DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Thomas Monjalon <thomas@monjalon.net>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Jerin Jacob <jerinj@marvell.com>,
	"Ankur Dwivedi" <adwivedi@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>,
	Srujana Challa <schalla@marvell.com>
Subject: [dpdk-dev] [PATCH 2/4] crypto/cnxk: add security capabilities
Date: Wed, 2 Jun 2021 22:41:00 +0530	[thread overview]
Message-ID: <1622653862-22830-3-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1622653862-22830-1-git-send-email-anoobj@marvell.com>

Add security capabilities supported by crypto cn10k PMD.


Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Srujana Challa <schalla@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev.h              |   4 +
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 114 ++++++++++++++++++++++
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h |   9 +-
 drivers/crypto/cnxk/cnxk_cryptodev_sec.c          |   3 +-
 4 files changed, 128 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index dcbdc53..1568be3 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -6,6 +6,7 @@
 #define _CNXK_CRYPTODEV_H_
 
 #include <rte_cryptodev.h>
+#include <rte_security.h>
 
 #include "roc_cpt.h"
 
@@ -31,6 +32,9 @@
 struct cnxk_cpt_vf {
 	struct roc_cpt cpt;
 	struct rte_cryptodev_capabilities crypto_caps[CNXK_CPT_MAX_CAPS];
+	struct rte_cryptodev_capabilities
+		sec_crypto_caps[CNXK_SEC_CRYPTO_MAX_CAPS];
+	struct rte_security_capability sec_caps[CNXK_SEC_MAX_CAPS];
 };
 
 int cnxk_cpt_eng_grp_add(struct roc_cpt *roc_cpt);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index e627854..ab37f9c 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -3,6 +3,7 @@
  */
 
 #include <rte_cryptodev.h>
+#include <rte_security.h>
 
 #include "roc_api.h"
 
@@ -18,6 +19,15 @@
 				     RTE_DIM(caps_##name));                    \
 	} while (0)
 
+#define SEC_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name)                        \
+	do {                                                                   \
+		if ((hw_caps[CPT_ENG_TYPE_SE].name) ||                         \
+		    (hw_caps[CPT_ENG_TYPE_IE].name) ||                         \
+		    (hw_caps[CPT_ENG_TYPE_AE].name))                           \
+			sec_caps_add(cnxk_caps, cur_pos, sec_caps_##name,      \
+				     RTE_DIM(sec_caps_##name));                \
+	} while (0)
+
 static const struct rte_cryptodev_capabilities caps_mul[] = {
 	{	/* RSA */
 		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
@@ -713,6 +723,69 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+	{	/* AES GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 8,
+					.max = 12,
+					.increment = 4
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_security_capability sec_caps_templ[] = {
+	{	/* IPsec Lookaside Protocol ESP Tunnel Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = NULL,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{	/* IPsec Lookaside Protocol ESP Tunnel Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = NULL,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{
+		.action = RTE_SECURITY_ACTION_TYPE_NONE
+	}
+};
+
 static void
 cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
 	     const struct rte_cryptodev_capabilities *caps, int nb_caps)
@@ -748,8 +821,49 @@ cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf)
 	return vf->crypto_caps;
 }
 
+static void
+sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
+	     const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+	if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS)
+		return;
+
+	memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));
+	*cur_pos += nb_caps;
+}
+
+static void
+sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
+			 union cpt_eng_caps *hw_caps)
+{
+	int cur_pos = 0;
+
+	SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);
+
+	sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
+}
+
 void
 cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 {
+	unsigned long i;
+
 	crypto_caps_populate(vf->crypto_caps, vf->cpt.hw_caps);
+	sec_crypto_caps_populate(vf->sec_crypto_caps, vf->cpt.hw_caps);
+
+	PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));
+	memcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ));
+
+	for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++)
+		vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps;
+}
+
+const struct rte_security_capability *
+cnxk_crypto_sec_capabilities_get(void *device)
+{
+	struct rte_cryptodev *dev = device;
+	struct cnxk_cpt_vf *vf;
+
+	vf = dev->data->dev_private;
+	return vf->sec_caps;
 }
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h
index 85f5ad2..fe07e43 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h
@@ -10,7 +10,7 @@
 #include "cnxk_cryptodev.h"
 
 /*
- * Initialize crypto capabilities for the device
+ * Initialize crypto and IPsec capabilities for the device
  *
  */
 void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf);
@@ -22,4 +22,11 @@ void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf);
 const struct rte_cryptodev_capabilities *
 cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf);
 
+/*
+ * Get security capabilities list for the device
+ *
+ */
+const struct rte_security_capability *
+cnxk_crypto_sec_capabilities_get(void *device);
+
 #endif /* _CNXK_CRYPTODEV_CAPABILITIES_H_ */
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
index f03d2ed..8d04d4b 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c
@@ -7,6 +7,7 @@
 #include <rte_security.h>
 #include <rte_security_driver.h>
 
+#include "cnxk_cryptodev_capabilities.h"
 #include "cnxk_cryptodev_sec.h"
 
 /* Common security ops */
@@ -16,7 +17,7 @@ struct rte_security_ops cnxk_sec_ops = {
 	.session_get_size = NULL,
 	.set_pkt_metadata = NULL,
 	.get_userdata = NULL,
-	.capabilities_get = NULL,
+	.capabilities_get = cnxk_crypto_sec_capabilities_get
 };
 
 int
-- 
2.7.4


  parent reply	other threads:[~2021-06-02 17:11 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-02 17:10 [dpdk-dev] [PATCH 0/4] Add rte_security in crypto_cn10k PMD Anoob Joseph
2021-06-02 17:10 ` [dpdk-dev] [PATCH 1/4] crypto/cnxk: add security ctx skeleton Anoob Joseph
2021-06-16 20:14   ` Akhil Goyal
2021-06-25  6:15   ` [dpdk-dev] [PATCH v2 0/4] Add rte_security in crypto_cn10k PMD Anoob Joseph
2021-06-25  6:15     ` [dpdk-dev] [PATCH v2 1/4] crypto/cnxk: add security ctx skeleton Anoob Joseph
2021-06-25  6:15     ` [dpdk-dev] [PATCH v2 2/4] crypto/cnxk: add security session ops Anoob Joseph
2021-06-25  6:15     ` [dpdk-dev] [PATCH v2 3/4] crypto/cnxk: add security handling in datapath ops Anoob Joseph
2021-06-25  6:15     ` [dpdk-dev] [PATCH v2 4/4] crypto/cnxk: add security capabilities Anoob Joseph
2021-06-29  7:34     ` [dpdk-dev] [PATCH v3 0/8] Add lookaside IPsec and asymmetric in cnxk crypto PMDs Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 1/8] crypto/cnxk: add security ctx skeleton Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 2/8] crypto/cnxk: add security session ops Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 3/8] crypto/cnxk: add security handling in datapath ops Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 4/8] crypto/cnxk: add security capabilities Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 5/8] crypto/cnxk: add asymmetric session ops Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 6/8] crypto/cnxk: add asymmetric datapath ops Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 7/8] crypto/cnxk: add asymmetric capabilities Anoob Joseph
2021-06-29  7:34       ` [dpdk-dev] [PATCH v3 8/8] test/crypto: add cnxk for asymmetric cases Anoob Joseph
2021-06-29 19:52       ` [dpdk-dev] [PATCH v3 0/8] Add lookaside IPsec and asymmetric in cnxk crypto PMDs Akhil Goyal
2021-06-02 17:11 ` Anoob Joseph [this message]
2021-06-02 17:11 ` [dpdk-dev] [PATCH 3/4] crypto/cnxk: add security session ops Anoob Joseph
2021-06-16 20:11   ` Akhil Goyal
2021-06-17  7:16     ` Anoob Joseph
2021-06-02 17:11 ` [dpdk-dev] [PATCH 4/4] crypto/cnxk: add security handling in datapath ops Anoob Joseph
2021-06-16 20:15 ` [dpdk-dev] [PATCH 0/4] Add rte_security in crypto_cn10k PMD Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1622653862-22830-3-git-send-email-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=schalla@marvell.com \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).