[dpdk-dev] [RFC 4/7] cryptodev: add ipsec xform

Boris Pismenny borisp at mellanox.com
Mon Jul 10 09:35:14 CEST 2017


This patch add a xform that is used with the crypto flow
steering action to offload ipsec crypto inline.

Signed-off-by: Boris Pismenny <borisp at mellanox.com>
Signed-off-by: Aviad Yehezkel <aviadye at mellanox.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 42 ++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 3a40844..139443e 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -346,11 +346,49 @@ struct rte_crypto_auth_xform {
 	 */
 };
 
+/**
+ * IPsec transformation data
+ *
+ * This structure contains data relating to an IPsec crypto
+ * transforms. The fields op, algo and key are common to all
+ * IPsec encryptions and MUST be set. The salt is useful for AEAD ciphers
+ * which must provide an out-of-band nonce for each SA.
+ */
+struct rte_crypto_ipsec_xform {
+	enum rte_crypto_cipher_operation op;
+	/**< IPsec operation type */
+	enum rte_crypto_cipher_algorithm algo;
+	/**<  Encryption algorithm selection */
+
+	struct {
+		uint8_t *data;	/**< pointer to key data */
+		size_t length;	/**< key length in bytes */
+	} key;
+	/**< Cipher key
+	 *
+	 * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
+	 * 192 bits (24 bytes) or 256 bits (32 bytes).
+	 *
+	 * For the CCM mode of operation, the only supported key length is 128
+	 * bits (16 bytes).
+	 *
+	 **/
+
+	uint32_t salt; /* salt for this security association */
+	/** <Implicit IV
+	 *
+	 * Implicit IV is set once per SA as defined by RFC 4106 (ESP AES-GCM)
+	 *
+	 **/
+
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform */
+	RTE_CRYPTO_SYM_XFORM_IPSEC,		/**< IPsec xform */
 };
 
 /**
@@ -373,6 +411,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_ipsec_xform ipsec;
+		/**< IPsec xform */
 	};
 };
 
-- 
1.8.3.1



More information about the dev mailing list