[v2,6/8] crypto/cnxk: support cn10k transport mode
Checks
Commit Message
Adding support for cn10k lookaside IPsec transport mode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/cryptodevs/cnxk.rst | 1 +
doc/guides/rel_notes/release_21_11.rst | 1 +
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++
drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++-
5 files changed, 27 insertions(+), 2 deletions(-)
@@ -230,6 +230,7 @@ Features supported
* IPv4
* ESP
* Tunnel mode
+* Transport mode
* AES-128/192/256-GCM
* AES-128/192/256-CBC-SHA1-HMAC
@@ -58,6 +58,7 @@ New Features
* **Updated Marvell cn10k_crypto PMD.**
* Added aes-cbc sha1-hmac in lookaside protocol (IPsec).
+ * Added transport mode in lookaside protocol (IPsec).
Removed Items
@@ -12,7 +12,7 @@
#define CNXK_CPT_MAX_CAPS 34
#define CNXK_SEC_CRYPTO_MAX_CAPS 4
-#define CNXK_SEC_MAX_CAPS 3
+#define CNXK_SEC_MAX_CAPS 5
#define CNXK_AE_EC_ID_MAX 8
/**
* Device private data
@@ -822,6 +822,28 @@ static const struct rte_security_capability sec_caps_templ[] = {
},
.crypto_capabilities = NULL,
},
+ { /* IPsec Lookaside Protocol ESP Transport Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 },
+ },
+ .crypto_capabilities = NULL,
+ },
+ { /* IPsec Lookaside Protocol ESP Transport Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 },
+ },
+ .crypto_capabilities = NULL,
+ },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
@@ -98,7 +98,8 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform,
(ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
return -EINVAL;
- if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
+ if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) &&
+ (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
(ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
return -EINVAL;