Adding AES-CBC-HMAC-SHA256 support to lookaside IPsec PMD.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
* IPv4
* IPv6
* ESP
+* ESN
+* Anti-replay
* Tunnel mode
* Transport mode(IPv4)
* UDP Encapsulation
+
+AEAD algorithms
++++++++++++++++
+
* AES-128/192/256-GCM
-* AES-128/192/256-CBC-SHA1-HMAC
-* AES-128/192/256-CBC-SHA256-128-HMAC
-* ESN
-* Anti-replay
+
+Cipher algorithms
++++++++++++++++++
+
+* AES-128/192/256-CBC
+
+Auth algorithms
++++++++++++++++
+
+* SHA1-HMAC
+* SHA256-128-HMAC
CN10XX Features supported
~~~~~~~~~~~~~~~~~~~~~~~~~
* Tunnel mode
* Transport mode
* UDP Encapsulation
+
+AEAD algorithms
++++++++++++++++
+
* AES-128/192/256-GCM
-* AES-128/192/256-CBC-NULL
-* AES-128/192/256-CBC-SHA1-HMAC
+
+Cipher algorithms
++++++++++++++++++
+
+* AES-128/192/256-CBC
+
+Auth algorithms
++++++++++++++++
+
+* NULL
+* SHA1-HMAC
+* SHA256-128-HMAC
Also, make sure to start the actual text at the margin.
=======================================================
+* **Updated Marvell cnxk crypto PMD.**
+
+ * Added SHA256-HMAC support in lookaside protocol (IPsec) for CN10K.
+
* **Added an API to retrieve event port id of ethdev Rx adapter.**
The new API ``rte_event_eth_rx_adapter_event_port_get()`` was added.
roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
+ roc_hash_sha256_gen(ipad, (uint32_t *)&hmac_opad_ipad[64]);
+ break;
default:
break;
}
w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA1;
ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+ tmp_key = (uint64_t *)hmac_opad_ipad;
+ for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
+ sizeof(uint64_t));
+ i++)
+ tmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);
+ break;
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ w2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_256;
+ ipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+
tmp_key = (uint64_t *)hmac_opad_ipad;
for (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN /
sizeof(uint64_t));
if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
sa->iv_offset = crypto_xfrm->aead.iv.offset;
sa->iv_length = crypto_xfrm->aead.iv.length;
+ } else {
+ sa->iv_offset = crypto_xfrm->cipher.iv.offset;
+ sa->iv_length = crypto_xfrm->cipher.iv.length;
}
}
#else
}, }
}, }
},
+ { /* SHA256 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 1,
+ .max = 1024,
+ .increment = 1
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
};
static const struct rte_security_capability sec_caps_templ[] = {
if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
if (keylen >= 20 && keylen <= 64)
return 0;
- } else if (roc_model_is_cn9k() &&
- (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
+ } else if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) {
if (keylen >= 32 && keylen <= 64)
return 0;
}
git.droids-corp.org / dpdk.git / commitdiff