security: support user-specified IV

Enabled user to provide IV to be used per security
operation. This would be used with lookaside protocol
offload for comparing against known vectors.

By default, PMD would internally generate random IV.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index a11929c..2a13459 100644 (file)
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -169,6 +169,10 @@ ABI Changes
   have much processing in PMD specific callbacks but just 64-bit set/get.
   This avoids a per packet function pointer jump overhead for such PMDs.
 
+* security: A new option ``iv_gen_disable`` was added in structure
+  ``rte_security_ipsec_sa_options`` to disable IV generation inside PMD,
+  so that application can provide its own IV and test known test vectors.
+
 
 Known Issues
 ------------

diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2446ab0..f9e6591 100644 (file)
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -192,6 +192,20 @@ struct rte_security_ipsec_sa_options {
         * * 0: Disable per session security statistics collection for this SA.
         */
        uint32_t stats : 1;
+
+       /** Disable IV generation in PMD
+        *
+        * * 1: Disable IV generation in PMD. When disabled, IV provided in
+        *      rte_crypto_op will be used by the PMD.
+        *
+        * * 0: Enable IV generation in PMD. When enabled, PMD generated random
+        *      value would be used and application is not required to provide
+        *      IV.
+        *
+        * Note: For inline cases, IV generation would always need to be handled
+        * by the PMD.
+        */
+       uint32_t iv_gen_disable : 1;
 };
 
 /** IPSec security association direction */