From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 185C6A04A2; Wed, 6 Nov 2019 06:16:14 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 747711BF47; Wed, 6 Nov 2019 06:16:13 +0100 (CET) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40053.outbound.protection.outlook.com [40.107.4.53]) by dpdk.org (Postfix) with ESMTP id 30CD31BF41 for ; Wed, 6 Nov 2019 06:16:12 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=genbcW/6vnWW56iihYmTd6E6J7gWr5xGN3D1gGH7noFmtDSyRJUTmrz0o6ka65QKnvtxXfY4f7+FKZec1UAMJrNAoPon9daO/1boI890qfBeikEXES9fb8VbxUPIPa3j9SEKXk5nvQy3dXN9IZ1CKr5HR/gUnizDTYNJJ1bSrBBXuHnDZaaNrpiLpfdDz8CoddzxnESSZCzX8JJmpTuTelBghW5UM/K8k2Jfuahy1OnlXq7WjCIJskGoguD0cQp8Y3xTPtEkLR1ujfiGClWGuYuJjRjOolD6ID2mG18trOGQcAZT0ScgBeH2k2NWNeODxZvrLyjb9kNgGuXxdEBExA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GQFOOCmW5JRTQ+DwCvi3JXwdn5tc7v8LIysolFn4wPc=; b=RWmTYv8TdNSLxlcg8AZUg8bgrZ9N6rdC76coGnAEhNeYfMXr+ZCOXF4QpVSewT5XzfqJpB3rPM/AFw1JbfmtNiWu1O5h3sovyU1uUdcWAltuSRvxzh/plhITNPgOZC8UZ3sxmP9tv46+BR2UHNlxQN8jx5wRRl8uBlJU+55tGtfJ+Tk+Y+kgONibI9fwZA103gkyiJwACzjvIdCsxGkmaPYyaCjseFJS1fcRsQGU6CgEkWI/JttQidMMLDyPpz/Jc3cAzfUhzMADEjGpabrit/eJhMdqaMQo37rjtQdaQfrF0xLOTxznp8LnTl8yoGurMjlHslAIpNCTYw2cXFOlLg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GQFOOCmW5JRTQ+DwCvi3JXwdn5tc7v8LIysolFn4wPc=; b=jYbYcC8S2t5wi4n166FW3KDmKqAXTuj0muxoQA8mZfOKe/TENydr0TzVNc39MFNg4nVeeEvfgqmHF1sNTQtrCa0EFyQe12eL5otpKMLGT/4Lm4T2oLOxDjUwmsMzg4k3SxpY05EHwWtY28T3VswfBGXWseu3DY+xyK01PQ0DRIs= Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com (10.168.62.139) by VI1PR0401MB2365.eurprd04.prod.outlook.com (10.169.134.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Wed, 6 Nov 2019 05:16:11 +0000 Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::7012:936f:53fb:f7b6]) by VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::7012:936f:53fb:f7b6%5]) with mapi id 15.20.2430.020; Wed, 6 Nov 2019 05:16:11 +0000 From: Hemant Agrawal To: Akhil Goyal , "dev@dpdk.org" CC: "konstantin.ananyev@intel.com" , "anoobj@marvell.com" Thread-Topic: [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay window config Thread-Index: AQHVj+2mTgsSezj9hEiKAvT4OTZFTqd9KwwAgAB3JhA= Date: Wed, 6 Nov 2019 05:16:11 +0000 Message-ID: References: <20191031045458.29166-1-hemant.agrawal@nxp.com> <20191031131502.12504-1-hemant.agrawal@nxp.com> <20191031131502.12504-3-hemant.agrawal@nxp.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hemant.agrawal@nxp.com; x-originating-ip: [92.120.1.66] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 62e968ad-100f-4b56-d58c-08d762787013 x-ms-traffictypediagnostic: VI1PR0401MB2365:|VI1PR0401MB2365: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5236; x-forefront-prvs: 02135EB356 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(396003)(366004)(346002)(39860400002)(13464003)(189003)(199004)(102836004)(86362001)(66446008)(76176011)(66066001)(2501003)(110136005)(186003)(54906003)(478600001)(26005)(66476007)(66946007)(316002)(64756008)(446003)(486006)(14454004)(11346002)(7696005)(6506007)(44832011)(53546011)(476003)(3846002)(6116002)(33656002)(2906002)(66556008)(5660300002)(76116006)(99286004)(229853002)(8936002)(14444005)(256004)(81166006)(4326008)(7736002)(55016002)(305945005)(6436002)(74316002)(9686003)(52536014)(25786009)(71190400001)(71200400001)(8676002)(81156014)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2365; H:VI1PR0401MB2541.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: y6o30s3xWZXqhRLnjbJFE8ssdoW3yLBOFoH+1tDOjFFRUxuI3j62GksDoEatLG6QjxPpCcg3iorlbKog+u4j2TYslKJcLdcka949n9KfA/QxdlcRHozg37GXBchFi19vFd/B8TOu/N06YBTxWZzJ2Z0RQjafN56JYVaszREmFsetPDRUglulXIAz0NZNjOIehs6oyNHhxADdUr6NOQjBc2wGlTqD0Evj7WmSiVsPNOW1Gn3pDT1nNlhPOaE5ObmxeXIgFTKZOPfeCW5DpR2wvUfWQNxKYH+aO0XEN1Tsqm5uoLTuC2dKvshm2Dhlg8WLPnl3wrIE1mrpurmBd4FvD2kySJav0mIadmkQPu5rWIUpZYg9Xti8n49YwpWVvLMQTITa1kn3479Ve4fFUWdw3Zo1oAyA8lKPvLWN8kDSkYJurLjbPof0XBYDuen8G6pg Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 62e968ad-100f-4b56-d58c-08d762787013 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 05:16:11.1760 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: N1X1FBBuNsIXcVeoGWJPMs5ahYsl+g6jW8nrMRVGVheBhIRwl1ci4IScS1/yY/wKz8nTO7q2tcWIILtVvsPbDg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2365 Subject: Re: [dpdk-dev] [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay window config X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil, > -----Original Message----- > From: Akhil Goyal > Sent: Wednesday, November 6, 2019 3:38 AM > To: Hemant Agrawal ; dev@dpdk.org > Cc: konstantin.ananyev@intel.com; anoobj@marvell.com; Hemant Agrawal > > Subject: RE: [PATCH v5 3/3] crypto/dpaa2_sec: enable anti replay window > config > Importance: High >=20 > Hi Hemant, > > > > This patch usages the anti replay window size to config the anti > > replay checking in decap path for lookaside IPSEC offload > > > > Signed-off-by: Hemant Agrawal > > --- > > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 24 > +++++++++++++++++++ > > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 6 +++-- > > drivers/crypto/dpaa_sec/dpaa_sec.c | 26 +++++++++++++++++++++ > > drivers/crypto/dpaa_sec/dpaa_sec.h | 6 +++-- > > 4 files changed, 58 insertions(+), 4 deletions(-) > > > > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > index 52e522e4a..6d59e73e9 100644 > > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > @@ -2836,6 +2836,30 @@ dpaa2_sec_set_ipsec_session(struct > > rte_cryptodev *dev, > > sizeof(struct rte_ipv6_hdr) << 16; > > if (ipsec_xform->options.esn) > > decap_pdb.options |=3D PDBOPTS_ESP_ESN; > > + > > + if (ipsec_xform->replay_win_sz) { > > + uint32_t win_sz; > > + win_sz =3D rte_align32pow2(ipsec_xform- > >replay_win_sz); > > + > > + switch (win_sz) { > > + case 1: > > + case 2: > > + case 4: > > + case 8: > > + case 16: > > + case 32: > > + if (ipsec_xform->options.esn) > > + decap_pdb.options |=3D > > PDBOPTS_ESP_ARS64; >=20 > Why is it dependent on ESN? [Hemant] ESN requires to maintain the > 32 bit seq numbers. So there is no = meaning of keeping the windows size as 32 for this case. >=20 > > + else > > + decap_pdb.options |=3D > > PDBOPTS_ESP_ARS32; > > + break; > > + case 64: > > + decap_pdb.options |=3D PDBOPTS_ESP_ARS64; > > + break; > > + default: > > + decap_pdb.options |=3D > PDBOPTS_ESP_ARS128; >=20 > Default case should not set anti replay window like case 0 when we don't > want anti replay. [Hemant] We are choosing to default to 128 bit AR, if the user chooses to = set it > 128. It is implementation choice. >=20 > > + } > > + } > > session->dir =3D DIR_DEC; > > bufsize =3D cnstr_shdsc_ipsec_new_decap(priv- > >flc_desc[0].desc, > > 1, 0, SHR_SERIAL, > > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > > b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > > index 662559422..b97dacbcb 100644 > > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h > > @@ -675,7 +675,8 @@ static const struct rte_security_capability > > dpaa2_sec_security_cap[] =3D { > > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS, > > - .options =3D { 0 } > > + .options =3D { 0 }, > > + .replay_win_sz_max =3D 128 > > }, > > .crypto_capabilities =3D dpaa2_sec_capabilities > > }, > > @@ -686,7 +687,8 @@ static const struct rte_security_capability > > dpaa2_sec_security_cap[] =3D { > > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_INGRESS, > > - .options =3D { 0 } > > + .options =3D { 0 }, > > + .replay_win_sz_max =3D 128 > > }, > > .crypto_capabilities =3D dpaa2_sec_capabilities > > }, > > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c > > b/drivers/crypto/dpaa_sec/dpaa_sec.c > > index 6c186338f..7cfa5f6dc 100644 > > --- a/drivers/crypto/dpaa_sec/dpaa_sec.c > > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c > > @@ -2693,6 +2693,32 @@ dpaa_sec_set_ipsec_session(__rte_unused > struct > > rte_cryptodev *dev, > > sizeof(struct rte_ipv6_hdr) << 16; > > if (ipsec_xform->options.esn) > > session->decap_pdb.options |=3D PDBOPTS_ESP_ESN; > > + if (ipsec_xform->replay_win_sz) { > > + uint32_t win_sz; > > + win_sz =3D rte_align32pow2(ipsec_xform- > >replay_win_sz); > > + > > + switch (win_sz) { > > + case 1: > > + case 2: > > + case 4: > > + case 8: > > + case 16: > > + case 32: > > + if (ipsec_xform->options.esn) > > + session->decap_pdb.options |=3D > > + > PDBOPTS_ESP_ARS64; > > + else > > + session->decap_pdb.options |=3D > > + > PDBOPTS_ESP_ARS32; > > + break; > > + case 64: > > + session->decap_pdb.options |=3D > > PDBOPTS_ESP_ARS64; > > + break; > > + default: > > + session->decap_pdb.options |=3D > > + > PDBOPTS_ESP_ARS128; > > + } > > + } > > session->dir =3D DIR_DEC; > > } else > > goto out; > > diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h > > b/drivers/crypto/dpaa_sec/dpaa_sec.h > > index c10ec1007..684950d6d 100644 > > --- a/drivers/crypto/dpaa_sec/dpaa_sec.h > > +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h > > @@ -692,7 +692,8 @@ static const struct rte_security_capability > > dpaa_sec_security_cap[] =3D { > > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_EGRESS, > > - .options =3D { 0 } > > + .options =3D { 0 }, > > + .replay_win_sz_max =3D 128 > > }, > > .crypto_capabilities =3D dpaa_sec_capabilities > > }, > > @@ -703,7 +704,8 @@ static const struct rte_security_capability > > dpaa_sec_security_cap[] =3D { > > .proto =3D RTE_SECURITY_IPSEC_SA_PROTO_ESP, > > .mode =3D RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, > > .direction =3D RTE_SECURITY_IPSEC_SA_DIR_INGRESS, > > - .options =3D { 0 } > > + .options =3D { 0 }, > > + .replay_win_sz_max =3D 128 > > }, > > .crypto_capabilities =3D dpaa_sec_capabilities > > }, > > -- > > 2.17.1