From: Igor Russkikh <Igor.Russkikh@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: "ferruh.yigit@intel.com" <ferruh.yigit@intel.com>,
Pavel Belous <Pavel.Belous@aquantia.com>,
John McNamara <john.mcnamara@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
Thomas Monjalon <thomas@monjalon.net>,
Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Igor Russkikh <Igor.Russkikh@aquantia.com>
Subject: [dpdk-dev] [RFC 5/5] net/atlantic: macsec security context draft
Date: Fri, 31 May 2019 16:15:00 +0000 [thread overview]
Message-ID: <d4c6e6f55be76687d21ca151a3ae8db3d11718bf.1559319237.git.igor.russkikh@aquantia.com> (raw)
In-Reply-To: <4595add642bf8ca1114488657d12a973b966e8f5.1559319237.git.igor.russkikh@aquantia.com>
---
drivers/net/atlantic/atl_ethdev.c | 116 ++++++++++++++++++++++++++++++
drivers/net/atlantic/meson.build | 1 +
2 files changed, 117 insertions(+)
diff --git a/drivers/net/atlantic/atl_ethdev.c b/drivers/net/atlantic/atl_ethdev.c
index c9c1795a1639..b6fcf36f0f27 100644
--- a/drivers/net/atlantic/atl_ethdev.c
+++ b/drivers/net/atlantic/atl_ethdev.c
@@ -5,6 +5,9 @@
#include <rte_string_fns.h>
#include <rte_ethdev_pci.h>
#include <rte_alarm.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+#include <rte_cryptodev.h>
#include "atl_ethdev.h"
#include "atl_common.h"
@@ -122,6 +125,7 @@ static int eth_atl_pci_remove(struct rte_pci_device *pci_dev);
static void atl_dev_info_get(struct rte_eth_dev *dev,
struct rte_eth_dev_info *dev_info);
+static int atl_macsec_ctx_create(struct rte_eth_dev *dev);
int atl_logtype_init;
int atl_logtype_driver;
@@ -412,6 +416,10 @@ eth_atl_dev_init(struct rte_eth_dev *eth_dev)
hw->aq_nic_cfg = &adapter->hw_cfg;
+ /* Initialize security_ctx only for primary process*/
+ if (atl_macsec_ctx_create(eth_dev))
+ return -ENOMEM;
+
/* disable interrupt */
atl_disable_intr(hw);
@@ -475,6 +483,8 @@ eth_atl_dev_uninit(struct rte_eth_dev *eth_dev)
rte_free(eth_dev->data->mac_addrs);
eth_dev->data->mac_addrs = NULL;
+ rte_free(eth_dev->security_ctx);
+
return 0;
}
@@ -1872,6 +1882,112 @@ atl_rss_hash_conf_get(struct rte_eth_dev *dev,
return 0;
}
+static const struct rte_security_capability *
+atl_crypto_capabilities_get(void *device __rte_unused)
+{
+ static const struct rte_cryptodev_capabilities
+ aes_gcm_gmac_crypto_capabilities[] = {
+ { /* AES GMAC (128-bit) */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_AES_GMAC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+ };
+
+ static const struct rte_security_capability
+ alt_security_capabilities[] = {
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_MACSEC,
+ {.macsec = {
+ /*
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .options = { 0 }
+ */
+ } },
+ .crypto_capabilities = aes_gcm_gmac_crypto_capabilities,
+ .ol_flags = 0
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+ };
+
+ return alt_security_capabilities;
+}
+
+static int atl_macsec_create_session(void *device,
+ struct rte_security_session_conf *conf,
+ struct rte_security_session *sess,
+ struct rte_mempool *mp)
+{
+
+}
+
+static int atl_macsec_update_session(void *device,
+ struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+
+}
+
+static unsigned int atl_macsec_session_get_size(void *device)
+{
+
+}
+
+static int atl_macsec_destroy_session(void *device,
+ struct rte_security_session *sess)
+{
+
+}
+
+static const struct rte_security_capability *atl_macsec_capabilities_get(
+ void *device)
+{
+
+}
+
+static struct rte_security_ops atl_security_ops = {
+ .session_create = atl_macsec_create_session,
+ .session_update = atl_macsec_update_session,
+ .session_get_size = atl_macsec_session_get_size,
+ .session_stats_get = NULL,
+ .session_destroy = atl_macsec_destroy_session,
+ .set_pkt_metadata = NULL,
+ .capabilities_get = atl_macsec_capabilities_get,
+};
+
+static int
+atl_macsec_ctx_create(struct rte_eth_dev *dev)
+{
+ struct rte_security_ctx *ctx = NULL;
+
+ ctx = rte_malloc("rte_security_instances_ops",
+ sizeof(struct rte_security_ctx), 0);
+ if (ctx) {
+ ctx->device = (void *)dev;
+ ctx->ops = &atl_security_ops;
+ ctx->sess_cnt = 0;
+ dev->security_ctx = ctx;
+ } else {
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+
static bool
is_device_supported(struct rte_eth_dev *dev, struct rte_pci_driver *drv)
{
diff --git a/drivers/net/atlantic/meson.build b/drivers/net/atlantic/meson.build
index 60b84684ec0a..d14855bdb218 100644
--- a/drivers/net/atlantic/meson.build
+++ b/drivers/net/atlantic/meson.build
@@ -11,3 +11,4 @@ sources = files(
'hw_atl/hw_atl_utils.c',
'rte_pmd_atlantic.c',
)
+deps += ['security']
\ No newline at end of file
--
2.17.1
prev parent reply other threads:[~2019-05-31 16:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 16:14 [dpdk-dev] [RFC 1/5] security: MACSEC infrastructure data declarations Igor Russkikh
2019-05-31 16:14 ` [dpdk-dev] [RFC 2/5] app/testpmd: macsec on command draft via security context Igor Russkikh
2019-05-31 16:14 ` [dpdk-dev] [RFC 3/5] app/testpmd: macsec off command Igor Russkikh
2019-05-31 16:14 ` [dpdk-dev] [RFC 4/5] app/testpmd: macsec: update set sc command with new interface Igor Russkikh
2019-05-31 16:15 ` Igor Russkikh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d4c6e6f55be76687d21ca151a3ae8db3d11718bf.1559319237.git.igor.russkikh@aquantia.com \
--to=igor.russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).