crypto/cnxk: update lookaside RLEN calculation

For transport mode, IP header will not be part of encryption. Update the response len calculation accordingly for transport mode. Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
2022-10-19 19:45:06 +05:30 · 2022-10-19 19:45:06 +05:30 · 91c8925f99
commit 91c8925f99
parent 39ae58f294
2 changed files with 7 additions and 45 deletions
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@ -211,50 +211,8 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec,
 				plt_err("Transport mode AES-256-GCM is not supported");
 				return -ENOTSUP;
 			}
-		} else {
-			struct rte_crypto_cipher_xform *cipher;
-			struct rte_crypto_auth_xform *auth;
-
-			if (crypto->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-				cipher = &crypto->cipher;
-				auth = &crypto->next->auth;
-			} else {
-				cipher = &crypto->next->cipher;
-				auth = &crypto->auth;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
-				plt_err("Transport mode AES-CBC SHA2 HMAC 256 is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) {
-				plt_err("Transport mode AES-CBC SHA2 HMAC 384 is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_SHA512_HMAC)) {
-				plt_err("Transport mode AES-CBC SHA2 HMAC 512 is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
-				plt_err("Transport mode AES-CBC AES-XCBC is not supported");
-				return -ENOTSUP;
-			}
-
-			if ((cipher->algo == RTE_CRYPTO_CIPHER_3DES_CBC) &&
-			    (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
-				plt_err("Transport mode 3DES-CBC AES-XCBC is not supported");
-				return -ENOTSUP;
-			}
 		}
 	}
-
 	return 0;
 }

--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@ -16,11 +16,15 @@ static __rte_always_inline int32_t
 ipsec_po_out_rlen_get(struct cn9k_sec_session *sess, uint32_t plen)
 {
 	uint32_t enc_payload_len;
+	int adj_len = 0;

-	enc_payload_len = RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len,
-					 sess->rlens.roundup_byte);
+	if (sess->sa.out_sa.common_sa.ctl.ipsec_mode == ROC_IE_SA_MODE_TRANSPORT)
+		adj_len = ROC_CPT_TUNNEL_IPV4_HDR_LEN;

-	return sess->custom_hdr_len + sess->rlens.partial_len + enc_payload_len;
+	enc_payload_len =
+		RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len - adj_len, sess->rlens.roundup_byte);
+
+	return sess->custom_hdr_len + sess->rlens.partial_len + enc_payload_len + adj_len;
 }

 static __rte_always_inline int