X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Focteontx2%2Fotx2_ipsec_po.h;h=8a672a38eae6be557592cdc98c814687ab433742;hb=e863fe3a13da89787fdf3b5c590101a3c0f10af6;hp=020748609e61e05be86a80f9260e6235f9a50ce8;hpb=fab634eb87ca3883562c95a20f9a69eba645456b;p=dpdk.git

diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 020748609e..8a672a38ea 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -10,10 +10,6 @@
 #include <rte_security.h>
 
 #define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN    0x09
-#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN   0x28
-
-#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN    0x22
-#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN   0x38
 
 #define OTX2_IPSEC_PO_PER_PKT_IV  BIT(11)
 
@@ -156,19 +152,38 @@ struct otx2_ipsec_po_in_sa {
 	/* w8 */
 	uint8_t udp_encap[8];
 
-	/* w9-w23 */
-	struct {
-		uint8_t hmac_key[48];
-		struct otx2_ipsec_po_traffic_selector selector;
-	} aes_gcm;
+	/* w9-w33 */
+	union {
+		struct {
+			uint8_t hmac_key[48];
+			struct otx2_ipsec_po_traffic_selector selector;
+		} aes_gcm;
+		struct {
+			uint8_t hmac_key[64];
+			uint8_t hmac_iv[64];
+			struct otx2_ipsec_po_traffic_selector selector;
+		} sha2;
+	};
+	union {
+		struct otx2_ipsec_replay *replay;
+		uint64_t replay64;
+	};
+	uint32_t replay_win_sz;
 };
 
 struct otx2_ipsec_po_ip_template {
 	RTE_STD_C11
 	union {
-		uint8_t raw[252];
-		struct rte_ipv4_hdr ipv4_hdr;
-		struct rte_ipv6_hdr ipv6_hdr;
+		struct {
+			struct rte_ipv4_hdr ipv4_hdr;
+			uint16_t udp_src;
+			uint16_t udp_dst;
+		} ip4;
+		struct {
+			struct rte_ipv6_hdr ipv6_hdr;
+			uint16_t udp_src;
+			uint16_t udp_dst;
+		} ip6;
 	};
 };
 
@@ -186,10 +201,23 @@ struct otx2_ipsec_po_out_sa {
 	uint32_t esn_hi;
 	uint32_t esn_low;
 
-	/* w8-w39 */
-	struct otx2_ipsec_po_ip_template template;
-	uint16_t udp_src;
-	uint16_t udp_dst;
+	/* w8-w55 */
+	union {
+		uint8_t raw[384];
+		struct {
+			struct otx2_ipsec_po_ip_template template;
+		} aes_gcm;
+		struct {
+			uint8_t hmac_key[24];
+			uint8_t unused[24];
+			struct otx2_ipsec_po_ip_template template;
+		} sha1;
+		struct {
+			uint8_t hmac_key[64];
+			uint8_t hmac_iv[64];
+			struct otx2_ipsec_po_ip_template template;
+		} sha2;
+	};
 };
 
 static inline int
@@ -218,6 +246,9 @@ ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform)
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
 		if (keylen >= 20 && keylen <= 64)
 			return 0;
+	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) {
+		if (keylen >= 32 && keylen <= 64)
+			return 0;
 	}
 
 	return -ENOTSUP;
@@ -319,7 +350,7 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 			return -EINVAL;
 	}
 
-	ctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;
+	ctl->inner_ip_ver = ctl->outer_ip_ver;
 
 	if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
 		ctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;
@@ -343,8 +374,8 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 			return -ENOTSUP;
 		}
 	} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
-		ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM;
-		aes_key_len = xform->cipher.key.length;
+		ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CBC;
+		aes_key_len = cipher_xform->cipher.key.length;
 	} else {
 		return -ENOTSUP;
 	}