diff mbox series

[06/13] crypto/cnxk: update rlen calculation for lookaside mode

Message ID 20221019141513.1969052-7-ktejasree@marvell.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series [01/13] crypto/cnxk: fix length of AES-CMAC algo |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Tejasree Kondoj Oct. 19, 2022, 2:15 p.m. UTC 
  From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

For transport mode, IP header will not be part of encryption.
Update the response len calculation accordingly for transport mode

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cn9k_ipsec.c        | 42 -------------------------
 drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 10 ++++--
 2 files changed, 7 insertions(+), 45 deletions(-)
diff mbox series

Patch

diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 55a13570ad..9ae7c73b37 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -211,50 +211,8 @@  cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec,
 				plt_err("Transport mode AES-256-GCM is not supported");
 				return -ENOTSUP;
 			}
-		} else {
-			struct rte_crypto_cipher_xform *cipher;
-			struct rte_crypto_auth_xform *auth;
-
-			if (crypto->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-				cipher = &crypto->cipher;
-				auth = &crypto->next->auth;
-			} else {
-				cipher = &crypto->next->cipher;
-				auth = &crypto->auth;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
-				plt_err("Transport mode AES-CBC SHA2 HMAC 256 is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) {
-				plt_err("Transport mode AES-CBC SHA2 HMAC 384 is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_SHA512_HMAC)) {
-				plt_err("Transport mode AES-CBC SHA2 HMAC 512 is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
-				plt_err("Transport mode AES-CBC AES-XCBC is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_3DES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
-				plt_err("Transport mode 3DES-CBC AES-XCBC is not supported");
-				return -ENOTSUP;
-			}
 		}
 	}
-
 	return 0;
 }
 
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 52618e8840..724fc525ad 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -16,11 +16,15 @@  static __rte_always_inline int32_t
 ipsec_po_out_rlen_get(struct cn9k_sec_session *sess, uint32_t plen)
 {
 	uint32_t enc_payload_len;
+	int adj_len = 0;
 
-	enc_payload_len = RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len,
-					 sess->rlens.roundup_byte);
+	if (sess->sa.out_sa.common_sa.ctl.ipsec_mode == ROC_IE_SA_MODE_TRANSPORT)
+		adj_len = ROC_CPT_TUNNEL_IPV4_HDR_LEN;
 
-	return sess->custom_hdr_len + sess->rlens.partial_len + enc_payload_len;
+	enc_payload_len =
+		RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len - adj_len, sess->rlens.roundup_byte);
+
+	return sess->custom_hdr_len + sess->rlens.partial_len + enc_payload_len + adj_len;
 }
 
 static __rte_always_inline int