crypto/cnxk: support AH mode

[dpdk.git] / drivers / crypto / cnxk / cn10k_ipsec.c

diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c
index a93c211..0c9e244 100644 (file)
--- a/drivers/crypto/cnxk/cn10k_ipsec.c
+++ b/drivers/crypto/cnxk/cn10k_ipsec.c
@@ -74,7 +74,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
                if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
                        sa->iv_offset = crypto_xfrm->aead.iv.offset;
                        sa->iv_length = crypto_xfrm->aead.iv.length;
-               } else {
+               } else if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
                        sa->iv_offset = crypto_xfrm->cipher.iv.offset;
                        sa->iv_length = crypto_xfrm->cipher.iv.length;
                }
@@ -102,6 +102,8 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
 
        param1.u16 = 0;
 
+       param1.s.ttl_or_hop_limit = ipsec_xfrm->options.dec_ttl;
+
        /* Disable IP checksum computation by default */
        param1.s.ip_csum_disable = ROC_IE_OT_SA_INNER_PKT_IP_CSUM_DISABLE;
 
@@ -180,7 +182,8 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
        }
 
        /* Translate security parameters to SA */
-       ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm);
+       ret = cnxk_ot_ipsec_inb_sa_fill(sa_dptr, ipsec_xfrm, crypto_xfrm,
+                                       false);
        if (ret) {
                plt_err("Could not fill inbound session parameters");
                goto sa_dptr_free;
@@ -201,7 +204,6 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
        if (ipsec_xfrm->options.ip_csum_enable) {
                param1.s.ip_csum_disable =
                        ROC_IE_OT_SA_INNER_PKT_IP_CSUM_ENABLE;
-               sa->ip_csum_enable = true;
        }
 
        /* Disable L4 checksum verification by default */
@@ -240,7 +242,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,
        }
 
        /* Trigger CTX flush so that data is written back to DRAM */
-       roc_cpt_lf_ctx_flush(lf, in_sa, false);
+       roc_cpt_lf_ctx_flush(lf, in_sa, true);
 
        plt_atomic_thread_fence(__ATOMIC_SEQ_CST);
 
@@ -411,6 +413,39 @@ cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
        return 0;
 }
 
+static int
+cn10k_sec_session_update(void *device, struct rte_security_session *sess,
+                        struct rte_security_session_conf *conf)
+{
+       struct rte_cryptodev *crypto_dev = device;
+       struct cn10k_sec_session *priv;
+       struct roc_cpt *roc_cpt;
+       struct cnxk_cpt_qp *qp;
+       struct cnxk_cpt_vf *vf;
+       int ret;
+
+       priv = get_sec_session_private_data(sess);
+       if (priv == NULL)
+               return -EINVAL;
+
+       qp = crypto_dev->data->queue_pairs[0];
+       if (qp == NULL)
+               return -EINVAL;
+
+       if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+               return -ENOTSUP;
+
+       ret = cnxk_ipsec_xform_verify(&conf->ipsec, conf->crypto_xform);
+       if (ret)
+               return ret;
+
+       vf = crypto_dev->data->dev_private;
+       roc_cpt = &vf->cpt;
+
+       return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec,
+                                         conf->crypto_xform, sess);
+}
+
 /* Update platform specific security ops */
 void
 cn10k_sec_ops_override(void)
@@ -420,4 +455,5 @@ cn10k_sec_ops_override(void)
        cnxk_sec_ops.session_destroy = cn10k_sec_session_destroy;
        cnxk_sec_ops.session_get_size = cn10k_sec_session_get_size;
        cnxk_sec_ops.session_stats_get = cn10k_sec_session_stats_get;
+       cnxk_sec_ops.session_update = cn10k_sec_session_update;
 }