From: Vidya Sagar Velumuri <vvelum...@marvell.com>
For transport mode, IP header will not be part of encryption.
Update the response len calculation accordingly for transport mode
Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
---
drivers/crypto/cnxk/cn9k_ipsec.c | 42 -------------------------
drivers/crypto/cnxk/cn9k_ipsec_la_ops.h | 10 ++++--
2 files changed, 7 insertions(+), 45 deletions(-)
diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c
index 55a13570ad..9ae7c73b37 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec.c
+++ b/drivers/crypto/cnxk/cn9k_ipsec.c
@@ -211,50 +211,8 @@ cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform
*ipsec,
plt_err("Transport mode AES-256-GCM is not
supported");
return -ENOTSUP;
}
- } else {
- struct rte_crypto_cipher_xform *cipher;
- struct rte_crypto_auth_xform *auth;
-
- if (crypto->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- cipher = &crypto->cipher;
- auth = &crypto->next->auth;
- } else {
- cipher = &crypto->next->cipher;
- auth = &crypto->auth;
- }
-
- if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
- (auth->algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) {
- plt_err("Transport mode AES-CBC SHA2 HMAC 256
is not supported");
- return -ENOTSUP;
- }
-
- if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
- (auth->algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) {
- plt_err("Transport mode AES-CBC SHA2 HMAC 384
is not supported");
- return -ENOTSUP;
- }
-
- if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
- (auth->algo == RTE_CRYPTO_AUTH_SHA512_HMAC)) {
- plt_err("Transport mode AES-CBC SHA2 HMAC 512
is not supported");
- return -ENOTSUP;
- }
-
- if ((cipher->algo == RTE_CRYPTO_CIPHER_AES_CBC) &&
- (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
- plt_err("Transport mode AES-CBC AES-XCBC is not
supported");
- return -ENOTSUP;
- }
-
- if ((cipher->algo == RTE_CRYPTO_CIPHER_3DES_CBC) &&
- (auth->algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC)) {
- plt_err("Transport mode 3DES-CBC AES-XCBC is
not supported");
- return -ENOTSUP;
- }
}
}
-
return 0;
}
diff --git a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
index 52618e8840..724fc525ad 100644
--- a/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
+++ b/drivers/crypto/cnxk/cn9k_ipsec_la_ops.h
@@ -16,11 +16,15 @@ static __rte_always_inline int32_t
ipsec_po_out_rlen_get(struct cn9k_sec_session *sess, uint32_t plen)
{
uint32_t enc_payload_len;
+ int adj_len = 0;
- enc_payload_len = RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len,
- sess->rlens.roundup_byte);
+ if (sess->sa.out_sa.common_sa.ctl.ipsec_mode ==
ROC_IE_SA_MODE_TRANSPORT)
+ adj_len = ROC_CPT_TUNNEL_IPV4_HDR_LEN;
- return sess->custom_hdr_len + sess->rlens.partial_len + enc_payload_len;
+ enc_payload_len =
+ RTE_ALIGN_CEIL(plen + sess->rlens.roundup_len - adj_len,
sess->rlens.roundup_byte);
+
+ return sess->custom_hdr_len + sess->rlens.partial_len + enc_payload_len
+ adj_len;
}
static __rte_always_inline int
--
2.25.1
