From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EAF8DA0C46; Tue, 31 Aug 2021 15:08:50 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CE9F84067E; Tue, 31 Aug 2021 15:08:50 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id DB2CC40141 for ; Tue, 31 Aug 2021 15:08:49 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 17VCMTUP016936 for ; Tue, 31 Aug 2021 06:08:48 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=cfcJ8XIoR3f2oMAOtjl1mvPrWHV+gOVKNiAJEl2qzPY=; b=LCQDW+dnOg/4e32kTyiUyK4RuXy6tG1g5X25OZe9GKplptyERSnJLzt7NSDYLxCcflot sYzXYXUvrFcGM3o21S7p5Lpxj44Ex52XNW6Ybu6dHYyzuVR+mwbxh7HvT+ymx4gX1WHB jTeECGg/bkR2jcvgvJ+M6+WITs4fG1nCTo9040pBzIeiOCl29xAXEYzV5b5/hIZaNR/N HuTGUurIYW18cxCSEWX7d+HvCWbqMA+aH6I6rxByzzX0FEDgRsH3ECY41gSRH66GF84m HlcDxx1V4P5wGxyUkj9Z/9DEthn9UMhqeZpGnXZBEnZcK5R11tMhp/271R506br6XxjV Gg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3asdgxhv4c-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 31 Aug 2021 06:08:48 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 31 Aug 2021 06:08:42 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 31 Aug 2021 06:08:42 -0700 Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11]) by maili.marvell.com (Postfix) with ESMTP id 298FB3F7083; Tue, 31 Aug 2021 06:08:38 -0700 (PDT) From: Tejasree Kondoj To: Akhil Goyal CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Archana Muniganti , Srujana Challa , "Nithin Dabilpuram" , Jerin Jacob , Date: Tue, 31 Aug 2021 19:31:25 +0530 Message-ID: <20210831140127.31775-7-ktejasree@marvell.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210831140127.31775-1-ktejasree@marvell.com> References: <20210831140127.31775-1-ktejasree@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: Ox6-8T2ZllIyLyDcUoD-WTF2zqfEI21p X-Proofpoint-GUID: Ox6-8T2ZllIyLyDcUoD-WTF2zqfEI21p X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-31_05,2021-08-31_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 6/8] crypto/cnxk: support cn10k transport mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adding support for cn10k lookaside IPsec transport mode. Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++- 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index a40295c087..0dd71135da 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -230,6 +230,7 @@ Features supported * IPv4 * ESP * Tunnel mode +* Transport mode * AES-128/192/256-GCM * AES-128/192/256-CBC-SHA1-HMAC diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 0d9ce123aa..4727698228 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -23,6 +23,7 @@ DPDK Release 21.11 * **Updated Marvell cn10k_crypto PMD.** * Added AES-CBC-SHA1-HMAC in lookaside protocol (IPsec). + * Added transport mode in lookaside protocol (IPsec). New Features diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index b3856f7eaa..8e051fa0fa 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -12,7 +12,7 @@ #define CNXK_CPT_MAX_CAPS 34 #define CNXK_SEC_CRYPTO_MAX_CAPS 4 -#define CNXK_SEC_MAX_CAPS 3 +#define CNXK_SEC_MAX_CAPS 5 #define CNXK_AE_EC_ID_MAX 8 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 9430ca5d00..05bffa9759 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -822,6 +822,28 @@ static const struct rte_security_capability sec_caps_templ[] = { }, .crypto_capabilities = NULL, }, + { /* IPsec Lookaside Protocol ESP Transport Ingress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, + { /* IPsec Lookaside Protocol ESP Transport Egress */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + .ipsec = { + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT, + .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, + .options = { 0 }, + }, + .crypto_capabilities = NULL, + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index d1eb74ebbe..ff396179ca 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -98,7 +98,8 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform, (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)) return -EINVAL; - if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && + if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) && + (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) && (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6)) return -EINVAL; -- 2.27.0