From patchwork Thu Jul 16 08:39:28 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tejasree Kondoj <ktejasree@marvell.com>
X-Patchwork-Id: 74185
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 1CAA8A0546;
	Thu, 16 Jul 2020 09:46:09 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 00FC81BEAA;
	Thu, 16 Jul 2020 09:45:59 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id A125A1BE98
 for <dev@dpdk.org>; Thu, 16 Jul 2020 09:45:56 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 06G7YkgA004597; Thu, 16 Jul 2020 00:45:56 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0818;
 bh=HJE5/N+XWV+djikGJYAi8QTaK0ZdJpQ0UyJtZMnrO24=;
 b=xyT+R2AD/G9xYrOzsHXXnmcHyqfHUAfJYD+BEMSLM11stQfeXjGTtU3+uGYNkGRZOaTx
 ejLaAZU7vk8oBuTkmel3oPa6ttVHwNGI8JshvyD3KHnEJDKlpu+IdxBbxQBAN5NQetdw
 CDH6pq7rw0Wh4kGtFobt004sf+6XgQNKzin2r/cfjm/uvlxDtrZXUoD1Z+YVQ04e0B9G
 7we1PY5Rmwy9x9v5iESWTXG1KRh6E90xWFWeSKaedFO1ojUTZGRZV+qTBJxyzQelmNvd
 NAtdTqbe3RQPN7D473psPIoAzl/mXthH5MCKIY/fssYwBqFztmUJxpBKzmuihYp8E72Y XQ==
Received: from sc-exch02.marvell.com ([199.233.58.182])
 by mx0b-0016f401.pphosted.com with ESMTP id 328mmhxm8v-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Thu, 16 Jul 2020 00:45:56 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by SC-EXCH02.marvell.com
 (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Thu, 16 Jul 2020 00:45:54 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Thu, 16 Jul 2020 00:45:53 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Thu, 16 Jul 2020 00:45:53 -0700
Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])
 by maili.marvell.com (Postfix) with ESMTP id 1B9B33F703F;
 Thu, 16 Jul 2020 00:45:50 -0700 (PDT)
From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>
CC: Tejasree Kondoj <ktejasree@marvell.com>, Narayana Prasad
 <pathreya@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Vamsi Attunuru
 <vattunuru@marvell.com>, <dev@dpdk.org>
Date: Thu, 16 Jul 2020 14:09:28 +0530
Message-ID: <20200716083931.29092-6-ktejasree@marvell.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200716083931.29092-1-ktejasree@marvell.com>
References: <20200716083931.29092-1-ktejasree@marvell.com>
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687
 definitions=2020-07-16_04:2020-07-16,
 2020-07-16 signatures=0
Subject: [dpdk-dev] [PATCH v3 5/8] crypto/octeontx2: add cryptodev sec
	capabilities
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch adds lookaside IPsec capabilities.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/octeontx2/otx2_cryptodev.c     |   1 +
 .../octeontx2/otx2_cryptodev_capabilities.c   | 101 ++++++++++++++++++
 .../octeontx2/otx2_cryptodev_capabilities.h   |  13 +++
 drivers/crypto/octeontx2/otx2_cryptodev_sec.c |   4 +-
 4 files changed, 118 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev.c b/drivers/crypto/octeontx2/otx2_cryptodev.c
index e9b7c1cc04..02d2fd83bd 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@@ -103,6 +103,7 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
 	}
 
 	otx2_crypto_capabilities_init(vf->hw_caps);
+	otx2_crypto_sec_capabilities_init(vf->hw_caps);
 
 	/* Create security ctx */
 	ret = otx2_crypto_sec_ctx_create(dev);
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
index f0ed1e2df9..80f3729995 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
@@ -3,7 +3,9 @@
  */
 
 #include <rte_cryptodev.h>
+#include <rte_security.h>
 
+#include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
 #include "otx2_mbox.h"
 
@@ -26,9 +28,18 @@
 		cpt_caps_add(caps_##name, RTE_DIM(caps_##name));	\
 } while (0)
 
+#define SEC_CAPS_ADD(hw_caps, name) do {				\
+	enum otx2_cpt_egrp egrp;					\
+	CPT_EGRP_GET(hw_caps, name, &egrp);				\
+	if (egrp < OTX2_CPT_EGRP_MAX)					\
+		sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\
+} while (0)
+
 #define OTX2_CPT_MAX_CAPS 34
+#define OTX2_SEC_MAX_CAPS 4
 
 static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS];
+static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS];
 
 static const struct rte_cryptodev_capabilities caps_mul[] = {
 	{	/* RSA */
@@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+	{	/* AES GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 8,
+					.max = 12,
+					.increment = 4
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_security_capability
+otx2_crypto_sec_capabilities[] = {
+	{	/* IPsec Lookaside Protocol ESP Tunnel Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{	/* IPsec Lookaside Protocol ESP Tunnel Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{
+		.action = RTE_SECURITY_ACTION_TYPE_NONE
+	}
+};
+
 static void
 cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
 {
@@ -757,3 +832,29 @@ otx2_cpt_capabilities_get(void)
 {
 	return otx2_cpt_caps;
 }
+
+static void
+sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+	static int cur_pos;
+
+	if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS)
+		return;
+
+	memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0]));
+	cur_pos += nb_caps;
+}
+
+void
+otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps)
+{
+	SEC_CAPS_ADD(hw_caps, aes);
+
+	sec_caps_add(caps_end, RTE_DIM(caps_end));
+}
+
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused)
+{
+	return otx2_crypto_sec_capabilities;
+}
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
index a439cbefd3..c1e0001190 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
@@ -29,4 +29,17 @@ void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps);
 const struct rte_cryptodev_capabilities *
 otx2_cpt_capabilities_get(void);
 
+/*
+ * Initialize security capabilities for the device
+ *
+ */
+void otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps);
+
+/*
+ * Get security capabilities list for the device
+ *
+ */
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused);
+
 #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
index d937e6f37a..906a87b9e5 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@@ -7,6 +7,8 @@
 #include <rte_security.h>
 #include <rte_security_driver.h>
 
+#include "otx2_cryptodev.h"
+#include "otx2_cryptodev_capabilities.h"
 #include "otx2_cryptodev_sec.h"
 
 static struct rte_security_ops otx2_crypto_sec_ops = {
@@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = {
 	.session_get_size	= NULL,
 	.set_pkt_metadata	= NULL,
 	.get_userdata		= NULL,
-	.capabilities_get	= NULL
+	.capabilities_get	= otx2_crypto_sec_capabilities_get
 };
 
 int