[dpdk-dev] [PATCH v2 06/15] crypto/octeontx2: add eth security capabilities

Sat, 18 Jan 2020 02:51:06 -0800 

From: Ankur Dwivedi <adwiv...@marvell.com>

Adding security capabilities supported by the eth PMD.

Signed-off-by: Ankur Dwivedi <adwiv...@marvell.com>
Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Archana Muniganti <march...@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
Signed-off-by: Vamsi Attunuru <vattun...@marvell.com>
---
 drivers/crypto/octeontx2/otx2_security.c | 84 ++++++++++++++++++++++++++++++++
 drivers/crypto/octeontx2/otx2_security.h | 18 +++++++
 2 files changed, 102 insertions(+)

diff --git a/drivers/crypto/octeontx2/otx2_security.c 
b/drivers/crypto/octeontx2/otx2_security.c
index cdb7950..b8c8f91 100644
--- a/drivers/crypto/octeontx2/otx2_security.c
+++ b/drivers/crypto/octeontx2/otx2_security.c
@@ -2,11 +2,13 @@
  * Copyright (C) 2020 Marvell International Ltd.
  */
 
+#include <rte_cryptodev.h>
 #include <rte_ethdev.h>
 #include <rte_eventdev.h>
 #include <rte_malloc.h>
 #include <rte_memzone.h>
 #include <rte_security.h>
+#include <rte_security_driver.h>
 
 #include "otx2_ethdev.h"
 #include "otx2_ipsec_fp.h"
@@ -27,12 +29,93 @@ struct sec_eth_tag_const {
        };
 };
 
+static struct rte_cryptodev_capabilities otx2_sec_eth_crypto_caps[] = {
+       {       /* AES GCM */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+                       {.aead = {
+                               .algo = RTE_CRYPTO_AEAD_AES_GCM,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 32,
+                                       .increment = 8
+                               },
+                               .digest_size = {
+                                       .min = 16,
+                                       .max = 16,
+                                       .increment = 0
+                               },
+                               .aad_size = {
+                                       .min = 8,
+                                       .max = 12,
+                                       .increment = 4
+                               },
+                               .iv_size = {
+                                       .min = 12,
+                                       .max = 12,
+                                       .increment = 0
+                               }
+                       }, }
+               }, }
+       },
+       RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+static const struct rte_security_capability otx2_sec_eth_capabilities[] = {
+       {       /* IPsec Inline Protocol ESP Tunnel Ingress */
+               .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+               .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+               .ipsec = {
+                       .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+                       .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+                       .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+                       .options = { 0 }
+               },
+               .crypto_capabilities = otx2_sec_eth_crypto_caps,
+               .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+       },
+       {       /* IPsec Inline Protocol ESP Tunnel Egress */
+               .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
+               .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+               .ipsec = {
+                       .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+                       .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+                       .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+                       .options = { 0 }
+               },
+               .crypto_capabilities = otx2_sec_eth_crypto_caps,
+               .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+       },
+       {
+               .action = RTE_SECURITY_ACTION_TYPE_NONE
+       }
+};
+
 static inline void
 in_sa_mz_name_get(char *name, int size, uint16_t port)
 {
        snprintf(name, size, "otx2_ipsec_in_sadb_%u", port);
 }
 
+static unsigned int
+otx2_sec_eth_session_get_size(void *device __rte_unused)
+{
+       return sizeof(struct otx2_sec_session);
+}
+
+static const struct rte_security_capability *
+otx2_sec_eth_capabilities_get(void *device __rte_unused)
+{
+       return otx2_sec_eth_capabilities;
+}
+
+static struct rte_security_ops otx2_sec_eth_ops = {
+       .session_get_size       = otx2_sec_eth_session_get_size,
+       .capabilities_get       = otx2_sec_eth_capabilities_get
+};
+
 int
 otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev)
 {
@@ -46,6 +129,7 @@ otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev)
        /* Populate ctx */
 
        ctx->device = eth_dev;
+       ctx->ops = &otx2_sec_eth_ops;
        ctx->sess_cnt = 0;
 
        eth_dev->security_ctx = ctx;
diff --git a/drivers/crypto/octeontx2/otx2_security.h 
b/drivers/crypto/octeontx2/otx2_security.h
index 023061d..a442f5c 100644
--- a/drivers/crypto/octeontx2/otx2_security.h
+++ b/drivers/crypto/octeontx2/otx2_security.h
@@ -7,6 +7,24 @@
 
 #include <rte_ethdev.h>
 
+#include "otx2_ipsec_fp.h"
+
+/*
+ * Security session for inline IPsec protocol offload. This is private data of
+ * inline capable PMD.
+ */
+struct otx2_sec_session_ipsec_ip {
+       int dummy;
+};
+
+struct otx2_sec_session_ipsec {
+       struct otx2_sec_session_ipsec_ip ip;
+};
+
+struct otx2_sec_session {
+       struct otx2_sec_session_ipsec ipsec;
+} __rte_cache_aligned;
+
 int otx2_sec_eth_ctx_create(struct rte_eth_dev *eth_dev);
 
 void otx2_sec_eth_ctx_destroy(struct rte_eth_dev *eth_dev);
-- 
2.7.4

Reply via email to