* [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support
@ 2020-07-15 9:26 Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 1/9] crypto/octeontx2: move capabilities initialization into probe Tejasree Kondoj
` (8 more replies)
0 siblings, 9 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:26 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
This series adds lookaside IPsec support in OCTEON TX2 PMD.
Features supported:
* IPv4
* ESP
* Tunnel mode
* AES-128/192/256-GCM
v2:
* Updated PMD documentation and release notes
* Moved capabilities initialization into probe
* Added patch description to all patches
* Renamed few structures and macros
* Cosmetics and code style fixes
Tejasree Kondoj (5):
crypto/octeontx2: move capabilities initialization into probe
net/octeontx2: move otx2_sec_session struct to otx2_security.h
crypto/octeontx2: add lookaside SA context definitions
crypto/octeontx2: add cryptodev sec registration
crypto/octeontx2: add cryptodev sec capabilities
Vamsi Attunuru (4):
crypto/octeontx2: add cryptodev sec misc callbacks
crypto/octeontx2: add cryptodev sec session create
crypto/octeontx2: add cryptodev sec enqueue routine
crypto/octeontx2: add cryptodev sec dequeue routine
doc/guides/cryptodevs/octeontx2.rst | 19 +
doc/guides/rel_notes/release_20_08.rst | 5 +
drivers/crypto/octeontx2/Makefile | 1 +
drivers/crypto/octeontx2/meson.build | 3 +-
drivers/crypto/octeontx2/otx2_cryptodev.c | 15 +-
drivers/crypto/octeontx2/otx2_cryptodev.h | 8 +
.../octeontx2/otx2_cryptodev_capabilities.c | 110 +++-
.../octeontx2/otx2_cryptodev_capabilities.h | 21 +-
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 75 ++-
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 540 ++++++++++++++++++
drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 64 +++
drivers/crypto/octeontx2/otx2_ipsec_po.h | 441 ++++++++++++++
drivers/crypto/octeontx2/otx2_ipsec_po_ops.h | 175 ++++++
drivers/crypto/octeontx2/otx2_security.h | 31 +
drivers/net/octeontx2/otx2_ethdev_sec.c | 24 +-
drivers/net/octeontx2/otx2_ethdev_sec.h | 11 +-
drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 1 +
17 files changed, 1510 insertions(+), 34 deletions(-)
create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.c
create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h
create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h
create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
create mode 100644 drivers/crypto/octeontx2/otx2_security.h
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 1/9] crypto/octeontx2: move capabilities initialization into probe
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
@ 2020-07-15 9:26 ` Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 2/9] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
` (7 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:26 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
This patch moves capabilities initialization into probe.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_cryptodev.c | 2 ++
drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c | 9 ++++++---
drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h | 8 +++++++-
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 2 +-
4 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index 9aa0fe35b4..a51d532553 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -101,6 +101,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
goto otx2_dev_fini;
}
+ otx2_crypto_capabilities_init(vf->hw_caps);
+
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
index f6f4dee6cf..f0ed1e2df9 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
@@ -737,10 +737,9 @@ cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
cur_pos += nb_caps;
}
-const struct rte_cryptodev_capabilities *
-otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps)
+void
+otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps)
{
-
CPT_CAPS_ADD(hw_caps, mul);
CPT_CAPS_ADD(hw_caps, sha1_sha2);
CPT_CAPS_ADD(hw_caps, chacha20);
@@ -751,6 +750,10 @@ otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps)
cpt_caps_add(caps_null, RTE_DIM(caps_null));
cpt_caps_add(caps_end, RTE_DIM(caps_end));
+}
+const struct rte_cryptodev_capabilities *
+otx2_cpt_capabilities_get(void)
+{
return otx2_cpt_caps;
}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
index e07a2a8c92..a439cbefd3 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
@@ -16,11 +16,17 @@ enum otx2_cpt_egrp {
OTX2_CPT_EGRP_MAX,
};
+/*
+ * Initialize crypto capabilities for the device
+ *
+ */
+void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps);
+
/*
* Get capabilities list for the device
*
*/
const struct rte_cryptodev_capabilities *
-otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps);
+otx2_cpt_capabilities_get(void);
#endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index a3703682a0..229b719b42 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -1071,7 +1071,7 @@ otx2_cpt_dev_info_get(struct rte_cryptodev *dev,
if (info != NULL) {
info->max_nb_queue_pairs = vf->max_queues;
info->feature_flags = dev->feature_flags;
- info->capabilities = otx2_cpt_capabilities_get(vf->hw_caps);
+ info->capabilities = otx2_cpt_capabilities_get();
info->sym.max_nb_sessions = 0;
info->driver_id = otx2_cryptodev_driver_id;
info->min_mbuf_headroom_req = OTX2_CPT_MIN_HEADROOM_REQ;
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 2/9] net/octeontx2: move otx2_sec_session struct to otx2_security.h
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 1/9] crypto/octeontx2: move capabilities initialization into probe Tejasree Kondoj
@ 2020-07-15 9:26 ` Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 3/9] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
` (6 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:26 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
This patch moves otx2_sec_session structure to otx2_security.h
to make it common for inline and lookaside protocol.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_security.h | 20 ++++++++++++++++++++
drivers/net/octeontx2/otx2_ethdev_sec.c | 1 +
drivers/net/octeontx2/otx2_ethdev_sec.h | 10 ----------
drivers/net/octeontx2/otx2_ethdev_sec_tx.h | 1 +
4 files changed, 22 insertions(+), 10 deletions(-)
create mode 100644 drivers/crypto/octeontx2/otx2_security.h
diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h
new file mode 100644
index 0000000000..9790c709d6
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_SECURITY_H__
+#define __OTX2_SECURITY_H__
+
+#include "otx2_ethdev_sec.h"
+
+union otx2_sec_session_ipsec {
+ struct otx2_sec_session_ipsec_ip ip;
+};
+
+struct otx2_sec_session {
+ union otx2_sec_session_ipsec ipsec;
+ void *userdata;
+ /**< Userdata registered by the application */
+} __rte_cache_aligned;
+
+#endif /* __OTX2_SECURITY_H__ */
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index 5f6140f70b..c2ad32cf0c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -19,6 +19,7 @@
#include "otx2_ethdev_sec.h"
#include "otx2_ipsec_fp.h"
#include "otx2_sec_idev.h"
+#include "otx2_security.h"
#define AH_HDR_LEN 12
#define AES_GCM_IV_LEN 8
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h
index e24358a05a..22025d0d0c 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h
@@ -116,16 +116,6 @@ struct otx2_sec_session_ipsec_ip {
struct otx2_cpt_qp *qp;
};
-struct otx2_sec_session_ipsec {
- struct otx2_sec_session_ipsec_ip ip;
-};
-
-struct otx2_sec_session {
- struct otx2_sec_session_ipsec ipsec;
- void *userdata;
- /**< Userdata registered by the application */
-} __rte_cache_aligned;
-
int otx2_eth_sec_ctx_create(struct rte_eth_dev *eth_dev);
void otx2_eth_sec_ctx_destroy(struct rte_eth_dev *eth_dev);
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
index 2e35a8c773..f8130ca624 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec_tx.h
@@ -9,6 +9,7 @@
#include <rte_mbuf.h>
#include "otx2_ethdev_sec.h"
+#include "otx2_security.h"
struct otx2_ipsec_fp_out_hdr {
uint32_t ip_id;
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 3/9] crypto/octeontx2: add lookaside SA context definitions
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 1/9] crypto/octeontx2: move capabilities initialization into probe Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 2/9] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
@ 2020-07-15 9:26 ` Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
` (5 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:26 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
This patch adds lookaside IPsec SA context definitions.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 58 +++++++++
drivers/crypto/octeontx2/otx2_ipsec_po.h | 110 ++++++++++++++++++
drivers/crypto/octeontx2/otx2_security.h | 2 +
drivers/net/octeontx2/otx2_ethdev_sec.h | 1 +
4 files changed, 171 insertions(+)
create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.h
create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po.h
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
new file mode 100644
index 0000000000..253f62d873
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -0,0 +1,58 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_CRYPTODEV_SEC_H__
+#define __OTX2_CRYPTODEV_SEC_H__
+
+#include "otx2_ipsec_po.h"
+
+struct otx2_sec_session_ipsec_lp {
+ RTE_STD_C11
+ union {
+ /* Inbound SA */
+ struct otx2_ipsec_po_in_sa in_sa;
+ /* Outbound SA */
+ struct otx2_ipsec_po_out_sa out_sa;
+ };
+
+ uint64_t ucmd_w3;
+ union {
+ uint64_t ucmd_w0;
+ struct {
+ uint16_t ucmd_dlen;
+ uint16_t ucmd_param2;
+ uint16_t ucmd_param1;
+ uint16_t ucmd_opcode;
+ };
+ };
+
+ uint8_t partial_len;
+ uint8_t roundup_len;
+ uint8_t roundup_byte;
+ uint16_t ip_id;
+ union {
+ uint64_t esn;
+ struct {
+ uint32_t seq_lo;
+ uint32_t seq_hi;
+ };
+ };
+
+ /** Context length in 8-byte words */
+ size_t ctx_len;
+ /** Auth IV offset in bytes */
+ uint16_t auth_iv_offset;
+ /** IV offset in bytes */
+ uint16_t iv_offset;
+ /** AAD length */
+ uint16_t aad_length;
+ /** MAC len in bytes */
+ uint8_t mac_len;
+ /** IV length in bytes */
+ uint8_t iv_length;
+ /** Auth IV length in bytes */
+ uint8_t auth_iv_length;
+};
+
+#endif /* __OTX2_CRYPTODEV_SEC_H__ */
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
new file mode 100644
index 0000000000..217dfeaff0
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -0,0 +1,110 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2020 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_IPSEC_PO_H__
+#define __OTX2_IPSEC_PO_H__
+
+#include <rte_crypto_sym.h>
+#include <rte_ip.h>
+#include <rte_security.h>
+
+union otx2_ipsec_po_bit_perfect_iv {
+ uint8_t aes_iv[16];
+ uint8_t des_iv[8];
+ struct {
+ uint8_t nonce[4];
+ uint8_t iv[8];
+ uint8_t counter[4];
+ } gcm;
+};
+
+struct otx2_ipsec_po_traffic_selector {
+ rte_be16_t src_port[2];
+ rte_be16_t dst_port[2];
+ RTE_STD_C11
+ union {
+ struct {
+ rte_be32_t src_addr[2];
+ rte_be32_t dst_addr[2];
+ } ipv4;
+ struct {
+ uint8_t src_addr[32];
+ uint8_t dst_addr[32];
+ } ipv6;
+ };
+};
+
+struct otx2_ipsec_po_sa_ctl {
+ rte_be32_t spi : 32;
+ uint64_t exp_proto_inter_frag : 8;
+ uint64_t rsvd_42_40 : 3;
+ uint64_t esn_en : 1;
+ uint64_t rsvd_45_44 : 2;
+ uint64_t encap_type : 2;
+ uint64_t enc_type : 3;
+ uint64_t rsvd_48 : 1;
+ uint64_t auth_type : 4;
+ uint64_t valid : 1;
+ uint64_t direction : 1;
+ uint64_t outer_ip_ver : 1;
+ uint64_t inner_ip_ver : 1;
+ uint64_t ipsec_mode : 1;
+ uint64_t ipsec_proto : 1;
+ uint64_t aes_key_len : 2;
+};
+
+struct otx2_ipsec_po_in_sa {
+ /* w0 */
+ struct otx2_ipsec_po_sa_ctl ctl;
+
+ /* w1-w4 */
+ uint8_t cipher_key[32];
+
+ /* w5-w6 */
+ union otx2_ipsec_po_bit_perfect_iv iv;
+
+ /* w7 */
+ uint32_t esn_hi;
+ uint32_t esn_low;
+
+ /* w8 */
+ uint8_t udp_encap[8];
+
+ /* w9-w23 */
+ struct {
+ uint8_t hmac_key[48];
+ struct otx2_ipsec_po_traffic_selector selector;
+ } aes_gcm;
+};
+
+struct otx2_ipsec_po_ip_template {
+ RTE_STD_C11
+ union {
+ uint8_t raw[252];
+ struct rte_ipv4_hdr ipv4_hdr;
+ struct rte_ipv6_hdr ipv6_hdr;
+ };
+};
+
+struct otx2_ipsec_po_out_sa {
+ /* w0 */
+ struct otx2_ipsec_po_sa_ctl ctl;
+
+ /* w1-w4 */
+ uint8_t cipher_key[32];
+
+ /* w5-w6 */
+ union otx2_ipsec_po_bit_perfect_iv iv;
+
+ /* w7 */
+ uint32_t esn_hi;
+ uint32_t esn_low;
+
+ /* w8-w39 */
+ struct otx2_ipsec_po_ip_template template;
+ uint16_t udp_src;
+ uint16_t udp_dst;
+};
+
+#endif /* __OTX2_IPSEC_PO_H__ */
diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h
index 9790c709d6..9b4fe263c4 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -5,10 +5,12 @@
#ifndef __OTX2_SECURITY_H__
#define __OTX2_SECURITY_H__
+#include "otx2_cryptodev_sec.h"
#include "otx2_ethdev_sec.h"
union otx2_sec_session_ipsec {
struct otx2_sec_session_ipsec_ip ip;
+ struct otx2_sec_session_ipsec_lp lp;
};
struct otx2_sec_session {
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.h b/drivers/net/octeontx2/otx2_ethdev_sec.h
index 22025d0d0c..298b00bf89 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.h
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.h
@@ -8,6 +8,7 @@
#include <rte_ethdev.h>
#include "otx2_ipsec_fp.h"
+#include "otx2_ipsec_po.h"
#define OTX2_CPT_RES_ALIGN 16
#define OTX2_NIX_SEND_DESC_ALIGN 16
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
` (2 preceding siblings ...)
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 3/9] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
@ 2020-07-15 9:26 ` Tejasree Kondoj
2020-07-15 16:57 ` Akhil Goyal
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 5/9] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
` (4 subsequent siblings)
8 siblings, 1 reply; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:26 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
This patch registers security operations with cryptodev.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/Makefile | 1 +
drivers/crypto/octeontx2/meson.build | 3 +-
drivers/crypto/octeontx2/otx2_cryptodev.c | 12 ++++-
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 46 +++++++++++++++++++
drivers/crypto/octeontx2/otx2_cryptodev_sec.h | 6 +++
5 files changed, 66 insertions(+), 2 deletions(-)
create mode 100644 drivers/crypto/octeontx2/otx2_cryptodev_sec.c
diff --git a/drivers/crypto/octeontx2/Makefile b/drivers/crypto/octeontx2/Makefile
index 5f9a6a0e3f..14152c6117 100644
--- a/drivers/crypto/octeontx2/Makefile
+++ b/drivers/crypto/octeontx2/Makefile
@@ -38,6 +38,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_capabilities.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_hw_access.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_mbox.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_ops.c
+SRCS-$(CONFIG_RTE_LIBRTE_PMD_OCTEONTX2_CRYPTO) += otx2_cryptodev_sec.c
# export include files
SYMLINK-y-include +=
diff --git a/drivers/crypto/octeontx2/meson.build b/drivers/crypto/octeontx2/meson.build
index 0948e73607..148ec184a6 100644
--- a/drivers/crypto/octeontx2/meson.build
+++ b/drivers/crypto/octeontx2/meson.build
@@ -17,7 +17,8 @@ sources = files('otx2_cryptodev.c',
'otx2_cryptodev_capabilities.c',
'otx2_cryptodev_hw_access.c',
'otx2_cryptodev_mbox.c',
- 'otx2_cryptodev_ops.c')
+ 'otx2_cryptodev_ops.c',
+ 'otx2_cryptodev_sec.c')
extra_flags = []
# This integrated controller runs only on a arm64 machine, remove 32bit warnings
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index a51d532553..e9b7c1cc04 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -17,6 +17,7 @@
#include "otx2_cryptodev_capabilities.h"
#include "otx2_cryptodev_mbox.h"
#include "otx2_cryptodev_ops.h"
+#include "otx2_cryptodev_sec.h"
#include "otx2_dev.h"
/* CPT common headers */
@@ -103,6 +104,11 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
otx2_crypto_capabilities_init(vf->hw_caps);
+ /* Create security ctx */
+ ret = otx2_crypto_sec_ctx_create(dev);
+ if (ret)
+ goto otx2_dev_fini;
+
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
@@ -111,7 +117,8 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
- RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
+ RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
+ RTE_CRYPTODEV_FF_SECURITY;
return 0;
@@ -140,6 +147,9 @@ otx2_cpt_pci_remove(struct rte_pci_device *pci_dev)
if (dev == NULL)
return -ENODEV;
+ /* Destroy security ctx */
+ otx2_crypto_sec_ctx_destroy(dev);
+
return rte_cryptodev_pmd_destroy(dev);
}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
new file mode 100644
index 0000000000..d937e6f37a
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -0,0 +1,46 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2020 Marvell International Ltd.
+ */
+
+#include <rte_cryptodev.h>
+#include <rte_malloc.h>
+#include <rte_security.h>
+#include <rte_security_driver.h>
+
+#include "otx2_cryptodev_sec.h"
+
+static struct rte_security_ops otx2_crypto_sec_ops = {
+ .session_create = NULL,
+ .session_destroy = NULL,
+ .session_get_size = NULL,
+ .set_pkt_metadata = NULL,
+ .get_userdata = NULL,
+ .capabilities_get = NULL
+};
+
+int
+otx2_crypto_sec_ctx_create(struct rte_cryptodev *cdev)
+{
+ struct rte_security_ctx *ctx;
+
+ ctx = rte_malloc("otx2_cpt_dev_sec_ctx",
+ sizeof(struct rte_security_ctx), 0);
+
+ if (ctx == NULL)
+ return -ENOMEM;
+
+ /* Populate ctx */
+ ctx->device = cdev;
+ ctx->ops = &otx2_crypto_sec_ops;
+ ctx->sess_cnt = 0;
+
+ cdev->security_ctx = ctx;
+
+ return 0;
+}
+
+void
+otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *cdev)
+{
+ rte_free(cdev->security_ctx);
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
index 253f62d873..b989251e71 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.h
@@ -5,6 +5,8 @@
#ifndef __OTX2_CRYPTODEV_SEC_H__
#define __OTX2_CRYPTODEV_SEC_H__
+#include <rte_cryptodev.h>
+
#include "otx2_ipsec_po.h"
struct otx2_sec_session_ipsec_lp {
@@ -55,4 +57,8 @@ struct otx2_sec_session_ipsec_lp {
uint8_t auth_iv_length;
};
+int otx2_crypto_sec_ctx_create(struct rte_cryptodev *crypto_dev);
+
+void otx2_crypto_sec_ctx_destroy(struct rte_cryptodev *crypto_dev);
+
#endif /* __OTX2_CRYPTODEV_SEC_H__ */
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 5/9] crypto/octeontx2: add cryptodev sec capabilities
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
` (3 preceding siblings ...)
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
@ 2020-07-15 9:26 ` Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 6/9] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
` (3 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:26 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Tejasree Kondoj, Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
This patch adds lookaside IPsec capabilities.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_cryptodev.c | 1 +
.../octeontx2/otx2_cryptodev_capabilities.c | 101 ++++++++++++++++++
.../octeontx2/otx2_cryptodev_capabilities.h | 13 +++
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 4 +-
4 files changed, 118 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index e9b7c1cc04..02d2fd83bd 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -103,6 +103,7 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
}
otx2_crypto_capabilities_init(vf->hw_caps);
+ otx2_crypto_sec_capabilities_init(vf->hw_caps);
/* Create security ctx */
ret = otx2_crypto_sec_ctx_create(dev);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
index f0ed1e2df9..80f3729995 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
@@ -3,7 +3,9 @@
*/
#include <rte_cryptodev.h>
+#include <rte_security.h>
+#include "otx2_cryptodev.h"
#include "otx2_cryptodev_capabilities.h"
#include "otx2_mbox.h"
@@ -26,9 +28,18 @@
cpt_caps_add(caps_##name, RTE_DIM(caps_##name)); \
} while (0)
+#define SEC_CAPS_ADD(hw_caps, name) do { \
+ enum otx2_cpt_egrp egrp; \
+ CPT_EGRP_GET(hw_caps, name, &egrp); \
+ if (egrp < OTX2_CPT_EGRP_MAX) \
+ sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\
+} while (0)
+
#define OTX2_CPT_MAX_CAPS 34
+#define OTX2_SEC_MAX_CAPS 4
static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS];
+static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS];
static const struct rte_cryptodev_capabilities caps_mul[] = {
{ /* RSA */
@@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+ { /* AES GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 8,
+ .max = 12,
+ .increment = 4
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+};
+
+static const struct rte_security_capability
+otx2_crypto_sec_capabilities[] = {
+ { /* IPsec Lookaside Protocol ESP Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_cpt_sec_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Lookaside Protocol ESP Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_cpt_sec_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+};
+
static void
cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
{
@@ -757,3 +832,29 @@ otx2_cpt_capabilities_get(void)
{
return otx2_cpt_caps;
}
+
+static void
+sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+ static int cur_pos;
+
+ if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS)
+ return;
+
+ memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0]));
+ cur_pos += nb_caps;
+}
+
+void
+otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps)
+{
+ SEC_CAPS_ADD(hw_caps, aes);
+
+ sec_caps_add(caps_end, RTE_DIM(caps_end));
+}
+
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused)
+{
+ return otx2_crypto_sec_capabilities;
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
index a439cbefd3..c1e0001190 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
@@ -29,4 +29,17 @@ void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps);
const struct rte_cryptodev_capabilities *
otx2_cpt_capabilities_get(void);
+/*
+ * Initialize security capabilities for the device
+ *
+ */
+void otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps);
+
+/*
+ * Get security capabilities list for the device
+ *
+ */
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused);
+
#endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index d937e6f37a..906a87b9e5 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -7,6 +7,8 @@
#include <rte_security.h>
#include <rte_security_driver.h>
+#include "otx2_cryptodev.h"
+#include "otx2_cryptodev_capabilities.h"
#include "otx2_cryptodev_sec.h"
static struct rte_security_ops otx2_crypto_sec_ops = {
@@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = {
.session_get_size = NULL,
.set_pkt_metadata = NULL,
.get_userdata = NULL,
- .capabilities_get = NULL
+ .capabilities_get = otx2_crypto_sec_capabilities_get
};
int
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 6/9] crypto/octeontx2: add cryptodev sec misc callbacks
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
` (4 preceding siblings ...)
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 5/9] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
@ 2020-07-15 9:27 ` Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 7/9] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
` (2 subsequent siblings)
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:27 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev
From: Vamsi Attunuru <vattunuru@marvell.com>
This patch adds lookaside IPsec callback functions.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 34 +++++++++++++++++--
1 file changed, 31 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 906a87b9e5..6e14b37a68 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -10,13 +10,41 @@
#include "otx2_cryptodev.h"
#include "otx2_cryptodev_capabilities.h"
#include "otx2_cryptodev_sec.h"
+#include "otx2_security.h"
+
+static unsigned int
+otx2_crypto_sec_session_get_size(void *device __rte_unused)
+{
+ return sizeof(struct otx2_sec_session);
+}
+
+static int
+otx2_crypto_sec_set_pkt_mdata(void *device __rte_unused,
+ struct rte_security_session *session,
+ struct rte_mbuf *m, void *params __rte_unused)
+{
+ /* Set security session as the pkt metadata */
+ m->udata64 = (uint64_t)session;
+
+ return 0;
+}
+
+static int
+otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md,
+ void **userdata)
+{
+ /* Retrieve userdata */
+ *userdata = (void *)md;
+
+ return 0;
+}
static struct rte_security_ops otx2_crypto_sec_ops = {
.session_create = NULL,
.session_destroy = NULL,
- .session_get_size = NULL,
- .set_pkt_metadata = NULL,
- .get_userdata = NULL,
+ .session_get_size = otx2_crypto_sec_session_get_size,
+ .set_pkt_metadata = otx2_crypto_sec_set_pkt_mdata,
+ .get_userdata = otx2_crypto_sec_get_userdata,
.capabilities_get = otx2_crypto_sec_capabilities_get
};
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 7/9] crypto/octeontx2: add cryptodev sec session create
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
` (5 preceding siblings ...)
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 6/9] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
@ 2020-07-15 9:27 ` Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 8/9] crypto/octeontx2: add cryptodev sec enqueue routine Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:27 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev
From: Vamsi Attunuru <vattunuru@marvell.com>
This patch creates session for lookaside IPsec.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 468 +++++++++++++++++-
drivers/crypto/octeontx2/otx2_ipsec_po.h | 295 +++++++++++
drivers/crypto/octeontx2/otx2_security.h | 9 +
drivers/net/octeontx2/otx2_ethdev_sec.c | 23 +-
4 files changed, 777 insertions(+), 18 deletions(-)
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index 6e14b37a68..0741a592cd 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -3,15 +3,479 @@
*/
#include <rte_cryptodev.h>
+#include <rte_esp.h>
+#include <rte_ethdev.h>
+#include <rte_ip.h>
#include <rte_malloc.h>
#include <rte_security.h>
#include <rte_security_driver.h>
+#include <rte_udp.h>
#include "otx2_cryptodev.h"
#include "otx2_cryptodev_capabilities.h"
+#include "otx2_cryptodev_hw_access.h"
+#include "otx2_cryptodev_ops.h"
#include "otx2_cryptodev_sec.h"
#include "otx2_security.h"
+static int
+ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *xform,
+ struct otx2_sec_session_ipsec_lp *lp)
+{
+ struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
+
+ lp->partial_len = sizeof(struct rte_ipv4_hdr);
+
+ if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {
+ lp->partial_len += sizeof(struct rte_esp_hdr);
+ lp->roundup_len = sizeof(struct rte_esp_tail);
+ } else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {
+ lp->partial_len += OTX2_SEC_AH_HDR_LEN;
+ } else {
+ return -EINVAL;
+ }
+
+ if (ipsec->options.udp_encap)
+ lp->partial_len += sizeof(struct rte_udp_hdr);
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ lp->partial_len += OTX2_SEC_AES_GCM_IV_LEN;
+ lp->partial_len += OTX2_SEC_AES_GCM_MAC_LEN;
+ lp->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN;
+ return 0;
+ } else {
+ return -EINVAL;
+ }
+ }
+
+ if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ cipher_xform = xform;
+ auth_xform = xform->next;
+ } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+ auth_xform = xform;
+ cipher_xform = xform->next;
+ } else {
+ return -EINVAL;
+ }
+
+ if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+ lp->partial_len += OTX2_SEC_AES_CBC_IV_LEN;
+ lp->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN;
+ } else {
+ return -EINVAL;
+ }
+
+ if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+ lp->partial_len += OTX2_SEC_SHA1_HMAC_LEN;
+ else
+ return -EINVAL;
+
+ return 0;
+}
+
+static int
+otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,
+ struct otx2_cpt_qp *qptr, uint8_t opcode)
+{
+ uint64_t lmt_status, time_out;
+ void *lmtline = qptr->lmtline;
+ struct otx2_cpt_inst_s inst;
+ struct otx2_cpt_res *res;
+ uint64_t *mdata;
+ int ret = 0;
+
+ if (unlikely(rte_mempool_get(qptr->meta_info.pool,
+ (void **)&mdata) < 0))
+ return -ENOMEM;
+
+ res = (struct otx2_cpt_res *)RTE_PTR_ALIGN(mdata, 16);
+ res->compcode = CPT_9X_COMP_E_NOTDONE;
+
+ inst.opcode = opcode | (lp->ctx_len << 8);
+ inst.param1 = 0;
+ inst.param2 = 0;
+ inst.dlen = lp->ctx_len << 3;
+ inst.dptr = rte_mempool_virt2iova(lp);
+ inst.rptr = 0;
+ inst.cptr = rte_mempool_virt2iova(lp);
+ inst.egrp = OTX2_CPT_EGRP_SE;
+
+ inst.u64[0] = 0;
+ inst.u64[2] = 0;
+ inst.u64[3] = 0;
+ inst.res_addr = rte_mempool_virt2iova(res);
+
+ rte_cio_wmb();
+
+ do {
+ /* Copy CPT command to LMTLINE */
+ otx2_lmt_mov(lmtline, &inst, 2);
+ lmt_status = otx2_lmt_submit(qptr->lf_nq_reg);
+ } while (lmt_status == 0);
+
+ time_out = rte_get_timer_cycles() +
+ DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
+
+ while (res->compcode == CPT_9X_COMP_E_NOTDONE) {
+ if (rte_get_timer_cycles() > time_out) {
+ rte_mempool_put(qptr->meta_info.pool, mdata);
+ otx2_err("Request timed out");
+ return -ETIMEDOUT;
+ }
+ rte_cio_rmb();
+ }
+
+ if (unlikely(res->compcode != CPT_9X_COMP_E_GOOD)) {
+ ret = res->compcode;
+ switch (ret) {
+ case CPT_9X_COMP_E_INSTERR:
+ otx2_err("Request failed with instruction error");
+ break;
+ case CPT_9X_COMP_E_FAULT:
+ otx2_err("Request failed with DMA fault");
+ break;
+ case CPT_9X_COMP_E_HWERR:
+ otx2_err("Request failed with hardware error");
+ break;
+ default:
+ otx2_err("Request failed with unknown hardware "
+ "completion code : 0x%x", ret);
+ }
+ goto mempool_put;
+ }
+
+ if (unlikely(res->uc_compcode != OTX2_IPSEC_PO_CC_SUCCESS)) {
+ ret = res->uc_compcode;
+ switch (ret) {
+ case OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED:
+ otx2_err("Invalid auth type");
+ break;
+ case OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED:
+ otx2_err("Invalid encrypt type");
+ break;
+ default:
+ otx2_err("Request failed with unknown microcode "
+ "completion code : 0x%x", ret);
+ }
+ }
+
+mempool_put:
+ rte_mempool_put(qptr->meta_info.pool, mdata);
+ return ret;
+}
+
+static void
+set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,
+ struct rte_crypto_sym_xform *crypto_xform,
+ struct rte_crypto_sym_xform *auth_xform,
+ struct rte_crypto_sym_xform *cipher_xform)
+{
+ if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ sess->iv_offset = crypto_xform->aead.iv.offset;
+ sess->iv_length = crypto_xform->aead.iv.length;
+ sess->aad_length = crypto_xform->aead.aad_length;
+ sess->mac_len = crypto_xform->aead.digest_length;
+ } else {
+ sess->iv_offset = cipher_xform->cipher.iv.offset;
+ sess->iv_length = cipher_xform->cipher.iv.length;
+ sess->auth_iv_offset = auth_xform->auth.iv.offset;
+ sess->auth_iv_length = auth_xform->auth.iv.length;
+ sess->mac_len = auth_xform->auth.digest_length;
+ }
+
+ sess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;
+ sess->ucmd_param2 = 0;
+}
+
+static int
+crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,
+ struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *crypto_xform,
+ struct rte_security_session *sec_sess)
+{
+ struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+ const uint8_t *cipher_key, *auth_key;
+ struct otx2_sec_session_ipsec_lp *lp;
+ struct otx2_ipsec_po_sa_ctl *ctl;
+ int cipher_key_len, auth_key_len;
+ struct otx2_ipsec_po_out_sa *sa;
+ struct otx2_sec_session *sess;
+ struct otx2_cpt_inst_s inst;
+ struct rte_ipv4_hdr *ip;
+ int ret;
+
+ sess = get_sec_session_private_data(sec_sess);
+ lp = &sess->ipsec.lp;
+
+ sa = &lp->out_sa;
+ ctl = &sa->ctl;
+ if (ctl->valid) {
+ otx2_err("SA already registered");
+ return -EINVAL;
+ }
+
+ memset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa));
+
+ /* Initialize lookaside ipsec private data */
+ lp->ip_id = 0;
+ lp->seq_lo = 1;
+ lp->seq_hi = 0;
+
+ ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
+ if (ret)
+ return ret;
+
+ ret = ipsec_lp_len_precalc(ipsec, crypto_xform, lp);
+ if (ret)
+ return ret;
+
+ memcpy(sa->iv.gcm.nonce, &ipsec->salt, 4);
+
+ if (ipsec->options.udp_encap) {
+ sa->udp_src = 4500;
+ sa->udp_dst = 4500;
+ }
+
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+ /* Start ip id from 1 */
+ lp->ip_id = 1;
+
+ if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
+ ip = &sa->template.ipv4_hdr;
+ ip->version_ihl = RTE_IPV4_VHL_DEF;
+ ip->next_proto_id = IPPROTO_ESP;
+ ip->time_to_live = ipsec->tunnel.ipv4.ttl;
+ ip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);
+ if (ipsec->tunnel.ipv4.df)
+ ip->fragment_offset = BIT(14);
+ memcpy(&ip->src_addr, &ipsec->tunnel.ipv4.src_ip,
+ sizeof(struct in_addr));
+ memcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,
+ sizeof(struct in_addr));
+ } else {
+ return -EINVAL;
+ }
+ } else {
+ return -EINVAL;
+ }
+
+ cipher_xform = crypto_xform;
+ auth_xform = crypto_xform->next;
+
+ cipher_key_len = 0;
+ auth_key_len = 0;
+
+ if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ cipher_key = crypto_xform->aead.key.data;
+ cipher_key_len = crypto_xform->aead.key.length;
+
+ lp->ctx_len = sizeof(struct otx2_ipsec_po_out_sa);
+ lp->ctx_len >>= 3;
+ RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN);
+ } else {
+ cipher_key = cipher_xform->cipher.key.data;
+ cipher_key_len = cipher_xform->cipher.key.length;
+ auth_key = auth_xform->auth.key.data;
+ auth_key_len = auth_xform->auth.key.length;
+
+ /* TODO: check the ctx len for supporting ALGO */
+ lp->ctx_len = sizeof(struct otx2_ipsec_po_out_sa) >> 3;
+ RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN);
+ }
+
+ if (cipher_key_len != 0)
+ memcpy(sa->cipher_key, cipher_key, cipher_key_len);
+ else
+ return -EINVAL;
+
+ /* Use OPAD & IPAD */
+ RTE_SET_USED(auth_key);
+ RTE_SET_USED(auth_key_len);
+
+ inst.u64[7] = 0;
+ inst.egrp = OTX2_CPT_EGRP_SE;
+ inst.cptr = rte_mempool_virt2iova(sa);
+
+ lp->ucmd_w3 = inst.u64[7];
+ lp->ucmd_opcode = (lp->ctx_len << 8) |
+ (OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);
+
+ set_session_misc_attributes(lp, crypto_xform,
+ auth_xform, cipher_xform);
+
+ return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
+ OTX2_IPSEC_PO_WRITE_IPSEC_OUTB);
+}
+
+static int
+crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,
+ struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *crypto_xform,
+ struct rte_security_session *sec_sess)
+{
+ struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+ struct otx2_sec_session_ipsec_lp *lp;
+ struct otx2_ipsec_po_sa_ctl *ctl;
+ const uint8_t *cipher_key, *auth_key;
+ int cipher_key_len, auth_key_len;
+ struct otx2_ipsec_po_in_sa *sa;
+ struct otx2_sec_session *sess;
+ struct otx2_cpt_inst_s inst;
+ int ret;
+
+ sess = get_sec_session_private_data(sec_sess);
+ lp = &sess->ipsec.lp;
+
+ sa = &lp->in_sa;
+ ctl = &sa->ctl;
+
+ if (ctl->valid) {
+ otx2_err("SA already registered");
+ return -EINVAL;
+ }
+
+ memset(sa, 0, sizeof(struct otx2_ipsec_po_in_sa));
+
+ ret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);
+ if (ret)
+ return ret;
+
+ auth_xform = crypto_xform;
+ cipher_xform = crypto_xform->next;
+
+ cipher_key_len = 0;
+ auth_key_len = 0;
+
+ if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)
+ memcpy(sa->iv.gcm.nonce, &ipsec->salt, 4);
+ cipher_key = crypto_xform->aead.key.data;
+ cipher_key_len = crypto_xform->aead.key.length;
+
+ lp->ctx_len = offsetof(struct otx2_ipsec_po_in_sa,
+ aes_gcm.hmac_key[0]) >> 3;
+ RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN);
+ } else {
+ cipher_key = cipher_xform->cipher.key.data;
+ cipher_key_len = cipher_xform->cipher.key.length;
+ auth_key = auth_xform->auth.key.data;
+ auth_key_len = auth_xform->auth.key.length;
+
+ /* TODO: check the ctx len for supporting ALGO */
+ lp->ctx_len = sizeof(struct otx2_ipsec_po_in_sa) >> 2;
+ RTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_MAX_INB_CTX_LEN);
+ }
+
+ if (cipher_key_len != 0)
+ memcpy(sa->cipher_key, cipher_key, cipher_key_len);
+ else
+ return -EINVAL;
+
+ /* Use OPAD & IPAD */
+ RTE_SET_USED(auth_key);
+ RTE_SET_USED(auth_key_len);
+
+ inst.u64[7] = 0;
+ inst.egrp = OTX2_CPT_EGRP_SE;
+ inst.cptr = rte_mempool_virt2iova(sa);
+
+ lp->ucmd_w3 = inst.u64[7];
+ lp->ucmd_opcode = (lp->ctx_len << 8) |
+ (OTX2_IPSEC_PO_PROCESS_IPSEC_INB);
+
+ set_session_misc_attributes(lp, crypto_xform,
+ auth_xform, cipher_xform);
+
+ return otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],
+ OTX2_IPSEC_PO_WRITE_IPSEC_INB);
+}
+
+static int
+crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,
+ struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *crypto_xform,
+ struct rte_security_session *sess)
+{
+ int ret;
+
+ if (crypto_dev->data->queue_pairs[0] == NULL) {
+ otx2_err("Setup cpt queue pair before creating sec session");
+ return -EPERM;
+ }
+
+ ret = ipsec_po_xform_verify(ipsec, crypto_xform);
+ if (ret)
+ return ret;
+
+ if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+ return crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec,
+ crypto_xform, sess);
+ else
+ return crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec,
+ crypto_xform, sess);
+}
+
+static int
+otx2_crypto_sec_session_create(void *device,
+ struct rte_security_session_conf *conf,
+ struct rte_security_session *sess,
+ struct rte_mempool *mempool)
+{
+ struct otx2_sec_session *priv;
+ int ret;
+
+ if (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)
+ return -ENOTSUP;
+
+ if (rte_mempool_get(mempool, (void **)&priv)) {
+ otx2_err("Could not allocate security session private data");
+ return -ENOMEM;
+ }
+
+ set_sec_session_private_data(sess, priv);
+
+ priv->userdata = conf->userdata;
+
+ if (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)
+ ret = crypto_sec_ipsec_session_create(device, &conf->ipsec,
+ conf->crypto_xform,
+ sess);
+ else
+ ret = -ENOTSUP;
+
+ if (ret)
+ goto mempool_put;
+
+ return 0;
+
+mempool_put:
+ rte_mempool_put(mempool, priv);
+ set_sec_session_private_data(sess, NULL);
+ return ret;
+}
+
+static int
+otx2_crypto_sec_session_destroy(void *device __rte_unused,
+ struct rte_security_session *sess)
+{
+ struct otx2_sec_session *priv;
+ struct rte_mempool *sess_mp;
+
+ priv = get_sec_session_private_data(sess);
+
+ if (priv == NULL)
+ return 0;
+
+ sess_mp = rte_mempool_from_obj(priv);
+
+ set_sec_session_private_data(sess, NULL);
+ rte_mempool_put(sess_mp, priv);
+
+ return 0;
+}
+
static unsigned int
otx2_crypto_sec_session_get_size(void *device __rte_unused)
{
@@ -40,8 +504,8 @@ otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md,
}
static struct rte_security_ops otx2_crypto_sec_ops = {
- .session_create = NULL,
- .session_destroy = NULL,
+ .session_create = otx2_crypto_sec_session_create,
+ .session_destroy = otx2_crypto_sec_session_destroy,
.session_get_size = otx2_crypto_sec_session_get_size,
.set_pkt_metadata = otx2_crypto_sec_set_pkt_mdata,
.get_userdata = otx2_crypto_sec_get_userdata,
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 217dfeaff0..f2167f220a 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -9,6 +9,83 @@
#include <rte_ip.h>
#include <rte_security.h>
+#define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN 0x09
+#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN 0x28
+
+#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN 0x22
+#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN 0x38
+
+#define OTX2_IPSEC_PO_PER_PKT_IV BIT(11)
+
+#define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB 0x20
+#define OTX2_IPSEC_PO_WRITE_IPSEC_INB 0x21
+#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23
+#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24
+
+enum otx2_ipsec_po_comp_e {
+ OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
+ OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
+ OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_DIRECTION_INBOUND = 0,
+ OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND = 1,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_IP_VERSION_4 = 0,
+ OTX2_IPSEC_PO_SA_IP_VERSION_6 = 1,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_MODE_TRANSPORT = 0,
+ OTX2_IPSEC_PO_SA_MODE_TUNNEL = 1,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_PROTOCOL_AH = 0,
+ OTX2_IPSEC_PO_SA_PROTOCOL_ESP = 1,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_AES_KEY_LEN_128 = 1,
+ OTX2_IPSEC_PO_SA_AES_KEY_LEN_192 = 2,
+ OTX2_IPSEC_PO_SA_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_ENC_NULL = 0,
+ OTX2_IPSEC_PO_SA_ENC_DES_CBC = 1,
+ OTX2_IPSEC_PO_SA_ENC_3DES_CBC = 2,
+ OTX2_IPSEC_PO_SA_ENC_AES_CBC = 3,
+ OTX2_IPSEC_PO_SA_ENC_AES_CTR = 4,
+ OTX2_IPSEC_PO_SA_ENC_AES_GCM = 5,
+ OTX2_IPSEC_PO_SA_ENC_AES_CCM = 6,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_AUTH_NULL = 0,
+ OTX2_IPSEC_PO_SA_AUTH_MD5 = 1,
+ OTX2_IPSEC_PO_SA_AUTH_SHA1 = 2,
+ OTX2_IPSEC_PO_SA_AUTH_SHA2_224 = 3,
+ OTX2_IPSEC_PO_SA_AUTH_SHA2_256 = 4,
+ OTX2_IPSEC_PO_SA_AUTH_SHA2_384 = 5,
+ OTX2_IPSEC_PO_SA_AUTH_SHA2_512 = 6,
+ OTX2_IPSEC_PO_SA_AUTH_AES_GMAC = 7,
+ OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128 = 8,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_FRAG_POST = 0,
+ OTX2_IPSEC_PO_SA_FRAG_PRE = 1,
+};
+
+enum {
+ OTX2_IPSEC_PO_SA_ENCAP_NONE = 0,
+ OTX2_IPSEC_PO_SA_ENCAP_UDP = 1,
+};
+
union otx2_ipsec_po_bit_perfect_iv {
uint8_t aes_iv[16];
uint8_t des_iv[8];
@@ -107,4 +184,222 @@ struct otx2_ipsec_po_out_sa {
uint16_t udp_dst;
};
+static inline int
+ipsec_po_xform_cipher_verify(struct rte_crypto_sym_xform *xform)
+{
+ if (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+ switch (xform->cipher.key.length) {
+ case 16:
+ case 24:
+ case 32:
+ break;
+ default:
+ return -ENOTSUP;
+ }
+ return 0;
+ }
+
+ return -ENOTSUP;
+}
+
+static inline int
+ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform)
+{
+ uint16_t keylen = xform->auth.key.length;
+
+ if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
+ if (keylen >= 20 && keylen <= 64)
+ return 0;
+ }
+
+ return -ENOTSUP;
+}
+
+static inline int
+ipsec_po_xform_aead_verify(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *xform)
+{
+ if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
+ xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
+ return -EINVAL;
+
+ if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
+ xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
+ return -EINVAL;
+
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ switch (xform->aead.key.length) {
+ case 16:
+ case 24:
+ case 32:
+ break;
+ default:
+ return -EINVAL;
+ }
+ return 0;
+ }
+
+ return -ENOTSUP;
+}
+
+static inline int
+ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *xform)
+{
+ struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
+ int ret;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ return ipsec_po_xform_aead_verify(ipsec, xform);
+
+ if (xform->next == NULL)
+ return -EINVAL;
+
+ if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+ /* Ingress */
+ if (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH ||
+ xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)
+ return -EINVAL;
+ auth_xform = xform;
+ cipher_xform = xform->next;
+ } else {
+ /* Egress */
+ if (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||
+ xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)
+ return -EINVAL;
+ cipher_xform = xform;
+ auth_xform = xform->next;
+ }
+
+ ret = ipsec_po_xform_cipher_verify(cipher_xform);
+ if (ret)
+ return ret;
+
+ ret = ipsec_po_xform_auth_verify(auth_xform);
+ if (ret)
+ return ret;
+
+ return 0;
+}
+
+static inline int
+ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *xform,
+ struct otx2_ipsec_po_sa_ctl *ctl)
+{
+ struct rte_crypto_sym_xform *cipher_xform, *auth_xform;
+ int aes_key_len;
+
+ if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND;
+ cipher_xform = xform;
+ auth_xform = xform->next;
+ } else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
+ ctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_INBOUND;
+ auth_xform = xform;
+ cipher_xform = xform->next;
+ } else {
+ return -EINVAL;
+ }
+
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {
+ if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
+ ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+ else if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)
+ ctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_6;
+ else
+ return -EINVAL;
+ }
+
+ ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
+ ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
+ else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
+ ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TUNNEL;
+ else
+ return -EINVAL;
+
+ if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH)
+ ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_AH;
+ else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP)
+ ctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_ESP;
+ else
+ return -EINVAL;
+
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_GCM;
+ aes_key_len = xform->aead.key.length;
+ } else {
+ return -ENOTSUP;
+ }
+ } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+ ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM;
+ aes_key_len = xform->cipher.key.length;
+ } else {
+ return -ENOTSUP;
+ }
+
+
+ switch (aes_key_len) {
+ case 16:
+ ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_128;
+ break;
+ case 24:
+ ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_192;
+ break;
+ case 32:
+ ctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_256;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ if (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
+ switch (auth_xform->auth.algo) {
+ case RTE_CRYPTO_AUTH_NULL:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_NULL;
+ break;
+ case RTE_CRYPTO_AUTH_MD5_HMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_MD5;
+ break;
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_224;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_256;
+ break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_384;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_512;
+ break;
+ case RTE_CRYPTO_AUTH_AES_GMAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_GMAC;
+ break;
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
+ ctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128;
+ break;
+ default:
+ return -ENOTSUP;
+ }
+ }
+
+ if (ipsec->options.esn)
+ ctl->esn_en = 1;
+
+ if (ipsec->options.udp_encap == 1)
+ ctl->encap_type = OTX2_IPSEC_PO_SA_ENCAP_UDP;
+
+ ctl->spi = rte_cpu_to_be_32(ipsec->spi);
+ ctl->valid = 1;
+
+ return 0;
+}
+
#endif /* __OTX2_IPSEC_PO_H__ */
diff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h
index 9b4fe263c4..086b506047 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -8,6 +8,15 @@
#include "otx2_cryptodev_sec.h"
#include "otx2_ethdev_sec.h"
+#define OTX2_SEC_AH_HDR_LEN 12
+#define OTX2_SEC_AES_GCM_IV_LEN 8
+#define OTX2_SEC_AES_GCM_MAC_LEN 16
+#define OTX2_SEC_AES_CBC_IV_LEN 16
+#define OTX2_SEC_SHA1_HMAC_LEN 12
+
+#define OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN 4
+#define OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN 16
+
union otx2_sec_session_ipsec {
struct otx2_sec_session_ipsec_ip ip;
struct otx2_sec_session_ipsec_lp lp;
diff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c
index c2ad32cf0c..a155594e25 100644
--- a/drivers/net/octeontx2/otx2_ethdev_sec.c
+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c
@@ -21,15 +21,6 @@
#include "otx2_sec_idev.h"
#include "otx2_security.h"
-#define AH_HDR_LEN 12
-#define AES_GCM_IV_LEN 8
-#define AES_GCM_MAC_LEN 16
-#define AES_CBC_IV_LEN 16
-#define SHA1_HMAC_LEN 12
-
-#define AES_GCM_ROUNDUP_BYTE_LEN 4
-#define AES_CBC_ROUNDUP_BYTE_LEN 16
-
struct eth_sec_tag_const {
RTE_STD_C11
union {
@@ -238,7 +229,7 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
sess->partial_len += sizeof(struct rte_esp_hdr);
sess->roundup_len = sizeof(struct rte_esp_tail);
} else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {
- sess->partial_len += AH_HDR_LEN;
+ sess->partial_len += OTX2_SEC_AH_HDR_LEN;
} else {
return -EINVAL;
}
@@ -248,9 +239,9 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
- sess->partial_len += AES_GCM_IV_LEN;
- sess->partial_len += AES_GCM_MAC_LEN;
- sess->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN;
+ sess->partial_len += OTX2_SEC_AES_GCM_IV_LEN;
+ sess->partial_len += OTX2_SEC_AES_GCM_MAC_LEN;
+ sess->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN;
}
return 0;
}
@@ -265,14 +256,14 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,
return -EINVAL;
}
if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
- sess->partial_len += AES_CBC_IV_LEN;
- sess->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN;
+ sess->partial_len += OTX2_SEC_AES_CBC_IV_LEN;
+ sess->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN;
} else {
return -EINVAL;
}
if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
- sess->partial_len += SHA1_HMAC_LEN;
+ sess->partial_len += OTX2_SEC_SHA1_HMAC_LEN;
else
return -EINVAL;
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 8/9] crypto/octeontx2: add cryptodev sec enqueue routine
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
` (6 preceding siblings ...)
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 7/9] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
@ 2020-07-15 9:27 ` Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
8 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:27 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev
From: Vamsi Attunuru <vattunuru@marvell.com>
This patch adds lookaside IPsec enqueue routine.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
drivers/crypto/octeontx2/otx2_cryptodev.h | 8 +
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 36 +++-
drivers/crypto/octeontx2/otx2_ipsec_po.h | 6 +
drivers/crypto/octeontx2/otx2_ipsec_po_ops.h | 175 ++++++++++++++++++
4 files changed, 224 insertions(+), 1 deletion(-)
create mode 100644 drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.h b/drivers/crypto/octeontx2/otx2_cryptodev.h
index e7a1730b22..f329741b38 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.h
@@ -6,6 +6,7 @@
#define _OTX2_CRYPTODEV_H_
#include "cpt_common.h"
+#include "cpt_hw_types.h"
#include "otx2_dev.h"
@@ -33,6 +34,13 @@ struct otx2_cpt_vf {
/**< CPT device capabilities */
};
+struct cpt_meta_info {
+ uint64_t deq_op_info[4];
+ uint64_t comp_code_sz;
+ union cpt_res_s cpt_res __rte_aligned(16);
+ struct cpt_request_info cpt_req __rte_aligned(8);
+};
+
#define CPT_LOGTYPE otx2_cpt_logtype
extern int otx2_cpt_logtype;
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 229b719b42..6a2753eb22 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -13,8 +13,10 @@
#include "otx2_cryptodev_hw_access.h"
#include "otx2_cryptodev_mbox.h"
#include "otx2_cryptodev_ops.h"
+#include "otx2_ipsec_po_ops.h"
#include "otx2_mbox.h"
#include "otx2_sec_idev.h"
+#include "otx2_security.h"
#include "cpt_hw_types.h"
#include "cpt_pmd_logs.h"
@@ -606,6 +608,36 @@ otx2_cpt_enqueue_sym(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
return ret;
}
+static __rte_always_inline int __rte_hot
+otx2_cpt_enqueue_sec(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
+ struct pending_queue *pend_q)
+{
+ struct otx2_sec_session_ipsec_lp *sess;
+ struct otx2_ipsec_po_sa_ctl *ctl_wrd;
+ struct otx2_sec_session *priv;
+ struct cpt_request_info *req;
+ int ret;
+
+ priv = get_sec_session_private_data(op->sym->sec_session);
+ sess = &priv->ipsec.lp;
+
+ ctl_wrd = &sess->in_sa.ctl;
+
+ if (ctl_wrd->direction == OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND)
+ ret = process_outb_sa(op, sess, &qp->meta_info, (void **)&req);
+ else
+ ret = process_inb_sa(op, sess, &qp->meta_info, (void **)&req);
+
+ if (unlikely(ret)) {
+ otx2_err("Crypto req : op %p, ret 0x%x", op, ret);
+ return ret;
+ }
+
+ ret = otx2_cpt_enqueue_req(qp, pend_q, req);
+
+ return ret;
+}
+
static __rte_always_inline int __rte_hot
otx2_cpt_enqueue_sym_sessless(struct otx2_cpt_qp *qp, struct rte_crypto_op *op,
struct pending_queue *pend_q)
@@ -659,7 +691,9 @@ otx2_cpt_enqueue_burst(void *qptr, struct rte_crypto_op **ops, uint16_t nb_ops)
for (count = 0; count < nb_ops; count++) {
op = ops[count];
if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
- if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
+ if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
+ ret = otx2_cpt_enqueue_sec(qp, op, pend_q);
+ else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION)
ret = otx2_cpt_enqueue_sym(qp, op, pend_q);
else
ret = otx2_cpt_enqueue_sym_sessless(qp, op,
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index f2167f220a..5acda79749 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -86,6 +86,12 @@ enum {
OTX2_IPSEC_PO_SA_ENCAP_UDP = 1,
};
+struct otx2_ipsec_po_out_hdr {
+ uint32_t ip_id;
+ uint32_t seq;
+ uint8_t iv[16];
+};
+
union otx2_ipsec_po_bit_perfect_iv {
uint8_t aes_iv[16];
uint8_t des_iv[8];
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
new file mode 100644
index 0000000000..dd29c413d3
--- /dev/null
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po_ops.h
@@ -0,0 +1,175 @@
+
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2019 Marvell International Ltd.
+ */
+
+#ifndef __OTX2_IPSEC_PO_OPS_H__
+#define __OTX2_IPSEC_PO_OPS_H__
+
+#include <rte_crypto_sym.h>
+#include <rte_security.h>
+
+#include "otx2_cryptodev.h"
+#include "otx2_security.h"
+
+static __rte_always_inline int32_t
+otx2_ipsec_po_out_rlen_get(struct otx2_sec_session_ipsec_lp *sess,
+ uint32_t plen)
+{
+ uint32_t enc_payload_len;
+
+ enc_payload_len = RTE_ALIGN_CEIL(plen + sess->roundup_len,
+ sess->roundup_byte);
+
+ return sess->partial_len + enc_payload_len;
+}
+
+static __rte_always_inline struct cpt_request_info *
+alloc_request_struct(char *maddr, void *cop, int mdata_len)
+{
+ struct cpt_request_info *req;
+ struct cpt_meta_info *meta;
+ uint8_t *resp_addr;
+ uintptr_t *op;
+
+ meta = (void *)RTE_PTR_ALIGN((uint8_t *)maddr, 16);
+
+ op = (uintptr_t *)meta->deq_op_info;
+ req = &meta->cpt_req;
+ resp_addr = (uint8_t *)&meta->cpt_res;
+
+ req->completion_addr = (uint64_t *)((uint8_t *)resp_addr);
+ *req->completion_addr = COMPLETION_CODE_INIT;
+ req->comp_baddr = rte_mem_virt2iova(resp_addr);
+ req->op = op;
+
+ op[0] = (uintptr_t)((uint64_t)meta | 1ull);
+ op[1] = (uintptr_t)cop;
+ op[2] = (uintptr_t)req;
+ op[3] = mdata_len;
+
+ return req;
+}
+
+static __rte_always_inline int
+process_outb_sa(struct rte_crypto_op *cop,
+ struct otx2_sec_session_ipsec_lp *sess,
+ struct cpt_qp_meta_info *m_info, void **prep_req)
+{
+ uint32_t dlen, rlen, extend_head, extend_tail;
+ struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct rte_mbuf *m_src = sym_op->m_src;
+ struct otx2_ipsec_po_sa_ctl *ctl_wrd;
+ struct cpt_request_info *req = NULL;
+ struct otx2_ipsec_po_out_hdr *hdr;
+ struct otx2_ipsec_po_out_sa *sa;
+ int hdr_len, mdata_len, ret = 0;
+ vq_cmd_word0_t word0;
+ char *mdata, *data;
+
+ sa = &sess->out_sa;
+ ctl_wrd = &sa->ctl;
+ hdr_len = sizeof(*hdr);
+
+ dlen = rte_pktmbuf_pkt_len(m_src) + hdr_len;
+ rlen = otx2_ipsec_po_out_rlen_get(sess, dlen - hdr_len);
+
+ extend_head = hdr_len + RTE_ETHER_HDR_LEN;
+ extend_tail = rlen - dlen;
+ mdata_len = m_info->lb_mlen + 8;
+
+ mdata = rte_pktmbuf_append(m_src, extend_tail + mdata_len);
+ if (unlikely(mdata == NULL)) {
+ otx2_err("Not enough tail room\n");
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ mdata += extend_tail; /* mdata follows encrypted data */
+ req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+
+ data = rte_pktmbuf_prepend(m_src, extend_head);
+ if (unlikely(data == NULL)) {
+ otx2_err("Not enough head room\n");
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ /*
+ * Move the Ethernet header, to insert otx2_ipsec_po_out_hdr prior
+ * to the IP header
+ */
+ memcpy(data, data + hdr_len, RTE_ETHER_HDR_LEN);
+
+ hdr = (struct otx2_ipsec_po_out_hdr *)rte_pktmbuf_adj(m_src,
+ RTE_ETHER_HDR_LEN);
+
+ if (ctl_wrd->enc_type == OTX2_IPSEC_FP_SA_ENC_AES_GCM) {
+ memcpy(&hdr->iv[0], &sa->iv.gcm.nonce, 4);
+ memcpy(&hdr->iv[4], rte_crypto_op_ctod_offset(cop, uint8_t *,
+ sess->iv_offset), sess->iv_length);
+ } else if (ctl_wrd->auth_type == OTX2_IPSEC_FP_SA_ENC_AES_CBC) {
+ memcpy(&hdr->iv[0], rte_crypto_op_ctod_offset(cop, uint8_t *,
+ sess->iv_offset), sess->iv_length);
+ }
+
+ /* Prepare CPT instruction */
+ word0.u64 = sess->ucmd_w0;
+ word0.s.dlen = dlen;
+
+ req->ist.ei0 = word0.u64;
+ req->ist.ei1 = rte_pktmbuf_iova(m_src);
+ req->ist.ei2 = req->ist.ei1;
+ req->ist.ei3 = sess->ucmd_w3;
+
+ hdr->seq = rte_cpu_to_be_32(sess->seq_lo);
+ hdr->ip_id = rte_cpu_to_be_32(sess->ip_id);
+
+ sess->ip_id++;
+ sess->esn++;
+
+exit:
+ *prep_req = req;
+
+ return ret;
+}
+
+static __rte_always_inline int
+process_inb_sa(struct rte_crypto_op *cop,
+ struct otx2_sec_session_ipsec_lp *sess,
+ struct cpt_qp_meta_info *m_info, void **prep_req)
+{
+ struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct rte_mbuf *m_src = sym_op->m_src;
+ struct cpt_request_info *req = NULL;
+ int mdata_len, ret = 0;
+ vq_cmd_word0_t word0;
+ uint32_t dlen;
+ char *mdata;
+
+ dlen = rte_pktmbuf_pkt_len(m_src);
+ mdata_len = m_info->lb_mlen + 8;
+
+ mdata = rte_pktmbuf_append(m_src, mdata_len);
+ if (unlikely(mdata == NULL)) {
+ otx2_err("Not enough tail room\n");
+ ret = -ENOMEM;
+ goto exit;
+ }
+
+ req = alloc_request_struct(mdata, (void *)cop, mdata_len);
+
+ /* Prepare CPT instruction */
+ word0.u64 = sess->ucmd_w0;
+ word0.s.dlen = dlen;
+
+ req->ist.ei0 = word0.u64;
+ req->ist.ei1 = rte_pktmbuf_iova(m_src);
+ req->ist.ei2 = req->ist.ei1;
+ req->ist.ei3 = sess->ucmd_w3;
+
+exit:
+ *prep_req = req;
+ return ret;
+}
+#endif /* __OTX2_IPSEC_PO_OPS_H__ */
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
` (7 preceding siblings ...)
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 8/9] crypto/octeontx2: add cryptodev sec enqueue routine Tejasree Kondoj
@ 2020-07-15 9:27 ` Tejasree Kondoj
2020-07-15 17:10 ` Akhil Goyal
8 siblings, 1 reply; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-15 9:27 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, Tejasree Kondoj, dev
From: Vamsi Attunuru <vattunuru@marvell.com>
This patch adds lookaside IPsec dequeue routine.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/cryptodevs/octeontx2.rst | 19 ++++++++++
doc/guides/rel_notes/release_20_08.rst | 5 +++
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++
drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++
4 files changed, 91 insertions(+)
diff --git a/doc/guides/cryptodevs/octeontx2.rst b/doc/guides/cryptodevs/octeontx2.rst
index 085d669e49..5d111e46c3 100644
--- a/doc/guides/cryptodevs/octeontx2.rst
+++ b/doc/guides/cryptodevs/octeontx2.rst
@@ -158,3 +158,22 @@ application:
./test
RTE>>cryptodev_octeontx2_asym_autotest
+
+
+Lookaside IPsec Support
+-----------------------
+
+The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode,
+with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD`` implements
+this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
+
+Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads.
+
+
+Features supported
+~~~~~~~~~~~~~~~~~~
+
+* IPv4
+* ESP
+* Tunnel mode
+* AES-128/192/256-GCM
diff --git a/doc/guides/rel_notes/release_20_08.rst b/doc/guides/rel_notes/release_20_08.rst
index f19b748728..2d57adc283 100644
--- a/doc/guides/rel_notes/release_20_08.rst
+++ b/doc/guides/rel_notes/release_20_08.rst
@@ -225,6 +225,11 @@ New Features
See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
details of this parameter usage.
+* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
+
+ Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this feature,
+ applications will be able to offload lookaside IPsec to the hardware.
+
Removed Items
-------------
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 6a2753eb22..9d51b17ddd 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op *cop,
}
}
+static void
+otx2_cpt_sec_post_process(struct rte_crypto_op *cop, uintptr_t *rsp)
+{
+ struct cpt_request_info *req = (struct cpt_request_info *)rsp[2];
+ vq_cmd_word0_t *word0 = (vq_cmd_word0_t *)&req->ist.ei0;
+ struct rte_crypto_sym_op *sym_op = cop->sym;
+ struct rte_mbuf *m = sym_op->m_src;
+ struct rte_ipv4_hdr *ip;
+ uint16_t m_len;
+ int mdata_len;
+ char *data;
+
+ mdata_len = (int)rsp[3];
+ rte_pktmbuf_trim(m, mdata_len);
+
+ if ((word0->s.opcode & 0xff) == OTX2_IPSEC_PO_PROCESS_IPSEC_INB) {
+ data = rte_pktmbuf_mtod(m, char *);
+ ip = (struct rte_ipv4_hdr *)(data + OTX2_IPSEC_PO_INB_RPTR_HDR);
+
+ m_len = rte_be_to_cpu_16(ip->total_length);
+
+ m->data_len = m_len;
+ m->pkt_len = m_len;
+ m->data_off += OTX2_IPSEC_PO_INB_RPTR_HDR;
+ }
+}
+
static inline void
otx2_cpt_dequeue_post_process(struct otx2_cpt_qp *qp, struct rte_crypto_op *cop,
uintptr_t *rsp, uint8_t cc)
{
if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+ if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+ if (likely(cc == OTX2_IPSEC_PO_CC_SUCCESS)) {
+ otx2_cpt_sec_post_process(cop, rsp);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ } else
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+ return;
+ }
+
if (likely(cc == NO_ERR)) {
/* Verify authentication data if required */
if (unlikely(rsp[2]))
diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 5acda79749..bafc5c7653 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -22,10 +22,40 @@
#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23
#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24
+#define OTX2_IPSEC_PO_INB_RPTR_HDR 0x8
+
enum otx2_ipsec_po_comp_e {
OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
+ OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
+ OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
+ OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
+ OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
+ OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
+ OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
+ OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
+ OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
+ OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
+ OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
+ OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
+ OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
+ OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
+ OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
+ OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
+ OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
+ OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
+ OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
+ OTX2_IPSEC_PO_CC_PADDING = 0xC4,
+ OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
+ OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
+ OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
+ OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
+ OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
+ OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
+ OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
+ OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
+ OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
};
enum {
--
2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
@ 2020-07-15 16:57 ` Akhil Goyal
2020-07-16 5:04 ` Tejasree Kondoj
0 siblings, 1 reply; 14+ messages in thread
From: Akhil Goyal @ 2020-07-15 16:57 UTC (permalink / raw)
To: Tejasree Kondoj, Radu Nicolau
Cc: Narayana Prasad, Anoob Joseph, Vamsi Attunuru, dev
> RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
> RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
> RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
> - RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
> + RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
> + RTE_CRYPTODEV_FF_SECURITY;
>
Missed the corresponding change in doc/guides/cryptodevs/features/octeontx2.ini
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
@ 2020-07-15 17:10 ` Akhil Goyal
2020-07-16 5:05 ` Tejasree Kondoj
0 siblings, 1 reply; 14+ messages in thread
From: Akhil Goyal @ 2020-07-15 17:10 UTC (permalink / raw)
To: Tejasree Kondoj, Radu Nicolau
Cc: Vamsi Attunuru, Narayana Prasad, Anoob Joseph, dev
> From: Vamsi Attunuru <vattunuru@marvell.com>
>
> This patch adds lookaside IPsec dequeue routine.
>
> Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
The patch can be squashed into the previous one.
As enqueue will not work without dequeue operation.
> doc/guides/cryptodevs/octeontx2.rst | 19 ++++++++++
> doc/guides/rel_notes/release_20_08.rst | 5 +++
> drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37 +++++++++++++++++++
> drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++
> 4 files changed, 91 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/octeontx2.rst
> b/doc/guides/cryptodevs/octeontx2.rst
> index 085d669e49..5d111e46c3 100644
> --- a/doc/guides/cryptodevs/octeontx2.rst
> +++ b/doc/guides/cryptodevs/octeontx2.rst
> @@ -158,3 +158,22 @@ application:
>
> ./test
> RTE>>cryptodev_octeontx2_asym_autotest
> +
> +
> +Lookaside IPsec Support
> +-----------------------
> +
> +The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode,
> +with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD``
> implements
> +this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
> +
> +Refer to :doc:`../prog_guide/rte_security` for more details on protocol
> offloads.
> +
You can probably add here that the feature can be tested with ipsec-secgw
sample application
> +
> +Features supported
> +~~~~~~~~~~~~~~~~~~
> +
> +* IPv4
> +* ESP
> +* Tunnel mode
> +* AES-128/192/256-GCM
> diff --git a/doc/guides/rel_notes/release_20_08.rst
> b/doc/guides/rel_notes/release_20_08.rst
> index f19b748728..2d57adc283 100644
> --- a/doc/guides/rel_notes/release_20_08.rst
> +++ b/doc/guides/rel_notes/release_20_08.rst
> @@ -225,6 +225,11 @@ New Features
> See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
> details of this parameter usage.
>
> +* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
> +
> + Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this feature,
> + applications will be able to offload lookaside IPsec to the hardware.
> +
Move this bullet as per the order described in this doc(below the new features section).
And it would be better to re-phrase the statement as
* **Updated the OCTEON TX2 crypto PMD to support rte_security.**
Updated the OCTEON TX2 crypto PMD to support ``rte_security`` lookaside
protocol offload for IPsec.
>
> Removed Items
> -------------
> diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> index 6a2753eb22..9d51b17ddd 100644
> --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> @@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct rte_crypto_op
> *cop,
> }
> }
>
<snip>
> +
> enum otx2_ipsec_po_comp_e {
> OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
> OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
> OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
> + OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
> + OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
> + OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
> + OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
> + OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
> + OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
> + OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
> + OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
> + OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
> + OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
> + OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
> + OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
> + OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
> + OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
> + OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
> + OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
> + OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
> + OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
> + OTX2_IPSEC_PO_CC_PADDING = 0xC4,
> + OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
> + OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
> + OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
> + OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
> + OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
> + OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
> + OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
> + OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
> + OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
> };
Are these error codes? Are they added in the debug prints somewhere?
>
> enum {
> --
> 2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration
2020-07-15 16:57 ` Akhil Goyal
@ 2020-07-16 5:04 ` Tejasree Kondoj
0 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-16 5:04 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Narayana Prasad Raju Athreya, Anoob Joseph, Vamsi Krishna Attunuru, dev
Hi Akhil,
Please see inline.
Thanks
Tejasree
> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Wednesday, July 15, 2020 10:28 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec
> registration
>
> External Email
>
> ----------------------------------------------------------------------
> > RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
> > RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
> > RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
> > - RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
> > + RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
> > + RTE_CRYPTODEV_FF_SECURITY;
> >
> Missed the corresponding change in
> doc/guides/cryptodevs/features/octeontx2.ini
[Tejasree] Will add it.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine
2020-07-15 17:10 ` Akhil Goyal
@ 2020-07-16 5:05 ` Tejasree Kondoj
0 siblings, 0 replies; 14+ messages in thread
From: Tejasree Kondoj @ 2020-07-16 5:05 UTC (permalink / raw)
To: Akhil Goyal, Radu Nicolau
Cc: Vamsi Krishna Attunuru, Narayana Prasad Raju Athreya, Anoob Joseph, dev
Hi Akhil,
Please see inline.
Thanks
Tejasree
> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Wednesday, July 15, 2020 10:40 PM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Vamsi Krishna Attunuru <vattunuru@marvell.com>; Narayana Prasad
> Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; dev@dpdk.org
> Subject: [EXT] RE: [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec
> dequeue routine
>
> External Email
>
> ----------------------------------------------------------------------
> > From: Vamsi Attunuru <vattunuru@marvell.com>
> >
> > This patch adds lookaside IPsec dequeue routine.
> >
> > Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
> > Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> > ---
>
> The patch can be squashed into the previous one.
> As enqueue will not work without dequeue operation.
[Tejasree] Will squash it with previous patch.
>
> > doc/guides/cryptodevs/octeontx2.rst | 19 ++++++++++
> > doc/guides/rel_notes/release_20_08.rst | 5 +++
> > drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 37
> +++++++++++++++++++
> > drivers/crypto/octeontx2/otx2_ipsec_po.h | 30 +++++++++++++++
> > 4 files changed, 91 insertions(+)
> >
> > diff --git a/doc/guides/cryptodevs/octeontx2.rst
> > b/doc/guides/cryptodevs/octeontx2.rst
> > index 085d669e49..5d111e46c3 100644
> > --- a/doc/guides/cryptodevs/octeontx2.rst
> > +++ b/doc/guides/cryptodevs/octeontx2.rst
> > @@ -158,3 +158,22 @@ application:
> >
> > ./test
> > RTE>>cryptodev_octeontx2_asym_autotest
> > +
> > +
> > +Lookaside IPsec Support
> > +-----------------------
> > +
> > +The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol
> > +mode, with its **cryptographic accelerator (CPT)**. ``OCTEON TX2
> > +crypto PMD``
> > implements
> > +this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL``
> offload.
> > +
> > +Refer to :doc:`../prog_guide/rte_security` for more details on
> > +protocol
> > offloads.
> > +
> You can probably add here that the feature can be tested with ipsec-secgw
> sample application
[Tejasree] Sure
>
> > +
> > +Features supported
> > +~~~~~~~~~~~~~~~~~~
> > +
> > +* IPv4
> > +* ESP
> > +* Tunnel mode
> > +* AES-128/192/256-GCM
> > diff --git a/doc/guides/rel_notes/release_20_08.rst
> > b/doc/guides/rel_notes/release_20_08.rst
> > index f19b748728..2d57adc283 100644
> > --- a/doc/guides/rel_notes/release_20_08.rst
> > +++ b/doc/guides/rel_notes/release_20_08.rst
> > @@ -225,6 +225,11 @@ New Features
> > See the :doc:`../sample_app_ug/l2_forward_real_virtual` for more
> > details of this parameter usage.
> >
> > +* **Added lookaside IPsec support to OCTEON TX2 crypto PMD.**
> > +
> > + Added lookaside IPsec support to OCTEON TX2 crypto PMD. With this
> > + feature, applications will be able to offload lookaside IPsec to the
> hardware.
> > +
>
> Move this bullet as per the order described in this doc(below the new
> features section).
> And it would be better to re-phrase the statement as
> * **Updated the OCTEON TX2 crypto PMD to support rte_security.**
>
> Updated the OCTEON TX2 crypto PMD to support ``rte_security`` lookaside
> protocol offload for IPsec.
[Tejasree] Will move it and rephrase the statement.
>
> >
> > Removed Items
> > -------------
> > diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > index 6a2753eb22..9d51b17ddd 100644
> > --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
> > @@ -835,11 +835,48 @@ otx2_cpt_asym_post_process(struct
> rte_crypto_op
> > *cop,
> > }
> > }
> >
>
> <snip>
>
> > +
> > enum otx2_ipsec_po_comp_e {
> > OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
> > OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
> > OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,
> > + OTX2_IPSEC_PO_CC_IP_VERSION = 0xB2,
> > + OTX2_IPSEC_PO_CC_PROTOCOL = 0xB3,
> > + OTX2_IPSEC_PO_CC_CTX_INVALID = 0xB4,
> > + OTX2_IPSEC_PO_CC_CTX_DIR_MISMATCH = 0xB5,
> > + OTX2_IPSEC_PO_CC_IP_PAYLOAD_TYPE = 0xB6,
> > + OTX2_IPSEC_PO_CC_CTX_FLAG_MISMATCH = 0xB7,
> > + OTX2_IPSEC_PO_CC_GRE_HDR_MISMATCH = 0xB8,
> > + OTX2_IPSEC_PO_CC_GRE_PROTOCOL = 0xB9,
> > + OTX2_IPSEC_PO_CC_CUSTOM_HDR_LEN = 0xBA,
> > + OTX2_IPSEC_PO_CC_ENC_TYPE_CTR_GCM = 0xBB,
> > + OTX2_IPSEC_PO_CC_IPCOMP_CONF = 0xBC,
> > + OTX2_IPSEC_PO_CC_FREG_SIZE_CONF = 0xBD,
> > + OTX2_IPSEC_PO_CC_SPI_MISMATCH = 0xBE,
> > + OTX2_IPSEC_PO_CC_CHECKSUM = 0xBF,
> > + OTX2_IPSEC_PO_CC_IPCOMP_PKT_DETECTED = 0xC0,
> > + OTX2_IPSEC_PO_CC_TFC_PADDING_WITH_PREFRAG = 0xC1,
> > + OTX2_IPSEC_PO_CC_DSIV_INCORRECT_PARAM = 0xC2,
> > + OTX2_IPSEC_PO_CC_AUTH_MISMATCH = 0xC3,
> > + OTX2_IPSEC_PO_CC_PADDING = 0xC4,
> > + OTX2_IPSEC_PO_CC_DUMMY_PADDING = 0xC5,
> > + OTX2_IPSEC_PO_CC_IPV6_EXT_HDRS_TOO_BIG = 0xC6,
> > + OTX2_IPSEC_PO_CC_IPV6_HOP_BY_HOP = 0xC7,
> > + OTX2_IPSEC_PO_CC_IPV6_RH_LENGTH = 0xC8,
> > + OTX2_IPSEC_PO_CC_IPV6_OUTB_RH_COPY_ADDR = 0xC9,
> > + OTX2_IPSEC_PO_CC_IPV6_DEC_RH_SEGS_LEFT = 0xCA,
> > + OTX2_IPSEC_PO_CC_IPV6_HDR_INVALID = 0xCB,
> > + OTX2_IPSEC_PO_CC_IPV6_SELECTOR_MATCH = 0xCC,
> > + OTX2_IPSEC_PO_CC_IPV6_UDP_PAYLOAD_CSUM_MISMATCH = 0xCE,
> > };
>
> Are these error codes? Are they added in the debug prints somewhere?
[Tejasree] Yes, these are error codes but they are not used right now. Will remove them.
> >
> > enum {
> > --
> > 2.27.0
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-07-16 5:06 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-15 9:26 [dpdk-dev] [PATCH v2 0/9] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 1/9] crypto/octeontx2: move capabilities initialization into probe Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 2/9] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 3/9] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 4/9] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
2020-07-15 16:57 ` Akhil Goyal
2020-07-16 5:04 ` Tejasree Kondoj
2020-07-15 9:26 ` [dpdk-dev] [PATCH v2 5/9] crypto/octeontx2: add cryptodev sec capabilities Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 6/9] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 7/9] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 8/9] crypto/octeontx2: add cryptodev sec enqueue routine Tejasree Kondoj
2020-07-15 9:27 ` [dpdk-dev] [PATCH v2 9/9] crypto/octeontx2: add cryptodev sec dequeue routine Tejasree Kondoj
2020-07-15 17:10 ` Akhil Goyal
2020-07-16 5:05 ` Tejasree Kondoj
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).