From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add supoort for cipher DES and auth MD5 for IPsec offload
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 42 ++++++++++++++++++-
drivers/crypto/cnxk/cnxk_ipsec.h | 9 ++++
3 files changed, 51 insertions(+), 2 deletions(-)
@@ -11,7 +11,7 @@
#include "roc_cpt.h"
#define CNXK_CPT_MAX_CAPS 37
-#define CNXK_SEC_CRYPTO_MAX_CAPS 14
+#define CNXK_SEC_CRYPTO_MAX_CAPS 16
#define CNXK_SEC_MAX_CAPS 9
#define CNXK_AE_EC_ID_MAX 8
/**
@@ -946,6 +946,26 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
};
static const struct rte_cryptodev_capabilities sec_caps_des[] = {
+ { /* DES */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .block_size = 8,
+ .key_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 8,
+ .max = 8,
+ .increment = 0
+ }
+ }, },
+ }, }
+ },
{ /* 3DES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -965,7 +985,7 @@ static const struct rte_cryptodev_capabilities sec_caps_des[] = {
}
}, }
}, }
- }
+ },
};
static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {
@@ -1049,6 +1069,26 @@ static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {
}, }
}, }
},
+ { /* MD5 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 12,
+ .max = 12,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
};
static const struct rte_cryptodev_capabilities sec_caps_null[] = {
@@ -23,6 +23,10 @@ ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_NULL)
return 0;
+ if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_DES_CBC &&
+ crypto_xform->cipher.key.length == 8)
+ return 0;
+
if (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC ||
crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {
switch (crypto_xform->cipher.key.length) {
@@ -51,6 +55,11 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_NULL)
return 0;
+ if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_MD5_HMAC) {
+ if (keylen == 16)
+ return 0;
+ }
+
if (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {
if (keylen >= 20 && keylen <= 64)
return 0;