From patchwork Thu Dec 16 17:49:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 105191 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 71358A0032; Thu, 16 Dec 2021 18:55:31 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BF75E41154; Thu, 16 Dec 2021 18:55:05 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E1FF44114D for ; Thu, 16 Dec 2021 18:55:03 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1BGENSPe008296 for ; Thu, 16 Dec 2021 09:55:03 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=FGKHc5xs89UyCm9iDrLL+wB81Sx4kq5iIcBxjTB7B+o=; b=PJOxziTQdYV8gucEEwVasRblLAg0rIp2Y896FU8nfvo94+HtoYQmZWqYIaS3rSkc18T0 2+LZQvLcrIg1ZePO961tu6OTSxXS5Wi1uHKaI2KAFfe8sLN05LQFj5t5/zAgxdlebCui aa46saNshk9h5a4beBzYKScEVRcrGYgzFegvlrGHvuVJE7QGuc8CAjz3BKtPT8mebKwn h7bbfz67PrX/nyol0HWlnoZ2FjO2GnUENmxfp3nOLnNSCfWhh+vRvo/rUm5DrnZMLIEd 6MruG+bs41+By9HH/zSHWz5J5NptmvFkmN7CLVQjhh1vI4dDcdHugxM/mFNzOwCpnV2a 4Q== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3d02p0af5k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 16 Dec 2021 09:55:03 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 16 Dec 2021 09:55:01 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 16 Dec 2021 09:55:01 -0800 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id A12DB3F7048; Thu, 16 Dec 2021 09:54:57 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Archana Muniganti , Tejasree Kondoj , Subject: [PATCH v2 27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode Date: Thu, 16 Dec 2021 23:19:33 +0530 Message-ID: <1639676975-1316-28-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1639676975-1316-1-git-send-email-anoobj@marvell.com> References: <1638859858-734-1-git-send-email-anoobj@marvell.com> <1639676975-1316-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: rORlo_oku_BXX4C6xaOanXSZRGWBGuRD X-Proofpoint-ORIG-GUID: rORlo_oku_BXX4C6xaOanXSZRGWBGuRD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2021-12-16_06,2021-12-16_01,2021-12-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Archana Muniganti For cn9k, use HW GEN IV as default and add per pkt IV in lookaside IPsec debug mode. Debug mode helps to verify lookaside PMD using known outbound vectors in lookaside autotest. Signed-off-by: Archana Muniganti --- drivers/common/cnxk/roc_ie_on.h | 7 +++++ drivers/crypto/cnxk/cn9k_ipsec.c | 34 +++++++++++++++++------ drivers/crypto/cnxk/cn9k_ipsec.h | 2 ++ drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 14 +++++++--- drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 2 ++ 5 files changed, 47 insertions(+), 12 deletions(-) diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h index cb56a70..aaad872 100644 --- a/drivers/common/cnxk/roc_ie_on.h +++ b/drivers/common/cnxk/roc_ie_on.h @@ -22,6 +22,8 @@ enum roc_ie_on_ucc_ipsec { /* Helper macros */ #define ROC_IE_ON_INB_RPTR_HDR 0x8 +#define ROC_IE_ON_MAX_IV_LEN 16 +#define ROC_IE_ON_PER_PKT_IV BIT(43) enum { ROC_IE_ON_SA_ENC_NULL = 0, @@ -55,6 +57,11 @@ enum { ROC_IE_ON_SA_ENCAP_UDP = 1, }; +enum { + ROC_IE_ON_IV_SRC_HW_GEN_DEFAULT = 0, + ROC_IE_ON_IV_SRC_FROM_DPTR = 1, +}; + struct roc_ie_on_outb_hdr { uint32_t ip_id; uint32_t seq; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 62b9c26..9f876f7 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -426,13 +426,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, ctx_len += RTE_ALIGN_CEIL(ctx_len, 8); - if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - sa->cipher_iv_off = crypto_xform->aead.iv.offset; - sa->cipher_iv_len = crypto_xform->aead.iv.length; - } else { - sa->cipher_iv_off = crypto_xform->cipher.iv.offset; - sa->cipher_iv_len = crypto_xform->cipher.iv.length; - + if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) { auth_key = auth_xform->auth.key.data; auth_key_len = auth_xform->auth.key.length; @@ -465,7 +459,31 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, param1.u16 = 0; param1.s.ikev2 = 1; - param1.s.per_pkt_iv = 1; + + sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr) - + ROC_IE_ON_MAX_IV_LEN; + +#ifdef LA_IPSEC_DEBUG + /* Use IV from application in debug mode */ + if (ipsec->options.iv_gen_disable == 1) { + param1.s.per_pkt_iv = ROC_IE_ON_IV_SRC_FROM_DPTR; + sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr); + + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->cipher_iv_off = crypto_xform->aead.iv.offset; + sa->cipher_iv_len = crypto_xform->aead.iv.length; + } else { + sa->cipher_iv_off = crypto_xform->cipher.iv.offset; + sa->cipher_iv_len = crypto_xform->cipher.iv.length; + } + } +#else + if (ipsec->options.iv_gen_disable != 0) { + plt_err("Application provided IV is not supported"); + return -ENOTSUP; + } +#endif + w4.s.param1 = param1.u16; inst_tmpl->w4 = w4.u64; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h index fc440d5..f3acad5 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.h +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -24,6 +24,8 @@ struct cn9k_ipsec_sa { uint16_t cipher_iv_off; /** Cipher IV length in bytes */ uint8_t cipher_iv_len; + /** Outbound custom header length */ + uint8_t custom_hdr_len; /** Response length calculation data */ struct cnxk_ipsec_outb_rlens rlens; /** Outbound IP-ID */ diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h index 2b0261e..9a1e217 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h @@ -74,7 +74,7 @@ static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, struct cpt_inst_s *inst) { - const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr); + const unsigned int hdr_len = sa->custom_hdr_len; struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; struct roc_ie_on_outb_sa *out_sa; @@ -103,9 +103,15 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, return -ENOMEM; } - memcpy(&hdr->iv[0], - rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off), - sa->cipher_iv_len); +#ifdef LA_IPSEC_DEBUG + if (sa->inst.w4 & ROC_IE_ON_PER_PKT_IV) { + memcpy(&hdr->iv[0], + rte_crypto_op_ctod_offset(cop, uint8_t *, + sa->cipher_iv_off), + sa->cipher_iv_len); + } +#endif + hdr->seq = rte_cpu_to_be_32(sa->seq_lo); hdr->ip_id = rte_cpu_to_be_32(sa->ip_id); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 457e166..f79e4d7 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1166,7 +1166,9 @@ static void cn9k_sec_caps_update(struct rte_security_capability *sec_cap) { if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { +#ifdef LA_IPSEC_DEBUG sec_cap->ipsec.options.iv_gen_disable = 1; +#endif } }