Merge branch 'mlx5-TLS-TX-HW-offload-support'

	---help---

	  MLX5 IPoIB offloads & acceleration support.

config MLX5_FPGA_IPSEC

	bool "Mellanox Technologies IPsec Innova support"

	depends on MLX5_CORE

	depends on MLX5_FPGA

	default n

	help

	Build IPsec support for the Innova family of network cards by Mellanox

	Technologies. Innova network cards are comprised of a ConnectX chip

	and an FPGA chip on one board. If you select this option, the

	mlx5_core driver will include the Innova FPGA core and allow building

	sandbox-specific client drivers.

config MLX5_EN_IPSEC

	bool "IPSec XFRM cryptography-offload accelaration"

	depends on MLX5_ACCEL

	depends on MLX5_CORE_EN

	depends on XFRM_OFFLOAD

	depends on INET_ESP_OFFLOAD || INET6_ESP_OFFLOAD

	depends on MLX5_FPGA_IPSEC

	default n

	---help---

	help

	  Build support for IPsec cryptography-offload accelaration in the NIC.

	  Note: Support for hardware with this capability needs to be selected

	  for this option to become available.

config MLX5_EN_TLS

	bool "TLS cryptography-offload accelaration"

config MLX5_FPGA_TLS

	bool "Mellanox Technologies TLS Innova support"

	depends on TLS_DEVICE

	depends on TLS=y || MLX5_CORE=m

	depends on MLX5_FPGA

	default n

	help

	Build TLS support for the Innova family of network cards by Mellanox

	Technologies. Innova network cards are comprised of a ConnectX chip

	and an FPGA chip on one board. If you select this option, the

	mlx5_core driver will include the Innova FPGA core and allow building

	sandbox-specific client drivers.

config MLX5_TLS

	bool "Mellanox Technologies TLS Connect-X support"

	depends on MLX5_CORE_EN

	depends on TLS_DEVICE

	depends on TLS=y || MLX5_CORE=m

	depends on MLX5_ACCEL

	select MLX5_ACCEL

	default n

	---help---

	help

	Build TLS support for the Connect-X family of network cards by Mellanox

	Technologies.

config MLX5_EN_TLS

	bool "TLS cryptography-offload accelaration"

	depends on MLX5_CORE_EN

	depends on MLX5_FPGA_TLS || MLX5_TLS

	default y

	help

	Build support for TLS cryptography-offload accelaration in the NIC.

	Note: Support for hardware with this capability needs to be selected

	for this option to become available.

#

# Accelerations & FPGA

#

mlx5_core-$(CONFIG_MLX5_ACCEL) += accel/ipsec.o accel/tls.o

mlx5_core-$(CONFIG_MLX5_FPGA_IPSEC) += fpga/ipsec.o

mlx5_core-$(CONFIG_MLX5_FPGA_TLS)   += fpga/tls.o

mlx5_core-$(CONFIG_MLX5_ACCEL)      += lib/crypto.o accel/tls.o accel/ipsec.o

mlx5_core-$(CONFIG_MLX5_FPGA) += fpga/cmd.o fpga/core.o fpga/conn.o fpga/sdk.o \

				 fpga/ipsec.o fpga/tls.o

mlx5_core-$(CONFIG_MLX5_FPGA) += fpga/cmd.o fpga/core.o fpga/conn.o fpga/sdk.o

mlx5_core-$(CONFIG_MLX5_EN_IPSEC) += en_accel/ipsec.o en_accel/ipsec_rxtx.o \

				     en_accel/ipsec_stats.o

mlx5_core-$(CONFIG_MLX5_EN_TLS) += en_accel/tls.o en_accel/tls_rxtx.o en_accel/tls_stats.o

mlx5_core-$(CONFIG_MLX5_EN_TLS) += en_accel/tls.o en_accel/tls_rxtx.o en_accel/tls_stats.o \

				   en_accel/ktls.o en_accel/ktls_tx.o

 *

 */

#ifdef CONFIG_MLX5_FPGA_IPSEC

#include <linux/mlx5/device.h>

#include "accel/ipsec.h"

	return mlx5_fpga_ipsec_init(mdev);

}

void mlx5_accel_ipsec_build_fs_cmds(void)

{

	mlx5_fpga_ipsec_build_fs_cmds();

}

void mlx5_accel_ipsec_cleanup(struct mlx5_core_dev *mdev)

{

	mlx5_fpga_ipsec_cleanup(mdev);

	return mlx5_fpga_esp_modify_xfrm(xfrm, attrs);

}

EXPORT_SYMBOL_GPL(mlx5_accel_esp_modify_xfrm);

#endif

#include <linux/mlx5/driver.h>

#include <linux/mlx5/accel.h>

#ifdef CONFIG_MLX5_ACCEL

#ifdef CONFIG_MLX5_FPGA_IPSEC

#define MLX5_IPSEC_DEV(mdev) (mlx5_accel_ipsec_device_caps(mdev) & \

			      MLX5_ACCEL_IPSEC_CAP_DEVICE)

void mlx5_accel_esp_free_hw_context(void *context);

int mlx5_accel_ipsec_init(struct mlx5_core_dev *mdev);

void mlx5_accel_ipsec_build_fs_cmds(void);

void mlx5_accel_ipsec_cleanup(struct mlx5_core_dev *mdev);

#else

	return 0;

}

static inline void mlx5_accel_ipsec_build_fs_cmds(void)

{

}

static inline void mlx5_accel_ipsec_cleanup(struct mlx5_core_dev *mdev)

{

}

#include "accel/tls.h"

#include "mlx5_core.h"

#include "lib/mlx5.h"

#ifdef CONFIG_MLX5_FPGA_TLS

#include "fpga/tls.h"

int mlx5_accel_tls_add_flow(struct mlx5_core_dev *mdev, void *flow,

bool mlx5_accel_is_tls_device(struct mlx5_core_dev *mdev)

{

	return mlx5_fpga_is_tls_device(mdev);

	return mlx5_fpga_is_tls_device(mdev) ||

		mlx5_accel_is_ktls_device(mdev);

}

u32 mlx5_accel_tls_device_caps(struct mlx5_core_dev *mdev)

{

	mlx5_fpga_tls_cleanup(mdev);

}

#endif

#ifdef CONFIG_MLX5_TLS

int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,

			 struct tls_crypto_info *crypto_info,

			 u32 *p_key_id)

{

	u32 sz_bytes;

	void *key;

	switch (crypto_info->cipher_type) {

	case TLS_CIPHER_AES_GCM_128: {

		struct tls12_crypto_info_aes_gcm_128 *info =

			(struct tls12_crypto_info_aes_gcm_128 *)crypto_info;

		key      = info->key;

		sz_bytes = sizeof(info->key);

		break;

	}

	case TLS_CIPHER_AES_GCM_256: {

		struct tls12_crypto_info_aes_gcm_256 *info =

			(struct tls12_crypto_info_aes_gcm_256 *)crypto_info;

		key      = info->key;

		sz_bytes = sizeof(info->key);

		break;

	}

	default:

		return -EINVAL;

	}

	return mlx5_create_encryption_key(mdev, key, sz_bytes, p_key_id);

}

void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id)

{

	mlx5_destroy_encryption_key(mdev, key_id);

}

#endif