X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;ds=sidebyside;f=lib%2Fsecurity%2Frte_security.c;h=6e45a03fa0ffb1414db46cc911f81e561340b3aa;hb=259ca6d1617ffc1bd3959d331239c8c99a37b07c;hp=fe81ed3e4cc17e386526967bb721741753cbe50a;hpb=d08dcd28c3b245468a9859b7b9a288247dfc95f1;p=dpdk.git diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index fe81ed3e4c..6e45a03fa0 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -4,8 +4,10 @@ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved */ +#include #include #include +#include #include "rte_compat.h" #include "rte_security.h" #include "rte_security_driver.h" @@ -203,3 +205,200 @@ rte_security_capability_get(struct rte_security_ctx *instance, return NULL; } + +static int +security_handle_cryptodev_list(const char *cmd __rte_unused, + const char *params __rte_unused, + struct rte_tel_data *d) +{ + int dev_id; + + if (rte_cryptodev_count() < 1) + return -1; + + rte_tel_data_start_array(d, RTE_TEL_INT_VAL); + for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) + if (rte_cryptodev_is_valid_dev(dev_id) && + rte_cryptodev_get_sec_ctx(dev_id)) + rte_tel_data_add_array_int(d, dev_id); + + return 0; +} + +#define CRYPTO_CAPS_SZ \ + (RTE_ALIGN_CEIL(sizeof(struct rte_cryptodev_capabilities), \ + sizeof(uint64_t)) / sizeof(uint64_t)) + +static int +crypto_caps_array(struct rte_tel_data *d, + const struct rte_cryptodev_capabilities *capabilities) +{ + const struct rte_cryptodev_capabilities *dev_caps; + uint64_t caps_val[CRYPTO_CAPS_SZ]; + unsigned int i = 0, j; + + rte_tel_data_start_array(d, RTE_TEL_U64_VAL); + + while ((dev_caps = &capabilities[i++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + memset(&caps_val, 0, CRYPTO_CAPS_SZ * sizeof(caps_val[0])); + rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); + for (j = 0; j < CRYPTO_CAPS_SZ; j++) + rte_tel_data_add_array_u64(d, caps_val[j]); + } + + return (i - 1); +} + +#define SEC_CAPS_SZ \ + (RTE_ALIGN_CEIL(sizeof(struct rte_security_capability), \ + sizeof(uint64_t)) / sizeof(uint64_t)) + +static int +sec_caps_array(struct rte_tel_data *d, + const struct rte_security_capability *capabilities) +{ + const struct rte_security_capability *dev_caps; + uint64_t caps_val[SEC_CAPS_SZ]; + unsigned int i = 0, j; + + rte_tel_data_start_array(d, RTE_TEL_U64_VAL); + + while ((dev_caps = &capabilities[i++])->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + memset(&caps_val, 0, SEC_CAPS_SZ * sizeof(caps_val[0])); + rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); + for (j = 0; j < SEC_CAPS_SZ; j++) + rte_tel_data_add_array_u64(d, caps_val[j]); + } + + return i - 1; +} + +static const struct rte_security_capability * +security_capability_by_index(const struct rte_security_capability *capabilities, + int index) +{ + const struct rte_security_capability *dev_caps = NULL; + int i = 0; + + while ((dev_caps = &capabilities[i])->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + if (i == index) + return dev_caps; + + ++i; + } + + return NULL; +} + +static int +security_capabilities_from_dev_id(int dev_id, const void **caps) +{ + const struct rte_security_capability *capabilities; + struct rte_security_ctx *sec_ctx; + + if (rte_cryptodev_is_valid_dev(dev_id) == 0) + return -EINVAL; + + sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id); + RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL); + + capabilities = rte_security_capabilities_get(sec_ctx); + RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); + + *caps = capabilities; + return 0; +} + +static int +security_handle_cryptodev_sec_caps(const char *cmd __rte_unused, const char *params, + struct rte_tel_data *d) +{ + const struct rte_security_capability *capabilities; + struct rte_tel_data *sec_caps; + char *end_param; + int sec_caps_n; + int dev_id; + int rc; + + if (!params || strlen(params) == 0 || !isdigit(*params)) + return -EINVAL; + + dev_id = strtoul(params, &end_param, 0); + if (*end_param != '\0') + CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); + + rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); + if (rc < 0) + return rc; + + sec_caps = rte_tel_data_alloc(); + RTE_PTR_OR_ERR_RET(sec_caps, -ENOMEM); + + rte_tel_data_start_dict(d); + sec_caps_n = sec_caps_array(sec_caps, capabilities); + rte_tel_data_add_dict_container(d, "sec_caps", sec_caps, 0); + rte_tel_data_add_dict_int(d, "sec_caps_n", sec_caps_n); + + return 0; +} + +static int +security_handle_cryptodev_crypto_caps(const char *cmd __rte_unused, const char *params, + struct rte_tel_data *d) +{ + const struct rte_security_capability *capabilities; + struct rte_tel_data *crypto_caps; + const char *capa_param; + int dev_id, capa_id; + int crypto_caps_n; + char *end_param; + int rc; + + if (!params || strlen(params) == 0 || !isdigit(*params)) + return -EINVAL; + + dev_id = strtoul(params, &end_param, 0); + capa_param = strtok(end_param, ","); + if (!capa_param || strlen(capa_param) == 0 || !isdigit(*capa_param)) + return -EINVAL; + + capa_id = strtoul(capa_param, &end_param, 0); + if (*end_param != '\0') + CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); + + rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); + if (rc < 0) + return rc; + + capabilities = security_capability_by_index(capabilities, capa_id); + RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); + + crypto_caps = rte_tel_data_alloc(); + RTE_PTR_OR_ERR_RET(crypto_caps, -ENOMEM); + + rte_tel_data_start_dict(d); + crypto_caps_n = crypto_caps_array(crypto_caps, capabilities->crypto_capabilities); + + rte_tel_data_add_dict_container(d, "crypto_caps", crypto_caps, 0); + rte_tel_data_add_dict_int(d, "crypto_caps_n", crypto_caps_n); + + return 0; +} + +RTE_INIT(security_init_telemetry) +{ + rte_telemetry_register_cmd("/security/cryptodev/list", + security_handle_cryptodev_list, + "Returns list of available crypto devices by IDs. No parameters."); + + rte_telemetry_register_cmd("/security/cryptodev/sec_caps", + security_handle_cryptodev_sec_caps, + "Returns security capabilities for a cryptodev. Parameters: int dev_id"); + + rte_telemetry_register_cmd("/security/cryptodev/crypto_caps", + security_handle_cryptodev_crypto_caps, + "Returns crypto capabilities for a security capability. Parameters: int dev_id, sec_cap_id"); +}