From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 095ADA04B1;
	Thu,  3 Sep 2020 19:07:50 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 12DE71C0B9;
	Thu,  3 Sep 2020 19:07:44 +0200 (CEST)
Received: from inva020.nxp.com (inva020.nxp.com [92.121.34.13])
 by dpdk.org (Postfix) with ESMTP id 82F4C1BEAF
 for <dev@dpdk.org>; Thu,  3 Sep 2020 19:07:41 +0200 (CEST)
Received: from inva020.nxp.com (localhost [127.0.0.1])
 by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 52E951A03C1;
 Thu,  3 Sep 2020 19:07:41 +0200 (CEST)
Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com
 [165.114.16.14])
 by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 2B2D31A03D9;
 Thu,  3 Sep 2020 19:07:39 +0200 (CEST)
Received: from lsv03273.swis.in-blr01.nxp.com (lsv03273.swis.in-blr01.nxp.com
 [92.120.147.113])
 by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 4E16C402EB;
 Thu,  3 Sep 2020 19:07:36 +0200 (CEST)
From: akhil.goyal@nxp.com
To: dev@dpdk.org
Cc: hemant.agrawal@nxp.com, Akhil Goyal <akhil.goyal@nxp.com>,
 Yi Liu <yi.liu@nxp.com>
Date: Thu,  3 Sep 2020 22:37:33 +0530
Message-Id: <20200903170734.12066-1-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.17.1
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [dpdk-dev] [PATCH 1/2] crypto/dpaa2_sec: increase supported anti
	replay win sz
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Akhil Goyal <akhil.goyal@nxp.com>

In case of LX2160 or SEC ERA >= 10, max anti replay window
size supported is 1024. For all other versions of SEC, the
maximum value is capped at 128 even if application gives
more than that.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Yi Liu <yi.liu@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/ipsec.h  | 48 +++++++++++++++++++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 14 ++++++
 2 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index cf6fa4252..83dd93f58 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
  *
  * Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2020 NXP
  *
  */
 
@@ -119,8 +119,15 @@
 
 /* IPSec ESP Decap PDB options */
 
+/**
+ * PDBOPTS_ESP_ARS_MASK_ERA10 - antireplay window mask
+ * for SEC_ERA >= 10
+ */
+#define PDBOPTS_ESP_ARS_MASK_ERA10	0xc8
+
 /**
  * PDBOPTS_ESP_ARS_MASK - antireplay window mask
+ * for SEC_ERA < 10
  */
 #define PDBOPTS_ESP_ARS_MASK	0xc0
 
@@ -141,6 +148,27 @@
  */
 #define PDBOPTS_ESP_ARS128	0x80
 
+/**
+ * PDBOPTS_ESP_ARS256 - 256-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS256	0x08
+
+/**
+ * PDBOPTS_ESP_ARS512 - 512-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS512	0x48
+
+/**
+ * PDBOPTS_ESP_ARS1024 - 1024-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS1024	0x88
+
 /**
  * PDBOPTS_ESP_ARS32 - 32-entry antireplay window
  */
@@ -439,7 +467,7 @@ struct ipsec_decap_pdb {
 	};
 	uint32_t seq_num_ext_hi;
 	uint32_t seq_num;
-	uint32_t anti_replay[4];
+	uint32_t anti_replay[32];
 };
 
 static inline unsigned int
@@ -449,6 +477,7 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
 {
 	unsigned int start_pc = program->current_pc;
 	unsigned int i, ars;
+	uint8_t mask;
 
 	__rta_out32(program, pdb->options);
 
@@ -486,7 +515,20 @@ __rta_copy_ipsec_decap_pdb(struct program *program,
 	__rta_out32(program, pdb->seq_num_ext_hi);
 	__rta_out32(program, pdb->seq_num);
 
-	switch (pdb->options & PDBOPTS_ESP_ARS_MASK) {
+	if (rta_sec_era < RTA_SEC_ERA_10)
+		mask = PDBOPTS_ESP_ARS_MASK;
+	else
+		mask = PDBOPTS_ESP_ARS_MASK_ERA10;
+	switch (pdb->options & mask) {
+	case PDBOPTS_ESP_ARS1024:
+		ars = 32;
+		break;
+	case PDBOPTS_ESP_ARS512:
+		ars = 16;
+		break;
+	case PDBOPTS_ESP_ARS256:
+		ars = 8;
+		break;
 	case PDBOPTS_ESP_ARS128:
 		ars = 4;
 		break;
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 195c7d894..27c28804f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2996,6 +2996,10 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 			uint32_t win_sz;
 			win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
 
+			if (rta_sec_era < RTA_SEC_ERA_10 && win_sz > 128) {
+				DPAA2_SEC_INFO("Max Anti replay Win sz = 128");
+				win_sz = 128;
+			}
 			switch (win_sz) {
 			case 1:
 			case 2:
@@ -3008,6 +3012,16 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 			case 64:
 				decap_pdb.options |= PDBOPTS_ESP_ARS64;
 				break;
+			case 256:
+				decap_pdb.options |= PDBOPTS_ESP_ARS256;
+				break;
+			case 512:
+				decap_pdb.options |= PDBOPTS_ESP_ARS512;
+				break;
+			case 1024:
+				decap_pdb.options |= PDBOPTS_ESP_ARS1024;
+				break;
+			case 128:
 			default:
 				decap_pdb.options |= PDBOPTS_ESP_ARS128;
 			}
-- 
2.17.1