From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A9700A0532; Tue, 4 Feb 2020 12:19:13 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 20C461C11D; Tue, 4 Feb 2020 12:18:43 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id D9BEE1C124 for ; Tue, 4 Feb 2020 12:18:41 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 014BF0gS022391; Tue, 4 Feb 2020 03:18:41 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0818; bh=yDoZDWK9/q1fSWDO4CLHFalSlS3uDAi/LwXv/vLW1hQ=; b=srE3XhNH4ya0l5selXeRHxdjwPVrVW3ceF4uJaO20+vCuH7BeUEoUCRTvL0FTy9N+9JK 4KIDgdlqjB2+IEMtjV/iDPqgtacJGzKsIMuAbITZ/tVdbJBmmwUuuIq9bDdUOyOIWGiC ZJZ+CtXAkgPUBgNLbjnEK2r86n55XjIJJZuzYcAbQLPLKxIB54CIYFS240CZnOGkCs8+ ZgfxDq6XtA0gje6S8a3oVuIx+9LgRcQBMpkloFw9n6JeMXhMN+nMgv37ijE8G/9elN1F MJ3gxvWsA+FCeXBaCS8zIqLZH0uuZHbwnuOdgpoJ4R6Zgq6Yn0Ahth7C3xj5F2hJLbsf cw== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0a-0016f401.pphosted.com with ESMTP id 2xw7jvm2nx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 04 Feb 2020 03:18:40 -0800 Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 4 Feb 2020 03:18:39 -0800 Received: from maili.marvell.com (10.93.176.43) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 4 Feb 2020 03:18:39 -0800 Received: from ajoseph83.caveonetworks.com (unknown [10.29.45.60]) by maili.marvell.com (Postfix) with ESMTP id 207C03F7068; Tue, 4 Feb 2020 03:18:34 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Thomas Monjalon CC: Ankur Dwivedi , Jerin Jacob , Narayana Prasad , Kiran Kumar K , Nithin Dabilpuram , "Pavan Nikhilesh" , Anoob Joseph , Archana Muniganti , Tejasree Kondoj , Vamsi Attunuru , "Lukasz Bartosik" , Date: Tue, 4 Feb 2020 16:47:16 +0530 Message-ID: <1580815045-32132-7-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1580815045-32132-1-git-send-email-anoobj@marvell.com> References: <1580465035-30455-1-git-send-email-anoobj@marvell.com> <1580815045-32132-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-02-04_02:2020-02-04, 2020-02-04 signatures=0 Subject: [dpdk-dev] [PATCH v4 06/15] net/octeontx2: add eth security capabilities X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ankur Dwivedi Adding security capabilities supported by the eth PMD. Signed-off-by: Ankur Dwivedi Signed-off-by: Anoob Joseph Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj Signed-off-by: Vamsi Attunuru --- drivers/net/octeontx2/otx2_ethdev_sec.c | 124 ++++++++++++++++++++++++++++++++ drivers/net/octeontx2/otx2_ethdev_sec.h | 18 +++++ 2 files changed, 142 insertions(+) diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c index ed68152..d0b2dba 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.c +++ b/drivers/net/octeontx2/otx2_ethdev_sec.c @@ -2,11 +2,13 @@ * Copyright (C) 2020 Marvell International Ltd. */ +#include #include #include #include #include #include +#include #include "otx2_ethdev.h" #include "otx2_ethdev_sec.h" @@ -27,12 +29,133 @@ struct eth_sec_tag_const { }; }; +static struct rte_cryptodev_capabilities otx2_eth_sec_crypto_caps[] = { + { /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 8, + .max = 12, + .increment = 4 + }, + .iv_size = { + .min = 12, + .max = 12, + .increment = 0 + } + }, } + }, } + }, + { /* AES CBC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_CBC, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 8 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + } + }, } + }, } + }, + { /* SHA1 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, + .block_size = 64, + .key_size = { + .min = 20, + .max = 64, + .increment = 1 + }, + .digest_size = { + .min = 12, + .max = 12, + .increment = 0 + }, + }, } + }, } + }, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability otx2_eth_sec_capabilities[] = { + { /* IPsec Inline Protocol ESP Tunnel Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 } + }, + .crypto_capabilities = otx2_eth_sec_crypto_caps, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { /* IPsec Inline Protocol ESP Tunnel Egress */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 } + }, + .crypto_capabilities = otx2_eth_sec_crypto_caps, + .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA + }, + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; + static inline void in_sa_mz_name_get(char *name, int size, uint16_t port) { snprintf(name, size, "otx2_ipsec_in_sadb_%u", port); } +static unsigned int +otx2_eth_sec_session_get_size(void *device __rte_unused) +{ + return sizeof(struct otx2_sec_session); +} + +static const struct rte_security_capability * +otx2_eth_sec_capabilities_get(void *device __rte_unused) +{ + return otx2_eth_sec_capabilities; +} + +static struct rte_security_ops otx2_eth_sec_ops = { + .session_get_size = otx2_eth_sec_session_get_size, + .capabilities_get = otx2_eth_sec_capabilities_get +}; + int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev) { @@ -46,6 +169,7 @@ otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev) /* Populate ctx */ ctx->device = eth_dev; + ctx->ops = &otx2_eth_sec_ops; ctx->sess_cnt = 0; eth_dev->security_ctx = ctx; diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h index 60d4a29..8bdc9f0 100644 --- a/drivers/net/octeontx2/otx2_ethdev_sec.h +++ b/drivers/net/octeontx2/otx2_ethdev_sec.h @@ -7,6 +7,24 @@ #include +#include "otx2_ipsec_fp.h" + +/* + * Security session for inline IPsec protocol offload. This is private data of + * inline capable PMD. + */ +struct otx2_sec_session_ipsec_ip { + int dummy; +}; + +struct otx2_sec_session_ipsec { + struct otx2_sec_session_ipsec_ip ip; +}; + +struct otx2_sec_session { + struct otx2_sec_session_ipsec ipsec; +} __rte_cache_aligned; + int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev); void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev); -- 2.7.4