sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa);
+#ifdef LA_IPSEC_DEBUG
+ /* Use IV from application in debug mode */
+ if (ipsec_xfrm->options.iv_gen_disable == 1) {
+ out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA;
+ if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ sa->iv_offset = crypto_xfrm->aead.iv.offset;
+ sa->iv_length = crypto_xfrm->aead.iv.length;
+ }
+ }
+#else
+ if (ipsec_xfrm->options.iv_gen_disable != 0) {
+ plt_err("Application provided IV not supported");
+ return -ENOTSUP;
+ }
+#endif
+
/* Get Rlen calculation data */
ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm);
if (ret)
/** Pre-populated CPT inst words */
struct cnxk_cpt_inst_tmpl inst;
uint16_t max_extended_len;
+ uint16_t iv_offset;
+ uint8_t iv_length;
};
struct cn10k_sec_session {
#include "cn10k_ipsec.h"
#include "cnxk_cryptodev.h"
+static inline void
+ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop)
+{
+ uint64_t *iv = &sess->out_sa.iv.u64[0];
+ uint64_t *tmp_iv;
+
+ memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
+ 16);
+ tmp_iv = (uint64_t *)iv;
+ *tmp_iv = rte_be_to_cpu_64(*tmp_iv);
+
+ tmp_iv = (uint64_t *)(iv + 1);
+ *tmp_iv = rte_be_to_cpu_64(*tmp_iv);
+}
+
+static inline void
+ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess,
+ struct rte_crypto_op *cop)
+{
+ uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0];
+ uint32_t *tmp_iv;
+
+ memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset),
+ 4);
+ tmp_iv = (uint32_t *)iv;
+ *tmp_iv = rte_be_to_cpu_32(*tmp_iv);
+
+ iv = &sess->out_sa.iv.s.iv_dbg2[0];
+ memcpy(iv,
+ rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4),
+ 4);
+ tmp_iv = (uint32_t *)iv;
+ *tmp_iv = rte_be_to_cpu_32(*tmp_iv);
+}
+
static __rte_always_inline int
process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess,
struct cpt_inst_s *inst)
return -ENOMEM;
}
+#ifdef LA_IPSEC_DEBUG
+ if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {
+ if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM)
+ ipsec_po_sa_aes_gcm_iv_set(sess, cop);
+ else
+ ipsec_po_sa_iv_set(sess, cop);
+ }
+#endif
+
/* Prepare CPT instruction */
inst->w4.u64 = sess->inst.w4;
inst->w4.s.dlen = rte_pktmbuf_pkt_len(m_src);
.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
- .options = { 0 }
+ .options = { 0 },
},
.crypto_capabilities = NULL,
},
.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
- .options = { 0 }
+ .options = { 0 },
},
.crypto_capabilities = NULL,
},
sec_cap->ipsec.options.udp_encap = 1;
}
+static void
+cn10k_sec_caps_update(struct rte_security_capability *sec_cap)
+{
+ if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+#ifdef LA_IPSEC_DEBUG
+ sec_cap->ipsec.options.iv_gen_disable = 1;
+#endif
+ }
+}
+
+static void
+cn9k_sec_caps_update(struct rte_security_capability *sec_cap)
+{
+ if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+ sec_cap->ipsec.options.iv_gen_disable = 1;
+ }
+}
+
void
cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
{
vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps;
cnxk_sec_caps_update(&vf->sec_caps[i]);
+
+ if (roc_model_is_cn10k())
+ cn10k_sec_caps_update(&vf->sec_caps[i]);
+
+ if (roc_model_is_cn9k())
+ cn9k_sec_caps_update(&vf->sec_caps[i]);
+
}
}
deps += ['bus_pci', 'common_cnxk', 'security', 'eventdev']
includes += include_directories('../../../lib/net')
+
+if get_option('buildtype').contains('debug')
+ cflags += [ '-DLA_IPSEC_DEBUG' ]
+else
+ cflags += [ '-ULA_IPSEC_DEBUG' ]
+endif
git.droids-corp.org / dpdk.git / commitdiff