From: Tejasree Kondoj <ktejasree@marvell.com>
Adding AES-CTR support to cnxk CPT in
lookaside IPsec mode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/cryptodevs/cnxk.rst | 2 ++
doc/guides/rel_notes/release_22_03.rst | 1 +
drivers/common/cnxk/cnxk_security.c | 6 ++++++
drivers/crypto/cnxk/cn9k_ipsec.c | 3 +++
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 20 ++++++++++++++++++++
drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++-
7 files changed, 35 insertions(+), 2 deletions(-)
@@ -261,6 +261,7 @@ Cipher algorithms
+++++++++++++++++
* AES-128/192/256-CBC
+* AES-128/192/256-CTR
Auth algorithms
+++++++++++++++
@@ -288,6 +289,7 @@ Cipher algorithms
+++++++++++++++++
* AES-128/192/256-CBC
+* AES-128/192/256-CTR
Auth algorithms
+++++++++++++++
@@ -60,6 +60,7 @@ New Features
* Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
* Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
* Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.
+ * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.
Removed Items
@@ -123,6 +123,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
case RTE_CRYPTO_CIPHER_AES_CBC:
w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+ break;
default:
return -ENOTSUP;
}
@@ -630,6 +633,9 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
case RTE_CRYPTO_CIPHER_AES_CBC:
ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
break;
+ case RTE_CRYPTO_CIPHER_AES_CTR:
+ ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+ break;
default:
return -ENOTSUP;
}
@@ -166,6 +166,9 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
aes_key_len = cipher_xform->cipher.key.length;
+ } else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
+ ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;
+ aes_key_len = cipher_xform->cipher.key.length;
} else {
return -ENOTSUP;
}
@@ -11,7 +11,7 @@
#include "roc_cpt.h"
#define CNXK_CPT_MAX_CAPS 34
-#define CNXK_SEC_CRYPTO_MAX_CAPS 8
+#define CNXK_SEC_CRYPTO_MAX_CAPS 9
#define CNXK_SEC_MAX_CAPS 5
#define CNXK_AE_EC_ID_MAX 8
/**
@@ -754,6 +754,26 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
}, }
}, }
},
+ { /* AES CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_AES_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 32,
+ .increment = 8
+ },
+ .iv_size = {
+ .min = 12,
+ .max = 16,
+ .increment = 4
+ }
+ }, }
+ }, }
+ },
{ /* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -20,7 +20,8 @@ struct cnxk_cpt_inst_tmpl {
static inline int
ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
{
- if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
+ if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC ||
+ crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
switch (crypto_xform->cipher.key.length) {
case 16:
case 24: