f-stack/dpdk/drivers/crypto/cnxk/cn10k_ipsec.c

/* SPDX-License-Identifier: BSD-3-Clause
 * Copyright(C) 2021 Marvell.
 */

#include <rte_malloc.h>
#include <cryptodev_pmd.h>
#include <rte_esp.h>
#include <rte_ip.h>
#include <rte_security.h>
#include <rte_security_driver.h>
#include <rte_udp.h>

#include "cnxk_cryptodev.h"
#include "cnxk_ipsec.h"
#include "cnxk_security.h"
#include "cn10k_ipsec.h"

#include "roc_api.h"

static uint64_t
ipsec_cpt_inst_w7_get(struct roc_cpt *roc_cpt, void *sa)
{
	union cpt_inst_w7 w7;

	w7.u64 = 0;
	w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];
	w7.s.ctx_val = 1;
	w7.s.cptr = (uint64_t)sa;
	rte_mb();

	return w7.u64;
}

static int
cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,
			   struct rte_security_ipsec_xform *ipsec_xfrm,
			   struct rte_crypto_sym_xform *crypto_xfrm,
			   struct rte_security_session *sec_sess)
{
	union roc_ot_ipsec_outb_param1 param1;
	struct roc_ot_ipsec_outb_sa *out_sa;
	struct cnxk_ipsec_outb_rlens rlens;
	struct cn10k_sec_session *sess;
	struct cn10k_ipsec_sa *sa;
	union cpt_inst_w4 inst_w4;
	int ret;

	sess = get_sec_session_private_data(sec_sess);
	sa = &sess->sa;
	out_sa = &sa->out_sa;

	memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));

	/* Translate security parameters to SA */
	ret = cnxk_ot_ipsec_outb_sa_fill(out_sa, ipsec_xfrm, crypto_xfrm);
	if (ret)
		return ret;

	sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);

#ifdef LA_IPSEC_DEBUG
	/* Use IV from application in debug mode */
	if (ipsec_xfrm->options.iv_gen_disable == 1) {
		out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
		if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
			sa->iv_offset = crypto_xfrm->aead.iv.offset;
			sa->iv_length = crypto_xfrm->aead.iv.length;
		}
	}
#else
	if (ipsec_xfrm->options.iv_gen_disable != 0) {
		plt_err("Application provided IV not supported");
		return -ENOTSUP;
	}
#endif

	/* Get Rlen calculation data */
	ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
	if (ret)
		return ret;

	sa->max_extended_len = rlens.max_extended_len;

	/* pre-populate CPT INST word 4 */
	inst_w4.u64 = 0;
	inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;

	param1.u16 = 0;

	/* Disable IP checksum computation by default */
	param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;

	if (ipsec_xfrm->options.ip_csum_enable) {
		param1.s.ip_csum_disable =
			ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;
	}

	/* Disable L4 checksum computation by default */
	param1.s.l4_csum_disable = ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE;

	if (ipsec_xfrm->options.l4_csum_enable) {
		param1.s.l4_csum_disable =
			ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE;
	}

	inst_w4.s.param1 = param1.u16;

	sa->inst.w4 = inst_w4.u64;

	return 0;
}

static int
cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,
			  struct rte_security_ipsec_xform *ipsec_xfrm,
			  struct rte_crypto_sym_xform *crypto_xfrm,
			  struct rte_security_session *sec_sess)
{
	union roc_ot_ipsec_inb_param1 param1;
	struct roc_ot_ipsec_inb_sa *in_sa;
	struct cn10k_sec_session *sess;
	struct cn10k_ipsec_sa *sa;
	union cpt_inst_w4 inst_w4;
	int ret;

	sess = get_sec_session_private_data(sec_sess);
	sa = &sess->sa;
	in_sa = &sa->in_sa;

	/* Translate security parameters to SA */
	ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm);
	if (ret)
		return ret;

	/* TODO add support for antireplay */
	sa->in_sa.w0.s.ar_win = 0;

	/* TODO add support for udp encap */

	sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);

	/* pre-populate CPT INST word 4 */
	inst_w4.u64 = 0;
	inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC;

	param1.u16 = 0;

	/* Disable IP checksum verification by default */
	param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;

	if (ipsec_xfrm->options.ip_csum_enable) {
		param1.s.ip_csum_disable =
			ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;
		sa->ip_csum_enable = true;
	}

	/* Disable L4 checksum verification by default */
	param1.s.l4_csum_disable = ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE;

	if (ipsec_xfrm->options.l4_csum_enable) {
		param1.s.l4_csum_disable =
			ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE;
	}

	param1.s.esp_trailer_disable = 1;

	inst_w4.s.param1 = param1.u16;

	sa->inst.w4 = inst_w4.u64;

	return 0;
}

static int
cn10k_ipsec_session_create(void *dev,
			   struct rte_security_ipsec_xform *ipsec_xfrm,
			   struct rte_crypto_sym_xform *crypto_xfrm,
			   struct rte_security_session *sess)
{
	struct rte_cryptodev *crypto_dev = dev;
	struct roc_cpt *roc_cpt;
	struct cnxk_cpt_vf *vf;
	int ret;

	vf = crypto_dev->data->dev_private;
	roc_cpt = &vf->cpt;

	if (crypto_dev->data->queue_pairs[0] == NULL) {
		plt_err("Setup cpt queue pair before creating security session");
		return -EPERM;
	}

	ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm);
	if (ret)
		return ret;

	if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
		return cn10k_ipsec_inb_sa_create(roc_cpt, ipsec_xfrm,
						 crypto_xfrm, sess);
	else
		return cn10k_ipsec_outb_sa_create(roc_cpt, ipsec_xfrm,
						  crypto_xfrm, sess);
}

static int
cn10k_sec_session_create(void *device, struct rte_security_session_conf *conf,
			 struct rte_security_session *sess,
			 struct rte_mempool *mempool)
{
	struct cn10k_sec_session *priv;
	int ret;

	if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
		return -EINVAL;

	if (rte_mempool_get(mempool, (void **)&priv)) {
		plt_err("Could not allocate security session private data");
		return -ENOMEM;
	}

	set_sec_session_private_data(sess, priv);

	if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {
		ret = -ENOTSUP;
		goto mempool_put;
	}
	ret = cn10k_ipsec_session_create(device, &conf->ipsec,
					 conf->crypto_xform, sess);
	if (ret)
		goto mempool_put;

	return 0;

mempool_put:
	rte_mempool_put(mempool, priv);
	set_sec_session_private_data(sess, NULL);
	return ret;
}

static int
cn10k_sec_session_destroy(void *device __rte_unused,
			  struct rte_security_session *sess)
{
	struct cn10k_sec_session *priv;
	struct rte_mempool *sess_mp;

	priv = get_sec_session_private_data(sess);

	if (priv == NULL)
		return 0;

	sess_mp = rte_mempool_from_obj(priv);

	set_sec_session_private_data(sess, NULL);
	rte_mempool_put(sess_mp, priv);

	return 0;
}

static unsigned int
cn10k_sec_session_get_size(void *device __rte_unused)
{
	return sizeof(struct cn10k_sec_session);
}

/* Update platform specific security ops */
void
cn10k_sec_ops_override(void)
{
	/* Update platform specific ops */
	cnxk_sec_ops.session_create = cn10k_sec_session_create;
	cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
	cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;
}
DPDK: Upgrade to 21.11.2. 2022-09-06 04:00:10 +00:00			`/* SPDX-License-Identifier: BSD-3-Clause`
			`* Copyright(C) 2021 Marvell.`
			`*/`

			`#include <rte_malloc.h>`
			`#include <cryptodev_pmd.h>`
			`#include <rte_esp.h>`
			`#include <rte_ip.h>`
			`#include <rte_security.h>`
			`#include <rte_security_driver.h>`
			`#include <rte_udp.h>`

			`#include "cnxk_cryptodev.h"`
			`#include "cnxk_ipsec.h"`
			`#include "cnxk_security.h"`
			`#include "cn10k_ipsec.h"`

			`#include "roc_api.h"`

			`static uint64_t`
			`ipsec_cpt_inst_w7_get(struct roc_cpt roc_cpt, void sa)`
			`{`
			`union cpt_inst_w7 w7;`

			`w7.u64 = 0;`
			`w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];`
			`w7.s.ctx_val = 1;`
			`w7.s.cptr = (uint64_t)sa;`
			`rte_mb();`

			`return w7.u64;`
			`}`

			`static int`
			`cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt,`
			`struct rte_security_ipsec_xform *ipsec_xfrm,`
			`struct rte_crypto_sym_xform *crypto_xfrm,`
			`struct rte_security_session *sec_sess)`
			`{`
			`union roc_ot_ipsec_outb_param1 param1;`
			`struct roc_ot_ipsec_outb_sa *out_sa;`
			`struct cnxk_ipsec_outb_rlens rlens;`
			`struct cn10k_sec_session *sess;`
			`struct cn10k_ipsec_sa *sa;`
			`union cpt_inst_w4 inst_w4;`
			`int ret;`

			`sess = get_sec_session_private_data(sec_sess);`
			`sa = &sess->sa;`
			`out_sa = &sa->out_sa;`

			`memset(out_sa, 0, sizeof(struct roc_ot_ipsec_outb_sa));`

			`/* Translate security parameters to SA */`
			`ret = cnxk_ot_ipsec_outb_sa_fill(out_sa, ipsec_xfrm, crypto_xfrm);`
			`if (ret)`
			`return ret;`

			`sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);`

			`#ifdef LA_IPSEC_DEBUG`
			`/* Use IV from application in debug mode */`
			`if (ipsec_xfrm->options.iv_gen_disable == 1) {`
			`out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;`
			`if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {`
			`sa->iv_offset = crypto_xfrm->aead.iv.offset;`
			`sa->iv_length = crypto_xfrm->aead.iv.length;`
			`}`
			`}`
			`#else`
			`if (ipsec_xfrm->options.iv_gen_disable != 0) {`
			`plt_err("Application provided IV not supported");`
			`return -ENOTSUP;`
			`}`
			`#endif`

			`/* Get Rlen calculation data */`
			`ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);`
			`if (ret)`
			`return ret;`

			`sa->max_extended_len = rlens.max_extended_len;`

			`/* pre-populate CPT INST word 4 */`
			`inst_w4.u64 = 0;`
			`inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_OUTBOUND_IPSEC;`

			`param1.u16 = 0;`

			`/* Disable IP checksum computation by default */`
			`param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;`

			`if (ipsec_xfrm->options.ip_csum_enable) {`
			`param1.s.ip_csum_disable =`
			`ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;`
			`}`

			`/* Disable L4 checksum computation by default */`
			`param1.s.l4_csum_disable = ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE;`

			`if (ipsec_xfrm->options.l4_csum_enable) {`
			`param1.s.l4_csum_disable =`
			`ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE;`
			`}`

			`inst_w4.s.param1 = param1.u16;`

			`sa->inst.w4 = inst_w4.u64;`

			`return 0;`
			`}`

			`static int`
			`cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt,`
			`struct rte_security_ipsec_xform *ipsec_xfrm,`
			`struct rte_crypto_sym_xform *crypto_xfrm,`
			`struct rte_security_session *sec_sess)`
			`{`
			`union roc_ot_ipsec_inb_param1 param1;`
			`struct roc_ot_ipsec_inb_sa *in_sa;`
			`struct cn10k_sec_session *sess;`
			`struct cn10k_ipsec_sa *sa;`
			`union cpt_inst_w4 inst_w4;`
			`int ret;`

			`sess = get_sec_session_private_data(sec_sess);`
			`sa = &sess->sa;`
			`in_sa = &sa->in_sa;`

			`/* Translate security parameters to SA */`
			`ret = cnxk_ot_ipsec_inb_sa_fill(in_sa, ipsec_xfrm, crypto_xfrm);`
			`if (ret)`
			`return ret;`

			`/* TODO add support for antireplay */`
			`sa->in_sa.w0.s.ar_win = 0;`

			`/* TODO add support for udp encap */`

			`sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);`

			`/* pre-populate CPT INST word 4 */`
			`inst_w4.u64 = 0;`
			`inst_w4.s.opcode_major = ROC_IE_OT_MAJOR_OP_PROCESS_INBOUND_IPSEC;`

			`param1.u16 = 0;`

			`/* Disable IP checksum verification by default */`
			`param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;`

			`if (ipsec_xfrm->options.ip_csum_enable) {`
			`param1.s.ip_csum_disable =`
			`ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;`
			`sa->ip_csum_enable = true;`
			`}`

			`/* Disable L4 checksum verification by default */`
			`param1.s.l4_csum_disable = ROC_IE_OT_SA_INNER_PKT_L4_CSUM_DISABLE;`

			`if (ipsec_xfrm->options.l4_csum_enable) {`
			`param1.s.l4_csum_disable =`
			`ROC_IE_OT_SA_INNER_PKT_L4_CSUM_ENABLE;`
			`}`

			`param1.s.esp_trailer_disable = 1;`

			`inst_w4.s.param1 = param1.u16;`

			`sa->inst.w4 = inst_w4.u64;`

			`return 0;`
			`}`

			`static int`
			`cn10k_ipsec_session_create(void *dev,`
			`struct rte_security_ipsec_xform *ipsec_xfrm,`
			`struct rte_crypto_sym_xform *crypto_xfrm,`
			`struct rte_security_session *sess)`
			`{`
			`struct rte_cryptodev *crypto_dev = dev;`
			`struct roc_cpt *roc_cpt;`
			`struct cnxk_cpt_vf *vf;`
			`int ret;`

			`vf = crypto_dev->data->dev_private;`
			`roc_cpt = &vf->cpt;`

			`if (crypto_dev->data->queue_pairs[0] == NULL) {`
			`plt_err("Setup cpt queue pair before creating security session");`
			`return -EPERM;`
			`}`

			`ret = cnxk_ipsec_xform_verify(ipsec_xfrm, crypto_xfrm);`
			`if (ret)`
			`return ret;`

			`if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)`
			`return cn10k_ipsec_inb_sa_create(roc_cpt, ipsec_xfrm,`
			`crypto_xfrm, sess);`
			`else`
			`return cn10k_ipsec_outb_sa_create(roc_cpt, ipsec_xfrm,`
			`crypto_xfrm, sess);`
			`}`

			`static int`
			`cn10k_sec_session_create(void device, struct rte_security_session_conf conf,`
			`struct rte_security_session *sess,`
			`struct rte_mempool *mempool)`
			`{`
			`struct cn10k_sec_session *priv;`
			`int ret;`

			`if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)`
			`return -EINVAL;`

			`if (rte_mempool_get(mempool, (void **)&priv)) {`
			`plt_err("Could not allocate security session private data");`
			`return -ENOMEM;`
			`}`

			`set_sec_session_private_data(sess, priv);`

			`if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC) {`
			`ret = -ENOTSUP;`
			`goto mempool_put;`
			`}`
			`ret = cn10k_ipsec_session_create(device, &conf->ipsec,`
			`conf->crypto_xform, sess);`
			`if (ret)`
			`goto mempool_put;`

			`return 0;`

			`mempool_put:`
			`rte_mempool_put(mempool, priv);`
			`set_sec_session_private_data(sess, NULL);`
			`return ret;`
			`}`

			`static int`
			`cn10k_sec_session_destroy(void *device __rte_unused,`
			`struct rte_security_session *sess)`
			`{`
			`struct cn10k_sec_session *priv;`
			`struct rte_mempool *sess_mp;`

			`priv = get_sec_session_private_data(sess);`

			`if (priv == NULL)`
			`return 0;`

			`sess_mp = rte_mempool_from_obj(priv);`

			`set_sec_session_private_data(sess, NULL);`
			`rte_mempool_put(sess_mp, priv);`

			`return 0;`
			`}`

			`static unsigned int`
			`cn10k_sec_session_get_size(void *device __rte_unused)`
			`{`
			`return sizeof(struct cn10k_sec_session);`
			`}`

			`/* Update platform specific security ops */`
			`void`
			`cn10k_sec_ops_override(void)`
			`{`
			`/* Update platform specific ops */`
			`cnxk_sec_ops.session_create = cn10k_sec_session_create;`
			`cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;`
			`cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;`
			`}`