diff mbox series

[v2,6/8] crypto/cnxk: support cn10k transport mode

Message ID 20210901101930.29333-7-ktejasree@marvell.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series add lookaside IPsec additional features | expand

Checks

Context Check Description
ci/checkpatch warning coding style issues

Commit Message

Tejasree Kondoj Sept. 1, 2021, 10:19 a.m. UTC
Adding support for cn10k lookaside IPsec transport mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 doc/guides/cryptodevs/cnxk.rst                |  1 +
 doc/guides/rel_notes/release_21_11.rst        |  1 +
 drivers/crypto/cnxk/cnxk_cryptodev.h          |  2 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++
 drivers/crypto/cnxk/cnxk_ipsec.h              |  3 ++-
 5 files changed, 27 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index a40295c087..0dd71135da 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -230,6 +230,7 @@  Features supported
 * IPv4
 * ESP
 * Tunnel mode
+* Transport mode
 * AES-128/192/256-GCM
 * AES-128/192/256-CBC-SHA1-HMAC
 
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 130d676a11..0a024dda8f 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -58,6 +58,7 @@  New Features
 * **Updated Marvell cn10k_crypto PMD.**
 
   * Added aes-cbc sha1-hmac in lookaside protocol (IPsec).
+  * Added transport mode in lookaside protocol (IPsec).
 
 
 Removed Items
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index b3856f7eaa..8e051fa0fa 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -12,7 +12,7 @@ 
 
 #define CNXK_CPT_MAX_CAPS	 34
 #define CNXK_SEC_CRYPTO_MAX_CAPS 4
-#define CNXK_SEC_MAX_CAPS	 3
+#define CNXK_SEC_MAX_CAPS	 5
 #define CNXK_AE_EC_ID_MAX	 8
 /**
  * Device private data
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 9430ca5d00..05bffa9759 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -822,6 +822,28 @@  static const struct rte_security_capability sec_caps_templ[] = {
 		},
 		.crypto_capabilities = NULL,
 	},
+	{	/* IPsec Lookaside Protocol ESP Transport Ingress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+			.options = { 0 },
+		},
+		.crypto_capabilities = NULL,
+	},
+	{	/* IPsec Lookaside Protocol ESP Transport Egress */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+		.ipsec = {
+			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+			.mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+			.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+			.options = { 0 },
+		},
+		.crypto_capabilities = NULL,
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index d1eb74ebbe..ff396179ca 100644
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -98,7 +98,8 @@  cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform,
 	    (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
 		return -EINVAL;
 
-	if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
+	if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) &&
+	    (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
 	    (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
 		return -EINVAL;