From 538bf10043542d0510aeabe460e0a29618885a84 Mon Sep 17 00:00:00 2001
From: Tejasree Kondoj <ktejasree@marvell.com>
Date: Fri, 17 Dec 2021 14:50:04 +0530
Subject: [PATCH] crypto/cnxk: support lookaside IPsec AES-CTR

Adding AES-CTR support to cnxk CPT in
lookaside IPsec mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/cryptodevs/cnxk.rst                |  2 ++
 doc/guides/rel_notes/release_22_03.rst        |  1 +
 drivers/common/cnxk/cnxk_security.c           |  6 ++++++
 drivers/crypto/cnxk/cn9k_ipsec.c              |  3 +++
 drivers/crypto/cnxk/cnxk_cryptodev.h          |  2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 20 +++++++++++++++++++
 drivers/crypto/cnxk/cnxk_ipsec.h              |  3 ++-
 7 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index c49a779d60..1239155fb2 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -261,6 +261,7 @@ Cipher algorithms
 +++++++++++++++++
 
 * AES-128/192/256-CBC
+* AES-128/192/256-CTR
 
 Auth algorithms
 +++++++++++++++
@@ -288,6 +289,7 @@ Cipher algorithms
 +++++++++++++++++
 
 * AES-128/192/256-CBC
+* AES-128/192/256-CTR
 
 Auth algorithms
 +++++++++++++++
diff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst
index 6a5227478f..bfb5377cf8 100644
--- a/doc/guides/rel_notes/release_22_03.rst
+++ b/doc/guides/rel_notes/release_22_03.rst
@@ -60,6 +60,7 @@ New Features
   * Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
   * Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
   * Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
+  * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
 
 * **Added an API to retrieve event port id of ethdev Rx adapter.**
 
diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 1c86f82c8e..0d4baa942e 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -123,6 +123,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
 			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+			break;
 		default:
 			return -ENOTSUP;
 		}
@@ -630,6 +633,9 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
 		case RTE_CRYPTO_CIPHER_AES_CBC:
 			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
 			break;
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+			break;
 		default:
 			return -ENOTSUP;
 		}
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index c27845c681..1e2269ccc8 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -166,6 +166,9 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 	} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
 		ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
 		aes_key_len = cipher_xform->cipher.key.length;
+	} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
+		ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+		aes_key_len = cipher_xform->cipher.key.length;
 	} else {
 		return -ENOTSUP;
 	}
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index f701c26c23..4a1e377580 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -11,7 +11,7 @@
 #include "roc_cpt.h"
 
 #define CNXK_CPT_MAX_CAPS	 34
-#define CNXK_SEC_CRYPTO_MAX_CAPS 8
+#define CNXK_SEC_CRYPTO_MAX_CAPS 9
 #define CNXK_SEC_MAX_CAPS	 5
 #define CNXK_AE_EC_ID_MAX	 8
 /**
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 0fdd91aef6..fae433e9aa 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -754,6 +754,26 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CTR */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_AES_CTR,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.iv_size = {
+					.min = 12,
+					.max = 16,
+					.increment = 4
+				}
+			}, }
+		}, }
+	},
 	{	/* AES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index 426eaa8d66..f5a51b526d 100644
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -20,7 +20,8 @@ struct cnxk_cpt_inst_tmpl {
 static inline int
 ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
 {
-	if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+	if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC ||
+	    crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
 		switch (crypto_xform->cipher.key.length) {
 		case 16:
 		case 24:
-- 
2.20.1