[dpdk-dev] [PATCH v3 1/3] security: support user specified IV

Ananyev, Konstantin konstantin.ananyev at intel.com
Thu Sep 16 13:14:30 CEST 2021

Previous message (by thread): [dpdk-dev] [PATCH v3 1/3] security: support user specified IV
Next message (by thread): [dpdk-dev] [PATCH v3 2/3] crypto/cnxk: add IV in SA in lookaside IPsec debug mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 
> Enable user to provide IV to be used per security operation. This
> would be used with lookaside protocol offload for comparing
> against known vectors.
> 
> By default, PMD would generate IV internally and would be random.
> 
> Signed-off-by: Anoob Joseph <anoobj at marvell.com>
> Acked-by: Akhil Goyal <gakhil at marvell.com>
> ---
>  doc/guides/rel_notes/release_21_11.rst |  5 +++++
>  lib/security/rte_security.h            | 14 ++++++++++++++
>  2 files changed, 19 insertions(+)
> 
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
> index 411fa95..9b14c84 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -118,6 +118,11 @@ ABI Changes
>     Also, make sure to start the actual text at the margin.
>     =======================================================
> 
> +* security: add IPsec SA option to disable IV generation
> +
> +  * Added IPsec SA option to disable IV generation to allow known vector
> +    tests as well as usage of application provided IV on supported PMDs.
> +
> 
>  Known Issues
>  ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de..b4b6776 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -181,6 +181,20 @@ struct rte_security_ipsec_sa_options {
>  	 * * 0: Disable per session security statistics collection for this SA.
>  	 */
>  	uint32_t stats : 1;
> +
> +	/** Disable IV generation in PMD
> +	 *
> +	 * * 1: Disable IV generation in PMD. When disabled, IV provided in
> +	 *      rte_crypto_op will be used by the PMD.
> +	 *
> +	 * * 0: Enable IV generation in PMD. When enabled, PMD generated random
> +	 *      value would be used and application is not required to provide
> +	 *      IV.
> +	 *
> +	 * Note: For inline cases, IV generation would always need to be handled
> +	 * by the PMD.
> +	 */
> +	uint32_t iv_gen_disable : 1;
>  };
> 
>  /** IPSec security association direction */
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>

> 2.7.4

Previous message (by thread): [dpdk-dev] [PATCH v3 1/3] security: support user specified IV
Next message (by thread): [dpdk-dev] [PATCH v3 2/3] crypto/cnxk: add IV in SA in lookaside IPsec debug mode
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list