From: akhil.goyal@nxp.com
To: dev@dpdk.org
Cc: hemant.agrawal@nxp.com, Akhil Goyal <akhil.goyal@nxp.com>,
Yi Liu <yi.liu@nxp.com>
Subject: [dpdk-dev] [PATCH 1/2] crypto/dpaa2_sec: increase supported anti replay win sz
Date: Thu, 3 Sep 2020 22:37:33 +0530 [thread overview]
Message-ID: <20200903170734.12066-1-akhil.goyal@nxp.com> (raw)
From: Akhil Goyal <akhil.goyal@nxp.com>
In case of LX2160 or SEC ERA >= 10, max anti replay window
size supported is 1024. For all other versions of SEC, the
maximum value is capped at 128 even if application gives
more than that.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Yi Liu <yi.liu@nxp.com>
---
drivers/common/dpaax/caamflib/desc/ipsec.h | 48 +++++++++++++++++++--
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 14 ++++++
2 files changed, 59 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index cf6fa4252..83dd93f58 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2020 NXP
*
*/
@@ -119,8 +119,15 @@
/* IPSec ESP Decap PDB options */
+/**
+ * PDBOPTS_ESP_ARS_MASK_ERA10 - antireplay window mask
+ * for SEC_ERA >= 10
+ */
+#define PDBOPTS_ESP_ARS_MASK_ERA10 0xc8
+
/**
* PDBOPTS_ESP_ARS_MASK - antireplay window mask
+ * for SEC_ERA < 10
*/
#define PDBOPTS_ESP_ARS_MASK 0xc0
@@ -141,6 +148,27 @@
*/
#define PDBOPTS_ESP_ARS128 0x80
+/**
+ * PDBOPTS_ESP_ARS256 - 256-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS256 0x08
+
+/**
+ * PDBOPTS_ESP_ARS512 - 512-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS512 0x48
+
+/**
+ * PDBOPTS_ESP_ARS1024 - 1024-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS1024 0x88
+
/**
* PDBOPTS_ESP_ARS32 - 32-entry antireplay window
*/
@@ -439,7 +467,7 @@ struct ipsec_decap_pdb {
};
uint32_t seq_num_ext_hi;
uint32_t seq_num;
- uint32_t anti_replay[4];
+ uint32_t anti_replay[32];
};
static inline unsigned int
@@ -449,6 +477,7 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
{
unsigned int start_pc = program->current_pc;
unsigned int i, ars;
+ uint8_t mask;
__rta_out32(program, pdb->options);
@@ -486,7 +515,20 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
__rta_out32(program, pdb->seq_num_ext_hi);
__rta_out32(program, pdb->seq_num);
- switch (pdb->options & PDBOPTS_ESP_ARS_MASK) {
+ if (rta_sec_era < RTA_SEC_ERA_10)
+ mask = PDBOPTS_ESP_ARS_MASK;
+ else
+ mask = PDBOPTS_ESP_ARS_MASK_ERA10;
+ switch (pdb->options & mask) {
+ case PDBOPTS_ESP_ARS1024:
+ ars = 32;
+ break;
+ case PDBOPTS_ESP_ARS512:
+ ars = 16;
+ break;
+ case PDBOPTS_ESP_ARS256:
+ ars = 8;
+ break;
case PDBOPTS_ESP_ARS128:
ars = 4;
break;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 195c7d894..27c28804f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2996,6 +2996,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
uint32_t win_sz;
win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
+ if (rta_sec_era < RTA_SEC_ERA_10 && win_sz > 128) {
+ DPAA2_SEC_INFO("Max Anti replay Win sz = 128");
+ win_sz = 128;
+ }
switch (win_sz) {
case 1:
case 2:
@@ -3008,6 +3012,16 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
case 64:
decap_pdb.options |= PDBOPTS_ESP_ARS64;
break;
+ case 256:
+ decap_pdb.options |= PDBOPTS_ESP_ARS256;
+ break;
+ case 512:
+ decap_pdb.options |= PDBOPTS_ESP_ARS512;
+ break;
+ case 1024:
+ decap_pdb.options |= PDBOPTS_ESP_ARS1024;
+ break;
+ case 128:
default:
decap_pdb.options |= PDBOPTS_ESP_ARS128;
}
--
2.17.1
next reply other threads:[~2020-09-03 17:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-03 17:07 akhil.goyal [this message]
2020-09-03 17:07 ` [dpdk-dev] [PATCH 2/2] crypto/dpaa2_sec: change descriptor sharing for ERA10 akhil.goyal
2020-09-14 14:05 ` Hemant Agrawal
2020-09-14 14:03 ` [dpdk-dev] [PATCH 1/2] crypto/dpaa2_sec: increase supported anti replay win sz Hemant Agrawal
2020-10-09 19:27 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200903170734.12066-1-akhil.goyal@nxp.com \
--to=akhil.goyal@nxp.com \
--cc=dev@dpdk.org \
--cc=hemant.agrawal@nxp.com \
--cc=yi.liu@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).