From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B3879A0352; Fri, 17 Dec 2021 10:23:14 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 43EDF41148; Fri, 17 Dec 2021 10:22:05 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E0CCD4111B for ; Fri, 17 Dec 2021 10:22:03 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1BH3l1x8015014 for ; Fri, 17 Dec 2021 01:22:03 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=FGKHc5xs89UyCm9iDrLL+wB81Sx4kq5iIcBxjTB7B+o=; b=BSz9jjmaL6kRZ1lFm/1jtjeYHzpg51mzCsNUKXZL1Vq6EzyioESEObyAH3GOQvt5RGu0 rw9jxHi8vrrHFEQ1TiWFbKzaLgB43vqxGmc2Ri38JJdGOrYFUJ1d0Ztas1Pw3uqniz53 Vmuou6hV74pZ5BSVzh9+UFSaOlnfVAkx7VP1yNUrgbs4Mq3e/Kobto/ZJkdGHnwf4CQu fUJ0XQ/QsHrygCIGU64p5FoHSrtEIhelMD26rvDGSKicds/oy63SWZPs2jgsN/lnQVHO WWfaZW//r7v+No4dhQZ7gMOsaYzKzaw1U5ijoaYQY8IeSVHAqBwIquXfawhfMpPcv/LI hg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3d0b372tgw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Fri, 17 Dec 2021 01:22:03 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 17 Dec 2021 01:22:01 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 17 Dec 2021 01:22:01 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 4F0863F70A3; Fri, 17 Dec 2021 01:21:59 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Archana Muniganti , Tejasree Kondoj , Subject: [PATCH v3 27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode Date: Fri, 17 Dec 2021 14:50:09 +0530 Message-ID: <1639732811-1440-28-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1639732811-1440-1-git-send-email-anoobj@marvell.com> References: <1639676975-1316-1-git-send-email-anoobj@marvell.com> <1639732811-1440-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: DWTqOqV8DowTGzlZuvIJwbSjtDnlvrEU X-Proofpoint-GUID: DWTqOqV8DowTGzlZuvIJwbSjtDnlvrEU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-17_03,2021-12-16_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Archana Muniganti For cn9k, use HW GEN IV as default and add per pkt IV in lookaside IPsec debug mode. Debug mode helps to verify lookaside PMD using known outbound vectors in lookaside autotest. Signed-off-by: Archana Muniganti --- drivers/common/cnxk/roc_ie_on.h | 7 +++++ drivers/crypto/cnxk/cn9k_ipsec.c | 34 +++++++++++++++++------ drivers/crypto/cnxk/cn9k_ipsec.h | 2 ++ drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 14 +++++++--- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 2 ++ 5 files changed, 47 insertions(+), 12 deletions(-) diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h index cb56a70..aaad872 100644 --- a/drivers/common/cnxk/roc_ie_on.h +++ b/drivers/common/cnxk/roc_ie_on.h @@ -22,6 +22,8 @@ enum roc_ie_on_ucc_ipsec { /* Helper macros */ #define ROC_IE_ON_INB_RPTR_HDR 0x8 +#define ROC_IE_ON_MAX_IV_LEN 16 +#define ROC_IE_ON_PER_PKT_IV BIT(43) enum { ROC_IE_ON_SA_ENC_NULL = 0, @@ -55,6 +57,11 @@ enum { ROC_IE_ON_SA_ENCAP_UDP = 1, }; +enum { + ROC_IE_ON_IV_SRC_HW_GEN_DEFAULT = 0, + ROC_IE_ON_IV_SRC_FROM_DPTR = 1, +}; + struct roc_ie_on_outb_hdr { uint32_t ip_id; uint32_t seq; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 62b9c26..9f876f7 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -426,13 +426,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, ctx_len += RTE_ALIGN_CEIL(ctx_len, 8); - if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - sa->cipher_iv_off = crypto_xform->aead.iv.offset; - sa->cipher_iv_len = crypto_xform->aead.iv.length; - } else { - sa->cipher_iv_off = crypto_xform->cipher.iv.offset; - sa->cipher_iv_len = crypto_xform->cipher.iv.length; - + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) { auth_key = auth_xform->auth.key.data; auth_key_len = auth_xform->auth.key.length; @@ -465,7 +459,31 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, param1.u16 = 0; param1.s.ikev2 = 1; - param1.s.per_pkt_iv = 1; + + sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr) - + ROC_IE_ON_MAX_IV_LEN; + +#ifdef LA_IPSEC_DEBUG + /* Use IV from application in debug mode */ + if (ipsec->options.iv_gen_disable == 1) { + param1.s.per_pkt_iv = ROC_IE_ON_IV_SRC_FROM_DPTR; + sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr); + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->cipher_iv_off = crypto_xform->aead.iv.offset; + sa->cipher_iv_len = crypto_xform->aead.iv.length; + } else { + sa->cipher_iv_off = crypto_xform->cipher.iv.offset; + sa->cipher_iv_len = crypto_xform->cipher.iv.length; + } + } +#else + if (ipsec->options.iv_gen_disable != 0) { + plt_err("Application provided IV is not supported"); + return -ENOTSUP; + } +#endif + w4.s.param1 = param1.u16; inst_tmpl->w4 = w4.u64; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h index fc440d5..f3acad5 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.h +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -24,6 +24,8 @@ struct cn9k_ipsec_sa { uint16_t cipher_iv_off; /** Cipher IV length in bytes */ uint8_t cipher_iv_len; + /** Outbound custom header length */ + uint8_t custom_hdr_len; /** Response length calculation data */ struct cnxk_ipsec_outb_rlens rlens; /** Outbound IP-ID */ diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h index 2b0261e..9a1e217 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h @@ -74,7 +74,7 @@ static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, struct cpt_inst_s *inst) { - const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr); + const unsigned int hdr_len = sa->custom_hdr_len; struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; struct roc_ie_on_outb_sa *out_sa; @@ -103,9 +103,15 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, return -ENOMEM; } - memcpy(&hdr->iv[0], - rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off), - sa->cipher_iv_len); +#ifdef LA_IPSEC_DEBUG + if (sa->inst.w4 & ROC_IE_ON_PER_PKT_IV) { + memcpy(&hdr->iv[0], + rte_crypto_op_ctod_offset(cop, uint8_t *, + sa->cipher_iv_off), + sa->cipher_iv_len); + } +#endif + hdr->seq = rte_cpu_to_be_32(sa->seq_lo); hdr->ip_id = rte_cpu_to_be_32(sa->ip_id); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 457e166..f79e4d7 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1166,7 +1166,9 @@ static void cn9k_sec_caps_update(struct rte_security_capability *sec_cap) { if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { +#ifdef LA_IPSEC_DEBUG sec_cap->ipsec.options.iv_gen_disable = 1; +#endif } } -- 2.7.4