Adding support for cn10k lookaside IPsec transport mode.
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---
doc/guides/cryptodevs/cnxk.rst | 1 +
doc/guides/rel_notes/release_21_11.rst | 1 +
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++
drivers/crypto/cnxk/cnxk_ipsec.h | 3 ++-
5 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst
index a40295c087..0dd71135da 100644
--- a/doc/guides/cryptodevs/cnxk.rst
+++ b/doc/guides/cryptodevs/cnxk.rst
@@ -230,6 +230,7 @@ Features supported
* IPv4
* ESP
* Tunnel mode
+* Transport mode
* AES-128/192/256-GCM
* AES-128/192/256-CBC-SHA1-HMAC
diff --git a/doc/guides/rel_notes/release_21_11.rst
b/doc/guides/rel_notes/release_21_11.rst
index 130d676a11..0a024dda8f 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -58,6 +58,7 @@ New Features
* **Updated Marvell cn10k_crypto PMD.**
* Added aes-cbc sha1-hmac in lookaside protocol (IPsec).
+ * Added transport mode in lookaside protocol (IPsec).
Removed Items
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h
b/drivers/crypto/cnxk/cnxk_cryptodev.h
index b3856f7eaa..8e051fa0fa 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -12,7 +12,7 @@
#define CNXK_CPT_MAX_CAPS 34
#define CNXK_SEC_CRYPTO_MAX_CAPS 4
-#define CNXK_SEC_MAX_CAPS 3
+#define CNXK_SEC_MAX_CAPS 5
#define CNXK_AE_EC_ID_MAX 8
/**
* Device private data
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 9430ca5d00..05bffa9759 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -822,6 +822,28 @@ static const struct rte_security_capability
sec_caps_templ[] = {
},
.crypto_capabilities = NULL,
},
+ { /* IPsec Lookaside Protocol ESP Transport Ingress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
+ .options = { 0 },
+ },
+ .crypto_capabilities = NULL,
+ },
+ { /* IPsec Lookaside Protocol ESP Transport Egress */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_IPSEC,
+ .ipsec = {
+ .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
+ .mode = RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
+ .options = { 0 },
+ },
+ .crypto_capabilities = NULL,
+ },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h
index d1eb74ebbe..ff396179ca 100644
--- a/drivers/crypto/cnxk/cnxk_ipsec.h
+++ b/drivers/crypto/cnxk/cnxk_ipsec.h
@@ -98,7 +98,8 @@ cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform
*ipsec_xform,
(ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
return -EINVAL;
- if ((ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
+ if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) &&
+ (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
(ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
return -EINVAL;
--
2.27.0
