From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Archana Muniganti <marchana@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 15/25] crypto/cnxk: add skip for unsupported cases
Date: Tue, 7 Dec 2021 12:20:48 +0530 [thread overview]
Message-ID: <1638859858-734-16-git-send-email-anoobj@marvell.com> (raw)
In-Reply-To: <1638859858-734-1-git-send-email-anoobj@marvell.com>
Add skip for transport mode tests that are not supported. Also, updated the
transport mode path to configure IP version as v4.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/crypto/cnxk/cn9k_ipsec.c | 53 +++++++++++++++++++++++++++++++++++-----
1 file changed, 47 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 395b0d5..3c6c8e9 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -141,11 +141,10 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,
return -EINVAL;
}
- ctl->inner_ip_ver = ctl->outer_ip_ver;
-
- if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
ctl->ipsec_mode = ROC_IE_SA_MODE_TRANSPORT;
- else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
+ ctl->outer_ip_ver = ROC_IE_SA_IP_VERSION_4;
+ } else if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)
ctl->ipsec_mode = ROC_IE_SA_MODE_TUNNEL;
else
return -EINVAL;
@@ -548,7 +547,8 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,
}
static inline int
-cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec)
+cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec,
+ struct rte_crypto_sym_xform *crypto)
{
if (ipsec->life.bytes_hard_limit != 0 ||
ipsec->life.bytes_soft_limit != 0 ||
@@ -556,6 +556,47 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec)
ipsec->life.packets_soft_limit != 0)
return -ENOTSUP;
+ if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT) {
+ enum rte_crypto_sym_xform_type type = crypto->type;
+
+ if (type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ if ((crypto->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) &&
+ (crypto->aead.key.length == 32)) {
+ plt_err("Transport mode AES-256-GCM is not supported");
+ return -ENOTSUP;
+ }
+ } else {
+ struct rte_crypto_cipher_xform *cipher;
+ struct rte_crypto_auth_xform *auth;
+
+ if (crypto->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ cipher = &crypto->cipher;
+ auth = &crypto->next->auth;
+ } else {
+ cipher = &crypto->next->cipher;
+ auth = &crypto->auth;
+ }
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
+ plt_err("Transport mode AES-CBC SHA1 HMAC 256 is not supported");
+ return -ENOTSUP;
+ }
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) {
+ plt_err("Transport mode AES-CBC SHA2 HMAC 384 is not supported");
+ return -ENOTSUP;
+ }
+
+ if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
+ (auth->algo == RTE_CRYPTO_AUTH_SHA512_HMAC)) {
+ plt_err("Transport mode AES-CBC SHA2 HMAC 512 is not supported");
+ return -ENOTSUP;
+ }
+ }
+ }
+
return 0;
}
@@ -580,7 +621,7 @@ cn9k_ipsec_session_create(void *dev,
if (ret)
return ret;
- ret = cn9k_ipsec_xform_verify(ipsec_xform);
+ ret = cn9k_ipsec_xform_verify(ipsec_xform, crypto_xform);
if (ret)
return ret;
--
2.7.4
next prev parent reply other threads:[~2021-12-07 6:52 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-07 6:50 [PATCH 00/25] New features and improvements in cnxk crypto PMD Anoob Joseph
2021-12-07 6:50 ` [PATCH 01/25] common/cnxk: define minor opcodes for MISC opcode Anoob Joseph
2021-12-07 6:50 ` [PATCH 02/25] common/cnxk: add aes-xcbc key derive Anoob Joseph
2021-12-07 6:50 ` [PATCH 03/25] common/cnxk: add bit fields for params Anoob Joseph
2021-12-07 6:50 ` [PATCH 04/25] common/cnxk: fix reset of fields Anoob Joseph
2021-12-07 6:50 ` [PATCH 05/25] common/cnxk: verify input args Anoob Joseph
2021-12-07 6:50 ` [PATCH 06/25] crypto/cnxk: only enable queues that are allocated Anoob Joseph
2021-12-07 6:50 ` [PATCH 07/25] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Anoob Joseph
2021-12-07 6:50 ` [PATCH 08/25] crypto/cnxk: clear session data before populating Anoob Joseph
2021-12-07 6:50 ` [PATCH 09/25] crypto/cnxk: update max sec crypto caps Anoob Joseph
2021-12-07 6:50 ` [PATCH 10/25] crypto/cnxk: write CPT CTX through microcode op Anoob Joseph
2021-12-07 6:50 ` [PATCH 11/25] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Anoob Joseph
2021-12-07 6:50 ` [PATCH 12/25] crypto/cnxk: account for CPT CTX updates and flush delays Anoob Joseph
2021-12-07 6:50 ` [PATCH 13/25] crypto/cnxk: use struct sizes for ctx writes Anoob Joseph
2021-12-07 6:50 ` [PATCH 14/25] crypto/cnxk: add security session stats get Anoob Joseph
2021-12-07 6:50 ` Anoob Joseph [this message]
2021-12-07 6:50 ` [PATCH 16/25] crypto/cnxk: add context reload for IV Anoob Joseph
2021-12-07 6:50 ` [PATCH 17/25] crypto/cnxk: handle null chained ops Anoob Joseph
2021-12-07 6:50 ` [PATCH 18/25] crypto/cnxk: fix inflight cnt calculation Anoob Joseph
2021-12-07 6:50 ` [PATCH 19/25] crypto/cnxk: use atomics to access cpt res Anoob Joseph
2021-12-07 6:50 ` [PATCH 20/25] crypto/cnxk: add more info on command timeout Anoob Joseph
2021-12-07 6:50 ` [PATCH 21/25] crypto/cnxk: support lookaside IPsec AES-CTR Anoob Joseph
2021-12-07 6:50 ` [PATCH 22/25] crypto/cnxk: fix extend tail calculation Anoob Joseph
2021-12-07 6:50 ` [PATCH 23/25] crypto/cnxk: add aes xcbc and null cipher Anoob Joseph
2021-12-07 6:50 ` [PATCH 24/25] crypto/cnxk: add copy and set DF Anoob Joseph
2021-12-07 6:50 ` [PATCH 25/25] crypto/cnxk: add aes cmac Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 00/29] New features and improvements in cnxk crypto PMD Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 01/29] common/cnxk: define minor opcodes for MISC opcode Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 02/29] common/cnxk: add aes-xcbc key derive Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 03/29] common/cnxk: add bit fields for params Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 04/29] common/cnxk: fix reset of fields Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 05/29] common/cnxk: verify input args Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 06/29] common/cnxk: update completion code Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 07/29] crypto/cnxk: only enable queues that are allocated Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 08/29] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 09/29] crypto/cnxk: clear session data before populating Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 10/29] crypto/cnxk: update max sec crypto caps Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 11/29] crypto/cnxk: write CPT CTX through microcode op Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 12/29] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 13/29] crypto/cnxk: account for CPT CTX updates and flush delays Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 14/29] crypto/cnxk: use struct sizes for ctx writes Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 15/29] crypto/cnxk: add security session stats get Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 16/29] crypto/cnxk: add skip for unsupported cases Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 17/29] crypto/cnxk: add context reload for IV Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 18/29] crypto/cnxk: handle null chained ops Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 19/29] crypto/cnxk: fix inflight cnt calculation Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 20/29] crypto/cnxk: use atomics to access CPT res Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 21/29] crypto/cnxk: add more info on command timeout Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 22/29] crypto/cnxk: support lookaside IPsec AES-CTR Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 23/29] crypto/cnxk: fix extend tail calculation Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 24/29] crypto/cnxk: add aes xcbc and null cipher Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 25/29] crypto/cnxk: add copy and set DF Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 26/29] crypto/cnxk: add aes cmac Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 28/29] crypto/cnxk: enable copy dscp Anoob Joseph
2021-12-16 17:49 ` [PATCH v2 29/29] crypto/cnxk: update microcode completion handling Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 00/29] New features and improvements in cnxk crypto PMD Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 01/29] common/cnxk: define minor opcodes for MISC opcode Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 02/29] common/cnxk: add aes-xcbc key derive Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 03/29] common/cnxk: add bit fields for params Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 04/29] common/cnxk: fix reset of fields Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 05/29] common/cnxk: verify input args Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 06/29] common/cnxk: update completion code Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 07/29] crypto/cnxk: only enable queues that are allocated Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 08/29] crypto/cnxk: add lookaside IPsec AES-CBC-HMAC-SHA256 support Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 09/29] crypto/cnxk: clear session data before populating Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 10/29] crypto/cnxk: update max sec crypto caps Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 11/29] crypto/cnxk: write CPT CTX through microcode op Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 12/29] crypto/cnxk: support cnxk lookaside IPsec HMAC-SHA384/512 Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 13/29] crypto/cnxk: account for CPT CTX updates and flush delays Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 14/29] crypto/cnxk: use struct sizes for ctx writes Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 15/29] crypto/cnxk: add security session stats get Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 16/29] crypto/cnxk: add skip for unsupported cases Anoob Joseph
2021-12-17 9:19 ` [PATCH v3 17/29] crypto/cnxk: add context reload for IV Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 18/29] crypto/cnxk: handle null chained ops Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 19/29] crypto/cnxk: fix inflight cnt calculation Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 20/29] crypto/cnxk: use atomics to access CPT res Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 21/29] crypto/cnxk: add more info on command timeout Anoob Joseph
2022-01-11 15:23 ` Thomas Monjalon
2022-01-21 9:16 ` [EXT] " Akhil Goyal
2022-01-21 10:41 ` Thomas Monjalon
2021-12-17 9:20 ` [PATCH v3 22/29] crypto/cnxk: support lookaside IPsec AES-CTR Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 23/29] crypto/cnxk: fix extend tail calculation Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 24/29] crypto/cnxk: add aes xcbc and null cipher Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 25/29] crypto/cnxk: add copy and set DF Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 26/29] crypto/cnxk: add aes cmac Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 27/29] crypto/cnxk: add per pkt IV in lookaside IPsec debug mode Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 28/29] crypto/cnxk: enable copy dscp Anoob Joseph
2021-12-17 9:20 ` [PATCH v3 29/29] crypto/cnxk: update microcode completion handling Anoob Joseph
2021-12-24 12:43 ` [PATCH v3 00/29] New features and improvements in cnxk crypto PMD Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1638859858-734-16-git-send-email-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=marchana@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).