Working PNA_IPSecAccelerator implementation. Created a new class called Accelerators

Signed-off-by: Rupesh Chiluka <[email protected]>

Author: rupesh-chiluka-marvell

targets/pna_nic/Makefile.am

@@ -11,6 +11,7 @@ noinst_LTLIBRARIES = libpnanic.la
 libpnanic_la_SOURCES = \
 pna_nic.cpp pna_nic.h \
 primitives.cpp \
+accelerators.h accelerators.cpp \
 externs/pna_counter.h externs/pna_counter.cpp \
 externs/pna_meter.h externs/pna_meter.cpp \
 externs/pna_random.h externs/pna_random.cpp \

targets/pna_nic/accelerators.cpp

@@ -0,0 +1,58 @@
+/* Copyright 2024 Marvell Technology, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Rupesh Chiluka ([email protected])
+ *
+ */
+
+#include "accelerators.h"
+
+namespace bm {
+
+namespace pna {
+
+Accelerators::Accelerators(Context *context) {
+    ctx = context;
+};
+
+void Accelerators::apply() {
+    // based on the flag (PNA output metadata), call the ipsec accelerator
+    // If ( phv->get_field("pna_main_output_metadata.ipsec_accelerator").get_uint() ) {
+    try {
+
+        std::string ipsec_extern_name = std::getenv("IPSEC_EXTERN_NAME") ? 
+                std::getenv("IPSEC_EXTERN_NAME") : "MainControlImpl.ipsec";
+
+        ExternType *ipsec_extern = ctx->get_extern_instance(ipsec_extern_name).get();
+        if (ipsec_extern != nullptr) {
+        PNA_IpsecAccelerator *ipsec_accel = dynamic_cast<PNA_IpsecAccelerator *>(ipsec_extern);
+        BMLOG_DEBUG("Applying IPSec Accelerator: {}", ipsec_accel->get_name());
+
+        ipsec_accel->apply();
+        } else {
+        BMLOG_DEBUG("Couldn't access IPSec Accelerator");
+        }
+
+    }
+    catch (std::exception &e) {
+        BMLOG_DEBUG("IPSec Accelerator NOT Found");
+    }
+    // }
+}
+
+} // namespace bm
+
+} // namespace pna

targets/pna_nic/accelerators.h

@@ -0,0 +1,47 @@
+/* Copyright 2024 Marvell Technology, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Rupesh Chiluka ([email protected])
+ *
+ */
+
+#ifndef PNA_NIC_ACCELERATORS_H_
+#define PNA_NIC_ACCELERATORS_H_
+
+#include <bm/bm_sim/context.h>
+#include <bm/bm_sim/logger.h>
+
+#include "externs/pna_ipsec_accelerator.h"
+
+namespace bm {
+
+namespace pna {
+
+class Accelerators {
+ public:
+  Accelerators(Context *context);
+
+  void apply();
+
+ private:
+  Context *ctx;
+};
+
+} // namespace bm
+
+} // namespace pna
+
+#endif // PNA_NIC_ACCELERATORS_H_

targets/pna_nic/externs/pna_ipsec_accelerator.cpp

@@ -87,6 +87,33 @@ void PNA_IpsecAccelerator::disable() {
     _is_enabled = false;
 }
 
+void PNA_IpsecAccelerator::apply() {
+
+    if (!_is_enabled) {
+        return;
+    }
+
+    MatchTable::Entry entry;
+    MatchErrorCode rc = sad_table->get_entry(_sa_index, &entry);
+    if (rc != MatchErrorCode::SUCCESS) {
+        BMLOG_DEBUG("Entry in SAD Table NOT Found");
+        return;
+    }
+
+    // action_data variable
+    bool is_encrypt = entry.action_data.action_data[0].get<bool>();
+    std::string key = entry.action_data.action_data[1].get_string();
+    std::string iv = entry.action_data.action_data[2].get_string();
+    
+    if (is_encrypt) {
+        this->encrypt(key, iv);
+    } else {
+        this->decrypt(key);
+    }
+
+    this->reset(); // needed ???
+}
+
 void PNA_IpsecAccelerator::cipher(std::vector<unsigned char> input, std::vector<unsigned char> &output,
                                 unsigned char key[16], unsigned char iv[16], int encrypt) {
     EVP_CIPHER_CTX *ctx;
@@ -138,7 +165,14 @@ void PNA_IpsecAccelerator::decrypt(std::string string_key) {
     // check the ICV
     // compute HMAC
     // drop the packet if ICV and the computed hmac are not the same
-    unsigned char iv[block_size + 1] = {0};
+
+    unsigned char *iv = (unsigned char*) malloc(block_size + 1);
+    if (iv == NULL) {
+        BMLOG_DEBUG("IV: Memory allocation failed\n");
+        return;
+    }
+    memset(iv, 0, block_size + 1);
+
     unsigned char key[string_key.length()];
     std::copy(string_key.begin(), string_key.end(), key);
 
@@ -176,6 +210,8 @@ void PNA_IpsecAccelerator::decrypt(std::string string_key) {
     std::copy(decrypted.begin(), 
                 decrypted.end() - NEXT_HEADER_LENGTH - padding_length,
                 payload_start + ETH_HEADER_LENGTH);
+    
+    free(iv);
 }
 
 void PNA_IpsecAccelerator::encrypt(std::string string_key, std::string string_iv) {
@@ -189,8 +225,21 @@ void PNA_IpsecAccelerator::encrypt(std::string string_key, std::string string_iv
 
     unsigned int block_size = EVP_CIPHER_block_size(EVP_aes_128_cbc());
 
-    unsigned char iv[block_size + 1] = {0};
-    unsigned char key[block_size + 1] = {0};
+    unsigned char *iv = (unsigned char*) malloc(block_size + 1);
+    if (iv == NULL) {
+        BMLOG_DEBUG("IV: Memory allocation failed\n");
+        return;
+    }
+    memset(iv, 0, block_size + 1);
+    
+    unsigned char *key = (unsigned char*) malloc(block_size + 1);
+
+    if (key == NULL) {
+        BMLOG_DEBUG("Key: Memory allocation failed\n");
+        return;
+    }
+    memset(key, 0, block_size + 1);
+
     std::copy(string_iv.begin(), string_iv.end(), iv);
     std::copy(string_key.begin(), string_key.end(), key);
 
@@ -263,6 +312,9 @@ void PNA_IpsecAccelerator::encrypt(std::string string_key, std::string string_iv
 
     std::copy(esp.begin(), esp.end(), payload_start
                 + ETH_HEADER_LENGTH + IP_HEADER_LENGTH);
+    
+    free(iv);
+    free(key);
 }
 
 BM_REGISTER_EXTERN_W_NAME(ipsec_accelerator, PNA_IpsecAccelerator);

targets/pna_nic/externs/pna_ipsec_accelerator.h

@@ -61,6 +61,8 @@ class PNA_IpsecAccelerator : public bm::ExternType {
 
    void encrypt(std::string key, std::string iv);
 
+   void apply();
+
   private:
    uint32_t _sa_index;
    bool _is_enabled;

targets/pna_nic/pna_nic.cpp

@@ -56,7 +56,8 @@ PnaNic::PnaNic(bool enable_swap)
         _BM_UNUSED(pkt_id);
         this->transmit_fn(port_num, buffer, len);
     }),
-    start(clock::now())
+    start(clock::now()),
+    accelerators(this->get_context(0))
     {
   add_required_field("pna_main_parser_input_metadata", "recirculated");
   add_required_field("pna_main_parser_input_metadata", "input_port");
@@ -205,6 +206,10 @@ PnaNic::main_thread() {
 
     Deparser *deparser = this->get_deparser("main_deparser");
     deparser->deparse(packet.get());
+
+    // accelerators - externs
+    this->accelerators.apply();
+
     output_buffer.push_front(std::move(packet));
   }
 }

targets/pna_nic/pna_nic.h

@@ -34,6 +34,8 @@
 #include <vector>
 #include <functional>
 
+#include "accelerators.h"
+
 using ts_res = std::chrono::microseconds;
 using std::chrono::duration_cast;
 using ticks = std::chrono::nanoseconds;
@@ -106,6 +108,7 @@ class PnaNic : public Switch {
   Queue<std::unique_ptr<Packet> > output_buffer;
   TransmitFn my_transmit_fn;
   clock::time_point start;
+  Accelerators accelerators;
 };
 
 }  // namespace bm::pna