diff mbox series

[v2,1/3] security: support user specified IV

Message ID	1630940307-78-2-git-send-email-anoobj@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Anoob Joseph <anoobj@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Declan Doherty <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>, "Konstantin Ananyev" <konstantin.ananyev@intel.com> CC: Anoob Joseph <anoobj@marvell.com>, Jerin Jacob <jerinj@marvell.com>, Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, Hemant Agrawal <hemant.agrawal@nxp.com>, "Radu Nicolau" <radu.nicolau@intel.com>, Ciara Power <ciara.power@intel.com>, Gagandeep Singh <g.singh@nxp.com>, <dev@dpdk.org> Date: Mon, 6 Sep 2021 20:28:25 +0530 Message-ID: <1630940307-78-2-git-send-email-anoobj@marvell.com> In-Reply-To: <1630940307-78-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> <1630940307-78-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Subject: [dpdk-dev] [PATCH v2 1/3] security: support user specified IV Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	Add user specified IV with lookaside IPsec \| [v2,0/3] Add user specified IV with lookaside IPsec [v2,1/3] security: support user specified IV [v2,2/3] crypto/cnxk: add IV in SA in lookaside IPsec debug mode [v2,3/3] test/crypto: add outbound known vector tests

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues
ci/iol-testing	warning	apply patch failure

Commit Message

Anoob Joseph Sept. 6, 2021, 2:58 p.m. UTC

  Enable user to provide IV to be used per security operation. This
would be used with lookaside protocol offload for comparing
against known vectors.

By default, PMD would generate IV internally and would be random.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 doc/guides/rel_notes/release_21_11.rst |  5 +++++
 lib/security/rte_security.h            | 14 ++++++++++++++
 2 files changed, 19 insertions(+)

Comments

Akhil Goyal Sept. 6, 2021, 7:07 p.m. UTC | #1

> Enable user to provide IV to be used per security operation. This
> would be used with lookaside protocol offload for comparing
> against known vectors.
> 
> By default, PMD would generate IV internally and would be random.
> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff mbox series

Patch

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 83da727..a1813bd 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -105,6 +105,11 @@  API Changes
    Also, make sure to start the actual text at the margin.
    =======================================================
 
+* security: add IPsec SA option to disable IV generation
+
+  * Added IPsec SA option to disable IV generation to allow known vector
+    tests as well as usage of application provided IV on supported PMDs.
+
 
 ABI Changes
 -----------
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de..b4b6776 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,20 @@  struct rte_security_ipsec_sa_options {
 	 * * 0: Disable per session security statistics collection for this SA.
 	 */
 	uint32_t stats : 1;
+
+	/** Disable IV generation in PMD
+	 *
+	 * * 1: Disable IV generation in PMD. When disabled, IV provided in
+	 *      rte_crypto_op will be used by the PMD.
+	 *
+	 * * 0: Enable IV generation in PMD. When enabled, PMD generated random
+	 *      value would be used and application is not required to provide
+	 *      IV.
+	 *
+	 * Note: For inline cases, IV generation would always need to be handled
+	 * by the PMD.
+	 */
+	uint32_t iv_gen_disable : 1;
 };
 
 /** IPSec security association direction */