From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
Declan Doherty <declan.doherty@intel.com>,
Thomas Monjalon <thomas@monjalon.net>
Cc: Ankur Dwivedi <adwivedi@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Narayana Prasad <pathreya@marvell.com>,
Kiran Kumar K <kirankumark@marvell.com>,
Nithin Dabilpuram <ndabilpuram@marvell.com>,
"Pavan Nikhilesh" <pbhagavatula@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Vamsi Attunuru <vattunuru@marvell.com>,
"Lukasz Bartosik" <lbartosik@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v3 06/15] net/octeontx2: add eth security capabilities
Date: Fri, 31 Jan 2020 15:33:46 +0530 [thread overview]
Message-ID: <1580465035-30455-7-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1580465035-30455-1-git-send-email-anoobj@marvell.com>
From: Ankur Dwivedi <adwivedi@marvell.com>
Adding security capabilities supported by the eth PMD.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
---
drivers/net/octeontx2/otx2_ethdev_sec.c | 124 ++++++++++++++++++++++++++++++++
drivers/net/octeontx2/otx2_ethdev_sec.h | 18 +++++
2 files changed, 142 insertions(+)
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index ed68152..d0b2dba 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -2,11 +2,13 @@
* Copyright (C) 2020 Marvell International Ltd.
*/
+#include <rte_cryptodev.h>
#include <rte_ethdev.h>
#include <rte_eventdev.h>
#include <rte_malloc.h>
#include <rte_memzone.h>
#include <rte_security.h>
+#include <rte_security_driver.h>
#include "otx2_ethdev.h"
#include "otx2_ethdev_sec.h"
@@ -27,12 +29,133 @@ struct eth_sec_tag_const {
};
};
+static struct rte_cryptodev_capabilities otx2_eth_sec_crypto_caps[] = {
+ { /* AES GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 8,
+ .max = 12,
+ .increment = 4
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* AES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SHA1 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 20,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+static const struct rte_security_capability otx2_eth_sec_capabilities[] = {
+ { /* IPsec Inline Protocol ESP Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_eth_sec_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Protocol ESP Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_eth_sec_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+};
+
static inline void
in_sa_mz_name_get(char *name, int size, uint16_t port)
{
snprintf(name, size, "otx2_ipsec_in_sadb_%u", port);
}
+static unsigned int
+otx2_eth_sec_session_get_size(void *device __rte_unused)
+{
+ return sizeof(struct otx2_sec_session);
+}
+
+static const struct rte_security_capability *
+otx2_eth_sec_capabilities_get(void *device __rte_unused)
+{
+ return otx2_eth_sec_capabilities;
+}
+
+static struct rte_security_ops otx2_eth_sec_ops = {
+ .session_get_size = otx2_eth_sec_session_get_size,
+ .capabilities_get = otx2_eth_sec_capabilities_get
+};
+
int
otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev)
{
@@ -46,6 +169,7 @@ otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev)
/* Populate ctx */
ctx->device = eth_dev;
+ ctx->ops = &otx2_eth_sec_ops;
ctx->sess_cnt = 0;
eth_dev->security_ctx = ctx;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h
index 60d4a29..8bdc9f0 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h
@@ -7,6 +7,24 @@
#include <rte_ethdev.h>
+#include "otx2_ipsec_fp.h"
+
+/*
+ * Security session for inline IPsec protocol offload. This is private data of
+ * inline capable PMD.
+ */
+struct otx2_sec_session_ipsec_ip {
+ int dummy;
+};
+
+struct otx2_sec_session_ipsec {
+ struct otx2_sec_session_ipsec_ip ip;
+};
+
+struct otx2_sec_session {
+ struct otx2_sec_session_ipsec ipsec;
+} __rte_cache_aligned;
+
int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev);
void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev);
--
2.7.4
next prev parent reply other threads:[~2020-01-31 10:05 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-08 11:54 [dpdk-dev] [PATCH 00/15] add OCTEONTX2 inline IPsec support Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2019-12-09 7:38 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 02/15] common/octeontx2: add routine to check if rte_eth_dev belongs to otx2 Anoob Joseph
2019-12-09 7:42 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2019-12-09 7:46 ` Jerin Jacob
2019-12-09 7:52 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-09 7:53 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 04/15] crypto/octeontx2: create eth security ctx Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 05/15] crypto/octeontx2: add security in eth dev configure Anoob Joseph
2019-12-09 7:51 ` Jerin Jacob
2019-12-09 8:03 ` Anoob Joseph
2019-12-09 8:04 ` Jerin Jacob
2019-12-08 11:54 ` [dpdk-dev] [PATCH 06/15] crypto/octeontx2: add eth security capabilities Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 08/15] crypto/octeontx2: add eth security session operations Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 09/15] crypto/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 10/15] crypto/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2019-12-09 8:02 ` Jerin Jacob
2019-12-13 7:12 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 11/15] net/octeontx2: add inline ipsec rx path changes Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 12/15] drivers/octeontx2: add sec in compiler optimized RX fastpath framework Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 13/15] drivers/octeontx2: add sec in compiler optimized TX " Anoob Joseph
2019-12-08 11:54 ` [dpdk-dev] [PATCH 14/15] crypto/octeontx2: add inline tx path changes Anoob Joseph
2019-12-14 15:42 ` Gavin Hu (Arm Technology China)
2019-12-08 11:54 ` [dpdk-dev] [PATCH 15/15] crypto/octeontx2: sync inline tag type cfg with Rx adapter configuration Anoob Joseph
2019-12-09 8:06 ` [dpdk-dev] [PATCH 00/15] add OCTEONTX2 inline IPsec support Jerin Jacob
2019-12-10 22:54 ` Thomas Monjalon
2019-12-13 7:41 ` [dpdk-dev] [EXT] " Anoob Joseph
2019-12-13 10:18 ` Thomas Monjalon
2020-01-18 10:48 ` [dpdk-dev] [PATCH v2 " Anoob Joseph
2020-01-18 10:48 ` [dpdk-dev] [PATCH v2 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2020-01-18 14:34 ` Jerin Jacob
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 02/15] common/octeontx2: add routine to check if sec capable otx2 Anoob Joseph
2020-01-18 14:35 ` Jerin Jacob
2020-01-27 7:01 ` Akhil Goyal
2020-01-27 8:02 ` Anoob Joseph
2020-01-27 8:12 ` Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 04/15] crypto/octeontx2: create eth security ctx Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 05/15] crypto/octeontx2: add security in eth dev configure Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 06/15] crypto/octeontx2: add eth security capabilities Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 08/15] crypto/octeontx2: add eth security session operations Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 09/15] crypto/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 10/15] crypto/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 11/15] net/octeontx2: add inline ipsec rx path changes Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 12/15] drivers/octeontx2: add sec in compiler optimized RX fastpath framework Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 13/15] drivers/octeontx2: add sec in compiler optimized TX " Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 14/15] crypto/octeontx2: add inline tx path changes Anoob Joseph
2020-01-18 10:49 ` [dpdk-dev] [PATCH v2 15/15] crypto/octeontx2: sync inline tag type cfg with Rx adapter configuration Anoob Joseph
2020-01-18 14:38 ` [dpdk-dev] [PATCH v2 00/15] add OCTEONTX2 inline IPsec support Jerin Jacob
2020-01-19 10:43 ` Anoob Joseph
2020-01-19 10:53 ` Thomas Monjalon
2020-01-19 10:57 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-01-22 10:16 ` [dpdk-dev] " Akhil Goyal
2020-01-22 10:55 ` Anoob Joseph
2020-01-22 12:56 ` Akhil Goyal
2020-01-22 14:18 ` Jerin Jacob
2020-01-27 2:55 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-01-27 10:40 ` [dpdk-dev] " Akhil Goyal
2020-01-27 11:25 ` Jerin Jacob
2020-01-27 11:47 ` Akhil Goyal
2020-01-27 14:54 ` Anoob Joseph
2020-01-28 8:29 ` Jerin Jacob
2020-01-28 8:38 ` Akhil Goyal
2020-01-28 8:56 ` Jerin Jacob
2020-01-28 17:28 ` Ferruh Yigit
2020-01-29 4:01 ` [dpdk-dev] [EXT] " Anoob Joseph
2020-01-28 17:27 ` [dpdk-dev] " Ferruh Yigit
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 00/15] add OCTEON TX2 " Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 02/15] common/octeontx2: add routine to check if sec capable otx2 Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 04/15] net/octeontx2: create eth security ctx Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 05/15] net/octeontx2: add security in eth dev configure Anoob Joseph
2020-01-31 10:03 ` Anoob Joseph [this message]
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 08/15] net/octeontx2: add eth security session operations Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 09/15] net/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 10/15] net/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 11/15] net/octeontx2: add inline ipsec Rx path changes Anoob Joseph
2020-01-31 13:39 ` Akhil Goyal
2020-01-31 15:05 ` Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 12/15] drivers/octeontx2: add sec in Rx fastpath framework Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 13/15] drivers/octeontx2: add sec in Tx " Anoob Joseph
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 14/15] net/octeontx2: add inline Tx path changes Anoob Joseph
2020-01-31 13:36 ` Akhil Goyal
2020-01-31 15:33 ` Anoob Joseph
2020-02-01 9:35 ` Anoob Joseph
2020-02-03 13:25 ` Akhil Goyal
2020-01-31 10:03 ` [dpdk-dev] [PATCH v3 15/15] net/octeontx2: sync inline tag type Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 00/15] add OCTEON TX2 inline IPsec support Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 01/15] common/octeontx2: add CPT LF mbox for inline inbound Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 02/15] common/octeontx2: add routine to check if sec capable otx2 Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 03/15] crypto/octeontx2: configure for inline IPsec Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 04/15] net/octeontx2: create eth security ctx Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 05/15] net/octeontx2: add security in eth dev configure Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 06/15] net/octeontx2: add eth security capabilities Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 07/15] crypto/octeontx2: enable CPT to share QP with ethdev Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 08/15] net/octeontx2: add eth security session operations Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 09/15] net/octeontx2: add datapath ops in eth security ctx Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 10/15] net/octeontx2: add lookup mem changes to hold sa indices Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 11/15] net/octeontx2: add inline ipsec Rx path changes Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 12/15] drivers/octeontx2: add sec in Rx fastpath framework Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 13/15] drivers/octeontx2: add sec in Tx " Anoob Joseph
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 14/15] net/octeontx2: add inline Tx path changes Anoob Joseph
2020-02-05 23:19 ` Thomas Monjalon
2020-02-04 11:17 ` [dpdk-dev] [PATCH v4 15/15] net/octeontx2: sync inline tag type Anoob Joseph
2020-02-04 16:10 ` [dpdk-dev] [PATCH v4 00/15] add OCTEON TX2 inline IPsec support Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1580465035-30455-7-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=adwivedi@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=kirankumark@marvell.com \
--cc=ktejasree@marvell.com \
--cc=lbartosik@marvell.com \
--cc=marchana@marvell.com \
--cc=ndabilpuram@marvell.com \
--cc=pathreya@marvell.com \
--cc=pbhagavatula@marvell.com \
--cc=thomas@monjalon.net \
--cc=vattunuru@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).