From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Enable 3DES-CBC cipher capability for inline IPsec
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/common/cnxk/cnxk_security.c | 3 +++
drivers/crypto/cnxk/cn9k_ipsec.c | 6 ++++++
drivers/net/cnxk/cn9k_ethdev_sec.c | 21 ++++++++++++++++++++-
3 files changed, 29 insertions(+), 1 deletion(-)
@@ -1033,6 +1033,9 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
case RTE_CRYPTO_CIPHER_NULL:
ctl->enc_type = ROC_IE_ON_SA_ENC_NULL;
break;
+ case RTE_CRYPTO_CIPHER_3DES_CBC:
+ ctl->enc_type = ROC_IE_ON_SA_ENC_3DES_CBC;
+ break;
case RTE_CRYPTO_CIPHER_AES_CBC:
ctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;
aes_key_len = cipher_xform->cipher.key.length;
@@ -248,6 +248,12 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec,
plt_err("Transport mode AES-CBC AES-XCBC is not supported");
return -ENOTSUP;
}
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_3DES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
+ plt_err("Transport mode 3DES-CBC AES-XCBC is not supported");
+ return -ENOTSUP;
+ }
}
}
@@ -30,7 +30,26 @@ static struct rte_cryptodev_capabilities cn9k_eth_sec_crypto_caps[] = {
}, },
}, }
},
-
+ { /* 3DES CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 24,
+ .max = 24,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 16,
+ .increment = 8
+ }
+ }, },
+ }, }
+ },
{ /* AES GCM */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {