1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright 2017 NXP. 3 * Copyright(c) 2017 Intel Corporation. 4 * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved 5 */ 6 7 #include <rte_cryptodev.h> 8 #include <rte_malloc.h> 9 #include <rte_dev.h> 10 #include <rte_telemetry.h> 11 #include "rte_compat.h" 12 #include "rte_security.h" 13 #include "rte_security_driver.h" 14 15 /* Macro to check for invalid pointers */ 16 #define RTE_PTR_OR_ERR_RET(ptr, retval) do { \ 17 if ((ptr) == NULL) \ 18 return retval; \ 19 } while (0) 20 21 /* Macro to check for invalid pointers chains */ 22 #define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do { \ 23 RTE_PTR_OR_ERR_RET(p1, retval); \ 24 RTE_PTR_OR_ERR_RET(p1->p2, retval); \ 25 RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval); \ 26 } while (0) 27 28 #define RTE_SECURITY_DYNFIELD_NAME "rte_security_dynfield_metadata" 29 int rte_security_dynfield_offset = -1; 30 31 int 32 rte_security_dynfield_register(void) 33 { 34 static const struct rte_mbuf_dynfield dynfield_desc = { 35 .name = RTE_SECURITY_DYNFIELD_NAME, 36 .size = sizeof(rte_security_dynfield_t), 37 .align = __alignof__(rte_security_dynfield_t), 38 }; 39 rte_security_dynfield_offset = 40 rte_mbuf_dynfield_register(&dynfield_desc); 41 return rte_security_dynfield_offset; 42 } 43 44 struct rte_security_session * 45 rte_security_session_create(struct rte_security_ctx *instance, 46 struct rte_security_session_conf *conf, 47 struct rte_mempool *mp, 48 struct rte_mempool *priv_mp) 49 { 50 struct rte_security_session *sess = NULL; 51 52 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); 53 RTE_PTR_OR_ERR_RET(conf, NULL); 54 RTE_PTR_OR_ERR_RET(mp, NULL); 55 RTE_PTR_OR_ERR_RET(priv_mp, NULL); 56 57 if (rte_mempool_get(mp, (void **)&sess)) 58 return NULL; 59 60 if (instance->ops->session_create(instance->device, conf, 61 sess, priv_mp)) { 62 rte_mempool_put(mp, (void *)sess); 63 return NULL; 64 } 65 instance->sess_cnt++; 66 67 return sess; 68 } 69 70 int 71 rte_security_session_update(struct rte_security_ctx *instance, 72 struct rte_security_session *sess, 73 struct rte_security_session_conf *conf) 74 { 75 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, 76 -ENOTSUP); 77 RTE_PTR_OR_ERR_RET(sess, -EINVAL); 78 RTE_PTR_OR_ERR_RET(conf, -EINVAL); 79 80 return instance->ops->session_update(instance->device, sess, conf); 81 } 82 83 unsigned int 84 rte_security_session_get_size(struct rte_security_ctx *instance) 85 { 86 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0); 87 88 return instance->ops->session_get_size(instance->device); 89 } 90 91 int 92 rte_security_session_stats_get(struct rte_security_ctx *instance, 93 struct rte_security_session *sess, 94 struct rte_security_stats *stats) 95 { 96 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, 97 -ENOTSUP); 98 /* Parameter sess can be NULL in case of getting global statistics. */ 99 RTE_PTR_OR_ERR_RET(stats, -EINVAL); 100 101 return instance->ops->session_stats_get(instance->device, sess, stats); 102 } 103 104 int 105 rte_security_session_destroy(struct rte_security_ctx *instance, 106 struct rte_security_session *sess) 107 { 108 int ret; 109 110 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, 111 -ENOTSUP); 112 RTE_PTR_OR_ERR_RET(sess, -EINVAL); 113 114 ret = instance->ops->session_destroy(instance->device, sess); 115 if (ret != 0) 116 return ret; 117 118 rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess); 119 120 if (instance->sess_cnt) 121 instance->sess_cnt--; 122 123 return 0; 124 } 125 126 int 127 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, 128 struct rte_security_session *sess, 129 struct rte_mbuf *m, void *params) 130 { 131 #ifdef RTE_DEBUG 132 RTE_PTR_OR_ERR_RET(sess, -EINVAL); 133 RTE_PTR_OR_ERR_RET(instance, -EINVAL); 134 RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL); 135 #endif 136 RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->set_pkt_metadata, -ENOTSUP); 137 return instance->ops->set_pkt_metadata(instance->device, 138 sess, m, params); 139 } 140 141 void * 142 __rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) 143 { 144 void *userdata = NULL; 145 146 #ifdef RTE_DEBUG 147 RTE_PTR_OR_ERR_RET(instance, NULL); 148 RTE_PTR_OR_ERR_RET(instance->ops, NULL); 149 #endif 150 RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL); 151 if (instance->ops->get_userdata(instance->device, md, &userdata)) 152 return NULL; 153 154 return userdata; 155 } 156 157 const struct rte_security_capability * 158 rte_security_capabilities_get(struct rte_security_ctx *instance) 159 { 160 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); 161 162 return instance->ops->capabilities_get(instance->device); 163 } 164 165 const struct rte_security_capability * 166 rte_security_capability_get(struct rte_security_ctx *instance, 167 struct rte_security_capability_idx *idx) 168 { 169 const struct rte_security_capability *capabilities; 170 const struct rte_security_capability *capability; 171 uint16_t i = 0; 172 173 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); 174 RTE_PTR_OR_ERR_RET(idx, NULL); 175 176 capabilities = instance->ops->capabilities_get(instance->device); 177 178 if (capabilities == NULL) 179 return NULL; 180 181 while ((capability = &capabilities[i++])->action 182 != RTE_SECURITY_ACTION_TYPE_NONE) { 183 if (capability->action == idx->action && 184 capability->protocol == idx->protocol) { 185 if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) { 186 if (capability->ipsec.proto == 187 idx->ipsec.proto && 188 capability->ipsec.mode == 189 idx->ipsec.mode && 190 capability->ipsec.direction == 191 idx->ipsec.direction) 192 return capability; 193 } else if (idx->protocol == RTE_SECURITY_PROTOCOL_PDCP) { 194 if (capability->pdcp.domain == 195 idx->pdcp.domain) 196 return capability; 197 } else if (idx->protocol == 198 RTE_SECURITY_PROTOCOL_DOCSIS) { 199 if (capability->docsis.direction == 200 idx->docsis.direction) 201 return capability; 202 } 203 } 204 } 205 206 return NULL; 207 } 208 209 static int 210 security_handle_cryptodev_list(const char *cmd __rte_unused, 211 const char *params __rte_unused, 212 struct rte_tel_data *d) 213 { 214 int dev_id; 215 216 if (rte_cryptodev_count() < 1) 217 return -1; 218 219 rte_tel_data_start_array(d, RTE_TEL_INT_VAL); 220 for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) 221 if (rte_cryptodev_is_valid_dev(dev_id) && 222 rte_cryptodev_get_sec_ctx(dev_id)) 223 rte_tel_data_add_array_int(d, dev_id); 224 225 return 0; 226 } 227 228 #define CRYPTO_CAPS_SZ \ 229 (RTE_ALIGN_CEIL(sizeof(struct rte_cryptodev_capabilities), \ 230 sizeof(uint64_t)) / sizeof(uint64_t)) 231 232 static int 233 crypto_caps_array(struct rte_tel_data *d, 234 const struct rte_cryptodev_capabilities *capabilities) 235 { 236 const struct rte_cryptodev_capabilities *dev_caps; 237 uint64_t caps_val[CRYPTO_CAPS_SZ]; 238 unsigned int i = 0, j; 239 240 rte_tel_data_start_array(d, RTE_TEL_U64_VAL); 241 242 while ((dev_caps = &capabilities[i++])->op != 243 RTE_CRYPTO_OP_TYPE_UNDEFINED) { 244 memset(&caps_val, 0, CRYPTO_CAPS_SZ * sizeof(caps_val[0])); 245 rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); 246 for (j = 0; j < CRYPTO_CAPS_SZ; j++) 247 rte_tel_data_add_array_u64(d, caps_val[j]); 248 } 249 250 return (i - 1); 251 } 252 253 #define SEC_CAPS_SZ \ 254 (RTE_ALIGN_CEIL(sizeof(struct rte_security_capability), \ 255 sizeof(uint64_t)) / sizeof(uint64_t)) 256 257 static int 258 sec_caps_array(struct rte_tel_data *d, 259 const struct rte_security_capability *capabilities) 260 { 261 const struct rte_security_capability *dev_caps; 262 uint64_t caps_val[SEC_CAPS_SZ]; 263 unsigned int i = 0, j; 264 265 rte_tel_data_start_array(d, RTE_TEL_U64_VAL); 266 267 while ((dev_caps = &capabilities[i++])->action != 268 RTE_SECURITY_ACTION_TYPE_NONE) { 269 memset(&caps_val, 0, SEC_CAPS_SZ * sizeof(caps_val[0])); 270 rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); 271 for (j = 0; j < SEC_CAPS_SZ; j++) 272 rte_tel_data_add_array_u64(d, caps_val[j]); 273 } 274 275 return i - 1; 276 } 277 278 static const struct rte_security_capability * 279 security_capability_by_index(const struct rte_security_capability *capabilities, 280 int index) 281 { 282 const struct rte_security_capability *dev_caps = NULL; 283 int i = 0; 284 285 while ((dev_caps = &capabilities[i])->action != 286 RTE_SECURITY_ACTION_TYPE_NONE) { 287 if (i == index) 288 return dev_caps; 289 290 ++i; 291 } 292 293 return NULL; 294 } 295 296 static int 297 security_capabilities_from_dev_id(int dev_id, const void **caps) 298 { 299 const struct rte_security_capability *capabilities; 300 struct rte_security_ctx *sec_ctx; 301 302 if (rte_cryptodev_is_valid_dev(dev_id) == 0) 303 return -EINVAL; 304 305 sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id); 306 RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL); 307 308 capabilities = rte_security_capabilities_get(sec_ctx); 309 RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); 310 311 *caps = capabilities; 312 return 0; 313 } 314 315 static int 316 security_handle_cryptodev_sec_caps(const char *cmd __rte_unused, const char *params, 317 struct rte_tel_data *d) 318 { 319 const struct rte_security_capability *capabilities; 320 struct rte_tel_data *sec_caps; 321 char *end_param; 322 int sec_caps_n; 323 int dev_id; 324 int rc; 325 326 if (!params || strlen(params) == 0 || !isdigit(*params)) 327 return -EINVAL; 328 329 dev_id = strtoul(params, &end_param, 0); 330 if (*end_param != '\0') 331 CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); 332 333 rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); 334 if (rc < 0) 335 return rc; 336 337 sec_caps = rte_tel_data_alloc(); 338 RTE_PTR_OR_ERR_RET(sec_caps, -ENOMEM); 339 340 rte_tel_data_start_dict(d); 341 sec_caps_n = sec_caps_array(sec_caps, capabilities); 342 rte_tel_data_add_dict_container(d, "sec_caps", sec_caps, 0); 343 rte_tel_data_add_dict_int(d, "sec_caps_n", sec_caps_n); 344 345 return 0; 346 } 347 348 static int 349 security_handle_cryptodev_crypto_caps(const char *cmd __rte_unused, const char *params, 350 struct rte_tel_data *d) 351 { 352 const struct rte_security_capability *capabilities; 353 struct rte_tel_data *crypto_caps; 354 const char *capa_param; 355 int dev_id, capa_id; 356 int crypto_caps_n; 357 char *end_param; 358 int rc; 359 360 if (!params || strlen(params) == 0 || !isdigit(*params)) 361 return -EINVAL; 362 363 dev_id = strtoul(params, &end_param, 0); 364 capa_param = strtok(end_param, ","); 365 if (!capa_param || strlen(capa_param) == 0 || !isdigit(*capa_param)) 366 return -EINVAL; 367 368 capa_id = strtoul(capa_param, &end_param, 0); 369 if (*end_param != '\0') 370 CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); 371 372 rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); 373 if (rc < 0) 374 return rc; 375 376 capabilities = security_capability_by_index(capabilities, capa_id); 377 RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); 378 379 crypto_caps = rte_tel_data_alloc(); 380 RTE_PTR_OR_ERR_RET(crypto_caps, -ENOMEM); 381 382 rte_tel_data_start_dict(d); 383 crypto_caps_n = crypto_caps_array(crypto_caps, capabilities->crypto_capabilities); 384 385 rte_tel_data_add_dict_container(d, "crypto_caps", crypto_caps, 0); 386 rte_tel_data_add_dict_int(d, "crypto_caps_n", crypto_caps_n); 387 388 return 0; 389 } 390 391 RTE_INIT(security_init_telemetry) 392 { 393 rte_telemetry_register_cmd("/security/cryptodev/list", 394 security_handle_cryptodev_list, 395 "Returns list of available crypto devices by IDs. No parameters."); 396 397 rte_telemetry_register_cmd("/security/cryptodev/sec_caps", 398 security_handle_cryptodev_sec_caps, 399 "Returns security capabilities for a cryptodev. Parameters: int dev_id"); 400 401 rte_telemetry_register_cmd("/security/cryptodev/crypto_caps", 402 security_handle_cryptodev_crypto_caps, 403 "Returns crypto capabilities for a security capability. Parameters: int dev_id, sec_cap_id"); 404 } 405