From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 4483EA04A2;
	Tue,  5 Nov 2019 23:07:50 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id ADD411BF6B;
	Tue,  5 Nov 2019 23:07:49 +0100 (CET)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com
 (mail-eopbgr140085.outbound.protection.outlook.com [40.107.14.85])
 by dpdk.org (Postfix) with ESMTP id 79B6C1BF53
 for <dev@dpdk.org>; Tue,  5 Nov 2019 23:07:48 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SbPKjqUwVSDOH2qm6C1OfCplzVwLZPlZDmOPw6tRblghAZUth4GN7zUG95XkKTQi+CYG7ajPr6XrTqmj7jVZS6RLdaFazC4GExs6vQrm/hB1cE2Dhz3T5HPJ3MGv+ZA3UfjdPKaYk8zPTlteb7OHZNopZ1sWJXAQoy7y+CbUDM7c5pMrBpOVklZvGJbLMpbBeC3hYEKjwlh8IccgPQHzaeUz3aXTpb6s9ScH9zbzVb8ZGgxAnJK9aXw43MO+qXhDNHQu1PvX/tndxS0zONDC7BRycGK9xG2gZk5T9s3nm5e+cijb331UGgmmJx63ezKQzWuc8qxTdXNB6dVzFcYqBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=M03lEl1mDJij2dTPHl5iToZMchYQf+gJVwQgjPioP6U=;
 b=FFajwJzobcHlgwW/TFKSzTY8Aj+HDtEsR7iR/VJVA2FEExgNZBJHk5H/6XpRw5HNY6krqx1lQbkOJKWmHGv4ngSsObIw1SGwiKQd62aeCnilE6/DQFlxEjQEFLTHXCZoaCYEQU0q364plk4sj2IPh4tmAPA/0LeernsEZdvUrwDTimwgYoYSHulK0zjHlUom30k3blZjLg9uSUnZsH1kBDgMIcyifzk0aFfqH+Cqi13Vg6doxcD+CcBnyZvcWAaxwjVHK6kjiOiOuC2lNZr2SRFHtNy0pns6iQxXPqNDGtj6Tgrr8q6+wfexNv46x+Jxgiqj3E7kjGqJKzYe7j4KEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass
 header.d=nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=M03lEl1mDJij2dTPHl5iToZMchYQf+gJVwQgjPioP6U=;
 b=jZPpg3wUm1V40DTcEvQaEKWGeR9bBag4+4cM08zd6F9/ZhZ2msjhU/cQ4OKWLtUUNNQ/R2Ma4SdTWvJEyVbzhQP6B/Ui7Va/KhGKkFdbAeZhR6P2r5Jfn1lgKjuuaJL4fn4ENQ7rV9//SmaKnQlluZselrDzEx9g7JHBx1tVyYo=
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by
 VE1PR04MB6432.eurprd04.prod.outlook.com (20.179.234.85) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2408.24; Tue, 5 Nov 2019 22:07:46 +0000
Received: from VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::9dc:aa5c:2bb8:b561]) by VE1PR04MB6639.eurprd04.prod.outlook.com
 ([fe80::9dc:aa5c:2bb8:b561%6]) with mapi id 15.20.2408.024; Tue, 5 Nov 2019
 22:07:46 +0000
From: Akhil Goyal <akhil.goyal@nxp.com>
To: Hemant Agrawal <hemant.agrawal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: "konstantin.ananyev@intel.com" <konstantin.ananyev@intel.com>,
 "anoobj@marvell.com" <anoobj@marvell.com>, Hemant Agrawal
 <hemant.agrawal@nxp.com>
Thread-Topic: [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay window config
Thread-Index: AQHVj+2mvU9Y5Odyf0OADg/QxuFtyad9KXcQ
Date: Tue, 5 Nov 2019 22:07:46 +0000
Message-ID: <VE1PR04MB663924214DFB38A8EB65B3CFE67E0@VE1PR04MB6639.eurprd04.prod.outlook.com>
References: <20191031045458.29166-1-hemant.agrawal@nxp.com>
 <20191031131502.12504-1-hemant.agrawal@nxp.com>
 <20191031131502.12504-3-hemant.agrawal@nxp.com>
In-Reply-To: <20191031131502.12504-3-hemant.agrawal@nxp.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=akhil.goyal@nxp.com; 
x-originating-ip: [223.190.56.205]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 59ccfa8b-6c74-4bba-e850-08d7623c96cd
x-ms-traffictypediagnostic: VE1PR04MB6432:|VE1PR04MB6432:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <VE1PR04MB643274FEB11C0E4BE708FAFAE67E0@VE1PR04MB6432.eurprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(136003)(396003)(366004)(346002)(39860400002)(376002)(199004)(189003)(55016002)(26005)(76116006)(486006)(476003)(11346002)(64756008)(76176011)(8676002)(7696005)(6506007)(81166006)(81156014)(66476007)(54906003)(8936002)(66556008)(66946007)(186003)(102836004)(86362001)(6436002)(229853002)(7736002)(110136005)(316002)(3846002)(6116002)(2906002)(305945005)(74316002)(66446008)(2501003)(44832011)(66066001)(99286004)(446003)(4326008)(14454004)(52536014)(71200400001)(71190400001)(33656002)(5660300002)(25786009)(256004)(478600001)(9686003)(14444005)(6246003);
 DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6432;
 H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oGNUMB3CYGfA7OkKlan+0HaQ3hF1FADG5L+p7qvCrQHudx33B0taIG8qKM2NoF7Lh56ZGY79J1QrueXl03M6AQS3H5JYgAC5Ad1abjl/ROia9HfuhnGGaB72D+ZLraPgH2I9JEJx5OoElkypRpU0hSBi1/wzoaj98wc3rHw1rkKRWoGGcc72e3Gv52H/PIGpX4tk71yP1EGHuZNaiowzhG/D1OyIn8JPFJ3OAHvUjubCqwJcZ6mCqtpv1S2HvVsueo74F0qUyZLWNPrWwFZ61gYvMp2w2e4c4uUj5FxHjbfXVIuVtUs4FQgDTYdpp2Mz37Vz2+qTY3cJ0hVqOtw+tg+mhlpS1Pl5xT0M82851kQdQnXJPdj6bQ7H/HVcqeG36g5FU+0g+lwFw2Vbw8GSCfC2ms6DmS3+X+ZnNBdgkKng5/TPuX/p3tniUFOOtnEb
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 59ccfa8b-6c74-4bba-e850-08d7623c96cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2019 22:07:46.2222 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ys5QR9hTwkTVHM80nmkqawAfr5qzu4M8OoKXufZ64B7a0ZMJ1vjmDsN2yoAu/MZeCiCKoY9LAchmdxZqyQLTEQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6432
Subject: Re: [dpdk-dev] [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay
	window config
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Hemant,
>=20
> This patch usages the anti replay window size to config
> the anti replay checking  in decap path for lookaside
> IPSEC offload
>=20
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 24 +++++++++++++++++++
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   |  6 +++--
>  drivers/crypto/dpaa_sec/dpaa_sec.c          | 26 +++++++++++++++++++++
>  drivers/crypto/dpaa_sec/dpaa_sec.h          |  6 +++--
>  4 files changed, 58 insertions(+), 4 deletions(-)
>=20
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index 52e522e4a..6d59e73e9 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -2836,6 +2836,30 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev
> *dev,
>  				sizeof(struct rte_ipv6_hdr) << 16;
>  		if (ipsec_xform->options.esn)
>  			decap_pdb.options |=3D PDBOPTS_ESP_ESN;
> +
> +		if (ipsec_xform->replay_win_sz) {
> +			uint32_t win_sz;
> +			win_sz =3D rte_align32pow2(ipsec_xform->replay_win_sz);
> +
> +			switch (win_sz) {
> +			case 1:
> +			case 2:
> +			case 4:
> +			case 8:
> +			case 16:
> +			case 32:
> +				if (ipsec_xform->options.esn)
> +					decap_pdb.options |=3D
> PDBOPTS_ESP_ARS64;

Why is it dependent on ESN?

> +				else
> +					decap_pdb.options |=3D
> PDBOPTS_ESP_ARS32;
> +				break;
> +			case 64:
> +				decap_pdb.options |=3D PDBOPTS_ESP_ARS64;
> +				break;
> +			default:
> +				decap_pdb.options |=3D PDBOPTS_ESP_ARS128;

Default case should not set anti replay window like case 0 when we don't wa=
nt anti replay.

> +			}
> +		}
>  		session->dir =3D DIR_DEC;
>  		bufsize =3D cnstr_shdsc_ipsec_new_decap(priv->flc_desc[0].desc,
>  				1, 0, SHR_SERIAL,
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> index 662559422..b97dacbcb 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
> @@ -675,7 +675,8 @@ static const struct rte_security_capability
> dpaa2_sec_security_cap[] =3D {
>  			.proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>  			.mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>  			.direction =3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
> -			.options =3D { 0 }
> +			.options =3D { 0 },
> +			.replay_win_sz_max =3D 128
>  		},
>  		.crypto_capabilities =3D dpaa2_sec_capabilities
>  	},
> @@ -686,7 +687,8 @@ static const struct rte_security_capability
> dpaa2_sec_security_cap[] =3D {
>  			.proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>  			.mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>  			.direction =3D RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> -			.options =3D { 0 }
> +			.options =3D { 0 },
> +			.replay_win_sz_max =3D 128
>  		},
>  		.crypto_capabilities =3D dpaa2_sec_capabilities
>  	},
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
> b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index 6c186338f..7cfa5f6dc 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -2693,6 +2693,32 @@ dpaa_sec_set_ipsec_session(__rte_unused struct
> rte_cryptodev *dev,
>  					sizeof(struct rte_ipv6_hdr) << 16;
>  		if (ipsec_xform->options.esn)
>  			session->decap_pdb.options |=3D PDBOPTS_ESP_ESN;
> +		if (ipsec_xform->replay_win_sz) {
> +			uint32_t win_sz;
> +			win_sz =3D rte_align32pow2(ipsec_xform->replay_win_sz);
> +
> +			switch (win_sz) {
> +			case 1:
> +			case 2:
> +			case 4:
> +			case 8:
> +			case 16:
> +			case 32:
> +				if (ipsec_xform->options.esn)
> +					session->decap_pdb.options |=3D
> +							PDBOPTS_ESP_ARS64;
> +				else
> +					session->decap_pdb.options |=3D
> +							PDBOPTS_ESP_ARS32;
> +				break;
> +			case 64:
> +				session->decap_pdb.options |=3D
> PDBOPTS_ESP_ARS64;
> +				break;
> +			default:
> +				session->decap_pdb.options |=3D
> +							PDBOPTS_ESP_ARS128;
> +			}
> +		}
>  		session->dir =3D DIR_DEC;
>  	} else
>  		goto out;
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h
> b/drivers/crypto/dpaa_sec/dpaa_sec.h
> index c10ec1007..684950d6d 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.h
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
> @@ -692,7 +692,8 @@ static const struct rte_security_capability
> dpaa_sec_security_cap[] =3D {
>  			.proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>  			.mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>  			.direction =3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
> -			.options =3D { 0 }
> +			.options =3D { 0 },
> +			.replay_win_sz_max =3D 128
>  		},
>  		.crypto_capabilities =3D dpaa_sec_capabilities
>  	},
> @@ -703,7 +704,8 @@ static const struct rte_security_capability
> dpaa_sec_security_cap[] =3D {
>  			.proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP,
>  			.mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
>  			.direction =3D RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> -			.options =3D { 0 }
> +			.options =3D { 0 },
> +			.replay_win_sz_max =3D 128
>  		},
>  		.crypto_capabilities =3D dpaa_sec_capabilities
>  	},
> --
> 2.17.1