crypto/cnxk: support lookaside IPsec AES-CTR

Adding AES-CTR support to cnxk CPT in
lookaside IPsec mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index c49a779d60cb4acc1f8675f130252bf8f7fbcf5d..1239155fb2506f697ad3dec93413f3e356c9d4f5 100644 (file)
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -261,6 +261,7 @@ Cipher algorithms
 +++++++++++++++++
 
 * AES-128/192/256-CBC
+* AES-128/192/256-CTR
 
 Auth algorithms
 +++++++++++++++
@@ -288,6 +289,7 @@ Cipher algorithms
 +++++++++++++++++
 
 * AES-128/192/256-CBC
+* AES-128/192/256-CTR
 
 Auth algorithms
 +++++++++++++++

diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 6a5227478f9be2dae3db54cbe467606fa5e7864c..bfb5377cf86722ef6c0bbbcae4bb90b0a6b04cfc 100644 (file)
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -60,6 +60,7 @@ New Features
   * Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
   * Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
+  * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
 
 * **Added an API to retrieve event port id of ethdev Rx adapter.**
 

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 1c86f82c8eb02db1ba54dff6151ec4dc0b4eabdd..0d4baa942ef90f55d85ebb6ca3d0cdda0639cb09 100644 (file)
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -123,6 +123,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
                case RTE_CRYPTO_CIPHER_AES_CBC:
                        w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
                        break;
+               case RTE_CRYPTO_CIPHER_AES_CTR:
+                       w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+                       break;
                default:
                        return -ENOTSUP;
                }
@@ -630,6 +633,9 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
                case RTE_CRYPTO_CIPHER_AES_CBC:
                        ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
                        break;
+               case RTE_CRYPTO_CIPHER_AES_CTR:
+                       ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+                       break;
                default:
                        return -ENOTSUP;
                }

diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index c27845c681228d40cf2c8880956894a8d45bbe7e..1e2269ccc89741426c1e3c7c4d3b741f11b88e51 100644 (file)
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -166,6 +166,9 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
        } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
                ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
                aes_key_len = cipher_xform->cipher.key.length;
+       } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
+               ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+               aes_key_len = cipher_xform->cipher.key.length;
        } else {
                return -ENOTSUP;
        }

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index f701c26c23dd0f81c324eb5647c5742c085e485e..4a1e377580fc302968d7ba62ff735aab7fa72be9 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -11,7 +11,7 @@
 #include "roc_cpt.h"
 
 #define CNXK_CPT_MAX_CAPS       34
-#define CNXK_SEC_CRYPTO_MAX_CAPS 8
+#define CNXK_SEC_CRYPTO_MAX_CAPS 9
 #define CNXK_SEC_MAX_CAPS       5
 #define CNXK_AE_EC_ID_MAX       8
 /**

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 0fdd91aef6bfcdd7568c767bca8c72629516e170..fae433e9aa57a8a28c1ad2b484cf312bde7fc6d3 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -754,6 +754,26 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
                        }, }
                }, }
        },
+       {       /* AES CTR */
+               .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+               {.sym = {
+                       .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+                       {.cipher = {
+                               .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+                               .block_size = 16,
+                               .key_size = {
+                                       .min = 16,
+                                       .max = 32,
+                                       .increment = 8
+                               },
+                               .iv_size = {
+                                       .min = 12,
+                                       .max = 16,
+                                       .increment = 4
+                               }
+                       }, }
+               }, }
+       },
        {       /* AES CBC */
                .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
                {.sym = {

diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index 426eaa8d6606283b92859be31ef84153d6e5619e..f5a51b526d5a1726ad15bae3902036a3a7259c2b 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -20,7 +20,8 @@ struct cnxk_cpt_inst_tmpl {
 static inline int
 ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
 {
-       if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+       if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC ||
+           crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
                switch (crypto_xform->cipher.key.length) {
                case 16:
                case 24: