[4/8] crypto/octeontx2: add cryptodev sec capabilities
Checks
Commit Message
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
.../octeontx2/otx2_cryptodev_capabilities.c | 108 ++++++++++++++++++
.../octeontx2/otx2_cryptodev_capabilities.h | 3 +
drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 4 +-
3 files changed, 114 insertions(+), 1 deletion(-)
Comments
> +static const struct rte_cryptodev_capabilities *
> +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps)
> +{
> + SEC_CAPS_ADD(hw_caps, aes);
> +
> + sec_caps_add(caps_end, RTE_DIM(caps_end));
> +
> + return otx2_cpt_sec_caps;
> +}
SEC_CAPS_ADD should be called earlier when the security context is created
Or where all other capabilities of the PMD are initialized.
It should not be added when capabilities need to be retrieved.
As of now you are supporting only AES-GCM, but in future if you add more algos,
Then it would be difficult to manage.
Hi Akhil,
Please see inline.
Thanks
Tejasree
> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: Thursday, July 2, 2020 2:37 AM
> To: Tejasree Kondoj <ktejasree@marvell.com>; Radu Nicolau
> <radu.nicolau@intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>; Vamsi Krishna Attunuru <vattunuru@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] RE: [PATCH 4/8] crypto/octeontx2: add cryptodev sec
> capabilities
>
> External Email
>
> ----------------------------------------------------------------------
> > +static const struct rte_cryptodev_capabilities *
> > +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps) {
> > + SEC_CAPS_ADD(hw_caps, aes);
> > +
> > + sec_caps_add(caps_end, RTE_DIM(caps_end));
> > +
> > + return otx2_cpt_sec_caps;
> > +}
> SEC_CAPS_ADD should be called earlier when the security context is created
> Or where all other capabilities of the PMD are initialized.
> It should not be added when capabilities need to be retrieved.
> As of now you are supporting only AES-GCM, but in future if you add more
> algos, Then it would be difficult to manage.
[Tejasree] We will initialize capabilities during probe and capabilities_get() would return pointer. Would that work?
> > > +static const struct rte_cryptodev_capabilities *
> > > +otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps) {
> > > + SEC_CAPS_ADD(hw_caps, aes);
> > > +
> > > + sec_caps_add(caps_end, RTE_DIM(caps_end));
> > > +
> > > + return otx2_cpt_sec_caps;
> > > +}
> > SEC_CAPS_ADD should be called earlier when the security context is created
> > Or where all other capabilities of the PMD are initialized.
> > It should not be added when capabilities need to be retrieved.
> > As of now you are supporting only AES-GCM, but in future if you add more
> > algos, Then it would be difficult to manage.
> [Tejasree] We will initialize capabilities during probe and capabilities_get()
> would return pointer. Would that work?
Yes, I think so.
@@ -3,7 +3,9 @@
*/
#include <rte_cryptodev.h>
+#include <rte_security.h>
+#include "otx2_cryptodev.h"
#include "otx2_cryptodev_capabilities.h"
#include "otx2_mbox.h"
@@ -26,9 +28,18 @@
cpt_caps_add(caps_##name, RTE_DIM(caps_##name)); \
} while (0)
+#define SEC_CAPS_ADD(hw_caps, name) do { \
+ enum otx2_cpt_egrp egrp; \
+ CPT_EGRP_GET(hw_caps, name, &egrp); \
+ if (egrp < OTX2_CPT_EGRP_MAX) \
+ sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\
+} while (0)
+
#define OTX2_CPT_MAX_CAPS 34
+#define OTX2_SEC_MAX_CAPS 4
static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS];
+static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS];
static const struct rte_cryptodev_capabilities caps_mul[] = {
{ /* RSA */
@@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+ { /* AES GCM */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_AES_GCM,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 8,
+ .max = 12,
+ .increment = 4
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+};
+
+static const struct rte_security_capability
+otx2_crypto_sec_capabilities[] = {
+ { /* IPsec Lookaside Protocol ESP Tunnel Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_cpt_sec_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ { /* IPsec Lookaside Protocol ESP Tunnel Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 }
+ },
+ .crypto_capabilities = otx2_cpt_sec_caps,
+ .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+ },
+ {
+ .action = RTE_SECURITY_ACTION_TYPE_NONE
+ }
+};
+
static void
cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
{
@@ -754,3 +829,36 @@ otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps)
return otx2_cpt_caps;
}
+
+static void
+sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+ static int cur_pos;
+
+ if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS)
+ return;
+
+ memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0]));
+ cur_pos += nb_caps;
+}
+
+static const struct rte_cryptodev_capabilities *
+otx2_cpt_sec_caps_get(union cpt_eng_caps *hw_caps)
+{
+ SEC_CAPS_ADD(hw_caps, aes);
+
+ sec_caps_add(caps_end, RTE_DIM(caps_end));
+
+ return otx2_cpt_sec_caps;
+}
+
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device)
+{
+ struct rte_cryptodev *dev = (struct rte_cryptodev *)device;
+ struct otx2_cpt_vf *vf = dev->data->dev_private;
+
+ otx2_cpt_sec_caps_get(vf->hw_caps);
+
+ return otx2_crypto_sec_capabilities;
+}
@@ -23,4 +23,7 @@ enum otx2_cpt_egrp {
const struct rte_cryptodev_capabilities *
otx2_cpt_capabilities_get(union cpt_eng_caps *hw_caps);
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device);
+
#endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
@@ -7,6 +7,8 @@
#include <rte_security.h>
#include <rte_security_driver.h>
+#include "otx2_cryptodev.h"
+#include "otx2_cryptodev_capabilities.h"
#include "otx2_cryptodev_sec.h"
static struct rte_security_ops otx2_crypto_sec_ops = {
@@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = {
.session_get_size = NULL,
.set_pkt_metadata = NULL,
.get_userdata = NULL,
- .capabilities_get = NULL
+ .capabilities_get = otx2_crypto_sec_capabilities_get
};
int