crypto/octeontx2: improve symmetric session algos check

[dpdk.git] / drivers / crypto / octeontx2 / otx2_cryptodev_ops.c

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 17c755d..ad292a0 100644 (file)
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -6,6 +6,7 @@
 
 #include <rte_cryptodev_pmd.h>
 #include <rte_errno.h>
+#include <rte_ethdev.h>
 
 #include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
@@ -13,6 +14,7 @@
 #include "otx2_cryptodev_mbox.h"
 #include "otx2_cryptodev_ops.h"
 #include "otx2_mbox.h"
+#include "otx2_sec_idev.h"
 
 #include "cpt_hw_types.h"
 #include "cpt_pmd_logs.h"
@@ -127,6 +129,34 @@ otx2_cpt_metabuf_mempool_destroy(struct otx2_cpt_qp *qp)
        meta_info->sg_mlen = 0;
 }
 
+static int
+otx2_cpt_qp_inline_cfg(const struct rte_cryptodev *dev, struct otx2_cpt_qp *qp)
+{
+       static rte_atomic16_t port_offset = RTE_ATOMIC16_INIT(-1);
+       uint16_t port_id, nb_ethport = rte_eth_dev_count_avail();
+       int i, ret;
+
+       for (i = 0; i < nb_ethport; i++) {
+               port_id = rte_atomic16_add_return(&port_offset, 1) % nb_ethport;
+               if (otx2_eth_dev_is_sec_capable(&rte_eth_devices[port_id]))
+                       break;
+       }
+
+       if (i >= nb_ethport)
+               return 0;
+
+       ret = otx2_cpt_qp_ethdev_bind(dev, qp, port_id);
+       if (ret)
+               return ret;
+
+       /* Publish inline Tx QP to eth dev security */
+       ret = otx2_sec_idev_tx_cpt_qp_add(port_id, qp);
+       if (ret)
+               return ret;
+
+       return 0;
+}
+
 static struct otx2_cpt_qp *
 otx2_cpt_qp_create(const struct rte_cryptodev *dev, uint16_t qp_id,
                   uint8_t group)
@@ -218,8 +248,20 @@ otx2_cpt_qp_create(const struct rte_cryptodev *dev, uint16_t qp_id,
 
        qp->lf_nq_reg = qp->base + OTX2_CPT_LF_NQ(0);
 
+       ret = otx2_sec_idev_tx_cpt_qp_remove(qp);
+       if (ret && (ret != -ENOENT)) {
+               CPT_LOG_ERR("Could not delete inline configuration");
+               goto mempool_destroy;
+       }
+
        otx2_cpt_iq_disable(qp);
 
+       ret = otx2_cpt_qp_inline_cfg(dev, qp);
+       if (ret) {
+               CPT_LOG_ERR("Could not configure queue for inline IPsec");
+               goto mempool_destroy;
+       }
+
        ret = otx2_cpt_iq_enable(dev, qp, group, OTX2_CPT_QUEUE_HI_PRIO,
                                 size_div40);
        if (ret) {
@@ -245,6 +287,12 @@ otx2_cpt_qp_destroy(const struct rte_cryptodev *dev, struct otx2_cpt_qp *qp)
        char name[RTE_MEMZONE_NAMESIZE];
        int ret;
 
+       ret = otx2_sec_idev_tx_cpt_qp_remove(qp);
+       if (ret && (ret != -ENOENT)) {
+               CPT_LOG_ERR("Could not delete inline configuration");
+               return ret;
+       }
+
        otx2_cpt_iq_disable(qp);
 
        otx2_cpt_metabuf_mempool_destroy(qp);
@@ -263,6 +311,41 @@ otx2_cpt_qp_destroy(const struct rte_cryptodev *dev, struct otx2_cpt_qp *qp)
        return 0;
 }
 
+static int
+sym_xform_verify(struct rte_crypto_sym_xform *xform)
+{
+       if (xform->next) {
+               if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+                   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+                   xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+                       return -ENOTSUP;
+
+               if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+                   xform->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT &&
+                   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
+                       return -ENOTSUP;
+
+               if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+                   xform->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC &&
+                   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+                   xform->next->auth.algo == RTE_CRYPTO_AUTH_SHA1)
+                       return -ENOTSUP;
+
+               if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+                   xform->auth.algo == RTE_CRYPTO_AUTH_SHA1 &&
+                   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
+                   xform->next->cipher.algo == RTE_CRYPTO_CIPHER_3DES_CBC)
+                       return -ENOTSUP;
+
+       } else {
+               if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+                   xform->auth.algo == RTE_CRYPTO_AUTH_NULL &&
+                   xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+                       return -ENOTSUP;
+       }
+       return 0;
+}
+
 static int
 sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
                      struct rte_cryptodev_sym_session *sess,
@@ -272,10 +355,9 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
        void *priv;
        int ret;
 
-       if (unlikely(cpt_is_algo_supported(xform))) {
-               CPT_LOG_ERR("Crypto xform not supported");
-               return -ENOTSUP;
-       }
+       ret = sym_xform_verify(xform);
+       if (unlikely(ret))
+               return ret;
 
        if (unlikely(rte_mempool_get(pool, &priv))) {
                CPT_LOG_ERR("Could not allocate session private data");
@@ -325,7 +407,6 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
 priv_put:
        rte_mempool_put(pool, priv);
 
-       CPT_LOG_ERR("Crypto xform not supported");
        return -ENOTSUP;
 }
 
@@ -347,7 +428,7 @@ sym_session_clear(int driver_id, struct rte_cryptodev_sym_session *sess)
        rte_mempool_put(pool, priv);
 }
 
-static __rte_always_inline int32_t __hot
+static __rte_always_inline int32_t __rte_hot
 otx2_cpt_enqueue_req(const struct otx2_cpt_qp *qp,
                     struct pending_queue *pend_q,
                     struct cpt_request_info *req)
@@ -395,7 +476,7 @@ otx2_cpt_enqueue_req(const struct otx2_cpt_qp *qp,
        return 0;
 }
 
-static __rte_always_inline int32_t __hot
+static __rte_always_inline int32_t __rte_hot
 otx2_cpt_enqueue_asym(struct otx2_cpt_qp *qp,
                      struct rte_crypto_op *op,
                      struct pending_queue *pend_q)
@@ -447,6 +528,12 @@ otx2_cpt_enqueue_asym(struct otx2_cpt_qp *qp,
                if (unlikely(ret))
                        goto req_fail;
                break;
+       case RTE_CRYPTO_ASYM_XFORM_ECPM:
+               ret = cpt_ecpm_prep(&asym_op->ecpm, &params,
+                                   sess->ec_ctx.curveid);
+               if (unlikely(ret))
+                       goto req_fail;
+               break;
        default:
                op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
                ret = -EINVAL;
@@ -472,7 +559,7 @@ req_fail:
        return ret;
 }
 
-static __rte_always_inline int __hot
+static __rte_always_inline int __rte_hot
 otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
                     struct pending_queue *pend_q)
 {
@@ -515,7 +602,7 @@ otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
        return ret;
 }
 
-static __rte_always_inline int __hot
+static __rte_always_inline int __rte_hot
 otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
                              struct pending_queue *pend_q)
 {
@@ -665,6 +752,19 @@ otx2_cpt_asym_dequeue_ecdsa_op(struct rte_crypto_ecdsa_op_param *ecdsa,
        ecdsa->s.length = prime_len;
 }
 
+static __rte_always_inline void
+otx2_cpt_asym_dequeue_ecpm_op(struct rte_crypto_ecpm_op_param *ecpm,
+                            struct cpt_request_info *req,
+                            struct cpt_asym_ec_ctx *ec)
+{
+       int prime_len = ec_grp[ec->curveid].prime.length;
+
+       memcpy(ecpm->r.x.data, req->rptr, prime_len);
+       memcpy(ecpm->r.y.data, req->rptr + ROUNDUP8(prime_len), prime_len);
+       ecpm->r.x.length = prime_len;
+       ecpm->r.y.length = prime_len;
+}
+
 static void
 otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
                           struct cpt_request_info *req)
@@ -687,6 +787,9 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
        case RTE_CRYPTO_ASYM_XFORM_ECDSA:
                otx2_cpt_asym_dequeue_ecdsa_op(&op->ecdsa, req, &sess->ec_ctx);
                break;
+       case RTE_CRYPTO_ASYM_XFORM_ECPM:
+               otx2_cpt_asym_dequeue_ecpm_op(&op->ecpm, req, &sess->ec_ctx);
+               break;
        default:
                CPT_LOG_DP_DEBUG("Invalid crypto xform type");
                cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
@@ -891,12 +994,20 @@ otx2_cpt_dev_config(struct rte_cryptodev *dev,
                goto queues_detach;
        }
 
+       ret = otx2_cpt_inline_init(dev);
+       if (ret) {
+               CPT_LOG_ERR("Could not enable inline IPsec");
+               goto intr_unregister;
+       }
+
        dev->enqueue_burst = otx2_cpt_enqueue_burst;
        dev->dequeue_burst = otx2_cpt_dequeue_burst;
 
        rte_mb();
        return 0;
 
+intr_unregister:
+       otx2_cpt_err_intr_unregister(dev);
 queues_detach:
        otx2_cpt_queues_detach(dev);
        return ret;
@@ -1126,7 +1237,6 @@ struct rte_cryptodev_ops otx2_cpt_ops = {
        .stats_reset = NULL,
        .queue_pair_setup = otx2_cpt_queue_pair_setup,
        .queue_pair_release = otx2_cpt_queue_pair_release,
-       .queue_pair_count = NULL,
 
        /* Symmetric crypto ops */
        .sym_session_get_size = otx2_cpt_sym_session_get_size,