diff mbox series

[v3,1/3] security: support user specified IV

Message ID 1631031463-211-2-git-send-email-anoobj@marvell.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series Add user specified IV with lookaside IPsec | expand

Checks

Context Check Description
ci/iol-testing warning apply patch failure
ci/checkpatch warning coding style issues

Commit Message

Anoob Joseph Sept. 7, 2021, 4:17 p.m. UTC
Enable user to provide IV to be used per security operation. This
would be used with lookaside protocol offload for comparing
against known vectors.

By default, PMD would generate IV internally and would be random.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/rel_notes/release_21_11.rst |  5 +++++
 lib/security/rte_security.h            | 14 ++++++++++++++
 2 files changed, 19 insertions(+)

Comments

Ananyev, Konstantin Sept. 16, 2021, 11:14 a.m. UTC | #1
> 
> Enable user to provide IV to be used per security operation. This
> would be used with lookaside protocol offload for comparing
> against known vectors.
> 
> By default, PMD would generate IV internally and would be random.
> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> Acked-by: Akhil Goyal <gakhil@marvell.com>
> ---
>  doc/guides/rel_notes/release_21_11.rst |  5 +++++
>  lib/security/rte_security.h            | 14 ++++++++++++++
>  2 files changed, 19 insertions(+)
> 
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
> index 411fa95..9b14c84 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -118,6 +118,11 @@ ABI Changes
>     Also, make sure to start the actual text at the margin.
>     =======================================================
> 
> +* security: add IPsec SA option to disable IV generation
> +
> +  * Added IPsec SA option to disable IV generation to allow known vector
> +    tests as well as usage of application provided IV on supported PMDs.
> +
> 
>  Known Issues
>  ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de..b4b6776 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -181,6 +181,20 @@ struct rte_security_ipsec_sa_options {
>  	 * * 0: Disable per session security statistics collection for this SA.
>  	 */
>  	uint32_t stats : 1;
> +
> +	/** Disable IV generation in PMD
> +	 *
> +	 * * 1: Disable IV generation in PMD. When disabled, IV provided in
> +	 *      rte_crypto_op will be used by the PMD.
> +	 *
> +	 * * 0: Enable IV generation in PMD. When enabled, PMD generated random
> +	 *      value would be used and application is not required to provide
> +	 *      IV.
> +	 *
> +	 * Note: For inline cases, IV generation would always need to be handled
> +	 * by the PMD.
> +	 */
> +	uint32_t iv_gen_disable : 1;
>  };
> 
>  /** IPSec security association direction */
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.7.4
diff mbox series

Patch

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 411fa95..9b14c84 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -118,6 +118,11 @@  ABI Changes
    Also, make sure to start the actual text at the margin.
    =======================================================
 
+* security: add IPsec SA option to disable IV generation
+
+  * Added IPsec SA option to disable IV generation to allow known vector
+    tests as well as usage of application provided IV on supported PMDs.
+
 
 Known Issues
 ------------
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de..b4b6776 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -181,6 +181,20 @@  struct rte_security_ipsec_sa_options {
 	 * * 0: Disable per session security statistics collection for this SA.
 	 */
 	uint32_t stats : 1;
+
+	/** Disable IV generation in PMD
+	 *
+	 * * 1: Disable IV generation in PMD. When disabled, IV provided in
+	 *      rte_crypto_op will be used by the PMD.
+	 *
+	 * * 0: Enable IV generation in PMD. When enabled, PMD generated random
+	 *      value would be used and application is not required to provide
+	 *      IV.
+	 *
+	 * Note: For inline cases, IV generation would always need to be handled
+	 * by the PMD.
+	 */
+	uint32_t iv_gen_disable : 1;
 };
 
 /** IPSec security association direction */