Commit c0a4948e authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller
Browse files

nfp: tls: enable TLS RX offload 



Set ethtool TLS RX feature based on NIC capabilities, and enable
TLS RX when connections are added for decryption.

Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cad228a3

drivers/net/ethernet/netronome/nfp/crypto/crypto.h

+5 −0
Original line number Diff line number Diff line
@@ -7,6 +7,11 @@ 
struct nfp_net_tls_offload_ctx {

	__be32 fw_handle[2];



	u8 rx_end[0];

	/* Tx only fields follow - Rx side does not have enough driver state

	 * to fit these

	 */



	u32 next_seq;

	bool out_of_sync;

};

drivers/net/ethernet/netronome/nfp/crypto/tls.c

+19 −6
Original line number Diff line number Diff line
@@ -47,10 +47,16 @@ __nfp_net_tls_conn_cnt_changed(struct nfp_net *nn, int add, 
	u8 opcode;

	int cnt;



	if (direction == TLS_OFFLOAD_CTX_DIR_TX) {

		opcode = NFP_NET_CRYPTO_OP_TLS_1_2_AES_GCM_128_ENC;

		nn->ktls_tx_conn_cnt += add;

		cnt = nn->ktls_tx_conn_cnt;

		nn->dp.ktls_tx = !!nn->ktls_tx_conn_cnt;

	} else {

		opcode = NFP_NET_CRYPTO_OP_TLS_1_2_AES_GCM_128_DEC;

		nn->ktls_rx_conn_cnt += add;

		cnt = nn->ktls_rx_conn_cnt;

	}



	/* Care only about 0 -> 1 and 1 -> 0 transitions */

	if (cnt > 1)
@@ -228,7 +234,7 @@ nfp_net_cipher_supported(struct nfp_net *nn, u16 cipher_type, 
		if (direction == TLS_OFFLOAD_CTX_DIR_TX)

			bit = NFP_NET_CRYPTO_OP_TLS_1_2_AES_GCM_128_ENC;

		else

			return false;

			bit = NFP_NET_CRYPTO_OP_TLS_1_2_AES_GCM_128_DEC;

		break;

	default:

		return false;
@@ -256,6 +262,8 @@ nfp_net_tls_add(struct net_device *netdev, struct sock *sk, 


	BUILD_BUG_ON(sizeof(struct nfp_net_tls_offload_ctx) >

		     TLS_DRIVER_STATE_SIZE_TX);

	BUILD_BUG_ON(offsetof(struct nfp_net_tls_offload_ctx, rx_end) >

		     TLS_DRIVER_STATE_SIZE_RX);



	if (!nfp_net_cipher_supported(nn, crypto_info->cipher_type, direction))

		return -EOPNOTSUPP;
@@ -341,6 +349,7 @@ nfp_net_tls_add(struct net_device *netdev, struct sock *sk, 


	ntls = tls_driver_ctx(sk, direction);

	memcpy(ntls->fw_handle, reply->handle, sizeof(ntls->fw_handle));

	if (direction == TLS_OFFLOAD_CTX_DIR_TX)

		ntls->next_seq = start_offload_tcp_sn;

	dev_consume_skb_any(skb);
@@ -450,6 +459,10 @@ int nfp_net_tls_init(struct nfp_net *nn) 
	if (err)

		return err;



	if (nn->tlv_caps.crypto_ops & NFP_NET_TLS_OPCODE_MASK_RX) {

		netdev->hw_features |= NETIF_F_HW_TLS_RX;

		netdev->features |= NETIF_F_HW_TLS_RX;

	}

	if (nn->tlv_caps.crypto_ops & NFP_NET_TLS_OPCODE_MASK_TX) {

		netdev->hw_features |= NETIF_F_HW_TLS_TX;

		netdev->features |= NETIF_F_HW_TLS_TX;

drivers/net/ethernet/netronome/nfp/nfp_net.h

+2 −0
Original line number Diff line number Diff line
@@ -582,6 +582,7 @@ struct nfp_net_dp { 
 * @rx_bar:             Pointer to mapped FL/RX queues

 * @tlv_caps:		Parsed TLV capabilities

 * @ktls_tx_conn_cnt:	Number of offloaded kTLS TX connections

 * @ktls_rx_conn_cnt:	Number of offloaded kTLS RX connections

 * @ktls_no_space:	Counter of firmware rejecting kTLS connection due to

 *			lack of space

 * @mbox_cmsg:		Common Control Message via vNIC mailbox state
@@ -667,6 +668,7 @@ struct nfp_net { 
	struct nfp_net_tlv_caps tlv_caps;



	unsigned int ktls_tx_conn_cnt;

	unsigned int ktls_rx_conn_cnt;



	atomic_t ktls_no_space;

CRA Git | Maintained and supported by SUSTech CRA and CCSE