shared_desc_len = cnstr_shdsc_blkcipher(
cdb->sh_desc, true,
swap, SHR_NEVER, &alginfo_c,
- NULL,
ses->iv.length,
ses->dir);
break;
static int
dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
struct rte_crypto_auth_xform *auth_xform,
+ struct rte_security_ipsec_xform *ipsec_xform,
dpaa_sec_session *session)
{
if (cipher_xform) {
case RTE_CRYPTO_CIPHER_AES_CTR:
session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
session->cipher_key.algmode = OP_ALG_AAI_CTR;
+ if (session->dir == DIR_ENC) {
+ session->encap_pdb.ctr.ctr_initial = 0x00000001;
+ session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ } else {
+ session->decap_pdb.ctr.ctr_initial = 0x00000001;
+ session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+ }
break;
case RTE_CRYPTO_CIPHER_NULL:
session->cipher_key.alg = OP_PCL_IPSEC_NULL;
if (conf->crypto_xform->next)
auth_xform = &conf->crypto_xform->next->auth;
ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
- session);
+ ipsec_xform, session);
} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &conf->crypto_xform->auth;
if (conf->crypto_xform->next)
cipher_xform = &conf->crypto_xform->next->cipher;
ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
- session);
+ ipsec_xform, session);
} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
aead_xform = &conf->crypto_xform->aead;
ret = dpaa_sec_ipsec_aead_init(aead_xform,
sizeof(struct rte_ipv6_hdr) << 16;
if (ipsec_xform->options.esn)
session->decap_pdb.options |= PDBOPTS_ESP_ESN;
+ if (ipsec_xform->replay_win_sz) {
+ uint32_t win_sz;
+ win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
+
+ switch (win_sz) {
+ case 1:
+ case 2:
+ case 4:
+ case 8:
+ case 16:
+ case 32:
+ session->decap_pdb.options |= PDBOPTS_ESP_ARS32;
+ break;
+ case 64:
+ session->decap_pdb.options |= PDBOPTS_ESP_ARS64;
+ break;
+ default:
+ session->decap_pdb.options |=
+ PDBOPTS_ESP_ARS128;
+ }
+ }
} else
goto out;
rte_spinlock_lock(&internals->lock);