From patchwork Sun Aug 14 18:46:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 114953
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 8BA73A00C2;
	Sun, 14 Aug 2022 20:46:35 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 2D16140146;
	Sun, 14 Aug 2022 20:46:34 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 2BD7E400EF
 for <dev@dpdk.org>; Sun, 14 Aug 2022 20:46:33 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 27EIjaga029813;
 Sun, 14 Aug 2022 11:46:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : mime-version : content-transfer-encoding :
 content-type; s=pfpt0220; bh=d8wHN+nCrFvjyWQKGfkkyg58njtuxwNedkVs0IjMI1w=;
 b=VVBf1djpAqphfWgApGGIfJXpU1X4eIuQ9rTaeXQ+Tesat/WfN1GPpQV8+EM098GEkAOP
 IXW7xu25ABQJv0xmNwZST0O6rO3hk8wDNC4WyiYEHPM/9W2a2/kggfz7xkQo0kW++Vta
 poMefMYU5htGDqzV68Rpz9wDGoddE2K+bENeVgicnfpkI0i74TOYLJsCjiDinHQnqB96
 Tj8Qe6ggF5iRS4ylEVWYrwvLfKcgwjtkzJfexBy0lqk5dTpwEV9WqxN5xqzSkrvAKHkF
 WeTC9mSpSwuOl8qimuDHDiOQEWth52dw3a9++n6UA6cNT8ixqssGAqVJ8T7+vYO+0dw2 Yw==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3hx9aq4da6-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Sun, 14 Aug 2022 11:46:31 -0700
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Sun, 14 Aug 2022 11:46:30 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend
 Transport; Sun, 14 Aug 2022 11:46:30 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 0C02B3F7052;
 Sun, 14 Aug 2022 11:46:25 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <david.marchand@redhat.com>,
 <hemant.agrawal@nxp.com>, <vattunuru@marvell.com>,
 <ferruh.yigit@xilinx.com>, <andrew.rybchenko@oktetlabs.ru>,
 <konstantin.v.ananyev@yandex.ru>, <jiawenwu@trustnetic.com>,
 <yisen.zhuang@huawei.com>, <irusskikh@marvell.com>,
 <qiming.yang@intel.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>,
 Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH 0/3] security: support MACsec
Date: Mon, 15 Aug 2022 00:16:17 +0530
Message-ID: <20220814184620.512343-1-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Proofpoint-GUID: AO7AkP9igQeSBrN6IpUTL2IoOEADN2-I
X-Proofpoint-ORIG-GUID: AO7AkP9igQeSBrN6IpUTL2IoOEADN2-I
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1
 definitions=2022-08-14_11,2022-08-11_01,2022-06-22_01
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added support for MACsec in rte_security for offloading
MACsec Protocol operation to inline NIC device or a crypto device.

To support MACsec we cannot just make one security session and
send with the packet to process it. MACsec specifications suggest,
it can have 3 different entities - SECY Entity, SC(secure channel) and
SA(security association). And same SA can be used by multiple SCs and
similarly many SECY can have same SCs. Hence, in order to support this
many to one relationships between all entities, 2 new APIs are created -
rte_security_macsec_sc_create and rte_security_sa_create.
Flow of execution of the APIs would be as
- rte_security_macsec_sa_create
- rte_security_macsec_sc_create
- rte_security_session_create(for secy)
And in case of inline protocol processing rte_flow can be created with
rte_security action similar to IPsec flows except that the flow item
will be MACsec instead of IPsec.

A new flow item is added for MACsec header and a set of events are added
to specify the errors occurred during inline protocol processing.

New APIs are also created for getting SC and SA stats.



Akhil Goyal (3):
  net: add MACsec header
  security: support MACsec
  ethdev: add MACsec flow item

 doc/api/doxy-api-index.md              |   3 +-
 doc/guides/prog_guide/rte_security.rst | 107 +++++++-
 lib/ethdev/rte_ethdev.h                |  55 ++++
 lib/ethdev/rte_flow.h                  |  18 ++
 lib/net/meson.build                    |   1 +
 lib/net/rte_macsec.h                   |  56 ++++
 lib/security/rte_security.c            |  86 ++++++
 lib/security/rte_security.h            | 362 ++++++++++++++++++++++++-
 lib/security/rte_security_driver.h     |  86 ++++++
 lib/security/version.map               |   6 +
 10 files changed, 766 insertions(+), 14 deletions(-)
 create mode 100644 lib/net/rte_macsec.h