From: Anoob Joseph Date: Tue, 7 Sep 2021 16:17:40 +0000 (+0530) Subject: security: support user-specified IV X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=63992166ba07a886d405eaa72dc49bfeeb5a4d20;p=dpdk.git security: support user-specified IV Enabled user to provide IV to be used per security operation. This would be used with lookaside protocol offload for comparing against known vectors. By default, PMD would internally generate random IV. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal Acked-by: Konstantin Ananyev --- diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index a11929c621..2a13459f90 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -169,6 +169,10 @@ ABI Changes have much processing in PMD specific callbacks but just 64-bit set/get. This avoids a per packet function pointer jump overhead for such PMDs. +* security: A new option ``iv_gen_disable`` was added in structure + ``rte_security_ipsec_sa_options`` to disable IV generation inside PMD, + so that application can provide its own IV and test known test vectors. + Known Issues ------------ diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 2446ab0671..f9e65912b4 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -192,6 +192,20 @@ struct rte_security_ipsec_sa_options { * * 0: Disable per session security statistics collection for this SA. */ uint32_t stats : 1; + + /** Disable IV generation in PMD + * + * * 1: Disable IV generation in PMD. When disabled, IV provided in + * rte_crypto_op will be used by the PMD. + * + * * 0: Enable IV generation in PMD. When enabled, PMD generated random + * value would be used and application is not required to provide + * IV. + * + * Note: For inline cases, IV generation would always need to be handled + * by the PMD. + */ + uint32_t iv_gen_disable : 1; }; /** IPSec security association direction */