crypto/cnxk: support cn10k transport mode

Adding support for cn10k lookaside IPsec transport mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index a40295c..1eb7228 100644 (file)
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -230,6 +230,8 @@ Features supported
 * IPv4
 * ESP
 * Tunnel mode
+* Transport mode
+* UDP Encapsulation
 * AES-128/192/256-GCM
 * AES-128/192/256-CBC-SHA1-HMAC
 

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index bcc3e22..262dc15 100644 (file)
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -65,6 +65,8 @@ New Features
 * **Updated Marvell cnxk crypto PMD.**
 
   * Added AES-CBC SHA1-HMAC support in lookaside protocol (IPsec) for CN10K.
+  * Added Transport mode support in lookaside protocol (IPsec) for CN10K.
+  * Added UDP encapsulation support in lookaside protocol (IPsec) for CN10K.
 
 
 Removed Items

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index b3856f7..8e051fa 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -12,7 +12,7 @@
 
 #define CNXK_CPT_MAX_CAPS       34
 #define CNXK_SEC_CRYPTO_MAX_CAPS 4
-#define CNXK_SEC_MAX_CAPS       3
+#define CNXK_SEC_MAX_CAPS       5
 #define CNXK_AE_EC_ID_MAX       8
 /**
  * Device private data

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 9430ca5..c4f7824 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -822,6 +822,28 @@ static const struct rte_security_capability sec_caps_templ[] = {
                },
                .crypto_capabilities = NULL,
        },
+       {       /* IPsec Lookaside Protocol ESP Transport Ingress */
+               .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+               .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+               .ipsec = {
+                       .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+                       .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+                       .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+                       .options = { 0 },
+               },
+               .crypto_capabilities = NULL,
+       },
+       {       /* IPsec Lookaside Protocol ESP Transport Egress */
+               .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+               .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+               .ipsec = {
+                       .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+                       .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+                       .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+                       .options = { 0 },
+               },
+               .crypto_capabilities = NULL,
+       },
        {
                .action = RTE_SECURITY_ACTION_TYPE_NONE
        }
@@ -885,6 +907,12 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
        sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
 }
 
+static void
+cnxk_sec_caps_update(struct rte_security_capability *sec_cap)
+{
+       sec_cap->ipsec.options.udp_encap = 1;
+}
+
 void
 cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 {
@@ -896,8 +924,11 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
        PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));
        memcpy(vf->sec_caps, sec_caps_templ, sizeof(sec_caps_templ));
 
-       for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++)
+       for (i = 0; i < RTE_DIM(sec_caps_templ) - 1; i++) {
                vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps;
+
+               cnxk_sec_caps_update(&vf->sec_caps[i]);
+       }
 }
 
 const struct rte_security_capability *

diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index d1eb74e..ff39617 100644 (file)
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -98,7 +98,8 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform,
            (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
                return -EINVAL;
 
-       if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
+       if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) &&
+           (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
            (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
                return -EINVAL;