drivers/crypto/dpaa_sec/dpaa_sec.c

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  *
   3  *   Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
   4  *   Copyright 2017-2019 NXP
   5  *
   6  */
   7
   8 #include <fcntl.h>
   9 #include <unistd.h>
  10 #include <sched.h>
  11 #include <net/if.h>
  12
  13 #include <rte_byteorder.h>
  14 #include <rte_common.h>
  15 #include <cryptodev_pmd.h>
  16 #include <rte_crypto.h>
  17 #include <rte_cryptodev.h>
  18 #ifdef RTE_LIB_SECURITY
  19 #include <rte_security_driver.h>
  20 #endif
  21 #include <rte_cycles.h>
  22 #include <rte_dev.h>
  23 #include <rte_ip.h>
  24 #include <rte_kvargs.h>
  25 #include <rte_malloc.h>
  26 #include <rte_mbuf.h>
  27 #include <rte_memcpy.h>
  28 #include <rte_string_fns.h>
  29 #include <rte_spinlock.h>
  30
  31 #include <fsl_usd.h>
  32 #include <fsl_qman.h>
  33 #include <dpaa_of.h>
  34
  35 /* RTA header files */
  36 #include <desc/common.h>
  37 #include <desc/algo.h>
  38 #include <desc/ipsec.h>
  39 #include <desc/pdcp.h>
  40 #include <desc/sdap.h>
  41
  42 #include <rte_dpaa_bus.h>
  43 #include <dpaa_sec.h>
  44 #include <dpaa_sec_event.h>
  45 #include <dpaa_sec_log.h>
  46 #include <dpaax_iova_table.h>
  47
  48 static uint8_t cryptodev_driver_id;
  49
  50 static int
  51 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess);
  52
  53 static inline void
  54 dpaa_sec_op_ending(struct dpaa_sec_op_ctx *ctx)
  55 {
  56         if (!ctx->fd_status) {
  57                 ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
  58         } else {
  59                 DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status);
  60                 ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR;
  61         }
  62 }
  63
  64 static inline struct dpaa_sec_op_ctx *
  65 dpaa_sec_alloc_ctx(dpaa_sec_session *ses, int sg_count)
  66 {
  67         struct dpaa_sec_op_ctx *ctx;
  68         int i, retval;
  69
  70         retval = rte_mempool_get(
  71                         ses->qp[rte_lcore_id() % MAX_DPAA_CORES]->ctx_pool,
  72                         (void **)(&ctx));
  73         if (!ctx || retval) {
  74                 DPAA_SEC_DP_WARN("Alloc sec descriptor failed!");
  75                 return NULL;
  76         }
  77         /*
  78          * Clear SG memory. There are 16 SG entries of 16 Bytes each.
  79          * one call to dcbz_64() clear 64 bytes, hence calling it 4 times
  80          * to clear all the SG entries. dpaa_sec_alloc_ctx() is called for
  81          * each packet, memset is costlier than dcbz_64().
  82          */
  83         for (i = 0; i < sg_count && i < MAX_JOB_SG_ENTRIES; i += 4)
  84                 dcbz_64(&ctx->job.sg[i]);
  85
  86         ctx->ctx_pool = ses->qp[rte_lcore_id() % MAX_DPAA_CORES]->ctx_pool;
  87         ctx->vtop_offset = (size_t) ctx - rte_mempool_virt2iova(ctx);
  88
  89         return ctx;
  90 }
  91
  92 static void
  93 ern_sec_fq_handler(struct qman_portal *qm __rte_unused,
  94                    struct qman_fq *fq,
  95                    const struct qm_mr_entry *msg)
  96 {
  97         DPAA_SEC_DP_ERR("sec fq %d error, RC = %x, seqnum = %x\n",
  98                         fq->fqid, msg->ern.rc, msg->ern.seqnum);
  99 }
 100
 101 /* initialize the queue with dest chan as caam chan so that
 102  * all the packets in this queue could be dispatched into caam
 103  */
 104 static int
 105 dpaa_sec_init_rx(struct qman_fq *fq_in, rte_iova_t hwdesc,
 106                  uint32_t fqid_out)
 107 {
 108         struct qm_mcc_initfq fq_opts;
 109         uint32_t flags;
 110         int ret = -1;
 111
 112         /* Clear FQ options */
 113         memset(&fq_opts, 0x00, sizeof(struct qm_mcc_initfq));
 114
 115         flags = QMAN_INITFQ_FLAG_SCHED;
 116         fq_opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_CONTEXTA |
 117                           QM_INITFQ_WE_CONTEXTB;
 118
 119         qm_fqd_context_a_set64(&fq_opts.fqd, hwdesc);
 120         fq_opts.fqd.context_b = fqid_out;
 121         fq_opts.fqd.dest.channel = dpaa_get_qm_channel_caam();
 122         fq_opts.fqd.dest.wq = 0;
 123
 124         fq_in->cb.ern  = ern_sec_fq_handler;
 125
 126         DPAA_SEC_DEBUG("in-%x out-%x", fq_in->fqid, fqid_out);
 127
 128         ret = qman_init_fq(fq_in, flags, &fq_opts);
 129         if (unlikely(ret != 0))
 130                 DPAA_SEC_ERR("qman_init_fq failed %d", ret);
 131
 132         return ret;
 133 }
 134
 135 /* something is put into in_fq and caam put the crypto result into out_fq */
 136 static enum qman_cb_dqrr_result
 137 dqrr_out_fq_cb_rx(struct qman_portal *qm __always_unused,
 138                   struct qman_fq *fq __always_unused,
 139                   const struct qm_dqrr_entry *dqrr)
 140 {
 141         const struct qm_fd *fd;
 142         struct dpaa_sec_job *job;
 143         struct dpaa_sec_op_ctx *ctx;
 144
 145         if (DPAA_PER_LCORE_DPAA_SEC_OP_NB >= DPAA_SEC_BURST)
 146                 return qman_cb_dqrr_defer;
 147
 148         if (!(dqrr->stat & QM_DQRR_STAT_FD_VALID))
 149                 return qman_cb_dqrr_consume;
 150
 151         fd = &dqrr->fd;
 152         /* sg is embedded in an op ctx,
 153          * sg[0] is for output
 154          * sg[1] for input
 155          */
 156         job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
 157
 158         ctx = container_of(job, struct dpaa_sec_op_ctx, job);
 159         ctx->fd_status = fd->status;
 160         if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 161                 struct qm_sg_entry *sg_out;
 162                 uint32_t len;
 163                 struct rte_mbuf *mbuf = (ctx->op->sym->m_dst == NULL) ?
 164                                 ctx->op->sym->m_src : ctx->op->sym->m_dst;
 165
 166                 sg_out = &job->sg[0];
 167                 hw_sg_to_cpu(sg_out);
 168                 len = sg_out->length;
 169                 mbuf->pkt_len = len;
 170                 while (mbuf->next != NULL) {
 171                         len -= mbuf->data_len;
 172                         mbuf = mbuf->next;
 173                 }
 174                 mbuf->data_len = len;
 175         }
 176         DPAA_PER_LCORE_RTE_CRYPTO_OP[DPAA_PER_LCORE_DPAA_SEC_OP_NB++] = ctx->op;
 177         dpaa_sec_op_ending(ctx);
 178
 179         return qman_cb_dqrr_consume;
 180 }
 181
 182 /* caam result is put into this queue */
 183 static int
 184 dpaa_sec_init_tx(struct qman_fq *fq)
 185 {
 186         int ret;
 187         struct qm_mcc_initfq opts;
 188         uint32_t flags;
 189
 190         flags = QMAN_FQ_FLAG_NO_ENQUEUE | QMAN_FQ_FLAG_LOCKED |
 191                 QMAN_FQ_FLAG_DYNAMIC_FQID;
 192
 193         ret = qman_create_fq(0, flags, fq);
 194         if (unlikely(ret)) {
 195                 DPAA_SEC_ERR("qman_create_fq failed");
 196                 return ret;
 197         }
 198
 199         memset(&opts, 0, sizeof(opts));
 200         opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL |
 201                        QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB;
 202
 203         /* opts.fqd.dest.channel = dpaa_sec_pool_chan; */
 204
 205         fq->cb.dqrr = dqrr_out_fq_cb_rx;
 206         fq->cb.ern  = ern_sec_fq_handler;
 207
 208         ret = qman_init_fq(fq, 0, &opts);
 209         if (unlikely(ret)) {
 210                 DPAA_SEC_ERR("unable to init caam source fq!");
 211                 return ret;
 212         }
 213
 214         return ret;
 215 }
 216
 217 static inline int is_aead(dpaa_sec_session *ses)
 218 {
 219         return ((ses->cipher_alg == 0) &&
 220                 (ses->auth_alg == 0) &&
 221                 (ses->aead_alg != 0));
 222 }
 223
 224 static inline int is_encode(dpaa_sec_session *ses)
 225 {
 226         return ses->dir == DIR_ENC;
 227 }
 228
 229 static inline int is_decode(dpaa_sec_session *ses)
 230 {
 231         return ses->dir == DIR_DEC;
 232 }
 233
 234 #ifdef RTE_LIB_SECURITY
 235 static int
 236 dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 237 {
 238         struct alginfo authdata = {0}, cipherdata = {0};
 239         struct sec_cdb *cdb = &ses->cdb;
 240         struct alginfo *p_authdata = NULL;
 241         int32_t shared_desc_len = 0;
 242 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 243         int swap = false;
 244 #else
 245         int swap = true;
 246 #endif
 247
 248         cipherdata.key = (size_t)ses->cipher_key.data;
 249         cipherdata.keylen = ses->cipher_key.length;
 250         cipherdata.key_enc_flags = 0;
 251         cipherdata.key_type = RTA_DATA_IMM;
 252         cipherdata.algtype = ses->cipher_key.alg;
 253         cipherdata.algmode = ses->cipher_key.algmode;
 254
 255         if (ses->auth_alg) {
 256                 authdata.key = (size_t)ses->auth_key.data;
 257                 authdata.keylen = ses->auth_key.length;
 258                 authdata.key_enc_flags = 0;
 259                 authdata.key_type = RTA_DATA_IMM;
 260                 authdata.algtype = ses->auth_key.alg;
 261                 authdata.algmode = ses->auth_key.algmode;
 262
 263                 p_authdata = &authdata;
 264         }
 265
 266         if (rta_inline_pdcp_query(authdata.algtype,
 267                                 cipherdata.algtype,
 268                                 ses->pdcp.sn_size,
 269                                 ses->pdcp.hfn_ovd)) {
 270                 cipherdata.key =
 271                         (size_t)rte_dpaa_mem_vtop((void *)
 272                                         (size_t)cipherdata.key);
 273                 cipherdata.key_type = RTA_DATA_PTR;
 274         }
 275
 276         if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 277                 if (ses->dir == DIR_ENC)
 278                         shared_desc_len = cnstr_shdsc_pdcp_c_plane_encap(
 279                                         cdb->sh_desc, 1, swap,
 280                                         ses->pdcp.hfn,
 281                                         ses->pdcp.sn_size,
 282                                         ses->pdcp.bearer,
 283                                         ses->pdcp.pkt_dir,
 284                                         ses->pdcp.hfn_threshold,
 285                                         &cipherdata, &authdata,
 286                                         0);
 287                 else if (ses->dir == DIR_DEC)
 288                         shared_desc_len = cnstr_shdsc_pdcp_c_plane_decap(
 289                                         cdb->sh_desc, 1, swap,
 290                                         ses->pdcp.hfn,
 291                                         ses->pdcp.sn_size,
 292                                         ses->pdcp.bearer,
 293                                         ses->pdcp.pkt_dir,
 294                                         ses->pdcp.hfn_threshold,
 295                                         &cipherdata, &authdata,
 296                                         0);
 297         } else {
 298                 if (ses->dir == DIR_ENC) {
 299                         if (ses->pdcp.sdap_enabled)
 300                                 shared_desc_len =
 301                                         cnstr_shdsc_pdcp_sdap_u_plane_encap(
 302                                                 cdb->sh_desc, 1, swap,
 303                                                 ses->pdcp.sn_size,
 304                                                 ses->pdcp.hfn,
 305                                                 ses->pdcp.bearer,
 306                                                 ses->pdcp.pkt_dir,
 307                                                 ses->pdcp.hfn_threshold,
 308                                                 &cipherdata, p_authdata, 0);
 309                         else
 310                                 shared_desc_len =
 311                                         cnstr_shdsc_pdcp_u_plane_encap(
 312                                                 cdb->sh_desc, 1, swap,
 313                                                 ses->pdcp.sn_size,
 314                                                 ses->pdcp.hfn,
 315                                                 ses->pdcp.bearer,
 316                                                 ses->pdcp.pkt_dir,
 317                                                 ses->pdcp.hfn_threshold,
 318                                                 &cipherdata, p_authdata, 0);
 319                 } else if (ses->dir == DIR_DEC) {
 320                         if (ses->pdcp.sdap_enabled)
 321                                 shared_desc_len =
 322                                         cnstr_shdsc_pdcp_sdap_u_plane_decap(
 323                                                 cdb->sh_desc, 1, swap,
 324                                                 ses->pdcp.sn_size,
 325                                                 ses->pdcp.hfn,
 326                                                 ses->pdcp.bearer,
 327                                                 ses->pdcp.pkt_dir,
 328                                                 ses->pdcp.hfn_threshold,
 329                                                 &cipherdata, p_authdata, 0);
 330                         else
 331                                 shared_desc_len =
 332                                         cnstr_shdsc_pdcp_u_plane_decap(
 333                                                 cdb->sh_desc, 1, swap,
 334                                                 ses->pdcp.sn_size,
 335                                                 ses->pdcp.hfn,
 336                                                 ses->pdcp.bearer,
 337                                                 ses->pdcp.pkt_dir,
 338                                                 ses->pdcp.hfn_threshold,
 339                                                 &cipherdata, p_authdata, 0);
 340                 }
 341         }
 342         return shared_desc_len;
 343 }
 344
 345 /* prepare ipsec proto command block of the session */
 346 static int
 347 dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
 348 {
 349         struct alginfo cipherdata = {0}, authdata = {0};
 350         struct sec_cdb *cdb = &ses->cdb;
 351         int32_t shared_desc_len = 0;
 352         int err;
 353 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 354         int swap = false;
 355 #else
 356         int swap = true;
 357 #endif
 358
 359         cipherdata.key = (size_t)ses->cipher_key.data;
 360         cipherdata.keylen = ses->cipher_key.length;
 361         cipherdata.key_enc_flags = 0;
 362         cipherdata.key_type = RTA_DATA_IMM;
 363         cipherdata.algtype = ses->cipher_key.alg;
 364         cipherdata.algmode = ses->cipher_key.algmode;
 365
 366         if (ses->auth_key.length) {
 367                 authdata.key = (size_t)ses->auth_key.data;
 368                 authdata.keylen = ses->auth_key.length;
 369                 authdata.key_enc_flags = 0;
 370                 authdata.key_type = RTA_DATA_IMM;
 371                 authdata.algtype = ses->auth_key.alg;
 372                 authdata.algmode = ses->auth_key.algmode;
 373         }
 374
 375         cdb->sh_desc[0] = cipherdata.keylen;
 376         cdb->sh_desc[1] = authdata.keylen;
 377         err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
 378                                DESC_JOB_IO_LEN,
 379                                (unsigned int *)cdb->sh_desc,
 380                                &cdb->sh_desc[2], 2);
 381
 382         if (err < 0) {
 383                 DPAA_SEC_ERR("Crypto: Incorrect key lengths");
 384                 return err;
 385         }
 386         if (cdb->sh_desc[2] & 1)
 387                 cipherdata.key_type = RTA_DATA_IMM;
 388         else {
 389                 cipherdata.key = (size_t)rte_dpaa_mem_vtop(
 390                                         (void *)(size_t)cipherdata.key);
 391                 cipherdata.key_type = RTA_DATA_PTR;
 392         }
 393         if (cdb->sh_desc[2] & (1<<1))
 394                 authdata.key_type = RTA_DATA_IMM;
 395         else {
 396                 authdata.key = (size_t)rte_dpaa_mem_vtop(
 397                                         (void *)(size_t)authdata.key);
 398                 authdata.key_type = RTA_DATA_PTR;
 399         }
 400
 401         cdb->sh_desc[0] = 0;
 402         cdb->sh_desc[1] = 0;
 403         cdb->sh_desc[2] = 0;
 404         if (ses->dir == DIR_ENC) {
 405                 shared_desc_len = cnstr_shdsc_ipsec_new_encap(
 406                                 cdb->sh_desc,
 407                                 true, swap, SHR_SERIAL,
 408                                 &ses->encap_pdb,
 409                                 (uint8_t *)&ses->ip4_hdr,
 410                                 &cipherdata, &authdata);
 411         } else if (ses->dir == DIR_DEC) {
 412                 shared_desc_len = cnstr_shdsc_ipsec_new_decap(
 413                                 cdb->sh_desc,
 414                                 true, swap, SHR_SERIAL,
 415                                 &ses->decap_pdb,
 416                                 &cipherdata, &authdata);
 417         }
 418         return shared_desc_len;
 419 }
 420 #endif
 421 /* prepare command block of the session */
 422 static int
 423 dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 424 {
 425         struct alginfo alginfo_c = {0}, alginfo_a = {0}, alginfo = {0};
 426         int32_t shared_desc_len = 0;
 427         struct sec_cdb *cdb = &ses->cdb;
 428         int err;
 429 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 430         int swap = false;
 431 #else
 432         int swap = true;
 433 #endif
 434
 435         memset(cdb, 0, sizeof(struct sec_cdb));
 436
 437         switch (ses->ctxt) {
 438 #ifdef RTE_LIB_SECURITY
 439         case DPAA_SEC_IPSEC:
 440                 shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
 441                 break;
 442         case DPAA_SEC_PDCP:
 443                 shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses);
 444                 break;
 445 #endif
 446         case DPAA_SEC_CIPHER:
 447                 alginfo_c.key = (size_t)ses->cipher_key.data;
 448                 alginfo_c.keylen = ses->cipher_key.length;
 449                 alginfo_c.key_enc_flags = 0;
 450                 alginfo_c.key_type = RTA_DATA_IMM;
 451                 alginfo_c.algtype = ses->cipher_key.alg;
 452                 alginfo_c.algmode = ses->cipher_key.algmode;
 453
 454                 switch (ses->cipher_alg) {
 455                 case RTE_CRYPTO_CIPHER_AES_CBC:
 456                 case RTE_CRYPTO_CIPHER_3DES_CBC:
 457                 case RTE_CRYPTO_CIPHER_DES_CBC:
 458                 case RTE_CRYPTO_CIPHER_AES_CTR:
 459                 case RTE_CRYPTO_CIPHER_3DES_CTR:
 460                         shared_desc_len = cnstr_shdsc_blkcipher(
 461                                         cdb->sh_desc, true,
 462                                         swap, SHR_NEVER, &alginfo_c,
 463                                         ses->iv.length,
 464                                         ses->dir);
 465                         break;
 466                 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 467                         shared_desc_len = cnstr_shdsc_snow_f8(
 468                                         cdb->sh_desc, true, swap,
 469                                         &alginfo_c,
 470                                         ses->dir);
 471                         break;
 472                 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
 473                         shared_desc_len = cnstr_shdsc_zuce(
 474                                         cdb->sh_desc, true, swap,
 475                                         &alginfo_c,
 476                                         ses->dir);
 477                         break;
 478                 default:
 479                         DPAA_SEC_ERR("unsupported cipher alg %d",
 480                                      ses->cipher_alg);
 481                         return -ENOTSUP;
 482                 }
 483                 break;
 484         case DPAA_SEC_AUTH:
 485                 alginfo_a.key = (size_t)ses->auth_key.data;
 486                 alginfo_a.keylen = ses->auth_key.length;
 487                 alginfo_a.key_enc_flags = 0;
 488                 alginfo_a.key_type = RTA_DATA_IMM;
 489                 alginfo_a.algtype = ses->auth_key.alg;
 490                 alginfo_a.algmode = ses->auth_key.algmode;
 491                 switch (ses->auth_alg) {
 492                 case RTE_CRYPTO_AUTH_MD5:
 493                 case RTE_CRYPTO_AUTH_SHA1:
 494                 case RTE_CRYPTO_AUTH_SHA224:
 495                 case RTE_CRYPTO_AUTH_SHA256:
 496                 case RTE_CRYPTO_AUTH_SHA384:
 497                 case RTE_CRYPTO_AUTH_SHA512:
 498                         shared_desc_len = cnstr_shdsc_hash(
 499                                                 cdb->sh_desc, true,
 500                                                 swap, SHR_NEVER, &alginfo_a,
 501                                                 !ses->dir,
 502                                                 ses->digest_length);
 503                         break;
 504                 case RTE_CRYPTO_AUTH_MD5_HMAC:
 505                 case RTE_CRYPTO_AUTH_SHA1_HMAC:
 506                 case RTE_CRYPTO_AUTH_SHA224_HMAC:
 507                 case RTE_CRYPTO_AUTH_SHA256_HMAC:
 508                 case RTE_CRYPTO_AUTH_SHA384_HMAC:
 509                 case RTE_CRYPTO_AUTH_SHA512_HMAC:
 510                         shared_desc_len = cnstr_shdsc_hmac(
 511                                                 cdb->sh_desc, true,
 512                                                 swap, SHR_NEVER, &alginfo_a,
 513                                                 !ses->dir,
 514                                                 ses->digest_length);
 515                         break;
 516                 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 517                         shared_desc_len = cnstr_shdsc_snow_f9(
 518                                                 cdb->sh_desc, true, swap,
 519                                                 &alginfo_a,
 520                                                 !ses->dir,
 521                                                 ses->digest_length);
 522                         break;
 523                 case RTE_CRYPTO_AUTH_ZUC_EIA3:
 524                         shared_desc_len = cnstr_shdsc_zuca(
 525                                                 cdb->sh_desc, true, swap,
 526                                                 &alginfo_a,
 527                                                 !ses->dir,
 528                                                 ses->digest_length);
 529                         break;
 530                 case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 531                         shared_desc_len = cnstr_shdsc_aes_mac(
 532                                                 cdb->sh_desc,
 533                                                 true, swap, SHR_NEVER,
 534                                                 &alginfo_a,
 535                                                 !ses->dir,
 536                                                 ses->digest_length);
 537                         break;
 538                 default:
 539                         DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
 540                 }
 541                 break;
 542         case DPAA_SEC_AEAD:
 543                 if (alginfo.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
 544                         DPAA_SEC_ERR("not supported aead alg");
 545                         return -ENOTSUP;
 546                 }
 547                 alginfo.key = (size_t)ses->aead_key.data;
 548                 alginfo.keylen = ses->aead_key.length;
 549                 alginfo.key_enc_flags = 0;
 550                 alginfo.key_type = RTA_DATA_IMM;
 551                 alginfo.algtype = ses->aead_key.alg;
 552                 alginfo.algmode = ses->aead_key.algmode;
 553
 554                 if (ses->dir == DIR_ENC)
 555                         shared_desc_len = cnstr_shdsc_gcm_encap(
 556                                         cdb->sh_desc, true, swap, SHR_NEVER,
 557                                         &alginfo,
 558                                         ses->iv.length,
 559                                         ses->digest_length);
 560                 else
 561                         shared_desc_len = cnstr_shdsc_gcm_decap(
 562                                         cdb->sh_desc, true, swap, SHR_NEVER,
 563                                         &alginfo,
 564                                         ses->iv.length,
 565                                         ses->digest_length);
 566                 break;
 567         case DPAA_SEC_CIPHER_HASH:
 568                 alginfo_c.key = (size_t)ses->cipher_key.data;
 569                 alginfo_c.keylen = ses->cipher_key.length;
 570                 alginfo_c.key_enc_flags = 0;
 571                 alginfo_c.key_type = RTA_DATA_IMM;
 572                 alginfo_c.algtype = ses->cipher_key.alg;
 573                 alginfo_c.algmode = ses->cipher_key.algmode;
 574
 575                 alginfo_a.key = (size_t)ses->auth_key.data;
 576                 alginfo_a.keylen = ses->auth_key.length;
 577                 alginfo_a.key_enc_flags = 0;
 578                 alginfo_a.key_type = RTA_DATA_IMM;
 579                 alginfo_a.algtype = ses->auth_key.alg;
 580                 alginfo_a.algmode = ses->auth_key.algmode;
 581
 582                 cdb->sh_desc[0] = alginfo_c.keylen;
 583                 cdb->sh_desc[1] = alginfo_a.keylen;
 584                 err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
 585                                        DESC_JOB_IO_LEN,
 586                                        (unsigned int *)cdb->sh_desc,
 587                                        &cdb->sh_desc[2], 2);
 588
 589                 if (err < 0) {
 590                         DPAA_SEC_ERR("Crypto: Incorrect key lengths");
 591                         return err;
 592                 }
 593                 if (cdb->sh_desc[2] & 1)
 594                         alginfo_c.key_type = RTA_DATA_IMM;
 595                 else {
 596                         alginfo_c.key = (size_t)rte_dpaa_mem_vtop(
 597                                                 (void *)(size_t)alginfo_c.key);
 598                         alginfo_c.key_type = RTA_DATA_PTR;
 599                 }
 600                 if (cdb->sh_desc[2] & (1<<1))
 601                         alginfo_a.key_type = RTA_DATA_IMM;
 602                 else {
 603                         alginfo_a.key = (size_t)rte_dpaa_mem_vtop(
 604                                                 (void *)(size_t)alginfo_a.key);
 605                         alginfo_a.key_type = RTA_DATA_PTR;
 606                 }
 607                 cdb->sh_desc[0] = 0;
 608                 cdb->sh_desc[1] = 0;
 609                 cdb->sh_desc[2] = 0;
 610                 /* Auth_only_len is set as 0 here and it will be
 611                  * overwritten in fd for each packet.
 612                  */
 613                 shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,
 614                                 true, swap, SHR_SERIAL, &alginfo_c, &alginfo_a,
 615                                 ses->iv.length,
 616                                 ses->digest_length, ses->dir);
 617                 break;
 618         case DPAA_SEC_HASH_CIPHER:
 619         default:
 620                 DPAA_SEC_ERR("error: Unsupported session");
 621                 return -ENOTSUP;
 622         }
 623
 624         if (shared_desc_len < 0) {
 625                 DPAA_SEC_ERR("error in preparing command block");
 626                 return shared_desc_len;
 627         }
 628
 629         cdb->sh_hdr.hi.field.idlen = shared_desc_len;
 630         cdb->sh_hdr.hi.word = rte_cpu_to_be_32(cdb->sh_hdr.hi.word);
 631         cdb->sh_hdr.lo.word = rte_cpu_to_be_32(cdb->sh_hdr.lo.word);
 632
 633         return 0;
 634 }
 635
 636 /* qp is lockless, should be accessed by only one thread */
 637 static int
 638 dpaa_sec_deq(struct dpaa_sec_qp *qp, struct rte_crypto_op **ops, int nb_ops)
 639 {
 640         struct qman_fq *fq;
 641         unsigned int pkts = 0;
 642         int num_rx_bufs, ret;
 643         struct qm_dqrr_entry *dq;
 644         uint32_t vdqcr_flags = 0;
 645
 646         fq = &qp->outq;
 647         /*
 648          * Until request for four buffers, we provide exact number of buffers.
 649          * Otherwise we do not set the QM_VDQCR_EXACT flag.
 650          * Not setting QM_VDQCR_EXACT flag can provide two more buffers than
 651          * requested, so we request two less in this case.
 652          */
 653         if (nb_ops < 4) {
 654                 vdqcr_flags = QM_VDQCR_EXACT;
 655                 num_rx_bufs = nb_ops;
 656         } else {
 657                 num_rx_bufs = nb_ops > DPAA_MAX_DEQUEUE_NUM_FRAMES ?
 658                         (DPAA_MAX_DEQUEUE_NUM_FRAMES - 2) : (nb_ops - 2);
 659         }
 660         ret = qman_set_vdq(fq, num_rx_bufs, vdqcr_flags);
 661         if (ret)
 662                 return 0;
 663
 664         do {
 665                 const struct qm_fd *fd;
 666                 struct dpaa_sec_job *job;
 667                 struct dpaa_sec_op_ctx *ctx;
 668                 struct rte_crypto_op *op;
 669
 670                 dq = qman_dequeue(fq);
 671                 if (!dq)
 672                         continue;
 673
 674                 fd = &dq->fd;
 675                 /* sg is embedded in an op ctx,
 676                  * sg[0] is for output
 677                  * sg[1] for input
 678                  */
 679                 job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
 680
 681                 ctx = container_of(job, struct dpaa_sec_op_ctx, job);
 682                 ctx->fd_status = fd->status;
 683                 op = ctx->op;
 684                 if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 685                         struct qm_sg_entry *sg_out;
 686                         uint32_t len;
 687                         struct rte_mbuf *mbuf = (op->sym->m_dst == NULL) ?
 688                                                 op->sym->m_src : op->sym->m_dst;
 689
 690                         sg_out = &job->sg[0];
 691                         hw_sg_to_cpu(sg_out);
 692                         len = sg_out->length;
 693                         mbuf->pkt_len = len;
 694                         while (mbuf->next != NULL) {
 695                                 len -= mbuf->data_len;
 696                                 mbuf = mbuf->next;
 697                         }
 698                         mbuf->data_len = len;
 699                 }
 700                 if (!ctx->fd_status) {
 701                         op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 702                 } else {
 703                         DPAA_SEC_DP_WARN("SEC return err:0x%x", ctx->fd_status);
 704                         op->status = RTE_CRYPTO_OP_STATUS_ERROR;
 705                 }
 706                 ops[pkts++] = op;
 707
 708                 /* report op status to sym->op and then free the ctx memeory */
 709                 rte_mempool_put(ctx->ctx_pool, (void *)ctx);
 710
 711                 qman_dqrr_consume(fq, dq);
 712         } while (fq->flags & QMAN_FQ_STATE_VDQCR);
 713
 714         return pkts;
 715 }
 716
 717 static inline struct dpaa_sec_job *
 718 build_auth_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
 719 {
 720         struct rte_crypto_sym_op *sym = op->sym;
 721         struct rte_mbuf *mbuf = sym->m_src;
 722         struct dpaa_sec_job *cf;
 723         struct dpaa_sec_op_ctx *ctx;
 724         struct qm_sg_entry *sg, *out_sg, *in_sg;
 725         phys_addr_t start_addr;
 726         uint8_t *old_digest, extra_segs;
 727         int data_len, data_offset;
 728
 729         data_len = sym->auth.data.length;
 730         data_offset = sym->auth.data.offset;
 731
 732         if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
 733             ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 734                 if ((data_len & 7) || (data_offset & 7)) {
 735                         DPAA_SEC_ERR("AUTH: len/offset must be full bytes");
 736                         return NULL;
 737                 }
 738
 739                 data_len = data_len >> 3;
 740                 data_offset = data_offset >> 3;
 741         }
 742
 743         if (is_decode(ses))
 744                 extra_segs = 3;
 745         else
 746                 extra_segs = 2;
 747
 748         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
 749                 DPAA_SEC_DP_ERR("Auth: Max sec segs supported is %d",
 750                                 MAX_SG_ENTRIES);
 751                 return NULL;
 752         }
 753         ctx = dpaa_sec_alloc_ctx(ses, mbuf->nb_segs + extra_segs);
 754         if (!ctx)
 755                 return NULL;
 756
 757         cf = &ctx->job;
 758         ctx->op = op;
 759         old_digest = ctx->digest;
 760
 761         /* output */
 762         out_sg = &cf->sg[0];
 763         qm_sg_entry_set64(out_sg, sym->auth.digest.phys_addr);
 764         out_sg->length = ses->digest_length;
 765         cpu_to_hw_sg(out_sg);
 766
 767         /* input */
 768         in_sg = &cf->sg[1];
 769         /* need to extend the input to a compound frame */
 770         in_sg->extension = 1;
 771         in_sg->final = 1;
 772         in_sg->length = data_len;
 773         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
 774
 775         /* 1st seg */
 776         sg = in_sg + 1;
 777
 778         if (ses->iv.length) {
 779                 uint8_t *iv_ptr;
 780
 781                 iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 782                                                    ses->iv.offset);
 783
 784                 if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
 785                         iv_ptr = conv_to_snow_f9_iv(iv_ptr);
 786                         sg->length = 12;
 787                 } else if (ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 788                         iv_ptr = conv_to_zuc_eia_iv(iv_ptr);
 789                         sg->length = 8;
 790                 } else {
 791                         sg->length = ses->iv.length;
 792                 }
 793                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(iv_ptr));
 794                 in_sg->length += sg->length;
 795                 cpu_to_hw_sg(sg);
 796                 sg++;
 797         }
 798
 799         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 800         sg->offset = data_offset;
 801
 802         if (data_len <= (mbuf->data_len - data_offset)) {
 803                 sg->length = data_len;
 804         } else {
 805                 sg->length = mbuf->data_len - data_offset;
 806
 807                 /* remaining i/p segs */
 808                 while ((data_len = data_len - sg->length) &&
 809                        (mbuf = mbuf->next)) {
 810                         cpu_to_hw_sg(sg);
 811                         sg++;
 812                         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 813                         if (data_len > mbuf->data_len)
 814                                 sg->length = mbuf->data_len;
 815                         else
 816                                 sg->length = data_len;
 817                 }
 818         }
 819
 820         if (is_decode(ses)) {
 821                 /* Digest verification case */
 822                 cpu_to_hw_sg(sg);
 823                 sg++;
 824                 rte_memcpy(old_digest, sym->auth.digest.data,
 825                                 ses->digest_length);
 826                 start_addr = rte_dpaa_mem_vtop(old_digest);
 827                 qm_sg_entry_set64(sg, start_addr);
 828                 sg->length = ses->digest_length;
 829                 in_sg->length += ses->digest_length;
 830         }
 831         sg->final = 1;
 832         cpu_to_hw_sg(sg);
 833         cpu_to_hw_sg(in_sg);
 834
 835         return cf;
 836 }
 837
 838 /**
 839  * packet looks like:
 840  *              |<----data_len------->|
 841  *    |ip_header|ah_header|icv|payload|
 842  *              ^
 843  *              |
 844  *         mbuf->pkt.data
 845  */
 846 static inline struct dpaa_sec_job *
 847 build_auth_only(struct rte_crypto_op *op, dpaa_sec_session *ses)
 848 {
 849         struct rte_crypto_sym_op *sym = op->sym;
 850         struct rte_mbuf *mbuf = sym->m_src;
 851         struct dpaa_sec_job *cf;
 852         struct dpaa_sec_op_ctx *ctx;
 853         struct qm_sg_entry *sg, *in_sg;
 854         rte_iova_t start_addr;
 855         uint8_t *old_digest;
 856         int data_len, data_offset;
 857
 858         data_len = sym->auth.data.length;
 859         data_offset = sym->auth.data.offset;
 860
 861         if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2 ||
 862             ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 863                 if ((data_len & 7) || (data_offset & 7)) {
 864                         DPAA_SEC_ERR("AUTH: len/offset must be full bytes");
 865                         return NULL;
 866                 }
 867
 868                 data_len = data_len >> 3;
 869                 data_offset = data_offset >> 3;
 870         }
 871
 872         ctx = dpaa_sec_alloc_ctx(ses, 4);
 873         if (!ctx)
 874                 return NULL;
 875
 876         cf = &ctx->job;
 877         ctx->op = op;
 878         old_digest = ctx->digest;
 879
 880         start_addr = rte_pktmbuf_iova(mbuf);
 881         /* output */
 882         sg = &cf->sg[0];
 883         qm_sg_entry_set64(sg, sym->auth.digest.phys_addr);
 884         sg->length = ses->digest_length;
 885         cpu_to_hw_sg(sg);
 886
 887         /* input */
 888         in_sg = &cf->sg[1];
 889         /* need to extend the input to a compound frame */
 890         in_sg->extension = 1;
 891         in_sg->final = 1;
 892         in_sg->length = data_len;
 893         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
 894         sg = &cf->sg[2];
 895
 896         if (ses->iv.length) {
 897                 uint8_t *iv_ptr;
 898
 899                 iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 900                                                    ses->iv.offset);
 901
 902                 if (ses->auth_alg == RTE_CRYPTO_AUTH_SNOW3G_UIA2) {
 903                         iv_ptr = conv_to_snow_f9_iv(iv_ptr);
 904                         sg->length = 12;
 905                 } else if (ses->auth_alg == RTE_CRYPTO_AUTH_ZUC_EIA3) {
 906                         iv_ptr = conv_to_zuc_eia_iv(iv_ptr);
 907                         sg->length = 8;
 908                 } else {
 909                         sg->length = ses->iv.length;
 910                 }
 911                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(iv_ptr));
 912                 in_sg->length += sg->length;
 913                 cpu_to_hw_sg(sg);
 914                 sg++;
 915         }
 916
 917         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 918         sg->offset = data_offset;
 919         sg->length = data_len;
 920
 921         if (is_decode(ses)) {
 922                 /* Digest verification case */
 923                 cpu_to_hw_sg(sg);
 924                 /* hash result or digest, save digest first */
 925                 rte_memcpy(old_digest, sym->auth.digest.data,
 926                                 ses->digest_length);
 927                 /* let's check digest by hw */
 928                 start_addr = rte_dpaa_mem_vtop(old_digest);
 929                 sg++;
 930                 qm_sg_entry_set64(sg, start_addr);
 931                 sg->length = ses->digest_length;
 932                 in_sg->length += ses->digest_length;
 933         }
 934         sg->final = 1;
 935         cpu_to_hw_sg(sg);
 936         cpu_to_hw_sg(in_sg);
 937
 938         return cf;
 939 }
 940
 941 static inline struct dpaa_sec_job *
 942 build_cipher_only_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
 943 {
 944         struct rte_crypto_sym_op *sym = op->sym;
 945         struct dpaa_sec_job *cf;
 946         struct dpaa_sec_op_ctx *ctx;
 947         struct qm_sg_entry *sg, *out_sg, *in_sg;
 948         struct rte_mbuf *mbuf;
 949         uint8_t req_segs;
 950         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 951                         ses->iv.offset);
 952         int data_len, data_offset;
 953
 954         data_len = sym->cipher.data.length;
 955         data_offset = sym->cipher.data.offset;
 956
 957         if (ses->cipher_alg == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 958                 ses->cipher_alg == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
 959                 if ((data_len & 7) || (data_offset & 7)) {
 960                         DPAA_SEC_ERR("CIPHER: len/offset must be full bytes");
 961                         return NULL;
 962                 }
 963
 964                 data_len = data_len >> 3;
 965                 data_offset = data_offset >> 3;
 966         }
 967
 968         if (sym->m_dst) {
 969                 mbuf = sym->m_dst;
 970                 req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 3;
 971         } else {
 972                 mbuf = sym->m_src;
 973                 req_segs = mbuf->nb_segs * 2 + 3;
 974         }
 975         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
 976                 DPAA_SEC_DP_ERR("Cipher: Max sec segs supported is %d",
 977                                 MAX_SG_ENTRIES);
 978                 return NULL;
 979         }
 980
 981         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
 982         if (!ctx)
 983                 return NULL;
 984
 985         cf = &ctx->job;
 986         ctx->op = op;
 987
 988         /* output */
 989         out_sg = &cf->sg[0];
 990         out_sg->extension = 1;
 991         out_sg->length = data_len;
 992         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
 993         cpu_to_hw_sg(out_sg);
 994
 995         /* 1st seg */
 996         sg = &cf->sg[2];
 997         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
 998         sg->length = mbuf->data_len - data_offset;
 999         sg->offset = data_offset;
1000
1001         /* Successive segs */
1002         mbuf = mbuf->next;
1003         while (mbuf) {
1004                 cpu_to_hw_sg(sg);
1005                 sg++;
1006                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1007                 sg->length = mbuf->data_len;
1008                 mbuf = mbuf->next;
1009         }
1010         sg->final = 1;
1011         cpu_to_hw_sg(sg);
1012
1013         /* input */
1014         mbuf = sym->m_src;
1015         in_sg = &cf->sg[1];
1016         in_sg->extension = 1;
1017         in_sg->final = 1;
1018         in_sg->length = data_len + ses->iv.length;
1019
1020         sg++;
1021         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1022         cpu_to_hw_sg(in_sg);
1023
1024         /* IV */
1025         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1026         sg->length = ses->iv.length;
1027         cpu_to_hw_sg(sg);
1028
1029         /* 1st seg */
1030         sg++;
1031         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1032         sg->length = mbuf->data_len - data_offset;
1033         sg->offset = data_offset;
1034
1035         /* Successive segs */
1036         mbuf = mbuf->next;
1037         while (mbuf) {
1038                 cpu_to_hw_sg(sg);
1039                 sg++;
1040                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1041                 sg->length = mbuf->data_len;
1042                 mbuf = mbuf->next;
1043         }
1044         sg->final = 1;
1045         cpu_to_hw_sg(sg);
1046
1047         return cf;
1048 }
1049
1050 static inline struct dpaa_sec_job *
1051 build_cipher_only(struct rte_crypto_op *op, dpaa_sec_session *ses)
1052 {
1053         struct rte_crypto_sym_op *sym = op->sym;
1054         struct dpaa_sec_job *cf;
1055         struct dpaa_sec_op_ctx *ctx;
1056         struct qm_sg_entry *sg;
1057         rte_iova_t src_start_addr, dst_start_addr;
1058         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1059                         ses->iv.offset);
1060         int data_len, data_offset;
1061
1062         data_len = sym->cipher.data.length;
1063         data_offset = sym->cipher.data.offset;
1064
1065         if (ses->cipher_alg == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
1066                 ses->cipher_alg == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
1067                 if ((data_len & 7) || (data_offset & 7)) {
1068                         DPAA_SEC_ERR("CIPHER: len/offset must be full bytes");
1069                         return NULL;
1070                 }
1071
1072                 data_len = data_len >> 3;
1073                 data_offset = data_offset >> 3;
1074         }
1075
1076         ctx = dpaa_sec_alloc_ctx(ses, 4);
1077         if (!ctx)
1078                 return NULL;
1079
1080         cf = &ctx->job;
1081         ctx->op = op;
1082
1083         src_start_addr = rte_pktmbuf_iova(sym->m_src);
1084
1085         if (sym->m_dst)
1086                 dst_start_addr = rte_pktmbuf_iova(sym->m_dst);
1087         else
1088                 dst_start_addr = src_start_addr;
1089
1090         /* output */
1091         sg = &cf->sg[0];
1092         qm_sg_entry_set64(sg, dst_start_addr + data_offset);
1093         sg->length = data_len + ses->iv.length;
1094         cpu_to_hw_sg(sg);
1095
1096         /* input */
1097         sg = &cf->sg[1];
1098
1099         /* need to extend the input to a compound frame */
1100         sg->extension = 1;
1101         sg->final = 1;
1102         sg->length = data_len + ses->iv.length;
1103         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(&cf->sg[2]));
1104         cpu_to_hw_sg(sg);
1105
1106         sg = &cf->sg[2];
1107         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1108         sg->length = ses->iv.length;
1109         cpu_to_hw_sg(sg);
1110
1111         sg++;
1112         qm_sg_entry_set64(sg, src_start_addr + data_offset);
1113         sg->length = data_len;
1114         sg->final = 1;
1115         cpu_to_hw_sg(sg);
1116
1117         return cf;
1118 }
1119
1120 static inline struct dpaa_sec_job *
1121 build_cipher_auth_gcm_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
1122 {
1123         struct rte_crypto_sym_op *sym = op->sym;
1124         struct dpaa_sec_job *cf;
1125         struct dpaa_sec_op_ctx *ctx;
1126         struct qm_sg_entry *sg, *out_sg, *in_sg;
1127         struct rte_mbuf *mbuf;
1128         uint8_t req_segs;
1129         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1130                         ses->iv.offset);
1131
1132         if (sym->m_dst) {
1133                 mbuf = sym->m_dst;
1134                 req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 4;
1135         } else {
1136                 mbuf = sym->m_src;
1137                 req_segs = mbuf->nb_segs * 2 + 4;
1138         }
1139
1140         if (ses->auth_only_len)
1141                 req_segs++;
1142
1143         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
1144                 DPAA_SEC_DP_ERR("AEAD: Max sec segs supported is %d",
1145                                 MAX_SG_ENTRIES);
1146                 return NULL;
1147         }
1148
1149         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
1150         if (!ctx)
1151                 return NULL;
1152
1153         cf = &ctx->job;
1154         ctx->op = op;
1155
1156         rte_prefetch0(cf->sg);
1157
1158         /* output */
1159         out_sg = &cf->sg[0];
1160         out_sg->extension = 1;
1161         if (is_encode(ses))
1162                 out_sg->length = sym->aead.data.length + ses->digest_length;
1163         else
1164                 out_sg->length = sym->aead.data.length;
1165
1166         /* output sg entries */
1167         sg = &cf->sg[2];
1168         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(sg));
1169         cpu_to_hw_sg(out_sg);
1170
1171         /* 1st seg */
1172         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1173         sg->length = mbuf->data_len - sym->aead.data.offset;
1174         sg->offset = sym->aead.data.offset;
1175
1176         /* Successive segs */
1177         mbuf = mbuf->next;
1178         while (mbuf) {
1179                 cpu_to_hw_sg(sg);
1180                 sg++;
1181                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1182                 sg->length = mbuf->data_len;
1183                 mbuf = mbuf->next;
1184         }
1185         sg->length -= ses->digest_length;
1186
1187         if (is_encode(ses)) {
1188                 cpu_to_hw_sg(sg);
1189                 /* set auth output */
1190                 sg++;
1191                 qm_sg_entry_set64(sg, sym->aead.digest.phys_addr);
1192                 sg->length = ses->digest_length;
1193         }
1194         sg->final = 1;
1195         cpu_to_hw_sg(sg);
1196
1197         /* input */
1198         mbuf = sym->m_src;
1199         in_sg = &cf->sg[1];
1200         in_sg->extension = 1;
1201         in_sg->final = 1;
1202         if (is_encode(ses))
1203                 in_sg->length = ses->iv.length + sym->aead.data.length
1204                                                         + ses->auth_only_len;
1205         else
1206                 in_sg->length = ses->iv.length + sym->aead.data.length
1207                                 + ses->auth_only_len + ses->digest_length;
1208
1209         /* input sg entries */
1210         sg++;
1211         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1212         cpu_to_hw_sg(in_sg);
1213
1214         /* 1st seg IV */
1215         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1216         sg->length = ses->iv.length;
1217         cpu_to_hw_sg(sg);
1218
1219         /* 2nd seg auth only */
1220         if (ses->auth_only_len) {
1221                 sg++;
1222                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(sym->aead.aad.data));
1223                 sg->length = ses->auth_only_len;
1224                 cpu_to_hw_sg(sg);
1225         }
1226
1227         /* 3rd seg */
1228         sg++;
1229         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1230         sg->length = mbuf->data_len - sym->aead.data.offset;
1231         sg->offset = sym->aead.data.offset;
1232
1233         /* Successive segs */
1234         mbuf = mbuf->next;
1235         while (mbuf) {
1236                 cpu_to_hw_sg(sg);
1237                 sg++;
1238                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1239                 sg->length = mbuf->data_len;
1240                 mbuf = mbuf->next;
1241         }
1242
1243         if (is_decode(ses)) {
1244                 cpu_to_hw_sg(sg);
1245                 sg++;
1246                 memcpy(ctx->digest, sym->aead.digest.data,
1247                         ses->digest_length);
1248                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1249                 sg->length = ses->digest_length;
1250         }
1251         sg->final = 1;
1252         cpu_to_hw_sg(sg);
1253
1254         return cf;
1255 }
1256
1257 static inline struct dpaa_sec_job *
1258 build_cipher_auth_gcm(struct rte_crypto_op *op, dpaa_sec_session *ses)
1259 {
1260         struct rte_crypto_sym_op *sym = op->sym;
1261         struct dpaa_sec_job *cf;
1262         struct dpaa_sec_op_ctx *ctx;
1263         struct qm_sg_entry *sg;
1264         uint32_t length = 0;
1265         rte_iova_t src_start_addr, dst_start_addr;
1266         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1267                         ses->iv.offset);
1268
1269         src_start_addr = sym->m_src->buf_iova + sym->m_src->data_off;
1270
1271         if (sym->m_dst)
1272                 dst_start_addr = sym->m_dst->buf_iova + sym->m_dst->data_off;
1273         else
1274                 dst_start_addr = src_start_addr;
1275
1276         ctx = dpaa_sec_alloc_ctx(ses, 7);
1277         if (!ctx)
1278                 return NULL;
1279
1280         cf = &ctx->job;
1281         ctx->op = op;
1282
1283         /* input */
1284         rte_prefetch0(cf->sg);
1285         sg = &cf->sg[2];
1286         qm_sg_entry_set64(&cf->sg[1], rte_dpaa_mem_vtop(sg));
1287         if (is_encode(ses)) {
1288                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1289                 sg->length = ses->iv.length;
1290                 length += sg->length;
1291                 cpu_to_hw_sg(sg);
1292
1293                 sg++;
1294                 if (ses->auth_only_len) {
1295                         qm_sg_entry_set64(sg,
1296                                           rte_dpaa_mem_vtop(sym->aead.aad.data));
1297                         sg->length = ses->auth_only_len;
1298                         length += sg->length;
1299                         cpu_to_hw_sg(sg);
1300                         sg++;
1301                 }
1302                 qm_sg_entry_set64(sg, src_start_addr + sym->aead.data.offset);
1303                 sg->length = sym->aead.data.length;
1304                 length += sg->length;
1305                 sg->final = 1;
1306                 cpu_to_hw_sg(sg);
1307         } else {
1308                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1309                 sg->length = ses->iv.length;
1310                 length += sg->length;
1311                 cpu_to_hw_sg(sg);
1312
1313                 sg++;
1314                 if (ses->auth_only_len) {
1315                         qm_sg_entry_set64(sg,
1316                                           rte_dpaa_mem_vtop(sym->aead.aad.data));
1317                         sg->length = ses->auth_only_len;
1318                         length += sg->length;
1319                         cpu_to_hw_sg(sg);
1320                         sg++;
1321                 }
1322                 qm_sg_entry_set64(sg, src_start_addr + sym->aead.data.offset);
1323                 sg->length = sym->aead.data.length;
1324                 length += sg->length;
1325                 cpu_to_hw_sg(sg);
1326
1327                 memcpy(ctx->digest, sym->aead.digest.data,
1328                        ses->digest_length);
1329                 sg++;
1330
1331                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1332                 sg->length = ses->digest_length;
1333                 length += sg->length;
1334                 sg->final = 1;
1335                 cpu_to_hw_sg(sg);
1336         }
1337         /* input compound frame */
1338         cf->sg[1].length = length;
1339         cf->sg[1].extension = 1;
1340         cf->sg[1].final = 1;
1341         cpu_to_hw_sg(&cf->sg[1]);
1342
1343         /* output */
1344         sg++;
1345         qm_sg_entry_set64(&cf->sg[0], rte_dpaa_mem_vtop(sg));
1346         qm_sg_entry_set64(sg,
1347                 dst_start_addr + sym->aead.data.offset);
1348         sg->length = sym->aead.data.length;
1349         length = sg->length;
1350         if (is_encode(ses)) {
1351                 cpu_to_hw_sg(sg);
1352                 /* set auth output */
1353                 sg++;
1354                 qm_sg_entry_set64(sg, sym->aead.digest.phys_addr);
1355                 sg->length = ses->digest_length;
1356                 length += sg->length;
1357         }
1358         sg->final = 1;
1359         cpu_to_hw_sg(sg);
1360
1361         /* output compound frame */
1362         cf->sg[0].length = length;
1363         cf->sg[0].extension = 1;
1364         cpu_to_hw_sg(&cf->sg[0]);
1365
1366         return cf;
1367 }
1368
1369 static inline struct dpaa_sec_job *
1370 build_cipher_auth_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
1371 {
1372         struct rte_crypto_sym_op *sym = op->sym;
1373         struct dpaa_sec_job *cf;
1374         struct dpaa_sec_op_ctx *ctx;
1375         struct qm_sg_entry *sg, *out_sg, *in_sg;
1376         struct rte_mbuf *mbuf;
1377         uint8_t req_segs;
1378         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1379                         ses->iv.offset);
1380
1381         if (sym->m_dst) {
1382                 mbuf = sym->m_dst;
1383                 req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 4;
1384         } else {
1385                 mbuf = sym->m_src;
1386                 req_segs = mbuf->nb_segs * 2 + 4;
1387         }
1388
1389         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
1390                 DPAA_SEC_DP_ERR("Cipher-Auth: Max sec segs supported is %d",
1391                                 MAX_SG_ENTRIES);
1392                 return NULL;
1393         }
1394
1395         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
1396         if (!ctx)
1397                 return NULL;
1398
1399         cf = &ctx->job;
1400         ctx->op = op;
1401
1402         rte_prefetch0(cf->sg);
1403
1404         /* output */
1405         out_sg = &cf->sg[0];
1406         out_sg->extension = 1;
1407         if (is_encode(ses))
1408                 out_sg->length = sym->auth.data.length + ses->digest_length;
1409         else
1410                 out_sg->length = sym->auth.data.length;
1411
1412         /* output sg entries */
1413         sg = &cf->sg[2];
1414         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(sg));
1415         cpu_to_hw_sg(out_sg);
1416
1417         /* 1st seg */
1418         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1419         sg->length = mbuf->data_len - sym->auth.data.offset;
1420         sg->offset = sym->auth.data.offset;
1421
1422         /* Successive segs */
1423         mbuf = mbuf->next;
1424         while (mbuf) {
1425                 cpu_to_hw_sg(sg);
1426                 sg++;
1427                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1428                 sg->length = mbuf->data_len;
1429                 mbuf = mbuf->next;
1430         }
1431         sg->length -= ses->digest_length;
1432
1433         if (is_encode(ses)) {
1434                 cpu_to_hw_sg(sg);
1435                 /* set auth output */
1436                 sg++;
1437                 qm_sg_entry_set64(sg, sym->auth.digest.phys_addr);
1438                 sg->length = ses->digest_length;
1439         }
1440         sg->final = 1;
1441         cpu_to_hw_sg(sg);
1442
1443         /* input */
1444         mbuf = sym->m_src;
1445         in_sg = &cf->sg[1];
1446         in_sg->extension = 1;
1447         in_sg->final = 1;
1448         if (is_encode(ses))
1449                 in_sg->length = ses->iv.length + sym->auth.data.length;
1450         else
1451                 in_sg->length = ses->iv.length + sym->auth.data.length
1452                                                 + ses->digest_length;
1453
1454         /* input sg entries */
1455         sg++;
1456         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1457         cpu_to_hw_sg(in_sg);
1458
1459         /* 1st seg IV */
1460         qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1461         sg->length = ses->iv.length;
1462         cpu_to_hw_sg(sg);
1463
1464         /* 2nd seg */
1465         sg++;
1466         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1467         sg->length = mbuf->data_len - sym->auth.data.offset;
1468         sg->offset = sym->auth.data.offset;
1469
1470         /* Successive segs */
1471         mbuf = mbuf->next;
1472         while (mbuf) {
1473                 cpu_to_hw_sg(sg);
1474                 sg++;
1475                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1476                 sg->length = mbuf->data_len;
1477                 mbuf = mbuf->next;
1478         }
1479
1480         sg->length -= ses->digest_length;
1481         if (is_decode(ses)) {
1482                 cpu_to_hw_sg(sg);
1483                 sg++;
1484                 memcpy(ctx->digest, sym->auth.digest.data,
1485                         ses->digest_length);
1486                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1487                 sg->length = ses->digest_length;
1488         }
1489         sg->final = 1;
1490         cpu_to_hw_sg(sg);
1491
1492         return cf;
1493 }
1494
1495 static inline struct dpaa_sec_job *
1496 build_cipher_auth(struct rte_crypto_op *op, dpaa_sec_session *ses)
1497 {
1498         struct rte_crypto_sym_op *sym = op->sym;
1499         struct dpaa_sec_job *cf;
1500         struct dpaa_sec_op_ctx *ctx;
1501         struct qm_sg_entry *sg;
1502         rte_iova_t src_start_addr, dst_start_addr;
1503         uint32_t length = 0;
1504         uint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
1505                         ses->iv.offset);
1506
1507         src_start_addr = sym->m_src->buf_iova + sym->m_src->data_off;
1508         if (sym->m_dst)
1509                 dst_start_addr = sym->m_dst->buf_iova + sym->m_dst->data_off;
1510         else
1511                 dst_start_addr = src_start_addr;
1512
1513         ctx = dpaa_sec_alloc_ctx(ses, 7);
1514         if (!ctx)
1515                 return NULL;
1516
1517         cf = &ctx->job;
1518         ctx->op = op;
1519
1520         /* input */
1521         rte_prefetch0(cf->sg);
1522         sg = &cf->sg[2];
1523         qm_sg_entry_set64(&cf->sg[1], rte_dpaa_mem_vtop(sg));
1524         if (is_encode(ses)) {
1525                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1526                 sg->length = ses->iv.length;
1527                 length += sg->length;
1528                 cpu_to_hw_sg(sg);
1529
1530                 sg++;
1531                 qm_sg_entry_set64(sg, src_start_addr + sym->auth.data.offset);
1532                 sg->length = sym->auth.data.length;
1533                 length += sg->length;
1534                 sg->final = 1;
1535                 cpu_to_hw_sg(sg);
1536         } else {
1537                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(IV_ptr));
1538                 sg->length = ses->iv.length;
1539                 length += sg->length;
1540                 cpu_to_hw_sg(sg);
1541
1542                 sg++;
1543
1544                 qm_sg_entry_set64(sg, src_start_addr + sym->auth.data.offset);
1545                 sg->length = sym->auth.data.length;
1546                 length += sg->length;
1547                 cpu_to_hw_sg(sg);
1548
1549                 memcpy(ctx->digest, sym->auth.digest.data,
1550                        ses->digest_length);
1551                 sg++;
1552
1553                 qm_sg_entry_set64(sg, rte_dpaa_mem_vtop(ctx->digest));
1554                 sg->length = ses->digest_length;
1555                 length += sg->length;
1556                 sg->final = 1;
1557                 cpu_to_hw_sg(sg);
1558         }
1559         /* input compound frame */
1560         cf->sg[1].length = length;
1561         cf->sg[1].extension = 1;
1562         cf->sg[1].final = 1;
1563         cpu_to_hw_sg(&cf->sg[1]);
1564
1565         /* output */
1566         sg++;
1567         qm_sg_entry_set64(&cf->sg[0], rte_dpaa_mem_vtop(sg));
1568         qm_sg_entry_set64(sg, dst_start_addr + sym->cipher.data.offset);
1569         sg->length = sym->cipher.data.length;
1570         length = sg->length;
1571         if (is_encode(ses)) {
1572                 cpu_to_hw_sg(sg);
1573                 /* set auth output */
1574                 sg++;
1575                 qm_sg_entry_set64(sg, sym->auth.digest.phys_addr);
1576                 sg->length = ses->digest_length;
1577                 length += sg->length;
1578         }
1579         sg->final = 1;
1580         cpu_to_hw_sg(sg);
1581
1582         /* output compound frame */
1583         cf->sg[0].length = length;
1584         cf->sg[0].extension = 1;
1585         cpu_to_hw_sg(&cf->sg[0]);
1586
1587         return cf;
1588 }
1589
1590 #ifdef RTE_LIB_SECURITY
1591 static inline struct dpaa_sec_job *
1592 build_proto(struct rte_crypto_op *op, dpaa_sec_session *ses)
1593 {
1594         struct rte_crypto_sym_op *sym = op->sym;
1595         struct dpaa_sec_job *cf;
1596         struct dpaa_sec_op_ctx *ctx;
1597         struct qm_sg_entry *sg;
1598         phys_addr_t src_start_addr, dst_start_addr;
1599
1600         ctx = dpaa_sec_alloc_ctx(ses, 2);
1601         if (!ctx)
1602                 return NULL;
1603         cf = &ctx->job;
1604         ctx->op = op;
1605
1606         src_start_addr = rte_pktmbuf_iova(sym->m_src);
1607
1608         if (sym->m_dst)
1609                 dst_start_addr = rte_pktmbuf_iova(sym->m_dst);
1610         else
1611                 dst_start_addr = src_start_addr;
1612
1613         /* input */
1614         sg = &cf->sg[1];
1615         qm_sg_entry_set64(sg, src_start_addr);
1616         sg->length = sym->m_src->pkt_len;
1617         sg->final = 1;
1618         cpu_to_hw_sg(sg);
1619
1620         sym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK;
1621         /* output */
1622         sg = &cf->sg[0];
1623         qm_sg_entry_set64(sg, dst_start_addr);
1624         sg->length = sym->m_src->buf_len - sym->m_src->data_off;
1625         cpu_to_hw_sg(sg);
1626
1627         return cf;
1628 }
1629
1630 static inline struct dpaa_sec_job *
1631 build_proto_sg(struct rte_crypto_op *op, dpaa_sec_session *ses)
1632 {
1633         struct rte_crypto_sym_op *sym = op->sym;
1634         struct dpaa_sec_job *cf;
1635         struct dpaa_sec_op_ctx *ctx;
1636         struct qm_sg_entry *sg, *out_sg, *in_sg;
1637         struct rte_mbuf *mbuf;
1638         uint8_t req_segs;
1639         uint32_t in_len = 0, out_len = 0;
1640
1641         if (sym->m_dst)
1642                 mbuf = sym->m_dst;
1643         else
1644                 mbuf = sym->m_src;
1645
1646         req_segs = mbuf->nb_segs + sym->m_src->nb_segs + 2;
1647         if (mbuf->nb_segs > MAX_SG_ENTRIES) {
1648                 DPAA_SEC_DP_ERR("Proto: Max sec segs supported is %d",
1649                                 MAX_SG_ENTRIES);
1650                 return NULL;
1651         }
1652
1653         ctx = dpaa_sec_alloc_ctx(ses, req_segs);
1654         if (!ctx)
1655                 return NULL;
1656         cf = &ctx->job;
1657         ctx->op = op;
1658         /* output */
1659         out_sg = &cf->sg[0];
1660         out_sg->extension = 1;
1661         qm_sg_entry_set64(out_sg, rte_dpaa_mem_vtop(&cf->sg[2]));
1662
1663         /* 1st seg */
1664         sg = &cf->sg[2];
1665         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1666         sg->offset = 0;
1667
1668         /* Successive segs */
1669         while (mbuf->next) {
1670                 sg->length = mbuf->data_len;
1671                 out_len += sg->length;
1672                 mbuf = mbuf->next;
1673                 cpu_to_hw_sg(sg);
1674                 sg++;
1675                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1676                 sg->offset = 0;
1677         }
1678         sg->length = mbuf->buf_len - mbuf->data_off;
1679         out_len += sg->length;
1680         sg->final = 1;
1681         cpu_to_hw_sg(sg);
1682
1683         out_sg->length = out_len;
1684         cpu_to_hw_sg(out_sg);
1685
1686         /* input */
1687         mbuf = sym->m_src;
1688         in_sg = &cf->sg[1];
1689         in_sg->extension = 1;
1690         in_sg->final = 1;
1691         in_len = mbuf->data_len;
1692
1693         sg++;
1694         qm_sg_entry_set64(in_sg, rte_dpaa_mem_vtop(sg));
1695
1696         /* 1st seg */
1697         qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1698         sg->length = mbuf->data_len;
1699         sg->offset = 0;
1700
1701         /* Successive segs */
1702         mbuf = mbuf->next;
1703         while (mbuf) {
1704                 cpu_to_hw_sg(sg);
1705                 sg++;
1706                 qm_sg_entry_set64(sg, rte_pktmbuf_iova(mbuf));
1707                 sg->length = mbuf->data_len;
1708                 sg->offset = 0;
1709                 in_len += sg->length;
1710                 mbuf = mbuf->next;
1711         }
1712         sg->final = 1;
1713         cpu_to_hw_sg(sg);
1714
1715         in_sg->length = in_len;
1716         cpu_to_hw_sg(in_sg);
1717
1718         sym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK;
1719
1720         return cf;
1721 }
1722 #endif
1723
1724 static uint16_t
1725 dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
1726                        uint16_t nb_ops)
1727 {
1728         /* Function to transmit the frames to given device and queuepair */
1729         uint32_t loop;
1730         struct dpaa_sec_qp *dpaa_qp = (struct dpaa_sec_qp *)qp;
1731         uint16_t num_tx = 0;
1732         struct qm_fd fds[DPAA_SEC_BURST], *fd;
1733         uint32_t frames_to_send;
1734         struct rte_crypto_op *op;
1735         struct dpaa_sec_job *cf;
1736         dpaa_sec_session *ses;
1737         uint16_t auth_hdr_len, auth_tail_len;
1738         uint32_t index, flags[DPAA_SEC_BURST] = {0};
1739         struct qman_fq *inq[DPAA_SEC_BURST];
1740
1741         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
1742                 if (rte_dpaa_portal_init((void *)0)) {
1743                         DPAA_SEC_ERR("Failure in affining portal");
1744                         return 0;
1745                 }
1746         }
1747
1748         while (nb_ops) {
1749                 frames_to_send = (nb_ops > DPAA_SEC_BURST) ?
1750                                 DPAA_SEC_BURST : nb_ops;
1751                 for (loop = 0; loop < frames_to_send; loop++) {
1752                         op = *(ops++);
1753                         if (*dpaa_seqn(op->sym->m_src) != 0) {
1754                                 index = *dpaa_seqn(op->sym->m_src) - 1;
1755                                 if (DPAA_PER_LCORE_DQRR_HELD & (1 << index)) {
1756                                         /* QM_EQCR_DCA_IDXMASK = 0x0f */
1757                                         flags[loop] = ((index & 0x0f) << 8);
1758                                         flags[loop] |= QMAN_ENQUEUE_FLAG_DCA;
1759                                         DPAA_PER_LCORE_DQRR_SIZE--;
1760                                         DPAA_PER_LCORE_DQRR_HELD &=
1761                                                                 ~(1 << index);
1762                                 }
1763                         }
1764
1765                         switch (op->sess_type) {
1766                         case RTE_CRYPTO_OP_WITH_SESSION:
1767                                 ses = (dpaa_sec_session *)
1768                                         get_sym_session_private_data(
1769                                                         op->sym->session,
1770                                                         cryptodev_driver_id);
1771                                 break;
1772 #ifdef RTE_LIB_SECURITY
1773                         case RTE_CRYPTO_OP_SECURITY_SESSION:
1774                                 ses = (dpaa_sec_session *)
1775                                         get_sec_session_private_data(
1776                                                         op->sym->sec_session);
1777                                 break;
1778 #endif
1779                         default:
1780                                 DPAA_SEC_DP_ERR(
1781                                         "sessionless crypto op not supported");
1782                                 frames_to_send = loop;
1783                                 nb_ops = loop;
1784                                 goto send_pkts;
1785                         }
1786
1787                         if (!ses) {
1788                                 DPAA_SEC_DP_ERR("session not available");
1789                                 frames_to_send = loop;
1790                                 nb_ops = loop;
1791                                 goto send_pkts;
1792                         }
1793
1794                         if (unlikely(!ses->qp[rte_lcore_id() % MAX_DPAA_CORES])) {
1795                                 if (dpaa_sec_attach_sess_q(qp, ses)) {
1796                                         frames_to_send = loop;
1797                                         nb_ops = loop;
1798                                         goto send_pkts;
1799                                 }
1800                         } else if (unlikely(ses->qp[rte_lcore_id() %
1801                                                 MAX_DPAA_CORES] != qp)) {
1802                                 DPAA_SEC_DP_ERR("Old:sess->qp = %p"
1803                                         " New qp = %p\n",
1804                                         ses->qp[rte_lcore_id() %
1805                                         MAX_DPAA_CORES], qp);
1806                                 frames_to_send = loop;
1807                                 nb_ops = loop;
1808                                 goto send_pkts;
1809                         }
1810
1811                         auth_hdr_len = op->sym->auth.data.length -
1812                                                 op->sym->cipher.data.length;
1813                         auth_tail_len = 0;
1814
1815                         if (rte_pktmbuf_is_contiguous(op->sym->m_src) &&
1816                                   ((op->sym->m_dst == NULL) ||
1817                                    rte_pktmbuf_is_contiguous(op->sym->m_dst))) {
1818                                 switch (ses->ctxt) {
1819 #ifdef RTE_LIB_SECURITY
1820                                 case DPAA_SEC_PDCP:
1821                                 case DPAA_SEC_IPSEC:
1822                                         cf = build_proto(op, ses);
1823                                         break;
1824 #endif
1825                                 case DPAA_SEC_AUTH:
1826                                         cf = build_auth_only(op, ses);
1827                                         break;
1828                                 case DPAA_SEC_CIPHER:
1829                                         cf = build_cipher_only(op, ses);
1830                                         break;
1831                                 case DPAA_SEC_AEAD:
1832                                         cf = build_cipher_auth_gcm(op, ses);
1833                                         auth_hdr_len = ses->auth_only_len;
1834                                         break;
1835                                 case DPAA_SEC_CIPHER_HASH:
1836                                         auth_hdr_len =
1837                                                 op->sym->cipher.data.offset
1838                                                 - op->sym->auth.data.offset;
1839                                         auth_tail_len =
1840                                                 op->sym->auth.data.length
1841                                                 - op->sym->cipher.data.length
1842                                                 - auth_hdr_len;
1843                                         cf = build_cipher_auth(op, ses);
1844                                         break;
1845                                 default:
1846                                         DPAA_SEC_DP_ERR("not supported ops");
1847                                         frames_to_send = loop;
1848                                         nb_ops = loop;
1849                                         goto send_pkts;
1850                                 }
1851                         } else {
1852                                 switch (ses->ctxt) {
1853 #ifdef RTE_LIB_SECURITY
1854                                 case DPAA_SEC_PDCP:
1855                                 case DPAA_SEC_IPSEC:
1856                                         cf = build_proto_sg(op, ses);
1857                                         break;
1858 #endif
1859                                 case DPAA_SEC_AUTH:
1860                                         cf = build_auth_only_sg(op, ses);
1861                                         break;
1862                                 case DPAA_SEC_CIPHER:
1863                                         cf = build_cipher_only_sg(op, ses);
1864                                         break;
1865                                 case DPAA_SEC_AEAD:
1866                                         cf = build_cipher_auth_gcm_sg(op, ses);
1867                                         auth_hdr_len = ses->auth_only_len;
1868                                         break;
1869                                 case DPAA_SEC_CIPHER_HASH:
1870                                         auth_hdr_len =
1871                                                 op->sym->cipher.data.offset
1872                                                 - op->sym->auth.data.offset;
1873                                         auth_tail_len =
1874                                                 op->sym->auth.data.length
1875                                                 - op->sym->cipher.data.length
1876                                                 - auth_hdr_len;
1877                                         cf = build_cipher_auth_sg(op, ses);
1878                                         break;
1879                                 default:
1880                                         DPAA_SEC_DP_ERR("not supported ops");
1881                                         frames_to_send = loop;
1882                                         nb_ops = loop;
1883                                         goto send_pkts;
1884                                 }
1885                         }
1886                         if (unlikely(!cf)) {
1887                                 frames_to_send = loop;
1888                                 nb_ops = loop;
1889                                 goto send_pkts;
1890                         }
1891
1892                         fd = &fds[loop];
1893                         inq[loop] = ses->inq[rte_lcore_id() % MAX_DPAA_CORES];
1894                         fd->opaque_addr = 0;
1895                         fd->cmd = 0;
1896                         qm_fd_addr_set64(fd, rte_dpaa_mem_vtop(cf->sg));
1897                         fd->_format1 = qm_fd_compound;
1898                         fd->length29 = 2 * sizeof(struct qm_sg_entry);
1899
1900                         /* Auth_only_len is set as 0 in descriptor and it is
1901                          * overwritten here in the fd.cmd which will update
1902                          * the DPOVRD reg.
1903                          */
1904                         if (auth_hdr_len || auth_tail_len) {
1905                                 fd->cmd = 0x80000000;
1906                                 fd->cmd |=
1907                                         ((auth_tail_len << 16) | auth_hdr_len);
1908                         }
1909
1910 #ifdef RTE_LIB_SECURITY
1911                         /* In case of PDCP, per packet HFN is stored in
1912                          * mbuf priv after sym_op.
1913                          */
1914                         if ((ses->ctxt == DPAA_SEC_PDCP) && ses->pdcp.hfn_ovd) {
1915                                 fd->cmd = 0x80000000 |
1916                                         *((uint32_t *)((uint8_t *)op +
1917                                         ses->pdcp.hfn_ovd_offset));
1918                                 DPAA_SEC_DP_DEBUG("Per packet HFN: %x, ovd:%u\n",
1919                                         *((uint32_t *)((uint8_t *)op +
1920                                         ses->pdcp.hfn_ovd_offset)),
1921                                         ses->pdcp.hfn_ovd);
1922                         }
1923 #endif
1924                 }
1925 send_pkts:
1926                 loop = 0;
1927                 while (loop < frames_to_send) {
1928                         loop += qman_enqueue_multi_fq(&inq[loop], &fds[loop],
1929                                         &flags[loop], frames_to_send - loop);
1930                 }
1931                 nb_ops -= frames_to_send;
1932                 num_tx += frames_to_send;
1933         }
1934
1935         dpaa_qp->tx_pkts += num_tx;
1936         dpaa_qp->tx_errs += nb_ops - num_tx;
1937
1938         return num_tx;
1939 }
1940
1941 static uint16_t
1942 dpaa_sec_dequeue_burst(void *qp, struct rte_crypto_op **ops,
1943                        uint16_t nb_ops)
1944 {
1945         uint16_t num_rx;
1946         struct dpaa_sec_qp *dpaa_qp = (struct dpaa_sec_qp *)qp;
1947
1948         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
1949                 if (rte_dpaa_portal_init((void *)0)) {
1950                         DPAA_SEC_ERR("Failure in affining portal");
1951                         return 0;
1952                 }
1953         }
1954
1955         num_rx = dpaa_sec_deq(dpaa_qp, ops, nb_ops);
1956
1957         dpaa_qp->rx_pkts += num_rx;
1958         dpaa_qp->rx_errs += nb_ops - num_rx;
1959
1960         DPAA_SEC_DP_DEBUG("SEC Received %d Packets\n", num_rx);
1961
1962         return num_rx;
1963 }
1964
1965 /** Release queue pair */
1966 static int
1967 dpaa_sec_queue_pair_release(struct rte_cryptodev *dev,
1968                             uint16_t qp_id)
1969 {
1970         struct dpaa_sec_dev_private *internals;
1971         struct dpaa_sec_qp *qp = NULL;
1972
1973         PMD_INIT_FUNC_TRACE();
1974
1975         DPAA_SEC_DEBUG("dev =%p, queue =%d", dev, qp_id);
1976
1977         internals = dev->data->dev_private;
1978         if (qp_id >= internals->max_nb_queue_pairs) {
1979                 DPAA_SEC_ERR("Max supported qpid %d",
1980                              internals->max_nb_queue_pairs);
1981                 return -EINVAL;
1982         }
1983
1984         qp = &internals->qps[qp_id];
1985         rte_mempool_free(qp->ctx_pool);
1986         qp->internals = NULL;
1987         dev->data->queue_pairs[qp_id] = NULL;
1988
1989         return 0;
1990 }
1991
1992 /** Setup a queue pair */
1993 static int
1994 dpaa_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
1995                 __rte_unused const struct rte_cryptodev_qp_conf *qp_conf,
1996                 __rte_unused int socket_id)
1997 {
1998         struct dpaa_sec_dev_private *internals;
1999         struct dpaa_sec_qp *qp = NULL;
2000         char str[20];
2001
2002         DPAA_SEC_DEBUG("dev =%p, queue =%d, conf =%p", dev, qp_id, qp_conf);
2003
2004         internals = dev->data->dev_private;
2005         if (qp_id >= internals->max_nb_queue_pairs) {
2006                 DPAA_SEC_ERR("Max supported qpid %d",
2007                              internals->max_nb_queue_pairs);
2008                 return -EINVAL;
2009         }
2010
2011         qp = &internals->qps[qp_id];
2012         qp->internals = internals;
2013         snprintf(str, sizeof(str), "ctx_pool_d%d_qp%d",
2014                         dev->data->dev_id, qp_id);
2015         if (!qp->ctx_pool) {
2016                 qp->ctx_pool = rte_mempool_create((const char *)str,
2017                                                         CTX_POOL_NUM_BUFS,
2018                                                         CTX_POOL_BUF_SIZE,
2019                                                         CTX_POOL_CACHE_SIZE, 0,
2020                                                         NULL, NULL, NULL, NULL,
2021                                                         SOCKET_ID_ANY, 0);
2022                 if (!qp->ctx_pool) {
2023                         DPAA_SEC_ERR("%s create failed\n", str);
2024                         return -ENOMEM;
2025                 }
2026         } else
2027                 DPAA_SEC_INFO("mempool already created for dev_id : %d, qp: %d",
2028                                 dev->data->dev_id, qp_id);
2029         dev->data->queue_pairs[qp_id] = qp;
2030
2031         return 0;
2032 }
2033
2034 /** Returns the size of session structure */
2035 static unsigned int
2036 dpaa_sec_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
2037 {
2038         PMD_INIT_FUNC_TRACE();
2039
2040         return sizeof(dpaa_sec_session);
2041 }
2042
2043 static int
2044 dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
2045                      struct rte_crypto_sym_xform *xform,
2046                      dpaa_sec_session *session)
2047 {
2048         session->ctxt = DPAA_SEC_CIPHER;
2049         session->cipher_alg = xform->cipher.algo;
2050         session->iv.length = xform->cipher.iv.length;
2051         session->iv.offset = xform->cipher.iv.offset;
2052         session->cipher_key.data = rte_zmalloc(NULL, xform->cipher.key.length,
2053                                                RTE_CACHE_LINE_SIZE);
2054         if (session->cipher_key.data == NULL && xform->cipher.key.length > 0) {
2055                 DPAA_SEC_ERR("No Memory for cipher key");
2056                 return -ENOMEM;
2057         }
2058         session->cipher_key.length = xform->cipher.key.length;
2059
2060         memcpy(session->cipher_key.data, xform->cipher.key.data,
2061                xform->cipher.key.length);
2062         switch (xform->cipher.algo) {
2063         case RTE_CRYPTO_CIPHER_AES_CBC:
2064                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2065                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2066                 break;
2067         case RTE_CRYPTO_CIPHER_DES_CBC:
2068                 session->cipher_key.alg = OP_ALG_ALGSEL_DES;
2069                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2070                 break;
2071         case RTE_CRYPTO_CIPHER_3DES_CBC:
2072                 session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
2073                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2074                 break;
2075         case RTE_CRYPTO_CIPHER_AES_CTR:
2076                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2077                 session->cipher_key.algmode = OP_ALG_AAI_CTR;
2078                 break;
2079         case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
2080                 session->cipher_key.alg = OP_ALG_ALGSEL_SNOW_F8;
2081                 break;
2082         case RTE_CRYPTO_CIPHER_ZUC_EEA3:
2083                 session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE;
2084                 break;
2085         default:
2086                 DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2087                               xform->cipher.algo);
2088                 return -ENOTSUP;
2089         }
2090         session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
2091                         DIR_ENC : DIR_DEC;
2092
2093         return 0;
2094 }
2095
2096 static int
2097 dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
2098                    struct rte_crypto_sym_xform *xform,
2099                    dpaa_sec_session *session)
2100 {
2101         session->ctxt = DPAA_SEC_AUTH;
2102         session->auth_alg = xform->auth.algo;
2103         session->auth_key.length = xform->auth.key.length;
2104         if (xform->auth.key.length) {
2105                 session->auth_key.data =
2106                                 rte_zmalloc(NULL, xform->auth.key.length,
2107                                              RTE_CACHE_LINE_SIZE);
2108                 if (session->auth_key.data == NULL) {
2109                         DPAA_SEC_ERR("No Memory for auth key");
2110                         return -ENOMEM;
2111                 }
2112                 memcpy(session->auth_key.data, xform->auth.key.data,
2113                                 xform->auth.key.length);
2114
2115         }
2116         session->digest_length = xform->auth.digest_length;
2117         if (session->cipher_alg == RTE_CRYPTO_CIPHER_NULL) {
2118                 session->iv.offset = xform->auth.iv.offset;
2119                 session->iv.length = xform->auth.iv.length;
2120         }
2121
2122         switch (xform->auth.algo) {
2123         case RTE_CRYPTO_AUTH_SHA1:
2124                 session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
2125                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2126                 break;
2127         case RTE_CRYPTO_AUTH_SHA1_HMAC:
2128                 session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
2129                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2130                 break;
2131         case RTE_CRYPTO_AUTH_MD5:
2132                 session->auth_key.alg = OP_ALG_ALGSEL_MD5;
2133                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2134                 break;
2135         case RTE_CRYPTO_AUTH_MD5_HMAC:
2136                 session->auth_key.alg = OP_ALG_ALGSEL_MD5;
2137                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2138                 break;
2139         case RTE_CRYPTO_AUTH_SHA224:
2140                 session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
2141                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2142                 break;
2143         case RTE_CRYPTO_AUTH_SHA224_HMAC:
2144                 session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
2145                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2146                 break;
2147         case RTE_CRYPTO_AUTH_SHA256:
2148                 session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
2149                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2150                 break;
2151         case RTE_CRYPTO_AUTH_SHA256_HMAC:
2152                 session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
2153                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2154                 break;
2155         case RTE_CRYPTO_AUTH_SHA384:
2156                 session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
2157                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2158                 break;
2159         case RTE_CRYPTO_AUTH_SHA384_HMAC:
2160                 session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
2161                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2162                 break;
2163         case RTE_CRYPTO_AUTH_SHA512:
2164                 session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
2165                 session->auth_key.algmode = OP_ALG_AAI_HASH;
2166                 break;
2167         case RTE_CRYPTO_AUTH_SHA512_HMAC:
2168                 session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
2169                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2170                 break;
2171         case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
2172                 session->auth_key.alg = OP_ALG_ALGSEL_SNOW_F9;
2173                 session->auth_key.algmode = OP_ALG_AAI_F9;
2174                 break;
2175         case RTE_CRYPTO_AUTH_ZUC_EIA3:
2176                 session->auth_key.alg = OP_ALG_ALGSEL_ZUCA;
2177                 session->auth_key.algmode = OP_ALG_AAI_F9;
2178                 break;
2179         case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
2180                 session->auth_key.alg = OP_ALG_ALGSEL_AES;
2181                 session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
2182                 break;
2183         default:
2184                 DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
2185                               xform->auth.algo);
2186                 return -ENOTSUP;
2187         }
2188
2189         session->dir = (xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE) ?
2190                         DIR_ENC : DIR_DEC;
2191
2192         return 0;
2193 }
2194
2195 static int
2196 dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
2197                    struct rte_crypto_sym_xform *xform,
2198                    dpaa_sec_session *session)
2199 {
2200
2201         struct rte_crypto_cipher_xform *cipher_xform;
2202         struct rte_crypto_auth_xform *auth_xform;
2203
2204         session->ctxt = DPAA_SEC_CIPHER_HASH;
2205         if (session->auth_cipher_text) {
2206                 cipher_xform = &xform->cipher;
2207                 auth_xform = &xform->next->auth;
2208         } else {
2209                 cipher_xform = &xform->next->cipher;
2210                 auth_xform = &xform->auth;
2211         }
2212
2213         /* Set IV parameters */
2214         session->iv.offset = cipher_xform->iv.offset;
2215         session->iv.length = cipher_xform->iv.length;
2216
2217         session->cipher_key.data = rte_zmalloc(NULL, cipher_xform->key.length,
2218                                                RTE_CACHE_LINE_SIZE);
2219         if (session->cipher_key.data == NULL && cipher_xform->key.length > 0) {
2220                 DPAA_SEC_ERR("No Memory for cipher key");
2221                 return -ENOMEM;
2222         }
2223         session->cipher_key.length = cipher_xform->key.length;
2224         session->auth_key.data = rte_zmalloc(NULL, auth_xform->key.length,
2225                                              RTE_CACHE_LINE_SIZE);
2226         if (session->auth_key.data == NULL && auth_xform->key.length > 0) {
2227                 DPAA_SEC_ERR("No Memory for auth key");
2228                 return -ENOMEM;
2229         }
2230         session->auth_key.length = auth_xform->key.length;
2231         memcpy(session->cipher_key.data, cipher_xform->key.data,
2232                cipher_xform->key.length);
2233         memcpy(session->auth_key.data, auth_xform->key.data,
2234                auth_xform->key.length);
2235
2236         session->digest_length = auth_xform->digest_length;
2237         session->auth_alg = auth_xform->algo;
2238
2239         switch (auth_xform->algo) {
2240         case RTE_CRYPTO_AUTH_SHA1_HMAC:
2241                 session->auth_key.alg = OP_ALG_ALGSEL_SHA1;
2242                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2243                 break;
2244         case RTE_CRYPTO_AUTH_MD5_HMAC:
2245                 session->auth_key.alg = OP_ALG_ALGSEL_MD5;
2246                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2247                 break;
2248         case RTE_CRYPTO_AUTH_SHA224_HMAC:
2249                 session->auth_key.alg = OP_ALG_ALGSEL_SHA224;
2250                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2251                 break;
2252         case RTE_CRYPTO_AUTH_SHA256_HMAC:
2253                 session->auth_key.alg = OP_ALG_ALGSEL_SHA256;
2254                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2255                 break;
2256         case RTE_CRYPTO_AUTH_SHA384_HMAC:
2257                 session->auth_key.alg = OP_ALG_ALGSEL_SHA384;
2258                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2259                 break;
2260         case RTE_CRYPTO_AUTH_SHA512_HMAC:
2261                 session->auth_key.alg = OP_ALG_ALGSEL_SHA512;
2262                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2263                 break;
2264         case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
2265                 session->auth_key.alg = OP_ALG_ALGSEL_AES;
2266                 session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
2267                 break;
2268         default:
2269                 DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
2270                               auth_xform->algo);
2271                 return -ENOTSUP;
2272         }
2273
2274         session->cipher_alg = cipher_xform->algo;
2275
2276         switch (cipher_xform->algo) {
2277         case RTE_CRYPTO_CIPHER_AES_CBC:
2278                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2279                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2280                 break;
2281         case RTE_CRYPTO_CIPHER_DES_CBC:
2282                 session->cipher_key.alg = OP_ALG_ALGSEL_DES;
2283                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2284                 break;
2285         case RTE_CRYPTO_CIPHER_3DES_CBC:
2286                 session->cipher_key.alg = OP_ALG_ALGSEL_3DES;
2287                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2288                 break;
2289         case RTE_CRYPTO_CIPHER_AES_CTR:
2290                 session->cipher_key.alg = OP_ALG_ALGSEL_AES;
2291                 session->cipher_key.algmode = OP_ALG_AAI_CTR;
2292                 break;
2293         default:
2294                 DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2295                               cipher_xform->algo);
2296                 return -ENOTSUP;
2297         }
2298         session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
2299                                 DIR_ENC : DIR_DEC;
2300         return 0;
2301 }
2302
2303 static int
2304 dpaa_sec_aead_init(struct rte_cryptodev *dev __rte_unused,
2305                    struct rte_crypto_sym_xform *xform,
2306                    dpaa_sec_session *session)
2307 {
2308         session->aead_alg = xform->aead.algo;
2309         session->ctxt = DPAA_SEC_AEAD;
2310         session->iv.length = xform->aead.iv.length;
2311         session->iv.offset = xform->aead.iv.offset;
2312         session->auth_only_len = xform->aead.aad_length;
2313         session->aead_key.data = rte_zmalloc(NULL, xform->aead.key.length,
2314                                              RTE_CACHE_LINE_SIZE);
2315         if (session->aead_key.data == NULL && xform->aead.key.length > 0) {
2316                 DPAA_SEC_ERR("No Memory for aead key\n");
2317                 return -ENOMEM;
2318         }
2319         session->aead_key.length = xform->aead.key.length;
2320         session->digest_length = xform->aead.digest_length;
2321
2322         memcpy(session->aead_key.data, xform->aead.key.data,
2323                xform->aead.key.length);
2324
2325         switch (session->aead_alg) {
2326         case RTE_CRYPTO_AEAD_AES_GCM:
2327                 session->aead_key.alg = OP_ALG_ALGSEL_AES;
2328                 session->aead_key.algmode = OP_ALG_AAI_GCM;
2329                 break;
2330         default:
2331                 DPAA_SEC_ERR("unsupported AEAD alg %d", session->aead_alg);
2332                 return -ENOTSUP;
2333         }
2334
2335         session->dir = (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
2336                         DIR_ENC : DIR_DEC;
2337
2338         return 0;
2339 }
2340
2341 static struct qman_fq *
2342 dpaa_sec_attach_rxq(struct dpaa_sec_dev_private *qi)
2343 {
2344         unsigned int i;
2345
2346         for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
2347                 if (qi->inq_attach[i] == 0) {
2348                         qi->inq_attach[i] = 1;
2349                         return &qi->inq[i];
2350                 }
2351         }
2352         DPAA_SEC_WARN("All session in use %u", qi->max_nb_sessions);
2353
2354         return NULL;
2355 }
2356
2357 static int
2358 dpaa_sec_detach_rxq(struct dpaa_sec_dev_private *qi, struct qman_fq *fq)
2359 {
2360         unsigned int i;
2361
2362         for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
2363                 if (&qi->inq[i] == fq) {
2364                         if (qman_retire_fq(fq, NULL) != 0)
2365                                 DPAA_SEC_DEBUG("Queue is not retired\n");
2366                         qman_oos_fq(fq);
2367                         qi->inq_attach[i] = 0;
2368                         return 0;
2369                 }
2370         }
2371         return -1;
2372 }
2373
2374 static int
2375 dpaa_sec_attach_sess_q(struct dpaa_sec_qp *qp, dpaa_sec_session *sess)
2376 {
2377         int ret;
2378
2379         sess->qp[rte_lcore_id() % MAX_DPAA_CORES] = qp;
2380         ret = dpaa_sec_prep_cdb(sess);
2381         if (ret) {
2382                 DPAA_SEC_ERR("Unable to prepare sec cdb");
2383                 return ret;
2384         }
2385         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
2386                 ret = rte_dpaa_portal_init((void *)0);
2387                 if (ret) {
2388                         DPAA_SEC_ERR("Failure in affining portal");
2389                         return ret;
2390                 }
2391         }
2392         ret = dpaa_sec_init_rx(sess->inq[rte_lcore_id() % MAX_DPAA_CORES],
2393                                rte_dpaa_mem_vtop(&sess->cdb),
2394                                qman_fq_fqid(&qp->outq));
2395         if (ret)
2396                 DPAA_SEC_ERR("Unable to init sec queue");
2397
2398         return ret;
2399 }
2400
2401 static inline void
2402 free_session_data(dpaa_sec_session *s)
2403 {
2404         if (is_aead(s))
2405                 rte_free(s->aead_key.data);
2406         else {
2407                 rte_free(s->auth_key.data);
2408                 rte_free(s->cipher_key.data);
2409         }
2410         memset(s, 0, sizeof(dpaa_sec_session));
2411 }
2412
2413 static int
2414 dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
2415                             struct rte_crypto_sym_xform *xform, void *sess)
2416 {
2417         struct dpaa_sec_dev_private *internals = dev->data->dev_private;
2418         dpaa_sec_session *session = sess;
2419         uint32_t i;
2420         int ret;
2421
2422         PMD_INIT_FUNC_TRACE();
2423
2424         if (unlikely(sess == NULL)) {
2425                 DPAA_SEC_ERR("invalid session struct");
2426                 return -EINVAL;
2427         }
2428         memset(session, 0, sizeof(dpaa_sec_session));
2429
2430         /* Default IV length = 0 */
2431         session->iv.length = 0;
2432
2433         /* Cipher Only */
2434         if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
2435                 session->auth_alg = RTE_CRYPTO_AUTH_NULL;
2436                 ret = dpaa_sec_cipher_init(dev, xform, session);
2437
2438         /* Authentication Only */
2439         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
2440                    xform->next == NULL) {
2441                 session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
2442                 session->ctxt = DPAA_SEC_AUTH;
2443                 ret = dpaa_sec_auth_init(dev, xform, session);
2444
2445         /* Cipher then Authenticate */
2446         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
2447                    xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
2448                 if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
2449                         session->auth_cipher_text = 1;
2450                         if (xform->cipher.algo == RTE_CRYPTO_CIPHER_NULL)
2451                                 ret = dpaa_sec_auth_init(dev, xform, session);
2452                         else if (xform->next->auth.algo == RTE_CRYPTO_AUTH_NULL)
2453                                 ret = dpaa_sec_cipher_init(dev, xform, session);
2454                         else
2455                                 ret = dpaa_sec_chain_init(dev, xform, session);
2456                 } else {
2457                         DPAA_SEC_ERR("Not supported: Auth then Cipher");
2458                         return -ENOTSUP;
2459                 }
2460         /* Authenticate then Cipher */
2461         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
2462                    xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
2463                 if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
2464                         session->auth_cipher_text = 0;
2465                         if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL)
2466                                 ret = dpaa_sec_cipher_init(dev, xform, session);
2467                         else if (xform->next->cipher.algo
2468                                         == RTE_CRYPTO_CIPHER_NULL)
2469                                 ret = dpaa_sec_auth_init(dev, xform, session);
2470                         else
2471                                 ret = dpaa_sec_chain_init(dev, xform, session);
2472                 } else {
2473                         DPAA_SEC_ERR("Not supported: Auth then Cipher");
2474                         return -ENOTSUP;
2475                 }
2476
2477         /* AEAD operation for AES-GCM kind of Algorithms */
2478         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
2479                    xform->next == NULL) {
2480                 ret = dpaa_sec_aead_init(dev, xform, session);
2481
2482         } else {
2483                 DPAA_SEC_ERR("Invalid crypto type");
2484                 return -EINVAL;
2485         }
2486         if (ret) {
2487                 DPAA_SEC_ERR("unable to init session");
2488                 goto err1;
2489         }
2490
2491         rte_spinlock_lock(&internals->lock);
2492         for (i = 0; i < MAX_DPAA_CORES; i++) {
2493                 session->inq[i] = dpaa_sec_attach_rxq(internals);
2494                 if (session->inq[i] == NULL) {
2495                         DPAA_SEC_ERR("unable to attach sec queue");
2496                         rte_spinlock_unlock(&internals->lock);
2497                         ret = -EBUSY;
2498                         goto err1;
2499                 }
2500         }
2501         rte_spinlock_unlock(&internals->lock);
2502
2503         return 0;
2504
2505 err1:
2506         free_session_data(session);
2507         return ret;
2508 }
2509
2510 static int
2511 dpaa_sec_sym_session_configure(struct rte_cryptodev *dev,
2512                 struct rte_crypto_sym_xform *xform,
2513                 struct rte_cryptodev_sym_session *sess,
2514                 struct rte_mempool *mempool)
2515 {
2516         void *sess_private_data;
2517         int ret;
2518
2519         PMD_INIT_FUNC_TRACE();
2520
2521         if (rte_mempool_get(mempool, &sess_private_data)) {
2522                 DPAA_SEC_ERR("Couldn't get object from session mempool");
2523                 return -ENOMEM;
2524         }
2525
2526         ret = dpaa_sec_set_session_parameters(dev, xform, sess_private_data);
2527         if (ret != 0) {
2528                 DPAA_SEC_ERR("failed to configure session parameters");
2529
2530                 /* Return session to mempool */
2531                 rte_mempool_put(mempool, sess_private_data);
2532                 return ret;
2533         }
2534
2535         set_sym_session_private_data(sess, dev->driver_id,
2536                         sess_private_data);
2537
2538
2539         return 0;
2540 }
2541
2542 static inline void
2543 free_session_memory(struct rte_cryptodev *dev, dpaa_sec_session *s)
2544 {
2545         struct dpaa_sec_dev_private *qi = dev->data->dev_private;
2546         struct rte_mempool *sess_mp = rte_mempool_from_obj((void *)s);
2547         uint8_t i;
2548
2549         for (i = 0; i < MAX_DPAA_CORES; i++) {
2550                 if (s->inq[i])
2551                         dpaa_sec_detach_rxq(qi, s->inq[i]);
2552                 s->inq[i] = NULL;
2553                 s->qp[i] = NULL;
2554         }
2555         free_session_data(s);
2556         rte_mempool_put(sess_mp, (void *)s);
2557 }
2558
2559 /** Clear the memory of session so it doesn't leave key material behind */
2560 static void
2561 dpaa_sec_sym_session_clear(struct rte_cryptodev *dev,
2562                 struct rte_cryptodev_sym_session *sess)
2563 {
2564         PMD_INIT_FUNC_TRACE();
2565         uint8_t index = dev->driver_id;
2566         void *sess_priv = get_sym_session_private_data(sess, index);
2567         dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
2568
2569         if (sess_priv) {
2570                 free_session_memory(dev, s);
2571                 set_sym_session_private_data(sess, index, NULL);
2572         }
2573 }
2574
2575 #ifdef RTE_LIB_SECURITY
2576 static int
2577 dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
2578                         struct rte_security_ipsec_xform *ipsec_xform,
2579                         dpaa_sec_session *session)
2580 {
2581         PMD_INIT_FUNC_TRACE();
2582
2583         session->aead_key.data = rte_zmalloc(NULL, aead_xform->key.length,
2584                                                RTE_CACHE_LINE_SIZE);
2585         if (session->aead_key.data == NULL && aead_xform->key.length > 0) {
2586                 DPAA_SEC_ERR("No Memory for aead key");
2587                 return -ENOMEM;
2588         }
2589         memcpy(session->aead_key.data, aead_xform->key.data,
2590                aead_xform->key.length);
2591
2592         session->digest_length = aead_xform->digest_length;
2593         session->aead_key.length = aead_xform->key.length;
2594
2595         switch (aead_xform->algo) {
2596         case RTE_CRYPTO_AEAD_AES_GCM:
2597                 switch (session->digest_length) {
2598                 case 8:
2599                         session->aead_key.alg = OP_PCL_IPSEC_AES_GCM8;
2600                         break;
2601                 case 12:
2602                         session->aead_key.alg = OP_PCL_IPSEC_AES_GCM12;
2603                         break;
2604                 case 16:
2605                         session->aead_key.alg = OP_PCL_IPSEC_AES_GCM16;
2606                         break;
2607                 default:
2608                         DPAA_SEC_ERR("Crypto: Undefined GCM digest %d",
2609                                      session->digest_length);
2610                         return -EINVAL;
2611                 }
2612                 if (session->dir == DIR_ENC) {
2613                         memcpy(session->encap_pdb.gcm.salt,
2614                                 (uint8_t *)&(ipsec_xform->salt), 4);
2615                 } else {
2616                         memcpy(session->decap_pdb.gcm.salt,
2617                                 (uint8_t *)&(ipsec_xform->salt), 4);
2618                 }
2619                 session->aead_key.algmode = OP_ALG_AAI_GCM;
2620                 session->aead_alg = RTE_CRYPTO_AEAD_AES_GCM;
2621                 break;
2622         default:
2623                 DPAA_SEC_ERR("Crypto: Undefined AEAD specified %u",
2624                               aead_xform->algo);
2625                 return -ENOTSUP;
2626         }
2627         return 0;
2628 }
2629
2630 static int
2631 dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
2632         struct rte_crypto_auth_xform *auth_xform,
2633         struct rte_security_ipsec_xform *ipsec_xform,
2634         dpaa_sec_session *session)
2635 {
2636         if (cipher_xform) {
2637                 session->cipher_key.data = rte_zmalloc(NULL,
2638                                                        cipher_xform->key.length,
2639                                                        RTE_CACHE_LINE_SIZE);
2640                 if (session->cipher_key.data == NULL &&
2641                                 cipher_xform->key.length > 0) {
2642                         DPAA_SEC_ERR("No Memory for cipher key");
2643                         return -ENOMEM;
2644                 }
2645
2646                 session->cipher_key.length = cipher_xform->key.length;
2647                 memcpy(session->cipher_key.data, cipher_xform->key.data,
2648                                 cipher_xform->key.length);
2649                 session->cipher_alg = cipher_xform->algo;
2650         } else {
2651                 session->cipher_key.data = NULL;
2652                 session->cipher_key.length = 0;
2653                 session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
2654         }
2655
2656         if (auth_xform) {
2657                 session->auth_key.data = rte_zmalloc(NULL,
2658                                                 auth_xform->key.length,
2659                                                 RTE_CACHE_LINE_SIZE);
2660                 if (session->auth_key.data == NULL &&
2661                                 auth_xform->key.length > 0) {
2662                         DPAA_SEC_ERR("No Memory for auth key");
2663                         return -ENOMEM;
2664                 }
2665                 session->auth_key.length = auth_xform->key.length;
2666                 memcpy(session->auth_key.data, auth_xform->key.data,
2667                                 auth_xform->key.length);
2668                 session->auth_alg = auth_xform->algo;
2669                 session->digest_length = auth_xform->digest_length;
2670         } else {
2671                 session->auth_key.data = NULL;
2672                 session->auth_key.length = 0;
2673                 session->auth_alg = RTE_CRYPTO_AUTH_NULL;
2674         }
2675
2676         switch (session->auth_alg) {
2677         case RTE_CRYPTO_AUTH_SHA1_HMAC:
2678                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA1_96;
2679                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2680                 break;
2681         case RTE_CRYPTO_AUTH_MD5_HMAC:
2682                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_MD5_96;
2683                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2684                 break;
2685         case RTE_CRYPTO_AUTH_SHA256_HMAC:
2686                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
2687                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2688                 if (session->digest_length != 16)
2689                         DPAA_SEC_WARN(
2690                         "+++Using sha256-hmac truncated len is non-standard,"
2691                         "it will not work with lookaside proto");
2692                 break;
2693         case RTE_CRYPTO_AUTH_SHA384_HMAC:
2694                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;
2695                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2696                 break;
2697         case RTE_CRYPTO_AUTH_SHA512_HMAC:
2698                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_512_256;
2699                 session->auth_key.algmode = OP_ALG_AAI_HMAC;
2700                 break;
2701         case RTE_CRYPTO_AUTH_AES_CMAC:
2702                 session->auth_key.alg = OP_PCL_IPSEC_AES_CMAC_96;
2703                 break;
2704         case RTE_CRYPTO_AUTH_NULL:
2705                 session->auth_key.alg = OP_PCL_IPSEC_HMAC_NULL;
2706                 break;
2707         case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
2708                 session->auth_key.alg = OP_PCL_IPSEC_AES_XCBC_MAC_96;
2709                 session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
2710                 break;
2711         case RTE_CRYPTO_AUTH_SHA224_HMAC:
2712         case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
2713         case RTE_CRYPTO_AUTH_SHA1:
2714         case RTE_CRYPTO_AUTH_SHA256:
2715         case RTE_CRYPTO_AUTH_SHA512:
2716         case RTE_CRYPTO_AUTH_SHA224:
2717         case RTE_CRYPTO_AUTH_SHA384:
2718         case RTE_CRYPTO_AUTH_MD5:
2719         case RTE_CRYPTO_AUTH_AES_GMAC:
2720         case RTE_CRYPTO_AUTH_KASUMI_F9:
2721         case RTE_CRYPTO_AUTH_AES_CBC_MAC:
2722         case RTE_CRYPTO_AUTH_ZUC_EIA3:
2723                 DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
2724                               session->auth_alg);
2725                 return -ENOTSUP;
2726         default:
2727                 DPAA_SEC_ERR("Crypto: Undefined Auth specified %u",
2728                               session->auth_alg);
2729                 return -ENOTSUP;
2730         }
2731
2732         switch (session->cipher_alg) {
2733         case RTE_CRYPTO_CIPHER_AES_CBC:
2734                 session->cipher_key.alg = OP_PCL_IPSEC_AES_CBC;
2735                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2736                 break;
2737         case RTE_CRYPTO_CIPHER_DES_CBC:
2738                 session->cipher_key.alg = OP_PCL_IPSEC_DES;
2739                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2740                 break;
2741         case RTE_CRYPTO_CIPHER_3DES_CBC:
2742                 session->cipher_key.alg = OP_PCL_IPSEC_3DES;
2743                 session->cipher_key.algmode = OP_ALG_AAI_CBC;
2744                 break;
2745         case RTE_CRYPTO_CIPHER_AES_CTR:
2746                 session->cipher_key.alg = OP_PCL_IPSEC_AES_CTR;
2747                 session->cipher_key.algmode = OP_ALG_AAI_CTR;
2748                 if (session->dir == DIR_ENC) {
2749                         session->encap_pdb.ctr.ctr_initial = 0x00000001;
2750                         session->encap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
2751                 } else {
2752                         session->decap_pdb.ctr.ctr_initial = 0x00000001;
2753                         session->decap_pdb.ctr.ctr_nonce = ipsec_xform->salt;
2754                 }
2755                 break;
2756         case RTE_CRYPTO_CIPHER_NULL:
2757                 session->cipher_key.alg = OP_PCL_IPSEC_NULL;
2758                 break;
2759         case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
2760         case RTE_CRYPTO_CIPHER_ZUC_EEA3:
2761         case RTE_CRYPTO_CIPHER_3DES_ECB:
2762         case RTE_CRYPTO_CIPHER_AES_ECB:
2763         case RTE_CRYPTO_CIPHER_KASUMI_F8:
2764                 DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
2765                               session->cipher_alg);
2766                 return -ENOTSUP;
2767         default:
2768                 DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2769                               session->cipher_alg);
2770                 return -ENOTSUP;
2771         }
2772
2773         return 0;
2774 }
2775
2776 static int
2777 dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
2778                            struct rte_security_session_conf *conf,
2779                            void *sess)
2780 {
2781         struct dpaa_sec_dev_private *internals = dev->data->dev_private;
2782         struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
2783         struct rte_crypto_auth_xform *auth_xform = NULL;
2784         struct rte_crypto_cipher_xform *cipher_xform = NULL;
2785         struct rte_crypto_aead_xform *aead_xform = NULL;
2786         dpaa_sec_session *session = (dpaa_sec_session *)sess;
2787         uint32_t i;
2788         int ret;
2789
2790         PMD_INIT_FUNC_TRACE();
2791
2792         memset(session, 0, sizeof(dpaa_sec_session));
2793         session->proto_alg = conf->protocol;
2794         session->ctxt = DPAA_SEC_IPSEC;
2795
2796         if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
2797                 session->dir = DIR_ENC;
2798         else
2799                 session->dir = DIR_DEC;
2800
2801         if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
2802                 cipher_xform = &conf->crypto_xform->cipher;
2803                 if (conf->crypto_xform->next)
2804                         auth_xform = &conf->crypto_xform->next->auth;
2805                 ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
2806                                         ipsec_xform, session);
2807         } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
2808                 auth_xform = &conf->crypto_xform->auth;
2809                 if (conf->crypto_xform->next)
2810                         cipher_xform = &conf->crypto_xform->next->cipher;
2811                 ret = dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
2812                                         ipsec_xform, session);
2813         } else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
2814                 aead_xform = &conf->crypto_xform->aead;
2815                 ret = dpaa_sec_ipsec_aead_init(aead_xform,
2816                                         ipsec_xform, session);
2817         } else {
2818                 DPAA_SEC_ERR("XFORM not specified");
2819                 ret = -EINVAL;
2820                 goto out;
2821         }
2822         if (ret) {
2823                 DPAA_SEC_ERR("Failed to process xform");
2824                 goto out;
2825         }
2826
2827         if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
2828                 if (ipsec_xform->tunnel.type ==
2829                                 RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
2830                         session->ip4_hdr.ip_v = IPVERSION;
2831                         session->ip4_hdr.ip_hl = 5;
2832                         session->ip4_hdr.ip_len = rte_cpu_to_be_16(
2833                                                 sizeof(session->ip4_hdr));
2834                         session->ip4_hdr.ip_tos = ipsec_xform->tunnel.ipv4.dscp;
2835                         session->ip4_hdr.ip_id = 0;
2836                         session->ip4_hdr.ip_off = 0;
2837                         session->ip4_hdr.ip_ttl = ipsec_xform->tunnel.ipv4.ttl;
2838                         session->ip4_hdr.ip_p = (ipsec_xform->proto ==
2839                                         RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
2840                                         IPPROTO_ESP : IPPROTO_AH;
2841                         session->ip4_hdr.ip_sum = 0;
2842                         session->ip4_hdr.ip_src =
2843                                         ipsec_xform->tunnel.ipv4.src_ip;
2844                         session->ip4_hdr.ip_dst =
2845                                         ipsec_xform->tunnel.ipv4.dst_ip;
2846                         session->ip4_hdr.ip_sum = calc_chksum((uint16_t *)
2847                                                 (void *)&session->ip4_hdr,
2848                                                 sizeof(struct ip));
2849                         session->encap_pdb.ip_hdr_len = sizeof(struct ip);
2850                 } else if (ipsec_xform->tunnel.type ==
2851                                 RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
2852                         session->ip6_hdr.vtc_flow = rte_cpu_to_be_32(
2853                                 DPAA_IPv6_DEFAULT_VTC_FLOW |
2854                                 ((ipsec_xform->tunnel.ipv6.dscp <<
2855                                         RTE_IPV6_HDR_TC_SHIFT) &
2856                                         RTE_IPV6_HDR_TC_MASK) |
2857                                 ((ipsec_xform->tunnel.ipv6.flabel <<
2858                                         RTE_IPV6_HDR_FL_SHIFT) &
2859                                         RTE_IPV6_HDR_FL_MASK));
2860                         /* Payload length will be updated by HW */
2861                         session->ip6_hdr.payload_len = 0;
2862                         session->ip6_hdr.hop_limits =
2863                                         ipsec_xform->tunnel.ipv6.hlimit;
2864                         session->ip6_hdr.proto = (ipsec_xform->proto ==
2865                                         RTE_SECURITY_IPSEC_SA_PROTO_ESP) ?
2866                                         IPPROTO_ESP : IPPROTO_AH;
2867                         memcpy(&session->ip6_hdr.src_addr,
2868                                         &ipsec_xform->tunnel.ipv6.src_addr, 16);
2869                         memcpy(&session->ip6_hdr.dst_addr,
2870                                         &ipsec_xform->tunnel.ipv6.dst_addr, 16);
2871                         session->encap_pdb.ip_hdr_len =
2872                                                 sizeof(struct rte_ipv6_hdr);
2873                 }
2874                 session->encap_pdb.options =
2875                         (IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
2876                         PDBOPTS_ESP_OIHI_PDB_INL |
2877                         PDBOPTS_ESP_IVSRC |
2878                         PDBHMO_ESP_ENCAP_DTTL |
2879                         PDBHMO_ESP_SNR;
2880                 if (ipsec_xform->options.esn)
2881                         session->encap_pdb.options |= PDBOPTS_ESP_ESN;
2882                 session->encap_pdb.spi = ipsec_xform->spi;
2883
2884         } else if (ipsec_xform->direction ==
2885                         RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
2886                 if (ipsec_xform->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)
2887                         session->decap_pdb.options = sizeof(struct ip) << 16;
2888                 else
2889                         session->decap_pdb.options =
2890                                         sizeof(struct rte_ipv6_hdr) << 16;
2891                 if (ipsec_xform->options.esn)
2892                         session->decap_pdb.options |= PDBOPTS_ESP_ESN;
2893                 if (ipsec_xform->replay_win_sz) {
2894                         uint32_t win_sz;
2895                         win_sz = rte_align32pow2(ipsec_xform->replay_win_sz);
2896
2897                         switch (win_sz) {
2898                         case 1:
2899                         case 2:
2900                         case 4:
2901                         case 8:
2902                         case 16:
2903                         case 32:
2904                                 session->decap_pdb.options |= PDBOPTS_ESP_ARS32;
2905                                 break;
2906                         case 64:
2907                                 session->decap_pdb.options |= PDBOPTS_ESP_ARS64;
2908                                 break;
2909                         default:
2910                                 session->decap_pdb.options |=
2911                                                         PDBOPTS_ESP_ARS128;
2912                         }
2913                 }
2914         } else
2915                 goto out;
2916         rte_spinlock_lock(&internals->lock);
2917         for (i = 0; i < MAX_DPAA_CORES; i++) {
2918                 session->inq[i] = dpaa_sec_attach_rxq(internals);
2919                 if (session->inq[i] == NULL) {
2920                         DPAA_SEC_ERR("unable to attach sec queue");
2921                         rte_spinlock_unlock(&internals->lock);
2922                         goto out;
2923                 }
2924         }
2925         rte_spinlock_unlock(&internals->lock);
2926
2927         return 0;
2928 out:
2929         free_session_data(session);
2930         return -1;
2931 }
2932
2933 static int
2934 dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
2935                           struct rte_security_session_conf *conf,
2936                           void *sess)
2937 {
2938         struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
2939         struct rte_crypto_sym_xform *xform = conf->crypto_xform;
2940         struct rte_crypto_auth_xform *auth_xform = NULL;
2941         struct rte_crypto_cipher_xform *cipher_xform = NULL;
2942         dpaa_sec_session *session = (dpaa_sec_session *)sess;
2943         struct dpaa_sec_dev_private *dev_priv = dev->data->dev_private;
2944         uint32_t i;
2945         int ret;
2946
2947         PMD_INIT_FUNC_TRACE();
2948
2949         memset(session, 0, sizeof(dpaa_sec_session));
2950
2951         /* find xfrm types */
2952         if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
2953                 cipher_xform = &xform->cipher;
2954                 if (xform->next != NULL)
2955                         auth_xform = &xform->next->auth;
2956         } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
2957                 auth_xform = &xform->auth;
2958                 if (xform->next != NULL)
2959                         cipher_xform = &xform->next->cipher;
2960         } else {
2961                 DPAA_SEC_ERR("Invalid crypto type");
2962                 return -EINVAL;
2963         }
2964
2965         session->proto_alg = conf->protocol;
2966         session->ctxt = DPAA_SEC_PDCP;
2967
2968         if (cipher_xform) {
2969                 switch (cipher_xform->algo) {
2970                 case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
2971                         session->cipher_key.alg = PDCP_CIPHER_TYPE_SNOW;
2972                         break;
2973                 case RTE_CRYPTO_CIPHER_ZUC_EEA3:
2974                         session->cipher_key.alg = PDCP_CIPHER_TYPE_ZUC;
2975                         break;
2976                 case RTE_CRYPTO_CIPHER_AES_CTR:
2977                         session->cipher_key.alg = PDCP_CIPHER_TYPE_AES;
2978                         break;
2979                 case RTE_CRYPTO_CIPHER_NULL:
2980                         session->cipher_key.alg = PDCP_CIPHER_TYPE_NULL;
2981                         break;
2982                 default:
2983                         DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
2984                                       session->cipher_alg);
2985                         return -EINVAL;
2986                 }
2987
2988                 session->cipher_key.data = rte_zmalloc(NULL,
2989                                                cipher_xform->key.length,
2990                                                RTE_CACHE_LINE_SIZE);
2991                 if (session->cipher_key.data == NULL &&
2992                                 cipher_xform->key.length > 0) {
2993                         DPAA_SEC_ERR("No Memory for cipher key");
2994                         return -ENOMEM;
2995                 }
2996                 session->cipher_key.length = cipher_xform->key.length;
2997                 memcpy(session->cipher_key.data, cipher_xform->key.data,
2998                         cipher_xform->key.length);
2999                 session->dir = (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
3000                                         DIR_ENC : DIR_DEC;
3001                 session->cipher_alg = cipher_xform->algo;
3002         } else {
3003                 session->cipher_key.data = NULL;
3004                 session->cipher_key.length = 0;
3005                 session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
3006                 session->dir = DIR_ENC;
3007         }
3008
3009         if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
3010                 if (pdcp_xform->sn_size != RTE_SECURITY_PDCP_SN_SIZE_5 &&
3011                     pdcp_xform->sn_size != RTE_SECURITY_PDCP_SN_SIZE_12) {
3012                         DPAA_SEC_ERR(
3013                                 "PDCP Seq Num size should be 5/12 bits for cmode");
3014                         ret = -EINVAL;
3015                         goto out;
3016                 }
3017         }
3018
3019         if (auth_xform) {
3020                 switch (auth_xform->algo) {
3021                 case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
3022                         session->auth_key.alg = PDCP_AUTH_TYPE_SNOW;
3023                         break;
3024                 case RTE_CRYPTO_AUTH_ZUC_EIA3:
3025                         session->auth_key.alg = PDCP_AUTH_TYPE_ZUC;
3026                         break;
3027                 case RTE_CRYPTO_AUTH_AES_CMAC:
3028                         session->auth_key.alg = PDCP_AUTH_TYPE_AES;
3029                         break;
3030                 case RTE_CRYPTO_AUTH_NULL:
3031                         session->auth_key.alg = PDCP_AUTH_TYPE_NULL;
3032                         break;
3033                 default:
3034                         DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
3035                                       session->auth_alg);
3036                         rte_free(session->cipher_key.data);
3037                         return -EINVAL;
3038                 }
3039                 session->auth_key.data = rte_zmalloc(NULL,
3040                                                      auth_xform->key.length,
3041                                                      RTE_CACHE_LINE_SIZE);
3042                 if (!session->auth_key.data &&
3043                     auth_xform->key.length > 0) {
3044                         DPAA_SEC_ERR("No Memory for auth key");
3045                         rte_free(session->cipher_key.data);
3046                         return -ENOMEM;
3047                 }
3048                 session->auth_key.length = auth_xform->key.length;
3049                 memcpy(session->auth_key.data, auth_xform->key.data,
3050                        auth_xform->key.length);
3051                 session->auth_alg = auth_xform->algo;
3052         } else {
3053                 session->auth_key.data = NULL;
3054                 session->auth_key.length = 0;
3055                 session->auth_alg = 0;
3056         }
3057         session->pdcp.domain = pdcp_xform->domain;
3058         session->pdcp.bearer = pdcp_xform->bearer;
3059         session->pdcp.pkt_dir = pdcp_xform->pkt_dir;
3060         session->pdcp.sn_size = pdcp_xform->sn_size;
3061         session->pdcp.hfn = pdcp_xform->hfn;
3062         session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
3063         session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
3064         session->pdcp.sdap_enabled = pdcp_xform->sdap_enabled;
3065         if (cipher_xform)
3066                 session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
3067
3068         rte_spinlock_lock(&dev_priv->lock);
3069         for (i = 0; i < MAX_DPAA_CORES; i++) {
3070                 session->inq[i] = dpaa_sec_attach_rxq(dev_priv);
3071                 if (session->inq[i] == NULL) {
3072                         DPAA_SEC_ERR("unable to attach sec queue");
3073                         rte_spinlock_unlock(&dev_priv->lock);
3074                         ret = -EBUSY;
3075                         goto out;
3076                 }
3077         }
3078         rte_spinlock_unlock(&dev_priv->lock);
3079         return 0;
3080 out:
3081         rte_free(session->auth_key.data);
3082         rte_free(session->cipher_key.data);
3083         memset(session, 0, sizeof(dpaa_sec_session));
3084         return ret;
3085 }
3086
3087 static int
3088 dpaa_sec_security_session_create(void *dev,
3089                                  struct rte_security_session_conf *conf,
3090                                  struct rte_security_session *sess,
3091                                  struct rte_mempool *mempool)
3092 {
3093         void *sess_private_data;
3094         struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
3095         int ret;
3096
3097         if (rte_mempool_get(mempool, &sess_private_data)) {
3098                 DPAA_SEC_ERR("Couldn't get object from session mempool");
3099                 return -ENOMEM;
3100         }
3101
3102         switch (conf->protocol) {
3103         case RTE_SECURITY_PROTOCOL_IPSEC:
3104                 ret = dpaa_sec_set_ipsec_session(cdev, conf,
3105                                 sess_private_data);
3106                 break;
3107         case RTE_SECURITY_PROTOCOL_PDCP:
3108                 ret = dpaa_sec_set_pdcp_session(cdev, conf,
3109                                 sess_private_data);
3110                 break;
3111         case RTE_SECURITY_PROTOCOL_MACSEC:
3112                 return -ENOTSUP;
3113         default:
3114                 return -EINVAL;
3115         }
3116         if (ret != 0) {
3117                 DPAA_SEC_ERR("failed to configure session parameters");
3118                 /* Return session to mempool */
3119                 rte_mempool_put(mempool, sess_private_data);
3120                 return ret;
3121         }
3122
3123         set_sec_session_private_data(sess, sess_private_data);
3124
3125         return ret;
3126 }
3127
3128 /** Clear the memory of session so it doesn't leave key material behind */
3129 static int
3130 dpaa_sec_security_session_destroy(void *dev __rte_unused,
3131                 struct rte_security_session *sess)
3132 {
3133         PMD_INIT_FUNC_TRACE();
3134         void *sess_priv = get_sec_session_private_data(sess);
3135         dpaa_sec_session *s = (dpaa_sec_session *)sess_priv;
3136
3137         if (sess_priv) {
3138                 free_session_memory((struct rte_cryptodev *)dev, s);
3139                 set_sec_session_private_data(sess, NULL);
3140         }
3141         return 0;
3142 }
3143 #endif
3144 static int
3145 dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
3146                        struct rte_cryptodev_config *config __rte_unused)
3147 {
3148         PMD_INIT_FUNC_TRACE();
3149
3150         return 0;
3151 }
3152
3153 static int
3154 dpaa_sec_dev_start(struct rte_cryptodev *dev __rte_unused)
3155 {
3156         PMD_INIT_FUNC_TRACE();
3157         return 0;
3158 }
3159
3160 static void
3161 dpaa_sec_dev_stop(struct rte_cryptodev *dev __rte_unused)
3162 {
3163         PMD_INIT_FUNC_TRACE();
3164 }
3165
3166 static int
3167 dpaa_sec_dev_close(struct rte_cryptodev *dev)
3168 {
3169         PMD_INIT_FUNC_TRACE();
3170
3171         if (dev == NULL)
3172                 return -ENOMEM;
3173
3174         return 0;
3175 }
3176
3177 static void
3178 dpaa_sec_dev_infos_get(struct rte_cryptodev *dev,
3179                        struct rte_cryptodev_info *info)
3180 {
3181         struct dpaa_sec_dev_private *internals = dev->data->dev_private;
3182
3183         PMD_INIT_FUNC_TRACE();
3184         if (info != NULL) {
3185                 info->max_nb_queue_pairs = internals->max_nb_queue_pairs;
3186                 info->feature_flags = dev->feature_flags;
3187                 info->capabilities = dpaa_sec_capabilities;
3188                 info->sym.max_nb_sessions = internals->max_nb_sessions;
3189                 info->driver_id = cryptodev_driver_id;
3190         }
3191 }
3192
3193 static enum qman_cb_dqrr_result
3194 dpaa_sec_process_parallel_event(void *event,
3195                         struct qman_portal *qm __always_unused,
3196                         struct qman_fq *outq,
3197                         const struct qm_dqrr_entry *dqrr,
3198                         void **bufs)
3199 {
3200         const struct qm_fd *fd;
3201         struct dpaa_sec_job *job;
3202         struct dpaa_sec_op_ctx *ctx;
3203         struct rte_event *ev = (struct rte_event *)event;
3204
3205         fd = &dqrr->fd;
3206
3207         /* sg is embedded in an op ctx,
3208          * sg[0] is for output
3209          * sg[1] for input
3210          */
3211         job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
3212
3213         ctx = container_of(job, struct dpaa_sec_op_ctx, job);
3214         ctx->fd_status = fd->status;
3215         if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
3216                 struct qm_sg_entry *sg_out;
3217                 uint32_t len;
3218
3219                 sg_out = &job->sg[0];
3220                 hw_sg_to_cpu(sg_out);
3221                 len = sg_out->length;
3222                 ctx->op->sym->m_src->pkt_len = len;
3223                 ctx->op->sym->m_src->data_len = len;
3224         }
3225         if (!ctx->fd_status) {
3226                 ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
3227         } else {
3228                 DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status);
3229                 ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR;
3230         }
3231         ev->event_ptr = (void *)ctx->op;
3232
3233         ev->flow_id = outq->ev.flow_id;
3234         ev->sub_event_type = outq->ev.sub_event_type;
3235         ev->event_type = RTE_EVENT_TYPE_CRYPTODEV;
3236         ev->op = RTE_EVENT_OP_NEW;
3237         ev->sched_type = outq->ev.sched_type;
3238         ev->queue_id = outq->ev.queue_id;
3239         ev->priority = outq->ev.priority;
3240         *bufs = (void *)ctx->op;
3241
3242         rte_mempool_put(ctx->ctx_pool, (void *)ctx);
3243
3244         return qman_cb_dqrr_consume;
3245 }
3246
3247 static enum qman_cb_dqrr_result
3248 dpaa_sec_process_atomic_event(void *event,
3249                         struct qman_portal *qm __rte_unused,
3250                         struct qman_fq *outq,
3251                         const struct qm_dqrr_entry *dqrr,
3252                         void **bufs)
3253 {
3254         u8 index;
3255         const struct qm_fd *fd;
3256         struct dpaa_sec_job *job;
3257         struct dpaa_sec_op_ctx *ctx;
3258         struct rte_event *ev = (struct rte_event *)event;
3259
3260         fd = &dqrr->fd;
3261
3262         /* sg is embedded in an op ctx,
3263          * sg[0] is for output
3264          * sg[1] for input
3265          */
3266         job = rte_dpaa_mem_ptov(qm_fd_addr_get64(fd));
3267
3268         ctx = container_of(job, struct dpaa_sec_op_ctx, job);
3269         ctx->fd_status = fd->status;
3270         if (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
3271                 struct qm_sg_entry *sg_out;
3272                 uint32_t len;
3273
3274                 sg_out = &job->sg[0];
3275                 hw_sg_to_cpu(sg_out);
3276                 len = sg_out->length;
3277                 ctx->op->sym->m_src->pkt_len = len;
3278                 ctx->op->sym->m_src->data_len = len;
3279         }
3280         if (!ctx->fd_status) {
3281                 ctx->op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
3282         } else {
3283                 DPAA_SEC_DP_WARN("SEC return err: 0x%x", ctx->fd_status);
3284                 ctx->op->status = RTE_CRYPTO_OP_STATUS_ERROR;
3285         }
3286         ev->event_ptr = (void *)ctx->op;
3287         ev->flow_id = outq->ev.flow_id;
3288         ev->sub_event_type = outq->ev.sub_event_type;
3289         ev->event_type = RTE_EVENT_TYPE_CRYPTODEV;
3290         ev->op = RTE_EVENT_OP_NEW;
3291         ev->sched_type = outq->ev.sched_type;
3292         ev->queue_id = outq->ev.queue_id;
3293         ev->priority = outq->ev.priority;
3294
3295         /* Save active dqrr entries */
3296         index = ((uintptr_t)dqrr >> 6) & (16/*QM_DQRR_SIZE*/ - 1);
3297         DPAA_PER_LCORE_DQRR_SIZE++;
3298         DPAA_PER_LCORE_DQRR_HELD |= 1 << index;
3299         DPAA_PER_LCORE_DQRR_MBUF(index) = ctx->op->sym->m_src;
3300         ev->impl_opaque = index + 1;
3301         *dpaa_seqn(ctx->op->sym->m_src) = (uint32_t)index + 1;
3302         *bufs = (void *)ctx->op;
3303
3304         rte_mempool_put(ctx->ctx_pool, (void *)ctx);
3305
3306         return qman_cb_dqrr_defer;
3307 }
3308
3309 int
3310 dpaa_sec_eventq_attach(const struct rte_cryptodev *dev,
3311                 int qp_id,
3312                 uint16_t ch_id,
3313                 const struct rte_event *event)
3314 {
3315         struct dpaa_sec_qp *qp = dev->data->queue_pairs[qp_id];
3316         struct qm_mcc_initfq opts = {0};
3317
3318         int ret;
3319
3320         opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL |
3321                        QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB;
3322         opts.fqd.dest.channel = ch_id;
3323
3324         switch (event->sched_type) {
3325         case RTE_SCHED_TYPE_ATOMIC:
3326                 opts.fqd.fq_ctrl |= QM_FQCTRL_HOLDACTIVE;
3327                 /* Reset FQCTRL_AVOIDBLOCK bit as it is unnecessary
3328                  * configuration with HOLD_ACTIVE setting
3329                  */
3330                 opts.fqd.fq_ctrl &= (~QM_FQCTRL_AVOIDBLOCK);
3331                 qp->outq.cb.dqrr_dpdk_cb = dpaa_sec_process_atomic_event;
3332                 break;
3333         case RTE_SCHED_TYPE_ORDERED:
3334                 DPAA_SEC_ERR("Ordered queue schedule type is not supported\n");
3335                 return -ENOTSUP;
3336         default:
3337                 opts.fqd.fq_ctrl |= QM_FQCTRL_AVOIDBLOCK;
3338                 qp->outq.cb.dqrr_dpdk_cb = dpaa_sec_process_parallel_event;
3339                 break;
3340         }
3341
3342         ret = qman_init_fq(&qp->outq, QMAN_INITFQ_FLAG_SCHED, &opts);
3343         if (unlikely(ret)) {
3344                 DPAA_SEC_ERR("unable to init caam source fq!");
3345                 return ret;
3346         }
3347
3348         memcpy(&qp->outq.ev, event, sizeof(struct rte_event));
3349
3350         return 0;
3351 }
3352
3353 int
3354 dpaa_sec_eventq_detach(const struct rte_cryptodev *dev,
3355                         int qp_id)
3356 {
3357         struct qm_mcc_initfq opts = {0};
3358         int ret;
3359         struct dpaa_sec_qp *qp = dev->data->queue_pairs[qp_id];
3360
3361         opts.we_mask = QM_INITFQ_WE_DESTWQ | QM_INITFQ_WE_FQCTRL |
3362                        QM_INITFQ_WE_CONTEXTA | QM_INITFQ_WE_CONTEXTB;
3363         qp->outq.cb.dqrr = dqrr_out_fq_cb_rx;
3364         qp->outq.cb.ern  = ern_sec_fq_handler;
3365         qman_retire_fq(&qp->outq, NULL);
3366         qman_oos_fq(&qp->outq);
3367         ret = qman_init_fq(&qp->outq, 0, &opts);
3368         if (ret)
3369                 RTE_LOG(ERR, PMD, "Error in qman_init_fq: ret: %d\n", ret);
3370         qp->outq.cb.dqrr = NULL;
3371
3372         return ret;
3373 }
3374
3375 static struct rte_cryptodev_ops crypto_ops = {
3376         .dev_configure        = dpaa_sec_dev_configure,
3377         .dev_start            = dpaa_sec_dev_start,
3378         .dev_stop             = dpaa_sec_dev_stop,
3379         .dev_close            = dpaa_sec_dev_close,
3380         .dev_infos_get        = dpaa_sec_dev_infos_get,
3381         .queue_pair_setup     = dpaa_sec_queue_pair_setup,
3382         .queue_pair_release   = dpaa_sec_queue_pair_release,
3383         .sym_session_get_size     = dpaa_sec_sym_session_get_size,
3384         .sym_session_configure    = dpaa_sec_sym_session_configure,
3385         .sym_session_clear        = dpaa_sec_sym_session_clear
3386 };
3387
3388 #ifdef RTE_LIB_SECURITY
3389 static const struct rte_security_capability *
3390 dpaa_sec_capabilities_get(void *device __rte_unused)
3391 {
3392         return dpaa_sec_security_cap;
3393 }
3394
3395 static const struct rte_security_ops dpaa_sec_security_ops = {
3396         .session_create = dpaa_sec_security_session_create,
3397         .session_update = NULL,
3398         .session_stats_get = NULL,
3399         .session_destroy = dpaa_sec_security_session_destroy,
3400         .set_pkt_metadata = NULL,
3401         .capabilities_get = dpaa_sec_capabilities_get
3402 };
3403 #endif
3404 static int
3405 dpaa_sec_uninit(struct rte_cryptodev *dev)
3406 {
3407         struct dpaa_sec_dev_private *internals;
3408
3409         if (dev == NULL)
3410                 return -ENODEV;
3411
3412         internals = dev->data->dev_private;
3413         rte_free(dev->security_ctx);
3414
3415         rte_free(internals);
3416
3417         DPAA_SEC_INFO("Closing DPAA_SEC device %s on numa socket %u",
3418                       dev->data->name, rte_socket_id());
3419
3420         return 0;
3421 }
3422
3423 static int
3424 dpaa_sec_dev_init(struct rte_cryptodev *cryptodev)
3425 {
3426         struct dpaa_sec_dev_private *internals;
3427 #ifdef RTE_LIB_SECURITY
3428         struct rte_security_ctx *security_instance;
3429 #endif
3430         struct dpaa_sec_qp *qp;
3431         uint32_t i, flags;
3432         int ret;
3433
3434         PMD_INIT_FUNC_TRACE();
3435
3436         cryptodev->driver_id = cryptodev_driver_id;
3437         cryptodev->dev_ops = &crypto_ops;
3438
3439         cryptodev->enqueue_burst = dpaa_sec_enqueue_burst;
3440         cryptodev->dequeue_burst = dpaa_sec_dequeue_burst;
3441         cryptodev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
3442                         RTE_CRYPTODEV_FF_HW_ACCELERATED |
3443                         RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
3444                         RTE_CRYPTODEV_FF_SECURITY |
3445                         RTE_CRYPTODEV_FF_IN_PLACE_SGL |
3446                         RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
3447                         RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
3448                         RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
3449                         RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
3450
3451         internals = cryptodev->data->dev_private;
3452         internals->max_nb_queue_pairs = RTE_DPAA_MAX_NB_SEC_QPS;
3453         internals->max_nb_sessions = RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS;
3454
3455         /*
3456          * For secondary processes, we don't initialise any further as primary
3457          * has already done this work. Only check we don't need a different
3458          * RX function
3459          */
3460         if (rte_eal_process_type() != RTE_PROC_PRIMARY) {
3461                 DPAA_SEC_WARN("Device already init by primary process");
3462                 return 0;
3463         }
3464 #ifdef RTE_LIB_SECURITY
3465         /* Initialize security_ctx only for primary process*/
3466         security_instance = rte_malloc("rte_security_instances_ops",
3467                                 sizeof(struct rte_security_ctx), 0);
3468         if (security_instance == NULL)
3469                 return -ENOMEM;
3470         security_instance->device = (void *)cryptodev;
3471         security_instance->ops = &dpaa_sec_security_ops;
3472         security_instance->sess_cnt = 0;
3473         cryptodev->security_ctx = security_instance;
3474 #endif
3475         rte_spinlock_init(&internals->lock);
3476         for (i = 0; i < internals->max_nb_queue_pairs; i++) {
3477                 /* init qman fq for queue pair */
3478                 qp = &internals->qps[i];
3479                 ret = dpaa_sec_init_tx(&qp->outq);
3480                 if (ret) {
3481                         DPAA_SEC_ERR("config tx of queue pair  %d", i);
3482                         goto init_error;
3483                 }
3484         }
3485
3486         flags = QMAN_FQ_FLAG_LOCKED | QMAN_FQ_FLAG_DYNAMIC_FQID |
3487                 QMAN_FQ_FLAG_TO_DCPORTAL;
3488         for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
3489                 /* create rx qman fq for sessions*/
3490                 ret = qman_create_fq(0, flags, &internals->inq[i]);
3491                 if (unlikely(ret != 0)) {
3492                         DPAA_SEC_ERR("sec qman_create_fq failed");
3493                         goto init_error;
3494                 }
3495         }
3496
3497         RTE_LOG(INFO, PMD, "%s cryptodev init\n", cryptodev->data->name);
3498         return 0;
3499
3500 init_error:
3501         DPAA_SEC_ERR("driver %s: create failed\n", cryptodev->data->name);
3502
3503         rte_free(cryptodev->security_ctx);
3504         return -EFAULT;
3505 }
3506
3507 static int
3508 cryptodev_dpaa_sec_probe(struct rte_dpaa_driver *dpaa_drv __rte_unused,
3509                                 struct rte_dpaa_device *dpaa_dev)
3510 {
3511         struct rte_cryptodev *cryptodev;
3512         char cryptodev_name[RTE_CRYPTODEV_NAME_MAX_LEN];
3513
3514         int retval;
3515
3516         snprintf(cryptodev_name, sizeof(cryptodev_name), "%s", dpaa_dev->name);
3517
3518         cryptodev = rte_cryptodev_pmd_allocate(cryptodev_name, rte_socket_id());
3519         if (cryptodev == NULL)
3520                 return -ENOMEM;
3521
3522         if (rte_eal_process_type() == RTE_PROC_PRIMARY) {
3523                 cryptodev->data->dev_private = rte_zmalloc_socket(
3524                                         "cryptodev private structure",
3525                                         sizeof(struct dpaa_sec_dev_private),
3526                                         RTE_CACHE_LINE_SIZE,
3527                                         rte_socket_id());
3528
3529                 if (cryptodev->data->dev_private == NULL)
3530                         rte_panic("Cannot allocate memzone for private "
3531                                         "device data");
3532         }
3533
3534         dpaa_dev->crypto_dev = cryptodev;
3535         cryptodev->device = &dpaa_dev->device;
3536
3537         /* init user callbacks */
3538         TAILQ_INIT(&(cryptodev->link_intr_cbs));
3539
3540         /* if sec device version is not configured */
3541         if (!rta_get_sec_era()) {
3542                 const struct device_node *caam_node;
3543
3544                 for_each_compatible_node(caam_node, NULL, "fsl,sec-v4.0") {
3545                         const uint32_t *prop = of_get_property(caam_node,
3546                                         "fsl,sec-era",
3547                                         NULL);
3548                         if (prop) {
3549                                 rta_set_sec_era(
3550                                         INTL_SEC_ERA(rte_cpu_to_be_32(*prop)));
3551                                 break;
3552                         }
3553                 }
3554         }
3555
3556         if (unlikely(!DPAA_PER_LCORE_PORTAL)) {
3557                 retval = rte_dpaa_portal_init((void *)1);
3558                 if (retval) {
3559                         DPAA_SEC_ERR("Unable to initialize portal");
3560                         goto out;
3561                 }
3562         }
3563
3564         /* Invoke PMD device initialization function */
3565         retval = dpaa_sec_dev_init(cryptodev);
3566         if (retval == 0)
3567                 return 0;
3568
3569         retval = -ENXIO;
3570 out:
3571         /* In case of error, cleanup is done */
3572         if (rte_eal_process_type() == RTE_PROC_PRIMARY)
3573                 rte_free(cryptodev->data->dev_private);
3574
3575         rte_cryptodev_pmd_release_device(cryptodev);
3576
3577         return retval;
3578 }
3579
3580 static int
3581 cryptodev_dpaa_sec_remove(struct rte_dpaa_device *dpaa_dev)
3582 {
3583         struct rte_cryptodev *cryptodev;
3584         int ret;
3585
3586         cryptodev = dpaa_dev->crypto_dev;
3587         if (cryptodev == NULL)
3588                 return -ENODEV;
3589
3590         ret = dpaa_sec_uninit(cryptodev);
3591         if (ret)
3592                 return ret;
3593
3594         return rte_cryptodev_pmd_destroy(cryptodev);
3595 }
3596
3597 static struct rte_dpaa_driver rte_dpaa_sec_driver = {
3598         .drv_type = FSL_DPAA_CRYPTO,
3599         .driver = {
3600                 .name = "DPAA SEC PMD"
3601         },
3602         .probe = cryptodev_dpaa_sec_probe,
3603         .remove = cryptodev_dpaa_sec_remove,
3604 };
3605
3606 static struct cryptodev_driver dpaa_sec_crypto_drv;
3607
3608 RTE_PMD_REGISTER_DPAA(CRYPTODEV_NAME_DPAA_SEC_PMD, rte_dpaa_sec_driver);
3609 RTE_PMD_REGISTER_CRYPTO_DRIVER(dpaa_sec_crypto_drv, rte_dpaa_sec_driver.driver,
3610                 cryptodev_driver_id);
3611 RTE_LOG_REGISTER(dpaa_logtype_sec, pmd.crypto.dpaa, NOTICE);