From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6080C45BC5; Thu, 24 Oct 2024 17:02:12 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E66D040265; Thu, 24 Oct 2024 17:02:11 +0200 (CEST) Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2055.outbound.protection.outlook.com [40.107.104.55]) by mails.dpdk.org (Postfix) with ESMTP id 5E4D34025F for ; Thu, 24 Oct 2024 17:02:10 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lOSyBpBu4I0P+qBjN2S8RA/PnoDrnRoH0wLakc92EMrVDc5/IXmM91gvi4yHzd6SispHvcOqIvgjz0kqG+WshS88LmxQU0fob2EuW9PueAElliZS/6PuFP21h4n9gL0FmyjXExB/gmPc6/dSZ+/sbJ2kbl9NdfGYKj9B6zuEe619CuycE/KinLuFLRoVT6U5kTlpMHNh8YyQkmeivpDEWVtrTvFmdXofBhYAVsi2kyH9qNNF/EFzFtInUAOIAFeX1d+o1qx2zE84htgq6pbkdPLi7gszgdfQZN+zXxIlWEDD0gDOJxgiyObkud7RrAOpWiBeqHaP+V87T7L7BCKC9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qP0drOlun6XfdGI2zSGUg28fqYXQ6lHlHNRkaaee2ck=; b=m/E+GtT0Lt7llal99xGN3hA/e/FAnCBCv1CsRKI6CjfkWew5ebFvntJl4vmaA7eqiYHPDQj/p8/3CoySzX6s91FBEzGuQeQiuJqYTtO+9cgHn3nxisjk1XaIH4PYqAPVbe/gKq1IfOLI/GtQslg7pSUkORELSYDfTSzV2Gbv3uUmm6QeHoC9rPJe7WZII9Vx9dx6eKaKdySOYRPu0yxAQyFNmC2HUMsyP2rBpdqoambhvwnxt72oaBFRzw24+BkcCrRMNNBgywrUffoQECuA+Nla1Y5C6xKSTKO+UdDbXymhDujar2C5WokxPhkrHO78NUslQabeF+mYhlZwRn8uKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qP0drOlun6XfdGI2zSGUg28fqYXQ6lHlHNRkaaee2ck=; b=QW4JAylrbqyP6PPredSekNcEDcU2CuDMu4MeZb8eKaXfNq9SWZ5siKP4ewecis/i4Q2BPcvIflF+iGf/2BlZXX5vXAyW6BzFKr9XfEAOlSFSDraN0wJgKYF5UX6pVRLEso4AzKbF6lxtdN/g/6uct5DbQfKYEc70/EO2aqA5EdMOedzdOAwjJncCjYlsJpwLOUZwzo0TVIGckjUssx/WRANZVY5PemmGzupIYnWvOF64UEvwb/8aKBLKpePEqp5I98UJSKGY9KtfO4nedijJyu+avIxJ7i9J5hSyF3UmSbMrVWNRnvNpSaUuiFecV8GxPoVn/iJPlFTn/EuTnEfLBw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from PAXPR04MB9328.eurprd04.prod.outlook.com (2603:10a6:102:2b6::15) by AM9PR04MB7715.eurprd04.prod.outlook.com (2603:10a6:20b:285::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.28; Thu, 24 Oct 2024 15:02:08 +0000 Received: from PAXPR04MB9328.eurprd04.prod.outlook.com ([fe80::367:d59:375:fb87]) by PAXPR04MB9328.eurprd04.prod.outlook.com ([fe80::367:d59:375:fb87%3]) with mapi id 15.20.8093.014; Thu, 24 Oct 2024 15:02:08 +0000 From: Hemant Agrawal To: gakhil@marvell.com Cc: dev@dpdk.org, Gagandeep Singh , Barry Cao Subject: [PATCH 1/4] crypto/dpaa_sec: enhance IPsec extended sequence number Date: Thu, 24 Oct 2024 20:31:48 +0530 Message-Id: <20241024150151.2290617-1-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.25.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SG3P274CA0012.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:be::24) To PAXPR04MB9328.eurprd04.prod.outlook.com (2603:10a6:102:2b6::15) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR04MB9328:EE_|AM9PR04MB7715:EE_ X-MS-Office365-Filtering-Correlation-Id: 4e0b3823-c4ba-4588-0192-08dcf43cd4b1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|52116014|376014|366016|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ovWWhy/Sf1rcfjjM6I8lz/BgObpg1aXAs2iG1RsCEsW+5/IcE6sChIdbADAh?= =?us-ascii?Q?cvRiKaRJ+rIT3jEtiKtEJ2GDnj0HHCvfVdNSdUXAqTGS43r55rLy0RsRexJD?= =?us-ascii?Q?xJ8S/2AmcXt9bfAhW52YSuULEfoTK3HnaMP15Sfd8v2YE5IdkXMXEPu39rwg?= =?us-ascii?Q?2r4I2pmPmqS1VXzj7FPV9ykhOxHf1d6vuCZ3iT2pBo7FxB2cRNdBeu0iVTrJ?= =?us-ascii?Q?eTMpkA9z1c/9303/V0YCqzSfkk7Af4i+VunxPo8ndMRqmZqIaFLDMw/HXkQS?= =?us-ascii?Q?Qio/Zgl6F6OcqnnaLfPVjZI26T/tzhsfSPuMRVz7dnw0Hd3wGMmV5jks8FZT?= =?us-ascii?Q?/WF6mWzQY2FQ4KnKo3PClW47VsNKYPcL1DtB4OkKPXs2SKyt71TJYt3/jwpm?= =?us-ascii?Q?18pqjvH/UTFlIYeipOgoOFMi4wYRpzXJpHwvVRbm9bjRfis0jOktIPWG/MqP?= =?us-ascii?Q?lCPyiAKk7BCujt58vLoHvPxIemOStk5WSMYiWcL3BCprLfP0AIGLrI046Ky5?= =?us-ascii?Q?6WwYWs41EED2upKtDJR5iu9pbfTw//orHKOIt35qi/0alQEh+pfQSNrBaQRS?= =?us-ascii?Q?UIKLDRaTeuUKoLzReoiV2ecZHrd8bpONedYPOIci2W6sTXjxU2imikkkBhoX?= =?us-ascii?Q?r4QxNyBZ51b/idqEH/OmQ/8hvtisiZpmh3Xqd3hKTvZ0/Impgg3dd2T5Wmrt?= =?us-ascii?Q?bSf1j8+GQCOrSJIJwlGMxTcyTEjzfnS420eTodmxQLBF+HqW+2BEQWaYEWS0?= =?us-ascii?Q?jjGcdxLlOzW+U+TWzmLiGuFNZulPsXvVkCA+JK0YHKlTFXl29UmjqMMlU4kM?= =?us-ascii?Q?fhd/VRYN2LvJGMzOUCO9Q8GlK0nMc5FbNz4+WWO69v2DqFjSb/9zNV4277HN?= =?us-ascii?Q?xt2j6bgIU9YRJUuyLpkfJYHDK7K7P8tsjikXYsGgxX7qiOP6BEK72ts+KZ8u?= =?us-ascii?Q?D1/MFHntR7Wb8CVr9sELrKrNe82QyZgkMQp54hOnGx/G/dxtWYBjDjWrYsEl?= =?us-ascii?Q?0poyhlpgvLWv6GJhol0isvGlHsGZ85g0K3Je1CcHu9xy6gHDZW51o6M/5dic?= =?us-ascii?Q?fds+tGQJJKmKgsFHbofzXI4GC3igmBXByQeKsg3P2ki/lemuDgvpscCYaK+j?= =?us-ascii?Q?vDdi7lHH6UtVJzEr6R89UziIYY8gPuPyFYZpUYUitZMQTVG99K/EI/OeTKpV?= =?us-ascii?Q?2kqNfn0UCFZUlY7q2ZwhUGhBRmINdqgtiLbhgrrWIM69gaE/yAQsLHGUNHnp?= =?us-ascii?Q?1VIZmFmelajOC53rEq2UaREinVSJxycpp6kngS3TFCHP5htAxm05h98gy0sj?= =?us-ascii?Q?q7120LJLcnGuTibbNv8O0X73L4ug4V1P06qa1ByPxyDjrCgxWhJDr50G2zaI?= =?us-ascii?Q?vRxZYug=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR04MB9328.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(52116014)(376014)(366016)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?LJszPCwdiPzmjEqJjTjmHjx2N19gEClwCdPKwxhVv+t5phLKWhx9DDz3oafX?= =?us-ascii?Q?Vhek9wJ9ak6x9jwvojSiCJoOChviZPEba3BzezbP/Rg6urjbMEACyMx7i+BF?= =?us-ascii?Q?t6g8gjtWejqqZfIRcXtG9KuLiEY5VW5p1m6g4/JzOGXVuVV64SOKkGKF5TTF?= =?us-ascii?Q?Wenpl/L+xOpvebz2Ti6bBZOze8N/OCf0nR+WDIPzIBIFVvKbp0lufY4I2o+S?= =?us-ascii?Q?kmyF91wKWCFcMqQI4MHzGtv1bDmQPPZNdBvxulVnsGNflwWe4PTxtSsFSkm3?= =?us-ascii?Q?6Nv/U/7LTopSap0YO82ZRnNBjcMLhbtRECeky2D37HAWeXNfb5FJ8Gi723+U?= =?us-ascii?Q?epnrh0PZyGSBwhUvEfwdgLVJgkQ+DgmMxepq0hvQiuQm0tBhjx7s57/AB81J?= =?us-ascii?Q?c4ObQW++xLnh9cYgvku3a6yB0jP5Pifkvr5pJZhGa2w4GDKX5a3WA1Kujly6?= =?us-ascii?Q?s26PhfGkUE3FfAmv/LgV2enFO0An/FrYjTFkYLgrHWPKqwCGjjDfFZ+TfLvF?= =?us-ascii?Q?kP0t3AtgvLXCDk90Oa66F+xkxC0uVBy+4hICRzihdgXloY44aIZ+uPvFfP0t?= =?us-ascii?Q?V7/EPaRRwPdm5++RnuhQrF/7e11jd3n9DzufRVD4aWu+U3Z+km6Rl7+e16kR?= =?us-ascii?Q?/snBWlfG5x17PDbrZfsz4vRhmNubSKdF/pYhtlKp3JXkH9Areb/89nT7ryJ/?= =?us-ascii?Q?O6zkKZnHq8kVyUXR4bLFu/nSSuzto6HhCS8uXX1+L7NDHn5ORzayaLabHYhk?= =?us-ascii?Q?TGQZuk3QqZWrO75t5vOc7rSY8kF5gBaBYrB+VSqvNLVqjdPgCtTN32u54DJ7?= =?us-ascii?Q?p5P0sHGeaBaijTmuOc1BSlUgVJT5vOXL4vFuartVQriNzozaWnC7RVeWpmE/?= =?us-ascii?Q?iYCWufz5K0F18X1fEj77zVg53eZ88ANhEPN73RbqQ5thFxV/DCRugQQRymx7?= =?us-ascii?Q?1C5RUCfvgVG0R4OinY9tua/Qakh+/qKeDYT870ZlRrnq4CATJF4MBlJKPA0H?= =?us-ascii?Q?l2LV4+OpTvUhFEyG/Fu6iDqVmVDmY7HfMfMEbNTpCO/M0C3DNNhZ65xKpncl?= =?us-ascii?Q?0PClyxTFZL7z9xLorfI0RU/BhV8vF/LzkNieHo94WPFsck0qRL0kYlw7Ah1S?= =?us-ascii?Q?3G3+xKEK5btpBiNeA/9AJakJp9TsGZl0TTe+TR5vT+8gj7nZfTINNcG5XoyZ?= =?us-ascii?Q?8mDDq9ELrH5RLw/aw95JXCv5xz2NlsZsWHDaJHtY7sxs1+78DxIAqCW/6qH2?= =?us-ascii?Q?EgCl5I8e8rWBF3IHHzt3WQ9aO6u75sHnb9mB8XFg6tD6uYtUssijkSfYD9VN?= =?us-ascii?Q?gypykZnSRW8wgi5M+RnsvAFBN2e3iUC9VK3Wl7qs0FZ9Rnh98/ehfsEdtzwr?= =?us-ascii?Q?0ZVs0EL6dQ8lIs0mtQzdZj/6pACOCrRh9lbewayR5vnDGxKzGY1xyJoTu1Gg?= =?us-ascii?Q?QEvmX/5Nmpd9EFgOVf+vLVRbZ30KtBETjCv1leD/ivO986SYKL++LV4UHk/G?= =?us-ascii?Q?A6iIaU+Z7Vts4v3R0Cc7NXnYZMEKyzzEw8PC87Jlj+pwCG5NC5dZpm8FQrZR?= =?us-ascii?Q?YPNsyFkpVxDu4KuUSZT4FF3+GHsemOJSs+1jfaDHYVTKQ1ITjEB5ZO9J3v7D?= =?us-ascii?Q?Ag=3D=3D?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4e0b3823-c4ba-4588-0192-08dcf43cd4b1 X-MS-Exchange-CrossTenant-AuthSource: PAXPR04MB9328.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2024 15:02:08.4539 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nQFczoNuITQbf5U+AzGY+PbVlnlBi3/WkOjTkG1zhzxCCbEmOwLMwOG1W92bMX+ZyBaHQ6M3LGdRgUDoIfbpJg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR04MB7715 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Gagandeep Singh Setting ESN seq number initialization. Initialize the sequence number of ESP to 1. Signed-off-by: Gagandeep Singh Signed-off-by: Barry Cao --- drivers/crypto/dpaa_sec/dpaa_sec.c | 17 ++++++++++++++--- drivers/crypto/dpaa_sec/dpaa_sec.h | 10 +++++++--- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 225bf950e9..e6ca0e6f0e 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -3011,9 +3011,17 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, PDBHMO_ESP_SNR; if (ipsec_xform->options.dec_ttl) session->encap_pdb.options |= PDBHMO_ESP_ENCAP_DTTL; - if (ipsec_xform->options.esn) - session->encap_pdb.options |= PDBOPTS_ESP_ESN; session->encap_pdb.spi = ipsec_xform->spi; + /* Initializing the sequence number to 1, Security + * engine will choose this sequence number for first packet + * Refer: RFC4303 section: 3.3.3.Sequence Number Generation + */ + session->encap_pdb.seq_num = 1; + if (ipsec_xform->options.esn) { + session->encap_pdb.options |= PDBOPTS_ESP_ESN; + session->encap_pdb.seq_num_ext_hi = conf->ipsec.esn.hi; + session->encap_pdb.seq_num = conf->ipsec.esn.low; + } } else if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) { @@ -3022,8 +3030,11 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev, else session->decap_pdb.options = sizeof(struct rte_ipv6_hdr) << 16; - if (ipsec_xform->options.esn) + if (ipsec_xform->options.esn) { session->decap_pdb.options |= PDBOPTS_ESP_ESN; + session->decap_pdb.seq_num_ext_hi = conf->ipsec.esn.hi; + session->decap_pdb.seq_num = conf->ipsec.esn.low; + } if (ipsec_xform->replay_win_sz) { uint32_t win_sz; win_sz = rte_align32pow2(ipsec_xform->replay_win_sz); diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h index eff6dcf311..02e5307660 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.h +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: BSD-3-Clause * - * Copyright 2016-2023 NXP + * Copyright 2016-2024 NXP * */ @@ -989,7 +989,9 @@ static const struct rte_security_capability dpaa_sec_security_cap[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, - .options = { 0 }, + .options = { + .esn = 1, + }, .replay_win_sz_max = 128 }, .crypto_capabilities = dpaa_sec_capabilities @@ -1001,7 +1003,9 @@ static const struct rte_security_capability dpaa_sec_security_cap[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, - .options = { 0 }, + .options = { + .esn = 1, + }, .replay_win_sz_max = 128 }, .crypto_capabilities = dpaa_sec_capabilities -- 2.25.1