1 /* SPDX-License-Identifier: BSD-3-Clause
3 * Copyright(c) 2017 Intel Corporation.
4 * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
7 #include <rte_cryptodev.h>
8 #include <rte_malloc.h>
10 #include <rte_telemetry.h>
11 #include "rte_compat.h"
12 #include "rte_security.h"
13 #include "rte_security_driver.h"
15 /* Macro to check for invalid pointers */
16 #define RTE_PTR_OR_ERR_RET(ptr, retval) do { \
21 /* Macro to check for invalid pointers chains */
22 #define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do { \
23 RTE_PTR_OR_ERR_RET(p1, retval); \
24 RTE_PTR_OR_ERR_RET(p1->p2, retval); \
25 RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval); \
28 #define RTE_SECURITY_DYNFIELD_NAME "rte_security_dynfield_metadata"
29 int rte_security_dynfield_offset = -1;
32 rte_security_dynfield_register(void)
34 static const struct rte_mbuf_dynfield dynfield_desc = {
35 .name = RTE_SECURITY_DYNFIELD_NAME,
36 .size = sizeof(rte_security_dynfield_t),
37 .align = __alignof__(rte_security_dynfield_t),
39 rte_security_dynfield_offset =
40 rte_mbuf_dynfield_register(&dynfield_desc);
41 return rte_security_dynfield_offset;
44 struct rte_security_session *
45 rte_security_session_create(struct rte_security_ctx *instance,
46 struct rte_security_session_conf *conf,
47 struct rte_mempool *mp,
48 struct rte_mempool *priv_mp)
50 struct rte_security_session *sess = NULL;
52 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL);
53 RTE_PTR_OR_ERR_RET(conf, NULL);
54 RTE_PTR_OR_ERR_RET(mp, NULL);
55 RTE_PTR_OR_ERR_RET(priv_mp, NULL);
57 if (rte_mempool_get(mp, (void **)&sess))
60 if (instance->ops->session_create(instance->device, conf,
62 rte_mempool_put(mp, (void *)sess);
71 rte_security_session_update(struct rte_security_ctx *instance,
72 struct rte_security_session *sess,
73 struct rte_security_session_conf *conf)
75 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
77 RTE_PTR_OR_ERR_RET(sess, -EINVAL);
78 RTE_PTR_OR_ERR_RET(conf, -EINVAL);
80 return instance->ops->session_update(instance->device, sess, conf);
84 rte_security_session_get_size(struct rte_security_ctx *instance)
86 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0);
88 return instance->ops->session_get_size(instance->device);
92 rte_security_session_stats_get(struct rte_security_ctx *instance,
93 struct rte_security_session *sess,
94 struct rte_security_stats *stats)
96 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
98 /* Parameter sess can be NULL in case of getting global statistics. */
99 RTE_PTR_OR_ERR_RET(stats, -EINVAL);
101 return instance->ops->session_stats_get(instance->device, sess, stats);
105 rte_security_session_destroy(struct rte_security_ctx *instance,
106 struct rte_security_session *sess)
110 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL,
112 RTE_PTR_OR_ERR_RET(sess, -EINVAL);
114 ret = instance->ops->session_destroy(instance->device, sess);
118 rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess);
120 if (instance->sess_cnt)
121 instance->sess_cnt--;
127 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
128 struct rte_security_session *sess,
129 struct rte_mbuf *m, void *params)
132 RTE_PTR_OR_ERR_RET(sess, -EINVAL);
133 RTE_PTR_OR_ERR_RET(instance, -EINVAL);
134 RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL);
136 RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP);
137 return instance->ops->set_pkt_metadata(instance->device,
142 __rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
144 void *userdata = NULL;
147 RTE_PTR_OR_ERR_RET(instance, NULL);
148 RTE_PTR_OR_ERR_RET(instance->ops, NULL);
150 RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
151 if (instance->ops->get_userdata(instance->device, md, &userdata))
157 const struct rte_security_capability *
158 rte_security_capabilities_get(struct rte_security_ctx *instance)
160 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
162 return instance->ops->capabilities_get(instance->device);
165 const struct rte_security_capability *
166 rte_security_capability_get(struct rte_security_ctx *instance,
167 struct rte_security_capability_idx *idx)
169 const struct rte_security_capability *capabilities;
170 const struct rte_security_capability *capability;
173 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL);
174 RTE_PTR_OR_ERR_RET(idx, NULL);
176 capabilities = instance->ops->capabilities_get(instance->device);
178 if (capabilities == NULL)
181 while ((capability = &capabilities[i++])->action
182 != RTE_SECURITY_ACTION_TYPE_NONE) {
183 if (capability->action == idx->action &&
184 capability->protocol == idx->protocol) {
185 if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) {
186 if (capability->ipsec.proto ==
188 capability->ipsec.mode ==
190 capability->ipsec.direction ==
191 idx->ipsec.direction)
193 } else if (idx->protocol == RTE_SECURITY_PROTOCOL_PDCP) {
194 if (capability->pdcp.domain ==
197 } else if (idx->protocol ==
198 RTE_SECURITY_PROTOCOL_DOCSIS) {
199 if (capability->docsis.direction ==
200 idx->docsis.direction)
210 security_handle_cryptodev_list(const char *cmd __rte_unused,
211 const char *params __rte_unused,
212 struct rte_tel_data *d)
216 if (rte_cryptodev_count() < 1)
219 rte_tel_data_start_array(d, RTE_TEL_INT_VAL);
220 for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++)
221 if (rte_cryptodev_is_valid_dev(dev_id) &&
222 rte_cryptodev_get_sec_ctx(dev_id))
223 rte_tel_data_add_array_int(d, dev_id);
228 #define CRYPTO_CAPS_SZ \
229 (RTE_ALIGN_CEIL(sizeof(struct rte_cryptodev_capabilities), \
230 sizeof(uint64_t)) / sizeof(uint64_t))
233 crypto_caps_array(struct rte_tel_data *d,
234 const struct rte_cryptodev_capabilities *capabilities)
236 const struct rte_cryptodev_capabilities *dev_caps;
237 uint64_t caps_val[CRYPTO_CAPS_SZ];
238 unsigned int i = 0, j;
240 rte_tel_data_start_array(d, RTE_TEL_U64_VAL);
242 while ((dev_caps = &capabilities[i++])->op !=
243 RTE_CRYPTO_OP_TYPE_UNDEFINED) {
244 memset(&caps_val, 0, CRYPTO_CAPS_SZ * sizeof(caps_val[0]));
245 rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0]));
246 for (j = 0; j < CRYPTO_CAPS_SZ; j++)
247 rte_tel_data_add_array_u64(d, caps_val[j]);
253 #define SEC_CAPS_SZ \
254 (RTE_ALIGN_CEIL(sizeof(struct rte_security_capability), \
255 sizeof(uint64_t)) / sizeof(uint64_t))
258 sec_caps_array(struct rte_tel_data *d,
259 const struct rte_security_capability *capabilities)
261 const struct rte_security_capability *dev_caps;
262 uint64_t caps_val[SEC_CAPS_SZ];
263 unsigned int i = 0, j;
265 rte_tel_data_start_array(d, RTE_TEL_U64_VAL);
267 while ((dev_caps = &capabilities[i++])->action !=
268 RTE_SECURITY_ACTION_TYPE_NONE) {
269 memset(&caps_val, 0, SEC_CAPS_SZ * sizeof(caps_val[0]));
270 rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0]));
271 for (j = 0; j < SEC_CAPS_SZ; j++)
272 rte_tel_data_add_array_u64(d, caps_val[j]);
278 static const struct rte_security_capability *
279 security_capability_by_index(const struct rte_security_capability *capabilities,
282 const struct rte_security_capability *dev_caps = NULL;
285 while ((dev_caps = &capabilities[i])->action !=
286 RTE_SECURITY_ACTION_TYPE_NONE) {
297 security_capabilities_from_dev_id(int dev_id, const void **caps)
299 const struct rte_security_capability *capabilities;
300 struct rte_security_ctx *sec_ctx;
302 if (rte_cryptodev_is_valid_dev(dev_id) == 0)
305 sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id);
306 RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL);
308 capabilities = rte_security_capabilities_get(sec_ctx);
309 RTE_PTR_OR_ERR_RET(capabilities, -EINVAL);
311 *caps = capabilities;
316 security_handle_cryptodev_sec_caps(const char *cmd __rte_unused, const char *params,
317 struct rte_tel_data *d)
319 const struct rte_security_capability *capabilities;
320 struct rte_tel_data *sec_caps;
326 if (!params || strlen(params) == 0 || !isdigit(*params))
329 dev_id = strtoul(params, &end_param, 0);
330 if (*end_param != '\0')
331 CDEV_LOG_ERR("Extra parameters passed to command, ignoring");
333 rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities);
337 sec_caps = rte_tel_data_alloc();
338 RTE_PTR_OR_ERR_RET(sec_caps, -ENOMEM);
340 rte_tel_data_start_dict(d);
341 sec_caps_n = sec_caps_array(sec_caps, capabilities);
342 rte_tel_data_add_dict_container(d, "sec_caps", sec_caps, 0);
343 rte_tel_data_add_dict_int(d, "sec_caps_n", sec_caps_n);
349 security_handle_cryptodev_crypto_caps(const char *cmd __rte_unused, const char *params,
350 struct rte_tel_data *d)
352 const struct rte_security_capability *capabilities;
353 struct rte_tel_data *crypto_caps;
354 const char *capa_param;
360 if (!params || strlen(params) == 0 || !isdigit(*params))
363 dev_id = strtoul(params, &end_param, 0);
364 capa_param = strtok(end_param, ",");
365 if (!capa_param || strlen(capa_param) == 0 || !isdigit(*capa_param))
368 capa_id = strtoul(capa_param, &end_param, 0);
369 if (*end_param != '\0')
370 CDEV_LOG_ERR("Extra parameters passed to command, ignoring");
372 rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities);
376 capabilities = security_capability_by_index(capabilities, capa_id);
377 RTE_PTR_OR_ERR_RET(capabilities, -EINVAL);
379 crypto_caps = rte_tel_data_alloc();
380 RTE_PTR_OR_ERR_RET(crypto_caps, -ENOMEM);
382 rte_tel_data_start_dict(d);
383 crypto_caps_n = crypto_caps_array(crypto_caps, capabilities->crypto_capabilities);
385 rte_tel_data_add_dict_container(d, "crypto_caps", crypto_caps, 0);
386 rte_tel_data_add_dict_int(d, "crypto_caps_n", crypto_caps_n);
391 RTE_INIT(security_init_telemetry)
393 rte_telemetry_register_cmd("/security/cryptodev/list",
394 security_handle_cryptodev_list,
395 "Returns list of available crypto devices by IDs. No parameters.");
397 rte_telemetry_register_cmd("/security/cryptodev/sec_caps",
398 security_handle_cryptodev_sec_caps,
399 "Returns security capabilities for a cryptodev. Parameters: int dev_id");
401 rte_telemetry_register_cmd("/security/cryptodev/crypto_caps",
402 security_handle_cryptodev_crypto_caps,
403 "Returns crypto capabilities for a security capability. Parameters: int dev_id, sec_cap_id");