1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright 2017 NXP. 3 * Copyright(c) 2017 Intel Corporation. 4 * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved 5 */ 6 7 #include <ctype.h> 8 #include <stdlib.h> 9 10 #include <rte_cryptodev.h> 11 #include <dev_driver.h> 12 #include <rte_telemetry.h> 13 #include "rte_security.h" 14 #include "rte_security_driver.h" 15 16 /* Macro to check for invalid pointers */ 17 #define RTE_PTR_OR_ERR_RET(ptr, retval) do { \ 18 if ((ptr) == NULL) \ 19 return retval; \ 20 } while (0) 21 22 /* Macro to check for invalid pointers chains */ 23 #define RTE_PTR_CHAIN3_OR_ERR_RET(p1, p2, p3, retval, last_retval) do { \ 24 RTE_PTR_OR_ERR_RET(p1, retval); \ 25 RTE_PTR_OR_ERR_RET(p1->p2, retval); \ 26 RTE_PTR_OR_ERR_RET(p1->p2->p3, last_retval); \ 27 } while (0) 28 29 #define RTE_SECURITY_DYNFIELD_NAME "rte_security_dynfield_metadata" 30 int rte_security_dynfield_offset = -1; 31 32 int 33 rte_security_dynfield_register(void) 34 { 35 static const struct rte_mbuf_dynfield dynfield_desc = { 36 .name = RTE_SECURITY_DYNFIELD_NAME, 37 .size = sizeof(rte_security_dynfield_t), 38 .align = __alignof__(rte_security_dynfield_t), 39 }; 40 rte_security_dynfield_offset = 41 rte_mbuf_dynfield_register(&dynfield_desc); 42 return rte_security_dynfield_offset; 43 } 44 45 struct rte_security_session * 46 rte_security_session_create(struct rte_security_ctx *instance, 47 struct rte_security_session_conf *conf, 48 struct rte_mempool *mp, 49 struct rte_mempool *priv_mp) 50 { 51 struct rte_security_session *sess = NULL; 52 53 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_create, NULL, NULL); 54 RTE_PTR_OR_ERR_RET(conf, NULL); 55 RTE_PTR_OR_ERR_RET(mp, NULL); 56 RTE_PTR_OR_ERR_RET(priv_mp, NULL); 57 58 if (rte_mempool_get(mp, (void **)&sess)) 59 return NULL; 60 61 if (instance->ops->session_create(instance->device, conf, 62 sess, priv_mp)) { 63 rte_mempool_put(mp, (void *)sess); 64 return NULL; 65 } 66 instance->sess_cnt++; 67 68 return sess; 69 } 70 71 int 72 rte_security_session_update(struct rte_security_ctx *instance, 73 struct rte_security_session *sess, 74 struct rte_security_session_conf *conf) 75 { 76 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, 77 -ENOTSUP); 78 RTE_PTR_OR_ERR_RET(sess, -EINVAL); 79 RTE_PTR_OR_ERR_RET(conf, -EINVAL); 80 81 return instance->ops->session_update(instance->device, sess, conf); 82 } 83 84 unsigned int 85 rte_security_session_get_size(struct rte_security_ctx *instance) 86 { 87 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_get_size, 0, 0); 88 89 return instance->ops->session_get_size(instance->device); 90 } 91 92 int 93 rte_security_session_stats_get(struct rte_security_ctx *instance, 94 struct rte_security_session *sess, 95 struct rte_security_stats *stats) 96 { 97 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, 98 -ENOTSUP); 99 /* Parameter sess can be NULL in case of getting global statistics. */ 100 RTE_PTR_OR_ERR_RET(stats, -EINVAL); 101 102 return instance->ops->session_stats_get(instance->device, sess, stats); 103 } 104 105 int 106 rte_security_session_destroy(struct rte_security_ctx *instance, 107 struct rte_security_session *sess) 108 { 109 int ret; 110 111 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_destroy, -EINVAL, 112 -ENOTSUP); 113 RTE_PTR_OR_ERR_RET(sess, -EINVAL); 114 115 ret = instance->ops->session_destroy(instance->device, sess); 116 if (ret != 0) 117 return ret; 118 119 rte_mempool_put(rte_mempool_from_obj(sess), (void *)sess); 120 121 if (instance->sess_cnt) 122 instance->sess_cnt--; 123 124 return 0; 125 } 126 127 int 128 rte_security_macsec_sc_create(struct rte_security_ctx *instance, 129 struct rte_security_macsec_sc *conf) 130 { 131 int sc_id; 132 133 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_create, -EINVAL, -ENOTSUP); 134 RTE_PTR_OR_ERR_RET(conf, -EINVAL); 135 136 sc_id = instance->ops->macsec_sc_create(instance->device, conf); 137 if (sc_id >= 0) 138 instance->macsec_sc_cnt++; 139 140 return sc_id; 141 } 142 143 int 144 rte_security_macsec_sa_create(struct rte_security_ctx *instance, 145 struct rte_security_macsec_sa *conf) 146 { 147 int sa_id; 148 149 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_create, -EINVAL, -ENOTSUP); 150 RTE_PTR_OR_ERR_RET(conf, -EINVAL); 151 152 sa_id = instance->ops->macsec_sa_create(instance->device, conf); 153 if (sa_id >= 0) 154 instance->macsec_sa_cnt++; 155 156 return sa_id; 157 } 158 159 int 160 rte_security_macsec_sc_destroy(struct rte_security_ctx *instance, uint16_t sc_id) 161 { 162 int ret; 163 164 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_destroy, -EINVAL, -ENOTSUP); 165 166 ret = instance->ops->macsec_sc_destroy(instance->device, sc_id); 167 if (ret != 0) 168 return ret; 169 170 if (instance->macsec_sc_cnt) 171 instance->macsec_sc_cnt--; 172 173 return 0; 174 } 175 176 int 177 rte_security_macsec_sa_destroy(struct rte_security_ctx *instance, uint16_t sa_id) 178 { 179 int ret; 180 181 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_destroy, -EINVAL, -ENOTSUP); 182 183 ret = instance->ops->macsec_sa_destroy(instance->device, sa_id); 184 if (ret != 0) 185 return ret; 186 187 if (instance->macsec_sa_cnt) 188 instance->macsec_sa_cnt--; 189 190 return 0; 191 } 192 193 int 194 rte_security_macsec_sc_stats_get(struct rte_security_ctx *instance, uint16_t sc_id, 195 struct rte_security_macsec_sc_stats *stats) 196 { 197 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sc_stats_get, -EINVAL, -ENOTSUP); 198 RTE_PTR_OR_ERR_RET(stats, -EINVAL); 199 200 return instance->ops->macsec_sc_stats_get(instance->device, sc_id, stats); 201 } 202 203 int 204 rte_security_macsec_sa_stats_get(struct rte_security_ctx *instance, uint16_t sa_id, 205 struct rte_security_macsec_sa_stats *stats) 206 { 207 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, macsec_sa_stats_get, -EINVAL, -ENOTSUP); 208 RTE_PTR_OR_ERR_RET(stats, -EINVAL); 209 210 return instance->ops->macsec_sa_stats_get(instance->device, sa_id, stats); 211 } 212 213 int 214 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, 215 struct rte_security_session *sess, 216 struct rte_mbuf *m, void *params) 217 { 218 #ifdef RTE_DEBUG 219 RTE_PTR_OR_ERR_RET(sess, -EINVAL); 220 RTE_PTR_OR_ERR_RET(instance, -EINVAL); 221 RTE_PTR_OR_ERR_RET(instance->ops, -EINVAL); 222 #endif 223 if (*instance->ops->set_pkt_metadata == NULL) 224 return -ENOTSUP; 225 return instance->ops->set_pkt_metadata(instance->device, 226 sess, m, params); 227 } 228 229 void * 230 __rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) 231 { 232 void *userdata = NULL; 233 234 #ifdef RTE_DEBUG 235 RTE_PTR_OR_ERR_RET(instance, NULL); 236 RTE_PTR_OR_ERR_RET(instance->ops, NULL); 237 #endif 238 if (*instance->ops->get_userdata == NULL) 239 return NULL; 240 if (instance->ops->get_userdata(instance->device, md, &userdata)) 241 return NULL; 242 243 return userdata; 244 } 245 246 const struct rte_security_capability * 247 rte_security_capabilities_get(struct rte_security_ctx *instance) 248 { 249 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); 250 251 return instance->ops->capabilities_get(instance->device); 252 } 253 254 const struct rte_security_capability * 255 rte_security_capability_get(struct rte_security_ctx *instance, 256 struct rte_security_capability_idx *idx) 257 { 258 const struct rte_security_capability *capabilities; 259 const struct rte_security_capability *capability; 260 uint16_t i = 0; 261 262 RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, capabilities_get, NULL, NULL); 263 RTE_PTR_OR_ERR_RET(idx, NULL); 264 265 capabilities = instance->ops->capabilities_get(instance->device); 266 267 if (capabilities == NULL) 268 return NULL; 269 270 while ((capability = &capabilities[i++])->action 271 != RTE_SECURITY_ACTION_TYPE_NONE) { 272 if (capability->action == idx->action && 273 capability->protocol == idx->protocol) { 274 if (idx->protocol == RTE_SECURITY_PROTOCOL_IPSEC) { 275 if (capability->ipsec.proto == 276 idx->ipsec.proto && 277 capability->ipsec.mode == 278 idx->ipsec.mode && 279 capability->ipsec.direction == 280 idx->ipsec.direction) 281 return capability; 282 } else if (idx->protocol == RTE_SECURITY_PROTOCOL_PDCP) { 283 if (capability->pdcp.domain == 284 idx->pdcp.domain) 285 return capability; 286 } else if (idx->protocol == 287 RTE_SECURITY_PROTOCOL_DOCSIS) { 288 if (capability->docsis.direction == 289 idx->docsis.direction) 290 return capability; 291 } 292 } 293 } 294 295 return NULL; 296 } 297 298 static int 299 security_handle_cryptodev_list(const char *cmd __rte_unused, 300 const char *params __rte_unused, 301 struct rte_tel_data *d) 302 { 303 int dev_id; 304 305 if (rte_cryptodev_count() < 1) 306 return -1; 307 308 rte_tel_data_start_array(d, RTE_TEL_INT_VAL); 309 for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) 310 if (rte_cryptodev_is_valid_dev(dev_id) && 311 rte_cryptodev_get_sec_ctx(dev_id)) 312 rte_tel_data_add_array_int(d, dev_id); 313 314 return 0; 315 } 316 317 #define CRYPTO_CAPS_SZ \ 318 (RTE_ALIGN_CEIL(sizeof(struct rte_cryptodev_capabilities), \ 319 sizeof(uint64_t)) / sizeof(uint64_t)) 320 321 static int 322 crypto_caps_array(struct rte_tel_data *d, 323 const struct rte_cryptodev_capabilities *capabilities) 324 { 325 const struct rte_cryptodev_capabilities *dev_caps; 326 uint64_t caps_val[CRYPTO_CAPS_SZ]; 327 unsigned int i = 0, j; 328 329 rte_tel_data_start_array(d, RTE_TEL_U64_VAL); 330 331 while ((dev_caps = &capabilities[i++])->op != 332 RTE_CRYPTO_OP_TYPE_UNDEFINED) { 333 memset(&caps_val, 0, CRYPTO_CAPS_SZ * sizeof(caps_val[0])); 334 rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); 335 for (j = 0; j < CRYPTO_CAPS_SZ; j++) 336 rte_tel_data_add_array_u64(d, caps_val[j]); 337 } 338 339 return (i - 1); 340 } 341 342 #define SEC_CAPS_SZ \ 343 (RTE_ALIGN_CEIL(sizeof(struct rte_security_capability), \ 344 sizeof(uint64_t)) / sizeof(uint64_t)) 345 346 static int 347 sec_caps_array(struct rte_tel_data *d, 348 const struct rte_security_capability *capabilities) 349 { 350 const struct rte_security_capability *dev_caps; 351 uint64_t caps_val[SEC_CAPS_SZ]; 352 unsigned int i = 0, j; 353 354 rte_tel_data_start_array(d, RTE_TEL_U64_VAL); 355 356 while ((dev_caps = &capabilities[i++])->action != 357 RTE_SECURITY_ACTION_TYPE_NONE) { 358 memset(&caps_val, 0, SEC_CAPS_SZ * sizeof(caps_val[0])); 359 rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); 360 for (j = 0; j < SEC_CAPS_SZ; j++) 361 rte_tel_data_add_array_u64(d, caps_val[j]); 362 } 363 364 return i - 1; 365 } 366 367 static const struct rte_security_capability * 368 security_capability_by_index(const struct rte_security_capability *capabilities, 369 int index) 370 { 371 const struct rte_security_capability *dev_caps = NULL; 372 int i = 0; 373 374 while ((dev_caps = &capabilities[i])->action != 375 RTE_SECURITY_ACTION_TYPE_NONE) { 376 if (i == index) 377 return dev_caps; 378 379 ++i; 380 } 381 382 return NULL; 383 } 384 385 static int 386 security_capabilities_from_dev_id(int dev_id, const void **caps) 387 { 388 const struct rte_security_capability *capabilities; 389 struct rte_security_ctx *sec_ctx; 390 391 if (rte_cryptodev_is_valid_dev(dev_id) == 0) 392 return -EINVAL; 393 394 sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id); 395 RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL); 396 397 capabilities = rte_security_capabilities_get(sec_ctx); 398 RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); 399 400 *caps = capabilities; 401 return 0; 402 } 403 404 static int 405 security_handle_cryptodev_sec_caps(const char *cmd __rte_unused, const char *params, 406 struct rte_tel_data *d) 407 { 408 const struct rte_security_capability *capabilities; 409 struct rte_tel_data *sec_caps; 410 char *end_param; 411 int sec_caps_n; 412 int dev_id; 413 int rc; 414 415 if (!params || strlen(params) == 0 || !isdigit(*params)) 416 return -EINVAL; 417 418 dev_id = strtoul(params, &end_param, 0); 419 if (*end_param != '\0') 420 CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); 421 422 rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); 423 if (rc < 0) 424 return rc; 425 426 sec_caps = rte_tel_data_alloc(); 427 RTE_PTR_OR_ERR_RET(sec_caps, -ENOMEM); 428 429 rte_tel_data_start_dict(d); 430 sec_caps_n = sec_caps_array(sec_caps, capabilities); 431 rte_tel_data_add_dict_container(d, "sec_caps", sec_caps, 0); 432 rte_tel_data_add_dict_int(d, "sec_caps_n", sec_caps_n); 433 434 return 0; 435 } 436 437 static int 438 security_handle_cryptodev_crypto_caps(const char *cmd __rte_unused, const char *params, 439 struct rte_tel_data *d) 440 { 441 const struct rte_security_capability *capabilities; 442 struct rte_tel_data *crypto_caps; 443 const char *capa_param; 444 int dev_id, capa_id; 445 int crypto_caps_n; 446 char *end_param; 447 int rc; 448 449 if (!params || strlen(params) == 0 || !isdigit(*params)) 450 return -EINVAL; 451 452 dev_id = strtoul(params, &end_param, 0); 453 capa_param = strtok(end_param, ","); 454 if (!capa_param || strlen(capa_param) == 0 || !isdigit(*capa_param)) 455 return -EINVAL; 456 457 capa_id = strtoul(capa_param, &end_param, 0); 458 if (*end_param != '\0') 459 CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); 460 461 rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); 462 if (rc < 0) 463 return rc; 464 465 capabilities = security_capability_by_index(capabilities, capa_id); 466 RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); 467 468 crypto_caps = rte_tel_data_alloc(); 469 RTE_PTR_OR_ERR_RET(crypto_caps, -ENOMEM); 470 471 rte_tel_data_start_dict(d); 472 crypto_caps_n = crypto_caps_array(crypto_caps, capabilities->crypto_capabilities); 473 474 rte_tel_data_add_dict_container(d, "crypto_caps", crypto_caps, 0); 475 rte_tel_data_add_dict_int(d, "crypto_caps_n", crypto_caps_n); 476 477 return 0; 478 } 479 480 RTE_INIT(security_init_telemetry) 481 { 482 rte_telemetry_register_cmd("/security/cryptodev/list", 483 security_handle_cryptodev_list, 484 "Returns list of available crypto devices by IDs. No parameters."); 485 486 rte_telemetry_register_cmd("/security/cryptodev/sec_caps", 487 security_handle_cryptodev_sec_caps, 488 "Returns security capabilities for a cryptodev. Parameters: int dev_id"); 489 490 rte_telemetry_register_cmd("/security/cryptodev/crypto_caps", 491 security_handle_cryptodev_crypto_caps, 492 "Returns crypto capabilities for a security capability. Parameters: int dev_id, sec_cap_id"); 493 } 494