common/cnxk: allow building for generic arm64

[dpdk.git] / drivers / common / cnxk / cnxk_security.c

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index d6006d3..72ee5ee 100644 (file)
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -57,25 +57,23 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
                              struct rte_crypto_sym_xform *crypto_xfrm)
 {
        struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;
-       const uint8_t *key;
+       const uint8_t *key = NULL;
        uint32_t *tmp_salt;
        uint64_t *tmp_key;
-       int length, i;
+       int i, length = 0;
 
        /* Set direction */
-       switch (ipsec_xfrm->direction) {
-       case RTE_SECURITY_IPSEC_SA_DIR_INGRESS:
+       if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+               w2->s.dir = ROC_IE_SA_DIR_OUTBOUND;
+       else
                w2->s.dir = ROC_IE_SA_DIR_INBOUND;
+
+       if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
                auth_xfrm = crypto_xfrm;
                cipher_xfrm = crypto_xfrm->next;
-               break;
-       case RTE_SECURITY_IPSEC_SA_DIR_EGRESS:
-               w2->s.dir = ROC_IE_SA_DIR_OUTBOUND;
+       } else {
                cipher_xfrm = crypto_xfrm;
                auth_xfrm = crypto_xfrm->next;
-               break;
-       default:
-               return -EINVAL;
        }
 
        /* Set protocol - ESP vs AH */
@@ -119,18 +117,26 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
                        return -ENOTSUP;
                }
        } else {
-               switch (cipher_xfrm->cipher.algo) {
-               case RTE_CRYPTO_CIPHER_NULL:
-                       w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;
-                       break;
-               case RTE_CRYPTO_CIPHER_AES_CBC:
-                       w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
-                       break;
-               case RTE_CRYPTO_CIPHER_AES_CTR:
-                       w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
-                       break;
-               default:
-                       return -ENOTSUP;
+               if (cipher_xfrm != NULL) {
+                       switch (cipher_xfrm->cipher.algo) {
+                       case RTE_CRYPTO_CIPHER_NULL:
+                               w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;
+                               break;
+                       case RTE_CRYPTO_CIPHER_AES_CBC:
+                               w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
+                               break;
+                       case RTE_CRYPTO_CIPHER_AES_CTR:
+                               w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+                               break;
+                       case RTE_CRYPTO_CIPHER_3DES_CBC:
+                               w2->s.enc_type = ROC_IE_OT_SA_ENC_3DES_CBC;
+                               break;
+                       default:
+                               return -ENOTSUP;
+                       }
+
+                       key = cipher_xfrm->cipher.key.data;
+                       length = cipher_xfrm->cipher.key.length;
                }
 
                switch (auth_xfrm->auth.algo) {
@@ -152,6 +158,14 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
                case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
                        w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_XCBC_128;
                        break;
+               case RTE_CRYPTO_AUTH_AES_GMAC:
+                       w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_GMAC;
+                       key = auth_xfrm->auth.key.data;
+                       length = auth_xfrm->auth.key.length;
+                       memcpy(salt_key, &ipsec_xfrm->salt, 4);
+                       tmp_salt = (uint32_t *)salt_key;
+                       *tmp_salt = rte_be_to_cpu_32(*tmp_salt);
+                       break;
                default:
                        return -ENOTSUP;
                }
@@ -169,8 +183,6 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
                     i++)
                        tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
 
-               key = cipher_xfrm->cipher.key.data;
-               length = cipher_xfrm->cipher.key.length;
        }
 
        /* Set encapsulation type */
@@ -179,11 +191,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 
        w2->s.spi = ipsec_xfrm->spi;
 
-       /* Copy encryption key */
-       memcpy(cipher_key, key, length);
-       tmp_key = (uint64_t *)cipher_key;
-       for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)
-               tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+       if (key != NULL && length != 0) {
+               /* Copy encryption key */
+               memcpy(cipher_key, key, length);
+               tmp_key = (uint64_t *)cipher_key;
+               for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)
+                       tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+       }
 
        /* Set AES key length */
        if (w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CBC ||
@@ -339,6 +353,16 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
        if (rc)
                return rc;
 
+       /* Default options for pkt_out and pkt_fmt are with
+        * second pass meta and no defrag.
+        */
+       sa->w0.s.pkt_format = ROC_IE_OT_SA_PKT_FMT_META;
+       sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG;
+       sa->w0.s.pkind = ROC_IE_OT_CPT_PKIND;
+
+       if (ipsec_xfrm->options.ip_reassembly_en)
+               sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG;
+
        /* ESN */
        sa->w2.s.esn_en = !!ipsec_xfrm->options.esn;
        if (ipsec_xfrm->options.udp_encap) {