From: Archana Muniganti <marchana@marvell.com>
Date: Fri, 17 Dec 2021 09:20:09 +0000 (+0530)
Subject: crypto/cnxk: add per packet IV in lookaside IPsec debug
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=2f20817c0004886e68ba687d8e257a5c779840d9;p=dpdk.git

crypto/cnxk: add per packet IV in lookaside IPsec debug

For cn9k, use HW GEN IV as default and add per pkt IV
in lookaside IPsec debug mode. Debug mode helps to verify
lookaside PMD using known outbound vectors in lookaside
autotest.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---

diff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h
index cb56a707b3..aaad87243f 100644
--- a/drivers/common/cnxk/roc_ie_on.h
+++ b/drivers/common/cnxk/roc_ie_on.h
@@ -22,6 +22,8 @@ enum roc_ie_on_ucc_ipsec {
 
 /* Helper macros */
 #define ROC_IE_ON_INB_RPTR_HDR 0x8
+#define ROC_IE_ON_MAX_IV_LEN   16
+#define ROC_IE_ON_PER_PKT_IV   BIT(43)
 
 enum {
 	ROC_IE_ON_SA_ENC_NULL = 0,
@@ -55,6 +57,11 @@ enum {
 	ROC_IE_ON_SA_ENCAP_UDP = 1,
 };
 
+enum {
+	ROC_IE_ON_IV_SRC_HW_GEN_DEFAULT = 0,
+	ROC_IE_ON_IV_SRC_FROM_DPTR = 1,
+};
+
 struct roc_ie_on_outb_hdr {
 	uint32_t ip_id;
 	uint32_t seq;
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 62b9c2634f..9f876f75f2 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -426,13 +426,7 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	ctx_len += RTE_ALIGN_CEIL(ctx_len, 8);
 
-	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-		sa->cipher_iv_off = crypto_xform->aead.iv.offset;
-		sa->cipher_iv_len = crypto_xform->aead.iv.length;
-	} else {
-		sa->cipher_iv_off = crypto_xform->cipher.iv.offset;
-		sa->cipher_iv_len = crypto_xform->cipher.iv.length;
-
+	if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
 		auth_key = auth_xform->auth.key.data;
 		auth_key_len = auth_xform->auth.key.length;
 
@@ -465,7 +459,31 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,
 
 	param1.u16 = 0;
 	param1.s.ikev2 = 1;
-	param1.s.per_pkt_iv = 1;
+
+	sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr) -
+			     ROC_IE_ON_MAX_IV_LEN;
+
+#ifdef LA_IPSEC_DEBUG
+	/* Use IV from application in debug mode */
+	if (ipsec->options.iv_gen_disable == 1) {
+		param1.s.per_pkt_iv = ROC_IE_ON_IV_SRC_FROM_DPTR;
+		sa->custom_hdr_len = sizeof(struct roc_ie_on_outb_hdr);
+
+		if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+			sa->cipher_iv_off = crypto_xform->aead.iv.offset;
+			sa->cipher_iv_len = crypto_xform->aead.iv.length;
+		} else {
+			sa->cipher_iv_off = crypto_xform->cipher.iv.offset;
+			sa->cipher_iv_len = crypto_xform->cipher.iv.length;
+		}
+	}
+#else
+	if (ipsec->options.iv_gen_disable != 0) {
+		plt_err("Application provided IV is not supported");
+		return -ENOTSUP;
+	}
+#endif
+
 	w4.s.param1 = param1.u16;
 
 	inst_tmpl->w4 = w4.u64;
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.h b/drivers/crypto/cnxk/cn9k_ipsec.h
index fc440d54ba..f3acad561b 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec.h
@@ -24,6 +24,8 @@ struct cn9k_ipsec_sa {
 	uint16_t cipher_iv_off;
 	/** Cipher IV length in bytes */
 	uint8_t cipher_iv_len;
+	/** Outbound custom header length */
+	uint8_t custom_hdr_len;
 	/** Response length calculation data */
 	struct cnxk_ipsec_outb_rlens rlens;
 	/** Outbound IP-ID */
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 2b0261e057..9a1e217042 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -74,7 +74,7 @@ static __rte_always_inline int
 process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,
 		struct cpt_inst_s *inst)
 {
-	const unsigned int hdr_len = sizeof(struct roc_ie_on_outb_hdr);
+	const unsigned int hdr_len = sa->custom_hdr_len;
 	struct rte_crypto_sym_op *sym_op = cop->sym;
 	struct rte_mbuf *m_src = sym_op->m_src;
 	struct roc_ie_on_outb_sa *out_sa;
@@ -103,9 +103,15 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn9k_ipsec_sa *sa,
 		return -ENOMEM;
 	}
 
-	memcpy(&hdr->iv[0],
-	       rte_crypto_op_ctod_offset(cop, uint8_t *, sa->cipher_iv_off),
-	       sa->cipher_iv_len);
+#ifdef LA_IPSEC_DEBUG
+	if (sa->inst.w4 & ROC_IE_ON_PER_PKT_IV) {
+		memcpy(&hdr->iv[0],
+		       rte_crypto_op_ctod_offset(cop, uint8_t *,
+						 sa->cipher_iv_off),
+		       sa->cipher_iv_len);
+	}
+#endif
+
 	hdr->seq = rte_cpu_to_be_32(sa->seq_lo);
 	hdr->ip_id = rte_cpu_to_be_32(sa->ip_id);
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 457e166fc8..f79e4d7010 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1166,7 +1166,9 @@ static void
 cn9k_sec_caps_update(struct rte_security_capability *sec_cap)
 {
 	if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
+#ifdef LA_IPSEC_DEBUG
 		sec_cap->ipsec.options.iv_gen_disable = 1;
+#endif
 	}
 }