crypto/octeontx2: add security capabilities

This patch adds lookaside IPsec capabilities for rte_security Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com> Acked-by: Anoob Joseph <anoobj@marvell.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-07-16 14:09:28 +05:30 · 2020-07-16 14:09:28 +05:30 · ae9000ada9
commit ae9000ada9
parent b9765e96c2
4 changed files with 118 additions and 1 deletions
--- a/drivers/crypto/octeontx2/otx2_cryptodev.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev.c
@ -103,6 +103,7 @@ otx2_cpt_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
 	}

 	otx2_crypto_capabilities_init(vf->hw_caps);
+	otx2_crypto_sec_capabilities_init(vf->hw_caps);

 	/* Create security ctx */
 	ret = otx2_crypto_sec_ctx_create(dev);
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.c
@ -3,7 +3,9 @@
 */

 #include <rte_cryptodev.h>
+#include <rte_security.h>

+#include "otx2_cryptodev.h"
 #include "otx2_cryptodev_capabilities.h"
 #include "otx2_mbox.h"

@ -26,9 +28,18 @@
 		cpt_caps_add(caps_##name, RTE_DIM(caps_##name));	\
 } while (0)

+#define SEC_CAPS_ADD(hw_caps, name) do {				\
+	enum otx2_cpt_egrp egrp;					\
+	CPT_EGRP_GET(hw_caps, name, &egrp);				\
+	if (egrp < OTX2_CPT_EGRP_MAX)					\
+		sec_caps_add(sec_caps_##name, RTE_DIM(sec_caps_##name));\
+} while (0)
+
 #define OTX2_CPT_MAX_CAPS 34
+#define OTX2_SEC_MAX_CAPS 4

 static struct rte_cryptodev_capabilities otx2_cpt_caps[OTX2_CPT_MAX_CAPS];
+static struct rte_cryptodev_capabilities otx2_cpt_sec_caps[OTX2_SEC_MAX_CAPS];

 static const struct rte_cryptodev_capabilities caps_mul[] = {
 	{	/* RSA */
@ -725,6 +736,70 @@ static const struct rte_cryptodev_capabilities caps_end[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };

+static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
+	{	/* AES GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 8,
+					.max = 12,
+					.increment = 4
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_security_capability
+otx2_crypto_sec_capabilities[] = {
+	{	/* IPsec Lookaside Protocol ESP Tunnel Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{	/* IPsec Lookaside Protocol ESP Tunnel Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 }
+		},
+		.crypto_capabilities = otx2_cpt_sec_caps,
+		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
+	},
+	{
+		.action = RTE_SECURITY_ACTION_TYPE_NONE
+	}
+};
+
 static void
 cpt_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
 {
@ -757,3 +832,29 @@ otx2_cpt_capabilities_get(void)
 {
 	return otx2_cpt_caps;
 }
+
+static void
+sec_caps_add(const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+	static int cur_pos;
+
+	if (cur_pos + nb_caps > OTX2_SEC_MAX_CAPS)
+		return;
+
+	memcpy(&otx2_cpt_sec_caps[cur_pos], caps, nb_caps * sizeof(caps[0]));
+	cur_pos += nb_caps;
+}
+
+void
+otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps)
+{
+	SEC_CAPS_ADD(hw_caps, aes);
+
+	sec_caps_add(caps_end, RTE_DIM(caps_end));
+}
+
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused)
+{
+	return otx2_crypto_sec_capabilities;
+}
--- a/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_capabilities.h
@ -29,4 +29,17 @@ void otx2_crypto_capabilities_init(union cpt_eng_caps *hw_caps);
 const struct rte_cryptodev_capabilities *
 otx2_cpt_capabilities_get(void);

+/*
+ * Initialize security capabilities for the device
+ *
+ */
+void otx2_crypto_sec_capabilities_init(union cpt_eng_caps *hw_caps);
+
+/*
+ * Get security capabilities list for the device
+ *
+ */
+const struct rte_security_capability *
+otx2_crypto_sec_capabilities_get(void *device __rte_unused);
+
 #endif /* _OTX2_CRYPTODEV_CAPABILITIES_H_ */
--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c
@ -7,6 +7,8 @@
 #include <rte_security.h>
 #include <rte_security_driver.h>

+#include "otx2_cryptodev.h"
+#include "otx2_cryptodev_capabilities.h"
 #include "otx2_cryptodev_sec.h"

 static struct rte_security_ops otx2_crypto_sec_ops = {
@ -15,7 +17,7 @@ static struct rte_security_ops otx2_crypto_sec_ops = {
 	.session_get_size	= NULL,
 	.set_pkt_metadata	= NULL,
 	.get_userdata		= NULL,
-	.capabilities_get	= NULL
+	.capabilities_get	= otx2_crypto_sec_capabilities_get
 };

 int