All ipsec related setting are being held in the driver
private data to allow easy add and remove of SAs. There
is no need to keep a record of the keys, and also
storing the keys can be a security issue.
Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
Acked-by: Declan Doherty <declan.dohe...@intel.com>
---
v2: updated commit msg
v3: removed key local copy
drivers/net/ixgbe/ixgbe_ipsec.c | 52 +++++++++++++++--------------------------
drivers/net/ixgbe/ixgbe_ipsec.h | 4 ----
2 files changed, 19 insertions(+), 37 deletions(-)
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ipsec.c
index 105da11..91254de 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ixgbe/ixgbe_ipsec.c
@@ -70,6 +70,8 @@ static void
ixgbe_crypto_clear_ipsec_tables(struct rte_eth_dev *dev)
{
struct ixgbe_hw *hw = IXGBE_DEV_PRIVATE_TO_HW(dev->data->dev_private);
+ struct ixgbe_ipsec *priv = IXGBE_DEV_PRIVATE_TO_IPSEC(
+ dev->data->dev_private);
int i = 0;
/* clear Rx IP table*/
@@ -106,6 +108,10 @@ ixgbe_crypto_clear_ipsec_tables(struct rte_eth_dev *dev)
IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, 0);
IXGBE_WAIT_TWRITE;
}
+
+ memset(priv->rx_ip_tbl, 0, sizeof(priv->rx_ip_tbl));
+ memset(priv->rx_sa_tbl, 0, sizeof(priv->rx_sa_tbl));
+ memset(priv->tx_sa_tbl, 0, sizeof(priv->tx_sa_tbl));
}
static int
@@ -173,16 +179,6 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session
*ic_session)
priv->rx_sa_tbl[sa_index].spi =
rte_cpu_to_be_32(ic_session->spi);
priv->rx_sa_tbl[sa_index].ip_index = ip_index;
- priv->rx_sa_tbl[sa_index].key[3] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]);
- priv->rx_sa_tbl[sa_index].key[2] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]);
- priv->rx_sa_tbl[sa_index].key[1] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]);
- priv->rx_sa_tbl[sa_index].key[0] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]);
- priv->rx_sa_tbl[sa_index].salt =
- rte_cpu_to_be_32(ic_session->salt);
priv->rx_sa_tbl[sa_index].mode = IPSRXMOD_VALID;
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION)
priv->rx_sa_tbl[sa_index].mode |=
@@ -225,15 +221,15 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session
*ic_session)
reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE |
IPSRXIDX_TABLE_KEY | (sa_index << 3);
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0),
- priv->rx_sa_tbl[sa_index].key[0]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1),
- priv->rx_sa_tbl[sa_index].key[1]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2),
- priv->rx_sa_tbl[sa_index].key[2]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3),
- priv->rx_sa_tbl[sa_index].key[3]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT,
- priv->rx_sa_tbl[sa_index].salt);
+ rte_cpu_to_be_32(ic_session->salt));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD,
priv->rx_sa_tbl[sa_index].mode);
IXGBE_WAIT_RWRITE;
@@ -257,32 +253,22 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session
*ic_session)
priv->tx_sa_tbl[sa_index].spi =
rte_cpu_to_be_32(ic_session->spi);
- priv->tx_sa_tbl[sa_index].key[3] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]);
- priv->tx_sa_tbl[sa_index].key[2] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]);
- priv->tx_sa_tbl[sa_index].key[1] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]);
- priv->tx_sa_tbl[sa_index].key[0] =
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]);
- priv->tx_sa_tbl[sa_index].salt =
- rte_cpu_to_be_32(ic_session->salt);
+ priv->tx_sa_tbl[i].used = 1;
+ ic_session->sa_index = sa_index;
+ /* write Key table entry*/
reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << 3);
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0),
- priv->tx_sa_tbl[sa_index].key[0]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1),
- priv->tx_sa_tbl[sa_index].key[1]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2),
- priv->tx_sa_tbl[sa_index].key[2]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3),
- priv->tx_sa_tbl[sa_index].key[3]);
+ rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT,
- priv->tx_sa_tbl[sa_index].salt);
+ rte_cpu_to_be_32(ic_session->salt));
IXGBE_WAIT_TWRITE;
-
- priv->tx_sa_tbl[i].used = 1;
- ic_session->sa_index = sa_index;
}
return 0;
diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ipsec.h
index fb8fefc..3932fa2 100644
--- a/drivers/net/ixgbe/ixgbe_ipsec.h
+++ b/drivers/net/ixgbe/ixgbe_ipsec.h
@@ -107,16 +107,12 @@ struct ixgbe_crypto_rx_ip_table {
struct ixgbe_crypto_rx_sa_table {
uint32_t spi;
uint32_t ip_index;
- uint32_t key[4];
- uint32_t salt;
uint8_t mode;
uint8_t used;
};
struct ixgbe_crypto_tx_sa_table {
uint32_t spi;
- uint32_t key[4];
- uint32_t salt;
uint8_t used;
};
--
2.7.5
