X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fdpaa_sec%2Fdpaa_sec.c;h=e0b307cecd2cd4cbf98f6e7d4dbc05c280d2c162;hb=39b88344e36426bea97cb131fb8ff5b4348e4676;hp=dcd03997fdee97b2ff8d441a1a74c186455673d0;hpb=fd900d3853dadb71492aa3cd1f45316f6bf809b6;p=dpdk.git

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index dcd03997fd..e0b307cecd 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -478,7 +478,6 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 			shared_desc_len = cnstr_shdsc_blkcipher(
 					cdb->sh_desc, true,
 					swap, SHR_NEVER, &alginfo_c,
-					NULL,
 					ses->iv.length,
 					ses->dir);
 			break;
@@ -2582,6 +2581,7 @@ dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
 static int
 dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	struct rte_crypto_auth_xform *auth_xform,
+	struct rte_security_ipsec_xform *ipsec_xform,
 	dpaa_sec_session *session)
 {
 	if (cipher_xform) {
@@ -2689,6 +2689,13 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	case RTE_CRYPTO_CIPHER_AES_CTR:
 		session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
 		session->cipher_key.algmode = OP_ALG_AAI_CTR;
+		if (session->dir == DIR_ENC) {
+			session->encap_pdb.ctr.ctr_initial = 0x00000001;
+			session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+		} else {
+			session->decap_pdb.ctr.ctr_initial = 0x00000001;
+			session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
+		}
 		break;
 	case RTE_CRYPTO_CIPHER_NULL:
 		session->cipher_key.alg = OP_PCL_IPSEC_NULL;
@@ -2740,13 +2747,13 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 		if (conf->crypto_xform->next)
 			auth_xform = &conf->crypto_xform->next->auth;
 		ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
-					session);
+					ipsec_xform, session);
 	} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = &conf->crypto_xform->auth;
 		if (conf->crypto_xform->next)
 			cipher_xform = &conf->crypto_xform->next->cipher;
 		ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
-					session);
+					ipsec_xform, session);
 	} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		aead_xform = &conf->crypto_xform->aead;
 		ret = dpaa_sec_ipsec_aead_init(aead_xform,
@@ -2827,6 +2834,27 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 					sizeof(struct rte_ipv6_hdr) << 16;
 		if (ipsec_xform->options.esn)
 			session->decap_pdb.options |= PDBOPTS_ESP_ESN;
+		if (ipsec_xform->replay_win_sz) {
+			uint32_t win_sz;
+			win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
+
+			switch (win_sz) {
+			case 1:
+			case 2:
+			case 4:
+			case 8:
+			case 16:
+			case 32:
+				session->decap_pdb.options |= PDBOPTS_ESP_ARS32;
+				break;
+			case 64:
+				session->decap_pdb.options |= PDBOPTS_ESP_ARS64;
+				break;
+			default:
+				session->decap_pdb.options |=
+							PDBOPTS_ESP_ARS128;
+			}
+		}
 	} else
 		goto out;
 	rte_spinlock_lock(&internals->lock);