/* RTA header files */
#include <desc/ipsec.h>
#include <desc/pdcp.h>
+#include <desc/sdap.h>
#include <desc/algo.h>
/* Minimum job descriptor consists of a oneword job descriptor HEADER and
flc = &priv->flc_desc[DESC_INITFINAL].flc;
session->ctxt_type = DPAA2_SEC_AUTH;
- session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
+ session->auth_key.length = xform->auth.key.length;
+ if (xform->auth.key.length) {
+ session->auth_key.data = rte_zmalloc(NULL,
+ xform->auth.key.length,
RTE_CACHE_LINE_SIZE);
- if (session->auth_key.data == NULL) {
- DPAA2_SEC_ERR("Unable to allocate memory for auth key");
- rte_free(priv);
- return -ENOMEM;
+ if (session->auth_key.data == NULL) {
+ DPAA2_SEC_ERR("Unable to allocate memory for auth key");
+ rte_free(priv);
+ return -ENOMEM;
+ }
+ memcpy(session->auth_key.data, xform->auth.key.data,
+ xform->auth.key.length);
+ authdata.key = (size_t)session->auth_key.data;
+ authdata.key_enc_flags = 0;
+ authdata.key_type = RTA_DATA_IMM;
}
- session->auth_key.length = xform->auth.key.length;
-
- memcpy(session->auth_key.data, xform->auth.key.data,
- xform->auth.key.length);
- authdata.key = (size_t)session->auth_key.data;
authdata.keylen = session->auth_key.length;
- authdata.key_enc_flags = 0;
- authdata.key_type = RTA_DATA_IMM;
session->digest_length = xform->auth.digest_length;
session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
!session->dir,
session->digest_length);
break;
- case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1:
+ authdata.algtype = OP_ALG_ALGSEL_SHA1;
+ authdata.algmode = OP_ALG_AAI_HASH;
+ session->auth_alg = RTE_CRYPTO_AUTH_SHA1;
+ bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
+ case RTE_CRYPTO_AUTH_MD5:
+ authdata.algtype = OP_ALG_ALGSEL_MD5;
+ authdata.algmode = OP_ALG_AAI_HASH;
+ session->auth_alg = RTE_CRYPTO_AUTH_MD5;
+ bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_SHA256:
+ authdata.algtype = OP_ALG_ALGSEL_SHA256;
+ authdata.algmode = OP_ALG_AAI_HASH;
+ session->auth_alg = RTE_CRYPTO_AUTH_SHA256;
+ bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ authdata.algtype = OP_ALG_ALGSEL_SHA384;
+ authdata.algmode = OP_ALG_AAI_HASH;
+ session->auth_alg = RTE_CRYPTO_AUTH_SHA384;
+ bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_SHA512:
+ authdata.algtype = OP_ALG_ALGSEL_SHA512;
+ authdata.algmode = OP_ALG_AAI_HASH;
+ session->auth_alg = RTE_CRYPTO_AUTH_SHA512;
+ bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_SHA224:
- case RTE_CRYPTO_AUTH_SHA384:
- case RTE_CRYPTO_AUTH_MD5:
+ authdata.algtype = OP_ALG_ALGSEL_SHA224;
+ authdata.algmode = OP_ALG_AAI_HASH;
+ session->auth_alg = RTE_CRYPTO_AUTH_SHA224;
+ bufsize = cnstr_shdsc_hash(priv->flc_desc[DESC_INITFINAL].desc,
+ 1, 0, SHR_NEVER, &authdata,
+ !session->dir,
+ session->digest_length);
+ break;
case RTE_CRYPTO_AUTH_AES_GMAC:
case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
case RTE_CRYPTO_AUTH_AES_CMAC:
case RTE_CRYPTO_AUTH_AES_CBC_MAC:
+ case RTE_CRYPTO_AUTH_KASUMI_F9:
+ case RTE_CRYPTO_AUTH_NULL:
DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
xform->auth.algo);
ret = -ENOTSUP;
}
bufsize = cnstr_shdsc_ipsec_new_encap(priv->flc_desc[0].desc,
- 1, 0, SHR_SERIAL, &encap_pdb,
+ 1, 0, (rta_sec_era >= RTA_SEC_ERA_10) ?
+ SHR_WAIT : SHR_SERIAL, &encap_pdb,
hdr, &cipherdata, &authdata);
} else if (ipsec_xform->direction ==
RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
uint32_t win_sz;
win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
+ if (rta_sec_era < RTA_SEC_ERA_10 && win_sz > 128) {
+ DPAA2_SEC_INFO("Max Anti replay Win sz = 128");
+ win_sz = 128;
+ }
switch (win_sz) {
case 1:
case 2:
case 64:
decap_pdb.options |= PDBOPTS_ESP_ARS64;
break;
+ case 256:
+ decap_pdb.options |= PDBOPTS_ESP_ARS256;
+ break;
+ case 512:
+ decap_pdb.options |= PDBOPTS_ESP_ARS512;
+ break;
+ case 1024:
+ decap_pdb.options |= PDBOPTS_ESP_ARS1024;
+ break;
+ case 128:
default:
decap_pdb.options |= PDBOPTS_ESP_ARS128;
}
}
session->dir = DIR_DEC;
bufsize = cnstr_shdsc_ipsec_new_decap(priv->flc_desc[0].desc,
- 1, 0, SHR_SERIAL,
+ 1, 0, (rta_sec_era >= RTA_SEC_ERA_10) ?
+ SHR_WAIT : SHR_SERIAL,
&decap_pdb, &cipherdata, &authdata);
} else
goto out;
&cipherdata, &authdata,
0);
} else {
- if (session->dir == DIR_ENC)
- bufsize = cnstr_shdsc_pdcp_u_plane_encap(
+ if (session->dir == DIR_ENC) {
+ if (pdcp_xform->sdap_enabled)
+ bufsize = cnstr_shdsc_pdcp_sdap_u_plane_encap(
priv->flc_desc[0].desc, 1, swap,
session->pdcp.sn_size,
pdcp_xform->hfn,
pdcp_xform->pkt_dir,
pdcp_xform->hfn_threshold,
&cipherdata, p_authdata, 0);
- else if (session->dir == DIR_DEC)
- bufsize = cnstr_shdsc_pdcp_u_plane_decap(
+ else
+ bufsize = cnstr_shdsc_pdcp_u_plane_encap(
+ priv->flc_desc[0].desc, 1, swap,
+ session->pdcp.sn_size,
+ pdcp_xform->hfn,
+ pdcp_xform->bearer,
+ pdcp_xform->pkt_dir,
+ pdcp_xform->hfn_threshold,
+ &cipherdata, p_authdata, 0);
+ } else if (session->dir == DIR_DEC) {
+ if (pdcp_xform->sdap_enabled)
+ bufsize = cnstr_shdsc_pdcp_sdap_u_plane_decap(
priv->flc_desc[0].desc, 1, swap,
session->pdcp.sn_size,
pdcp_xform->hfn,
pdcp_xform->pkt_dir,
pdcp_xform->hfn_threshold,
&cipherdata, p_authdata, 0);
+ else
+ bufsize = cnstr_shdsc_pdcp_u_plane_decap(
+ priv->flc_desc[0].desc, 1, swap,
+ session->pdcp.sn_size,
+ pdcp_xform->hfn,
+ pdcp_xform->bearer,
+ pdcp_xform->pkt_dir,
+ pdcp_xform->hfn_threshold,
+ &cipherdata, p_authdata, 0);
+ }
}
if (bufsize < 0) {