From patchwork Tue Dec 20 14:32:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tejasree Kondoj <ktejasree@marvell.com>
X-Patchwork-Id: 121077
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 87A8CA0545;
	Tue, 20 Dec 2022 15:33:02 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id D97D34114A;
	Tue, 20 Dec 2022 15:32:48 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id B51924114A
 for <dev@dpdk.org>; Tue, 20 Dec 2022 15:32:47 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 2BKEOLfm018975 for <dev@dpdk.org>; Tue, 20 Dec 2022 06:32:47 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=73dhRCJrvirECcUYJb2vLvQ6ke8AdnyCMCl+jle5y18=;
 b=G0E/vlgi7BHL4qTXMUzOufX6U7SCqNGWS9mfb911ajVSIWpHVIwUo4UEdC3t03BZaO51
 v1EjRqiRWavoZNmdiv0oWtYjWqYnvYvFEyEeQaHqvztXvXTlMxseYpo0zk5jONwJ9m2v
 vekoTHRoz/vP+dMR0NyxNNVVWSBPxfN5okxXs9ZdXSNXJW3rjhCwNDt4cT5bNB0uG+rM
 NhnNNnh9LT8wtByfSib/vgoc3p+/oIrGBQ2Bk4ynhGYoElNab3xK8XQy0gbZxBV0BGUG
 59rcR22XcrdT/qtbZDZHZEZjVxwG7ObwTDwmywe6CJ8Nhszx6VuXTFR2KGmlQ0oYLxxJ VA==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3mhe5rnb57-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
 for <dev@dpdk.org>; Tue, 20 Dec 2022 06:32:46 -0800
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.42;
 Tue, 20 Dec 2022 06:32:44 -0800
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.42 via Frontend
 Transport; Tue, 20 Dec 2022 06:32:44 -0800
Received: from hyd1554.marvell.com (unknown [10.29.57.11])
 by maili.marvell.com (Postfix) with ESMTP id 7EA333F704C;
 Tue, 20 Dec 2022 06:32:42 -0800 (PST)
From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
CC: Vidya Sagar Velumuri <vvelumuri@marvell.com>, Anoob Joseph
 <anoobj@marvell.com>,
 Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>,
 Volodymyr Fialko <vfialko@marvell.com>, Aakash Sasidharan
 <asasidharan@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 03/17] crypto/cnxk: update resp len calculation for IPv6
Date: Tue, 20 Dec 2022 20:02:18 +0530
Message-ID: <20221220143232.2519650-4-ktejasree@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20221220143232.2519650-1-ktejasree@marvell.com>
References: <20221220143232.2519650-1-ktejasree@marvell.com>
MIME-Version: 1.0
X-Proofpoint-GUID: dD7NBVGHS6PSm85bt3RmjeKwmQvz9NbD
X-Proofpoint-ORIG-GUID: dD7NBVGHS6PSm85bt3RmjeKwmQvz9NbD
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-12-20_05,2022-12-20_01,2022-06-22_01
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

In IPsec lookaside path, response length for an encryption is pre
calculated and updated in the mbuf as the packet length.
Response length dpepends on the layer-3 header length.
As IPsec security context does not provide any information about the IP
version, the layer-3 header length is calculated in data path based on IP
version and extension headers.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/common/cnxk/cnxk_security.c     |  4 +--
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 36 ++++++++++++++++++++++---
 2 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 5034c76938..79427d48fe 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -19,7 +19,7 @@ ipsec_hmac_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform,
 	uint32_t i;
 
 	/* HMAC OPAD and IPAD */
-	for (i = 0; i < 127 && i < length; i++) {
+	for (i = 0; i < 128 && i < length; i++) {
 		opad[i] = opad[i] ^ key[i];
 		ipad[i] = ipad[i] ^ key[i];
 	}
@@ -1344,7 +1344,7 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
 	} else
 		ctx_len += sizeof(template->ip4);
 
-	ctx_len += RTE_ALIGN_CEIL(ctx_len, 8);
+	ctx_len = RTE_ALIGN_CEIL(ctx_len, 8);
 
 	if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
 		uint8_t *hmac_opad_ipad = (uint8_t *)&out_sa->sha2;
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 724fc525ad..f1298017ce 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -13,14 +13,44 @@
 #include "cnxk_security_ar.h"
 
 static __rte_always_inline int32_t
-ipsec_po_out_rlen_get(struct cn9k_sec_session *sess, uint32_t plen)
+ipsec_po_out_rlen_get(struct cn9k_sec_session *sess, uint32_t plen, struct rte_mbuf *m_src)
 {
 	uint32_t enc_payload_len;
 	int adj_len = 0;
 
-	if (sess->sa.out_sa.common_sa.ctl.ipsec_mode == ROC_IE_SA_MODE_TRANSPORT)
+	if (sess->sa.out_sa.common_sa.ctl.ipsec_mode == ROC_IE_SA_MODE_TRANSPORT) {
 		adj_len = ROC_CPT_TUNNEL_IPV4_HDR_LEN;
 
+		uintptr_t data = (uintptr_t)m_src->buf_addr + m_src->data_off;
+		struct rte_ipv4_hdr *ip = (struct rte_ipv4_hdr *)data;
+
+		if (unlikely(((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) != IPVERSION)) {
+			struct rte_ipv6_hdr *ip6 = (struct rte_ipv6_hdr *)ip;
+			uint8_t *nxt_hdr = (uint8_t *)ip6;
+			uint8_t dest_op_cnt = 0;
+			int nh = ip6->proto;
+
+			PLT_ASSERT(((ip->version_ihl & 0xf0) >> RTE_IPV4_IHL_MULTIPLIER) == 6);
+
+			adj_len = ROC_CPT_TUNNEL_IPV6_HDR_LEN;
+			nxt_hdr += ROC_CPT_TUNNEL_IPV6_HDR_LEN;
+			while (nh != -EINVAL) {
+				size_t ext_len = 0;
+
+				nh = rte_ipv6_get_next_ext(nxt_hdr, nh, &ext_len);
+				/* With multiple dest ops headers, the ESP hdr will be before
+				 * the 2nd dest ops and after the first dest ops header
+				 */
+				if ((nh == IPPROTO_DSTOPTS) && dest_op_cnt)
+					break;
+				else if (nh == IPPROTO_DSTOPTS)
+					dest_op_cnt++;
+				adj_len += ext_len;
+				nxt_hdr += ext_len;
+			}
+		}
+	}
+
 	enc_payload_len =
 		RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len - adj_len, sess->rlens.roundup_byte);
 
@@ -41,7 +71,7 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn9k_sec_session *sess, struct
 
 	pkt_len = rte_pktmbuf_pkt_len(m_src);
 	dlen = pkt_len + hdr_len;
-	rlen = ipsec_po_out_rlen_get(sess, pkt_len);
+	rlen = ipsec_po_out_rlen_get(sess, pkt_len, m_src);
 
 	extend_tail = rlen - dlen;
 	if (unlikely(extend_tail > rte_pktmbuf_tailroom(m_src))) {