For TLS opcodes, ipad is at the offset 64 as compared to the packed
implementation for IPsec. Extend the function to handle TLS contexts as
well.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/common/cnxk/cnxk_security.c | 15 ++++++++-------
drivers/common/cnxk/cnxk_security.h | 3 ++-
2 files changed, 10 insertions(+), 8 deletions(-)
@@ -9,7 +9,8 @@
#include "roc_api.h"
void
-cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad)
+cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
+ bool is_tls)
{
const uint8_t *key = auth_xform->auth.key.data;
uint32_t length = auth_xform->auth.key.length;
@@ -29,11 +30,11 @@ cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_op
switch (auth_xform->auth.algo) {
case RTE_CRYPTO_AUTH_MD5_HMAC:
roc_hash_md5_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
- roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+ roc_hash_md5_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
break;
case RTE_CRYPTO_AUTH_SHA1_HMAC:
roc_hash_sha1_gen(opad, (uint32_t *)&hmac_opad_ipad[0]);
- roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[24]);
+ roc_hash_sha1_gen(ipad, (uint32_t *)&hmac_opad_ipad[is_tls ? 64 : 24]);
break;
case RTE_CRYPTO_AUTH_SHA256_HMAC:
roc_hash_sha256_gen(opad, (uint32_t *)&hmac_opad_ipad[0], 256);
@@ -191,7 +192,7 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,
const uint8_t *auth_key = auth_xfrm->auth.key.data;
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else {
- cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+ cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
}
tmp_key = (uint64_t *)hmac_opad_ipad;
@@ -740,7 +741,7 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,
key = cipher_xfrm->cipher.key.data;
length = cipher_xfrm->cipher.key.length;
- cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);
+ cnxk_sec_opad_ipad_gen(auth_xfrm, hmac_opad_ipad, false);
}
switch (length) {
@@ -1373,7 +1374,7 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
- cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+ cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
}
}
@@ -1440,7 +1441,7 @@ cnxk_on_ipsec_inb_sa_create(struct rte_security_ipsec_xform *ipsec,
roc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);
} else if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_NULL) {
- cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad);
+ cnxk_sec_opad_ipad_gen(auth_xform, hmac_opad_ipad, false);
}
}
@@ -70,6 +70,7 @@ int __roc_api cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipse
struct roc_ie_on_outb_sa *out_sa);
__rte_internal
-void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad);
+void cnxk_sec_opad_ipad_gen(struct rte_crypto_sym_xform *auth_xform, uint8_t *hmac_opad_ipad,
+ bool is_tls);
#endif /* _CNXK_SECURITY_H__ */