DPDK patches and discussions
 help / color / mirror / Atom feed
From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>
Cc: Archana Muniganti <marchana@marvell.com>, <ktejasree@marvell.com>,
	<adwivedi@marvell.com>, <anoobj@marvell.com>,
	<jerinj@marvell.com>, <dev@dpdk.org>,
	Vamsi Attunuru <vattunuru@marvell.com>
Subject: [dpdk-dev] [PATCH 6/8] crypto/cnxk: add cn9k lookaside IPsec datapath
Date: Thu, 2 Sep 2021 19:12:52 +0530	[thread overview]
Message-ID: <20210902134254.28373-7-marchana@marvell.com> (raw)
In-Reply-To: <20210902134254.28373-1-marchana@marvell.com>

Adds support for cn9k lookaside enqueue and dequeue
operations.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
---
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 78 +++++++++++++++++++-
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h  | 90 ++++++++++++++++++++++++
 2 files changed, 166 insertions(+), 2 deletions(-)
 create mode 100644 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h

diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index 8ade1977e1..40109acc3f 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -5,10 +5,13 @@
 #include <rte_cryptodev.h>
 #include <rte_cryptodev_pmd.h>
 #include <rte_event_crypto_adapter.h>
+#include <rte_ip.h>
 #include <rte_vect.h>
 
 #include "cn9k_cryptodev.h"
 #include "cn9k_cryptodev_ops.h"
+#include "cn9k_ipsec.h"
+#include "cn9k_ipsec_la_ops.h"
 #include "cnxk_ae.h"
 #include "cnxk_cryptodev.h"
 #include "cnxk_cryptodev_ops.h"
@@ -34,6 +37,36 @@ cn9k_cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 	return ret;
 }
 
+static __rte_always_inline int __rte_hot
+cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
+		       struct cpt_inflight_req *infl_req,
+		       struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sym_op *sym_op = op->sym;
+	struct cn9k_sec_session *priv;
+	struct cn9k_ipsec_sa *sa;
+
+	if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
+		plt_dp_err("Out of place is not supported");
+		return -ENOTSUP;
+	}
+
+	if (unlikely(!rte_pktmbuf_is_contiguous(sym_op->m_src))) {
+		plt_dp_err("Scatter Gather mode is not supported");
+		return -ENOTSUP;
+	}
+
+	priv = get_sec_session_private_data(op->sym->sec_session);
+	sa = &priv->sa;
+
+	if (sa->dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+		return process_outb_sa(op, sa, inst);
+
+	infl_req->op_flags |= CPT_OP_FLAGS_IPSEC_DIR_INBOUND;
+
+	return process_inb_sa(op, sa, inst);
+}
+
 static inline struct cnxk_se_sess *
 cn9k_cpt_sym_temp_sess_create(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op)
 {
@@ -80,7 +113,10 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 				sym_op->session, cn9k_cryptodev_driver_id);
 			ret = cn9k_cpt_sym_inst_fill(qp, op, sess, infl_req,
 						     inst);
-		} else {
+			inst->w7.u64 = sess->cpt_inst_w7;
+		} else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
+			ret = cn9k_cpt_sec_inst_fill(op, infl_req, inst);
+		else {
 			sess = cn9k_cpt_sym_temp_sess_create(qp, op);
 			if (unlikely(sess == NULL)) {
 				plt_dp_err("Could not create temp session");
@@ -94,8 +130,8 @@ cn9k_cpt_inst_prep(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op,
 						  op->sym->session);
 				rte_mempool_put(qp->sess_mp, op->sym->session);
 			}
+			inst->w7.u64 = sess->cpt_inst_w7;
 		}
-		inst->w7.u64 = sess->cpt_inst_w7;
 	} else if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
 		struct rte_crypto_asym_op *asym_op;
 		struct cnxk_ae_sess *sess;
@@ -348,6 +384,39 @@ cn9k_cpt_crypto_adapter_enqueue(uintptr_t tag_op, struct rte_crypto_op *op)
 	return 1;
 }
 
+static inline void
+cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
+			  struct cpt_inflight_req *infl_req)
+{
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m = sym_op->m_src;
+	struct rte_ipv6_hdr *ip6;
+	struct rte_ipv4_hdr *ip;
+	uint16_t m_len = 0;
+	char *data;
+
+	if (infl_req->op_flags & CPT_OP_FLAGS_IPSEC_DIR_INBOUND) {
+		data = rte_pktmbuf_mtod(m, char *);
+
+		ip = (struct rte_ipv4_hdr *)(data + ROC_IE_ON_INB_RPTR_HDR);
+
+		if (((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) ==
+		    IPVERSION) {
+			m_len = rte_be_to_cpu_16(ip->total_length);
+		} else {
+			PLT_ASSERT(((ip->version_ihl & 0xf0) >>
+				    RTE_IPV4_IHL_MULTIPLIER) == 6);
+			ip6 = (struct rte_ipv6_hdr *)ip;
+			m_len = rte_be_to_cpu_16(ip6->payload_len) +
+				sizeof(struct rte_ipv6_hdr);
+		}
+
+		m->data_len = m_len;
+		m->pkt_len = m_len;
+		m->data_off += ROC_IE_ON_INB_RPTR_HDR;
+	}
+}
+
 static inline void
 cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 			      struct cpt_inflight_req *infl_req)
@@ -370,6 +439,11 @@ cn9k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct rte_crypto_op *cop,
 
 		cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 		if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+			if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+				cn9k_cpt_sec_post_process(cop, infl_req);
+				return;
+			}
+
 			/* Verify authentication data if required */
 			if (unlikely(infl_req->op_flags &
 				     CPT_OP_FLAGS_AUTH_VERIFY)) {
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
new file mode 100644
index 0000000000..b7a88e1b35
--- /dev/null
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -0,0 +1,90 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2021 Marvell.
+ */
+
+#ifndef __CN9K_IPSEC_LA_OPS_H__
+#define __CN9K_IPSEC_LA_OPS_H__
+
+#include <rte_crypto_sym.h>
+#include <rte_security.h>
+
+#include "cn9k_ipsec.h"
+
+static __rte_always_inline int32_t
+ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen)
+{
+	uint32_t enc_payload_len;
+
+	enc_payload_len = RTE_ALIGN_CEIL(plen + sa->rlens.roundup_len,
+					 sa->rlens.roundup_byte);
+
+	return sa->rlens.partial_len + enc_payload_len;
+}
+
+static __rte_always_inline int
+process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,
+		struct cpt_inst_s *inst)
+{
+	const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr);
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+	uint32_t dlen, rlen, extend_tail;
+	struct roc_ie_on_outb_sa *out_sa;
+	struct roc_ie_on_outb_hdr *hdr;
+
+	out_sa = &sa->out_sa;
+
+	dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len;
+	rlen = ipsec_po_out_rlen_get(sa, dlen - hdr_len);
+
+	extend_tail = rlen - dlen;
+	if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) {
+		plt_dp_err("Not enough tail room");
+		return -ENOMEM;
+	}
+
+	m_src->data_len += extend_tail;
+	m_src->pkt_len += extend_tail;
+
+	hdr = (struct roc_ie_on_outb_hdr *)rte_pktmbuf_prepend(m_src, hdr_len);
+	if (unlikely(hdr == NULL)) {
+		plt_dp_err("Not enough head room");
+		return -ENOMEM;
+	}
+
+	memcpy(&hdr->iv[0],
+	       rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off),
+	       sa->cipher_iv_len);
+	hdr->seq = rte_cpu_to_be_32(sa->seq_lo);
+	hdr->ip_id = rte_cpu_to_be_32(sa->ip_id);
+
+	out_sa->common_sa.esn_hi = sa->seq_hi;
+
+	sa->ip_id++;
+	sa->esn++;
+
+	/* Prepare CPT instruction */
+	inst->w4.u64 = sa->inst.w4 | dlen;
+	inst->dptr = rte_pktmbuf_iova(m_src);
+	inst->rptr = inst->dptr;
+	inst->w7.u64 = sa->inst.w7;
+
+	return 0;
+}
+
+static __rte_always_inline int
+process_inb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,
+	       struct cpt_inst_s *inst)
+{
+	struct rte_crypto_sym_op *sym_op = cop->sym;
+	struct rte_mbuf *m_src = sym_op->m_src;
+
+	/* Prepare CPT instruction */
+	inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src);
+	inst->dptr = rte_pktmbuf_iova(m_src);
+	inst->rptr = inst->dptr;
+	inst->w7.u64 = sa->inst.w7;
+
+	return 0;
+}
+#endif /* __CN9K_IPSEC_LA_OPS_H__ */
-- 
2.22.0


  parent reply	other threads:[~2021-09-02 13:44 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-02 13:42 [dpdk-dev] [PATCH 0/8] add cn9k lookaside IPsec support Archana Muniganti
2021-09-02 13:42 ` [dpdk-dev] [PATCH 1/8] crypto/cnxk: add cn9k security ctx Archana Muniganti
2021-09-02 13:42 ` [dpdk-dev] [PATCH 2/8] common/cnxk: add cn9k IPsec microcode defines Archana Muniganti
2021-09-02 13:42 ` [dpdk-dev] [PATCH 3/8] crypto/cnxk: add cn9k IPsec session related functions Archana Muniganti
2021-09-06 19:39   ` Akhil Goyal
2021-09-02 13:42 ` [dpdk-dev] [PATCH 4/8] crypto/cnxk: add cn9k IPsec outbound session create function Archana Muniganti
2021-09-02 13:42 ` [dpdk-dev] [PATCH 5/8] crypto/cnxk: add cn9k IPsec inbound " Archana Muniganti
2021-09-02 13:42 ` Archana Muniganti [this message]
2021-09-02 13:42 ` [dpdk-dev] [PATCH 7/8] crypto/cnxk: update tailroom requirement Archana Muniganti
2021-09-02 13:42 ` [dpdk-dev] [PATCH 8/8] crypto/cnxk: update feature flag for cn9k lookaside IPsec Archana Muniganti

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210902134254.28373-7-marchana@marvell.com \
    --to=marchana@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=vattunuru@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).