From: Chaoyong He <chaoyong.he@corigine.com>
To: dev@dpdk.org
Cc: oss-drivers@corigine.com,
Shihong Wang <shihong.wang@corigine.com>,
Chaoyong He <chaoyong.he@corigine.com>
Subject: [PATCH 05/10] net/nfp: get security capabilities and session size
Date: Mon, 25 Sep 2023 14:06:39 +0800 [thread overview]
Message-ID: <20230925060644.1458598-6-chaoyong.he@corigine.com> (raw)
In-Reply-To: <20230925060644.1458598-1-chaoyong.he@corigine.com>
From: Shihong Wang <shihong.wang@corigine.com>
Add full protocol offload as well as inline crypto IPsec
capabilities and return these for rte_security.
Return size of security session for rte_security.
Signed-off-by: Shihong Wang <shihong.wang@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
---
drivers/net/nfp/nfp_ipsec.c | 357 +++++++++++++++++++++++++++++++++++-
1 file changed, 356 insertions(+), 1 deletion(-)
diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c
index f16ce97703..51770def9d 100644
--- a/drivers/net/nfp/nfp_ipsec.c
+++ b/drivers/net/nfp/nfp_ipsec.c
@@ -5,6 +5,7 @@
#include "nfp_ipsec.h"
+#include <rte_cryptodev.h>
#include <rte_malloc.h>
#include <rte_security_driver.h>
@@ -16,7 +17,361 @@
#include "nfp_logs.h"
#include "nfp_rxtx.h"
-static const struct rte_security_ops nfp_security_ops;
+static const struct rte_cryptodev_capabilities nfp_crypto_caps[] = {
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 20,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 10,
+ .max = 12,
+ .increment = 2
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .block_size = 128,
+ .key_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 24,
+ .increment = 12
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ .auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+ .block_size = 128,
+ .key_size = {
+ .min = 64,
+ .max = 64,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 32,
+ .increment = 4
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 24,
+ .max = 24,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 16,
+ .increment = 8
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ .cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 16,
+ .increment = 8
+ },
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 1024,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 16,
+ .increment = 4
+ }
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ .aead = {
+ .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+ .block_size = 16,
+ .key_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 0,
+ .max = 1024,
+ .increment = 1
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 16,
+ .increment = 4
+ }
+ },
+ },
+ },
+ {
+ .op = RTE_CRYPTO_OP_TYPE_UNDEFINED,
+ .sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED
+ },
+ }
+};
+
+static const struct rte_security_capability nfp_security_caps[] = {
+ { /* IPsec Inline Crypto Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps
+ },
+ { /* IPsec Inline Crypto Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Crypto Transport Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps
+ },
+ { /* IPsec Inline Crypto Transport Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Protocol Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps
+ },
+ { /* IPsec Inline Protocol Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Inline Protocol Transport Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps
+ },
+ { /* IPsec Inline Protocol Transport Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .options = {
+ .udp_encap = 1,
+ .stats = 1,
+ .esn = 1
+ }
+ },
+ .crypto_capabilities = nfp_crypto_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+};
+
+static const struct rte_security_capability *
+nfp_crypto_capabilities_get(void *device __rte_unused)
+{
+ return nfp_security_caps;
+}
+
+static uint32_t
+nfp_security_session_get_size(void *device __rte_unused)
+{
+ return sizeof(struct nfp_ipsec_session);
+}
+
+static const struct rte_security_ops nfp_security_ops = {
+ .session_get_size = nfp_security_session_get_size,
+ .capabilities_get = nfp_crypto_capabilities_get,
+};
static int
nfp_ipsec_ctx_create(struct rte_eth_dev *dev,
--
2.39.1
next prev parent reply other threads:[~2023-09-25 6:08 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-25 6:06 [PATCH 00/10] add the support of ipsec offload Chaoyong He
2023-09-25 6:06 ` [PATCH 01/10] mailmap: update contributor entry Chaoyong He
2023-09-27 14:19 ` Ferruh Yigit
2023-09-28 1:50 ` Chaoyong He
2023-09-25 6:06 ` [PATCH 02/10] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-27 14:19 ` Ferruh Yigit
2023-09-28 2:02 ` Chaoyong He
2023-09-28 9:30 ` Ferruh Yigit
2023-09-25 6:06 ` [PATCH 03/10] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-25 6:06 ` [PATCH 04/10] net/nfp: initialize IPsec related content Chaoyong He
2023-09-25 6:06 ` Chaoyong He [this message]
2023-09-25 6:06 ` [PATCH 06/10] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-25 6:06 ` [PATCH 07/10] net/nfp: create security session Chaoyong He
2023-09-25 6:06 ` [PATCH 08/10] net/nfp: update " Chaoyong He
2023-09-25 6:06 ` [PATCH 09/10] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-25 6:06 ` [PATCH 10/10] net/nfp: destroy security session Chaoyong He
2023-09-26 2:49 ` [PATCH v2 00/10] add the support of ipsec offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 01/10] mailmap: update contributor entry Chaoyong He
2023-09-26 2:49 ` [PATCH v2 02/10] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-26 2:49 ` [PATCH v2 03/10] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 04/10] net/nfp: initialize IPsec related content Chaoyong He
2023-09-26 2:49 ` [PATCH v2 05/10] net/nfp: get security capabilities and session size Chaoyong He
2023-09-26 2:49 ` [PATCH v2 06/10] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-26 2:49 ` [PATCH v2 07/10] net/nfp: create security session Chaoyong He
2023-09-26 2:49 ` [PATCH v2 08/10] net/nfp: update " Chaoyong He
2023-09-26 2:49 ` [PATCH v2 09/10] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-26 2:49 ` [PATCH v2 10/10] net/nfp: destroy security session Chaoyong He
2023-09-27 14:20 ` [PATCH v2 00/10] add the support of ipsec offload Ferruh Yigit
2023-09-28 2:05 ` Chaoyong He
2023-09-28 9:33 ` Ferruh Yigit
2023-09-29 2:08 ` [PATCH v3 0/9] " Chaoyong He
2023-09-29 2:08 ` [PATCH v3 1/9] net/nfp: add TLVs capability parsing Chaoyong He
2023-09-29 2:08 ` [PATCH v3 2/9] net/nfp: add mailbox to support IPsec offload Chaoyong He
2023-09-29 2:08 ` [PATCH v3 3/9] net/nfp: initialize IPsec related content Chaoyong He
2023-09-29 10:00 ` Ferruh Yigit
2023-09-29 2:08 ` [PATCH v3 4/9] net/nfp: get security capabilities and session size Chaoyong He
2023-09-29 2:08 ` [PATCH v3 5/9] net/nfp: get IPsec Rx/Tx packet statistics Chaoyong He
2023-09-29 2:08 ` [PATCH v3 6/9] net/nfp: create security session Chaoyong He
2023-09-29 2:08 ` [PATCH v3 7/9] net/nfp: update " Chaoyong He
2023-09-29 2:08 ` [PATCH v3 8/9] net/nfp: support IPsec Rx and Tx offload Chaoyong He
2023-09-29 2:08 ` [PATCH v3 9/9] net/nfp: destroy security session Chaoyong He
2023-09-29 10:05 ` [PATCH v3 0/9] add the support of ipsec offload Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230925060644.1458598-6-chaoyong.he@corigine.com \
--to=chaoyong.he@corigine.com \
--cc=dev@dpdk.org \
--cc=oss-drivers@corigine.com \
--cc=shihong.wang@corigine.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).