Skip to content

Commit

Permalink
Working PNA_IPSecAccelerator implementation. Created a new class call…
Browse files Browse the repository at this point in the history
…ed Accelerators

Signed-off-by: Rupesh Chiluka <[email protected]>
  • Loading branch information
rupesh-chiluka-marvell committed Dec 30, 2024
1 parent bd6540a commit d37b996
Show file tree
Hide file tree
Showing 7 changed files with 172 additions and 4 deletions.
1 change: 1 addition & 0 deletions targets/pna_nic/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ noinst_LTLIBRARIES = libpnanic.la
libpnanic_la_SOURCES = \
pna_nic.cpp pna_nic.h \
primitives.cpp \
accelerators.h accelerators.cpp \
externs/pna_counter.h externs/pna_counter.cpp \
externs/pna_meter.h externs/pna_meter.cpp \
externs/pna_random.h externs/pna_random.cpp \
Expand Down
58 changes: 58 additions & 0 deletions targets/pna_nic/accelerators.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
/* Copyright 2024 Marvell Technology, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/*
* Rupesh Chiluka ([email protected])
*
*/

#include "accelerators.h"

namespace bm {

namespace pna {

Accelerators::Accelerators(Context *context) {
ctx = context;
};

void Accelerators::apply() {
// based on the flag (PNA output metadata), call the ipsec accelerator
// If ( phv->get_field("pna_main_output_metadata.ipsec_accelerator").get_uint() ) {
try {

std::string ipsec_extern_name = std::getenv("IPSEC_EXTERN_NAME") ?
std::getenv("IPSEC_EXTERN_NAME") : "MainControlImpl.ipsec";

ExternType *ipsec_extern = ctx->get_extern_instance(ipsec_extern_name).get();
if (ipsec_extern != nullptr) {
PNA_IpsecAccelerator *ipsec_accel = dynamic_cast<PNA_IpsecAccelerator *>(ipsec_extern);
BMLOG_DEBUG("Applying IPSec Accelerator: {}", ipsec_accel->get_name());

ipsec_accel->apply();
} else {
BMLOG_DEBUG("Couldn't access IPSec Accelerator");
}

}
catch (std::exception &e) {
BMLOG_DEBUG("IPSec Accelerator NOT Found");
}
// }
}

} // namespace bm

} // namespace pna
47 changes: 47 additions & 0 deletions targets/pna_nic/accelerators.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/* Copyright 2024 Marvell Technology, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/*
* Rupesh Chiluka ([email protected])
*
*/

#ifndef PNA_NIC_ACCELERATORS_H_
#define PNA_NIC_ACCELERATORS_H_

#include <bm/bm_sim/context.h>
#include <bm/bm_sim/logger.h>

#include "externs/pna_ipsec_accelerator.h"

namespace bm {

namespace pna {

class Accelerators {
public:
Accelerators(Context *context);

void apply();

private:
Context *ctx;
};

} // namespace bm

} // namespace pna

#endif // PNA_NIC_ACCELERATORS_H_
58 changes: 55 additions & 3 deletions targets/pna_nic/externs/pna_ipsec_accelerator.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,33 @@ void PNA_IpsecAccelerator::disable() {
_is_enabled = false;
}

void PNA_IpsecAccelerator::apply() {

if (!_is_enabled) {
return;
}

MatchTable::Entry entry;
MatchErrorCode rc = sad_table->get_entry(_sa_index, &entry);
if (rc != MatchErrorCode::SUCCESS) {
BMLOG_DEBUG("Entry in SAD Table NOT Found");
return;
}

// action_data variable
bool is_encrypt = entry.action_data.action_data[0].get<bool>();
std::string key = entry.action_data.action_data[1].get_string();
std::string iv = entry.action_data.action_data[2].get_string();

if (is_encrypt) {
this->encrypt(key, iv);
} else {
this->decrypt(key);
}

this->reset(); // needed ???
}

void PNA_IpsecAccelerator::cipher(std::vector<unsigned char> input, std::vector<unsigned char> &output,
unsigned char key[16], unsigned char iv[16], int encrypt) {
EVP_CIPHER_CTX *ctx;
Expand Down Expand Up @@ -138,7 +165,14 @@ void PNA_IpsecAccelerator::decrypt(std::string string_key) {
// check the ICV
// compute HMAC
// drop the packet if ICV and the computed hmac are not the same
unsigned char iv[block_size + 1] = {0};

unsigned char *iv = (unsigned char*) malloc(block_size + 1);
if (iv == NULL) {
BMLOG_DEBUG("IV: Memory allocation failed\n");
return;
}
memset(iv, 0, block_size + 1);

unsigned char key[string_key.length()];
std::copy(string_key.begin(), string_key.end(), key);

Expand Down Expand Up @@ -176,6 +210,8 @@ void PNA_IpsecAccelerator::decrypt(std::string string_key) {
std::copy(decrypted.begin(),
decrypted.end() - NEXT_HEADER_LENGTH - padding_length,
payload_start + ETH_HEADER_LENGTH);

free(iv);
}

void PNA_IpsecAccelerator::encrypt(std::string string_key, std::string string_iv) {
Expand All @@ -189,8 +225,21 @@ void PNA_IpsecAccelerator::encrypt(std::string string_key, std::string string_iv

unsigned int block_size = EVP_CIPHER_block_size(EVP_aes_128_cbc());

unsigned char iv[block_size + 1] = {0};
unsigned char key[block_size + 1] = {0};
unsigned char *iv = (unsigned char*) malloc(block_size + 1);
if (iv == NULL) {
BMLOG_DEBUG("IV: Memory allocation failed\n");
return;
}
memset(iv, 0, block_size + 1);

unsigned char *key = (unsigned char*) malloc(block_size + 1);

if (key == NULL) {
BMLOG_DEBUG("Key: Memory allocation failed\n");
return;
}
memset(key, 0, block_size + 1);

std::copy(string_iv.begin(), string_iv.end(), iv);
std::copy(string_key.begin(), string_key.end(), key);

Expand Down Expand Up @@ -263,6 +312,9 @@ void PNA_IpsecAccelerator::encrypt(std::string string_key, std::string string_iv

std::copy(esp.begin(), esp.end(), payload_start
+ ETH_HEADER_LENGTH + IP_HEADER_LENGTH);

free(iv);
free(key);
}

BM_REGISTER_EXTERN_W_NAME(ipsec_accelerator, PNA_IpsecAccelerator);
Expand Down
2 changes: 2 additions & 0 deletions targets/pna_nic/externs/pna_ipsec_accelerator.h
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ class PNA_IpsecAccelerator : public bm::ExternType {

void encrypt(std::string key, std::string iv);

void apply();

private:
uint32_t _sa_index;
bool _is_enabled;
Expand Down
7 changes: 6 additions & 1 deletion targets/pna_nic/pna_nic.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@ PnaNic::PnaNic(bool enable_swap)
_BM_UNUSED(pkt_id);
this->transmit_fn(port_num, buffer, len);
}),
start(clock::now())
start(clock::now()),
accelerators(this->get_context(0))
{
add_required_field("pna_main_parser_input_metadata", "recirculated");
add_required_field("pna_main_parser_input_metadata", "input_port");
Expand Down Expand Up @@ -205,6 +206,10 @@ PnaNic::main_thread() {

Deparser *deparser = this->get_deparser("main_deparser");
deparser->deparse(packet.get());

// accelerators - externs
this->accelerators.apply();

output_buffer.push_front(std::move(packet));
}
}
Expand Down
3 changes: 3 additions & 0 deletions targets/pna_nic/pna_nic.h
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@
#include <vector>
#include <functional>

#include "accelerators.h"

using ts_res = std::chrono::microseconds;
using std::chrono::duration_cast;
using ticks = std::chrono::nanoseconds;
Expand Down Expand Up @@ -106,6 +108,7 @@ class PnaNic : public Switch {
Queue<std::unique_ptr<Packet> > output_buffer;
TransmitFn my_transmit_fn;
clock::time_point start;
Accelerators accelerators;
};

} // namespace bm::pna
Expand Down

0 comments on commit d37b996

Please sign in to comment.