From patchwork Tue Aug 9 18:48:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nithin Dabilpuram X-Patchwork-Id: 114774 X-Patchwork-Delegate: jerinj@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5DDD1A04FD; Tue, 9 Aug 2022 20:50:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A8AA342BF5; Tue, 9 Aug 2022 20:50:37 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 8C1F642BD6 for ; Tue, 9 Aug 2022 20:50:35 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 279D67Gx016173 for ; Tue, 9 Aug 2022 11:50:34 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0220; bh=NWGXpH/0vvgIfwj6pcRQMeusEE4toKeGoczqqywWcXw=; b=Sb0GZa1dXv03jTi1sElts00+jV/jtaqUZQyqBva6zPp8dThkEg4bye+mgwNYlkR4A8Ja JKWmNUv2XhMxlH0LSOV602w6TPCIB0899YK+mGdP/inH/9ICrSh28mj8xipBJujnOfLR EPCeDJOPhZQAzWx1EtnO6FbH6AWp9XBf8SmshLq5Fkba7g2GJyO8C0mL7dfMv6O7+Etq 1lMe13ThdVgdTp/i8M06Gj6o9EMbZriXpBL6CJGfBpkeqm9LNeh3Grm7hIb+g8BdWpJn 8JOESAWioinQyA//QUC23y7pG08GfTE9TN6IhmwFNmDXkx9pwmf+ircTwj9LXkAqQc+r AQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3huds2ukvd-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 09 Aug 2022 11:50:34 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 9 Aug 2022 11:50:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 9 Aug 2022 11:50:32 -0700 Received: from hyd1588t430.marvell.com (unknown [10.29.52.204]) by maili.marvell.com (Postfix) with ESMTP id 11EEB5B69B1; Tue, 9 Aug 2022 11:50:22 -0700 (PDT) From: Nithin Dabilpuram To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao CC: , , Vidya Sagar Velumuri Subject: [PATCH 14/23] net/cnxk: add crypto capabilities for HMAC-SHA2 Date: Wed, 10 Aug 2022 00:18:58 +0530 Message-ID: <20220809184908.24030-14-ndabilpuram@marvell.com> X-Mailer: git-send-email 2.8.4 In-Reply-To: <20220809184908.24030-1-ndabilpuram@marvell.com> References: <20220809184908.24030-1-ndabilpuram@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: JglIsmtfDe07j1OZeTeZX8N8awzfs5nD X-Proofpoint-GUID: JglIsmtfDe07j1OZeTeZX8N8awzfs5nD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-09_05,2022-08-09_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add capabilities for HMAC_SHA2 and udp encap for 9k security offload in inline mode. Set explicit IV mode in IPsec context when IV is provided by the application Signed-off-by: Vidya Sagar Velumuri --- drivers/net/cnxk/cn9k_ethdev_sec.c | 79 ++++++++++++++++++++++++++++++++++---- 1 file changed, 71 insertions(+), 8 deletions(-) diff --git a/drivers/net/cnxk/cn9k_ethdev_sec.c b/drivers/net/cnxk/cn9k_ethdev_sec.c index 88b95fb..42ba04a 100644 --- a/drivers/net/cnxk/cn9k_ethdev_sec.c +++ b/drivers/net/cnxk/cn9k_ethdev_sec.c @@ -80,6 +80,66 @@ static struct rte_cryptodev_capabilities cn9k_eth_sec_crypto_caps[] = { }, } }, } }, + { /* SHA256 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 1024, + .increment = 1 + }, + .digest_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + }, } + }, } + }, + { /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 64, + .key_size = { + .min = 1, + .max = 1024, + .increment = 1 + }, + .digest_size = { + .min = 24, + .max = 48, + .increment = 24 + }, + }, } + }, } + }, + { /* SHA512 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, + .block_size = 128, + .key_size = { + .min = 1, + .max = 1024, + .increment = 1 + }, + .digest_size = { + .min = 32, + .max = 64, + .increment = 32 + }, + }, } + }, } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; @@ -91,7 +151,9 @@ static const struct rte_security_capability cn9k_eth_sec_capabilities[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, - .options = { 0 } + .options = { + .udp_encap = 1 + } }, .crypto_capabilities = cn9k_eth_sec_crypto_caps, .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA @@ -103,7 +165,10 @@ static const struct rte_security_capability cn9k_eth_sec_capabilities[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, - .options = { 0 } + .options = { + .udp_encap = 1, + .iv_gen_disable = 1 + } }, .crypto_capabilities = cn9k_eth_sec_crypto_caps, .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA @@ -338,13 +403,11 @@ cn9k_eth_sec_session_create(void *device, goto mempool_put; } - /* Always enable explicit IV. - * Copy the IV from application only when iv_gen_disable flag is - * set + /* When IV is provided by the application, + * copy the IV to context and enable explicit IV flag in context. */ - outb_sa->common_sa.ctl.explicit_iv_en = 1; - - if (conf->ipsec.options.iv_gen_disable == 1) { + if (ipsec->options.iv_gen_disable == 1) { + outb_sa->common_sa.ctl.explicit_iv_en = 1; iv_str = getenv("ETH_SEC_IV_OVR"); if (iv_str) outb_dbg_iv_update(&outb_sa->common_sa, iv_str);