diff options
| author | Andrei Varvara <andrei.varvara@freescale.com> | 2013-07-18 12:10:16 (GMT) |
|---|---|---|
| committer | Schmitt Richard-B43082 <B43082@freescale.com> | 2013-08-09 17:49:10 (GMT) |
| commit | d21323fbdf5ae3ade5e1427a1b6fdaae670ffbbf (patch) | |
| tree | 43255e2b708de712c05474301062dbb82755a82f /drivers/staging/fsl_dpa_offload/dpa_ipsec.c | |
| parent | afaabd75ae3bf93350dcbd81c2c348d5da3d8e58 (diff) | |
| download | linux-fsl-qoriq-d21323fbdf5ae3ade5e1427a1b6fdaae670ffbbf.tar.xz | |
dpa_offload: dpa_ipsec - Add support for NULL encryption
The dpa ipsec component was not supporting ESP with
NULL encryption. The patch is adding this suport.
Signed-off-by: Andrei Varvara <andrei.varvara@freescale.com>
Change-Id: I89111367e60c4592289687b0a13d84ac2911d23c
Reviewed-on: http://git.am.freescale.net:8181/3473
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Fleming Andrew-AFLEMING <AFLEMING@freescale.com>
Reviewed-by: Schmitt Richard-B43082 <B43082@freescale.com>
Tested-by: Schmitt Richard-B43082 <B43082@freescale.com>
Diffstat (limited to 'drivers/staging/fsl_dpa_offload/dpa_ipsec.c')
| -rw-r--r-- | drivers/staging/fsl_dpa_offload/dpa_ipsec.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/drivers/staging/fsl_dpa_offload/dpa_ipsec.c b/drivers/staging/fsl_dpa_offload/dpa_ipsec.c index fb076f4..63f067f 100644 --- a/drivers/staging/fsl_dpa_offload/dpa_ipsec.c +++ b/drivers/staging/fsl_dpa_offload/dpa_ipsec.c @@ -808,7 +808,7 @@ static int init_sa_manager(struct dpa_ipsec *dpa_ipsec) return -ENOMEM; } - /* fill with ids */ + /* fill with IDs */ for (i = 0; i < sa_mng->max_num_sa; i++) if (cq_put_4bytes(sa_mng->sa_id_cq, i) < 0) { pr_err("Could not fill SA ID management CQ\n"); @@ -865,7 +865,8 @@ static int init_sa_manager(struct dpa_ipsec *dpa_ipsec) return -ENOMEM; } - /* Allocate space for the SEC descriptor which is holding the + /* + * Allocate space for the SEC descriptor which is holding the * preheader information and the share descriptor. * Required 64 byte align. */ @@ -2310,7 +2311,7 @@ static int create_sa_fq_pair(struct dpa_ipsec_sa *sa, } static inline int set_cipher_auth_alg(enum dpa_ipsec_cipher_alg alg_suite, - uint16_t *cipher, uint16_t *auth) + uint16_t *cipher, uint16_t *auth) { *cipher = ipsec_algs[alg_suite].enc_alg; *auth = ipsec_algs[alg_suite].auth_alg; @@ -2969,7 +2970,7 @@ static int check_sa_params(struct dpa_ipsec_sa_params *sa_params) /* * check crypto params: * - an authentication key must always be provided - * - a cipher key must be provided if alg != NULL encryption + * - a cipher key must be provided if algorithm != NULL encryption */ err = set_cipher_auth_alg(sa_params->crypto_params.alg_suite, @@ -2977,20 +2978,23 @@ static int check_sa_params(struct dpa_ipsec_sa_params *sa_params) if (err < 0) return err; - if (sa_params->crypto_params.auth_key == NULL) { + if (!sa_params->crypto_params.auth_key || + sa_params->crypto_params.auth_key_len == 0) { pr_err("A valid authentication key must be provided\n"); return -EINVAL; } - /* TODO: check cipher_key ONLY if alg != null encryption */ - if (sa_params->crypto_params.cipher_key == NULL) { + /* Check cipher_key only if the cipher algorithm isn't NULL encryption*/ + if (cipher_alg != OP_PCL_IPSEC_NULL_ENC && + (!sa_params->crypto_params.cipher_key || + sa_params->crypto_params.cipher_key_len == 0)) { pr_err("A valid cipher key must be provided\n"); return -EINVAL; } if (sa_params->sa_dir == DPA_IPSEC_OUTBOUND) { - if ((sa_params->sa_out_params.ip_hdr_size == 0) || - (sa_params->sa_out_params.outer_ip_header == NULL)) { + if (sa_params->sa_out_params.ip_hdr_size == 0 || + !sa_params->sa_out_params.outer_ip_header) { pr_err("Transport mode is not currently supported." "Specify a valid encapsulation header\n"); return -EINVAL; |