From: Archana Muniganti <marchana@marvell.com>
To: <gakhil@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>, <ktejasree@marvell.com>,
<adwivedi@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH 2/6] crypto/cnxk: add null auth
Date: Thu, 28 Oct 2021 22:22:24 +0530 [thread overview]
Message-ID: <20211028165228.14603-3-marchana@marvell.com> (raw)
In-Reply-To: <20211028165228.14603-1-marchana@marvell.com>
From: Anoob Joseph <anoobj@marvell.com>
Add null auth support with lookaside IPsec on cn10k crypto PMDs.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
doc/guides/cryptodevs/cnxk.rst | 1 +
doc/guides/rel_notes/release_21_11.rst | 1 +
drivers/crypto/cnxk/cn9k_ipsec.c | 6 +++--
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 24 +++++++++++++++++++
drivers/crypto/cnxk/cnxk_ipsec.h | 3 +++
5 files changed, 33 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index b5b6645008..709da56ca8 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -258,4 +258,5 @@ CN10XX Features supported
* Transport mode
* UDP Encapsulation
* AES-128/192/256-GCM
+* AES-128/192/256-CBC-NULL
* AES-128/192/256-CBC-SHA1-HMAC
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 2df443e39f..6cc7b2579e 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -212,6 +212,7 @@ New Features
* Added support for ZUC algorithm with 256-bit key length for CN10K.
* Added support for CN98xx dual block.
* Added inner checksum support in lookaside protocol (IPsec) for CN10K.
+ * Added AES-CBC NULL auth support in lookaside protocol (IPsec) for CN10K.
* **Added support for event crypto adapter on Marvell CN10K and CN9K.**
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 53fb793654..a43864df0d 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -316,7 +316,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
if (ret)
return ret;
- if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) {
+ if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||
+ ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL) {
template = &out_sa->aes_gcm.template;
ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template);
} else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) {
@@ -449,7 +450,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
if (ret)
return ret;
- if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD ||
+ auth_xform->auth.algo == RTE_CRYPTO_AUTH_NULL) {
ctx_len = offsetof(struct roc_ie_on_inb_sa,
sha1_or_gcm.hmac_key[0]);
} else {
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index a53b489a04..19d75a63c6 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -930,6 +930,27 @@ sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
*cur_pos += nb_caps;
}
+static void
+cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[],
+ int *cur_pos)
+{
+ const struct rte_cryptodev_capabilities *cap;
+ unsigned int i;
+
+ if ((CNXK_CPT_MAX_CAPS - *cur_pos) < 1)
+ return;
+
+ /* NULL auth */
+ for (i = 0; i < RTE_DIM(caps_null); i++) {
+ cap = &caps_null[i];
+ if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+ cap->sym.auth.algo == RTE_CRYPTO_AUTH_NULL) {
+ cnxk_caps[*cur_pos] = caps_null[i];
+ *cur_pos += 1;
+ }
+ }
+}
+
static void
sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
union cpt_eng_caps *hw_caps)
@@ -939,6 +960,9 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);
SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);
+ if (roc_model_is_cn10k())
+ cn10k_sec_crypto_caps_update(cnxk_caps, &cur_pos);
+
sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
}
diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index ff396179ca..dddb414793 100644
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -40,6 +40,9 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
{
uint16_t keylen = crypto_xform->auth.key.length;
+ if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_NULL)
+ return 0;
+
if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
if (keylen >= 20 && keylen <= 64)
return 0;
--
2.22.0
next prev parent reply other threads:[~2021-10-28 16:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-28 16:52 [dpdk-dev] [PATCH 0/6] add cnxk lookaside IPsec additional features Archana Muniganti
2021-10-28 16:52 ` [dpdk-dev] [PATCH 1/6] common/cnxk: add null auth with IPsec Archana Muniganti
2021-10-28 16:52 ` Archana Muniganti [this message]
2021-10-28 16:52 ` [dpdk-dev] [PATCH 3/6] crypto/cnxk: add cn9k ESN and anti-replay support Archana Muniganti
2021-10-28 16:52 ` [dpdk-dev] [PATCH 4/6] doc/guides: update feature list supported with cn9k Archana Muniganti
2021-10-28 16:52 ` [dpdk-dev] [PATCH 5/6] crypto/cnxk: update auth key size Archana Muniganti
2021-10-28 16:52 ` [dpdk-dev] [PATCH 6/6] crypto/cnxk: support IPv6 mixed tunnel mode Archana Muniganti
2021-10-29 4:54 ` [dpdk-dev] [PATCH 0/6] add cnxk lookaside IPsec additional features Anoob Joseph
2021-10-31 21:21 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211028165228.14603-3-marchana@marvell.com \
--to=marchana@marvell.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=ktejasree@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).