From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6D68C433EF for ; Tue, 2 Nov 2021 14:52:50 +0000 (UTC) Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by mail.kernel.org (Postfix) with ESMTP id 3CE406109D for ; Tue, 2 Nov 2021 14:52:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3CE406109D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=marvell.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dpdk.org Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9003541139; Tue, 2 Nov 2021 15:52:49 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id CF6214068F for ; Tue, 2 Nov 2021 15:52:48 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1A2EqXL1011954; Tue, 2 Nov 2021 07:52:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=ptlPe7zMRLSTe8D2NLzV4wIs2SVyTd+rgrM3ruxS03Y=; b=TYlVBf+oGFQ7bmSpbzPva88QETXSDeOZyr17jZGH08xTDBenj9qFuviN0AOvnDAfnaQo CAHUaaR+HUolQFX8L8NiRLDeEC3kd0I1/mHcZ/ILtDTObed6Gyrziu8AXOqFDwm1bKU/ j4OUqkJcxGINN/yyHn1IZBdyet5dDlLXL9ugmTqCjprH1tcDH7lJNqcW0dWavOXN37t6 GIfaOpRWOHBFNWR4xWooeTfU/E1x/kx8ExXkZYka/Y+e+Rd3eegzHFGcyig//YoGafy9 1fgXKHfLOz2Md6eEcWhIvaQ169SEkk9Y21KObXAduDlVJrGbAXAMrH745fUjn2fiFMpx Vg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3c2ycvaauh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Nov 2021 07:52:46 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 2 Nov 2021 07:52:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 2 Nov 2021 07:52:44 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id 8F8CB5B6932; Tue, 2 Nov 2021 07:52:42 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: , , , , Gowrishankar Muthukrishnan Date: Tue, 2 Nov 2021 20:22:40 +0530 Message-ID: <4d0648e0347e8c6a4b2b095acf568faf6df135ca.1635864621.git.gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: 0FCmvVkD3GFyNK11Djq8ukWl4NY7QN2Z X-Proofpoint-ORIG-GUID: 0FCmvVkD3GFyNK11Djq8ukWl4NY7QN2Z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-02_08,2021-11-02_01,2020-04-07_01 Subject: [dpdk-dev] [v4] security: add telemetry endpoint for cryptodev security capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add telemetry endpoint for cryptodev security capabilities. Signed-off-by: Gowrishankar Muthukrishnan --- v4: - fixed typo in help. --- doc/guides/prog_guide/rte_security.rst | 28 ++++ doc/guides/rel_notes/release_21_11.rst | 5 + lib/security/rte_security.c | 182 +++++++++++++++++++++++++ 3 files changed, 215 insertions(+) diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst index 46c9b51d1b..72ca0bd330 100644 --- a/doc/guides/prog_guide/rte_security.rst +++ b/doc/guides/prog_guide/rte_security.rst @@ -728,3 +728,31 @@ it is only valid to have a single flow to map to that security session. +-------+ +--------+ +-----+ | Eth | -> ... -> | ESP | -> | END | +-------+ +--------+ +-----+ + + +Telemetry support +----------------- + +The Security library has support for displaying Crypto device information +with respect to its Security capabilities. Telemetry commands that can be used +are shown below. + +#. Get the list of available Crypto devices by ID, that supports Security features:: + + --> /security/cryptodev/list + {"/security/cryptodev/list": [0, 1, 2, 3]} + +#. Get the security capabilities of a Crypto device:: + + --> /security/cryptodev/sec_caps,0 + {"/security/cryptodev/sec_caps": {"sec_caps": [], "sec_caps_n": }} + + #. Get the security crypto capabilities of a Crypto device:: + + --> /security/cryptodev/crypto_caps,0,0 + {"/security/cryptodev/crypto_caps": {"crypto_caps": [], "crypto_caps_n": }} + +For more information on how to use the Telemetry interface, see +the :doc:`../howto/telemetry`. diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 47cd67131e..df768bb1c8 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -197,6 +197,11 @@ New Features * Added port representors support on SN1000 SmartNICs * Added flow API transfer proxy support +* **Added Telemetry callback to Security library.** + + Added Telemetry callback functions to query security capabilities of + Crypto device. + * **Updated Marvell cnxk crypto PMD.** * Added AES-CBC SHA1-HMAC support in lookaside protocol (IPsec) for CN10K. diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index fe81ed3e4c..92aaf1bf76 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -4,8 +4,10 @@ * Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved */ +#include #include #include +#include #include "rte_compat.h" #include "rte_security.h" #include "rte_security_driver.h" @@ -203,3 +205,183 @@ rte_security_capability_get(struct rte_security_ctx *instance, return NULL; } + +static int +security_handle_cryptodev_list(const char *cmd __rte_unused, + const char *params __rte_unused, + struct rte_tel_data *d) +{ + int dev_id; + + if (rte_cryptodev_count() < 1) + return -1; + + rte_tel_data_start_array(d, RTE_TEL_INT_VAL); + for (dev_id = 0; dev_id < RTE_CRYPTO_MAX_DEVS; dev_id++) + if (rte_cryptodev_is_valid_dev(dev_id) && + rte_cryptodev_get_sec_ctx(dev_id)) + rte_tel_data_add_array_int(d, dev_id); + + return 0; +} + +#define CRYPTO_CAPS_SZ \ + (RTE_ALIGN_CEIL(sizeof(struct rte_cryptodev_capabilities), \ + sizeof(uint64_t)) / sizeof(uint64_t)) + +static int +crypto_caps_array(struct rte_tel_data *d, + const struct rte_cryptodev_capabilities *capabilities) +{ + const struct rte_cryptodev_capabilities *dev_caps; + uint64_t caps_val[CRYPTO_CAPS_SZ]; + unsigned int i = 0, j; + + rte_tel_data_start_array(d, RTE_TEL_U64_VAL); + + while ((dev_caps = &capabilities[i++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + memset(&caps_val, 0, CRYPTO_CAPS_SZ * sizeof(caps_val[0])); + rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); + for (j = 0; j < CRYPTO_CAPS_SZ; j++) + rte_tel_data_add_array_u64(d, caps_val[j]); + } + + return i; +} + +#define SEC_CAPS_SZ \ + (RTE_ALIGN_CEIL(sizeof(struct rte_security_capability), \ + sizeof(uint64_t)) / sizeof(uint64_t)) + +static int +sec_caps_array(struct rte_tel_data *d, + const struct rte_security_capability *capabilities) +{ + const struct rte_security_capability *dev_caps; + uint64_t caps_val[SEC_CAPS_SZ]; + unsigned int i = 0, j; + + rte_tel_data_start_array(d, RTE_TEL_U64_VAL); + + while ((dev_caps = &capabilities[i++])->action != + RTE_SECURITY_ACTION_TYPE_NONE) { + memset(&caps_val, 0, SEC_CAPS_SZ * sizeof(caps_val[0])); + rte_memcpy(caps_val, dev_caps, sizeof(capabilities[0])); + for (j = 0; j < SEC_CAPS_SZ; j++) + rte_tel_data_add_array_u64(d, caps_val[j]); + } + + return i; +} + +static int +security_capabilities_from_dev_id(int dev_id, const void **caps) +{ + const struct rte_security_capability *capabilities; + struct rte_security_ctx *sec_ctx; + + if (rte_cryptodev_is_valid_dev(dev_id) == 0) + return -EINVAL; + + sec_ctx = (struct rte_security_ctx *)rte_cryptodev_get_sec_ctx(dev_id); + RTE_PTR_OR_ERR_RET(sec_ctx, -EINVAL); + + capabilities = rte_security_capabilities_get(sec_ctx); + RTE_PTR_OR_ERR_RET(capabilities, -EINVAL); + + *caps = capabilities; + return 0; +} + +static int +security_handle_cryptodev_sec_caps(const char *cmd __rte_unused, const char *params, + struct rte_tel_data *d) +{ + const struct rte_security_capability *capabilities; + struct rte_tel_data *sec_caps; + char *end_param; + int sec_caps_n; + int dev_id; + int rc; + + if (!params || strlen(params) == 0 || !isdigit(*params)) + return -EINVAL; + + dev_id = strtoul(params, &end_param, 0); + if (*end_param != '\0') + CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); + + rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); + if (rc < 0) + return rc; + + sec_caps = rte_tel_data_alloc(); + RTE_PTR_OR_ERR_RET(sec_caps, -ENOMEM); + + rte_tel_data_start_dict(d); + sec_caps_n = sec_caps_array(sec_caps, capabilities); + rte_tel_data_add_dict_container(d, "sec_caps", sec_caps, 0); + rte_tel_data_add_dict_int(d, "sec_caps_n", sec_caps_n); + + return 0; +} + +static int +security_handle_cryptodev_crypto_caps(const char *cmd __rte_unused, const char *params, + struct rte_tel_data *d) +{ + const struct rte_security_capability *capabilities; + struct rte_tel_data *crypto_caps; + const char *capa_param; + int dev_id, capa_id; + int crypto_caps_n; + char *end_param; + int rc; + + if (!params || strlen(params) == 0 || !isdigit(*params)) + return -EINVAL; + + dev_id = strtoul(params, &end_param, 0); + capa_param = strtok(end_param, ","); + if (!capa_param || strlen(capa_param) == 0 || !isdigit(*capa_param)) + return -EINVAL; + + capa_id = strtoul(capa_param, &end_param, 0); + if (*end_param != '\0') + CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); + + rc = security_capabilities_from_dev_id(dev_id, (void *)&capabilities); + if (rc < 0) + return rc; + + crypto_caps = rte_tel_data_alloc(); + RTE_PTR_OR_ERR_RET(crypto_caps, -ENOMEM); + + rte_tel_data_start_dict(d); + crypto_caps_n = crypto_caps_array(crypto_caps, capabilities->crypto_capabilities); + if (capa_id >= crypto_caps_n) { + CDEV_LOG_ERR("Extra parameters passed to command, ignoring"); + return -EINVAL; + } + + rte_tel_data_add_dict_container(d, "crypto_caps", crypto_caps, 0); + rte_tel_data_add_dict_int(d, "crypto_caps_n", crypto_caps_n); + + return 0; +} + +RTE_INIT(security_init_telemetry) +{ + rte_telemetry_register_cmd("/security/cryptodev/list", + security_handle_cryptodev_list, + "Returns list of available crypto devices by IDs. No parameters."); + + rte_telemetry_register_cmd("/security/cryptodev/sec_caps", + security_handle_cryptodev_sec_caps, + "Returns security capabilities for a cryptodev. Parameters: int dev_id"); + + rte_telemetry_register_cmd("/security/cryptodev/crypto_caps", + security_handle_cryptodev_crypto_caps, + "Returns crypto capabilities for a security capability. Parameters: int dev_id, sec_cap_id"); +} -- 2.25.1