DPDK patches and discussions
 help / color / mirror / Atom feed
From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>
Cc: Tejasree Kondoj <ktejasree@marvell.com>,
	Narayana Prasad <pathreya@marvell.com>,
	Anoob Joseph <anoobj@marvell.com>,
	Vamsi Attunuru <vattunuru@marvell.com>, <dev@dpdk.org>
Subject: [dpdk-dev] [PATCH v3 5/8] crypto/octeontx2: add cryptodev sec capabilities
Date: Thu, 16 Jul 2020 14:09:28 +0530
Message-ID: <20200716083931.29092-6-ktejasree@marvell.com> (raw)
In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com>

This patch adds lookaside IPsec capabilities.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev.c     |   1 +
 .../octeontx2/otx2_cryptodev_capabilities.c   | 101 ++++++++++++++++++
 .../octeontx2/otx2_cryptodev_capabilities.h   |  13 +++
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |   4 +-
 4 files changed, 118 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index e9b7c1cc04..02d2fd83bd 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -103,6 +103,7 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
 	}
 
 	otx2_crypto_capabilities_init(vf->hw_caps);
+	otx2_crypto_sec_capabilities_init(vf->hw_caps);
 
 	/* Create security ctx */
 	ret = otx2_crypto_sec_ctx_create(dev);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
index f0ed1e2df9..80f3729995 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
@@ -3,7 +3,9 @@
  */
 
 #include <rte_cryptodev.h>
+#include <rte_security.h>
 
+#include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
 #include "otx2_mbox.h"
 
@@ -26,9 +28,18 @@
 		cpt_caps_add(caps_##name, RTE_DIM(caps_##name));	\
 } while (0)
 
+#define SEC_CAPS_ADD(hw_caps, name) do {				\
+	enum otx2_cpt_egrp egrp;					\
+	CPT_EGRP_GET(hw_caps, name, &egrp);				\
+	if (egrp < OTX2_CPT_EGRP_MAX)					\
+		sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\
+} while (0)
+
 #define OTX2_CPT_MAX_CAPS 34
+#define OTX2_SEC_MAX_CAPS 4
 
 static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS];
+static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS];
 
 static const struct rte_cryptodev_capabilities caps_mul[] = {
 	{	/* RSA */
@@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+	{	/* AES GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 8,
+					.max = 12,
+					.increment = 4
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_security_capability
+otx2_crypto_sec_capabilities[] = {
+	{	/* IPsec Lookaside Protocol ESP Tunnel Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{	/* IPsec Lookaside Protocol ESP Tunnel Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{
+		.action = RTE_SECURITY_ACTION_TYPE_NONE
+	}
+};
+
 static void
 cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
 {
@@ -757,3 +832,29 @@ otx2_cpt_capabilities_get(void)
 {
 	return otx2_cpt_caps;
 }
+
+static void
+sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+	static int cur_pos;
+
+	if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS)
+		return;
+
+	memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0]));
+	cur_pos += nb_caps;
+}
+
+void
+otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps)
+{
+	SEC_CAPS_ADD(hw_caps, aes);
+
+	sec_caps_add(caps_end, RTE_DIM(caps_end));
+}
+
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused)
+{
+	return otx2_crypto_sec_capabilities;
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
index a439cbefd3..c1e0001190 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
@@ -29,4 +29,17 @@ void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps);
 const struct rte_cryptodev_capabilities *
 otx2_cpt_capabilities_get(void);
 
+/*
+ * Initialize security capabilities for the device
+ *
+ */
+void otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps);
+
+/*
+ * Get security capabilities list for the device
+ *
+ */
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused);
+
 #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index d937e6f37a..906a87b9e5 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -7,6 +7,8 @@
 #include <rte_security.h>
 #include <rte_security_driver.h>
 
+#include "otx2_cryptodev.h"
+#include "otx2_cryptodev_capabilities.h"
 #include "otx2_cryptodev_sec.h"
 
 static struct rte_security_ops otx2_crypto_sec_ops = {
@@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = {
 	.session_get_size	= NULL,
 	.set_pkt_metadata	= NULL,
 	.get_userdata		= NULL,
-	.capabilities_get	= NULL
+	.capabilities_get	= otx2_crypto_sec_capabilities_get
 };
 
 int
-- 
2.27.0


  parent reply	other threads:[~2020-07-16  7:46 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-16  8:39 [dpdk-dev] [PATCH v3 0/8] add OCTEON TX2 lookaside IPsec support Tejasree Kondoj
2020-07-16  8:13 ` Anoob Joseph
2020-07-16 16:32   ` Akhil Goyal
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 1/8] crypto/octeontx2: move capabilities initialization into probe Tejasree Kondoj
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 2/8] net/octeontx2: move otx2_sec_session struct to otx2_security.h Tejasree Kondoj
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 3/8] crypto/octeontx2: add lookaside SA context definitions Tejasree Kondoj
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 4/8] crypto/octeontx2: add cryptodev sec registration Tejasree Kondoj
2020-07-16  8:39 ` Tejasree Kondoj [this message]
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 6/8] crypto/octeontx2: add cryptodev sec misc callbacks Tejasree Kondoj
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 7/8] crypto/octeontx2: add cryptodev sec session create Tejasree Kondoj
2020-07-16  8:39 ` [dpdk-dev] [PATCH v3 8/8] crypto/octeontx2: add cryptodev sec enqueue and dequeue routines Tejasree Kondoj
2020-07-20 12:02   ` Ferruh Yigit
2020-07-20 17:20     ` [dpdk-dev] [EXT] " Tejasree Kondoj
2020-07-20 18:13       ` Ferruh Yigit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200716083931.29092-6-ktejasree@marvell.com \
    --to=ktejasree@marvell.com \
    --cc=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=pathreya@marvell.com \
    --cc=radu.nicolau@intel.com \
    --cc=vattunuru@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git