From patchwork Thu Oct 28 16:52:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 103192 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 30411A0547; Thu, 28 Oct 2021 18:52:48 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C4909410FA; Thu, 28 Oct 2021 18:52:45 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 82A3B410F7 for ; Thu, 28 Oct 2021 18:52:44 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA5XK1022095 for ; Thu, 28 Oct 2021 09:52:43 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=cWAq6xKNxzG6b/ElOmp527NoIqtFITW2ZBtU8AENVyI=; b=jQY+si5d5JVgknW7fs3e9NgpSqwT8iTkPHG249zo6u3vBefjbt4FqiNUnLypBUQS/AOZ kleH6+EyD4g+yi+v8n/lkvDh9JGaQd1Xsvh0JJW2Onv+zZCqgkalEbpYbSiEyYDuszr3 EQSLahpsdJxDuF1OnT0fYrvLi+ht0lIoBwBm/vJAvSbfTIUZu56XeVqZnFgOgu7c3vHe pct9EN+M+SH05Dv0FLWkvqvk3qiCJTautIOr3ffV9q/w73gwgGGD+sHS29EZzoY+rW0f XP+8WhFnTC4jcpdVtkI86378A0rfBNs9ogiZbQdgYe2iikhCjRRg4IBFa4gz4XYH08mX xA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3byd2fcpx2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 28 Oct 2021 09:52:42 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 28 Oct 2021 09:52:40 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 28 Oct 2021 09:52:40 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id B99673F7065; Thu, 28 Oct 2021 09:52:38 -0700 (PDT) From: Archana Muniganti To: CC: Anoob Joseph , , , Date: Thu, 28 Oct 2021 22:22:23 +0530 Message-ID: <20211028165228.14603-2-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20211028165228.14603-1-marchana@marvell.com> References: <20211028165228.14603-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Q9Bw7_jyLS4LQmTusfCCZfqdMsVkR5z4 X-Proofpoint-GUID: Q9Bw7_jyLS4LQmTusfCCZfqdMsVkR5z4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 1/6] common/cnxk: add null auth with IPsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Anoob Joseph Add support for null auth with IPsec operations on cn10k. Signed-off-by: Anoob Joseph --- drivers/common/cnxk/cnxk_security.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index ae3baf62ca..30562b46e3 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -116,8 +116,18 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, } switch (auth_xfrm->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + w2->s.auth_type = ROC_IE_OT_SA_AUTH_NULL; + break; case RTE_CRYPTO_AUTH_SHA1_HMAC: w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1; + ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); + + tmp_key = (uint64_t *)hmac_opad_ipad; + for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / + sizeof(uint64_t)); + i++) + tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); break; default: return -ENOTSUP; @@ -125,14 +135,6 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, key = cipher_xfrm->cipher.key.data; length = cipher_xfrm->cipher.key.length; - - ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad); - - tmp_key = (uint64_t *)hmac_opad_ipad; - for (i = 0; - i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); - i++) - tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]); } /* Set encapsulation type */ From patchwork Thu Oct 28 16:52:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 103193 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2199BA0547; Thu, 28 Oct 2021 18:52:54 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BFEC54111E; Thu, 28 Oct 2021 18:52:46 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 03E91410F7 for ; Thu, 28 Oct 2021 18:52:44 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA5XK2022095 for ; Thu, 28 Oct 2021 09:52:44 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=wimWGlY6plyEp6MjA95wzVfW4xI0xJ6ka4rWlFIMUjo=; b=PKMokSy0qnGxX5ruNOqA/g4cuCGMnDPzL8YKshMWE6CvxPoAlANINo7LSsWUFB1mz8rz IkSDRQYy5SY2YgLCyfjsWSEoXTJcyk1pmZYQxl+ZVQwg+kmKjtseFHmY1mAeSA2iI7CC 0FrJLFIvpX/koyC+kmE5bESHX//oES4bODJV25pkI0kEvKSWp9TB30PUuBhduizxr1+4 IIiO353CfPH3RCbw6mU84xF0VOAxa2YUpD5rhgZw+3zBBDQ9sGhCLKKOWP92goP/Ucls S9ulI3sMDx0E9P5zOK7GQoFaX+5Zsfgt8Av15fy9Emy+AYVBQPIJ0+U53IrpNZFlCKOm 9g== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3byd2fcpx2-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 28 Oct 2021 09:52:44 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 28 Oct 2021 09:52:42 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 28 Oct 2021 09:52:42 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id DDB903F705F; Thu, 28 Oct 2021 09:52:40 -0700 (PDT) From: Archana Muniganti To: CC: Anoob Joseph , , , Date: Thu, 28 Oct 2021 22:22:24 +0530 Message-ID: <20211028165228.14603-3-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20211028165228.14603-1-marchana@marvell.com> References: <20211028165228.14603-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Keg8Ou6YmiU2dgaJqFCgrl76FLwI8GZE X-Proofpoint-GUID: Keg8Ou6YmiU2dgaJqFCgrl76FLwI8GZE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 2/6] crypto/cnxk: add null auth X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Anoob Joseph Add null auth support with lookaside IPsec on cn10k crypto PMDs. Signed-off-by: Anoob Joseph --- doc/guides/cryptodevs/cnxk.rst | 1 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/crypto/cnxk/cn9k_ipsec.c | 6 +++-- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 24 +++++++++++++++++++ drivers/crypto/cnxk/cnxk_ipsec.h | 3 +++ 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index b5b6645008..709da56ca8 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -258,4 +258,5 @@ CN10XX Features supported * Transport mode * UDP Encapsulation * AES-128/192/256-GCM +* AES-128/192/256-CBC-NULL * AES-128/192/256-CBC-SHA1-HMAC diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 2df443e39f..6cc7b2579e 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -212,6 +212,7 @@ New Features * Added support for ZUC algorithm with 256-bit key length for CN10K. * Added support for CN98xx dual block. * Added inner checksum support in lookaside protocol (IPsec) for CN10K. + * Added AES-CBC NULL auth support in lookaside protocol (IPsec) for CN10K. * **Added support for event crypto adapter on Marvell CN10K and CN9K.** diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 53fb793654..a43864df0d 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -316,7 +316,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, if (ret) return ret; - if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM) { + if (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM || + ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL) { template = &out_sa->aes_gcm.template; ctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template); } else if (ctl->auth_type == ROC_IE_ON_SA_AUTH_SHA1) { @@ -449,7 +450,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, if (ret) return ret; - if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD || + auth_xform->auth.algo == RTE_CRYPTO_AUTH_NULL) { ctx_len = offsetof(struct roc_ie_on_inb_sa, sha1_or_gcm.hmac_key[0]); } else { diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index a53b489a04..19d75a63c6 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -930,6 +930,27 @@ sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos, *cur_pos += nb_caps; } +static void +cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[], + int *cur_pos) +{ + const struct rte_cryptodev_capabilities *cap; + unsigned int i; + + if ((CNXK_CPT_MAX_CAPS - *cur_pos) < 1) + return; + + /* NULL auth */ + for (i = 0; i < RTE_DIM(caps_null); i++) { + cap = &caps_null[i]; + if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH && + cap->sym.auth.algo == RTE_CRYPTO_AUTH_NULL) { + cnxk_caps[*cur_pos] = caps_null[i]; + *cur_pos += 1; + } + } +} + static void sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], union cpt_eng_caps *hw_caps) @@ -939,6 +960,9 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes); SEC_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, sha1_sha2); + if (roc_model_is_cn10k()) + cn10k_sec_crypto_caps_update(cnxk_caps, &cur_pos); + sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); } diff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h index ff396179ca..dddb414793 100644 --- a/drivers/crypto/cnxk/cnxk_ipsec.h +++ b/drivers/crypto/cnxk/cnxk_ipsec.h @@ -40,6 +40,9 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) { uint16_t keylen = crypto_xform->auth.key.length; + if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_NULL) + return 0; + if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { if (keylen >= 20 && keylen <= 64) return 0; From patchwork Thu Oct 28 16:52:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 103194 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 05250A0547; Thu, 28 Oct 2021 18:53:00 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CE83841136; Thu, 28 Oct 2021 18:52:49 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 144914112E for ; Thu, 28 Oct 2021 18:52:47 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA4fYf027655 for ; Thu, 28 Oct 2021 09:52:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=nhIRCr0iVCfZhiwAMW8+Z/7utwob7K7yoZvT5aAhNLQ=; b=QdEsHyEj9uLB7ylYVN+C8PgBeitZp3QMFEhjO05En9VDiZDDmI3FyBBEIWkqt+1zYrgW eR1kB1YHMHCp3evbR8N0O2ygE9vQoOxsNSILjxuKKK8GG9EymzIlawiFoLcF4HE2nv9Z Dwr/MhS4yBhFA6/XZRMbMBNZGGodD98hQbzZDP/YHaRXRJkFcQ0FpBtPA9m1oRUwJp1K /9PjyOCoEdj75n7fS6RGrDNFNOy1lT53niix+6wF0+mbmbmVONeg1GECSH0wAbjefQjY R8xV1upu1QVzFursC6XWT02A+lzGDf3eAVmxkJ8qdQcViBEf1q1KQSQ0kiE/NxPvagrx Pg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3byrpg261q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 28 Oct 2021 09:52:47 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 28 Oct 2021 09:52:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 28 Oct 2021 09:52:44 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 0D0673F7065; Thu, 28 Oct 2021 09:52:42 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , Date: Thu, 28 Oct 2021 22:22:25 +0530 Message-ID: <20211028165228.14603-4-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20211028165228.14603-1-marchana@marvell.com> References: <20211028165228.14603-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 6MEv_I8Eft3dUXXa-wuGUTz36Du8uANi X-Proofpoint-GUID: 6MEv_I8Eft3dUXXa-wuGUTz36Du8uANi X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 3/6] crypto/cnxk: add cn9k ESN and anti-replay support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adds ESN and anti-replay support for lookaside IPsec. Signed-off-by: Archana Muniganti Signed-off-by: Tejasree Kondoj --- doc/guides/cryptodevs/cnxk.rst | 2 + doc/guides/rel_notes/release_21_11.rst | 1 + drivers/common/cnxk/cnxk_security_ar.h | 21 +++++++++ drivers/crypto/cnxk/cn9k_ipsec.c | 17 ++++++++ drivers/crypto/cnxk/cn9k_ipsec.h | 5 +++ drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 58 +++++++++++++++++++++++++ 6 files changed, 104 insertions(+) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index 709da56ca8..faad6a499d 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -248,6 +248,8 @@ CN9XX Features supported * Tunnel mode * UDP Encapsulation * AES-128/192/256-GCM +* ESN +* Anti-replay CN10XX Features supported ~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 6cc7b2579e..82cdff641a 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -213,6 +213,7 @@ New Features * Added support for CN98xx dual block. * Added inner checksum support in lookaside protocol (IPsec) for CN10K. * Added AES-CBC NULL auth support in lookaside protocol (IPsec) for CN10K. + * Added ESN and anti-replay support in lookaside protocol (IPsec) for CN9K. * **Added support for event crypto adapter on Marvell CN10K and CN9K.** diff --git a/drivers/common/cnxk/cnxk_security_ar.h b/drivers/common/cnxk/cnxk_security_ar.h index 6bc517c875..3ec4c296c2 100644 --- a/drivers/common/cnxk/cnxk_security_ar.h +++ b/drivers/common/cnxk/cnxk_security_ar.h @@ -30,6 +30,27 @@ struct cnxk_on_ipsec_ar { uint64_t window[AR_WIN_ARR_SZ]; /**< anti-replay window */ }; +static inline uint32_t +cnxk_on_anti_replay_get_seqh(uint32_t winsz, uint32_t seql, uint32_t esn_hi, + uint32_t esn_low) +{ + uint32_t win_low = esn_low - winsz + 1; + + if (esn_low > winsz - 1) { + /* Window is in one sequence number subspace */ + if (seql > win_low) + return esn_hi; + else + return esn_hi + 1; + } else { + /* Window is split across two sequence number subspaces */ + if (seql > win_low) + return esn_hi - 1; + else + return esn_hi; + } +} + static inline int cnxk_on_anti_replay_check(uint64_t seq, struct cnxk_on_ipsec_ar *ar, uint32_t winsz) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index a43864df0d..ca26d9289c 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -445,6 +445,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, memset(sa, 0, sizeof(struct cn9k_ipsec_sa)); sa->dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS; + sa->replay_win_sz = ipsec->replay_win_sz; ret = fill_ipsec_common_sa(ipsec, crypto_xform, &in_sa->common_sa); if (ret) @@ -483,6 +484,22 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, w7.s.cptr = rte_mempool_virt2iova(in_sa); inst_tmpl->w7 = w7.u64; + if (sa->replay_win_sz) { + if (sa->replay_win_sz > CNXK_ON_AR_WIN_SIZE_MAX) { + plt_err("Replay window size:%u is not supported", + sa->replay_win_sz); + return -ENOTSUP; + } + + /* Set window bottom to 1, base and top to size of window */ + sa->ar.winb = 1; + sa->ar.wint = sa->replay_win_sz; + sa->ar.base = sa->replay_win_sz; + + in_sa->common_sa.esn_low = 0; + in_sa->common_sa.esn_hi = 0; + } + return cn9k_cpt_enq_sa_write( sa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len); } diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h index 13d522ec6f..fc440d54ba 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.h +++ b/drivers/crypto/cnxk/cn9k_ipsec.h @@ -7,6 +7,7 @@ #include "cnxk_ipsec.h" #include "cnxk_security.h" +#include "cnxk_security_ar.h" struct cn9k_ipsec_sa { union { @@ -35,6 +36,10 @@ struct cn9k_ipsec_sa { uint32_t seq_hi; }; }; + /** Anti replay */ + struct cnxk_on_ipsec_ar ar; + /** Anti replay window size */ + uint32_t replay_win_sz; }; struct cn9k_sec_session { diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h index b7a88e1b35..2dc8913feb 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h @@ -6,9 +6,11 @@ #define __CN9K_IPSEC_LA_OPS_H__ #include +#include #include #include "cn9k_ipsec.h" +#include "cnxk_security_ar.h" static __rte_always_inline int32_t ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen) @@ -21,6 +23,53 @@ ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen) return sa->rlens.partial_len + enc_payload_len; } +static __rte_always_inline int +ipsec_antireplay_check(struct cn9k_ipsec_sa *sa, uint32_t win_sz, + struct rte_mbuf *m) +{ + uint32_t esn_low = 0, esn_hi = 0, seql = 0, seqh = 0; + struct roc_ie_on_common_sa *common_sa; + struct roc_ie_on_inb_sa *in_sa; + struct roc_ie_on_sa_ctl *ctl; + uint64_t seq_in_sa, seq = 0; + struct rte_esp_hdr *esp; + uint8_t esn; + int ret; + + in_sa = &sa->in_sa; + common_sa = &in_sa->common_sa; + ctl = &common_sa->ctl; + + esn = ctl->esn_en; + esn_low = rte_be_to_cpu_32(common_sa->esn_low); + esn_hi = rte_be_to_cpu_32(common_sa->esn_hi); + + esp = rte_pktmbuf_mtod_offset(m, void *, sizeof(struct rte_ipv4_hdr)); + seql = rte_be_to_cpu_32(esp->seq); + + if (!esn) { + seq = (uint64_t)seql; + } else { + seqh = cnxk_on_anti_replay_get_seqh(win_sz, seql, esn_hi, + esn_low); + seq = ((uint64_t)seqh << 32) | seql; + } + + if (unlikely(seq == 0)) + return IPSEC_ANTI_REPLAY_FAILED; + + ret = cnxk_on_anti_replay_check(seq, &sa->ar, win_sz); + if (esn && !ret) { + seq_in_sa = ((uint64_t)esn_hi << 32) | esn_low; + if (seq > seq_in_sa) { + common_sa->esn_low = rte_cpu_to_be_32(seql); + common_sa->esn_hi = rte_cpu_to_be_32(seqh); + } + } + + return ret; +} + static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, struct cpt_inst_s *inst) @@ -78,6 +127,15 @@ process_inb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa, { struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; + int ret; + + if (sa->replay_win_sz) { + ret = ipsec_antireplay_check(sa, sa->replay_win_sz, m_src); + if (unlikely(ret)) { + plt_dp_err("Anti replay check failed"); + return ret; + } + } /* Prepare CPT instruction */ inst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src); From patchwork Thu Oct 28 16:52:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 103195 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E60FEA0547; Thu, 28 Oct 2021 18:53:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CC0ED41140; Thu, 28 Oct 2021 18:52:52 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1B1BC40DDB for ; Thu, 28 Oct 2021 18:52:49 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA4Nvh027066 for ; Thu, 28 Oct 2021 09:52:49 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=vWj/gXDLNi7OrNBSvQotmcXiwQpz2WNrqfoVIiQoHCA=; b=LDMxb+kaf+VYOn7Rwd0mRGRxAuHXas/Yxfzw4gbWWW1sUzf8RGjFjVCi9G8MOE7qirqI 6nPj4lvkUI4wFpgxPIxwy2X2696LckLWM1nzljjAM9eXibKoqQ+f2bFZ140NYfEpTebR iluNcr3iDEjThKQKMajGseGA2V92fNQFjXCYZhSaduK8+JI9mSqatlNTUn3JiOUw9MP0 fmKoXwiQ7Vhw3meC2RLzQwzAe3zEVvEaRveJLRszJ5i1TTT8FZtIFOFJGg3Q8uFJCywd 3CuE4WOs1FCj7Nr+edK9lOgvZ5F3F2mQv59rddFHjJgTrjiQxAeW6ybzG6y8z1m4iCH3 vw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3byrpg261u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 28 Oct 2021 09:52:49 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 28 Oct 2021 09:52:47 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 28 Oct 2021 09:52:47 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 69E053F705F; Thu, 28 Oct 2021 09:52:45 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , Date: Thu, 28 Oct 2021 22:22:26 +0530 Message-ID: <20211028165228.14603-5-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20211028165228.14603-1-marchana@marvell.com> References: <20211028165228.14603-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: HkKmRERTskb9ZrX3DuCSP6exLFJE3O-V X-Proofpoint-GUID: HkKmRERTskb9ZrX3DuCSP6exLFJE3O-V X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 4/6] doc/guides: update feature list supported with cn9k X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Updated feature list supported with cn9k. Signed-off-by: Archana Muniganti --- doc/guides/cryptodevs/cnxk.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst index faad6a499d..23cc823e03 100644 --- a/doc/guides/cryptodevs/cnxk.rst +++ b/doc/guides/cryptodevs/cnxk.rst @@ -244,10 +244,14 @@ CN9XX Features supported ~~~~~~~~~~~~~~~~~~~~~~~~ * IPv4 +* IPv6 * ESP * Tunnel mode +* Transport mode(IPv4) * UDP Encapsulation * AES-128/192/256-GCM +* AES-128/192/256-CBC-SHA1-HMAC +* AES-128/192/256-CBC-SHA256-128-HMAC * ESN * Anti-replay From patchwork Thu Oct 28 16:52:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 103196 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AA5BEA0547; Thu, 28 Oct 2021 18:53:11 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CC48B4111D; Thu, 28 Oct 2021 18:52:55 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A229640E25 for ; Thu, 28 Oct 2021 18:52:52 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA4QSn027112 for ; Thu, 28 Oct 2021 09:52:51 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=7pXBhdDhPI3uTAG+qi08M5amn49uG90hbqaZZALOO9U=; b=OjZ9VsGXnkZZyNZbIzLbuuQ3uZvfQcFZsRnNYiKEXFaUMdRkgKREWyYLYfV7qtaX/uAv vOr846LXHdq6GOuwrbzR3M1Coq3tm6bIB1LEF7Xb1SkHzda67XTuXzbAu+T+KxWm64X7 J9qsa/JyZOqBaxxYI/jL//vr59BAnpv/N4C1x8uPG+W2VBE4C9nbIONO1G1sX89RpVoa 89aDu53VWoVP1Qegayv0zzJjlFjg7ITRIptCqgyW6vTQoH5gwslCWbqLEx0tEb+/3Oqk YNd6H1Gmu/3FABHZxBifWX8hzHZfI2pAFDJvPc9wWvqv7EHrTiCRkGjL++7vLXlerWF+ nQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3byrpg2627-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 28 Oct 2021 09:52:51 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 28 Oct 2021 09:52:49 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 28 Oct 2021 09:52:49 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id CED6A3F7065; Thu, 28 Oct 2021 09:52:47 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , Date: Thu, 28 Oct 2021 22:22:27 +0530 Message-ID: <20211028165228.14603-6-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20211028165228.14603-1-marchana@marvell.com> References: <20211028165228.14603-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: LM869IGuPeedz2eAhB7pZXSljosUBP8S X-Proofpoint-GUID: LM869IGuPeedz2eAhB7pZXSljosUBP8S X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 5/6] crypto/cnxk: update auth key size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Update auth key size for SHA256_HMAC for cn9k. Signed-off-by: Archana Muniganti --- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 19d75a63c6..7dbea0b364 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -951,6 +951,26 @@ cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[], } } +static void +cn9k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[]) +{ + + struct rte_cryptodev_capabilities *caps; + int i = 0; + + while ((caps = &cnxk_caps[i++])->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if ((caps->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC) && + (caps->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) && + (caps->sym.auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) { + caps->sym.auth.key_size.min = 32; + caps->sym.auth.key_size.max = 64; + caps->sym.auth.key_size.increment = 1; + + break; + } + } +} + static void sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], union cpt_eng_caps *hw_caps) @@ -962,6 +982,8 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], if (roc_model_is_cn10k()) cn10k_sec_crypto_caps_update(cnxk_caps, &cur_pos); + else + cn9k_sec_crypto_caps_update(cnxk_caps); sec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); } From patchwork Thu Oct 28 16:52:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Archana Muniganti X-Patchwork-Id: 103197 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F1536A0547; Thu, 28 Oct 2021 18:53:18 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2ABF64114D; Thu, 28 Oct 2021 18:52:58 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1207141100 for ; Thu, 28 Oct 2021 18:52:54 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA4Nvj027066 for ; Thu, 28 Oct 2021 09:52:54 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=UvieenXUAQHwgbK/CL8lr5xuYi25zqfakUtPHQilzJk=; b=CynXkct0PfTFBizptUzSWaQhGWoG8l7y3GaRs8Gdz+btNwEGAiZV8szLwr5oAr0kkP1+ em0qhzcAdbEe4zbfofkE+EkwJLvQkdXT7iATKUuNG8Nmjg/Nkaf7eyTLORRegDrOSX0k PGrA2bl/QqcmV4tAqq0TIVkTzuY4avpT2O6rfkZHGBv3EoJ9ZcAoeiMeB71+CRwsDkyM c8HZ63WJmRThZkmo6X+J55q9v/r3hRLJw28l2PnHJDlHNrJ8d+u3TUcrCl3zAJXBTxSH 37Ji9AYges25VIfy4uk2xIYw/lWUAG0Qn9Z+1wSb56EaVt1DjR77vb+QCqQzxF292Jv4 Lg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3byrpg262d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Thu, 28 Oct 2021 09:52:54 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 28 Oct 2021 09:52:52 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Thu, 28 Oct 2021 09:52:52 -0700 Received: from hyd1409.caveonetworks.com.com (unknown [10.29.45.15]) by maili.marvell.com (Postfix) with ESMTP id 357603F705F; Thu, 28 Oct 2021 09:52:49 -0700 (PDT) From: Archana Muniganti To: CC: Archana Muniganti , , , , Date: Thu, 28 Oct 2021 22:22:28 +0530 Message-ID: <20211028165228.14603-7-marchana@marvell.com> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20211028165228.14603-1-marchana@marvell.com> References: <20211028165228.14603-1-marchana@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: KCdpOz8WSx1HGb4toc1CvDGIJpNrv_MI X-Proofpoint-GUID: KCdpOz8WSx1HGb4toc1CvDGIJpNrv_MI X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH 6/6] crypto/cnxk: support IPv6 mixed tunnel mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Adds IPv6 mixed tunnel mode support for cn9k. Signed-off-by: Archana Muniganti --- drivers/crypto/cnxk/cn9k_ipsec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index ca26d9289c..a81130b244 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -407,7 +407,8 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp, w4.u64 = 0; w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_OUTBOUND_IPSEC; w4.s.opcode_minor = ctx_len >> 3; - w4.s.param1 = ROC_IE_ON_PER_PKT_IV; + w4.s.param1 = BIT(9); + w4.s.param1 |= ROC_IE_ON_PER_PKT_IV; inst_tmpl->w4 = w4.u64; w7.u64 = 0; @@ -477,6 +478,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, w4.u64 = 0; w4.s.opcode_major = ROC_IE_ON_MAJOR_OP_PROCESS_INBOUND_IPSEC; w4.s.opcode_minor = ctx_len >> 3; + w4.s.param2 = BIT(12); inst_tmpl->w4 = w4.u64; w7.u64 = 0;