From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 63BA0A0C4D; Wed, 1 Sep 2021 11:26:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EE3634111B; Wed, 1 Sep 2021 11:25:54 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 986984013F for ; Wed, 1 Sep 2021 11:25:48 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18159puG026653 for ; Wed, 1 Sep 2021 02:25:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=IqcDE3gdrbPDSHDCuxgnmNFzbu+xolm5uQ7N4g9Zps8=; b=EZucqB6HTy7na6t1/y0ozA6qkme24Rm6aULBm0GgkWZHc+p2h1BZ3VoiHanj2v/pITcG 3nCzhpH0oULEUc3SJ5XnNFaKmkCW04LCtZUPNEDE1UUyvHI6E+CP+5aCrBO0iHg5nBot eD3xjSIfdnDfzLLuHPiCtAc+XB68urnYA95d4ynMhliZuFs4BrHrsIhP6SfivEGhtjzz 9t94Y8UcJAWjQpVnIinqDX7kX6lljeta1ytod0N142+tgNhEfL50RFMDf8jwIw9KGLcu yv2senVj0oW4fjJTGe7VCe30vLBobttoK+Kn+ih+wwsNR7JRADa1YRYad/rXY27VVYoH Uw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3at34prygn-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 01 Sep 2021 02:25:47 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 1 Sep 2021 02:25:45 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Wed, 1 Sep 2021 02:25:45 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 10BCD3F708A; Wed, 1 Sep 2021 02:25:42 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Wed, 1 Sep 2021 15:49:28 +0530 Message-ID: <20210901101930.29333-7-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210901101930.29333-1-ktejasree@marvell.com> References: <20210901101930.29333-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: WDlMpgzhJMY_o7FOszJ1o7vMWVDzcigu X-Proofpoint-GUID: WDlMpgzhJMY_o7FOszJ1o7vMWVDzcigu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-01_03,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 6/8] crypto/cnxk: support cn10k transport mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for cn10k lookaside IPsec transport mode. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++- 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index a40295c087..0dd71135da 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -230,6 +230,7 @@ Features supported * IPv4 * ESP * Tunnel mode +* Transport mode * AES-128/192/256-GCM * AES-128/192/256-CBC-SHA1-HMAC diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 130d676a11..0a024dda8f 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -58,6 +58,7 @@ New Features * **Updated Marvell cn10k_crypto PMD.** * Added aes-cbc sha1-hmac in lookaside protocol (IPsec). + * Added transport mode in lookaside protocol (IPsec). Removed Items diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index b3856f7eaa..8e051fa0fa 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -12,7 +12,7 @@ #define CNXK_CPT_MAX_CAPS 34 #define CNXK_SEC_CRYPTO_MAX_CAPS 4 -#define CNXK_SEC_MAX_CAPS 3 +#define CNXK_SEC_MAX_CAPS 5 #define CNXK_AE_EC_ID_MAX 8 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 9430ca5d00..05bffa9759 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -822,6 +822,28 @@ static const struct rte_security_capability sec_caps_templ[] = { }, .crypto_capabilities = NULL, }, + { /* IPsec Lookaside Protocol ESP Transport Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, + { /* IPsec Lookaside Protocol ESP Transport Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index d1eb74ebbe..ff396179ca 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -98,7 +98,8 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform, (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) return -EINVAL; - if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && + if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) && + (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) return -EINVAL; -- 2.27.0