Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 103194,
    "url": "https://patches.dpdk.org/api/patches/103194/?format=api",
    "web_url": "https://patches.dpdk.org/project/dpdk/patch/20211028165228.14603-4-marchana@marvell.com/",
    "project": {
        "id": 1,
        "url": "https://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20211028165228.14603-4-marchana@marvell.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20211028165228.14603-4-marchana@marvell.com",
    "date": "2021-10-28T16:52:25",
    "name": "[3/6] crypto/cnxk: add cn9k ESN and anti-replay support",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": true,
    "hash": "a99d01ab4b98f0eda4d4b9cb7b95af9dd2fe8c47",
    "submitter": {
        "id": 1515,
        "url": "https://patches.dpdk.org/api/people/1515/?format=api",
        "name": "Archana Muniganti",
        "email": "marchana@marvell.com"
    },
    "delegate": {
        "id": 6690,
        "url": "https://patches.dpdk.org/api/users/6690/?format=api",
        "username": "akhil",
        "first_name": "akhil",
        "last_name": "goyal",
        "email": "gakhil@marvell.com"
    },
    "mbox": "https://patches.dpdk.org/project/dpdk/patch/20211028165228.14603-4-marchana@marvell.com/mbox/",
    "series": [
        {
            "id": 20108,
            "url": "https://patches.dpdk.org/api/series/20108/?format=api",
            "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=20108",
            "date": "2021-10-28T16:52:22",
            "name": "add cnxk lookaside IPsec additional features",
            "version": 1,
            "mbox": "https://patches.dpdk.org/series/20108/mbox/"
        }
    ],
    "comments": "https://patches.dpdk.org/api/patches/103194/comments/",
    "check": "success",
    "checks": "https://patches.dpdk.org/api/patches/103194/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 05250A0547;\n\tThu, 28 Oct 2021 18:53:00 +0200 (CEST)",
            "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id CE83841136;\n\tThu, 28 Oct 2021 18:52:49 +0200 (CEST)",
            "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 144914112E\n for <dev@dpdk.org>; Thu, 28 Oct 2021 18:52:47 +0200 (CEST)",
            "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SA4fYf027655\n for <dev@dpdk.org>; Thu, 28 Oct 2021 09:52:47 -0700",
            "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0a-0016f401.pphosted.com with ESMTP id 3byrpg261q-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Thu, 28 Oct 2021 09:52:47 -0700",
            "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 28 Oct 2021 09:52:44 -0700",
            "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 28 Oct 2021 09:52:44 -0700",
            "from hyd1409.caveonetworks.com.com (unknown [10.29.45.15])\n by maili.marvell.com (Postfix) with ESMTP id 0D0673F7065;\n Thu, 28 Oct 2021 09:52:42 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=nhIRCr0iVCfZhiwAMW8+Z/7utwob7K7yoZvT5aAhNLQ=;\n b=QdEsHyEj9uLB7ylYVN+C8PgBeitZp3QMFEhjO05En9VDiZDDmI3FyBBEIWkqt+1zYrgW\n eR1kB1YHMHCp3evbR8N0O2ygE9vQoOxsNSILjxuKKK8GG9EymzIlawiFoLcF4HE2nv9Z\n Dwr/MhS4yBhFA6/XZRMbMBNZGGodD98hQbzZDP/YHaRXRJkFcQ0FpBtPA9m1oRUwJp1K\n /9PjyOCoEdj75n7fS6RGrDNFNOy1lT53niix+6wF0+mbmbmVONeg1GECSH0wAbjefQjY\n R8xV1upu1QVzFursC6XWT02A+lzGDf3eAVmxkJ8qdQcViBEf1q1KQSQ0kiE/NxPvagrx Pg==",
        "From": "Archana Muniganti <marchana@marvell.com>",
        "To": "<gakhil@marvell.com>",
        "CC": "Archana Muniganti <marchana@marvell.com>, <ktejasree@marvell.com>,\n <adwivedi@marvell.com>, <anoobj@marvell.com>, <dev@dpdk.org>",
        "Date": "Thu, 28 Oct 2021 22:22:25 +0530",
        "Message-ID": "<20211028165228.14603-4-marchana@marvell.com>",
        "X-Mailer": "git-send-email 2.22.0",
        "In-Reply-To": "<20211028165228.14603-1-marchana@marvell.com>",
        "References": "<20211028165228.14603-1-marchana@marvell.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Content-Type": "text/plain",
        "X-Proofpoint-ORIG-GUID": "6MEv_I8Eft3dUXXa-wuGUTz36Du8uANi",
        "X-Proofpoint-GUID": "6MEv_I8Eft3dUXXa-wuGUTz36Du8uANi",
        "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475\n definitions=2021-10-28_04,2021-10-26_01,2020-04-07_01",
        "Subject": "[dpdk-dev] [PATCH 3/6] crypto/cnxk: add cn9k ESN and anti-replay\n support",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "Adds ESN and anti-replay support for lookaside IPsec.\n\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n doc/guides/cryptodevs/cnxk.rst          |  2 +\n doc/guides/rel_notes/release_21_11.rst  |  1 +\n drivers/common/cnxk/cnxk_security_ar.h  | 21 +++++++++\n drivers/crypto/cnxk/cn9k_ipsec.c        | 17 ++++++++\n drivers/crypto/cnxk/cn9k_ipsec.h        |  5 +++\n drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 58 +++++++++++++++++++++++++\n 6 files changed, 104 insertions(+)",
    "diff": "diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst\nindex 709da56ca8..faad6a499d 100644\n--- a/doc/guides/cryptodevs/cnxk.rst\n+++ b/doc/guides/cryptodevs/cnxk.rst\n@@ -248,6 +248,8 @@ CN9XX Features supported\n * Tunnel mode\n * UDP Encapsulation\n * AES-128/192/256-GCM\n+* ESN\n+* Anti-replay\n \n CN10XX Features supported\n ~~~~~~~~~~~~~~~~~~~~~~~~~\ndiff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst\nindex 6cc7b2579e..82cdff641a 100644\n--- a/doc/guides/rel_notes/release_21_11.rst\n+++ b/doc/guides/rel_notes/release_21_11.rst\n@@ -213,6 +213,7 @@ New Features\n   * Added support for CN98xx dual block.\n   * Added inner checksum support in lookaside protocol (IPsec) for CN10K.\n   * Added AES-CBC NULL auth support in lookaside protocol (IPsec) for CN10K.\n+  * Added ESN and anti-replay support in lookaside protocol (IPsec) for CN9K.\n \n * **Added support for event crypto adapter on Marvell CN10K and CN9K.**\n \ndiff --git a/drivers/common/cnxk/cnxk_security_ar.h b/drivers/common/cnxk/cnxk_security_ar.h\nindex 6bc517c875..3ec4c296c2 100644\n--- a/drivers/common/cnxk/cnxk_security_ar.h\n+++ b/drivers/common/cnxk/cnxk_security_ar.h\n@@ -30,6 +30,27 @@ struct cnxk_on_ipsec_ar {\n \tuint64_t window[AR_WIN_ARR_SZ]; /**< anti-replay window */\n };\n \n+static inline uint32_t\n+cnxk_on_anti_replay_get_seqh(uint32_t winsz, uint32_t seql, uint32_t esn_hi,\n+\t\t\t     uint32_t esn_low)\n+{\n+\tuint32_t win_low = esn_low - winsz + 1;\n+\n+\tif (esn_low > winsz - 1) {\n+\t\t/* Window is in one sequence number subspace */\n+\t\tif (seql > win_low)\n+\t\t\treturn esn_hi;\n+\t\telse\n+\t\t\treturn esn_hi + 1;\n+\t} else {\n+\t\t/* Window is split across two sequence number subspaces */\n+\t\tif (seql > win_low)\n+\t\t\treturn esn_hi - 1;\n+\t\telse\n+\t\t\treturn esn_hi;\n+\t}\n+}\n+\n static inline int\n cnxk_on_anti_replay_check(uint64_t seq, struct cnxk_on_ipsec_ar *ar,\n \t\t\t  uint32_t winsz)\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c\nindex a43864df0d..ca26d9289c 100644\n--- a/drivers/crypto/cnxk/cn9k_ipsec.c\n+++ b/drivers/crypto/cnxk/cn9k_ipsec.c\n@@ -445,6 +445,7 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,\n \tmemset(sa, 0, sizeof(struct cn9k_ipsec_sa));\n \n \tsa->dir = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;\n+\tsa->replay_win_sz = ipsec->replay_win_sz;\n \n \tret = fill_ipsec_common_sa(ipsec, crypto_xform, &in_sa->common_sa);\n \tif (ret)\n@@ -483,6 +484,22 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,\n \tw7.s.cptr = rte_mempool_virt2iova(in_sa);\n \tinst_tmpl->w7 = w7.u64;\n \n+\tif (sa->replay_win_sz) {\n+\t\tif (sa->replay_win_sz > CNXK_ON_AR_WIN_SIZE_MAX) {\n+\t\t\tplt_err(\"Replay window size:%u is not supported\",\n+\t\t\t\tsa->replay_win_sz);\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\n+\t\t/* Set window bottom to 1, base and top to size of window */\n+\t\tsa->ar.winb = 1;\n+\t\tsa->ar.wint = sa->replay_win_sz;\n+\t\tsa->ar.base = sa->replay_win_sz;\n+\n+\t\tin_sa->common_sa.esn_low = 0;\n+\t\tin_sa->common_sa.esn_hi = 0;\n+\t}\n+\n \treturn cn9k_cpt_enq_sa_write(\n \t\tsa, qp, ROC_IE_ON_MAJOR_OP_WRITE_IPSEC_INBOUND, ctx_len);\n }\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h\nindex 13d522ec6f..fc440d54ba 100644\n--- a/drivers/crypto/cnxk/cn9k_ipsec.h\n+++ b/drivers/crypto/cnxk/cn9k_ipsec.h\n@@ -7,6 +7,7 @@\n \n #include \"cnxk_ipsec.h\"\n #include \"cnxk_security.h\"\n+#include \"cnxk_security_ar.h\"\n \n struct cn9k_ipsec_sa {\n \tunion {\n@@ -35,6 +36,10 @@ struct cn9k_ipsec_sa {\n \t\t\tuint32_t seq_hi;\n \t\t};\n \t};\n+\t/** Anti replay */\n+\tstruct cnxk_on_ipsec_ar ar;\n+\t/** Anti replay window size */\n+\tuint32_t replay_win_sz;\n };\n \n struct cn9k_sec_session {\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h\nindex b7a88e1b35..2dc8913feb 100644\n--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h\n+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h\n@@ -6,9 +6,11 @@\n #define __CN9K_IPSEC_LA_OPS_H__\n \n #include <rte_crypto_sym.h>\n+#include <rte_esp.h>\n #include <rte_security.h>\n \n #include \"cn9k_ipsec.h\"\n+#include \"cnxk_security_ar.h\"\n \n static __rte_always_inline int32_t\n ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen)\n@@ -21,6 +23,53 @@ ipsec_po_out_rlen_get(struct cn9k_ipsec_sa *sa, uint32_t plen)\n \treturn sa->rlens.partial_len + enc_payload_len;\n }\n \n+static __rte_always_inline int\n+ipsec_antireplay_check(struct cn9k_ipsec_sa *sa, uint32_t win_sz,\n+\t\t       struct rte_mbuf *m)\n+{\n+\tuint32_t esn_low = 0, esn_hi = 0, seql = 0, seqh = 0;\n+\tstruct roc_ie_on_common_sa *common_sa;\n+\tstruct roc_ie_on_inb_sa *in_sa;\n+\tstruct roc_ie_on_sa_ctl *ctl;\n+\tuint64_t seq_in_sa, seq = 0;\n+\tstruct rte_esp_hdr *esp;\n+\tuint8_t esn;\n+\tint ret;\n+\n+\tin_sa = &sa->in_sa;\n+\tcommon_sa = &in_sa->common_sa;\n+\tctl = &common_sa->ctl;\n+\n+\tesn = ctl->esn_en;\n+\tesn_low = rte_be_to_cpu_32(common_sa->esn_low);\n+\tesn_hi = rte_be_to_cpu_32(common_sa->esn_hi);\n+\n+\tesp = rte_pktmbuf_mtod_offset(m, void *, sizeof(struct rte_ipv4_hdr));\n+\tseql = rte_be_to_cpu_32(esp->seq);\n+\n+\tif (!esn) {\n+\t\tseq = (uint64_t)seql;\n+\t} else {\n+\t\tseqh = cnxk_on_anti_replay_get_seqh(win_sz, seql, esn_hi,\n+\t\t\t\t\t\t    esn_low);\n+\t\tseq = ((uint64_t)seqh << 32) | seql;\n+\t}\n+\n+\tif (unlikely(seq == 0))\n+\t\treturn IPSEC_ANTI_REPLAY_FAILED;\n+\n+\tret = cnxk_on_anti_replay_check(seq, &sa->ar, win_sz);\n+\tif (esn && !ret) {\n+\t\tseq_in_sa = ((uint64_t)esn_hi << 32) | esn_low;\n+\t\tif (seq > seq_in_sa) {\n+\t\t\tcommon_sa->esn_low = rte_cpu_to_be_32(seql);\n+\t\t\tcommon_sa->esn_hi = rte_cpu_to_be_32(seqh);\n+\t\t}\n+\t}\n+\n+\treturn ret;\n+}\n+\n static __rte_always_inline int\n process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,\n \t\tstruct cpt_inst_s *inst)\n@@ -78,6 +127,15 @@ process_inb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,\n {\n \tstruct rte_crypto_sym_op *sym_op = cop->sym;\n \tstruct rte_mbuf *m_src = sym_op->m_src;\n+\tint ret;\n+\n+\tif (sa->replay_win_sz) {\n+\t\tret = ipsec_antireplay_check(sa, sa->replay_win_sz, m_src);\n+\t\tif (unlikely(ret)) {\n+\t\t\tplt_dp_err(\"Anti replay check failed\");\n+\t\t\treturn ret;\n+\t\t}\n+\t}\n \n \t/* Prepare CPT instruction */\n \tinst->w4.u64 = sa->inst.w4 | rte_pktmbuf_pkt_len(m_src);\n",
    "prefixes": [
        "3/6"
    ]
}