+static int
+configure_aead_ctx(struct rte_crypto_aead_xform *xform,
+ struct nitrox_crypto_ctx *ctx)
+{
+ int aes_keylen;
+ struct flexi_crypto_context *fctx = &ctx->fctx;
+
+ if (unlikely(xform->aad_length > FLEXI_CRYPTO_MAX_AAD_LEN)) {
+ NITROX_LOG(ERR, "AAD length %d not supported\n",
+ xform->aad_length);
+ return -ENOTSUP;
+ }
+
+ if (unlikely(xform->algo != RTE_CRYPTO_AEAD_AES_GCM))
+ return -ENOTSUP;
+
+ aes_keylen = flexi_aes_keylen(xform->key.length, true);
+ if (unlikely(aes_keylen < 0))
+ return -EINVAL;
+
+ if (unlikely(!auth_key_is_valid(xform->key.data, xform->key.length,
+ fctx)))
+ return -EINVAL;
+
+ if (unlikely(xform->iv.length > MAX_IV_LEN))
+ return -EINVAL;
+
+ fctx->flags = rte_be_to_cpu_64(fctx->flags);
+ fctx->w0.cipher_type = CIPHER_AES_GCM;
+ fctx->w0.aes_keylen = aes_keylen;
+ fctx->w0.iv_source = IV_FROM_DPTR;
+ fctx->w0.hash_type = AUTH_NULL;
+ fctx->w0.auth_input_type = 1;
+ fctx->w0.mac_len = xform->digest_length;
+ fctx->flags = rte_cpu_to_be_64(fctx->flags);
+ memset(fctx->crypto.key, 0, sizeof(fctx->crypto.key));
+ memcpy(fctx->crypto.key, xform->key.data, xform->key.length);
+ memset(&fctx->auth, 0, sizeof(fctx->auth));
+ memcpy(fctx->auth.opad, xform->key.data, xform->key.length);
+
+ ctx->opcode = FLEXI_CRYPTO_ENCRYPT_HMAC;
+ ctx->req_op = (xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
+ NITROX_OP_ENCRYPT : NITROX_OP_DECRYPT;
+ ctx->iv.offset = xform->iv.offset;
+ ctx->iv.length = xform->iv.length;
+ ctx->digest_length = xform->digest_length;
+ ctx->aad_length = xform->aad_length;
+ return 0;
+}
+