/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2016,2019 NXP
+ * Copyright 2016,2019-2020 NXP
*
*/
/* IPSec ESP Decap PDB options */
+/**
+ * PDBOPTS_ESP_ARS_MASK_ERA10 - antireplay window mask
+ * for SEC_ERA >= 10
+ */
+#define PDBOPTS_ESP_ARS_MASK_ERA10 0xc8
+
/**
* PDBOPTS_ESP_ARS_MASK - antireplay window mask
+ * for SEC_ERA < 10
*/
#define PDBOPTS_ESP_ARS_MASK 0xc0
*/
#define PDBOPTS_ESP_ARS128 0x80
+/**
+ * PDBOPTS_ESP_ARS256 - 256-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS256 0x08
+
+/**
+ * PDBOPTS_ESP_ARS512 - 512-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS512 0x48
+
+/**
+ * PDBOPTS_ESP_ARS1024 - 1024-entry antireplay window
+ *
+ * Valid only for IPsec new mode.
+ */
+#define PDBOPTS_ESP_ARS1024 0x88
+
/**
* PDBOPTS_ESP_ARS32 - 32-entry antireplay window
*/
/**
* struct ipsec_encap_ctr - PDB part for IPsec CTR encapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
* @ctr_initial: initial count constant
* @iv: initialization vector
*/
struct ipsec_encap_ctr {
- uint8_t ctr_nonce[4];
+ uint32_t ctr_nonce;
uint32_t ctr_initial;
- uint64_t iv;
+ uint8_t iv[8];
};
/**
break;
case OP_PCL_IPSEC_AES_CTR:
- rta_copy_data(program, pdb->ctr.ctr_nonce,
- sizeof(pdb->ctr.ctr_nonce));
+ rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
__rta_out32(program, pdb->ctr.ctr_initial);
- __rta_out64(program, true, pdb->ctr.iv);
+ rta_copy_data(program, pdb->ctr.iv, sizeof(pdb->ctr.iv));
break;
case OP_PCL_IPSEC_AES_CCM8:
/**
* struct ipsec_decap_ctr - PDB part for IPsec CTR decapsulation
- * @ctr_nonce: 4-byte array nonce
+ * @ctr_nonce: 4-byte nonce
* @ctr_initial: initial count constant
*/
struct ipsec_decap_ctr {
- uint8_t ctr_nonce[4];
+ uint32_t ctr_nonce;
uint32_t ctr_initial;
};
};
uint32_t seq_num_ext_hi;
uint32_t seq_num;
- uint32_t anti_replay[4];
+ uint32_t anti_replay[32];
};
static inline unsigned int
{
unsigned int start_pc = program->current_pc;
unsigned int i, ars;
+ uint8_t mask;
__rta_out32(program, pdb->options);
break;
case OP_PCL_IPSEC_AES_CTR:
- rta_copy_data(program, pdb->ctr.ctr_nonce,
- sizeof(pdb->ctr.ctr_nonce));
+ rta_copy_data(program, (uint8_t *)&pdb->ctr.ctr_nonce, 4);
__rta_out32(program, pdb->ctr.ctr_initial);
break;
__rta_out32(program, pdb->seq_num_ext_hi);
__rta_out32(program, pdb->seq_num);
- switch (pdb->options & PDBOPTS_ESP_ARS_MASK) {
+ if (rta_sec_era < RTA_SEC_ERA_10)
+ mask = PDBOPTS_ESP_ARS_MASK;
+ else
+ mask = PDBOPTS_ESP_ARS_MASK_ERA10;
+ switch (pdb->options & mask) {
+ case PDBOPTS_ESP_ARS1024:
+ ars = 32;
+ break;
+ case PDBOPTS_ESP_ARS512:
+ ars = 16;
+ break;
+ case PDBOPTS_ESP_ARS256:
+ ars = 8;
+ break;
case PDBOPTS_ESP_ARS128:
ars = 4;
break;
git.droids-corp.org / dpdk.git / blobdiff