X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Focteontx2%2Fotx2_cryptodev_sec.c;h=342f089df8c9a5261e050338108e738f6373544b;hb=306a2fcd1b2d549b4094232f0a03c9c62228e298;hp=3cdb5bd1e6988fd3d4403a0c87d9c1d7f7c28620;hpb=8f685ec2d54528fbd770b9011e2782fa5262c17c;p=dpdk.git diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c index 3cdb5bd1e6..342f089df8 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c @@ -74,6 +74,8 @@ ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec, if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) lp->partial_len += OTX2_SEC_SHA1_HMAC_LEN; + else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + lp->partial_len += OTX2_SEC_SHA2_HMAC_LEN; else return -EINVAL; @@ -206,10 +208,10 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, struct otx2_ipsec_po_sa_ctl *ctl; int cipher_key_len, auth_key_len; struct otx2_ipsec_po_out_sa *sa; - struct rte_ipv6_hdr *ip6 = NULL; - struct rte_ipv4_hdr *ip = NULL; struct otx2_sec_session *sess; struct otx2_cpt_inst_s inst; + struct rte_ipv6_hdr *ip6; + struct rte_ipv4_hdr *ip; int ret, ctx_len; sess = get_sec_session_private_data(sec_sess); @@ -268,6 +270,20 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, sa->sha1.template.ip4); ctx_len = RTE_ALIGN_CEIL(ctx_len, 8); lp->ctx_len = ctx_len >> 3; + } else if (ctl->auth_type == + OTX2_IPSEC_PO_SA_AUTH_SHA2_256) { + if (ipsec->options.udp_encap) { + sa->sha2.template.ip4.udp_src = 4500; + sa->sha2.template.ip4.udp_dst = 4500; + } + ip = &sa->sha2.template.ip4.ipv4_hdr; + ctx_len = offsetof(struct otx2_ipsec_po_out_sa, + sha2.template) + sizeof( + sa->sha2.template.ip4); + ctx_len = RTE_ALIGN_CEIL(ctx_len, 8); + lp->ctx_len = ctx_len >> 3; + } else { + return -EINVAL; } ip->version_ihl = RTE_IPV4_VHL_DEF; ip->next_proto_id = IPPROTO_ESP; @@ -305,6 +321,20 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, sa->sha1.template.ip6); ctx_len = RTE_ALIGN_CEIL(ctx_len, 8); lp->ctx_len = ctx_len >> 3; + } else if (ctl->auth_type == + OTX2_IPSEC_PO_SA_AUTH_SHA2_256) { + if (ipsec->options.udp_encap) { + sa->sha2.template.ip6.udp_src = 4500; + sa->sha2.template.ip6.udp_dst = 4500; + } + ip6 = &sa->sha2.template.ip6.ipv6_hdr; + ctx_len = offsetof(struct otx2_ipsec_po_out_sa, + sha2.template) + sizeof( + sa->sha2.template.ip6); + ctx_len = RTE_ALIGN_CEIL(ctx_len, 8); + lp->ctx_len = ctx_len >> 3; + } else { + return -EINVAL; } ip6->vtc_flow = rte_cpu_to_be_32(0x60000000 | @@ -348,6 +378,8 @@ crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev, if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) memcpy(sa->sha1.hmac_key, auth_key, auth_key_len); + else if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + memcpy(sa->sha2.hmac_key, auth_key, auth_key_len); } if (cipher_key_len != 0) @@ -427,11 +459,16 @@ crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev, auth_key = auth_xform->auth.key.data; auth_key_len = auth_xform->auth.key.length; - if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) { memcpy(sa->aes_gcm.hmac_key, auth_key, auth_key_len); - - lp->ctx_len = offsetof(struct otx2_ipsec_po_in_sa, - aes_gcm.selector) >> 3; + lp->ctx_len = offsetof(struct otx2_ipsec_po_in_sa, + aes_gcm.selector) >> 3; + } else if (auth_xform->auth.algo == + RTE_CRYPTO_AUTH_SHA256_HMAC) { + memcpy(sa->sha2.hmac_key, auth_key, auth_key_len); + lp->ctx_len = offsetof(struct otx2_ipsec_po_in_sa, + sha2.selector) >> 3; + } } if (cipher_key_len != 0)