From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v3 27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode
Date: Fri, 17 Dec 2021 14:50:09 +0530 [thread overview]
Message-ID: <1639732811-1440-28-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1639732811-1440-1-git-send-email-anoobj@marvell.com>
From: Archana Muniganti <marchana@marvell.com>
For cn9k, use HW GEN IV as default and add per pkt IV
in lookaside IPsec debug mode. Debug mode helps to verify
lookaside PMD using known outbound vectors in lookaside
autotest.
Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
drivers/common/cnxk/roc_ie_on.h | 7 +++++
drivers/crypto/cnxk/cn9k_ipsec.c | 34 +++++++++++++++++------
drivers/crypto/cnxk/cn9k_ipsec.h | 2 ++
drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 14 +++++++---
drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 2 ++
5 files changed, 47 insertions(+), 12 deletions(-)
diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h
index cb56a70..aaad872 100644
--- a/drivers/common/cnxk/roc_ie_on.h
+++ b/drivers/common/cnxk/roc_ie_on.h
@@ -22,6 +22,8 @@ enum roc_ie_on_ucc_ipsec {
/* Helper macros */
#define ROC_IE_ON_INB_RPTR_HDR 0x8
+#define ROC_IE_ON_MAX_IV_LEN 16
+#define ROC_IE_ON_PER_PKT_IV BIT(43)
enum {
ROC_IE_ON_SA_ENC_NULL = 0,
@@ -55,6 +57,11 @@ enum {
ROC_IE_ON_SA_ENCAP_UDP = 1,
};
+enum {
+ ROC_IE_ON_IV_SRC_HW_GEN_DEFAULT = 0,
+ ROC_IE_ON_IV_SRC_FROM_DPTR = 1,
+};
+
struct roc_ie_on_outb_hdr {
uint32_t ip_id;
uint32_t seq;
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 62b9c26..9f876f7 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -426,13 +426,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
ctx_len += RTE_ALIGN_CEIL(ctx_len, 8);
- if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
- sa->cipher_iv_off = crypto_xform->aead.iv.offset;
- sa->cipher_iv_len = crypto_xform->aead.iv.length;
- } else {
- sa->cipher_iv_off = crypto_xform->cipher.iv.offset;
- sa->cipher_iv_len = crypto_xform->cipher.iv.length;
-
+ if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
auth_key = auth_xform->auth.key.data;
auth_key_len = auth_xform->auth.key.length;
@@ -465,7 +459,31 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
param1.u16 = 0;
param1.s.ikev2 = 1;
- param1.s.per_pkt_iv = 1;
+
+ sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr) -
+ ROC_IE_ON_MAX_IV_LEN;
+
+#ifdef LA_IPSEC_DEBUG
+ /* Use IV from application in debug mode */
+ if (ipsec->options.iv_gen_disable == 1) {
+ param1.s.per_pkt_iv = ROC_IE_ON_IV_SRC_FROM_DPTR;
+ sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr);
+
+ if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ sa->cipher_iv_off = crypto_xform->aead.iv.offset;
+ sa->cipher_iv_len = crypto_xform->aead.iv.length;
+ } else {
+ sa->cipher_iv_off = crypto_xform->cipher.iv.offset;
+ sa->cipher_iv_len = crypto_xform->cipher.iv.length;
+ }
+ }
+#else
+ if (ipsec->options.iv_gen_disable != 0) {
+ plt_err("Application provided IV is not supported");
+ return -ENOTSUP;
+ }
+#endif
+
w4.s.param1 = param1.u16;
inst_tmpl->w4 = w4.u64;
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h
index fc440d5..f3acad5 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec.h
@@ -24,6 +24,8 @@ struct cn9k_ipsec_sa {
uint16_t cipher_iv_off;
/** Cipher IV length in bytes */
uint8_t cipher_iv_len;
+ /** Outbound custom header length */
+ uint8_t custom_hdr_len;
/** Response length calculation data */
struct cnxk_ipsec_outb_rlens rlens;
/** Outbound IP-ID */
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 2b0261e..9a1e217 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -74,7 +74,7 @@ static __rte_always_inline int
process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,
struct cpt_inst_s *inst)
{
- const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr);
+ const unsigned int hdr_len = sa->custom_hdr_len;
struct rte_crypto_sym_op *sym_op = cop->sym;
struct rte_mbuf *m_src = sym_op->m_src;
struct roc_ie_on_outb_sa *out_sa;
@@ -103,9 +103,15 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,
return -ENOMEM;
}
- memcpy(&hdr->iv[0],
- rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off),
- sa->cipher_iv_len);
+#ifdef LA_IPSEC_DEBUG
+ if (sa->inst.w4 & ROC_IE_ON_PER_PKT_IV) {
+ memcpy(&hdr->iv[0],
+ rte_crypto_op_ctod_offset(cop, uint8_t *,
+ sa->cipher_iv_off),
+ sa->cipher_iv_len);
+ }
+#endif
+
hdr->seq = rte_cpu_to_be_32(sa->seq_lo);
hdr->ip_id = rte_cpu_to_be_32(sa->ip_id);
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 457e166..f79e4d7 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1166,7 +1166,9 @@ static void
cn9k_sec_caps_update(struct rte_security_capability *sec_cap)
{
if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+#ifdef LA_IPSEC_DEBUG
sec_cap->ipsec.options.iv_gen_disable = 1;
+#endif
}
}
--
2.7.4
next prev parent reply other threads:[~2021-12-17 9:23 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-07 6:50 [PATCH 00/25] New features and improvements in cnxk crypto PMD Anoob Joseph
2021-12-07 6:50 ` [PATCH 01/25] common/cnxk: define minor opcodes for MISC opcode Anoob Joseph
2021-12-07 6:50 ` [PATCH 02/25] common/cnxk: add aes-xcbc key derive Anoob Joseph
2021-12-07 6:50 ` [PATCH 03/25] common/cnxk: add bit fields for params Anoob Joseph
2021-12-07 6:50 ` [PATCH 04/25] common/cnxk: fix reset of fields Anoob Joseph
2021-12-07 6:50 ` [PATCH 05/25] common/cnxk: verify input args Anoob Joseph
2021-12-07 6:50 ` [PATCH 06/25] crypto/cnxk: only enable queues that are allocated Anoob Joseph
2021-12-07 6:50 ` [PATCH 07/25] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Anoob Joseph
2021-12-07 6:50 ` [PATCH 08/25] crypto/cnxk: clear session data before populating Anoob Joseph
2021-12-07 6:50 ` [PATCH 09/25] crypto/cnxk: update max sec crypto caps Anoob Joseph
2021-12-07 6:50 ` [PATCH 10/25] crypto/cnxk: write CPT CTX through microcode op Anoob Joseph
2021-12-07 6:50 ` [PATCH 11/25] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Anoob Joseph
2021-12-07 6:50 ` [PATCH 12/25] crypto/cnxk: account for CPT CTX updates and flush delays Anoob Joseph
2021-12-07 6:50 ` [PATCH 13/25] crypto/cnxk: use struct sizes for ctx writes Anoob Joseph
2021-12-07 6:50 ` [PATCH 14/25] crypto/cnxk: add security session stats get Anoob Joseph
2021-12-07 6:50 ` [PATCH 15/25] crypto/cnxk: add skip for unsupported cases Anoob Joseph
2021-12-07 6:50 ` [PATCH 16/25] crypto/cnxk: add context reload for IV Anoob Joseph
2021-12-07 6:50 ` [PATCH 17/25] crypto/cnxk: handle null chained ops Anoob Joseph
2021-12-07 6:50 ` [PATCH 18/25] crypto/cnxk: fix inflight cnt calculation Anoob Joseph
2021-12-07 6:50 ` [PATCH 19/25] crypto/cnxk: use atomics to access cpt res Anoob Joseph
2021-12-07 6:50 ` [PATCH 20/25] crypto/cnxk: add more info on command timeout Anoob Joseph
2021-12-07 6:50 ` [PATCH 21/25] crypto/cnxk: support lookaside IPsec AES-CTR Anoob Joseph
2021-12-07 6:50 ` [PATCH 22/25] crypto/cnxk: fix extend tail calculation Anoob Joseph
2021-12-07 6:50 ` [PATCH 23/25] crypto/cnxk: add aes xcbc and null cipher Anoob Joseph
2021-12-07 6:50 ` [PATCH 24/25] crypto/cnxk: add copy and set DF Anoob Joseph
2021-12-07 6:50 ` [PATCH 25/25] crypto/cnxk: add aes cmac Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 00/29] New features and improvements in cnxk crypto PMD Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 01/29] common/cnxk: define minor opcodes for MISC opcode Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 02/29] common/cnxk: add aes-xcbc key derive Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 03/29] common/cnxk: add bit fields for params Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 04/29] common/cnxk: fix reset of fields Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 05/29] common/cnxk: verify input args Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 06/29] common/cnxk: update completion code Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 07/29] crypto/cnxk: only enable queues that are allocated Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 08/29] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 09/29] crypto/cnxk: clear session data before populating Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 10/29] crypto/cnxk: update max sec crypto caps Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 11/29] crypto/cnxk: write CPT CTX through microcode op Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 12/29] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 13/29] crypto/cnxk: account for CPT CTX updates and flush delays Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 14/29] crypto/cnxk: use struct sizes for ctx writes Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 15/29] crypto/cnxk: add security session stats get Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 16/29] crypto/cnxk: add skip for unsupported cases Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 17/29] crypto/cnxk: add context reload for IV Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 18/29] crypto/cnxk: handle null chained ops Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 19/29] crypto/cnxk: fix inflight cnt calculation Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 20/29] crypto/cnxk: use atomics to access CPT res Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 21/29] crypto/cnxk: add more info on command timeout Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 22/29] crypto/cnxk: support lookaside IPsec AES-CTR Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 23/29] crypto/cnxk: fix extend tail calculation Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 24/29] crypto/cnxk: add aes xcbc and null cipher Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 25/29] crypto/cnxk: add copy and set DF Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 26/29] crypto/cnxk: add aes cmac Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 28/29] crypto/cnxk: enable copy dscp Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 29/29] crypto/cnxk: update microcode completion handling Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 00/29] New features and improvements in cnxk crypto PMD Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 01/29] common/cnxk: define minor opcodes for MISC opcode Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 02/29] common/cnxk: add aes-xcbc key derive Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 03/29] common/cnxk: add bit fields for params Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 04/29] common/cnxk: fix reset of fields Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 05/29] common/cnxk: verify input args Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 06/29] common/cnxk: update completion code Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 07/29] crypto/cnxk: only enable queues that are allocated Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 08/29] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 09/29] crypto/cnxk: clear session data before populating Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 10/29] crypto/cnxk: update max sec crypto caps Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 11/29] crypto/cnxk: write CPT CTX through microcode op Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 12/29] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 13/29] crypto/cnxk: account for CPT CTX updates and flush delays Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 14/29] crypto/cnxk: use struct sizes for ctx writes Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 15/29] crypto/cnxk: add security session stats get Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 16/29] crypto/cnxk: add skip for unsupported cases Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 17/29] crypto/cnxk: add context reload for IV Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 18/29] crypto/cnxk: handle null chained ops Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 19/29] crypto/cnxk: fix inflight cnt calculation Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 20/29] crypto/cnxk: use atomics to access CPT res Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 21/29] crypto/cnxk: add more info on command timeout Anoob Joseph
2022-01-11 15:23 ` Thomas Monjalon
2022-01-21 9:16 ` [EXT] " Akhil Goyal
2022-01-21 10:41 ` Thomas Monjalon
2021-12-17 9:20 ` [PATCH v3 22/29] crypto/cnxk: support lookaside IPsec AES-CTR Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 23/29] crypto/cnxk: fix extend tail calculation Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 24/29] crypto/cnxk: add aes xcbc and null cipher Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 25/29] crypto/cnxk: add copy and set DF Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 26/29] crypto/cnxk: add aes cmac Anoob Joseph
2021-12-17 9:20 ` Anoob Joseph [this message]
2021-12-17 9:20 ` [PATCH v3 28/29] crypto/cnxk: enable copy dscp Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 29/29] crypto/cnxk: update microcode completion handling Anoob Joseph
2021-12-24 12:43 ` [PATCH v3 00/29] New features and improvements in cnxk crypto PMD Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1639732811-1440-28-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).