From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4483EA04A2; Tue, 5 Nov 2019 23:07:50 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id ADD411BF6B; Tue, 5 Nov 2019 23:07:49 +0100 (CET) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140085.outbound.protection.outlook.com [40.107.14.85]) by dpdk.org (Postfix) with ESMTP id 79B6C1BF53 for ; Tue, 5 Nov 2019 23:07:48 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SbPKjqUwVSDOH2qm6C1OfCplzVwLZPlZDmOPw6tRblghAZUth4GN7zUG95XkKTQi+CYG7ajPr6XrTqmj7jVZS6RLdaFazC4GExs6vQrm/hB1cE2Dhz3T5HPJ3MGv+ZA3UfjdPKaYk8zPTlteb7OHZNopZ1sWJXAQoy7y+CbUDM7c5pMrBpOVklZvGJbLMpbBeC3hYEKjwlh8IccgPQHzaeUz3aXTpb6s9ScH9zbzVb8ZGgxAnJK9aXw43MO+qXhDNHQu1PvX/tndxS0zONDC7BRycGK9xG2gZk5T9s3nm5e+cijb331UGgmmJx63ezKQzWuc8qxTdXNB6dVzFcYqBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M03lEl1mDJij2dTPHl5iToZMchYQf+gJVwQgjPioP6U=; b=FFajwJzobcHlgwW/TFKSzTY8Aj+HDtEsR7iR/VJVA2FEExgNZBJHk5H/6XpRw5HNY6krqx1lQbkOJKWmHGv4ngSsObIw1SGwiKQd62aeCnilE6/DQFlxEjQEFLTHXCZoaCYEQU0q364plk4sj2IPh4tmAPA/0LeernsEZdvUrwDTimwgYoYSHulK0zjHlUom30k3blZjLg9uSUnZsH1kBDgMIcyifzk0aFfqH+Cqi13Vg6doxcD+CcBnyZvcWAaxwjVHK6kjiOiOuC2lNZr2SRFHtNy0pns6iQxXPqNDGtj6Tgrr8q6+wfexNv46x+Jxgiqj3E7kjGqJKzYe7j4KEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M03lEl1mDJij2dTPHl5iToZMchYQf+gJVwQgjPioP6U=; b=jZPpg3wUm1V40DTcEvQaEKWGeR9bBag4+4cM08zd6F9/ZhZ2msjhU/cQ4OKWLtUUNNQ/R2Ma4SdTWvJEyVbzhQP6B/Ui7Va/KhGKkFdbAeZhR6P2r5Jfn1lgKjuuaJL4fn4ENQ7rV9//SmaKnQlluZselrDzEx9g7JHBx1tVyYo= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6432.eurprd04.prod.outlook.com (20.179.234.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 22:07:46 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561%6]) with mapi id 15.20.2408.024; Tue, 5 Nov 2019 22:07:46 +0000 From: Akhil Goyal To: Hemant Agrawal , "dev@dpdk.org" CC: "konstantin.ananyev@intel.com" , "anoobj@marvell.com" , Hemant Agrawal Thread-Topic: [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay window config Thread-Index: AQHVj+2mvU9Y5Odyf0OADg/QxuFtyad9KXcQ Date: Tue, 5 Nov 2019 22:07:46 +0000 Message-ID: References: <20191031045458.29166-1-hemant.agrawal@nxp.com> <20191031131502.12504-1-hemant.agrawal@nxp.com> <20191031131502.12504-3-hemant.agrawal@nxp.com> In-Reply-To: <20191031131502.12504-3-hemant.agrawal@nxp.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [223.190.56.205] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 59ccfa8b-6c74-4bba-e850-08d7623c96cd x-ms-traffictypediagnostic: VE1PR04MB6432:|VE1PR04MB6432: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 0212BDE3BE x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(366004)(346002)(39860400002)(376002)(199004)(189003)(55016002)(26005)(76116006)(486006)(476003)(11346002)(64756008)(76176011)(8676002)(7696005)(6506007)(81166006)(81156014)(66476007)(54906003)(8936002)(66556008)(66946007)(186003)(102836004)(86362001)(6436002)(229853002)(7736002)(110136005)(316002)(3846002)(6116002)(2906002)(305945005)(74316002)(66446008)(2501003)(44832011)(66066001)(99286004)(446003)(4326008)(14454004)(52536014)(71200400001)(71190400001)(33656002)(5660300002)(25786009)(256004)(478600001)(9686003)(14444005)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6432; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: oGNUMB3CYGfA7OkKlan+0HaQ3hF1FADG5L+p7qvCrQHudx33B0taIG8qKM2NoF7Lh56ZGY79J1QrueXl03M6AQS3H5JYgAC5Ad1abjl/ROia9HfuhnGGaB72D+ZLraPgH2I9JEJx5OoElkypRpU0hSBi1/wzoaj98wc3rHw1rkKRWoGGcc72e3Gv52H/PIGpX4tk71yP1EGHuZNaiowzhG/D1OyIn8JPFJ3OAHvUjubCqwJcZ6mCqtpv1S2HvVsueo74F0qUyZLWNPrWwFZ61gYvMp2w2e4c4uUj5FxHjbfXVIuVtUs4FQgDTYdpp2Mz37Vz2+qTY3cJ0hVqOtw+tg+mhlpS1Pl5xT0M82851kQdQnXJPdj6bQ7H/HVcqeG36g5FU+0g+lwFw2Vbw8GSCfC2ms6DmS3+X+ZnNBdgkKng5/TPuX/p3tniUFOOtnEb Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 59ccfa8b-6c74-4bba-e850-08d7623c96cd X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2019 22:07:46.2222 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ys5QR9hTwkTVHM80nmkqawAfr5qzu4M8OoKXufZ64B7a0ZMJ1vjmDsN2yoAu/MZeCiCKoY9LAchmdxZqyQLTEQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6432 Subject: Re: [dpdk-dev] [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay window config X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Hemant, >=20 > This patch usages the anti replay window size to config > the anti replay checking in decap path for lookaside > IPSEC offload >=20 > Signed-off-by: Hemant Agrawal > --- > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 24 +++++++++++++++++++ > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 6 +++-- > drivers/crypto/dpaa_sec/dpaa_sec.c | 26 +++++++++++++++++++++ > drivers/crypto/dpaa_sec/dpaa_sec.h | 6 +++-- > 4 files changed, 58 insertions(+), 4 deletions(-) >=20 > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > index 52e522e4a..6d59e73e9 100644 > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > @@ -2836,6 +2836,30 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev > *dev, > sizeof(struct rte_ipv6_hdr) << 16; > if (ipsec_xform->options.esn) > decap_pdb.options |=3D PDBOPTS_ESP_ESN; > + > + if (ipsec_xform->replay_win_sz) { > + uint32_t win_sz; > + win_sz =3D rte_align32pow2(ipsec_xform->replay_win_sz); > + > + switch (win_sz) { > + case 1: > + case 2: > + case 4: > + case 8: > + case 16: > + case 32: > + if (ipsec_xform->options.esn) > + decap_pdb.options |=3D > PDBOPTS_ESP_ARS64; Why is it dependent on ESN? > + else > + decap_pdb.options |=3D > PDBOPTS_ESP_ARS32; > + break; > + case 64: > + decap_pdb.options |=3D PDBOPTS_ESP_ARS64; > + break; > + default: > + decap_pdb.options |=3D PDBOPTS_ESP_ARS128; Default case should not set anti replay window like case 0 when we don't wa= nt anti replay. > + } > + } > session->dir =3D DIR_DEC; > bufsize =3D cnstr_shdsc_ipsec_new_decap(priv->flc_desc[0].desc, > 1, 0, SHR_SERIAL, > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > index 662559422..b97dacbcb 100644 > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > @@ -675,7 +675,8 @@ static const struct rte_security_capability > dpaa2_sec_security_cap[] =3D { > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS, > - .options =3D { 0 } > + .options =3D { 0 }, > + .replay_win_sz_max =3D 128 > }, > .crypto_capabilities =3D dpaa2_sec_capabilities > }, > @@ -686,7 +687,8 @@ static const struct rte_security_capability > dpaa2_sec_security_cap[] =3D { > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_INGRESS, > - .options =3D { 0 } > + .options =3D { 0 }, > + .replay_win_sz_max =3D 128 > }, > .crypto_capabilities =3D dpaa2_sec_capabilities > }, > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c > b/drivers/crypto/dpaa_sec/dpaa_sec.c > index 6c186338f..7cfa5f6dc 100644 > --- a/drivers/crypto/dpaa_sec/dpaa_sec.c > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c > @@ -2693,6 +2693,32 @@ dpaa_sec_set_ipsec_session(__rte_unused struct > rte_cryptodev *dev, > sizeof(struct rte_ipv6_hdr) << 16; > if (ipsec_xform->options.esn) > session->decap_pdb.options |=3D PDBOPTS_ESP_ESN; > + if (ipsec_xform->replay_win_sz) { > + uint32_t win_sz; > + win_sz =3D rte_align32pow2(ipsec_xform->replay_win_sz); > + > + switch (win_sz) { > + case 1: > + case 2: > + case 4: > + case 8: > + case 16: > + case 32: > + if (ipsec_xform->options.esn) > + session->decap_pdb.options |=3D > + PDBOPTS_ESP_ARS64; > + else > + session->decap_pdb.options |=3D > + PDBOPTS_ESP_ARS32; > + break; > + case 64: > + session->decap_pdb.options |=3D > PDBOPTS_ESP_ARS64; > + break; > + default: > + session->decap_pdb.options |=3D > + PDBOPTS_ESP_ARS128; > + } > + } > session->dir =3D DIR_DEC; > } else > goto out; > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h > b/drivers/crypto/dpaa_sec/dpaa_sec.h > index c10ec1007..684950d6d 100644 > --- a/drivers/crypto/dpaa_sec/dpaa_sec.h > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h > @@ -692,7 +692,8 @@ static const struct rte_security_capability > dpaa_sec_security_cap[] =3D { > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS, > - .options =3D { 0 } > + .options =3D { 0 }, > + .replay_win_sz_max =3D 128 > }, > .crypto_capabilities =3D dpaa_sec_capabilities > }, > @@ -703,7 +704,8 @@ static const struct rte_security_capability > dpaa_sec_security_cap[] =3D { > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_INGRESS, > - .options =3D { 0 } > + .options =3D { 0 }, > + .replay_win_sz_max =3D 128 > }, > .crypto_capabilities =3D dpaa_sec_capabilities > }, > -- > 2.17.1