X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;ds=sidebyside;f=drivers%2Fcommon%2Fcnxk%2Fcnxk_security.c;h=72ee5ee91f8812681425f0ded52a9960e0b6ada8;hb=28b283fa7f7519425c2d26ff9f774c5e5afdf429;hp=6ebf0846f5c437036d26aa672e7a63b839008fed;hpb=7f4977e889c0601d5d4851d797657558d1236bf3;p=dpdk.git

diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c
index 6ebf0846f5..72ee5ee91f 100644
--- a/drivers/common/cnxk/cnxk_security.c
+++ b/drivers/common/cnxk/cnxk_security.c
@@ -57,25 +57,23 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 			      struct rte_crypto_sym_xform *crypto_xfrm)
 {
 	struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;
-	const uint8_t *key;
+	const uint8_t *key = NULL;
 	uint32_t *tmp_salt;
 	uint64_t *tmp_key;
-	int length, i;
+	int i, length = 0;
 
 	/* Set direction */
-	switch (ipsec_xfrm->direction) {
-	case RTE_SECURITY_IPSEC_SA_DIR_INGRESS:
+	if (ipsec_xfrm->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+		w2->s.dir = ROC_IE_SA_DIR_OUTBOUND;
+	else
 		w2->s.dir = ROC_IE_SA_DIR_INBOUND;
+
+	if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xfrm = crypto_xfrm;
 		cipher_xfrm = crypto_xfrm->next;
-		break;
-	case RTE_SECURITY_IPSEC_SA_DIR_EGRESS:
-		w2->s.dir = ROC_IE_SA_DIR_OUTBOUND;
+	} else {
 		cipher_xfrm = crypto_xfrm;
 		auth_xfrm = crypto_xfrm->next;
-		break;
-	default:
-		return -EINVAL;
 	}
 
 	/* Set protocol - ESP vs AH */
@@ -119,18 +117,26 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 			return -ENOTSUP;
 		}
 	} else {
-		switch (cipher_xfrm->cipher.algo) {
-		case RTE_CRYPTO_CIPHER_NULL:
-			w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CBC:
-			w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
-			break;
-		case RTE_CRYPTO_CIPHER_AES_CTR:
-			w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
-			break;
-		default:
-			return -ENOTSUP;
+		if (cipher_xfrm != NULL) {
+			switch (cipher_xfrm->cipher.algo) {
+			case RTE_CRYPTO_CIPHER_NULL:
+				w2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CBC:
+				w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;
+				break;
+			case RTE_CRYPTO_CIPHER_AES_CTR:
+				w2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CTR;
+				break;
+			case RTE_CRYPTO_CIPHER_3DES_CBC:
+				w2->s.enc_type = ROC_IE_OT_SA_ENC_3DES_CBC;
+				break;
+			default:
+				return -ENOTSUP;
+			}
+
+			key = cipher_xfrm->cipher.key.data;
+			length = cipher_xfrm->cipher.key.length;
 		}
 
 		switch (auth_xfrm->auth.algo) {
@@ -152,6 +158,14 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 		case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 			w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_XCBC_128;
 			break;
+		case RTE_CRYPTO_AUTH_AES_GMAC:
+			w2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_GMAC;
+			key = auth_xfrm->auth.key.data;
+			length = auth_xfrm->auth.key.length;
+			memcpy(salt_key, &ipsec_xfrm->salt, 4);
+			tmp_salt = (uint32_t *)salt_key;
+			*tmp_salt = rte_be_to_cpu_32(*tmp_salt);
+			break;
 		default:
 			return -ENOTSUP;
 		}
@@ -169,8 +183,6 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 		     i++)
 			tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
 
-		key = cipher_xfrm->cipher.key.data;
-		length = cipher_xfrm->cipher.key.length;
 	}
 
 	/* Set encapsulation type */
@@ -179,11 +191,13 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
 
 	w2->s.spi = ipsec_xfrm->spi;
 
-	/* Copy encryption key */
-	memcpy(cipher_key, key, length);
-	tmp_key = (uint64_t *)cipher_key;
-	for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)
-		tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+	if (key != NULL && length != 0) {
+		/* Copy encryption key */
+		memcpy(cipher_key, key, length);
+		tmp_key = (uint64_t *)cipher_key;
+		for (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)
+			tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+	}
 
 	/* Set AES key length */
 	if (w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CBC ||
@@ -304,13 +318,17 @@ ot_ipsec_inb_tunnel_hdr_fill(struct roc_ot_ipsec_inb_sa *sa,
 int
 cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
 			  struct rte_security_ipsec_xform *ipsec_xfrm,
-			  struct rte_crypto_sym_xform *crypto_xfrm)
+			  struct rte_crypto_sym_xform *crypto_xfrm,
+			  bool is_inline)
 {
 	union roc_ot_ipsec_sa_word2 w2;
 	uint32_t replay_win_sz;
 	size_t offset;
 	int rc;
 
+	/* Initialize the SA */
+	roc_ot_ipsec_inb_sa_init(sa, is_inline);
+
 	w2.u64 = 0;
 	rc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->w8.s.salt,
 					   sa->hmac_opad_ipad, ipsec_xfrm,
@@ -339,8 +357,11 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
 	 * second pass meta and no defrag.
 	 */
 	sa->w0.s.pkt_format = ROC_IE_OT_SA_PKT_FMT_META;
-	sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG;
-	sa->w0.s.pkind = ROC_OT_CPT_META_PKIND;
+	sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_NO_FRAG;
+	sa->w0.s.pkind = ROC_IE_OT_CPT_PKIND;
+
+	if (ipsec_xfrm->options.ip_reassembly_en)
+		sa->w0.s.pkt_output = ROC_IE_OT_SA_PKT_OUTPUT_HW_BASED_DEFRAG;
 
 	/* ESN */
 	sa->w2.s.esn_en = !!ipsec_xfrm->options.esn;
@@ -390,11 +411,6 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa,
 		sa->w0.s.hard_life_dec = 1;
 	}
 
-	/* There are two words of CPT_CTX_HW_S for ucode to skip */
-	sa->w0.s.ctx_hdr_size = 1;
-	sa->w0.s.aop_valid = 1;
-	sa->w0.s.et_ovrwr = 1;
-
 	rte_wmb();
 
 	/* Enable SA */
@@ -412,6 +428,9 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa,
 	size_t offset;
 	int rc;
 
+	/* Initialize the SA */
+	roc_ot_ipsec_outb_sa_init(sa);
+
 	w2.u64 = 0;
 	rc = ot_ipsec_sa_common_param_fill(&w2, sa->cipher_key, sa->iv.s.salt,
 					   sa->hmac_opad_ipad, ipsec_xfrm,
@@ -492,6 +511,9 @@ skip_tunnel_info:
 	/* ESN */
 	sa->w0.s.esn_en = !!ipsec_xfrm->options.esn;
 
+	if (ipsec_xfrm->esn.value)
+		sa->ctx.esn_val = ipsec_xfrm->esn.value - 1;
+
 	if (ipsec_xfrm->options.udp_encap) {
 		sa->w10.s.udp_src_port = 4500;
 		sa->w10.s.udp_dst_port = 4500;
@@ -500,8 +522,10 @@ skip_tunnel_info:
 	offset = offsetof(struct roc_ot_ipsec_outb_sa, ctx);
 	/* Word offset for HW managed SA field */
 	sa->w0.s.hw_ctx_off = offset / 8;
-	/* Context push size is up to hmac_opad_ipad */
-	sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off;
+
+	/* Context push size is up to err ctl in HW ctx */
+	sa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off + 1;
+
 	/* Entire context size in 128B units */
 	offset = sizeof(struct roc_ot_ipsec_outb_sa);
 	sa->w0.s.ctx_size = (PLT_ALIGN_CEIL(offset, ROC_CTX_UNIT_128B) /
@@ -753,6 +777,12 @@ cnxk_onf_ipsec_outb_sa_fill(struct roc_onf_ipsec_outb_sa *sa,
 		return -EINVAL;
 	}
 
+	/* Update udp encap ports */
+	if (ipsec_xfrm->options.udp_encap == 1) {
+		sa->udp_src = 4500;
+		sa->udp_dst = 4500;
+	}
+
 skip_tunnel_info:
 	rte_wmb();