X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Focteontx2%2Fotx2_ipsec_po.h;h=b3e7456551cfeea51a66220795b3362632e883c8;hb=3841fc3581ec4d95bf8a72e8a545db8d03ecd2bd;hp=6d25e2973410aae98743935cba7d11ac760d352a;hpb=5be562bc5b787734c7d94467ce745fad3fe0a154;p=dpdk.git

diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h
index 6d25e29734..b3e7456551 100644
--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h
+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h
@@ -10,10 +10,6 @@
 #include <rte_security.h>
 
 #define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN    0x09
-#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN   0x28
-
-#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN    0x22
-#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN   0x38
 
 #define OTX2_IPSEC_PO_PER_PKT_IV  BIT(11)
 
@@ -24,6 +20,12 @@
 
 #define OTX2_IPSEC_PO_INB_RPTR_HDR         0x8
 
+enum otx2_ipsec_po_mode_type {
+	OTX2_IPSEC_PO_TRANSPORT = 1,
+	OTX2_IPSEC_PO_TUNNEL_IPV4,
+	OTX2_IPSEC_PO_TUNNEL_IPV6,
+};
+
 enum otx2_ipsec_po_comp_e {
 	OTX2_IPSEC_PO_CC_SUCCESS = 0x00,
 	OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,
@@ -156,11 +158,18 @@ struct otx2_ipsec_po_in_sa {
 	/* w8 */
 	uint8_t udp_encap[8];
 
-	/* w9-w23 */
-	struct {
-		uint8_t hmac_key[48];
-		struct otx2_ipsec_po_traffic_selector selector;
-	} aes_gcm;
+	/* w9-w33 */
+	union {
+		struct {
+			uint8_t hmac_key[48];
+			struct otx2_ipsec_po_traffic_selector selector;
+		} aes_gcm;
+		struct {
+			uint8_t hmac_key[64];
+			uint8_t hmac_iv[64];
+			struct otx2_ipsec_po_traffic_selector selector;
+		} sha2;
+	};
 	union {
 		struct otx2_ipsec_replay *replay;
 		uint64_t replay64;
@@ -171,9 +180,16 @@ struct otx2_ipsec_po_in_sa {
 struct otx2_ipsec_po_ip_template {
 	RTE_STD_C11
 	union {
-		uint8_t raw[252];
-		struct rte_ipv4_hdr ipv4_hdr;
-		struct rte_ipv6_hdr ipv6_hdr;
+		struct {
+			struct rte_ipv4_hdr ipv4_hdr;
+			uint16_t udp_src;
+			uint16_t udp_dst;
+		} ip4;
+		struct {
+			struct rte_ipv6_hdr ipv6_hdr;
+			uint16_t udp_src;
+			uint16_t udp_dst;
+		} ip6;
 	};
 };
 
@@ -191,10 +207,22 @@ struct otx2_ipsec_po_out_sa {
 	uint32_t esn_hi;
 	uint32_t esn_low;
 
-	/* w8-w39 */
-	struct otx2_ipsec_po_ip_template template;
-	uint16_t udp_src;
-	uint16_t udp_dst;
+	/* w8-w55 */
+	union {
+		struct {
+			struct otx2_ipsec_po_ip_template template;
+		} aes_gcm;
+		struct {
+			uint8_t hmac_key[24];
+			uint8_t unused[24];
+			struct otx2_ipsec_po_ip_template template;
+		} sha1;
+		struct {
+			uint8_t hmac_key[64];
+			uint8_t hmac_iv[64];
+			struct otx2_ipsec_po_ip_template template;
+		} sha2;
+	};
 };
 
 static inline int
@@ -223,6 +251,9 @@ ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform)
 	if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
 		if (keylen >= 20 && keylen <= 64)
 			return 0;
+	} else if (xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) {
+		if (keylen >= 32 && keylen <= 64)
+			return 0;
 	}
 
 	return -ENOTSUP;
@@ -348,8 +379,8 @@ ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
 			return -ENOTSUP;
 		}
 	} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {
-		ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM;
-		aes_key_len = xform->cipher.key.length;
+		ctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CBC;
+		aes_key_len = cipher_xform->cipher.key.length;
 	} else {
 		return -ENOTSUP;
 	}