net/softnic: add crypto commands
authorFan Zhang <roy.fan.zhang@intel.com>
Wed, 24 Oct 2018 12:49:04 +0000 (13:49 +0100)
committerThomas Monjalon <thomas@monjalon.net>
Fri, 26 Oct 2018 12:16:05 +0000 (14:16 +0200)
This patch updates the CLI parsing of softnic with extra symmetric
cryptodev, port, session, and action support.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Cristian Dumitrescu <cristian.dumitrescu@intel.com>
doc/guides/rel_notes/release_18_11.rst
drivers/net/softnic/rte_eth_softnic_cli.c

index bd14114..07079c7 100644 (file)
@@ -151,6 +151,12 @@ New Features
   Added support for flow classification (rte_flow API), and metering and
   policing (rte_mtr API) to the SoftNIC PMD.
 
+* **Added Crypto support to Softnic PMD.**
+
+  The Softnic is now capable of processing symmetric crypto workloads such
+  as cipher, cipher-authentication chaining, and aead encryption and
+  decryption. This is achieved by calling DPDK Cryptodev APIs.
+
 * **Added support for GEN3 devices to Intel QAT driver .**
 
   Added support for the third generation of Intel QuickAssist devices.
index 613ec7e..c6640d6 100644 (file)
@@ -9,6 +9,8 @@
 
 #include <rte_common.h>
 #include <rte_cycles.h>
+#include <rte_string_fns.h>
+#include <rte_cryptodev.h>
 
 #include "rte_eth_softnic_internals.h"
 #include "parser.h"
@@ -1088,6 +1090,67 @@ cmd_tap(struct pmd_internals *softnic,
        }
 }
 
+/**
+ * cryptodev <tap_name> dev <device_name> | dev_id <device_id>
+ * queue <n_queues> <queue_size>
+ **/
+
+static void
+cmd_cryptodev(struct pmd_internals *softnic,
+               char **tokens,
+               uint32_t n_tokens,
+               char *out,
+               size_t out_size)
+{
+       struct softnic_cryptodev_params params;
+       char *name;
+
+       memset(&params, 0, sizeof(params));
+       if (n_tokens != 7) {
+               snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]);
+               return;
+       }
+
+       name = tokens[1];
+
+       if (strcmp(tokens[2], "dev") == 0)
+               params.dev_name = tokens[3];
+       else if (strcmp(tokens[2], "dev_id") == 0) {
+               if (softnic_parser_read_uint32(&params.dev_id, tokens[3]) < 0) {
+                       snprintf(out, out_size, MSG_ARG_INVALID,
+                               "dev_id");
+                       return;
+               }
+       } else {
+               snprintf(out, out_size, MSG_ARG_INVALID,
+                       "cryptodev");
+               return;
+       }
+
+       if (strcmp(tokens[4], "queue")) {
+               snprintf(out, out_size, MSG_ARG_NOT_FOUND,
+                       "4");
+               return;
+       }
+
+       if (softnic_parser_read_uint32(&params.n_queues, tokens[5]) < 0) {
+               snprintf(out, out_size, MSG_ARG_INVALID,
+                       "q");
+               return;
+       }
+
+       if (softnic_parser_read_uint32(&params.queue_size, tokens[6]) < 0) {
+               snprintf(out, out_size, MSG_ARG_INVALID,
+                       "queue_size");
+               return;
+       }
+
+       if (softnic_cryptodev_create(softnic, name, &params) == NULL) {
+               snprintf(out, out_size, MSG_CMD_FAIL, tokens[0]);
+               return;
+       }
+}
+
 /**
  * port in action profile <profile_name>
  *  [filter match | mismatch offset <key_offset> mask <key_mask> key <key_value> port <port_id>]
@@ -1282,6 +1345,7 @@ cmd_port_in_action_profile(struct pmd_internals *softnic,
  *  [time]
  *  [tag]
  *  [decap]
+ *
  */
 static void
 cmd_table_action_profile(struct pmd_internals *softnic,
@@ -1747,6 +1811,7 @@ cmd_pipeline(struct pmd_internals *softnic,
  *  | tmgr <tmgr_name>
  *  | tap <tap_name> mempool <mempool_name> mtu <mtu>
  *  | source mempool <mempool_name> file <file_name> bpp <n_bytes_per_pkt>
+ *  | cryptodev <cryptodev_name> rxq <queue_id>
  *  [action <port_in_action_profile_name>]
  *  [disabled]
  */
@@ -1911,6 +1976,27 @@ cmd_pipeline_port_in(struct pmd_internals *softnic,
                }
 
                t0 += 7;
+       } else if (strcmp(tokens[t0], "cryptodev") == 0) {
+               if (n_tokens < t0 + 3) {
+                       snprintf(out, out_size, MSG_ARG_MISMATCH,
+                               "pipeline port in cryptodev");
+                       return;
+               }
+
+               p.type = PORT_IN_CRYPTODEV;
+
+               strlcpy(p.dev_name, tokens[t0 + 1], sizeof(p.dev_name));
+               if (softnic_parser_read_uint16(&p.rxq.queue_id,
+                               tokens[t0 + 3]) != 0) {
+                       snprintf(out, out_size, MSG_ARG_INVALID,
+                               "rxq");
+                       return;
+               }
+
+               p.cryptodev.arg_callback = NULL;
+               p.cryptodev.f_callback = NULL;
+
+               t0 += 4;
        } else {
                snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);
                return;
@@ -1959,6 +2045,7 @@ cmd_pipeline_port_in(struct pmd_internals *softnic,
  *  | tmgr <tmgr_name>
  *  | tap <tap_name>
  *  | sink [file <file_name> pkts <max_n_pkts>]
+ *  | cryptodev <cryptodev_name> txq <txq_id> offset <crypto_op_offset>
  */
 static void
 cmd_pipeline_port_out(struct pmd_internals *softnic,
@@ -2083,6 +2170,40 @@ cmd_pipeline_port_out(struct pmd_internals *softnic,
                                return;
                        }
                }
+       } else if (strcmp(tokens[6], "cryptodev") == 0) {
+               if (n_tokens != 12) {
+                       snprintf(out, out_size, MSG_ARG_MISMATCH,
+                               "pipeline port out cryptodev");
+                       return;
+               }
+
+               p.type = PORT_OUT_CRYPTODEV;
+
+               strlcpy(p.dev_name, tokens[7], sizeof(p.dev_name));
+
+               if (strcmp(tokens[8], "txq")) {
+                       snprintf(out, out_size, MSG_ARG_MISMATCH,
+                               "pipeline port out cryptodev");
+                       return;
+               }
+
+               if (softnic_parser_read_uint16(&p.cryptodev.queue_id, tokens[9])
+                               != 0) {
+                       snprintf(out, out_size, MSG_ARG_INVALID, "queue_id");
+                       return;
+               }
+
+               if (strcmp(tokens[10], "offset")) {
+                       snprintf(out, out_size, MSG_ARG_MISMATCH,
+                               "pipeline port out cryptodev");
+                       return;
+               }
+
+               if (softnic_parser_read_uint32(&p.cryptodev.op_offset,
+                               tokens[11]) != 0) {
+                       snprintf(out, out_size, MSG_ARG_INVALID, "queue_id");
+                       return;
+               }
        } else {
                snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]);
                return;
@@ -3249,6 +3370,18 @@ parse_match(char **tokens,
  *    [time]
  *    [tag <tag>]
  *    [decap <n>]
+ *    [sym_crypto
+ *       encrypt | decrypt
+ *       type
+ *       | cipher
+ *          cipher_algo <algo> cipher_key <key> cipher_iv <iv>
+ *       | cipher_auth
+ *          cipher_algo <algo> cipher_key <key> cipher_iv <iv>
+ *          auth_algo <algo> auth_key <key> digest_size <size>
+ *       | aead
+ *          aead_algo <algo> aead_key <key> aead_iv <iv> aead_aad <aad>
+ *          digest_size <size>
+ *       data_offset <data_offset>]
  *
  * where:
  *    <pa> ::= g | y | r | drop
@@ -3854,6 +3987,368 @@ parse_table_action_time(char **tokens,
        return 1;
 }
 
+static void
+parse_free_sym_crypto_param_data(struct rte_table_action_sym_crypto_params *p)
+{
+       struct rte_crypto_sym_xform *xform[2] = {NULL};
+       uint32_t i;
+
+       xform[0] = p->xform;
+       if (xform[0])
+               xform[1] = xform[0]->next;
+
+       for (i = 0; i < 2; i++) {
+               if (xform[i] == NULL)
+                       continue;
+
+               switch (xform[i]->type) {
+               case RTE_CRYPTO_SYM_XFORM_CIPHER:
+                       if (xform[i]->cipher.key.data)
+                               free(xform[i]->cipher.key.data);
+                       if (p->cipher_auth.cipher_iv.val)
+                               free(p->cipher_auth.cipher_iv.val);
+                       if (p->cipher_auth.cipher_iv_update.val)
+                               free(p->cipher_auth.cipher_iv_update.val);
+                       break;
+               case RTE_CRYPTO_SYM_XFORM_AUTH:
+                       if (xform[i]->auth.key.data)
+                               free(xform[i]->cipher.key.data);
+                       if (p->cipher_auth.auth_iv.val)
+                               free(p->cipher_auth.cipher_iv.val);
+                       if (p->cipher_auth.auth_iv_update.val)
+                               free(p->cipher_auth.cipher_iv_update.val);
+                       break;
+               case RTE_CRYPTO_SYM_XFORM_AEAD:
+                       if (xform[i]->aead.key.data)
+                               free(xform[i]->cipher.key.data);
+                       if (p->aead.iv.val)
+                               free(p->aead.iv.val);
+                       if (p->aead.aad.val)
+                               free(p->aead.aad.val);
+                       break;
+               default:
+                       continue;
+               }
+       }
+
+}
+
+static struct rte_crypto_sym_xform *
+parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
+               char **tokens, uint32_t n_tokens, uint32_t encrypt,
+               uint32_t *used_n_tokens)
+{
+       struct rte_crypto_sym_xform *xform_cipher;
+       int status;
+       size_t len;
+
+       if (n_tokens < 7 || strcmp(tokens[1], "cipher_algo") ||
+                       strcmp(tokens[3], "cipher_key") ||
+                       strcmp(tokens[5], "cipher_iv"))
+               return NULL;
+
+       xform_cipher = calloc(1, sizeof(*xform_cipher));
+       if (xform_cipher == NULL)
+               return NULL;
+
+       xform_cipher->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+       xform_cipher->cipher.op = encrypt ? RTE_CRYPTO_CIPHER_OP_ENCRYPT :
+                       RTE_CRYPTO_CIPHER_OP_DECRYPT;
+
+       /* cipher_algo */
+       status = rte_cryptodev_get_cipher_algo_enum(
+                       &xform_cipher->cipher.algo, tokens[2]);
+       if (status < 0)
+               goto error_exit;
+
+       /* cipher_key */
+       len = strlen(tokens[4]);
+       xform_cipher->cipher.key.data = calloc(1, len / 2 + 1);
+       if (xform_cipher->cipher.key.data == NULL)
+               goto error_exit;
+
+       status = softnic_parse_hex_string(tokens[4],
+                       xform_cipher->cipher.key.data,
+                       (uint32_t *)&len);
+       if (status < 0)
+               goto error_exit;
+
+       xform_cipher->cipher.key.length = (uint16_t)len;
+
+       /* cipher_iv */
+       len = strlen(tokens[6]);
+
+       p->cipher_auth.cipher_iv.val = calloc(1, len / 2 + 1);
+       if (p->cipher_auth.cipher_iv.val == NULL)
+               goto error_exit;
+
+       status = softnic_parse_hex_string(tokens[6],
+                       p->cipher_auth.cipher_iv.val,
+                       (uint32_t *)&len);
+       if (status < 0)
+               goto error_exit;
+
+       xform_cipher->cipher.iv.length = (uint16_t)len;
+       xform_cipher->cipher.iv.offset = RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET;
+       p->cipher_auth.cipher_iv.length = (uint32_t)len;
+       *used_n_tokens = 7;
+
+       return xform_cipher;
+
+error_exit:
+       if (xform_cipher->cipher.key.data)
+               free(xform_cipher->cipher.key.data);
+
+       if (p->cipher_auth.cipher_iv.val) {
+               free(p->cipher_auth.cipher_iv.val);
+               p->cipher_auth.cipher_iv.val = NULL;
+       }
+
+       free(xform_cipher);
+
+       return NULL;
+}
+
+static struct rte_crypto_sym_xform *
+parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
+               char **tokens, uint32_t n_tokens, uint32_t encrypt,
+               uint32_t *used_n_tokens)
+{
+       struct rte_crypto_sym_xform *xform_cipher;
+       struct rte_crypto_sym_xform *xform_auth;
+       int status;
+       size_t len;
+
+       if (n_tokens < 13 ||
+                       strcmp(tokens[7], "auth_algo") ||
+                       strcmp(tokens[9], "auth_key") ||
+                       strcmp(tokens[11], "digest_size"))
+               return NULL;
+
+       xform_auth = calloc(1, sizeof(*xform_auth));
+       if (xform_auth == NULL)
+               return NULL;
+
+       xform_auth->type = RTE_CRYPTO_SYM_XFORM_AUTH;
+       xform_auth->auth.op = encrypt ? RTE_CRYPTO_AUTH_OP_GENERATE :
+                       RTE_CRYPTO_AUTH_OP_VERIFY;
+
+       /* auth_algo */
+       status = rte_cryptodev_get_auth_algo_enum(&xform_auth->auth.algo,
+                       tokens[8]);
+       if (status < 0)
+               goto error_exit;
+
+       /* auth_key */
+       len = strlen(tokens[10]);
+       xform_auth->auth.key.data = calloc(1, len / 2 + 1);
+       if (xform_auth->auth.key.data == NULL)
+               goto error_exit;
+
+       status = softnic_parse_hex_string(tokens[10],
+                       xform_auth->auth.key.data, (uint32_t *)&len);
+       if (status < 0)
+               goto error_exit;
+
+       xform_auth->auth.key.length = (uint16_t)len;
+
+       if (strcmp(tokens[11], "digest_size"))
+               goto error_exit;
+
+       status = softnic_parser_read_uint16(&xform_auth->auth.digest_length,
+                       tokens[12]);
+       if (status < 0)
+               goto error_exit;
+
+       xform_cipher = parse_table_action_cipher(p, tokens, 7, encrypt,
+                       used_n_tokens);
+       if (xform_cipher == NULL)
+               goto error_exit;
+
+       *used_n_tokens += 6;
+
+       if (encrypt) {
+               xform_cipher->next = xform_auth;
+               return xform_cipher;
+       } else {
+               xform_auth->next = xform_cipher;
+               return xform_auth;
+       }
+
+error_exit:
+       if (xform_auth->auth.key.data)
+               free(xform_auth->auth.key.data);
+       if (p->cipher_auth.auth_iv.val) {
+               free(p->cipher_auth.auth_iv.val);
+               p->cipher_auth.auth_iv.val = 0;
+       }
+
+       free(xform_auth);
+
+       return NULL;
+}
+
+static struct rte_crypto_sym_xform *
+parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
+               char **tokens, uint32_t n_tokens, uint32_t encrypt,
+               uint32_t *used_n_tokens)
+{
+       struct rte_crypto_sym_xform *xform_aead;
+       int status;
+       size_t len;
+
+       if (n_tokens < 11 || strcmp(tokens[1], "aead_algo") ||
+                       strcmp(tokens[3], "aead_key") ||
+                       strcmp(tokens[5], "aead_iv") ||
+                       strcmp(tokens[7], "aead_aad") ||
+                       strcmp(tokens[9], "digest_size"))
+               return NULL;
+
+       xform_aead = calloc(1, sizeof(*xform_aead));
+       if (xform_aead == NULL)
+               return NULL;
+
+       xform_aead->type = RTE_CRYPTO_SYM_XFORM_AEAD;
+       xform_aead->aead.op = encrypt ? RTE_CRYPTO_AEAD_OP_ENCRYPT :
+                       RTE_CRYPTO_AEAD_OP_DECRYPT;
+
+       /* aead_algo */
+       status = rte_cryptodev_get_aead_algo_enum(&xform_aead->aead.algo,
+                       tokens[2]);
+       if (status < 0)
+               goto error_exit;
+
+       /* aead_key */
+       len = strlen(tokens[4]);
+       xform_aead->aead.key.data = calloc(1, len / 2 + 1);
+       if (xform_aead->aead.key.data == NULL)
+               goto error_exit;
+
+       status = softnic_parse_hex_string(tokens[4], xform_aead->aead.key.data,
+                       (uint32_t *)&len);
+       if (status < 0)
+               goto error_exit;
+
+       xform_aead->aead.key.length = (uint16_t)len;
+
+       /* aead_iv */
+       len = strlen(tokens[6]);
+       p->aead.iv.val = calloc(1, len / 2 + 1);
+       if (p->aead.iv.val == NULL)
+               goto error_exit;
+
+       status = softnic_parse_hex_string(tokens[6], p->aead.iv.val,
+                       (uint32_t *)&len);
+       if (status < 0)
+               goto error_exit;
+
+       xform_aead->aead.iv.length = (uint16_t)len;
+       xform_aead->aead.iv.offset = RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET;
+       p->aead.iv.length = (uint32_t)len;
+
+       /* aead_aad */
+       len = strlen(tokens[8]);
+       p->aead.aad.val = calloc(1, len / 2 + 1);
+       if (p->aead.aad.val == NULL)
+               goto error_exit;
+
+       status = softnic_parse_hex_string(tokens[8], p->aead.aad.val, (uint32_t *)&len);
+       if (status < 0)
+               goto error_exit;
+
+       xform_aead->aead.aad_length = (uint16_t)len;
+       p->aead.aad.length = (uint32_t)len;
+
+       /* digest_size */
+       status = softnic_parser_read_uint16(&xform_aead->aead.digest_length,
+                       tokens[10]);
+       if (status < 0)
+               goto error_exit;
+
+       *used_n_tokens = 11;
+
+       return xform_aead;
+
+error_exit:
+       if (xform_aead->aead.key.data)
+               free(xform_aead->aead.key.data);
+       if (p->aead.iv.val) {
+               free(p->aead.iv.val);
+               p->aead.iv.val = NULL;
+       }
+       if (p->aead.aad.val) {
+               free(p->aead.aad.val);
+               p->aead.aad.val = NULL;
+       }
+
+       free(xform_aead);
+
+       return NULL;
+}
+
+
+static uint32_t
+parse_table_action_sym_crypto(char **tokens,
+       uint32_t n_tokens,
+       struct softnic_table_rule_action *a)
+{
+       struct rte_table_action_sym_crypto_params *p = &a->sym_crypto;
+       struct rte_crypto_sym_xform *xform = NULL;
+       uint32_t used_n_tokens;
+       uint32_t encrypt;
+       int status;
+
+       if ((n_tokens < 12) ||
+               strcmp(tokens[0], "sym_crypto") ||
+               strcmp(tokens[2], "type"))
+               return 0;
+
+       memset(p, 0, sizeof(*p));
+
+       if (strcmp(tokens[1], "encrypt") == 0)
+               encrypt = 1;
+       else
+               encrypt = 0;
+
+       status = softnic_parser_read_uint32(&p->data_offset, tokens[n_tokens - 1]);
+       if (status < 0)
+               return 0;
+
+       if (strcmp(tokens[3], "cipher") == 0) {
+               tokens += 3;
+               n_tokens -= 3;
+
+               xform = parse_table_action_cipher(p, tokens, n_tokens, encrypt,
+                               &used_n_tokens);
+       } else if (strcmp(tokens[3], "cipher_auth") == 0) {
+               tokens += 3;
+               n_tokens -= 3;
+
+               xform = parse_table_action_cipher_auth(p, tokens, n_tokens,
+                               encrypt, &used_n_tokens);
+       } else if (strcmp(tokens[3], "aead") == 0) {
+               tokens += 3;
+               n_tokens -= 3;
+
+               xform = parse_table_action_aead(p, tokens, n_tokens, encrypt,
+                               &used_n_tokens);
+       }
+
+       if (xform == NULL)
+               return 0;
+
+       p->xform = xform;
+
+       if (strcmp(tokens[used_n_tokens], "data_offset")) {
+               parse_free_sym_crypto_param_data(p);
+               return 0;
+       }
+
+       a->action_mask |= 1 << RTE_TABLE_ACTION_SYM_CRYPTO;
+
+       return used_n_tokens + 5;
+}
+
 static uint32_t
 parse_table_action_tag(char **tokens,
        uint32_t n_tokens,
@@ -4058,6 +4553,19 @@ parse_table_action(char **tokens,
                n_tokens -= n;
        }
 
+       if (n_tokens && (strcmp(tokens[0], "sym_crypto") == 0)) {
+               uint32_t n;
+
+               n = parse_table_action_sym_crypto(tokens, n_tokens, a);
+               if (n == 0) {
+                       snprintf(out, out_size, MSG_ARG_INVALID,
+                               "action sym_crypto");
+               }
+
+               tokens += n;
+               n_tokens -= n;
+       }
+
        if (n_tokens0 - n_tokens == 1) {
                snprintf(out, out_size, MSG_ARG_INVALID, "action");
                return 0;
@@ -5197,6 +5705,11 @@ softnic_cli_process(char *in, char *out, size_t out_size, void *arg)
                return;
        }
 
+       if (strcmp(tokens[0], "cryptodev") == 0) {
+               cmd_cryptodev(softnic, tokens, n_tokens, out, out_size);
+               return;
+       }
+
        if (strcmp(tokens[0], "port") == 0) {
                cmd_port_in_action_profile(softnic, tokens, n_tokens, out, out_size);
                return;