From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <borisp@mellanox.com>
Received: from mellanox.co.il (mail-il-dmz.mellanox.com [193.47.165.129])
 by dpdk.org (Postfix) with ESMTP id C04737CB1
 for <dev@dpdk.org>; Mon, 10 Jul 2017 09:35:23 +0200 (CEST)
Received: from Internal Mail-Server by MTLPINE1 (envelope-from
 borisp@mellanox.com)
 with ESMTPS (AES256-SHA encrypted); 10 Jul 2017 10:35:19 +0300
Received: from gen-l-vrt-098.mtl.labs.mlnx (gen-l-vrt-098.mtl.labs.mlnx
 [10.137.170.1])
 by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v6A7ZJVY030940;
 Mon, 10 Jul 2017 10:35:19 +0300
From: Boris Pismenny <borisp@mellanox.com>
To: dev@dpdk.org
Cc: aviadye@mellanox.com, borisp@mellanox.com
Date: Mon, 10 Jul 2017 10:35:14 +0300
Message-Id: <1499672117-56728-5-git-send-email-borisp@mellanox.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1499672117-56728-1-git-send-email-borisp@mellanox.com>
References: <1499672117-56728-1-git-send-email-borisp@mellanox.com>
Subject: [dpdk-dev] [RFC 4/7] cryptodev: add ipsec xform
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2017 07:35:24 -0000

This patch add a xform that is used with the crypto flow
steering action to offload ipsec crypto inline.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye@mellanox.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 42 ++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3a40844..139443e 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -346,11 +346,49 @@ struct rte_crypto_auth_xform {
 	 */
 };
 
+/**
+ * IPsec transformation data
+ *
+ * This structure contains data relating to an IPsec crypto
+ * transforms. The fields op, algo and key are common to all
+ * IPsec encryptions and MUST be set. The salt is useful for AEAD ciphers
+ * which must provide an out-of-band nonce for each SA.
+ */
+struct rte_crypto_ipsec_xform {
+	enum rte_crypto_cipher_operation op;
+	/**< IPsec operation type */
+	enum rte_crypto_cipher_algorithm algo;
+	/**<  Encryption algorithm selection */
+
+	struct {
+		uint8_t *data;	/**< pointer to key data */
+		size_t length;	/**< key length in bytes */
+	} key;
+	/**< Cipher key
+	 *
+	 * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
+	 * 192 bits (24 bytes) or 256 bits (32 bytes).
+	 *
+	 * For the CCM mode of operation, the only supported key length is 128
+	 * bits (16 bytes).
+	 *
+	 **/
+
+	uint32_t salt; /* salt for this security association */
+	/** <Implicit IV
+	 *
+	 * Implicit IV is set once per SA as defined by RFC 4106 (ESP AES-GCM)
+	 *
+	 **/
+
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform */
+	RTE_CRYPTO_SYM_XFORM_IPSEC,		/**< IPsec xform */
 };
 
 /**
@@ -373,6 +411,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_ipsec_xform ipsec;
+		/**< IPsec xform */
 	};
 };
 
-- 
1.8.3.1