Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/105188/?format=api
{ "id": 105188, "url": "http://patches.dpdk.org/api/patches/105188/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/1639676975-1316-25-git-send-email-anoobj@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<1639676975-1316-25-git-send-email-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/1639676975-1316-25-git-send-email-anoobj@marvell.com", "date": "2021-12-16T17:49:30", "name": "[v2,24/29] crypto/cnxk: add aes xcbc and null cipher", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "7a4250fff0441d33caf50985dc682151dec2409f", "submitter": { "id": 1205, "url": "http://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": null, "mbox": "http://patches.dpdk.org/project/dpdk/patch/1639676975-1316-25-git-send-email-anoobj@marvell.com/mbox/", "series": [ { "id": 20957, "url": "http://patches.dpdk.org/api/series/20957/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=20957", "date": "2021-12-16T17:49:06", "name": "New features and improvements in cnxk crypto PMD", "version": 2, "mbox": "http://patches.dpdk.org/series/20957/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/105188/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/105188/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 2BB0CA0032;\n\tThu, 16 Dec 2021 18:55:05 +0100 (CET)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id EC09041180;\n\tThu, 16 Dec 2021 18:54:49 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id 1E7EB41145\n for <dev@dpdk.org>; Thu, 16 Dec 2021 18:54:47 +0100 (CET)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id\n 1BGEd9JB007246\n for <dev@dpdk.org>; Thu, 16 Dec 2021 09:54:46 -0800", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3d02p0af40-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Thu, 16 Dec 2021 09:54:46 -0800", "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Thu, 16 Dec 2021 09:54:44 -0800", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Thu, 16 Dec 2021 09:54:44 -0800", "from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218])\n by maili.marvell.com (Postfix) with ESMTP id 0B5A23F7048;\n Thu, 16 Dec 2021 09:54:41 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=bFytE7SCBlVbCJhu+/5xBy/vGGeSyHLm0TzDazBKHsQ=;\n b=e55RaayjrCRrUrzU4OW8VH4J4EWvxRn1EFMCdpKqapzC2SYkl8rMdWCGxcaeGLuX+3GR\n /qVl0QixRQ2sG+u4nIIfO64jE2BaliqgEvZVk4rLe5xbLf1QY8Pyu2AoyFTkYmUuJBUH\n kMjahu0cY32OQ55JqxmJDZ2Ex7IXEWDYS3NWXDc4uZ59ITyYE7Z8Bfchj/KdFB7MVsFQ\n lMqzohaGQwZ9Tk4DT3eekT6heO4tQ2JiWk/VT8v9lqIPxvL/d4qZPbxzvgn6ht//AAtL\n npCChHYf3Vvih4FtWIOVDbwm7FAOYgchbpDOJG1Dl306C32O1ApNepLqf5htswunmEvM 8w==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>", "CC": "Anoob Joseph <anoobj@marvell.com>, Archana Muniganti\n <marchana@marvell.com>,\n Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>", "Subject": "[PATCH v2 24/29] crypto/cnxk: add aes xcbc and null cipher", "Date": "Thu, 16 Dec 2021 23:19:30 +0530", "Message-ID": "<1639676975-1316-25-git-send-email-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.7.4", "In-Reply-To": "<1639676975-1316-1-git-send-email-anoobj@marvell.com>", "References": "<1638859858-734-1-git-send-email-anoobj@marvell.com>\n <1639676975-1316-1-git-send-email-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "A3ROs4AzfLqAUUzZKE7DeVseDd7CyLzE", "X-Proofpoint-ORIG-GUID": "A3ROs4AzfLqAUUzZKE7DeVseDd7CyLzE", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.11.62.513\n definitions=2021-12-16_06,2021-12-16_01,2021-12-02_01", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Add support for AES XCBC and NULL cipher.\n\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\n---\n doc/guides/cryptodevs/cnxk.rst | 4 +\n doc/guides/rel_notes/release_22_03.rst | 2 +\n drivers/common/cnxk/cnxk_security.c | 48 ++++++++----\n drivers/common/cnxk/roc_ie_on.h | 10 +++\n drivers/crypto/cnxk/cn9k_ipsec.c | 93 ++++++++++++++++-------\n drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-\n drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 45 +++++++++++\n drivers/crypto/cnxk/cnxk_ipsec.h | 7 ++\n 8 files changed, 169 insertions(+), 42 deletions(-)", "diff": "diff --git a/doc/guides/cryptodevs/cnxk.rst b/doc/guides/cryptodevs/cnxk.rst\nindex 1239155..6e844f5 100644\n--- a/doc/guides/cryptodevs/cnxk.rst\n+++ b/doc/guides/cryptodevs/cnxk.rst\n@@ -260,6 +260,7 @@ AEAD algorithms\n Cipher algorithms\n +++++++++++++++++\n \n+* NULL\n * AES-128/192/256-CBC\n * AES-128/192/256-CTR\n \n@@ -270,6 +271,7 @@ Auth algorithms\n * SHA256-128-HMAC\n * SHA384-192-HMAC\n * SHA512-256-HMAC\n+* AES-XCBC-96\n \n CN10XX Features supported\n ~~~~~~~~~~~~~~~~~~~~~~~~~\n@@ -288,6 +290,7 @@ AEAD algorithms\n Cipher algorithms\n +++++++++++++++++\n \n+* NULL\n * AES-128/192/256-CBC\n * AES-128/192/256-CTR\n \n@@ -299,3 +302,4 @@ Auth algorithms\n * SHA256-128-HMAC\n * SHA384-192-HMAC\n * SHA512-256-HMAC\n+* AES-XCBC-96\ndiff --git a/doc/guides/rel_notes/release_22_03.rst b/doc/guides/rel_notes/release_22_03.rst\nindex 4b272e4..e8fec00 100644\n--- a/doc/guides/rel_notes/release_22_03.rst\n+++ b/doc/guides/rel_notes/release_22_03.rst\n@@ -61,6 +61,8 @@ New Features\n * Added SHA384-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.\n * Added SHA512-HMAC support in lookaside protocol (IPsec) for CN9K & CN10K.\n * Added AES-CTR support in lookaside protocol (IPsec) for CN9K & CN10K.\n+ * Added NULL cipher support in lookaside protocol (IPsec) for CN9K & CN10K.\n+ * Added AES-XCBC support in lookaside protocol (IPsec) for CN9K & CN10K.\n \n \n Removed Items\ndiff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c\nindex 0d4baa9..6ebf084 100644\n--- a/drivers/common/cnxk/cnxk_security.c\n+++ b/drivers/common/cnxk/cnxk_security.c\n@@ -120,6 +120,9 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\t}\n \t} else {\n \t\tswitch (cipher_xfrm->cipher.algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\t\tw2->s.enc_type = ROC_IE_OT_SA_ENC_NULL;\n+\t\t\tbreak;\n \t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n \t\t\tw2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CBC;\n \t\t\tbreak;\n@@ -146,11 +149,19 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n \t\t\tw2->s.auth_type = ROC_IE_OT_SA_AUTH_SHA2_512;\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t\tw2->s.auth_type = ROC_IE_OT_SA_AUTH_AES_XCBC_128;\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\treturn -ENOTSUP;\n \t\t}\n \n-\t\tipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);\n+\t\tif (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) {\n+\t\t\tconst uint8_t *auth_key = auth_xfrm->auth.key.data;\n+\t\t\troc_aes_xcbc_key_derive(auth_key, hmac_opad_ipad);\n+\t\t} else {\n+\t\t\tipsec_hmac_opad_ipad_gen(auth_xfrm, hmac_opad_ipad);\n+\t\t}\n \n \t\ttmp_key = (uint64_t *)hmac_opad_ipad;\n \t\tfor (i = 0;\n@@ -174,18 +185,26 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \tfor (i = 0; i < (int)(ROC_CTX_MAX_CKEY_LEN / sizeof(uint64_t)); i++)\n \t\ttmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);\n \n-\tswitch (length) {\n-\tcase ROC_CPT_AES128_KEY_LEN:\n-\t\tw2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;\n-\t\tbreak;\n-\tcase ROC_CPT_AES192_KEY_LEN:\n-\t\tw2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;\n-\t\tbreak;\n-\tcase ROC_CPT_AES256_KEY_LEN:\n-\t\tw2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;\n-\t\tbreak;\n-\tdefault:\n-\t\treturn -EINVAL;\n+\t/* Set AES key length */\n+\tif (w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CBC ||\n+\t w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||\n+\t w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||\n+\t w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||\n+\t w2->s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {\n+\t\tswitch (length) {\n+\t\tcase ROC_CPT_AES128_KEY_LEN:\n+\t\t\tw2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;\n+\t\t\tbreak;\n+\t\tcase ROC_CPT_AES192_KEY_LEN:\n+\t\t\tw2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;\n+\t\t\tbreak;\n+\t\tcase ROC_CPT_AES256_KEY_LEN:\n+\t\t\tw2->s.aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tplt_err(\"Invalid AES key length\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n \t}\n \n \tif (ipsec_xfrm->life.packets_soft_limit != 0 ||\n@@ -815,6 +834,9 @@ cnxk_ipsec_icvlen_get(enum rte_crypto_cipher_algorithm c_algo,\n \tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n \t\ticv = 32;\n \t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\ticv = 12;\n+\t\tbreak;\n \tdefault:\n \t\tbreak;\n \t}\ndiff --git a/drivers/common/cnxk/roc_ie_on.h b/drivers/common/cnxk/roc_ie_on.h\nindex 817ef33..cb56a70 100644\n--- a/drivers/common/cnxk/roc_ie_on.h\n+++ b/drivers/common/cnxk/roc_ie_on.h\n@@ -181,6 +181,11 @@ struct roc_ie_on_outb_sa {\n \t\t\tstruct roc_ie_on_ip_template template;\n \t\t} sha1;\n \t\tstruct {\n+\t\t\tuint8_t key[16];\n+\t\t\tuint8_t unused[32];\n+\t\t\tstruct roc_ie_on_ip_template template;\n+\t\t} aes_xcbc;\n+\t\tstruct {\n \t\t\tuint8_t hmac_key[64];\n \t\t\tuint8_t hmac_iv[64];\n \t\t\tstruct roc_ie_on_ip_template template;\n@@ -202,6 +207,11 @@ struct roc_ie_on_inb_sa {\n \t\t\tstruct roc_ie_on_traffic_selector selector;\n \t\t} sha1_or_gcm;\n \t\tstruct {\n+\t\t\tuint8_t key[16];\n+\t\t\tuint8_t unused[32];\n+\t\t\tstruct roc_ie_on_traffic_selector selector;\n+\t\t} aes_xcbc;\n+\t\tstruct {\n \t\t\tuint8_t hmac_key[64];\n \t\t\tuint8_t hmac_iv[64];\n \t\t\tstruct roc_ie_on_traffic_selector selector;\ndiff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c\nindex 1e2269c..c9f5825 100644\n--- a/drivers/crypto/cnxk/cn9k_ipsec.c\n+++ b/drivers/crypto/cnxk/cn9k_ipsec.c\n@@ -118,7 +118,7 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n \t\t struct roc_ie_on_sa_ctl *ctl)\n {\n \tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n-\tint aes_key_len;\n+\tint aes_key_len = 0;\n \n \tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n \t\tctl->direction = ROC_IE_SA_DIR_OUTBOUND;\n@@ -157,37 +157,33 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n \t\treturn -EINVAL;\n \n \tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n-\t\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\tswitch (crypto_xform->aead.algo) {\n+\t\tcase RTE_CRYPTO_AEAD_AES_GCM:\n \t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM;\n \t\t\taes_key_len = crypto_xform->aead.key.length;\n-\t\t} else {\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tplt_err(\"Unsupported AEAD algorithm\");\n \t\t\treturn -ENOTSUP;\n \t\t}\n-\t} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n-\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;\n-\t\taes_key_len = cipher_xform->cipher.key.length;\n-\t} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {\n-\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;\n-\t\taes_key_len = cipher_xform->cipher.key.length;\n \t} else {\n-\t\treturn -ENOTSUP;\n-\t}\n-\n-\tswitch (aes_key_len) {\n-\tcase 16:\n-\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;\n-\t\tbreak;\n-\tcase 24:\n-\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;\n-\t\tbreak;\n-\tcase 32:\n-\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;\n-\t\tbreak;\n-\tdefault:\n-\t\treturn -EINVAL;\n-\t}\n+\t\tswitch (cipher_xform->cipher.algo) {\n+\t\tcase RTE_CRYPTO_CIPHER_NULL:\n+\t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_NULL;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CBC;\n+\t\t\taes_key_len = cipher_xform->cipher.key.length;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CTR;\n+\t\t\taes_key_len = cipher_xform->cipher.key.length;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tplt_err(\"Unsupported cipher algorithm\");\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n \n-\tif (crypto_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {\n \t\tswitch (auth_xform->auth.algo) {\n \t\tcase RTE_CRYPTO_AUTH_NULL:\n \t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_NULL;\n@@ -217,10 +213,33 @@ ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n \t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_AES_XCBC_128;\n \t\t\tbreak;\n \t\tdefault:\n+\t\t\tplt_err(\"Unsupported auth algorithm\");\n \t\t\treturn -ENOTSUP;\n \t\t}\n \t}\n \n+\t/* Set AES key length */\n+\tif (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CBC ||\n+\t ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM ||\n+\t ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CTR ||\n+\t ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||\n+\t ctl->auth_type == ROC_IE_ON_SA_AUTH_AES_GMAC) {\n+\t\tswitch (aes_key_len) {\n+\t\tcase 16:\n+\t\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_128;\n+\t\t\tbreak;\n+\t\tcase 24:\n+\t\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_192;\n+\t\t\tbreak;\n+\t\tcase 32:\n+\t\t\tctl->aes_key_len = ROC_IE_SA_AES_KEY_LEN_256;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\tplt_err(\"Invalid AES key length\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t}\n+\n \tif (ipsec->options.esn)\n \t\tctl->esn_en = 1;\n \n@@ -267,8 +286,6 @@ fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec,\n \n \tif (cipher_key_len != 0)\n \t\tmemcpy(common_sa->cipher_key, cipher_key, cipher_key_len);\n-\telse\n-\t\treturn -EINVAL;\n \n \treturn 0;\n }\n@@ -337,7 +354,13 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,\n \t\t\tctx_len = offsetof(struct roc_ie_on_outb_sa,\n \t\t\t\t\t sha2.template);\n \t\t\tbreak;\n+\t\tcase ROC_IE_ON_SA_AUTH_AES_XCBC_128:\n+\t\t\ttemplate = &out_sa->aes_xcbc.template;\n+\t\t\tctx_len = offsetof(struct roc_ie_on_outb_sa,\n+\t\t\t\t\t aes_xcbc.template);\n+\t\t\tbreak;\n \t\tdefault:\n+\t\t\tplt_err(\"Unsupported auth algorithm\");\n \t\t\treturn -EINVAL;\n \t\t}\n \t}\n@@ -419,6 +442,9 @@ cn9k_ipsec_outb_sa_create(struct cnxk_cpt_qp *qp,\n \t\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n \t\t\tmemcpy(out_sa->sha2.hmac_key, auth_key, auth_key_len);\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t\tmemcpy(out_sa->aes_xcbc.key, auth_key, auth_key_len);\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\tplt_err(\"Unsupported auth algorithm %u\",\n \t\t\t\tauth_xform->auth.algo);\n@@ -505,6 +531,11 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp,\n \t\t\tctx_len = offsetof(struct roc_ie_on_inb_sa,\n \t\t\t\t\t sha2.selector);\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t\tmemcpy(in_sa->aes_xcbc.key, auth_key, auth_key_len);\n+\t\t\tctx_len = offsetof(struct roc_ie_on_inb_sa,\n+\t\t\t\t\t aes_xcbc.selector);\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\tplt_err(\"Unsupported auth algorithm %u\",\n \t\t\t\tauth_xform->auth.algo);\n@@ -597,6 +628,12 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec,\n \t\t\t\tplt_err(\"Transport mode AES-CBC SHA2 HMAC 512 is not supported\");\n \t\t\t\treturn -ENOTSUP;\n \t\t\t}\n+\n+\t\t\tif ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&\n+\t\t\t (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {\n+\t\t\t\tplt_err(\"Transport mode AES-CBC AES-XCBC is not supported\");\n+\t\t\t\treturn -ENOTSUP;\n+\t\t\t}\n \t\t}\n \t}\n \ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h\nindex 4a1e377..16e7572 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev.h\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h\n@@ -11,7 +11,7 @@\n #include \"roc_cpt.h\"\n \n #define CNXK_CPT_MAX_CAPS\t 34\n-#define CNXK_SEC_CRYPTO_MAX_CAPS 9\n+#define CNXK_SEC_CRYPTO_MAX_CAPS 11\n #define CNXK_SEC_MAX_CAPS\t 5\n #define CNXK_AE_EC_ID_MAX\t 8\n /**\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex fae433e..a0b2a1f 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -794,6 +794,26 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES-XCBC */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{ .sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t{.auth = {\n+\t\t\t\t.algo = RTE_CRYPTO_AUTH_AES_XCBC_MAC,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0,\n+\t\t\t\t},\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n };\n \n static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {\n@@ -879,6 +899,29 @@ static const struct rte_cryptodev_capabilities sec_caps_sha1_sha2[] = {\n \t},\n };\n \n+static const struct rte_cryptodev_capabilities sec_caps_null[] = {\n+\t{\t/* NULL (CIPHER) */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,\n+\t\t\t{.cipher = {\n+\t\t\t\t.algo = RTE_CRYPTO_CIPHER_NULL,\n+\t\t\t\t.block_size = 1,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 0,\n+\t\t\t\t\t.max = 0,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 0,\n+\t\t\t\t\t.max = 0,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, },\n+\t\t}, }\n+\t},\n+};\n+\n static const struct rte_security_capability sec_caps_templ[] = {\n \t{\t/* IPsec Lookaside Protocol ESP Tunnel Ingress */\n \t\t.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,\n@@ -1069,6 +1112,8 @@ sec_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],\n \telse\n \t\tcn9k_sec_crypto_caps_update(cnxk_caps);\n \n+\tsec_caps_add(cnxk_caps, &cur_pos, sec_caps_null,\n+\t\t RTE_DIM(sec_caps_null));\n \tsec_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));\n }\n \ndiff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h\nindex f5a51b5..f50d9fa 100644\n--- a/drivers/crypto/cnxk/cnxk_ipsec.h\n+++ b/drivers/crypto/cnxk/cnxk_ipsec.h\n@@ -20,6 +20,9 @@ struct cnxk_cpt_inst_tmpl {\n static inline int\n ipsec_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)\n {\n+\tif (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_NULL)\n+\t\treturn 0;\n+\n \tif (crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC ||\n \t crypto_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) {\n \t\tswitch (crypto_xform->cipher.key.length) {\n@@ -58,6 +61,10 @@ ipsec_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)\n \t\t\treturn 0;\n \t}\n \n+\tif (crypto_xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC &&\n+\t keylen == ROC_CPT_AES_XCBC_KEY_LENGTH)\n+\t\treturn 0;\n+\n \treturn -ENOTSUP;\n }\n \n", "prefixes": [ "v2", "24/29" ] }