1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(C) 2021 Marvell.
4 #ifndef __CNXK_IPSEC_H__
5 #define __CNXK_IPSEC_H__
7 #include <rte_security.h>
8 #include <rte_security_driver.h>
12 extern struct rte_security_ops cnxk_sec_ops;
14 struct cnxk_cpt_inst_tmpl {
21 ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
23 if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
24 switch (crypto_xform->cipher.key.length) {
39 ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
41 uint16_t keylen = crypto_xform->auth.key.length;
43 if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_NULL)
46 if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
47 if (keylen >= 20 && keylen <= 64)
49 } else if (roc_model_is_cn9k() &&
50 (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
51 if (keylen >= 32 && keylen <= 64)
59 ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xform,
60 struct rte_crypto_sym_xform *crypto_xform)
62 if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&
63 crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)
66 if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&
67 crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)
70 if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
71 switch (crypto_xform->aead.key.length) {
86 cnxk_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec_xform,
87 struct rte_crypto_sym_xform *crypto_xform)
89 struct rte_crypto_sym_xform *auth_xform, *cipher_xform;
92 if ((ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_INGRESS) &&
93 (ipsec_xform->direction != RTE_SECURITY_IPSEC_SA_DIR_EGRESS))
96 if ((ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_ESP) &&
97 (ipsec_xform->proto != RTE_SECURITY_IPSEC_SA_PROTO_AH))
100 if ((ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) &&
101 (ipsec_xform->mode != RTE_SECURITY_IPSEC_SA_MODE_TUNNEL))
104 if ((ipsec_xform->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) &&
105 (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV4) &&
106 (ipsec_xform->tunnel.type != RTE_SECURITY_IPSEC_TUNNEL_IPV6))
109 if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
110 return ipsec_xform_aead_verify(ipsec_xform, crypto_xform);
112 if (crypto_xform->next == NULL)
115 if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
117 if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH ||
118 crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)
120 auth_xform = crypto_xform;
121 cipher_xform = crypto_xform->next;
124 if (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||
125 crypto_xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)
127 cipher_xform = crypto_xform;
128 auth_xform = crypto_xform->next;
131 ret = ipsec_xform_cipher_verify(cipher_xform);
135 return ipsec_xform_auth_verify(auth_xform);
137 #endif /* __CNXK_IPSEC_H__ */