X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fcnxk%2Fcnxk_cryptodev_capabilities.c;h=f79e4d701086a5b376eb07d36d6e719d7646b5c5;hb=2f20817c0004886e68ba687d8e257a5c779840d9;hp=ab37f9c43ba1b5effc485aae0b9dbb92e210635b;hpb=ba57cbd5feb3a2a7c01b3d324aee9ef190b6892c;p=dpdk.git

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index ab37f9c43b..f79e4d7010 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -2,7 +2,7 @@
  * Copyright(C) 2021 Marvell.
  */
 
-#include <rte_cryptodev.h>
+#include <cryptodev_pmd.h>
 #include <rte_security.h>
 
 #include "roc_api.h"
@@ -568,6 +568,26 @@ static const struct rte_cryptodev_capabilities caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 4,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
 };
 
 static const struct rte_cryptodev_capabilities caps_kasumi[] = {
@@ -754,6 +774,172 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CTR */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 16,
+					.increment = 4
+				}
+			}, }
+		}, }
+	},
+	{	/* AES CBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_AES_CBC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+	{	/* AES-XCBC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{ .sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0,
+				},
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {
+	{	/* SHA1 HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 20,
+					.max = 64,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 12,
+					.max = 12,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
+	{	/* SHA256 HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 1,
+					.max = 1024,
+					.increment = 1
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
+	{	/* SHA384 HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 48,
+					.max = 48,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 24,
+					.max = 24,
+					.increment = 0
+					},
+			}, }
+		}, }
+	},
+	{	/* SHA512 HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
+				.block_size = 128,
+				.key_size = {
+					.min = 64,
+					.max = 64,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
+};
+
+static const struct rte_cryptodev_capabilities sec_caps_null[] = {
+	{	/* NULL (CIPHER) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_NULL,
+				.block_size = 1,
+				.key_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				}
+			}, },
+		}, }
+	},
 };
 
 static const struct rte_security_capability sec_caps_templ[] = {
@@ -764,10 +950,9 @@ static const struct rte_security_capability sec_caps_templ[] = {
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
-			.options = { 0 }
+			.options = { 0 },
 		},
 		.crypto_capabilities = NULL,
-		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
 	},
 	{	/* IPsec Lookaside Protocol ESP Tunnel Egress */
 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
@@ -776,10 +961,31 @@ static const struct rte_security_capability sec_caps_templ[] = {
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
-			.options = { 0 }
+			.options = { 0 },
+		},
+		.crypto_capabilities = NULL,
+	},
+	{	/* IPsec Lookaside Protocol ESP Transport Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 },
+		},
+		.crypto_capabilities = NULL,
+	},
+	{	/* IPsec Lookaside Protocol ESP Transport Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 },
 		},
 		.crypto_capabilities = NULL,
-		.ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA
 	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
@@ -797,6 +1003,38 @@ cpt_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
 	*cur_pos += nb_caps;
 }
 
+static void
+cn10k_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
+{
+
+	struct rte_cryptodev_capabilities *caps;
+	int i = 0;
+
+	while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
+		    (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
+		    (caps->sym.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)) {
+
+			caps->sym.cipher.key_size.max = 32;
+			caps->sym.cipher.key_size.increment = 16;
+			caps->sym.cipher.iv_size.max = 25;
+			caps->sym.cipher.iv_size.increment = 1;
+		}
+
+		if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
+		    (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
+		    (caps->sym.auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3)) {
+
+			caps->sym.auth.key_size.max = 32;
+			caps->sym.auth.key_size.increment = 16;
+			caps->sym.auth.digest_size.max = 16;
+			caps->sym.auth.digest_size.increment = 4;
+			caps->sym.auth.iv_size.max = 25;
+			caps->sym.auth.iv_size.increment = 1;
+		}
+	}
+}
+
 static void
 crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
 		     union cpt_eng_caps *hw_caps)
@@ -813,6 +1051,9 @@ crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
 
 	cpt_caps_add(cnxk_caps, &cur_pos, caps_null, RTE_DIM(caps_null));
 	cpt_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
+
+	if (roc_model_is_cn10k())
+		cn10k_crypto_caps_update(cnxk_caps);
 }
 
 const struct rte_cryptodev_capabilities *
@@ -825,13 +1066,58 @@ static void
 sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
 	     const struct rte_cryptodev_capabilities *caps, int nb_caps)
 {
-	if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS)
+	if (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS) {
+		rte_panic("Could not add sec crypto caps");
 		return;
+	}
 
 	memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));
 	*cur_pos += nb_caps;
 }
 
+static void
+cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[],
+			     int *cur_pos)
+{
+	const struct rte_cryptodev_capabilities *cap;
+	unsigned int i;
+
+	if ((CNXK_SEC_CRYPTO_MAX_CAPS - *cur_pos) < 1) {
+		rte_panic("Could not add sec crypto caps");
+		return;
+	}
+
+	/* NULL auth */
+	for (i = 0; i < RTE_DIM(caps_null); i++) {
+		cap = &caps_null[i];
+		if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH &&
+		    cap->sym.auth.algo == RTE_CRYPTO_AUTH_NULL) {
+			cnxk_caps[*cur_pos] = caps_null[i];
+			*cur_pos += 1;
+		}
+	}
+}
+
+static void
+cn9k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[])
+{
+
+	struct rte_cryptodev_capabilities *caps;
+	int i = 0;
+
+	while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+		if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) &&
+		    (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
+		    (caps->sym.auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
+			caps->sym.auth.key_size.min = 32;
+			caps->sym.auth.key_size.max = 64;
+			caps->sym.auth.key_size.increment = 1;
+
+			break;
+		}
+	}
+}
+
 static void
 sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
 			 union cpt_eng_caps *hw_caps)
@@ -839,10 +1125,53 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
 	int cur_pos = 0;
 
 	SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);
+	SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2);
 
+	if (roc_model_is_cn10k())
+		cn10k_sec_crypto_caps_update(cnxk_caps, &cur_pos);
+	else
+		cn9k_sec_crypto_caps_update(cnxk_caps);
+
+	sec_caps_add(cnxk_caps, &cur_pos, sec_caps_null,
+		     RTE_DIM(sec_caps_null));
 	sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
 }
 
+static void
+cnxk_sec_caps_update(struct rte_security_capability *sec_cap)
+{
+	sec_cap->ipsec.options.udp_encap = 1;
+	sec_cap->ipsec.options.copy_df = 1;
+}
+
+static void
+cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
+{
+	if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+#ifdef LA_IPSEC_DEBUG
+		sec_cap->ipsec.options.iv_gen_disable = 1;
+#endif
+	} else {
+		sec_cap->ipsec.options.udp_ports_verify = 1;
+		if (sec_cap->ipsec.mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
+			sec_cap->ipsec.options.tunnel_hdr_verify =
+				RTE_SECURITY_IPSEC_TUNNEL_VERIFY_SRC_DST_ADDR;
+	}
+	sec_cap->ipsec.options.ip_csum_enable = 1;
+	sec_cap->ipsec.options.l4_csum_enable = 1;
+	sec_cap->ipsec.options.stats = 1;
+}
+
+static void
+cn9k_sec_caps_update(struct rte_security_capability *sec_cap)
+{
+	if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+#ifdef LA_IPSEC_DEBUG
+		sec_cap->ipsec.options.iv_gen_disable = 1;
+#endif
+	}
+}
+
 void
 cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 {
@@ -854,8 +1183,18 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 	PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));
 	memcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ));
 
-	for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++)
+	for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++) {
 		vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps;
+
+		cnxk_sec_caps_update(&vf->sec_caps[i]);
+
+		if (roc_model_is_cn10k())
+			cn10k_sec_caps_update(&vf->sec_caps[i]);
+
+		if (roc_model_is_cn9k())
+			cn9k_sec_caps_update(&vf->sec_caps[i]);
+
+	}
 }
 
 const struct rte_security_capability *