6.udp_dst = rte_be_to_cpu_16(4500); + } else { + ip6->proto = (ipsec->proto == + RTE_SECURITY_IPSEC_SA_PROTO_ESP) ? + IPPROTO_ESP : + IPPROTO_AH; + } + ip6->vtc_flow = + rte_cpu_to_be_32(0x60000000 | + ((ipsec->tunnel.ipv6.dscp + << RTE_IPV6_HDR_TC_SHIFT) & + RTE_IPV6_HDR_TC_MASK) | + ((ipsec->tunnel.ipv6.flabel + << RTE_IPV6_HDR_FL_SHIFT) & + RTE_IPV6_HDR_FL_MASK)); + ip6->hop_limits = ipsec->tunnel.ipv6.hlimit; + memcpy(&ip6->src_addr, &ipsec->tunnel.ipv6.src_addr, + sizeof(struct in6_addr)); + memcpy(&ip6->dst_addr, &ipsec->tunnel.ipv6.dst_addr, + sizeof(struct in6_addr)); + } + } else + ctx_len += sizeof(template->ip4); + + ctx_len += RTE_ALIGN_CEIL(ctx_len, 8); + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->cipher_iv_off = crypto_xform->aead.iv.offset; + sa->cipher_iv_len = crypto_xform->aead.iv.length; + } else { + sa->cipher_iv_off = crypto_xform->cipher.iv.offset; + sa->cipher_iv_len = crypto_xform->cipher.iv.length; + + auth_key = auth_xform->auth.key.data; + auth_key_len = auth_xform->auth.key.length; + + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + memcpy(out_sa->sha1.hmac_key, auth_key, auth_key_len); + else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + memcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len); + } + + inst_tmpl = &sa->inst; + + w4.u64 = 0; + w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC; + w4.s.opcode_minor = ctx_len >> 3; + w4.s.param1 = ROC_IE_ON_PER_PKT_IV; + inst_tmpl->w4 = w4.u64; + + w7.u64 = 0; + w7.s.egrp = ROC_CPT_DFLT_ENG_GRP_SE; + w7.s.cptr = rte_mempool_virt2iova(out_sa); + inst_tmpl->w7 = w7.u64; + + return cn9k_cpt_enq_sa_write( + sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_OUTBOUND, ctx_len); } static int diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h index 0fe78df49b..13d522ec6f 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.h +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -6,6 +6,7 @@ #define __CN9K_IPSEC_H__ #include "cnxk_ipsec.h" +#include "cnxk_security.h" struct cn9k_ipsec_sa { union { @@ -18,6 +19,22 @@ struct cn9k_ipsec_sa { enum rte_security_ipsec_sa_direction dir; /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; + /** Cipher IV offset in bytes */ + uint16_t cipher_iv_off; + /** Cipher IV length in bytes */ + uint8_t cipher_iv_len; + /** Response length calculation data */ + struct cnxk_ipsec_outb_rlens rlens; + /** Outbound IP-ID */ + uint16_t ip_id; + /** ESN */ + union { + uint64_t esn; + struct { + uint32_t seq_lo; + uint32_t seq_hi; + }; + }; }; struct cn9k_sec_session { -- 2.22.0