Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/94849/?format=api
{ "id": 94849, "url": "https://patches.dpdk.org/api/patches/94849/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/1624601708-29991-5-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1624601708-29991-5-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1624601708-29991-5-git-send-email-anoobj@marvell.com", "date": "2021-06-25T06:15:08", "name": "[v2,4/4] crypto/cnxk: add security capabilities", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "a62f1cf0c8c2a26ad95126e4e900fb73041c9f8d", "submitter": { "id": 1205, "url": "https://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/1624601708-29991-5-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 17484, "url": "https://patches.dpdk.org/api/series/17484/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=17484", "date": "2021-06-25T06:15:04", "name": "Add rte_security in crypto_cn10k PMD", "version": 2, "mbox": "https://patches.dpdk.org/series/17484/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/94849/comments/", "check": "warning", "checks": "https://patches.dpdk.org/api/patches/94849/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 36AB0A0C40;\n\tFri, 25 Jun 2021 08:16:08 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id E3895410E5;\n\tFri, 25 Jun 2021 08:16:04 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 6989440E03\n for <dev@dpdk.org>; Fri, 25 Jun 2021 08:16:02 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id\n 15P65xar002101; Thu, 24 Jun 2021 23:16:01 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0a-0016f401.pphosted.com with ESMTP id 39d24dhmu4-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 24 Jun 2021 23:16:01 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 24 Jun 2021 23:16:00 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 24 Jun 2021 23:16:00 -0700", "from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218])\n by maili.marvell.com (Postfix) with ESMTP id 9DAA03F7041;\n Thu, 24 Jun 2021 23:15:56 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=N6rM+RXq27KWzAv7wHjpNy8HqnfoJrb2/9jNiU0U2nk=;\n b=RKgO/sPmkbXeEo7SYILa1Cb4mqcgimlqwv3oiQF/j0TOR6h6O1R9jcZvjG8qsngOc/cD\n M5yjRcPThVVpcWAUdxF3K9jl6R9LYFM7YhAqj4CMZId00ww1sVuzZIfh+mHHFwEzTry2\n 2QkhTemQlDngz3aaS4BoXGQQnxK/DA3yWPqcbs6FwrwKwsyUeUFaIHmMiEJW90iCNCzU\n FF4MAhqGRIopLpZsbgSWip1vJhIyi5fGb1P++0AkaYaKO+k+Unb9zO5h3yRywk/kXX9h\n QlfURlp2anX/hwaOOM33gBxxJezm1mEcjmInl/QYdLTGaC34EjAgyGOa1lqq6paB8PyQ 4A==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>, Thomas Monjalon <thomas@monjalon.net>", "CC": "Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>,\n \"Ankur Dwivedi\" <adwivedi@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, <dev@dpdk.org>,\n Srujana Challa <schalla@marvell.com>", "Date": "Fri, 25 Jun 2021 11:45:08 +0530", "Message-ID": "<1624601708-29991-5-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1624601708-29991-1-git-send-email-anoobj@marvell.com>", "References": "<1622653862-22830-2-git-send-email-anoobj@marvell.com>\n <1624601708-29991-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "LqKvZdl6utvSs-UMUfeKTqaQ3JX2LaJE", "X-Proofpoint-ORIG-GUID": "LqKvZdl6utvSs-UMUfeKTqaQ3JX2LaJE", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790\n definitions=2021-06-25_02:2021-06-24,\n 2021-06-25 signatures=0", "Subject": "[dpdk-dev] [PATCH v2 4/4] crypto/cnxk: add security capabilities", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "Add security capabilities supported by crypto cn10k PMD.\n\n\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Srujana Challa <schalla@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n doc/guides/cryptodevs/cnxk.rst | 24 +++++\n doc/guides/cryptodevs/features/cn10k.ini | 1 +\n drivers/crypto/cnxk/cn10k_cryptodev.c | 1 +\n drivers/crypto/cnxk/cnxk_cryptodev.h | 4 +\n drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 114 ++++++++++++++++++++++\n drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h | 9 +-\n drivers/crypto/cnxk/cnxk_cryptodev_sec.c | 3 +-\n 7 files changed, 154 insertions(+), 2 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst\nindex 66b0b63..db949fa 100644\n--- a/doc/guides/cryptodevs/cnxk.rst\n+++ b/doc/guides/cryptodevs/cnxk.rst\n@@ -185,6 +185,30 @@ running the test application:\n ./dpdk-test\n RTE>>cryptodev_cn10k_autotest\n \n+Lookaside IPsec Support\n+-----------------------\n+\n+The OCTEON cnxk SoCs can accelerate IPsec traffic in lookaside protocol mode,\n+with its **cryptographic accelerator (CPT)**. ``OCTEON cnxk crypto PMD`` implements\n+this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.\n+\n+Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads.\n+\n+This feature can be tested with ipsec-secgw sample application.\n+\n+Supported OCTEON cnxk SoCs\n+~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n+- CN10XX\n+\n+Features supported\n+~~~~~~~~~~~~~~~~~~\n+\n+* IPv4\n+* ESP\n+* Tunnel mode\n+* AES-128/192/256-GCM\n+\n Limitations\n -----------\n \ndiff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini\nindex 77c4a2d..b268f84 100644\n--- a/doc/guides/cryptodevs/features/cn10k.ini\n+++ b/doc/guides/cryptodevs/features/cn10k.ini\n@@ -7,6 +7,7 @@\n Symmetric crypto = Y\n Sym operation chaining = Y\n HW Accelerated = Y\n+Protocol offload = Y\n In Place SGL = Y\n OOP SGL In LB Out = Y\n OOP SGL In SGL Out = Y\ndiff --git a/drivers/crypto/cnxk/cn10k_cryptodev.c b/drivers/crypto/cnxk/cn10k_cryptodev.c\nindex cacf9c2..22ae810 100644\n--- a/drivers/crypto/cnxk/cn10k_cryptodev.c\n+++ b/drivers/crypto/cnxk/cn10k_cryptodev.c\n@@ -99,6 +99,7 @@ cn10k_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,\n \t\t\t RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |\n \t\t\t RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |\n \t\t\t RTE_CRYPTODEV_FF_SYM_SESSIONLESS |\n+\t\t\t RTE_CRYPTODEV_FF_SECURITY |\n \t\t\t RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;\n \n \tcn10k_cpt_set_enqdeq_fns(dev);\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h\nindex 03af4af..6760c13 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev.h\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h\n@@ -6,6 +6,7 @@\n #define _CNXK_CRYPTODEV_H_\n \n #include <rte_cryptodev.h>\n+#include <rte_security.h>\n \n #include \"roc_cpt.h\"\n \n@@ -19,6 +20,9 @@\n struct cnxk_cpt_vf {\n \tstruct roc_cpt cpt;\n \tstruct rte_cryptodev_capabilities crypto_caps[CNXK_CPT_MAX_CAPS];\n+\tstruct rte_cryptodev_capabilities\n+\t\tsec_crypto_caps[CNXK_SEC_CRYPTO_MAX_CAPS];\n+\tstruct rte_security_capability sec_caps[CNXK_SEC_MAX_CAPS];\n };\n \n int cnxk_cpt_eng_grp_add(struct roc_cpt *roc_cpt);\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex a5195e8..d52fa89 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -3,6 +3,7 @@\n */\n \n #include <rte_cryptodev.h>\n+#include <rte_security.h>\n \n #include \"roc_api.h\"\n \n@@ -18,6 +19,15 @@\n \t\t\t\t RTE_DIM(caps_##name)); \\\n \t} while (0)\n \n+#define SEC_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name) \\\n+\tdo { \\\n+\t\tif ((hw_caps[CPT_ENG_TYPE_SE].name) || \\\n+\t\t (hw_caps[CPT_ENG_TYPE_IE].name) || \\\n+\t\t (hw_caps[CPT_ENG_TYPE_AE].name)) \\\n+\t\t\tsec_caps_add(cnxk_caps, cur_pos, sec_caps_##name, \\\n+\t\t\t\t RTE_DIM(sec_caps_##name)); \\\n+\t} while (0)\n+\n static const struct rte_cryptodev_capabilities caps_sha1_sha2[] = {\n \t{\t/* SHA1 */\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n@@ -658,6 +668,69 @@ static const struct rte_cryptodev_capabilities caps_end[] = {\n \tRTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()\n };\n \n+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {\n+\t{\t/* AES GCM */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t{.aead = {\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_GCM,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.aad_size = {\n+\t\t\t\t\t.min = 8,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 4\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n+};\n+\n+static const struct rte_security_capability sec_caps_templ[] = {\n+\t{\t/* IPsec Lookaside Protocol ESP Tunnel Ingress */\n+\t\t.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,\n+\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t.ipsec = {\n+\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,\n+\t\t\t.options = { 0 }\n+\t\t},\n+\t\t.crypto_capabilities = NULL,\n+\t\t.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA\n+\t},\n+\t{\t/* IPsec Lookaside Protocol ESP Tunnel Egress */\n+\t\t.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,\n+\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t.ipsec = {\n+\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t\t.options = { 0 }\n+\t\t},\n+\t\t.crypto_capabilities = NULL,\n+\t\t.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA\n+\t},\n+\t{\n+\t\t.action = RTE_SECURITY_ACTION_TYPE_NONE\n+\t}\n+};\n+\n static void\n cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,\n \t const struct rte_cryptodev_capabilities *caps, int nb_caps)\n@@ -692,8 +765,49 @@ cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf)\n \treturn vf->crypto_caps;\n }\n \n+static void\n+sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,\n+\t const struct rte_cryptodev_capabilities *caps, int nb_caps)\n+{\n+\tif (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS)\n+\t\treturn;\n+\n+\tmemcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));\n+\t*cur_pos += nb_caps;\n+}\n+\n+static void\n+sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],\n+\t\t\t union cpt_eng_caps *hw_caps)\n+{\n+\tint cur_pos = 0;\n+\n+\tSEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);\n+\n+\tsec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));\n+}\n+\n void\n cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)\n {\n+\tunsigned long i;\n+\n \tcrypto_caps_populate(vf->crypto_caps, vf->cpt.hw_caps);\n+\tsec_crypto_caps_populate(vf->sec_crypto_caps, vf->cpt.hw_caps);\n+\n+\tPLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));\n+\tmemcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ));\n+\n+\tfor (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++)\n+\t\tvf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps;\n+}\n+\n+const struct rte_security_capability *\n+cnxk_crypto_sec_capabilities_get(void *device)\n+{\n+\tstruct rte_cryptodev *dev = device;\n+\tstruct cnxk_cpt_vf *vf;\n+\n+\tvf = dev->data->dev_private;\n+\treturn vf->sec_caps;\n }\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h\nindex 85f5ad2..fe07e43 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.h\n@@ -10,7 +10,7 @@\n #include \"cnxk_cryptodev.h\"\n \n /*\n- * Initialize crypto capabilities for the device\n+ * Initialize crypto and IPsec capabilities for the device\n *\n */\n void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf);\n@@ -22,4 +22,11 @@ void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf);\n const struct rte_cryptodev_capabilities *\n cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf);\n \n+/*\n+ * Get security capabilities list for the device\n+ *\n+ */\n+const struct rte_security_capability *\n+cnxk_crypto_sec_capabilities_get(void *device);\n+\n #endif /* _CNXK_CRYPTODEV_CAPABILITIES_H_ */\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c\nindex f03d2ed..8d04d4b 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_sec.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_sec.c\n@@ -7,6 +7,7 @@\n #include <rte_security.h>\n #include <rte_security_driver.h>\n \n+#include \"cnxk_cryptodev_capabilities.h\"\n #include \"cnxk_cryptodev_sec.h\"\n \n /* Common security ops */\n@@ -16,7 +17,7 @@ struct rte_security_ops cnxk_sec_ops = {\n \t.session_get_size = NULL,\n \t.set_pkt_metadata = NULL,\n \t.get_userdata = NULL,\n-\t.capabilities_get = NULL,\n+\t.capabilities_get = cnxk_crypto_sec_capabilities_get\n };\n \n int\n", "prefixes": [ "v2", "4/4" ] }