drivers/crypto/dpaa_sec/dpaa_sec.c

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  *
   3  *   Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
   4  *   Copyright 2017-2019 NXP
   5  *
   6  */
   7
   8 #include <fcntl.h>
   9 #include <unistd.h>
  10 #include <sched.h>
  11 #include <net/if.h>
  12
  13 #include <rte_byteorder.h>
  14 #include <rte_common.h>
  15 #include <cryptodev_pmd.h>
  16 #include <rte_crypto.h>
  17 #include <rte_cryptodev.h>
  18 #ifdef RTE_LIB_SECURITY
  19 #include <rte_security_driver.h>
  20 #endif
  21 #include <rte_cycles.h>
  22 #include <rte_dev.h>
  23 #include <rte_ip.h>
  24 #include <rte_kvargs.h>
  25 #include <rte_malloc.h>
  26 #include <rte_mbuf.h>
  27 #include <rte_memcpy.h>
  28 #include <rte_string_fns.h>
  29 #include <rte_spinlock.h>
  30
  31 #include <fsl_usd.h>
  32 #include <fsl_qman.h>
  33 #include <dpaa_of.h>
  34
  35 /* RTA header files */
  36 #include <desc/common.h>
  37 #include <desc/algo.h>
  38 #include <desc/ipsec.h>
  39 #include <desc/pdcp.h>
  40 #include <desc/sdap.h>
  41
  42 #include <rte_dpaa_bus.h>
  43 #include <dpaa_sec.h>
  44 #include <dpaa_sec_event.h>
  45 #include <dpaa_sec_log.h>
  46 #include <dpaax_iova_table.h>
  47
  48 static uint8_t cryptodev_driver_id;
  49
  50 static int
  51 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
  52
  53 static inline void
  54 dpaa_sec_op_ending(struct dpaa_sec_op_ctx *ctx)
  55 {
  56         if (!ctx->fd_status) {
  57                 ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
  58         } else {
  59                 DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status);
  60                 ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR;
  61         }
  62 }
  63
  64 static inline struct dpaa_sec_op_ctx *
  65 dpaa_sec_alloc_ctx(dpaa_sec_session *ses, int sg_count)
  66 {
  67         struct dpaa_sec_op_ctx *ctx;
  68         int i, retval;
  69
  70         retval = rte_mempool_get(
  71                         ses->qp[rte_lcore_id() % MAX_DPAA_CORES]->ctx_pool,
  72                         (void **)(&ctx));
  73         if (!ctx || retval) {
  74                 DPAA_SEC_DP_WARN("Alloc sec descriptor failed!");
  75                 return NULL;
  76         }
  77         /*
  78          * Clear SG memory. There are 16 SG entries of 16 Bytes each.
  79          * one call to dcbz_64() clear 64 bytes, hence calling it 4 times
  80          * to clear all the SG entries. dpaa_sec_alloc_ctx() is called for
  81          * each packet, memset is costlier than dcbz_64().
  82          */
  83         for (i = 0; i < sg_count && i < MAX_JOB_SG_ENTRIES; i += 4)
  84                 dcbz_64(&ctx->job.sg[i]);
  85
  86         ctx->ctx_pool = ses->qp[rte_lcore_id() % MAX_DPAA_CORES]->ctx_pool;
  87         ctx->vtop_offset = (size_t) ctx - rte_mempool_virt2iova(ctx);
  88
  89         return ctx;
  90 }
  91
  92 static void
  93 ern_sec_fq_handler(struct qman_portal *qm __rte_unused,
  94                    struct qman_fq *fq,
  95                    const struct qm_mr_entry *msg)
  96 {
  97         DPAA_SEC_DP_ERR("sec fq %d error, RC = %x, seqnum = %x\n",
  98                         fq->fqid, msg->ern.rc, msg->ern.seqnum);
  99 }
 100
 101 /* initialize the queue with dest chan as caam chan so that
 102  * all the packets in this queue could be dispatched into caam
 103  */
 104 static int
 105 dpaa_sec_init_rx(struct qman_fq *fq_in, rte_iova_t hwdesc,
 106                  uint32_t fqid_out)
 107 {
 108         struct qm_mcc_initfq fq_opts;
 109         uint32_t flags;
 110         int ret = -1;
 111
 112         /* Clear FQ options */
 113         memset(&fq_opts, 0x00, sizeof(struct qm_mcc_initfq));
 114
 115         flags = QMAN_INITFQ_FLAG_SCHED;
 116         fq_opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_CONTEXTA |
 117                           QM_INITFQ_WE_CONTEXTB;
 118
 119         qm_fqd_context_a_set64(&fq_opts.fqd, hwdesc);
 120         fq_opts.fqd.context_b = fqid_out;
 121         fq_opts.fqd.dest.channel = dpaa_get_qm_channel_caam();
 122         fq_opts.fqd.dest.wq = 0;
 123
 124         fq_in->cb.ern  = ern_sec_fq_handler;
 125
 126         DPAA_SEC_DEBUG("in-%x out-%x", fq_in->fqid, fqid_out);
 127
 128         ret = qman_init_fq(fq_in, flags, &fq_opts);
 129         if (unlikely(ret != 0))
 130                 DPAA_SEC_ERR("qman_init_fq failed %d", ret);
 131
 132         return ret;
 133 }
 134
 135 /* something is put into in_fq and caam put the crypto result into out_fq */
 136 static enum qman_cb_dqrr_result
 137 dqrr_out_fq_cb_rx(struct qman_portal *qm __always_unused,
 138                   struct qman_fq *fq __always_unused,
 139                   const struct qm_dqrr_entry *dqrr)
 140 {
 141         const struct qm_fd *fd;
 142         struct dpaa_sec_job *job;
 143         struct dpaa_sec_op_ctx *ctx;
 144
 145         if (DPAA_PER_LCORE_DPAA_SEC_OP_NB >= DPAA_SEC_BURST)
 146                 return qman_cb_dqrr_defer;
 147
 148         if (!(dqrr->stat & QM_DQRR_STAT_FD_VALID))
 149                 return qman_cb_dqrr_consume;
 150
 151         fd = &dqrr->fd;
 152         /* sg is embedded in an op ctx,
 153          * sg[0] is for output
 154          * sg[1] for input
 155          */
 156         job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
 157
 158         ctx = container_of(job, struct dpaa_sec_op_ctx, job);
 159         ctx->fd_status = fd->status;
 160         if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 161                 struct qm_sg_entry *sg_out;
 162                 uint32_t len;
 163                 struct rte_mbuf *mbuf = (ctx->op->sym->m_dst == NULL) ?
 164                                 ctx->op->sym->m_src : ctx->op->sym->m_dst;
 165
 166                 sg_out = &job->sg[0];
 167                 hw_sg_to_cpu(sg_out);
 168                 len = sg_out->length;
 169                 mbuf->pkt_len = len;
 170                 while (mbuf->next != NULL) {
 171                         len -= mbuf->data_len;
 172                         mbuf = mbuf->next;
 173                 }
 174                 mbuf->data_len = len;
 175         }
 176         DPAA_PER_LCORE_RTE_CRYPTO_OP[DPAA_PER_LCORE_DPAA_SEC_OP_NB++] = ctx->op;
 177         dpaa_sec_op_ending(ctx);
 178
 179         return qman_cb_dqrr_consume;
 180 }
 181
 182 /* caam result is put into this queue */
 183 static int
 184 dpaa_sec_init_tx(struct qman_fq *fq)
 185 {
 186         int ret;
 187         struct qm_mcc_initfq opts;
 188         uint32_t flags;
 189
 190         flags = QMAN_FQ_FLAG_NO_ENQUEUE | QMAN_FQ_FLAG_LOCKED |
 191                 QMAN_FQ_FLAG_DYNAMIC_FQID;
 192
 193         ret = qman_create_fq(0, flags, fq);
 194         if (unlikely(ret)) {
 195                 DPAA_SEC_ERR("qman_create_fq failed");
 196                 return ret;
 197         }
 198
 199         memset(&opts, 0, sizeof(opts));
 200         opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL |
 201                        QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB;
 202
 203         /* opts.fqd.dest.channel = dpaa_sec_pool_chan; */
 204
 205         fq->cb.dqrr = dqrr_out_fq_cb_rx;
 206         fq->cb.ern  = ern_sec_fq_handler;
 207
 208         ret = qman_init_fq(fq, 0, &opts);
 209         if (unlikely(ret)) {
 210                 DPAA_SEC_ERR("unable to init caam source fq!");
 211                 return ret;
 212         }
 213
 214         return ret;
 215 }
 216
 217 static inline int is_aead(dpaa_sec_session *ses)
 218 {
 219         return ((ses->cipher_alg == 0) &&
 220                 (ses->auth_alg == 0) &&
 221                 (ses->aead_alg != 0));
 222 }
 223
 224 static inline int is_encode(dpaa_sec_session *ses)
 225 {
 226         return ses->dir == DIR_ENC;
 227 }
 228
 229 static inline int is_decode(dpaa_sec_session *ses)
 230 {
 231         return ses->dir == DIR_DEC;
 232 }
 233
 234 #ifdef RTE_LIB_SECURITY
 235 static int
 236 dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 237 {
 238         struct alginfo authdata = {0}, cipherdata = {0};
 239         struct sec_cdb *cdb = &ses->cdb;
 240         struct alginfo *p_authdata = NULL;
 241         int32_t shared_desc_len = 0;
 242 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 243         int swap = false;
 244 #else
 245         int swap = true;
 246 #endif
 247
 248         cipherdata.key = (size_t)ses->cipher_key.data;
 249         cipherdata.keylen = ses->cipher_key.length;
 250         cipherdata.key_enc_flags = 0;
 251         cipherdata.key_type = RTA_DATA_IMM;
 252         cipherdata.algtype = ses->cipher_key.alg;
 253         cipherdata.algmode = ses->cipher_key.algmode;
 254
 255         if (ses->auth_alg) {
 256                 authdata.key = (size_t)ses->auth_key.data;
 257                 authdata.keylen = ses->auth_key.length;
 258                 authdata.key_enc_flags = 0;
 259                 authdata.key_type = RTA_DATA_IMM;
 260                 authdata.algtype = ses->auth_key.alg;
 261                 authdata.algmode = ses->auth_key.algmode;
 262
 263                 p_authdata = &authdata;
 264         }
 265
 266         if (rta_inline_pdcp_query(authdata.algtype,
 267                                 cipherdata.algtype,
 268                                 ses->pdcp.sn_size,
 269                                 ses->pdcp.hfn_ovd)) {
 270                 cipherdata.key =
 271                         (size_t)rte_dpaa_mem_vtop((void *)
 272                                         (size_t)cipherdata.key);
 273                 cipherdata.key_type = RTA_DATA_PTR;
 274         }
 275
 276         if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 277                 if (ses->dir == DIR_ENC)
 278                         shared_desc_len = cnstr_shdsc_pdcp_c_plane_encap(
 279                                         cdb->sh_desc, 1, swap,
 280                                         ses->pdcp.hfn,
 281                                         ses->pdcp.sn_size,
 282                                         ses->pdcp.bearer,
 283                                         ses->pdcp.pkt_dir,
 284                                         ses->pdcp.hfn_threshold,
 285                                         &cipherdata, &authdata,
 286                                         0);
 287                 else if (ses->dir == DIR_DEC)
 288                         shared_desc_len = cnstr_shdsc_pdcp_c_plane_decap(
 289                                         cdb->sh_desc, 1, swap,
 290                                         ses->pdcp.hfn,
 291                                         ses->pdcp.sn_size,
 292                                         ses->pdcp.bearer,
 293                                         ses->pdcp.pkt_dir,
 294                                         ses->pdcp.hfn_threshold,
 295                                         &cipherdata, &authdata,
 296                                         0);
 297         } else {
 298                 if (ses->dir == DIR_ENC) {
 299                         if (ses->pdcp.sdap_enabled)
 300                                 shared_desc_len =
 301                                         cnstr_shdsc_pdcp_sdap_u_plane_encap(
 302                                                 cdb->sh_desc, 1, swap,
 303                                                 ses->pdcp.sn_size,
 304                                                 ses->pdcp.hfn,
 305                                                 ses->pdcp.bearer,
 306                                                 ses->pdcp.pkt_dir,
 307                                                 ses->pdcp.hfn_threshold,
 308                                                 &cipherdata, p_authdata, 0);
 309                         else
 310                                 shared_desc_len =
 311                                         cnstr_shdsc_pdcp_u_plane_encap(
 312                                                 cdb->sh_desc, 1, swap,
 313                                                 ses->pdcp.sn_size,
 314                                                 ses->pdcp.hfn,
 315                                                 ses->pdcp.bearer,
 316                                                 ses->pdcp.pkt_dir,
 317                                                 ses->pdcp.hfn_threshold,
 318                                                 &cipherdata, p_authdata, 0);
 319                 } else if (ses->dir == DIR_DEC) {
 320                         if (ses->pdcp.sdap_enabled)
 321                                 shared_desc_len =
 322                                         cnstr_shdsc_pdcp_sdap_u_plane_decap(
 323                                                 cdb->sh_desc, 1, swap,
 324                                                 ses->pdcp.sn_size,
 325                                                 ses->pdcp.hfn,
 326                                                 ses->pdcp.bearer,
 327                                                 ses->pdcp.pkt_dir,
 328                                                 ses->pdcp.hfn_threshold,
 329                                                 &cipherdata, p_authdata, 0);
 330                         else
 331                                 shared_desc_len =
 332                                         cnstr_shdsc_pdcp_u_plane_decap(
 333                                                 cdb->sh_desc, 1, swap,
 334                                                 ses->pdcp.sn_size,
 335                                                 ses->pdcp.hfn,
 336                                                 ses->pdcp.bearer,
 337                                                 ses->pdcp.pkt_dir,
 338                                                 ses->pdcp.hfn_threshold,
 339                                                 &cipherdata, p_authdata, 0);
 340                 }
 341         }
 342         return shared_desc_len;
 343 }
 344
 345 /* prepare ipsec proto command block of the session */
 346 static int
 347 dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
 348 {
 349         struct alginfo cipherdata = {0}, authdata = {0};
 350         struct sec_cdb *cdb = &ses->cdb;
 351         int32_t shared_desc_len = 0;
 352         int err;
 353 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 354         int swap = false;
 355 #else
 356         int swap = true;
 357 #endif
 358
 359         cipherdata.key = (size_t)ses->cipher_key.data;
 360         cipherdata.keylen = ses->cipher_key.length;
 361         cipherdata.key_enc_flags = 0;
 362         cipherdata.key_type = RTA_DATA_IMM;
 363         cipherdata.algtype = ses->cipher_key.alg;
 364         cipherdata.algmode = ses->cipher_key.algmode;
 365
 366         if (ses->auth_key.length) {
 367                 authdata.key = (size_t)ses->auth_key.data;
 368                 authdata.keylen = ses->auth_key.length;
 369                 authdata.key_enc_flags = 0;
 370                 authdata.key_type = RTA_DATA_IMM;
 371                 authdata.algtype = ses->auth_key.alg;
 372                 authdata.algmode = ses->auth_key.algmode;
 373         }
 374
 375         cdb->sh_desc[0] = cipherdata.keylen;
 376         cdb->sh_desc[1] = authdata.keylen;
 377         err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
 378                                DESC_JOB_IO_LEN,
 379                                (unsigned int *)cdb->sh_desc,
 380                                &cdb->sh_desc[2], 2);
 381
 382         if (err < 0) {
 383                 DPAA_SEC_ERR("Crypto: Incorrect key lengths");
 384                 return err;
 385         }
 386         if (cdb->sh_desc[2] & 1)
 387                 cipherdata.key_type = RTA_DATA_IMM;
 388         else {
 389                 cipherdata.key = (size_t)rte_dpaa_mem_vtop(
 390                                         (void *)(size_t)cipherdata.key);
 391                 cipherdata.key_type = RTA_DATA_PTR;
 392         }
 393         if (cdb->sh_desc[2] & (1<<1))
 394                 authdata.key_type = RTA_DATA_IMM;
 395         else {
 396                 authdata.key = (size_t)rte_dpaa_mem_vtop(
 397                                         (void *)(size_t)authdata.key);
 398                 authdata.key_type = RTA_DATA_PTR;
 399         }
 400
 401         cdb->sh_desc[0] = 0;
 402         cdb->sh_desc[1] = 0;
 403         cdb->sh_desc[2] = 0;
 404         if (ses->dir == DIR_ENC) {
 405                 shared_desc_len = cnstr_shdsc_ipsec_new_encap(
 406                                 cdb->sh_desc,
 407                                 true, swap, SHR_SERIAL,
 408                                 &ses->encap_pdb,
 409                                 (uint8_t *)&ses->ip4_hdr,
 410                                 &cipherdata, &authdata);
 411         } else if (ses->dir == DIR_DEC) {
 412                 shared_desc_len = cnstr_shdsc_ipsec_new_decap(
 413                                 cdb->sh_desc,
 414                                 true, swap, SHR_SERIAL,
 415                                 &ses->decap_pdb,
 416                                 &cipherdata, &authdata);
 417         }
 418         return shared_desc_len;
 419 }
 420 #endif
 421 /* prepare command block of the session */
 422 static int
 423 dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 424 {
 425         struct alginfo alginfo_c = {0}, alginfo_a = {0}, alginfo = {0};
 426         int32_t shared_desc_len = 0;
 427         struct sec_cdb *cdb = &ses->cdb;
 428         int err;
 429 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 430         int swap = false;
 431 #else
 432         int swap = true;
 433 #endif
 434
 435         memset(cdb, 0, sizeof(struct sec_cdb));
 436
 437         switch (ses->ctxt) {
 438 #ifdef RTE_LIB_SECURITY
 439         case DPAA_SEC_IPSEC:
 440                 shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
 441                 break;
 442         case DPAA_SEC_PDCP:
 443                 shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses);
 444                 break;
 445 #endif
 446         case DPAA_SEC_CIPHER:
 447                 alginfo_c.key = (size_t)ses->cipher_key.data;
 448                 alginfo_c.keylen = ses->cipher_key.length;
 449                 alginfo_c.key_enc_flags = 0;
 450                 alginfo_c.key_type = RTA_DATA_IMM;
 451                 alginfo_c.algtype = ses->cipher_key.alg;
 452                 alginfo_c.algmode = ses->cipher_key.algmode;
 453
 454                 switch (ses->cipher_alg) {
 455                 case RTE_CRYPTO_CIPHER_AES_CBC:
 456                 case RTE_CRYPTO_CIPHER_3DES_CBC:
 457                 case RTE_CRYPTO_CIPHER_DES_CBC:
 458                 case RTE_CRYPTO_CIPHER_AES_CTR:
 459                 case RTE_CRYPTO_CIPHER_3DES_CTR:
 460                         shared_desc_len = cnstr_shdsc_blkcipher(
 461                                         cdb->sh_desc, true,
 462                                         swap, SHR_NEVER, &alginfo_c,
 463                                         ses->iv.length,
 464                                         ses->dir);
 465                         break;
 466                 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 467                         shared_desc_len = cnstr_shdsc_snow_f8(
 468                                         cdb->sh_desc, true, swap,
 469                                         &alginfo_c,
 470                                         ses->dir);
 471                         break;
 472                 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
 473                         shared_desc_len = cnstr_shdsc_zuce(
 474                                         cdb->sh_desc, true, swap,
 475                                         &alginfo_c,
 476                                         ses->dir);
 477                         break;
 478                 default:
 479                         DPAA_SEC_ERR("unsupported cipher alg %d",
 480                                      ses->cipher_alg);
 481                         return -ENOTSUP;
 482                 }
 483                 break;
 484         case DPAA_SEC_AUTH:
 485                 alginfo_a.key = (size_t)ses->auth_key.data;
 486                 alginfo_a.keylen = ses->auth_key.length;
 487                 alginfo_a.key_enc_flags = 0;
 488                 alginfo_a.key_type = RTA_DATA_IMM;
 489                 alginfo_a.algtype = ses->auth_key.alg;
 490                 alginfo_a.algmode = ses->auth_key.algmode;
 491                 switch (ses->auth_alg) {
 492                 case RTE_CRYPTO_AUTH_MD5:
 493                 case RTE_CRYPTO_AUTH_SHA1:
 494                 case RTE_CRYPTO_AUTH_SHA224:
 495                 case RTE_CRYPTO_AUTH_SHA256:
 496                 case RTE_CRYPTO_AUTH_SHA384:
 497                 case RTE_CRYPTO_AUTH_SHA512:
 498                         shared_desc_len = cnstr_shdsc_hash(
 499                                                 cdb->sh_desc, true,
 500                                                 swap, SHR_NEVER, &alginfo_a,
 501                                                 !ses->dir,
 502                                                 ses->digest_length);
 503                         break;
 504                 case RTE_CRYPTO_AUTH_MD5_HMAC:
 505                 case RTE_CRYPTO_AUTH_SHA1_HMAC:
 506                 case RTE_CRYPTO_AUTH_SHA224_HMAC:
 507                 case RTE_CRYPTO_AUTH_SHA256_HMAC:
 508                 case RTE_CRYPTO_AUTH_SHA384_HMAC:
 509                 case RTE_CRYPTO_AUTH_SHA512_HMAC:
 510                         shared_desc_len = cnstr_shdsc_hmac(
 511                                                 cdb->sh_desc, true,
 512                                                 swap, SHR_NEVER, &alginfo_a,
 513                                                 !ses->dir,
 514                                                 ses->digest_length);
 515                         break;
 516                 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 517                         shared_desc_len = cnstr_shdsc_snow_f9(
 518                                                 cdb->sh_desc, true, swap,
 519                                                 &alginfo_a,
 520                                                 !ses->dir,
 521                                                 ses->digest_length);
 522                         break;
 523                 case RTE_CRYPTO_AUTH_ZUC_EIA3:
 524                         shared_desc_len = cnstr_shdsc_zuca(
 525                                                 cdb->sh_desc, true, swap,
 526                                                 &alginfo_a,
 527                                                 !ses->dir,
 528                                                 ses->digest_length);
 529                         break;
 530                 default:
 531                         DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
 532                 }
 533                 break;
 534         case DPAA_SEC_AEAD:
 535                 if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
 536                         DPAA_SEC_ERR("not supported aead alg");
 537                         return -ENOTSUP;
 538                 }
 539                 alginfo.key = (size_t)ses->aead_key.data;
 540                 alginfo.keylen = ses->aead_key.length;
 541                 alginfo.key_enc_flags = 0;
 542                 alginfo.key_type = RTA_DATA_IMM;
 543                 alginfo.algtype = ses->aead_key.alg;
 544                 alginfo.algmode = ses->aead_key.algmode;
 545
 546                 if (ses->dir == DIR_ENC)
 547                         shared_desc_len = cnstr_shdsc_gcm_encap(
 548                                         cdb->sh_desc, true, swap, SHR_NEVER,
 549                                         &alginfo,
 550                                         ses->iv.length,
 551                                         ses->digest_length);
 552                 else
 553                         shared_desc_len = cnstr_shdsc_gcm_decap(
 554                                         cdb->sh_desc, true, swap, SHR_NEVER,
 555                                         &alginfo,
 556                                         ses->iv.length,
 557                                         ses->digest_length);
 558                 break;
 559         case DPAA_SEC_CIPHER_HASH:
 560                 alginfo_c.key = (size_t)ses->cipher_key.data;
 561                 alginfo_c.keylen = ses->cipher_key.length;
 562                 alginfo_c.key_enc_flags = 0;
 563                 alginfo_c.key_type = RTA_DATA_IMM;
 564                 alginfo_c.algtype = ses->cipher_key.alg;
 565                 alginfo_c.algmode = ses->cipher_key.algmode;
 566
 567                 alginfo_a.key = (size_t)ses->auth_key.data;
 568                 alginfo_a.keylen = ses->auth_key.length;
 569                 alginfo_a.key_enc_flags = 0;
 570                 alginfo_a.key_type = RTA_DATA_IMM;
 571                 alginfo_a.algtype = ses->auth_key.alg;
 572                 alginfo_a.algmode = ses->auth_key.algmode;
 573
 574                 cdb->sh_desc[0] = alginfo_c.keylen;
 575                 cdb->sh_desc[1] = alginfo_a.keylen;
 576                 err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
 577                                        DESC_JOB_IO_LEN,
 578                                        (unsigned int *)cdb->sh_desc,
 579                                        &cdb->sh_desc[2], 2);
 580
 581                 if (err < 0) {
 582                         DPAA_SEC_ERR("Crypto: Incorrect key lengths");
 583                         return err;
 584                 }
 585                 if (cdb->sh_desc[2] & 1)
 586                         alginfo_c.key_type = RTA_DATA_IMM;
 587                 else {
 588                         alginfo_c.key = (size_t)rte_dpaa_mem_vtop(
 589                                                 (void *)(size_t)alginfo_c.key);
 590                         alginfo_c.key_type = RTA_DATA_PTR;
 591                 }
 592                 if (cdb->sh_desc[2] & (1<<1))
 593                         alginfo_a.key_type = RTA_DATA_IMM;
 594                 else {
 595                         alginfo_a.key = (size_t)rte_dpaa_mem_vtop(
 596                                                 (void *)(size_t)alginfo_a.key);
 597                         alginfo_a.key_type = RTA_DATA_PTR;
 598                 }
 599                 cdb->sh_desc[0] = 0;
 600                 cdb->sh_desc[1] = 0;
 601                 cdb->sh_desc[2] = 0;
 602                 /* Auth_only_len is set as 0 here and it will be
 603                  * overwritten in fd for each packet.
 604                  */
 605                 shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,
 606                                 true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a,
 607                                 ses->iv.length,
 608                                 ses->digest_length, ses->dir);
 609                 break;
 610         case DPAA_SEC_HASH_CIPHER:
 611         default:
 612                 DPAA_SEC_ERR("error: Unsupported session");
 613                 return -ENOTSUP;
 614         }
 615
 616         if (shared_desc_len < 0) {
 617                 DPAA_SEC_ERR("error in preparing command block");
 618                 return shared_desc_len;
 619         }
 620
 621         cdb->sh_hdr.hi.field.idlen = shared_desc_len;
 622         cdb->sh_hdr.hi.word = rte_cpu_to_be_32(cdb->sh_hdr.hi.word);
 623         cdb->sh_hdr.lo.word = rte_cpu_to_be_32(cdb->sh_hdr.lo.word);
 624
 625         return 0;
 626 }
 627
 628 /* qp is lockless, should be accessed by only one thread */
 629 static int
 630 dpaa_sec_deq(struct dpaa_sec_qp *qp, struct rte_crypto_op **ops, int nb_ops)
 631 {
 632         struct qman_fq *fq;
 633         unsigned int pkts = 0;
 634         int num_rx_bufs, ret;
 635         struct qm_dqrr_entry *dq;
 636         uint32_t vdqcr_flags = 0;
 637
 638         fq = &qp->outq;
 639         /*
 640          * Until request for four buffers, we provide exact number of buffers.
 641          * Otherwise we do not set the QM_VDQCR_EXACT flag.
 642          * Not setting QM_VDQCR_EXACT flag can provide two more buffers than
 643          * requested, so we request two less in this case.
 644          */
 645         if (nb_ops < 4) {
 646                 vdqcr_flags = QM_VDQCR_EXACT;
 647                 num_rx_bufs = nb_ops;
 648         } else {
 649                 num_rx_bufs = nb_ops > DPAA_MAX_DEQUEUE_NUM_FRAMES ?
 650                         (DPAA_MAX_DEQUEUE_NUM_FRAMES - 2) : (nb_ops - 2);
 651         }
 652         ret = qman_set_vdq(fq, num_rx_bufs, vdqcr_flags);
 653         if (ret)
 654                 return 0;
 655
 656         do {
 657                 const struct qm_fd *fd;
 658                 struct dpaa_sec_job *job;
 659                 struct dpaa_sec_op_ctx *ctx;
 660                 struct rte_crypto_op *op;
 661
 662                 dq = qman_dequeue(fq);
 663                 if (!dq)
 664                         continue;
 665
 666                 fd = &dq->fd;
 667                 /* sg is embedded in an op ctx,
 668                  * sg[0] is for output
 669                  * sg[1] for input
 670                  */
 671                 job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
 672
 673                 ctx = container_of(job, struct dpaa_sec_op_ctx, job);
 674                 ctx->fd_status = fd->status;
 675                 op = ctx->op;
 676                 if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 677                         struct qm_sg_entry *sg_out;
 678                         uint32_t len;
 679                         struct rte_mbuf *mbuf = (op->sym->m_dst == NULL) ?
 680                                                 op->sym->m_src : op->sym->m_dst;
 681
 682                         sg_out = &job->sg[0];
 683                         hw_sg_to_cpu(sg_out);
 684                         len = sg_out->length;
 685                         mbuf->pkt_len = len;
 686                         while (mbuf->next != NULL) {
 687                                 len -= mbuf->data_len;
 688                                 mbuf = mbuf->next;
 689                         }
 690                         mbuf->data_len = len;
 691                 }
 692                 if (!ctx->fd_status) {
 693                         op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 694                 } else {
 695                         DPAA_SEC_DP_WARN("SEC return err:0x%x", ctx->fd_status);
 696                         op->status = RTE_CRYPTO_OP_STATUS_ERROR;
 697                 }
 698                 ops[pkts++] = op;
 699
 700                 /* report op status to sym->op and then free the ctx memeory */
 701                 rte_mempool_put(ctx->ctx_pool, (void *)ctx);
 702
 703                 qman_dqrr_consume(fq, dq);
 704         } while (fq->flags & QMAN_FQ_STATE_VDQCR);
 705
 706         return pkts;
 707 }
 708
 709 static inline struct dpaa_sec_job *
 710 build_auth_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
 711 {
 712         struct rte_crypto_sym_op *sym = op->sym;
 713         struct rte_mbuf *mbuf = sym->m_src;
 714         struct dpaa_sec_job *cf;
 715         struct dpaa_sec_op_ctx *ctx;
 716         struct qm_sg_entry *sg, *out_sg, *in_sg;
 717         phys_addr_t start_addr;
 718         uint8_t *old_digest, extra_segs;
 719         int data_len, data_offset;
 720
 721         data_len = sym->auth.data.length;
 722         data_offset = sym->auth.data.offset;
 723
 724         if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
 725             ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 726                 if ((data_len & 7) || (data_offset & 7)) {
 727                         DPAA_SEC_ERR("AUTH: len/offset must be full bytes");
 728                         return NULL;
 729                 }
 730
 731                 data_len = data_len >> 3;
 732                 data_offset = data_offset >> 3;
 733         }
 734
 735         if (is_decode(ses))
 736                 extra_segs = 3;
 737         else
 738                 extra_segs = 2;
 739
 740         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
 741                 DPAA_SEC_DP_ERR("Auth: Max sec segs supported is %d",
 742                                 MAX_SG_ENTRIES);
 743                 return NULL;
 744         }
 745         ctx = dpaa_sec_alloc_ctx(ses, mbuf->nb_segs + extra_segs);
 746         if (!ctx)
 747                 return NULL;
 748
 749         cf = &ctx->job;
 750         ctx->op = op;
 751         old_digest = ctx->digest;
 752
 753         /* output */
 754         out_sg = &cf->sg[0];
 755         qm_sg_entry_set64(out_sg, sym->auth.digest.phys_addr);
 756         out_sg->length = ses->digest_length;
 757         cpu_to_hw_sg(out_sg);
 758
 759         /* input */
 760         in_sg = &cf->sg[1];
 761         /* need to extend the input to a compound frame */
 762         in_sg->extension = 1;
 763         in_sg->final = 1;
 764         in_sg->length = data_len;
 765         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
 766
 767         /* 1st seg */
 768         sg = in_sg + 1;
 769
 770         if (ses->iv.length) {
 771                 uint8_t *iv_ptr;
 772
 773                 iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 774                                                    ses->iv.offset);
 775
 776                 if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
 777                         iv_ptr = conv_to_snow_f9_iv(iv_ptr);
 778                         sg->length = 12;
 779                 } else if (ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 780                         iv_ptr = conv_to_zuc_eia_iv(iv_ptr);
 781                         sg->length = 8;
 782                 } else {
 783                         sg->length = ses->iv.length;
 784                 }
 785                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(iv_ptr));
 786                 in_sg->length += sg->length;
 787                 cpu_to_hw_sg(sg);
 788                 sg++;
 789         }
 790
 791         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 792         sg->offset = data_offset;
 793
 794         if (data_len <= (mbuf->data_len - data_offset)) {
 795                 sg->length = data_len;
 796         } else {
 797                 sg->length = mbuf->data_len - data_offset;
 798
 799                 /* remaining i/p segs */
 800                 while ((data_len = data_len - sg->length) &&
 801                        (mbuf = mbuf->next)) {
 802                         cpu_to_hw_sg(sg);
 803                         sg++;
 804                         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 805                         if (data_len > mbuf->data_len)
 806                                 sg->length = mbuf->data_len;
 807                         else
 808                                 sg->length = data_len;
 809                 }
 810         }
 811
 812         if (is_decode(ses)) {
 813                 /* Digest verification case */
 814                 cpu_to_hw_sg(sg);
 815                 sg++;
 816                 rte_memcpy(old_digest, sym->auth.digest.data,
 817                                 ses->digest_length);
 818                 start_addr = rte_dpaa_mem_vtop(old_digest);
 819                 qm_sg_entry_set64(sg, start_addr);
 820                 sg->length = ses->digest_length;
 821                 in_sg->length += ses->digest_length;
 822         }
 823         sg->final = 1;
 824         cpu_to_hw_sg(sg);
 825         cpu_to_hw_sg(in_sg);
 826
 827         return cf;
 828 }
 829
 830 /**
 831  * packet looks like:
 832  *              |<----data_len------->|
 833  *    |ip_header|ah_header|icv|payload|
 834  *              ^
 835  *              |
 836  *         mbuf->pkt.data
 837  */
 838 static inline struct dpaa_sec_job *
 839 build_auth_only(struct rte_crypto_op *op, dpaa_sec_session *ses)
 840 {
 841         struct rte_crypto_sym_op *sym = op->sym;
 842         struct rte_mbuf *mbuf = sym->m_src;
 843         struct dpaa_sec_job *cf;
 844         struct dpaa_sec_op_ctx *ctx;
 845         struct qm_sg_entry *sg, *in_sg;
 846         rte_iova_t start_addr;
 847         uint8_t *old_digest;
 848         int data_len, data_offset;
 849
 850         data_len = sym->auth.data.length;
 851         data_offset = sym->auth.data.offset;
 852
 853         if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
 854             ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 855                 if ((data_len & 7) || (data_offset & 7)) {
 856                         DPAA_SEC_ERR("AUTH: len/offset must be full bytes");
 857                         return NULL;
 858                 }
 859
 860                 data_len = data_len >> 3;
 861                 data_offset = data_offset >> 3;
 862         }
 863
 864         ctx = dpaa_sec_alloc_ctx(ses, 4);
 865         if (!ctx)
 866                 return NULL;
 867
 868         cf = &ctx->job;
 869         ctx->op = op;
 870         old_digest = ctx->digest;
 871
 872         start_addr = rte_pktmbuf_iova(mbuf);
 873         /* output */
 874         sg = &cf->sg[0];
 875         qm_sg_entry_set64(sg, sym->auth.digest.phys_addr);
 876         sg->length = ses->digest_length;
 877         cpu_to_hw_sg(sg);
 878
 879         /* input */
 880         in_sg = &cf->sg[1];
 881         /* need to extend the input to a compound frame */
 882         in_sg->extension = 1;
 883         in_sg->final = 1;
 884         in_sg->length = data_len;
 885         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
 886         sg = &cf->sg[2];
 887
 888         if (ses->iv.length) {
 889                 uint8_t *iv_ptr;
 890
 891                 iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 892                                                    ses->iv.offset);
 893
 894                 if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
 895                         iv_ptr = conv_to_snow_f9_iv(iv_ptr);
 896                         sg->length = 12;
 897                 } else if (ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 898                         iv_ptr = conv_to_zuc_eia_iv(iv_ptr);
 899                         sg->length = 8;
 900                 } else {
 901                         sg->length = ses->iv.length;
 902                 }
 903                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(iv_ptr));
 904                 in_sg->length += sg->length;
 905                 cpu_to_hw_sg(sg);
 906                 sg++;
 907         }
 908
 909         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 910         sg->offset = data_offset;
 911         sg->length = data_len;
 912
 913         if (is_decode(ses)) {
 914                 /* Digest verification case */
 915                 cpu_to_hw_sg(sg);
 916                 /* hash result or digest, save digest first */
 917                 rte_memcpy(old_digest, sym->auth.digest.data,
 918                                 ses->digest_length);
 919                 /* let's check digest by hw */
 920                 start_addr = rte_dpaa_mem_vtop(old_digest);
 921                 sg++;
 922                 qm_sg_entry_set64(sg, start_addr);
 923                 sg->length = ses->digest_length;
 924                 in_sg->length += ses->digest_length;
 925         }
 926         sg->final = 1;
 927         cpu_to_hw_sg(sg);
 928         cpu_to_hw_sg(in_sg);
 929
 930         return cf;
 931 }
 932
 933 static inline struct dpaa_sec_job *
 934 build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
 935 {
 936         struct rte_crypto_sym_op *sym = op->sym;
 937         struct dpaa_sec_job *cf;
 938         struct dpaa_sec_op_ctx *ctx;
 939         struct qm_sg_entry *sg, *out_sg, *in_sg;
 940         struct rte_mbuf *mbuf;
 941         uint8_t req_segs;
 942         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 943                         ses->iv.offset);
 944         int data_len, data_offset;
 945
 946         data_len = sym->cipher.data.length;
 947         data_offset = sym->cipher.data.offset;
 948
 949         if (ses->cipher_alg == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 950                 ses->cipher_alg == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
 951                 if ((data_len & 7) || (data_offset & 7)) {
 952                         DPAA_SEC_ERR("CIPHER: len/offset must be full bytes");
 953                         return NULL;
 954                 }
 955
 956                 data_len = data_len >> 3;
 957                 data_offset = data_offset >> 3;
 958         }
 959
 960         if (sym->m_dst) {
 961                 mbuf = sym->m_dst;
 962                 req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 3;
 963         } else {
 964                 mbuf = sym->m_src;
 965                 req_segs = mbuf->nb_segs * 2 + 3;
 966         }
 967         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
 968                 DPAA_SEC_DP_ERR("Cipher: Max sec segs supported is %d",
 969                                 MAX_SG_ENTRIES);
 970                 return NULL;
 971         }
 972
 973         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
 974         if (!ctx)
 975                 return NULL;
 976
 977         cf = &ctx->job;
 978         ctx->op = op;
 979
 980         /* output */
 981         out_sg = &cf->sg[0];
 982         out_sg->extension = 1;
 983         out_sg->length = data_len;
 984         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
 985         cpu_to_hw_sg(out_sg);
 986
 987         /* 1st seg */
 988         sg = &cf->sg[2];
 989         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 990         sg->length = mbuf->data_len - data_offset;
 991         sg->offset = data_offset;
 992
 993         /* Successive segs */
 994         mbuf = mbuf->next;
 995         while (mbuf) {
 996                 cpu_to_hw_sg(sg);
 997                 sg++;
 998                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 999                 sg->length = mbuf->data_len;
1000                 mbuf = mbuf->next;
1001         }
1002         sg->final = 1;
1003         cpu_to_hw_sg(sg);
1004
1005         /* input */
1006         mbuf = sym->m_src;
1007         in_sg = &cf->sg[1];
1008         in_sg->extension = 1;
1009         in_sg->final = 1;
1010         in_sg->length = data_len + ses->iv.length;
1011
1012         sg++;
1013         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1014         cpu_to_hw_sg(in_sg);
1015
1016         /* IV */
1017         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1018         sg->length = ses->iv.length;
1019         cpu_to_hw_sg(sg);
1020
1021         /* 1st seg */
1022         sg++;
1023         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1024         sg->length = mbuf->data_len - data_offset;
1025         sg->offset = data_offset;
1026
1027         /* Successive segs */
1028         mbuf = mbuf->next;
1029         while (mbuf) {
1030                 cpu_to_hw_sg(sg);
1031                 sg++;
1032                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1033                 sg->length = mbuf->data_len;
1034                 mbuf = mbuf->next;
1035         }
1036         sg->final = 1;
1037         cpu_to_hw_sg(sg);
1038
1039         return cf;
1040 }
1041
1042 static inline struct dpaa_sec_job *
1043 build_cipher_only(struct rte_crypto_op *op, dpaa_sec_session *ses)
1044 {
1045         struct rte_crypto_sym_op *sym = op->sym;
1046         struct dpaa_sec_job *cf;
1047         struct dpaa_sec_op_ctx *ctx;
1048         struct qm_sg_entry *sg;
1049         rte_iova_t src_start_addr, dst_start_addr;
1050         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1051                         ses->iv.offset);
1052         int data_len, data_offset;
1053
1054         data_len = sym->cipher.data.length;
1055         data_offset = sym->cipher.data.offset;
1056
1057         if (ses->cipher_alg == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
1058                 ses->cipher_alg == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
1059                 if ((data_len & 7) || (data_offset & 7)) {
1060                         DPAA_SEC_ERR("CIPHER: len/offset must be full bytes");
1061                         return NULL;
1062                 }
1063
1064                 data_len = data_len >> 3;
1065                 data_offset = data_offset >> 3;
1066         }
1067
1068         ctx = dpaa_sec_alloc_ctx(ses, 4);
1069         if (!ctx)
1070                 return NULL;
1071
1072         cf = &ctx->job;
1073         ctx->op = op;
1074
1075         src_start_addr = rte_pktmbuf_iova(sym->m_src);
1076
1077         if (sym->m_dst)
1078                 dst_start_addr = rte_pktmbuf_iova(sym->m_dst);
1079         else
1080                 dst_start_addr = src_start_addr;
1081
1082         /* output */
1083         sg = &cf->sg[0];
1084         qm_sg_entry_set64(sg, dst_start_addr + data_offset);
1085         sg->length = data_len + ses->iv.length;
1086         cpu_to_hw_sg(sg);
1087
1088         /* input */
1089         sg = &cf->sg[1];
1090
1091         /* need to extend the input to a compound frame */
1092         sg->extension = 1;
1093         sg->final = 1;
1094         sg->length = data_len + ses->iv.length;
1095         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(&cf->sg[2]));
1096         cpu_to_hw_sg(sg);
1097
1098         sg = &cf->sg[2];
1099         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1100         sg->length = ses->iv.length;
1101         cpu_to_hw_sg(sg);
1102
1103         sg++;
1104         qm_sg_entry_set64(sg, src_start_addr + data_offset);
1105         sg->length = data_len;
1106         sg->final = 1;
1107         cpu_to_hw_sg(sg);
1108
1109         return cf;
1110 }
1111
1112 static inline struct dpaa_sec_job *
1113 build_cipher_auth_gcm_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
1114 {
1115         struct rte_crypto_sym_op *sym = op->sym;
1116         struct dpaa_sec_job *cf;
1117         struct dpaa_sec_op_ctx *ctx;
1118         struct qm_sg_entry *sg, *out_sg, *in_sg;
1119         struct rte_mbuf *mbuf;
1120         uint8_t req_segs;
1121         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1122                         ses->iv.offset);
1123
1124         if (sym->m_dst) {
1125                 mbuf = sym->m_dst;
1126                 req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 4;
1127         } else {
1128                 mbuf = sym->m_src;
1129                 req_segs = mbuf->nb_segs * 2 + 4;
1130         }
1131
1132         if (ses->auth_only_len)
1133                 req_segs++;
1134
1135         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
1136                 DPAA_SEC_DP_ERR("AEAD: Max sec segs supported is %d",
1137                                 MAX_SG_ENTRIES);
1138                 return NULL;
1139         }
1140
1141         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
1142         if (!ctx)
1143                 return NULL;
1144
1145         cf = &ctx->job;
1146         ctx->op = op;
1147
1148         rte_prefetch0(cf->sg);
1149
1150         /* output */
1151         out_sg = &cf->sg[0];
1152         out_sg->extension = 1;
1153         if (is_encode(ses))
1154                 out_sg->length = sym->aead.data.length + ses->digest_length;
1155         else
1156                 out_sg->length = sym->aead.data.length;
1157
1158         /* output sg entries */
1159         sg = &cf->sg[2];
1160         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(sg));
1161         cpu_to_hw_sg(out_sg);
1162
1163         /* 1st seg */
1164         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1165         sg->length = mbuf->data_len - sym->aead.data.offset;
1166         sg->offset = sym->aead.data.offset;
1167
1168         /* Successive segs */
1169         mbuf = mbuf->next;
1170         while (mbuf) {
1171                 cpu_to_hw_sg(sg);
1172                 sg++;
1173                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1174                 sg->length = mbuf->data_len;
1175                 mbuf = mbuf->next;
1176         }
1177         sg->length -= ses->digest_length;
1178
1179         if (is_encode(ses)) {
1180                 cpu_to_hw_sg(sg);
1181                 /* set auth output */
1182                 sg++;
1183                 qm_sg_entry_set64(sg, sym->aead.digest.phys_addr);
1184                 sg->length = ses->digest_length;
1185         }
1186         sg->final = 1;
1187         cpu_to_hw_sg(sg);
1188
1189         /* input */
1190         mbuf = sym->m_src;
1191         in_sg = &cf->sg[1];
1192         in_sg->extension = 1;
1193         in_sg->final = 1;
1194         if (is_encode(ses))
1195                 in_sg->length = ses->iv.length + sym->aead.data.length
1196                                                         + ses->auth_only_len;
1197         else
1198                 in_sg->length = ses->iv.length + sym->aead.data.length
1199                                 + ses->auth_only_len + ses->digest_length;
1200
1201         /* input sg entries */
1202         sg++;
1203         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1204         cpu_to_hw_sg(in_sg);
1205
1206         /* 1st seg IV */
1207         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1208         sg->length = ses->iv.length;
1209         cpu_to_hw_sg(sg);
1210
1211         /* 2nd seg auth only */
1212         if (ses->auth_only_len) {
1213                 sg++;
1214                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(sym->aead.aad.data));
1215                 sg->length = ses->auth_only_len;
1216                 cpu_to_hw_sg(sg);
1217         }
1218
1219         /* 3rd seg */
1220         sg++;
1221         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1222         sg->length = mbuf->data_len - sym->aead.data.offset;
1223         sg->offset = sym->aead.data.offset;
1224
1225         /* Successive segs */
1226         mbuf = mbuf->next;
1227         while (mbuf) {
1228                 cpu_to_hw_sg(sg);
1229                 sg++;
1230                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1231                 sg->length = mbuf->data_len;
1232                 mbuf = mbuf->next;
1233         }
1234
1235         if (is_decode(ses)) {
1236                 cpu_to_hw_sg(sg);
1237                 sg++;
1238                 memcpy(ctx->digest, sym->aead.digest.data,
1239                         ses->digest_length);
1240                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1241                 sg->length = ses->digest_length;
1242         }
1243         sg->final = 1;
1244         cpu_to_hw_sg(sg);
1245
1246         return cf;
1247 }
1248
1249 static inline struct dpaa_sec_job *
1250 build_cipher_auth_gcm(struct rte_crypto_op *op, dpaa_sec_session *ses)
1251 {
1252         struct rte_crypto_sym_op *sym = op->sym;
1253         struct dpaa_sec_job *cf;
1254         struct dpaa_sec_op_ctx *ctx;
1255         struct qm_sg_entry *sg;
1256         uint32_t length = 0;
1257         rte_iova_t src_start_addr, dst_start_addr;
1258         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1259                         ses->iv.offset);
1260
1261         src_start_addr = sym->m_src->buf_iova + sym->m_src->data_off;
1262
1263         if (sym->m_dst)
1264                 dst_start_addr = sym->m_dst->buf_iova + sym->m_dst->data_off;
1265         else
1266                 dst_start_addr = src_start_addr;
1267
1268         ctx = dpaa_sec_alloc_ctx(ses, 7);
1269         if (!ctx)
1270                 return NULL;
1271
1272         cf = &ctx->job;
1273         ctx->op = op;
1274
1275         /* input */
1276         rte_prefetch0(cf->sg);
1277         sg = &cf->sg[2];
1278         qm_sg_entry_set64(&cf->sg[1], rte_dpaa_mem_vtop(sg));
1279         if (is_encode(ses)) {
1280                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1281                 sg->length = ses->iv.length;
1282                 length += sg->length;
1283                 cpu_to_hw_sg(sg);
1284
1285                 sg++;
1286                 if (ses->auth_only_len) {
1287                         qm_sg_entry_set64(sg,
1288                                           rte_dpaa_mem_vtop(sym->aead.aad.data));
1289                         sg->length = ses->auth_only_len;
1290                         length += sg->length;
1291                         cpu_to_hw_sg(sg);
1292                         sg++;
1293                 }
1294                 qm_sg_entry_set64(sg, src_start_addr + sym->aead.data.offset);
1295                 sg->length = sym->aead.data.length;
1296                 length += sg->length;
1297                 sg->final = 1;
1298                 cpu_to_hw_sg(sg);
1299         } else {
1300                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1301                 sg->length = ses->iv.length;
1302                 length += sg->length;
1303                 cpu_to_hw_sg(sg);
1304
1305                 sg++;
1306                 if (ses->auth_only_len) {
1307                         qm_sg_entry_set64(sg,
1308                                           rte_dpaa_mem_vtop(sym->aead.aad.data));
1309                         sg->length = ses->auth_only_len;
1310                         length += sg->length;
1311                         cpu_to_hw_sg(sg);
1312                         sg++;
1313                 }
1314                 qm_sg_entry_set64(sg, src_start_addr + sym->aead.data.offset);
1315                 sg->length = sym->aead.data.length;
1316                 length += sg->length;
1317                 cpu_to_hw_sg(sg);
1318
1319                 memcpy(ctx->digest, sym->aead.digest.data,
1320                        ses->digest_length);
1321                 sg++;
1322
1323                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1324                 sg->length = ses->digest_length;
1325                 length += sg->length;
1326                 sg->final = 1;
1327                 cpu_to_hw_sg(sg);
1328         }
1329         /* input compound frame */
1330         cf->sg[1].length = length;
1331         cf->sg[1].extension = 1;
1332         cf->sg[1].final = 1;
1333         cpu_to_hw_sg(&cf->sg[1]);
1334
1335         /* output */
1336         sg++;
1337         qm_sg_entry_set64(&cf->sg[0], rte_dpaa_mem_vtop(sg));
1338         qm_sg_entry_set64(sg,
1339                 dst_start_addr + sym->aead.data.offset);
1340         sg->length = sym->aead.data.length;
1341         length = sg->length;
1342         if (is_encode(ses)) {
1343                 cpu_to_hw_sg(sg);
1344                 /* set auth output */
1345                 sg++;
1346                 qm_sg_entry_set64(sg, sym->aead.digest.phys_addr);
1347                 sg->length = ses->digest_length;
1348                 length += sg->length;
1349         }
1350         sg->final = 1;
1351         cpu_to_hw_sg(sg);
1352
1353         /* output compound frame */
1354         cf->sg[0].length = length;
1355         cf->sg[0].extension = 1;
1356         cpu_to_hw_sg(&cf->sg[0]);
1357
1358         return cf;
1359 }
1360
1361 static inline struct dpaa_sec_job *
1362 build_cipher_auth_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
1363 {
1364         struct rte_crypto_sym_op *sym = op->sym;
1365         struct dpaa_sec_job *cf;
1366         struct dpaa_sec_op_ctx *ctx;
1367         struct qm_sg_entry *sg, *out_sg, *in_sg;
1368         struct rte_mbuf *mbuf;
1369         uint8_t req_segs;
1370         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1371                         ses->iv.offset);
1372
1373         if (sym->m_dst) {
1374                 mbuf = sym->m_dst;
1375                 req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 4;
1376         } else {
1377                 mbuf = sym->m_src;
1378                 req_segs = mbuf->nb_segs * 2 + 4;
1379         }
1380
1381         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
1382                 DPAA_SEC_DP_ERR("Cipher-Auth: Max sec segs supported is %d",
1383                                 MAX_SG_ENTRIES);
1384                 return NULL;
1385         }
1386
1387         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
1388         if (!ctx)
1389                 return NULL;
1390
1391         cf = &ctx->job;
1392         ctx->op = op;
1393
1394         rte_prefetch0(cf->sg);
1395
1396         /* output */
1397         out_sg = &cf->sg[0];
1398         out_sg->extension = 1;
1399         if (is_encode(ses))
1400                 out_sg->length = sym->auth.data.length + ses->digest_length;
1401         else
1402                 out_sg->length = sym->auth.data.length;
1403
1404         /* output sg entries */
1405         sg = &cf->sg[2];
1406         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(sg));
1407         cpu_to_hw_sg(out_sg);
1408
1409         /* 1st seg */
1410         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1411         sg->length = mbuf->data_len - sym->auth.data.offset;
1412         sg->offset = sym->auth.data.offset;
1413
1414         /* Successive segs */
1415         mbuf = mbuf->next;
1416         while (mbuf) {
1417                 cpu_to_hw_sg(sg);
1418                 sg++;
1419                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1420                 sg->length = mbuf->data_len;
1421                 mbuf = mbuf->next;
1422         }
1423         sg->length -= ses->digest_length;
1424
1425         if (is_encode(ses)) {
1426                 cpu_to_hw_sg(sg);
1427                 /* set auth output */
1428                 sg++;
1429                 qm_sg_entry_set64(sg, sym->auth.digest.phys_addr);
1430                 sg->length = ses->digest_length;
1431         }
1432         sg->final = 1;
1433         cpu_to_hw_sg(sg);
1434
1435         /* input */
1436         mbuf = sym->m_src;
1437         in_sg = &cf->sg[1];
1438         in_sg->extension = 1;
1439         in_sg->final = 1;
1440         if (is_encode(ses))
1441                 in_sg->length = ses->iv.length + sym->auth.data.length;
1442         else
1443                 in_sg->length = ses->iv.length + sym->auth.data.length
1444                                                 + ses->digest_length;
1445
1446         /* input sg entries */
1447         sg++;
1448         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1449         cpu_to_hw_sg(in_sg);
1450
1451         /* 1st seg IV */
1452         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1453         sg->length = ses->iv.length;
1454         cpu_to_hw_sg(sg);
1455
1456         /* 2nd seg */
1457         sg++;
1458         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1459         sg->length = mbuf->data_len - sym->auth.data.offset;
1460         sg->offset = sym->auth.data.offset;
1461
1462         /* Successive segs */
1463         mbuf = mbuf->next;
1464         while (mbuf) {
1465                 cpu_to_hw_sg(sg);
1466                 sg++;
1467                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1468                 sg->length = mbuf->data_len;
1469                 mbuf = mbuf->next;
1470         }
1471
1472         sg->length -= ses->digest_length;
1473         if (is_decode(ses)) {
1474                 cpu_to_hw_sg(sg);
1475                 sg++;
1476                 memcpy(ctx->digest, sym->auth.digest.data,
1477                         ses->digest_length);
1478                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1479                 sg->length = ses->digest_length;
1480         }
1481         sg->final = 1;
1482         cpu_to_hw_sg(sg);
1483
1484         return cf;
1485 }
1486
1487 static inline struct dpaa_sec_job *
1488 build_cipher_auth(struct rte_crypto_op *op, dpaa_sec_session *ses)
1489 {
1490         struct rte_crypto_sym_op *sym = op->sym;
1491         struct dpaa_sec_job *cf;
1492         struct dpaa_sec_op_ctx *ctx;
1493         struct qm_sg_entry *sg;
1494         rte_iova_t src_start_addr, dst_start_addr;
1495         uint32_t length = 0;
1496         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1497                         ses->iv.offset);
1498
1499         src_start_addr = sym->m_src->buf_iova + sym->m_src->data_off;
1500         if (sym->m_dst)
1501                 dst_start_addr = sym->m_dst->buf_iova + sym->m_dst->data_off;
1502         else
1503                 dst_start_addr = src_start_addr;
1504
1505         ctx = dpaa_sec_alloc_ctx(ses, 7);
1506         if (!ctx)
1507                 return NULL;
1508
1509         cf = &ctx->job;
1510         ctx->op = op;
1511
1512         /* input */
1513         rte_prefetch0(cf->sg);
1514         sg = &cf->sg[2];
1515         qm_sg_entry_set64(&cf->sg[1], rte_dpaa_mem_vtop(sg));
1516         if (is_encode(ses)) {
1517                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1518                 sg->length = ses->iv.length;
1519                 length += sg->length;
1520                 cpu_to_hw_sg(sg);
1521
1522                 sg++;
1523                 qm_sg_entry_set64(sg, src_start_addr + sym->auth.data.offset);
1524                 sg->length = sym->auth.data.length;
1525                 length += sg->length;
1526                 sg->final = 1;
1527                 cpu_to_hw_sg(sg);
1528         } else {
1529                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1530                 sg->length = ses->iv.length;
1531                 length += sg->length;
1532                 cpu_to_hw_sg(sg);
1533
1534                 sg++;
1535
1536                 qm_sg_entry_set64(sg, src_start_addr + sym->auth.data.offset);
1537                 sg->length = sym->auth.data.length;
1538                 length += sg->length;
1539                 cpu_to_hw_sg(sg);
1540
1541                 memcpy(ctx->digest, sym->auth.digest.data,
1542                        ses->digest_length);
1543                 sg++;
1544
1545                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1546                 sg->length = ses->digest_length;
1547                 length += sg->length;
1548                 sg->final = 1;
1549                 cpu_to_hw_sg(sg);
1550         }
1551         /* input compound frame */
1552         cf->sg[1].length = length;
1553         cf->sg[1].extension = 1;
1554         cf->sg[1].final = 1;
1555         cpu_to_hw_sg(&cf->sg[1]);
1556
1557         /* output */
1558         sg++;
1559         qm_sg_entry_set64(&cf->sg[0], rte_dpaa_mem_vtop(sg));
1560         qm_sg_entry_set64(sg, dst_start_addr + sym->cipher.data.offset);
1561         sg->length = sym->cipher.data.length;
1562         length = sg->length;
1563         if (is_encode(ses)) {
1564                 cpu_to_hw_sg(sg);
1565                 /* set auth output */
1566                 sg++;
1567                 qm_sg_entry_set64(sg, sym->auth.digest.phys_addr);
1568                 sg->length = ses->digest_length;
1569                 length += sg->length;
1570         }
1571         sg->final = 1;
1572         cpu_to_hw_sg(sg);
1573
1574         /* output compound frame */
1575         cf->sg[0].length = length;
1576         cf->sg[0].extension = 1;
1577         cpu_to_hw_sg(&cf->sg[0]);
1578
1579         return cf;
1580 }
1581
1582 #ifdef RTE_LIB_SECURITY
1583 static inline struct dpaa_sec_job *
1584 build_proto(struct rte_crypto_op *op, dpaa_sec_session *ses)
1585 {
1586         struct rte_crypto_sym_op *sym = op->sym;
1587         struct dpaa_sec_job *cf;
1588         struct dpaa_sec_op_ctx *ctx;
1589         struct qm_sg_entry *sg;
1590         phys_addr_t src_start_addr, dst_start_addr;
1591
1592         ctx = dpaa_sec_alloc_ctx(ses, 2);
1593         if (!ctx)
1594                 return NULL;
1595         cf = &ctx->job;
1596         ctx->op = op;
1597
1598         src_start_addr = rte_pktmbuf_iova(sym->m_src);
1599
1600         if (sym->m_dst)
1601                 dst_start_addr = rte_pktmbuf_iova(sym->m_dst);
1602         else
1603                 dst_start_addr = src_start_addr;
1604
1605         /* input */
1606         sg = &cf->sg[1];
1607         qm_sg_entry_set64(sg, src_start_addr);
1608         sg->length = sym->m_src->pkt_len;
1609         sg->final = 1;
1610         cpu_to_hw_sg(sg);
1611
1612         sym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK;
1613         /* output */
1614         sg = &cf->sg[0];
1615         qm_sg_entry_set64(sg, dst_start_addr);
1616         sg->length = sym->m_src->buf_len - sym->m_src->data_off;
1617         cpu_to_hw_sg(sg);
1618
1619         return cf;
1620 }
1621
1622 static inline struct dpaa_sec_job *
1623 build_proto_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
1624 {
1625         struct rte_crypto_sym_op *sym = op->sym;
1626         struct dpaa_sec_job *cf;
1627         struct dpaa_sec_op_ctx *ctx;
1628         struct qm_sg_entry *sg, *out_sg, *in_sg;
1629         struct rte_mbuf *mbuf;
1630         uint8_t req_segs;
1631         uint32_t in_len = 0, out_len = 0;
1632
1633         if (sym->m_dst)
1634                 mbuf = sym->m_dst;
1635         else
1636                 mbuf = sym->m_src;
1637
1638         req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 2;
1639         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
1640                 DPAA_SEC_DP_ERR("Proto: Max sec segs supported is %d",
1641                                 MAX_SG_ENTRIES);
1642                 return NULL;
1643         }
1644
1645         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
1646         if (!ctx)
1647                 return NULL;
1648         cf = &ctx->job;
1649         ctx->op = op;
1650         /* output */
1651         out_sg = &cf->sg[0];
1652         out_sg->extension = 1;
1653         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
1654
1655         /* 1st seg */
1656         sg = &cf->sg[2];
1657         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1658         sg->offset = 0;
1659
1660         /* Successive segs */
1661         while (mbuf->next) {
1662                 sg->length = mbuf->data_len;
1663                 out_len += sg->length;
1664                 mbuf = mbuf->next;
1665                 cpu_to_hw_sg(sg);
1666                 sg++;
1667                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1668                 sg->offset = 0;
1669         }
1670         sg->length = mbuf->buf_len - mbuf->data_off;
1671         out_len += sg->length;
1672         sg->final = 1;
1673         cpu_to_hw_sg(sg);
1674
1675         out_sg->length = out_len;
1676         cpu_to_hw_sg(out_sg);
1677
1678         /* input */
1679         mbuf = sym->m_src;
1680         in_sg = &cf->sg[1];
1681         in_sg->extension = 1;
1682         in_sg->final = 1;
1683         in_len = mbuf->data_len;
1684
1685         sg++;
1686         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1687
1688         /* 1st seg */
1689         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1690         sg->length = mbuf->data_len;
1691         sg->offset = 0;
1692
1693         /* Successive segs */
1694         mbuf = mbuf->next;
1695         while (mbuf) {
1696                 cpu_to_hw_sg(sg);
1697                 sg++;
1698                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1699                 sg->length = mbuf->data_len;
1700                 sg->offset = 0;
1701                 in_len += sg->length;
1702                 mbuf = mbuf->next;
1703         }
1704         sg->final = 1;
1705         cpu_to_hw_sg(sg);
1706
1707         in_sg->length = in_len;
1708         cpu_to_hw_sg(in_sg);
1709
1710         sym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK;
1711
1712         return cf;
1713 }
1714 #endif
1715
1716 static uint16_t
1717 dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
1718                        uint16_t nb_ops)
1719 {
1720         /* Function to transmit the frames to given device and queuepair */
1721         uint32_t loop;
1722         struct dpaa_sec_qp *dpaa_qp = (struct dpaa_sec_qp *)qp;
1723         uint16_t num_tx = 0;
1724         struct qm_fd fds[DPAA_SEC_BURST], *fd;
1725         uint32_t frames_to_send;
1726         struct rte_crypto_op *op;
1727         struct dpaa_sec_job *cf;
1728         dpaa_sec_session *ses;
1729         uint16_t auth_hdr_len, auth_tail_len;
1730         uint32_t index, flags[DPAA_SEC_BURST] = {0};
1731         struct qman_fq *inq[DPAA_SEC_BURST];
1732
1733         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
1734                 if (rte_dpaa_portal_init((void *)0)) {
1735                         DPAA_SEC_ERR("Failure in affining portal");
1736                         return 0;
1737                 }
1738         }
1739
1740         while (nb_ops) {
1741                 frames_to_send = (nb_ops > DPAA_SEC_BURST) ?
1742                                 DPAA_SEC_BURST : nb_ops;
1743                 for (loop = 0; loop < frames_to_send; loop++) {
1744                         op = *(ops++);
1745                         if (*dpaa_seqn(op->sym->m_src) != 0) {
1746                                 index = *dpaa_seqn(op->sym->m_src) - 1;
1747                                 if (DPAA_PER_LCORE_DQRR_HELD & (1 << index)) {
1748                                         /* QM_EQCR_DCA_IDXMASK = 0x0f */
1749                                         flags[loop] = ((index & 0x0f) << 8);
1750                                         flags[loop] |= QMAN_ENQUEUE_FLAG_DCA;
1751                                         DPAA_PER_LCORE_DQRR_SIZE--;
1752                                         DPAA_PER_LCORE_DQRR_HELD &=
1753                                                                 ~(1 << index);
1754                                 }
1755                         }
1756
1757                         switch (op->sess_type) {
1758                         case RTE_CRYPTO_OP_WITH_SESSION:
1759                                 ses = (dpaa_sec_session *)
1760                                         get_sym_session_private_data(
1761                                                         op->sym->session,
1762                                                         cryptodev_driver_id);
1763                                 break;
1764 #ifdef RTE_LIB_SECURITY
1765                         case RTE_CRYPTO_OP_SECURITY_SESSION:
1766                                 ses = (dpaa_sec_session *)
1767                                         get_sec_session_private_data(
1768                                                         op->sym->sec_session);
1769                                 break;
1770 #endif
1771                         default:
1772                                 DPAA_SEC_DP_ERR(
1773                                         "sessionless crypto op not supported");
1774                                 frames_to_send = loop;
1775                                 nb_ops = loop;
1776                                 goto send_pkts;
1777                         }
1778
1779                         if (!ses) {
1780                                 DPAA_SEC_DP_ERR("session not available");
1781                                 frames_to_send = loop;
1782                                 nb_ops = loop;
1783                                 goto send_pkts;
1784                         }
1785
1786                         if (unlikely(!ses->qp[rte_lcore_id() % MAX_DPAA_CORES])) {
1787                                 if (dpaa_sec_attach_sess_q(qp, ses)) {
1788                                         frames_to_send = loop;
1789                                         nb_ops = loop;
1790                                         goto send_pkts;
1791                                 }
1792                         } else if (unlikely(ses->qp[rte_lcore_id() %
1793                                                 MAX_DPAA_CORES] != qp)) {
1794                                 DPAA_SEC_DP_ERR("Old:sess->qp = %p"
1795                                         " New qp = %p\n",
1796                                         ses->qp[rte_lcore_id() %
1797                                         MAX_DPAA_CORES], qp);
1798                                 frames_to_send = loop;
1799                                 nb_ops = loop;
1800                                 goto send_pkts;
1801                         }
1802
1803                         auth_hdr_len = op->sym->auth.data.length -
1804                                                 op->sym->cipher.data.length;
1805                         auth_tail_len = 0;
1806
1807                         if (rte_pktmbuf_is_contiguous(op->sym->m_src) &&
1808                                   ((op->sym->m_dst == NULL) ||
1809                                    rte_pktmbuf_is_contiguous(op->sym->m_dst))) {
1810                                 switch (ses->ctxt) {
1811 #ifdef RTE_LIB_SECURITY
1812                                 case DPAA_SEC_PDCP:
1813                                 case DPAA_SEC_IPSEC:
1814                                         cf = build_proto(op, ses);
1815                                         break;
1816 #endif
1817                                 case DPAA_SEC_AUTH:
1818                                         cf = build_auth_only(op, ses);
1819                                         break;
1820                                 case DPAA_SEC_CIPHER:
1821                                         cf = build_cipher_only(op, ses);
1822                                         break;
1823                                 case DPAA_SEC_AEAD:
1824                                         cf = build_cipher_auth_gcm(op, ses);
1825                                         auth_hdr_len = ses->auth_only_len;
1826                                         break;
1827                                 case DPAA_SEC_CIPHER_HASH:
1828                                         auth_hdr_len =
1829                                                 op->sym->cipher.data.offset
1830                                                 - op->sym->auth.data.offset;
1831                                         auth_tail_len =
1832                                                 op->sym->auth.data.length
1833                                                 - op->sym->cipher.data.length
1834                                                 - auth_hdr_len;
1835                                         cf = build_cipher_auth(op, ses);
1836                                         break;
1837                                 default:
1838                                         DPAA_SEC_DP_ERR("not supported ops");
1839                                         frames_to_send = loop;
1840                                         nb_ops = loop;
1841                                         goto send_pkts;
1842                                 }
1843                         } else {
1844                                 switch (ses->ctxt) {
1845 #ifdef RTE_LIB_SECURITY
1846                                 case DPAA_SEC_PDCP:
1847                                 case DPAA_SEC_IPSEC:
1848                                         cf = build_proto_sg(op, ses);
1849                                         break;
1850 #endif
1851                                 case DPAA_SEC_AUTH:
1852                                         cf = build_auth_only_sg(op, ses);
1853                                         break;
1854                                 case DPAA_SEC_CIPHER:
1855                                         cf = build_cipher_only_sg(op, ses);
1856                                         break;
1857                                 case DPAA_SEC_AEAD:
1858                                         cf = build_cipher_auth_gcm_sg(op, ses);
1859                                         auth_hdr_len = ses->auth_only_len;
1860                                         break;
1861                                 case DPAA_SEC_CIPHER_HASH:
1862                                         auth_hdr_len =
1863                                                 op->sym->cipher.data.offset
1864                                                 - op->sym->auth.data.offset;
1865                                         auth_tail_len =
1866                                                 op->sym->auth.data.length
1867                                                 - op->sym->cipher.data.length
1868                                                 - auth_hdr_len;
1869                                         cf = build_cipher_auth_sg(op, ses);
1870                                         break;
1871                                 default:
1872                                         DPAA_SEC_DP_ERR("not supported ops");
1873                                         frames_to_send = loop;
1874                                         nb_ops = loop;
1875                                         goto send_pkts;
1876                                 }
1877                         }
1878                         if (unlikely(!cf)) {
1879                                 frames_to_send = loop;
1880                                 nb_ops = loop;
1881                                 goto send_pkts;
1882                         }
1883
1884                         fd = &fds[loop];
1885                         inq[loop] = ses->inq[rte_lcore_id() % MAX_DPAA_CORES];
1886                         fd->opaque_addr = 0;
1887                         fd->cmd = 0;
1888                         qm_fd_addr_set64(fd, rte_dpaa_mem_vtop(cf->sg));
1889                         fd->_format1 = qm_fd_compound;
1890                         fd->length29 = 2 * sizeof(struct qm_sg_entry);
1891
1892                         /* Auth_only_len is set as 0 in descriptor and it is
1893                          * overwritten here in the fd.cmd which will update
1894                          * the DPOVRD reg.
1895                          */
1896                         if (auth_hdr_len || auth_tail_len) {
1897                                 fd->cmd = 0x80000000;
1898                                 fd->cmd |=
1899                                         ((auth_tail_len << 16) | auth_hdr_len);
1900                         }
1901
1902 #ifdef RTE_LIB_SECURITY
1903                         /* In case of PDCP, per packet HFN is stored in
1904                          * mbuf priv after sym_op.
1905                          */
1906                         if ((ses->ctxt == DPAA_SEC_PDCP) && ses->pdcp.hfn_ovd) {
1907                                 fd->cmd = 0x80000000 |
1908                                         *((uint32_t *)((uint8_t *)op +
1909                                         ses->pdcp.hfn_ovd_offset));
1910                                 DPAA_SEC_DP_DEBUG("Per packet HFN: %x, ovd:%u\n",
1911                                         *((uint32_t *)((uint8_t *)op +
1912                                         ses->pdcp.hfn_ovd_offset)),
1913                                         ses->pdcp.hfn_ovd);
1914                         }
1915 #endif
1916                 }
1917 send_pkts:
1918                 loop = 0;
1919                 while (loop < frames_to_send) {
1920                         loop += qman_enqueue_multi_fq(&inq[loop], &fds[loop],
1921                                         &flags[loop], frames_to_send - loop);
1922                 }
1923                 nb_ops -= frames_to_send;
1924                 num_tx += frames_to_send;
1925         }
1926
1927         dpaa_qp->tx_pkts += num_tx;
1928         dpaa_qp->tx_errs += nb_ops - num_tx;
1929
1930         return num_tx;
1931 }
1932
1933 static uint16_t
1934 dpaa_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
1935                        uint16_t nb_ops)
1936 {
1937         uint16_t num_rx;
1938         struct dpaa_sec_qp *dpaa_qp = (struct dpaa_sec_qp *)qp;
1939
1940         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
1941                 if (rte_dpaa_portal_init((void *)0)) {
1942                         DPAA_SEC_ERR("Failure in affining portal");
1943                         return 0;
1944                 }
1945         }
1946
1947         num_rx = dpaa_sec_deq(dpaa_qp, ops, nb_ops);
1948
1949         dpaa_qp->rx_pkts += num_rx;
1950         dpaa_qp->rx_errs += nb_ops - num_rx;
1951
1952         DPAA_SEC_DP_DEBUG("SEC Received %d Packets\n", num_rx);
1953
1954         return num_rx;
1955 }
1956
1957 /** Release queue pair */
1958 static int
1959 dpaa_sec_queue_pair_release(struct rte_cryptodev *dev,
1960                             uint16_t qp_id)
1961 {
1962         struct dpaa_sec_dev_private *internals;
1963         struct dpaa_sec_qp *qp = NULL;
1964
1965         PMD_INIT_FUNC_TRACE();
1966
1967         DPAA_SEC_DEBUG("dev =%p, queue =%d", dev, qp_id);
1968
1969         internals = dev->data->dev_private;
1970         if (qp_id >= internals->max_nb_queue_pairs) {
1971                 DPAA_SEC_ERR("Max supported qpid %d",
1972                              internals->max_nb_queue_pairs);
1973                 return -EINVAL;
1974         }
1975
1976         qp = &internals->qps[qp_id];
1977         rte_mempool_free(qp->ctx_pool);
1978         qp->internals = NULL;
1979         dev->data->queue_pairs[qp_id] = NULL;
1980
1981         return 0;
1982 }
1983
1984 /** Setup a queue pair */
1985 static int
1986 dpaa_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
1987                 __rte_unused const struct rte_cryptodev_qp_conf *qp_conf,
1988                 __rte_unused int socket_id)
1989 {
1990         struct dpaa_sec_dev_private *internals;
1991         struct dpaa_sec_qp *qp = NULL;
1992         char str[20];
1993
1994         DPAA_SEC_DEBUG("dev =%p, queue =%d, conf =%p", dev, qp_id, qp_conf);
1995
1996         internals = dev->data->dev_private;
1997         if (qp_id >= internals->max_nb_queue_pairs) {
1998                 DPAA_SEC_ERR("Max supported qpid %d",
1999                              internals->max_nb_queue_pairs);
2000                 return -EINVAL;
2001         }
2002
2003         qp = &internals->qps[qp_id];
2004         qp->internals = internals;
2005         snprintf(str, sizeof(str), "ctx_pool_d%d_qp%d",
2006                         dev->data->dev_id, qp_id);
2007         if (!qp->ctx_pool) {
2008                 qp->ctx_pool = rte_mempool_create((const char *)str,
2009                                                         CTX_POOL_NUM_BUFS,
2010                                                         CTX_POOL_BUF_SIZE,
2011                                                         CTX_POOL_CACHE_SIZE, 0,
2012                                                         NULL, NULL, NULL, NULL,
2013                                                         SOCKET_ID_ANY, 0);
2014                 if (!qp->ctx_pool) {
2015                         DPAA_SEC_ERR("%s create failed\n", str);
2016                         return -ENOMEM;
2017                 }
2018         } else
2019                 DPAA_SEC_INFO("mempool already created for dev_id : %d, qp: %d",
2020                                 dev->data->dev_id, qp_id);
2021         dev->data->queue_pairs[qp_id] = qp;
2022
2023         return 0;
2024 }
2025
2026 /** Returns the size of session structure */
2027 static unsigned int
2028 dpaa_sec_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
2029 {
2030         PMD_INIT_FUNC_TRACE();
2031
2032         return sizeof(dpaa_sec_session);
2033 }
2034
2035 static int
2036 dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
2037                      struct rte_crypto_sym_xform *xform,
2038                      dpaa_sec_session *session)
2039 {
2040         session->ctxt = DPAA_SEC_CIPHER;
2041         session->cipher_alg = xform->cipher.algo;
2042         session->iv.length = xform->cipher.iv.length;
2043         session->iv.offset = xform->cipher.iv.offset;
2044         session->cipher_key.data = rte_zmalloc(NULL, xform->cipher.key.length,
2045                                                RTE_CACHE_LINE_SIZE);
2046         if (session->cipher_key.data == NULL && xform->cipher.key.length > 0) {
2047                 DPAA_SEC_ERR("No Memory for cipher key");
2048                 return -ENOMEM;
2049         }
2050         session->cipher_key.length = xform->cipher.key.length;
2051
2052         memcpy(session->cipher_key.data, xform->cipher.key.data,
2053                xform->cipher.key.length);
2054         switch (xform->cipher.algo) {
2055         case RTE_CRYPTO_CIPHER_AES_CBC:
2056                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2057                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2058                 break;
2059         case RTE_CRYPTO_CIPHER_DES_CBC:
2060                 session->cipher_key.alg = OP_ALG_ALGSEL_DES;
2061                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2062                 break;
2063         case RTE_CRYPTO_CIPHER_3DES_CBC:
2064                 session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
2065                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2066                 break;
2067         case RTE_CRYPTO_CIPHER_AES_CTR:
2068                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2069                 session->cipher_key.algmode = OP_ALG_AAI_CTR;
2070                 break;
2071         case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
2072                 session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8;
2073                 break;
2074         case RTE_CRYPTO_CIPHER_ZUC_EEA3:
2075                 session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE;
2076                 break;
2077         default:
2078                 DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2079                               xform->cipher.algo);
2080                 return -ENOTSUP;
2081         }
2082         session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
2083                         DIR_ENC : DIR_DEC;
2084
2085         return 0;
2086 }
2087
2088 static int
2089 dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
2090                    struct rte_crypto_sym_xform *xform,
2091                    dpaa_sec_session *session)
2092 {
2093         session->ctxt = DPAA_SEC_AUTH;
2094         session->auth_alg = xform->auth.algo;
2095         session->auth_key.length = xform->auth.key.length;
2096         if (xform->auth.key.length) {
2097                 session->auth_key.data =
2098                                 rte_zmalloc(NULL, xform->auth.key.length,
2099                                              RTE_CACHE_LINE_SIZE);
2100                 if (session->auth_key.data == NULL) {
2101                         DPAA_SEC_ERR("No Memory for auth key");
2102                         return -ENOMEM;
2103                 }
2104                 memcpy(session->auth_key.data, xform->auth.key.data,
2105                                 xform->auth.key.length);
2106
2107         }
2108         session->digest_length = xform->auth.digest_length;
2109         if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) {
2110                 session->iv.offset = xform->auth.iv.offset;
2111                 session->iv.length = xform->auth.iv.length;
2112         }
2113
2114         switch (xform->auth.algo) {
2115         case RTE_CRYPTO_AUTH_SHA1:
2116                 session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
2117                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2118                 break;
2119         case RTE_CRYPTO_AUTH_SHA1_HMAC:
2120                 session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
2121                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2122                 break;
2123         case RTE_CRYPTO_AUTH_MD5:
2124                 session->auth_key.alg = OP_ALG_ALGSEL_MD5;
2125                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2126                 break;
2127         case RTE_CRYPTO_AUTH_MD5_HMAC:
2128                 session->auth_key.alg = OP_ALG_ALGSEL_MD5;
2129                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2130                 break;
2131         case RTE_CRYPTO_AUTH_SHA224:
2132                 session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
2133                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2134                 break;
2135         case RTE_CRYPTO_AUTH_SHA224_HMAC:
2136                 session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
2137                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2138                 break;
2139         case RTE_CRYPTO_AUTH_SHA256:
2140                 session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
2141                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2142                 break;
2143         case RTE_CRYPTO_AUTH_SHA256_HMAC:
2144                 session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
2145                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2146                 break;
2147         case RTE_CRYPTO_AUTH_SHA384:
2148                 session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
2149                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2150                 break;
2151         case RTE_CRYPTO_AUTH_SHA384_HMAC:
2152                 session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
2153                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2154                 break;
2155         case RTE_CRYPTO_AUTH_SHA512:
2156                 session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
2157                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2158                 break;
2159         case RTE_CRYPTO_AUTH_SHA512_HMAC:
2160                 session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
2161                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2162                 break;
2163         case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
2164                 session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9;
2165                 session->auth_key.algmode = OP_ALG_AAI_F9;
2166                 break;
2167         case RTE_CRYPTO_AUTH_ZUC_EIA3:
2168                 session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
2169                 session->auth_key.algmode = OP_ALG_AAI_F9;
2170                 break;
2171         default:
2172                 DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
2173                               xform->auth.algo);
2174                 return -ENOTSUP;
2175         }
2176
2177         session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
2178                         DIR_ENC : DIR_DEC;
2179
2180         return 0;
2181 }
2182
2183 static int
2184 dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
2185                    struct rte_crypto_sym_xform *xform,
2186                    dpaa_sec_session *session)
2187 {
2188
2189         struct rte_crypto_cipher_xform *cipher_xform;
2190         struct rte_crypto_auth_xform *auth_xform;
2191
2192         session->ctxt = DPAA_SEC_CIPHER_HASH;
2193         if (session->auth_cipher_text) {
2194                 cipher_xform = &xform->cipher;
2195                 auth_xform = &xform->next->auth;
2196         } else {
2197                 cipher_xform = &xform->next->cipher;
2198                 auth_xform = &xform->auth;
2199         }
2200
2201         /* Set IV parameters */
2202         session->iv.offset = cipher_xform->iv.offset;
2203         session->iv.length = cipher_xform->iv.length;
2204
2205         session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length,
2206                                                RTE_CACHE_LINE_SIZE);
2207         if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) {
2208                 DPAA_SEC_ERR("No Memory for cipher key");
2209                 return -ENOMEM;
2210         }
2211         session->cipher_key.length = cipher_xform->key.length;
2212         session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length,
2213                                              RTE_CACHE_LINE_SIZE);
2214         if (session->auth_key.data == NULL && auth_xform->key.length > 0) {
2215                 DPAA_SEC_ERR("No Memory for auth key");
2216                 return -ENOMEM;
2217         }
2218         session->auth_key.length = auth_xform->key.length;
2219         memcpy(session->cipher_key.data, cipher_xform->key.data,
2220                cipher_xform->key.length);
2221         memcpy(session->auth_key.data, auth_xform->key.data,
2222                auth_xform->key.length);
2223
2224         session->digest_length = auth_xform->digest_length;
2225         session->auth_alg = auth_xform->algo;
2226
2227         switch (auth_xform->algo) {
2228         case RTE_CRYPTO_AUTH_SHA1_HMAC:
2229                 session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
2230                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2231                 break;
2232         case RTE_CRYPTO_AUTH_MD5_HMAC:
2233                 session->auth_key.alg = OP_ALG_ALGSEL_MD5;
2234                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2235                 break;
2236         case RTE_CRYPTO_AUTH_SHA224_HMAC:
2237                 session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
2238                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2239                 break;
2240         case RTE_CRYPTO_AUTH_SHA256_HMAC:
2241                 session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
2242                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2243                 break;
2244         case RTE_CRYPTO_AUTH_SHA384_HMAC:
2245                 session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
2246                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2247                 break;
2248         case RTE_CRYPTO_AUTH_SHA512_HMAC:
2249                 session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
2250                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2251                 break;
2252         default:
2253                 DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
2254                               auth_xform->algo);
2255                 return -ENOTSUP;
2256         }
2257
2258         session->cipher_alg = cipher_xform->algo;
2259
2260         switch (cipher_xform->algo) {
2261         case RTE_CRYPTO_CIPHER_AES_CBC:
2262                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2263                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2264                 break;
2265         case RTE_CRYPTO_CIPHER_DES_CBC:
2266                 session->cipher_key.alg = OP_ALG_ALGSEL_DES;
2267                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2268                 break;
2269         case RTE_CRYPTO_CIPHER_3DES_CBC:
2270                 session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
2271                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2272                 break;
2273         case RTE_CRYPTO_CIPHER_AES_CTR:
2274                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2275                 session->cipher_key.algmode = OP_ALG_AAI_CTR;
2276                 break;
2277         default:
2278                 DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2279                               cipher_xform->algo);
2280                 return -ENOTSUP;
2281         }
2282         session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
2283                                 DIR_ENC : DIR_DEC;
2284         return 0;
2285 }
2286
2287 static int
2288 dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
2289                    struct rte_crypto_sym_xform *xform,
2290                    dpaa_sec_session *session)
2291 {
2292         session->aead_alg = xform->aead.algo;
2293         session->ctxt = DPAA_SEC_AEAD;
2294         session->iv.length = xform->aead.iv.length;
2295         session->iv.offset = xform->aead.iv.offset;
2296         session->auth_only_len = xform->aead.aad_length;
2297         session->aead_key.data = rte_zmalloc(NULL, xform->aead.key.length,
2298                                              RTE_CACHE_LINE_SIZE);
2299         if (session->aead_key.data == NULL && xform->aead.key.length > 0) {
2300                 DPAA_SEC_ERR("No Memory for aead key\n");
2301                 return -ENOMEM;
2302         }
2303         session->aead_key.length = xform->aead.key.length;
2304         session->digest_length = xform->aead.digest_length;
2305
2306         memcpy(session->aead_key.data, xform->aead.key.data,
2307                xform->aead.key.length);
2308
2309         switch (session->aead_alg) {
2310         case RTE_CRYPTO_AEAD_AES_GCM:
2311                 session->aead_key.alg = OP_ALG_ALGSEL_AES;
2312                 session->aead_key.algmode = OP_ALG_AAI_GCM;
2313                 break;
2314         default:
2315                 DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg);
2316                 return -ENOTSUP;
2317         }
2318
2319         session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
2320                         DIR_ENC : DIR_DEC;
2321
2322         return 0;
2323 }
2324
2325 static struct qman_fq *
2326 dpaa_sec_attach_rxq(struct dpaa_sec_dev_private *qi)
2327 {
2328         unsigned int i;
2329
2330         for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
2331                 if (qi->inq_attach[i] == 0) {
2332                         qi->inq_attach[i] = 1;
2333                         return &qi->inq[i];
2334                 }
2335         }
2336         DPAA_SEC_WARN("All session in use %u", qi->max_nb_sessions);
2337
2338         return NULL;
2339 }
2340
2341 static int
2342 dpaa_sec_detach_rxq(struct dpaa_sec_dev_private *qi, struct qman_fq *fq)
2343 {
2344         unsigned int i;
2345
2346         for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
2347                 if (&qi->inq[i] == fq) {
2348                         if (qman_retire_fq(fq, NULL) != 0)
2349                                 DPAA_SEC_DEBUG("Queue is not retired\n");
2350                         qman_oos_fq(fq);
2351                         qi->inq_attach[i] = 0;
2352                         return 0;
2353                 }
2354         }
2355         return -1;
2356 }
2357
2358 static int
2359 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess)
2360 {
2361         int ret;
2362
2363         sess->qp[rte_lcore_id() % MAX_DPAA_CORES] = qp;
2364         ret = dpaa_sec_prep_cdb(sess);
2365         if (ret) {
2366                 DPAA_SEC_ERR("Unable to prepare sec cdb");
2367                 return ret;
2368         }
2369         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
2370                 ret = rte_dpaa_portal_init((void *)0);
2371                 if (ret) {
2372                         DPAA_SEC_ERR("Failure in affining portal");
2373                         return ret;
2374                 }
2375         }
2376         ret = dpaa_sec_init_rx(sess->inq[rte_lcore_id() % MAX_DPAA_CORES],
2377                                rte_dpaa_mem_vtop(&sess->cdb),
2378                                qman_fq_fqid(&qp->outq));
2379         if (ret)
2380                 DPAA_SEC_ERR("Unable to init sec queue");
2381
2382         return ret;
2383 }
2384
2385 static inline void
2386 free_session_data(dpaa_sec_session *s)
2387 {
2388         if (is_aead(s))
2389                 rte_free(s->aead_key.data);
2390         else {
2391                 rte_free(s->auth_key.data);
2392                 rte_free(s->cipher_key.data);
2393         }
2394         memset(s, 0, sizeof(dpaa_sec_session));
2395 }
2396
2397 static int
2398 dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
2399                             struct rte_crypto_sym_xform *xform, void *sess)
2400 {
2401         struct dpaa_sec_dev_private *internals = dev->data->dev_private;
2402         dpaa_sec_session *session = sess;
2403         uint32_t i;
2404         int ret;
2405
2406         PMD_INIT_FUNC_TRACE();
2407
2408         if (unlikely(sess == NULL)) {
2409                 DPAA_SEC_ERR("invalid session struct");
2410                 return -EINVAL;
2411         }
2412         memset(session, 0, sizeof(dpaa_sec_session));
2413
2414         /* Default IV length = 0 */
2415         session->iv.length = 0;
2416
2417         /* Cipher Only */
2418         if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
2419                 session->auth_alg = RTE_CRYPTO_AUTH_NULL;
2420                 ret = dpaa_sec_cipher_init(dev, xform, session);
2421
2422         /* Authentication Only */
2423         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
2424                    xform->next == NULL) {
2425                 session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
2426                 session->ctxt = DPAA_SEC_AUTH;
2427                 ret = dpaa_sec_auth_init(dev, xform, session);
2428
2429         /* Cipher then Authenticate */
2430         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
2431                    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
2432                 if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
2433                         session->auth_cipher_text = 1;
2434                         if (xform->cipher.algo == RTE_CRYPTO_CIPHER_NULL)
2435                                 ret = dpaa_sec_auth_init(dev, xform, session);
2436                         else if (xform->next->auth.algo == RTE_CRYPTO_AUTH_NULL)
2437                                 ret = dpaa_sec_cipher_init(dev, xform, session);
2438                         else
2439                                 ret = dpaa_sec_chain_init(dev, xform, session);
2440                 } else {
2441                         DPAA_SEC_ERR("Not supported: Auth then Cipher");
2442                         return -ENOTSUP;
2443                 }
2444         /* Authenticate then Cipher */
2445         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
2446                    xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
2447                 if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
2448                         session->auth_cipher_text = 0;
2449                         if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL)
2450                                 ret = dpaa_sec_cipher_init(dev, xform, session);
2451                         else if (xform->next->cipher.algo
2452                                         == RTE_CRYPTO_CIPHER_NULL)
2453                                 ret = dpaa_sec_auth_init(dev, xform, session);
2454                         else
2455                                 ret = dpaa_sec_chain_init(dev, xform, session);
2456                 } else {
2457                         DPAA_SEC_ERR("Not supported: Auth then Cipher");
2458                         return -ENOTSUP;
2459                 }
2460
2461         /* AEAD operation for AES-GCM kind of Algorithms */
2462         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
2463                    xform->next == NULL) {
2464                 ret = dpaa_sec_aead_init(dev, xform, session);
2465
2466         } else {
2467                 DPAA_SEC_ERR("Invalid crypto type");
2468                 return -EINVAL;
2469         }
2470         if (ret) {
2471                 DPAA_SEC_ERR("unable to init session");
2472                 goto err1;
2473         }
2474
2475         rte_spinlock_lock(&internals->lock);
2476         for (i = 0; i < MAX_DPAA_CORES; i++) {
2477                 session->inq[i] = dpaa_sec_attach_rxq(internals);
2478                 if (session->inq[i] == NULL) {
2479                         DPAA_SEC_ERR("unable to attach sec queue");
2480                         rte_spinlock_unlock(&internals->lock);
2481                         ret = -EBUSY;
2482                         goto err1;
2483                 }
2484         }
2485         rte_spinlock_unlock(&internals->lock);
2486
2487         return 0;
2488
2489 err1:
2490         free_session_data(session);
2491         return ret;
2492 }
2493
2494 static int
2495 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
2496                 struct rte_crypto_sym_xform *xform,
2497                 struct rte_cryptodev_sym_session *sess,
2498                 struct rte_mempool *mempool)
2499 {
2500         void *sess_private_data;
2501         int ret;
2502
2503         PMD_INIT_FUNC_TRACE();
2504
2505         if (rte_mempool_get(mempool, &sess_private_data)) {
2506                 DPAA_SEC_ERR("Couldn't get object from session mempool");
2507                 return -ENOMEM;
2508         }
2509
2510         ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
2511         if (ret != 0) {
2512                 DPAA_SEC_ERR("failed to configure session parameters");
2513
2514                 /* Return session to mempool */
2515                 rte_mempool_put(mempool, sess_private_data);
2516                 return ret;
2517         }
2518
2519         set_sym_session_private_data(sess, dev->driver_id,
2520                         sess_private_data);
2521
2522
2523         return 0;
2524 }
2525
2526 static inline void
2527 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
2528 {
2529         struct dpaa_sec_dev_private *qi = dev->data->dev_private;
2530         struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
2531         uint8_t i;
2532
2533         for (i = 0; i < MAX_DPAA_CORES; i++) {
2534                 if (s->inq[i])
2535                         dpaa_sec_detach_rxq(qi, s->inq[i]);
2536                 s->inq[i] = NULL;
2537                 s->qp[i] = NULL;
2538         }
2539         free_session_data(s);
2540         rte_mempool_put(sess_mp, (void *)s);
2541 }
2542
2543 /** Clear the memory of session so it doesn't leave key material behind */
2544 static void
2545 dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
2546                 struct rte_cryptodev_sym_session *sess)
2547 {
2548         PMD_INIT_FUNC_TRACE();
2549         uint8_t index = dev->driver_id;
2550         void *sess_priv = get_sym_session_private_data(sess, index);
2551         dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
2552
2553         if (sess_priv) {
2554                 free_session_memory(dev, s);
2555                 set_sym_session_private_data(sess, index, NULL);
2556         }
2557 }
2558
2559 #ifdef RTE_LIB_SECURITY
2560 static int
2561 dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
2562                         struct rte_security_ipsec_xform *ipsec_xform,
2563                         dpaa_sec_session *session)
2564 {
2565         PMD_INIT_FUNC_TRACE();
2566
2567         session->aead_key.data = rte_zmalloc(NULL, aead_xform->key.length,
2568                                                RTE_CACHE_LINE_SIZE);
2569         if (session->aead_key.data == NULL && aead_xform->key.length > 0) {
2570                 DPAA_SEC_ERR("No Memory for aead key");
2571                 return -ENOMEM;
2572         }
2573         memcpy(session->aead_key.data, aead_xform->key.data,
2574                aead_xform->key.length);
2575
2576         session->digest_length = aead_xform->digest_length;
2577         session->aead_key.length = aead_xform->key.length;
2578
2579         switch (aead_xform->algo) {
2580         case RTE_CRYPTO_AEAD_AES_GCM:
2581                 switch (session->digest_length) {
2582                 case 8:
2583                         session->aead_key.alg = OP_PCL_IPSEC_AES_GCM8;
2584                         break;
2585                 case 12:
2586                         session->aead_key.alg = OP_PCL_IPSEC_AES_GCM12;
2587                         break;
2588                 case 16:
2589                         session->aead_key.alg = OP_PCL_IPSEC_AES_GCM16;
2590                         break;
2591                 default:
2592                         DPAA_SEC_ERR("Crypto: Undefined GCM digest %d",
2593                                      session->digest_length);
2594                         return -EINVAL;
2595                 }
2596                 if (session->dir == DIR_ENC) {
2597                         memcpy(session->encap_pdb.gcm.salt,
2598                                 (uint8_t *)&(ipsec_xform->salt), 4);
2599                 } else {
2600                         memcpy(session->decap_pdb.gcm.salt,
2601                                 (uint8_t *)&(ipsec_xform->salt), 4);
2602                 }
2603                 session->aead_key.algmode = OP_ALG_AAI_GCM;
2604                 session->aead_alg = RTE_CRYPTO_AEAD_AES_GCM;
2605                 break;
2606         default:
2607                 DPAA_SEC_ERR("Crypto: Undefined AEAD specified %u",
2608                               aead_xform->algo);
2609                 return -ENOTSUP;
2610         }
2611         return 0;
2612 }
2613
2614 static int
2615 dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
2616         struct rte_crypto_auth_xform *auth_xform,
2617         struct rte_security_ipsec_xform *ipsec_xform,
2618         dpaa_sec_session *session)
2619 {
2620         if (cipher_xform) {
2621                 session->cipher_key.data = rte_zmalloc(NULL,
2622                                                        cipher_xform->key.length,
2623                                                        RTE_CACHE_LINE_SIZE);
2624                 if (session->cipher_key.data == NULL &&
2625                                 cipher_xform->key.length > 0) {
2626                         DPAA_SEC_ERR("No Memory for cipher key");
2627                         return -ENOMEM;
2628                 }
2629
2630                 session->cipher_key.length = cipher_xform->key.length;
2631                 memcpy(session->cipher_key.data, cipher_xform->key.data,
2632                                 cipher_xform->key.length);
2633                 session->cipher_alg = cipher_xform->algo;
2634         } else {
2635                 session->cipher_key.data = NULL;
2636                 session->cipher_key.length = 0;
2637                 session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
2638         }
2639
2640         if (auth_xform) {
2641                 session->auth_key.data = rte_zmalloc(NULL,
2642                                                 auth_xform->key.length,
2643                                                 RTE_CACHE_LINE_SIZE);
2644                 if (session->auth_key.data == NULL &&
2645                                 auth_xform->key.length > 0) {
2646                         DPAA_SEC_ERR("No Memory for auth key");
2647                         return -ENOMEM;
2648                 }
2649                 session->auth_key.length = auth_xform->key.length;
2650                 memcpy(session->auth_key.data, auth_xform->key.data,
2651                                 auth_xform->key.length);
2652                 session->auth_alg = auth_xform->algo;
2653                 session->digest_length = auth_xform->digest_length;
2654         } else {
2655                 session->auth_key.data = NULL;
2656                 session->auth_key.length = 0;
2657                 session->auth_alg = RTE_CRYPTO_AUTH_NULL;
2658         }
2659
2660         switch (session->auth_alg) {
2661         case RTE_CRYPTO_AUTH_SHA1_HMAC:
2662                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96;
2663                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2664                 break;
2665         case RTE_CRYPTO_AUTH_MD5_HMAC:
2666                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96;
2667                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2668                 break;
2669         case RTE_CRYPTO_AUTH_SHA256_HMAC:
2670                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
2671                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2672                 if (session->digest_length != 16)
2673                         DPAA_SEC_WARN(
2674                         "+++Using sha256-hmac truncated len is non-standard,"
2675                         "it will not work with lookaside proto");
2676                 break;
2677         case RTE_CRYPTO_AUTH_SHA384_HMAC:
2678                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;
2679                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2680                 break;
2681         case RTE_CRYPTO_AUTH_SHA512_HMAC:
2682                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256;
2683                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2684                 break;
2685         case RTE_CRYPTO_AUTH_AES_CMAC:
2686                 session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
2687                 break;
2688         case RTE_CRYPTO_AUTH_NULL:
2689                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
2690                 break;
2691         case RTE_CRYPTO_AUTH_SHA224_HMAC:
2692         case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
2693         case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
2694         case RTE_CRYPTO_AUTH_SHA1:
2695         case RTE_CRYPTO_AUTH_SHA256:
2696         case RTE_CRYPTO_AUTH_SHA512:
2697         case RTE_CRYPTO_AUTH_SHA224:
2698         case RTE_CRYPTO_AUTH_SHA384:
2699         case RTE_CRYPTO_AUTH_MD5:
2700         case RTE_CRYPTO_AUTH_AES_GMAC:
2701         case RTE_CRYPTO_AUTH_KASUMI_F9:
2702         case RTE_CRYPTO_AUTH_AES_CBC_MAC:
2703         case RTE_CRYPTO_AUTH_ZUC_EIA3:
2704                 DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
2705                               session->auth_alg);
2706                 return -ENOTSUP;
2707         default:
2708                 DPAA_SEC_ERR("Crypto: Undefined Auth specified %u",
2709                               session->auth_alg);
2710                 return -ENOTSUP;
2711         }
2712
2713         switch (session->cipher_alg) {
2714         case RTE_CRYPTO_CIPHER_AES_CBC:
2715                 session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
2716                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2717                 break;
2718         case RTE_CRYPTO_CIPHER_DES_CBC:
2719                 session->cipher_key.alg = OP_PCL_IPSEC_DES;
2720                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2721                 break;
2722         case RTE_CRYPTO_CIPHER_3DES_CBC:
2723                 session->cipher_key.alg = OP_PCL_IPSEC_3DES;
2724                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2725                 break;
2726         case RTE_CRYPTO_CIPHER_AES_CTR:
2727                 session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
2728                 session->cipher_key.algmode = OP_ALG_AAI_CTR;
2729                 if (session->dir == DIR_ENC) {
2730                         session->encap_pdb.ctr.ctr_initial = 0x00000001;
2731                         session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
2732                 } else {
2733                         session->decap_pdb.ctr.ctr_initial = 0x00000001;
2734                         session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
2735                 }
2736                 break;
2737         case RTE_CRYPTO_CIPHER_NULL:
2738                 session->cipher_key.alg = OP_PCL_IPSEC_NULL;
2739                 break;
2740         case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
2741         case RTE_CRYPTO_CIPHER_ZUC_EEA3:
2742         case RTE_CRYPTO_CIPHER_3DES_ECB:
2743         case RTE_CRYPTO_CIPHER_AES_ECB:
2744         case RTE_CRYPTO_CIPHER_KASUMI_F8:
2745                 DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
2746                               session->cipher_alg);
2747                 return -ENOTSUP;
2748         default:
2749                 DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2750                               session->cipher_alg);
2751                 return -ENOTSUP;
2752         }
2753
2754         return 0;
2755 }
2756
2757 static int
2758 dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
2759                            struct rte_security_session_conf *conf,
2760                            void *sess)
2761 {
2762         struct dpaa_sec_dev_private *internals = dev->data->dev_private;
2763         struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
2764         struct rte_crypto_auth_xform *auth_xform = NULL;
2765         struct rte_crypto_cipher_xform *cipher_xform = NULL;
2766         struct rte_crypto_aead_xform *aead_xform = NULL;
2767         dpaa_sec_session *session = (dpaa_sec_session *)sess;
2768         uint32_t i;
2769         int ret;
2770
2771         PMD_INIT_FUNC_TRACE();
2772
2773         memset(session, 0, sizeof(dpaa_sec_session));
2774         session->proto_alg = conf->protocol;
2775         session->ctxt = DPAA_SEC_IPSEC;
2776
2777         if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
2778                 session->dir = DIR_ENC;
2779         else
2780                 session->dir = DIR_DEC;
2781
2782         if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
2783                 cipher_xform = &conf->crypto_xform->cipher;
2784                 if (conf->crypto_xform->next)
2785                         auth_xform = &conf->crypto_xform->next->auth;
2786                 ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
2787                                         ipsec_xform, session);
2788         } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
2789                 auth_xform = &conf->crypto_xform->auth;
2790                 if (conf->crypto_xform->next)
2791                         cipher_xform = &conf->crypto_xform->next->cipher;
2792                 ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
2793                                         ipsec_xform, session);
2794         } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
2795                 aead_xform = &conf->crypto_xform->aead;
2796                 ret = dpaa_sec_ipsec_aead_init(aead_xform,
2797                                         ipsec_xform, session);
2798         } else {
2799                 DPAA_SEC_ERR("XFORM not specified");
2800                 ret = -EINVAL;
2801                 goto out;
2802         }
2803         if (ret) {
2804                 DPAA_SEC_ERR("Failed to process xform");
2805                 goto out;
2806         }
2807
2808         if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
2809                 if (ipsec_xform->tunnel.type ==
2810                                 RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
2811                         session->ip4_hdr.ip_v = IPVERSION;
2812                         session->ip4_hdr.ip_hl = 5;
2813                         session->ip4_hdr.ip_len = rte_cpu_to_be_16(
2814                                                 sizeof(session->ip4_hdr));
2815                         session->ip4_hdr.ip_tos = ipsec_xform->tunnel.ipv4.dscp;
2816                         session->ip4_hdr.ip_id = 0;
2817                         session->ip4_hdr.ip_off = 0;
2818                         session->ip4_hdr.ip_ttl = ipsec_xform->tunnel.ipv4.ttl;
2819                         session->ip4_hdr.ip_p = (ipsec_xform->proto ==
2820                                         RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
2821                                         IPPROTO_ESP : IPPROTO_AH;
2822                         session->ip4_hdr.ip_sum = 0;
2823                         session->ip4_hdr.ip_src =
2824                                         ipsec_xform->tunnel.ipv4.src_ip;
2825                         session->ip4_hdr.ip_dst =
2826                                         ipsec_xform->tunnel.ipv4.dst_ip;
2827                         session->ip4_hdr.ip_sum = calc_chksum((uint16_t *)
2828                                                 (void *)&session->ip4_hdr,
2829                                                 sizeof(struct ip));
2830                         session->encap_pdb.ip_hdr_len = sizeof(struct ip);
2831                 } else if (ipsec_xform->tunnel.type ==
2832                                 RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
2833                         session->ip6_hdr.vtc_flow = rte_cpu_to_be_32(
2834                                 DPAA_IPv6_DEFAULT_VTC_FLOW |
2835                                 ((ipsec_xform->tunnel.ipv6.dscp <<
2836                                         RTE_IPV6_HDR_TC_SHIFT) &
2837                                         RTE_IPV6_HDR_TC_MASK) |
2838                                 ((ipsec_xform->tunnel.ipv6.flabel <<
2839                                         RTE_IPV6_HDR_FL_SHIFT) &
2840                                         RTE_IPV6_HDR_FL_MASK));
2841                         /* Payload length will be updated by HW */
2842                         session->ip6_hdr.payload_len = 0;
2843                         session->ip6_hdr.hop_limits =
2844                                         ipsec_xform->tunnel.ipv6.hlimit;
2845                         session->ip6_hdr.proto = (ipsec_xform->proto ==
2846                                         RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
2847                                         IPPROTO_ESP : IPPROTO_AH;
2848                         memcpy(&session->ip6_hdr.src_addr,
2849                                         &ipsec_xform->tunnel.ipv6.src_addr, 16);
2850                         memcpy(&session->ip6_hdr.dst_addr,
2851                                         &ipsec_xform->tunnel.ipv6.dst_addr, 16);
2852                         session->encap_pdb.ip_hdr_len =
2853                                                 sizeof(struct rte_ipv6_hdr);
2854                 }
2855                 session->encap_pdb.options =
2856                         (IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
2857                         PDBOPTS_ESP_OIHI_PDB_INL |
2858                         PDBOPTS_ESP_IVSRC |
2859                         PDBHMO_ESP_ENCAP_DTTL |
2860                         PDBHMO_ESP_SNR;
2861                 if (ipsec_xform->options.esn)
2862                         session->encap_pdb.options |= PDBOPTS_ESP_ESN;
2863                 session->encap_pdb.spi = ipsec_xform->spi;
2864
2865         } else if (ipsec_xform->direction ==
2866                         RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
2867                 if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
2868                         session->decap_pdb.options = sizeof(struct ip) << 16;
2869                 else
2870                         session->decap_pdb.options =
2871                                         sizeof(struct rte_ipv6_hdr) << 16;
2872                 if (ipsec_xform->options.esn)
2873                         session->decap_pdb.options |= PDBOPTS_ESP_ESN;
2874                 if (ipsec_xform->replay_win_sz) {
2875                         uint32_t win_sz;
2876                         win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
2877
2878                         switch (win_sz) {
2879                         case 1:
2880                         case 2:
2881                         case 4:
2882                         case 8:
2883                         case 16:
2884                         case 32:
2885                                 session->decap_pdb.options |= PDBOPTS_ESP_ARS32;
2886                                 break;
2887                         case 64:
2888                                 session->decap_pdb.options |= PDBOPTS_ESP_ARS64;
2889                                 break;
2890                         default:
2891                                 session->decap_pdb.options |=
2892                                                         PDBOPTS_ESP_ARS128;
2893                         }
2894                 }
2895         } else
2896                 goto out;
2897         rte_spinlock_lock(&internals->lock);
2898         for (i = 0; i < MAX_DPAA_CORES; i++) {
2899                 session->inq[i] = dpaa_sec_attach_rxq(internals);
2900                 if (session->inq[i] == NULL) {
2901                         DPAA_SEC_ERR("unable to attach sec queue");
2902                         rte_spinlock_unlock(&internals->lock);
2903                         goto out;
2904                 }
2905         }
2906         rte_spinlock_unlock(&internals->lock);
2907
2908         return 0;
2909 out:
2910         free_session_data(session);
2911         return -1;
2912 }
2913
2914 static int
2915 dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
2916                           struct rte_security_session_conf *conf,
2917                           void *sess)
2918 {
2919         struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
2920         struct rte_crypto_sym_xform *xform = conf->crypto_xform;
2921         struct rte_crypto_auth_xform *auth_xform = NULL;
2922         struct rte_crypto_cipher_xform *cipher_xform = NULL;
2923         dpaa_sec_session *session = (dpaa_sec_session *)sess;
2924         struct dpaa_sec_dev_private *dev_priv = dev->data->dev_private;
2925         uint32_t i;
2926         int ret;
2927
2928         PMD_INIT_FUNC_TRACE();
2929
2930         memset(session, 0, sizeof(dpaa_sec_session));
2931
2932         /* find xfrm types */
2933         if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
2934                 cipher_xform = &xform->cipher;
2935                 if (xform->next != NULL)
2936                         auth_xform = &xform->next->auth;
2937         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
2938                 auth_xform = &xform->auth;
2939                 if (xform->next != NULL)
2940                         cipher_xform = &xform->next->cipher;
2941         } else {
2942                 DPAA_SEC_ERR("Invalid crypto type");
2943                 return -EINVAL;
2944         }
2945
2946         session->proto_alg = conf->protocol;
2947         session->ctxt = DPAA_SEC_PDCP;
2948
2949         if (cipher_xform) {
2950                 switch (cipher_xform->algo) {
2951                 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
2952                         session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW;
2953                         break;
2954                 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
2955                         session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC;
2956                         break;
2957                 case RTE_CRYPTO_CIPHER_AES_CTR:
2958                         session->cipher_key.alg = PDCP_CIPHER_TYPE_AES;
2959                         break;
2960                 case RTE_CRYPTO_CIPHER_NULL:
2961                         session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL;
2962                         break;
2963                 default:
2964                         DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2965                                       session->cipher_alg);
2966                         return -EINVAL;
2967                 }
2968
2969                 session->cipher_key.data = rte_zmalloc(NULL,
2970                                                cipher_xform->key.length,
2971                                                RTE_CACHE_LINE_SIZE);
2972                 if (session->cipher_key.data == NULL &&
2973                                 cipher_xform->key.length > 0) {
2974                         DPAA_SEC_ERR("No Memory for cipher key");
2975                         return -ENOMEM;
2976                 }
2977                 session->cipher_key.length = cipher_xform->key.length;
2978                 memcpy(session->cipher_key.data, cipher_xform->key.data,
2979                         cipher_xform->key.length);
2980                 session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
2981                                         DIR_ENC : DIR_DEC;
2982                 session->cipher_alg = cipher_xform->algo;
2983         } else {
2984                 session->cipher_key.data = NULL;
2985                 session->cipher_key.length = 0;
2986                 session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
2987                 session->dir = DIR_ENC;
2988         }
2989
2990         if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
2991                 if (pdcp_xform->sn_size != RTE_SECURITY_PDCP_SN_SIZE_5 &&
2992                     pdcp_xform->sn_size != RTE_SECURITY_PDCP_SN_SIZE_12) {
2993                         DPAA_SEC_ERR(
2994                                 "PDCP Seq Num size should be 5/12 bits for cmode");
2995                         ret = -EINVAL;
2996                         goto out;
2997                 }
2998         }
2999
3000         if (auth_xform) {
3001                 switch (auth_xform->algo) {
3002                 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
3003                         session->auth_key.alg = PDCP_AUTH_TYPE_SNOW;
3004                         break;
3005                 case RTE_CRYPTO_AUTH_ZUC_EIA3:
3006                         session->auth_key.alg = PDCP_AUTH_TYPE_ZUC;
3007                         break;
3008                 case RTE_CRYPTO_AUTH_AES_CMAC:
3009                         session->auth_key.alg = PDCP_AUTH_TYPE_AES;
3010                         break;
3011                 case RTE_CRYPTO_AUTH_NULL:
3012                         session->auth_key.alg = PDCP_AUTH_TYPE_NULL;
3013                         break;
3014                 default:
3015                         DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
3016                                       session->auth_alg);
3017                         rte_free(session->cipher_key.data);
3018                         return -EINVAL;
3019                 }
3020                 session->auth_key.data = rte_zmalloc(NULL,
3021                                                      auth_xform->key.length,
3022                                                      RTE_CACHE_LINE_SIZE);
3023                 if (!session->auth_key.data &&
3024                     auth_xform->key.length > 0) {
3025                         DPAA_SEC_ERR("No Memory for auth key");
3026                         rte_free(session->cipher_key.data);
3027                         return -ENOMEM;
3028                 }
3029                 session->auth_key.length = auth_xform->key.length;
3030                 memcpy(session->auth_key.data, auth_xform->key.data,
3031                        auth_xform->key.length);
3032                 session->auth_alg = auth_xform->algo;
3033         } else {
3034                 session->auth_key.data = NULL;
3035                 session->auth_key.length = 0;
3036                 session->auth_alg = 0;
3037         }
3038         session->pdcp.domain = pdcp_xform->domain;
3039         session->pdcp.bearer = pdcp_xform->bearer;
3040         session->pdcp.pkt_dir = pdcp_xform->pkt_dir;
3041         session->pdcp.sn_size = pdcp_xform->sn_size;
3042         session->pdcp.hfn = pdcp_xform->hfn;
3043         session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
3044         session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
3045         session->pdcp.sdap_enabled = pdcp_xform->sdap_enabled;
3046         if (cipher_xform)
3047                 session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
3048
3049         rte_spinlock_lock(&dev_priv->lock);
3050         for (i = 0; i < MAX_DPAA_CORES; i++) {
3051                 session->inq[i] = dpaa_sec_attach_rxq(dev_priv);
3052                 if (session->inq[i] == NULL) {
3053                         DPAA_SEC_ERR("unable to attach sec queue");
3054                         rte_spinlock_unlock(&dev_priv->lock);
3055                         ret = -EBUSY;
3056                         goto out;
3057                 }
3058         }
3059         rte_spinlock_unlock(&dev_priv->lock);
3060         return 0;
3061 out:
3062         rte_free(session->auth_key.data);
3063         rte_free(session->cipher_key.data);
3064         memset(session, 0, sizeof(dpaa_sec_session));
3065         return ret;
3066 }
3067
3068 static int
3069 dpaa_sec_security_session_create(void *dev,
3070                                  struct rte_security_session_conf *conf,
3071                                  struct rte_security_session *sess,
3072                                  struct rte_mempool *mempool)
3073 {
3074         void *sess_private_data;
3075         struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
3076         int ret;
3077
3078         if (rte_mempool_get(mempool, &sess_private_data)) {
3079                 DPAA_SEC_ERR("Couldn't get object from session mempool");
3080                 return -ENOMEM;
3081         }
3082
3083         switch (conf->protocol) {
3084         case RTE_SECURITY_PROTOCOL_IPSEC:
3085                 ret = dpaa_sec_set_ipsec_session(cdev, conf,
3086                                 sess_private_data);
3087                 break;
3088         case RTE_SECURITY_PROTOCOL_PDCP:
3089                 ret = dpaa_sec_set_pdcp_session(cdev, conf,
3090                                 sess_private_data);
3091                 break;
3092         case RTE_SECURITY_PROTOCOL_MACSEC:
3093                 return -ENOTSUP;
3094         default:
3095                 return -EINVAL;
3096         }
3097         if (ret != 0) {
3098                 DPAA_SEC_ERR("failed to configure session parameters");
3099                 /* Return session to mempool */
3100                 rte_mempool_put(mempool, sess_private_data);
3101                 return ret;
3102         }
3103
3104         set_sec_session_private_data(sess, sess_private_data);
3105
3106         return ret;
3107 }
3108
3109 /** Clear the memory of session so it doesn't leave key material behind */
3110 static int
3111 dpaa_sec_security_session_destroy(void *dev __rte_unused,
3112                 struct rte_security_session *sess)
3113 {
3114         PMD_INIT_FUNC_TRACE();
3115         void *sess_priv = get_sec_session_private_data(sess);
3116         dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
3117
3118         if (sess_priv) {
3119                 free_session_memory((struct rte_cryptodev *)dev, s);
3120                 set_sec_session_private_data(sess, NULL);
3121         }
3122         return 0;
3123 }
3124 #endif
3125 static int
3126 dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
3127                        struct rte_cryptodev_config *config __rte_unused)
3128 {
3129         PMD_INIT_FUNC_TRACE();
3130
3131         return 0;
3132 }
3133
3134 static int
3135 dpaa_sec_dev_start(struct rte_cryptodev *dev __rte_unused)
3136 {
3137         PMD_INIT_FUNC_TRACE();
3138         return 0;
3139 }
3140
3141 static void
3142 dpaa_sec_dev_stop(struct rte_cryptodev *dev __rte_unused)
3143 {
3144         PMD_INIT_FUNC_TRACE();
3145 }
3146
3147 static int
3148 dpaa_sec_dev_close(struct rte_cryptodev *dev)
3149 {
3150         PMD_INIT_FUNC_TRACE();
3151
3152         if (dev == NULL)
3153                 return -ENOMEM;
3154
3155         return 0;
3156 }
3157
3158 static void
3159 dpaa_sec_dev_infos_get(struct rte_cryptodev *dev,
3160                        struct rte_cryptodev_info *info)
3161 {
3162         struct dpaa_sec_dev_private *internals = dev->data->dev_private;
3163
3164         PMD_INIT_FUNC_TRACE();
3165         if (info != NULL) {
3166                 info->max_nb_queue_pairs = internals->max_nb_queue_pairs;
3167                 info->feature_flags = dev->feature_flags;
3168                 info->capabilities = dpaa_sec_capabilities;
3169                 info->sym.max_nb_sessions = internals->max_nb_sessions;
3170                 info->driver_id = cryptodev_driver_id;
3171         }
3172 }
3173
3174 static enum qman_cb_dqrr_result
3175 dpaa_sec_process_parallel_event(void *event,
3176                         struct qman_portal *qm __always_unused,
3177                         struct qman_fq *outq,
3178                         const struct qm_dqrr_entry *dqrr,
3179                         void **bufs)
3180 {
3181         const struct qm_fd *fd;
3182         struct dpaa_sec_job *job;
3183         struct dpaa_sec_op_ctx *ctx;
3184         struct rte_event *ev = (struct rte_event *)event;
3185
3186         fd = &dqrr->fd;
3187
3188         /* sg is embedded in an op ctx,
3189          * sg[0] is for output
3190          * sg[1] for input
3191          */
3192         job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
3193
3194         ctx = container_of(job, struct dpaa_sec_op_ctx, job);
3195         ctx->fd_status = fd->status;
3196         if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
3197                 struct qm_sg_entry *sg_out;
3198                 uint32_t len;
3199
3200                 sg_out = &job->sg[0];
3201                 hw_sg_to_cpu(sg_out);
3202                 len = sg_out->length;
3203                 ctx->op->sym->m_src->pkt_len = len;
3204                 ctx->op->sym->m_src->data_len = len;
3205         }
3206         if (!ctx->fd_status) {
3207                 ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
3208         } else {
3209                 DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status);
3210                 ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR;
3211         }
3212         ev->event_ptr = (void *)ctx->op;
3213
3214         ev->flow_id = outq->ev.flow_id;
3215         ev->sub_event_type = outq->ev.sub_event_type;
3216         ev->event_type = RTE_EVENT_TYPE_CRYPTODEV;
3217         ev->op = RTE_EVENT_OP_NEW;
3218         ev->sched_type = outq->ev.sched_type;
3219         ev->queue_id = outq->ev.queue_id;
3220         ev->priority = outq->ev.priority;
3221         *bufs = (void *)ctx->op;
3222
3223         rte_mempool_put(ctx->ctx_pool, (void *)ctx);
3224
3225         return qman_cb_dqrr_consume;
3226 }
3227
3228 static enum qman_cb_dqrr_result
3229 dpaa_sec_process_atomic_event(void *event,
3230                         struct qman_portal *qm __rte_unused,
3231                         struct qman_fq *outq,
3232                         const struct qm_dqrr_entry *dqrr,
3233                         void **bufs)
3234 {
3235         u8 index;
3236         const struct qm_fd *fd;
3237         struct dpaa_sec_job *job;
3238         struct dpaa_sec_op_ctx *ctx;
3239         struct rte_event *ev = (struct rte_event *)event;
3240
3241         fd = &dqrr->fd;
3242
3243         /* sg is embedded in an op ctx,
3244          * sg[0] is for output
3245          * sg[1] for input
3246          */
3247         job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
3248
3249         ctx = container_of(job, struct dpaa_sec_op_ctx, job);
3250         ctx->fd_status = fd->status;
3251         if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
3252                 struct qm_sg_entry *sg_out;
3253                 uint32_t len;
3254
3255                 sg_out = &job->sg[0];
3256                 hw_sg_to_cpu(sg_out);
3257                 len = sg_out->length;
3258                 ctx->op->sym->m_src->pkt_len = len;
3259                 ctx->op->sym->m_src->data_len = len;
3260         }
3261         if (!ctx->fd_status) {
3262                 ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
3263         } else {
3264                 DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status);
3265                 ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR;
3266         }
3267         ev->event_ptr = (void *)ctx->op;
3268         ev->flow_id = outq->ev.flow_id;
3269         ev->sub_event_type = outq->ev.sub_event_type;
3270         ev->event_type = RTE_EVENT_TYPE_CRYPTODEV;
3271         ev->op = RTE_EVENT_OP_NEW;
3272         ev->sched_type = outq->ev.sched_type;
3273         ev->queue_id = outq->ev.queue_id;
3274         ev->priority = outq->ev.priority;
3275
3276         /* Save active dqrr entries */
3277         index = ((uintptr_t)dqrr >> 6) & (16/*QM_DQRR_SIZE*/ - 1);
3278         DPAA_PER_LCORE_DQRR_SIZE++;
3279         DPAA_PER_LCORE_DQRR_HELD |= 1 << index;
3280         DPAA_PER_LCORE_DQRR_MBUF(index) = ctx->op->sym->m_src;
3281         ev->impl_opaque = index + 1;
3282         *dpaa_seqn(ctx->op->sym->m_src) = (uint32_t)index + 1;
3283         *bufs = (void *)ctx->op;
3284
3285         rte_mempool_put(ctx->ctx_pool, (void *)ctx);
3286
3287         return qman_cb_dqrr_defer;
3288 }
3289
3290 int
3291 dpaa_sec_eventq_attach(const struct rte_cryptodev *dev,
3292                 int qp_id,
3293                 uint16_t ch_id,
3294                 const struct rte_event *event)
3295 {
3296         struct dpaa_sec_qp *qp = dev->data->queue_pairs[qp_id];
3297         struct qm_mcc_initfq opts = {0};
3298
3299         int ret;
3300
3301         opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL |
3302                        QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB;
3303         opts.fqd.dest.channel = ch_id;
3304
3305         switch (event->sched_type) {
3306         case RTE_SCHED_TYPE_ATOMIC:
3307                 opts.fqd.fq_ctrl |= QM_FQCTRL_HOLDACTIVE;
3308                 /* Reset FQCTRL_AVOIDBLOCK bit as it is unnecessary
3309                  * configuration with HOLD_ACTIVE setting
3310                  */
3311                 opts.fqd.fq_ctrl &= (~QM_FQCTRL_AVOIDBLOCK);
3312                 qp->outq.cb.dqrr_dpdk_cb = dpaa_sec_process_atomic_event;
3313                 break;
3314         case RTE_SCHED_TYPE_ORDERED:
3315                 DPAA_SEC_ERR("Ordered queue schedule type is not supported\n");
3316                 return -ENOTSUP;
3317         default:
3318                 opts.fqd.fq_ctrl |= QM_FQCTRL_AVOIDBLOCK;
3319                 qp->outq.cb.dqrr_dpdk_cb = dpaa_sec_process_parallel_event;
3320                 break;
3321         }
3322
3323         ret = qman_init_fq(&qp->outq, QMAN_INITFQ_FLAG_SCHED, &opts);
3324         if (unlikely(ret)) {
3325                 DPAA_SEC_ERR("unable to init caam source fq!");
3326                 return ret;
3327         }
3328
3329         memcpy(&qp->outq.ev, event, sizeof(struct rte_event));
3330
3331         return 0;
3332 }
3333
3334 int
3335 dpaa_sec_eventq_detach(const struct rte_cryptodev *dev,
3336                         int qp_id)
3337 {
3338         struct qm_mcc_initfq opts = {0};
3339         int ret;
3340         struct dpaa_sec_qp *qp = dev->data->queue_pairs[qp_id];
3341
3342         opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL |
3343                        QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB;
3344         qp->outq.cb.dqrr = dqrr_out_fq_cb_rx;
3345         qp->outq.cb.ern  = ern_sec_fq_handler;
3346         qman_retire_fq(&qp->outq, NULL);
3347         qman_oos_fq(&qp->outq);
3348         ret = qman_init_fq(&qp->outq, 0, &opts);
3349         if (ret)
3350                 RTE_LOG(ERR, PMD, "Error in qman_init_fq: ret: %d\n", ret);
3351         qp->outq.cb.dqrr = NULL;
3352
3353         return ret;
3354 }
3355
3356 static struct rte_cryptodev_ops crypto_ops = {
3357         .dev_configure        = dpaa_sec_dev_configure,
3358         .dev_start            = dpaa_sec_dev_start,
3359         .dev_stop             = dpaa_sec_dev_stop,
3360         .dev_close            = dpaa_sec_dev_close,
3361         .dev_infos_get        = dpaa_sec_dev_infos_get,
3362         .queue_pair_setup     = dpaa_sec_queue_pair_setup,
3363         .queue_pair_release   = dpaa_sec_queue_pair_release,
3364         .sym_session_get_size     = dpaa_sec_sym_session_get_size,
3365         .sym_session_configure    = dpaa_sec_sym_session_configure,
3366         .sym_session_clear        = dpaa_sec_sym_session_clear
3367 };
3368
3369 #ifdef RTE_LIB_SECURITY
3370 static const struct rte_security_capability *
3371 dpaa_sec_capabilities_get(void *device __rte_unused)
3372 {
3373         return dpaa_sec_security_cap;
3374 }
3375
3376 static const struct rte_security_ops dpaa_sec_security_ops = {
3377         .session_create = dpaa_sec_security_session_create,
3378         .session_update = NULL,
3379         .session_stats_get = NULL,
3380         .session_destroy = dpaa_sec_security_session_destroy,
3381         .set_pkt_metadata = NULL,
3382         .capabilities_get = dpaa_sec_capabilities_get
3383 };
3384 #endif
3385 static int
3386 dpaa_sec_uninit(struct rte_cryptodev *dev)
3387 {
3388         struct dpaa_sec_dev_private *internals;
3389
3390         if (dev == NULL)
3391                 return -ENODEV;
3392
3393         internals = dev->data->dev_private;
3394         rte_free(dev->security_ctx);
3395
3396         rte_free(internals);
3397
3398         DPAA_SEC_INFO("Closing DPAA_SEC device %s on numa socket %u",
3399                       dev->data->name, rte_socket_id());
3400
3401         return 0;
3402 }
3403
3404 static int
3405 dpaa_sec_dev_init(struct rte_cryptodev *cryptodev)
3406 {
3407         struct dpaa_sec_dev_private *internals;
3408 #ifdef RTE_LIB_SECURITY
3409         struct rte_security_ctx *security_instance;
3410 #endif
3411         struct dpaa_sec_qp *qp;
3412         uint32_t i, flags;
3413         int ret;
3414
3415         PMD_INIT_FUNC_TRACE();
3416
3417         cryptodev->driver_id = cryptodev_driver_id;
3418         cryptodev->dev_ops = &crypto_ops;
3419
3420         cryptodev->enqueue_burst = dpaa_sec_enqueue_burst;
3421         cryptodev->dequeue_burst = dpaa_sec_dequeue_burst;
3422         cryptodev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
3423                         RTE_CRYPTODEV_FF_HW_ACCELERATED |
3424                         RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
3425                         RTE_CRYPTODEV_FF_SECURITY |
3426                         RTE_CRYPTODEV_FF_IN_PLACE_SGL |
3427                         RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
3428                         RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
3429                         RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
3430                         RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
3431
3432         internals = cryptodev->data->dev_private;
3433         internals->max_nb_queue_pairs = RTE_DPAA_MAX_NB_SEC_QPS;
3434         internals->max_nb_sessions = RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS;
3435
3436         /*
3437          * For secondary processes, we don't initialise any further as primary
3438          * has already done this work. Only check we don't need a different
3439          * RX function
3440          */
3441         if (rte_eal_process_type() != RTE_PROC_PRIMARY) {
3442                 DPAA_SEC_WARN("Device already init by primary process");
3443                 return 0;
3444         }
3445 #ifdef RTE_LIB_SECURITY
3446         /* Initialize security_ctx only for primary process*/
3447         security_instance = rte_malloc("rte_security_instances_ops",
3448                                 sizeof(struct rte_security_ctx), 0);
3449         if (security_instance == NULL)
3450                 return -ENOMEM;
3451         security_instance->device = (void *)cryptodev;
3452         security_instance->ops = &dpaa_sec_security_ops;
3453         security_instance->sess_cnt = 0;
3454         cryptodev->security_ctx = security_instance;
3455 #endif
3456         rte_spinlock_init(&internals->lock);
3457         for (i = 0; i < internals->max_nb_queue_pairs; i++) {
3458                 /* init qman fq for queue pair */
3459                 qp = &internals->qps[i];
3460                 ret = dpaa_sec_init_tx(&qp->outq);
3461                 if (ret) {
3462                         DPAA_SEC_ERR("config tx of queue pair  %d", i);
3463                         goto init_error;
3464                 }
3465         }
3466
3467         flags = QMAN_FQ_FLAG_LOCKED | QMAN_FQ_FLAG_DYNAMIC_FQID |
3468                 QMAN_FQ_FLAG_TO_DCPORTAL;
3469         for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
3470                 /* create rx qman fq for sessions*/
3471                 ret = qman_create_fq(0, flags, &internals->inq[i]);
3472                 if (unlikely(ret != 0)) {
3473                         DPAA_SEC_ERR("sec qman_create_fq failed");
3474                         goto init_error;
3475                 }
3476         }
3477
3478         RTE_LOG(INFO, PMD, "%s cryptodev init\n", cryptodev->data->name);
3479         return 0;
3480
3481 init_error:
3482         DPAA_SEC_ERR("driver %s: create failed\n", cryptodev->data->name);
3483
3484         rte_free(cryptodev->security_ctx);
3485         return -EFAULT;
3486 }
3487
3488 static int
3489 cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused,
3490                                 struct rte_dpaa_device *dpaa_dev)
3491 {
3492         struct rte_cryptodev *cryptodev;
3493         char cryptodev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
3494
3495         int retval;
3496
3497         snprintf(cryptodev_name, sizeof(cryptodev_name), "%s", dpaa_dev->name);
3498
3499         cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id());
3500         if (cryptodev == NULL)
3501                 return -ENOMEM;
3502
3503         if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
3504                 cryptodev->data->dev_private = rte_zmalloc_socket(
3505                                         "cryptodev private structure",
3506                                         sizeof(struct dpaa_sec_dev_private),
3507                                         RTE_CACHE_LINE_SIZE,
3508                                         rte_socket_id());
3509
3510                 if (cryptodev->data->dev_private == NULL)
3511                         rte_panic("Cannot allocate memzone for private "
3512                                         "device data");
3513         }
3514
3515         dpaa_dev->crypto_dev = cryptodev;
3516         cryptodev->device = &dpaa_dev->device;
3517
3518         /* init user callbacks */
3519         TAILQ_INIT(&(cryptodev->link_intr_cbs));
3520
3521         /* if sec device version is not configured */
3522         if (!rta_get_sec_era()) {
3523                 const struct device_node *caam_node;
3524
3525                 for_each_compatible_node(caam_node, NULL, "fsl,sec-v4.0") {
3526                         const uint32_t *prop = of_get_property(caam_node,
3527                                         "fsl,sec-era",
3528                                         NULL);
3529                         if (prop) {
3530                                 rta_set_sec_era(
3531                                         INTL_SEC_ERA(rte_cpu_to_be_32(*prop)));
3532                                 break;
3533                         }
3534                 }
3535         }
3536
3537         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
3538                 retval = rte_dpaa_portal_init((void *)1);
3539                 if (retval) {
3540                         DPAA_SEC_ERR("Unable to initialize portal");
3541                         goto out;
3542                 }
3543         }
3544
3545         /* Invoke PMD device initialization function */
3546         retval = dpaa_sec_dev_init(cryptodev);
3547         if (retval == 0)
3548                 return 0;
3549
3550         retval = -ENXIO;
3551 out:
3552         /* In case of error, cleanup is done */
3553         if (rte_eal_process_type() == RTE_PROC_PRIMARY)
3554                 rte_free(cryptodev->data->dev_private);
3555
3556         rte_cryptodev_pmd_release_device(cryptodev);
3557
3558         return retval;
3559 }
3560
3561 static int
3562 cryptodev_dpaa_sec_remove(struct rte_dpaa_device *dpaa_dev)
3563 {
3564         struct rte_cryptodev *cryptodev;
3565         int ret;
3566
3567         cryptodev = dpaa_dev->crypto_dev;
3568         if (cryptodev == NULL)
3569                 return -ENODEV;
3570
3571         ret = dpaa_sec_uninit(cryptodev);
3572         if (ret)
3573                 return ret;
3574
3575         return rte_cryptodev_pmd_destroy(cryptodev);
3576 }
3577
3578 static struct rte_dpaa_driver rte_dpaa_sec_driver = {
3579         .drv_type = FSL_DPAA_CRYPTO,
3580         .driver = {
3581                 .name = "DPAA SEC PMD"
3582         },
3583         .probe = cryptodev_dpaa_sec_probe,
3584         .remove = cryptodev_dpaa_sec_remove,
3585 };
3586
3587 static struct cryptodev_driver dpaa_sec_crypto_drv;
3588
3589 RTE_PMD_REGISTER_DPAA(CRYPTODEV_NAME_DPAA_SEC_PMD, rte_dpaa_sec_driver);
3590 RTE_PMD_REGISTER_CRYPTO_DRIVER(dpaa_sec_crypto_drv, rte_dpaa_sec_driver.driver,
3591                 cryptodev_driver_id);
3592 RTE_LOG_REGISTER(dpaa_logtype_sec, pmd.crypto.dpaa, NOTICE);