From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <akhil.goyal@nxp.com>
Received: from EUR03-AM5-obe.outbound.protection.outlook.com
 (mail-eopbgr30047.outbound.protection.outlook.com [40.107.3.47])
 by dpdk.org (Postfix) with ESMTP id 86B274CC7
 for <dev@dpdk.org>; Mon, 15 Oct 2018 14:53:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=XONOKgx2DqsFAH5qH9dJ0bVE7MzKNTWDnSyOGQ8hgEI=;
 b=Y8qpaXRgLNNe1ydNShTazCakD2Q/8H7mRc02cvaPU9rcHncIp2iOscshspJPXWEts9+oShNi6YfGxV+6Lu506h7d4f5/VkDOI4g/DDHZA1KkJjUEskLwJGOJ1k/5ZTGOd590AjGHGPTQh9Uj1hwskgnSHWUm79e5Z2+2BFfFpVA=
Received: from VI1PR04MB4893.eurprd04.prod.outlook.com (20.177.49.154) by
 VI1PR04MB1629.eurprd04.prod.outlook.com (10.164.84.151) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1228.23; Mon, 15 Oct 2018 12:53:49 +0000
Received: from VI1PR04MB4893.eurprd04.prod.outlook.com
 ([fe80::cc19:b6c6:27db:3fec]) by VI1PR04MB4893.eurprd04.prod.outlook.com
 ([fe80::cc19:b6c6:27db:3fec%3]) with mapi id 15.20.1228.027; Mon, 15 Oct 2018
 12:53:49 +0000
From: Akhil Goyal <akhil.goyal@nxp.com>
To: "dev@dpdk.org" <dev@dpdk.org>
CC: "pablo.de.lara.guarch@intel.com" <pablo.de.lara.guarch@intel.com>,
 "radu.nicolau@intel.com" <radu.nicolau@intel.com>,
 "jerin.jacob@caviumnetworks.com" <jerin.jacob@caviumnetworks.com>,
 "narayanaprasad.athreya@caviumnetworks.com"
 <narayanaprasad.athreya@caviumnetworks.com>,
 "Shally.Verma@caviumnetworks.com" <Shally.Verma@caviumnetworks.com>,
 "Anoob.Joseph@caviumnetworks.com" <Anoob.Joseph@caviumnetworks.com>,
 "Vidya.Velumuri@caviumnetworks.com" <Vidya.Velumuri@caviumnetworks.com>,
 Hemant Agrawal <hemant.agrawal@nxp.com>, Akhil Goyal <akhil.goyal@nxp.com>
Thread-Topic: [PATCH v4 3/3] crypto/dpaa2_sec: support pdcp offload
Thread-Index: AQHUZIYe2GKoh8onEU2mBlShi+6fFA==
Date: Mon, 15 Oct 2018 12:53:49 +0000
Message-ID: <20181015124858.5562-4-akhil.goyal@nxp.com>
References: <20181005135318.6350-1-akhil.goyal@nxp.com>
 <20181015124858.5562-1-akhil.goyal@nxp.com>
In-Reply-To: <20181015124858.5562-1-akhil.goyal@nxp.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: SG2PR06CA0220.apcprd06.prod.outlook.com
 (2603:1096:4:68::28) To VI1PR04MB4893.eurprd04.prod.outlook.com
 (2603:10a6:803:56::26)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=akhil.goyal@nxp.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [14.143.30.134]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR04MB1629;
 6:XtxQyo6GremfTI8Jba2cmFk0INFOw12tgjF3j4XJ917G/P+WIms6bO2daUBtXDXK+0qBcXYWCSUzM10EtYCKNqkm+eoD92Xy6cTdX3Z8iHISWWxIeVxC5jn+feFHa5w9IpxfnrKhePMu4NGgs6H+VPYKIXS7fRNRlH61klCMunp+/clNah6YSBaR0xd3+Qdg80Lod6Z6mMoVSsrTI+d73oXGiCd52Rk1G/K3LJP0LJSrUAZiR3pWi5dD2Y52oUbtrHneCZFBHiKxXcwYTWupSq7UviMo3Bj+tP+gcHXhXDxryVMQJc0OqXOSQd8krSwVwBauiW9waMAxl0+UZeGl31OAb8p+DZzPRtdKj6KHzsDuRJ+4W0Y84Ncdfhxhax6Tk9ZOIJYYytBPBPMI6+RWy5WTwPOinGhmi3GF/ge+8kiRHED6HABHFZEQApE4AURFnKWrRGTnUi6LkWBEYw6qEA==;
 5:cHUgrJJ/9Y82hymT+j5Od/VVBiyJAxvP+/vqIx5GUC4V8JUcV+09s80IcKTt6tPgU2PMyOfjOT87634g0iSZy+uEwjzD38aMAZgWw2HCC3cGClwdMjBs8jh4H77jURRTyNfrFL4Cuygi0V2JBwQH35uWlhYmV6ScX2m+QfnadSc=;
 7:iPxZzOeLT30xGDA1f6MXdi//clxTUEU7K3l3rijfxYdZAytnDWIq7QaM+CKLeZ8kGn1FPt/Y79wXhROTBtV7lFX2RtGstuVx8Qn2dBXOG0XEMD6T0qxpIxYucqB7lB31bJ3kFC711KwF5kFU6Pg167YOHu2riVasT7rSbW7tQdRgTym2Y2+h6J3hmoRC/shj9UwkBs8u/5TDmryZPRzCKJY7EnUJ0Aknlg8v7BzkxjK8oZkA5r6Yi4QJjkYDkMgj
x-ms-office365-filtering-correlation-id: a8e489cc-4469-4e8a-3e0b-08d6329d4086
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020);
 SRVR:VI1PR04MB1629; 
x-ms-traffictypediagnostic: VI1PR04MB1629:
x-microsoft-antispam-prvs: <VI1PR04MB1629C3358AE4A66CC4019E5FE6FD0@VI1PR04MB1629.eurprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(269456686620040)(163750095850)(185117386973197); 
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123560045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(201708071742011)(7699051);
 SRVR:VI1PR04MB1629; BCL:0; PCL:0; RULEID:; SRVR:VI1PR04MB1629; 
x-forefront-prvs: 0826B2F01B
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(366004)(136003)(346002)(39860400002)(396003)(376002)(199004)(189003)(99286004)(26005)(25786009)(68736007)(55236004)(8936002)(53936002)(102836004)(4744004)(386003)(6506007)(66066001)(76176011)(478600001)(52116002)(14454004)(106356001)(2351001)(316002)(105586002)(2900100001)(5640700003)(6512007)(81156014)(8676002)(1730700003)(81166006)(71200400001)(71190400001)(305945005)(7736002)(6486002)(54906003)(6436002)(5660300001)(2616005)(2501003)(6916009)(476003)(486006)(97736004)(11346002)(446003)(6116002)(2906002)(14444005)(1076002)(256004)(4326008)(5250100002)(36756003)(44832011)(86362001)(3846002)(186003);
 DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR04MB1629;
 H:VI1PR04MB4893.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-microsoft-antispam-message-info: iUnfR2idACMSyxly6iX53Tafmw9h7lk+UqXR7fitsuFOZqznWmzceov02LXjSqMxwNWgfyslkKlbJhGhZx+G5HhBHTptFfKBysHQtKQIfKUxeRfP4lFDyBzoDiuA9WwbY1zPfOyir9Vx9IKi0bjKRp2AHGdfP2C/gtJ4OoJXwabMxmqefQtomIUYYl68DfvSWlLfdyP+S4FNd+SRFG/euT/OLGynL1/gzcpA5Ysu8t70JAlyTJ42usWrVzHuHf0JSE+bfRpdjtCFa7nCs0O06LowhsVCjlTWIxk91Uw7GkOp1BjFO/d/lML/nfNzd3d/vXU8q+mbI/o08mmQCoHEOYsaRAIFIgCN2dWi5hH2qVE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a8e489cc-4469-4e8a-3e0b-08d6329d4086
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2018 12:53:49.7110 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB1629
Subject: [dpdk-dev] [PATCH v4 3/3] crypto/dpaa2_sec: support pdcp offload
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Oct 2018 12:53:52 -0000

From: Akhil Goyal <akhil.goyal@nxp.com>

PDCP session configuration for lookaside protocol offload
and data path is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 257 ++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   | 208 +++++++++++++++-
 2 files changed, 457 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/d=
paa2_sec/dpaa2_sec_dpseci.c
index 0336d5f4b..fe769a932 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -35,6 +35,7 @@ typedef uint64_t	dma_addr_t;
=20
 /* RTA header files */
 #include <hw/desc/ipsec.h>
+#include <hw/desc/pdcp.h>
 #include <hw/desc/algo.h>
=20
 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
@@ -74,6 +75,9 @@ build_proto_compound_fd(dpaa2_sec_session *sess,
 	struct rte_mbuf *dst_mbuf =3D sym_op->m_dst;
 	int retval;
=20
+	if (!dst_mbuf)
+		dst_mbuf =3D src_mbuf;
+
 	/* Save the shared descriptor */
 	flc =3D &priv->flc_desc[0].flc;
=20
@@ -118,6 +122,15 @@ build_proto_compound_fd(dpaa2_sec_session *sess,
 	DPAA2_SET_FD_LEN(fd, ip_fle->length);
 	DPAA2_SET_FLE_FIN(ip_fle);
=20
+#ifdef ENABLE_HFN_OVERRIDE
+	if (sess->ctxt_type =3D=3D DPAA2_SEC_PDCP && sess->pdcp.hfn_ovd) {
+		/*enable HFN override override */
+		DPAA2_SET_FLE_INTERNAL_JD(ip_fle, sess->pdcp.hfn_ovd);
+		DPAA2_SET_FLE_INTERNAL_JD(op_fle, sess->pdcp.hfn_ovd);
+		DPAA2_SET_FD_INTERNAL_JD(fd, sess->pdcp.hfn_ovd);
+	}
+#endif
+
 	return 0;
=20
 }
@@ -1188,6 +1201,9 @@ build_sec_fd(struct rte_crypto_op *op,
 		case DPAA2_SEC_IPSEC:
 			ret =3D build_proto_fd(sess, op, fd, bpid);
 			break;
+		case DPAA2_SEC_PDCP:
+			ret =3D build_proto_compound_fd(sess, op, fd, bpid);
+			break;
 		case DPAA2_SEC_HASH_CIPHER:
 		default:
 			DPAA2_SEC_ERR("error: Unsupported session");
@@ -2551,6 +2567,243 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *d=
ev,
 	return ret;
 }
=20
+static int
+dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
+			   struct rte_security_session_conf *conf,
+			   void *sess)
+{
+	struct rte_security_pdcp_xform *pdcp_xform =3D &conf->pdcp;
+	struct rte_crypto_sym_xform *xform =3D conf->crypto_xform;
+	struct rte_crypto_auth_xform *auth_xform =3D NULL;
+	struct rte_crypto_cipher_xform *cipher_xform;
+	dpaa2_sec_session *session =3D (dpaa2_sec_session *)sess;
+	struct ctxt_priv *priv;
+	struct dpaa2_sec_dev_private *dev_priv =3D dev->data->dev_private;
+	struct alginfo authdata, cipherdata;
+	int bufsize =3D -1;
+	struct sec_flow_context *flc;
+#if RTE_BYTE_ORDER =3D=3D RTE_BIG_ENDIAN
+	int swap =3D true;
+#else
+	int swap =3D false;
+#endif
+
+	PMD_INIT_FUNC_TRACE();
+
+	memset(session, 0, sizeof(dpaa2_sec_session));
+
+	priv =3D (struct ctxt_priv *)rte_zmalloc(NULL,
+				sizeof(struct ctxt_priv) +
+				sizeof(struct sec_flc_desc),
+				RTE_CACHE_LINE_SIZE);
+
+	if (priv =3D=3D NULL) {
+		DPAA2_SEC_ERR("No memory for priv CTXT");
+		return -ENOMEM;
+	}
+
+	priv->fle_pool =3D dev_priv->fle_pool;
+	flc =3D &priv->flc_desc[0].flc;
+
+	/* find xfrm types */
+	if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next =3D=3D =
NULL) {
+		cipher_xform =3D &xform->cipher;
+	} else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER &&
+		   xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) {
+		session->ext_params.aead_ctxt.auth_cipher_text =3D true;
+		cipher_xform =3D &xform->cipher;
+		auth_xform =3D &xform->next->auth;
+	} else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH &&
+		   xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) {
+		session->ext_params.aead_ctxt.auth_cipher_text =3D false;
+		cipher_xform =3D &xform->next->cipher;
+		auth_xform =3D &xform->auth;
+	} else {
+		DPAA2_SEC_ERR("Invalid crypto type");
+		return -EINVAL;
+	}
+
+	session->ctxt_type =3D DPAA2_SEC_PDCP;
+	if (cipher_xform) {
+		session->cipher_key.data =3D rte_zmalloc(NULL,
+					       cipher_xform->key.length,
+					       RTE_CACHE_LINE_SIZE);
+		if (session->cipher_key.data =3D=3D NULL &&
+				cipher_xform->key.length > 0) {
+			DPAA2_SEC_ERR("No Memory for cipher key");
+			rte_free(priv);
+			return -ENOMEM;
+		}
+		session->cipher_key.length =3D cipher_xform->key.length;
+		memcpy(session->cipher_key.data, cipher_xform->key.data,
+			cipher_xform->key.length);
+		session->dir =3D (cipher_xform->op =3D=3D RTE_CRYPTO_CIPHER_OP_ENCRYPT) =
?
+					DIR_ENC : DIR_DEC;
+		session->cipher_alg =3D cipher_xform->algo;
+	} else {
+		session->cipher_key.data =3D NULL;
+		session->cipher_key.length =3D 0;
+		session->cipher_alg =3D RTE_CRYPTO_CIPHER_NULL;
+		session->dir =3D DIR_ENC;
+	}
+
+	session->pdcp.domain =3D pdcp_xform->domain;
+	session->pdcp.bearer =3D pdcp_xform->bearer;
+	session->pdcp.pkt_dir =3D pdcp_xform->pkt_dir;
+	session->pdcp.sn_size =3D pdcp_xform->sn_size;
+#ifdef ENABLE_HFN_OVERRIDE
+	session->pdcp.hfn_ovd =3D pdcp_xform->hfn_ovd;
+#endif
+	session->pdcp.hfn =3D pdcp_xform->hfn;
+	session->pdcp.hfn_threshold =3D pdcp_xform->hfn_threshold;
+
+	cipherdata.key =3D (size_t)session->cipher_key.data;
+	cipherdata.keylen =3D session->cipher_key.length;
+	cipherdata.key_enc_flags =3D 0;
+	cipherdata.key_type =3D RTA_DATA_IMM;
+
+	switch (session->cipher_alg) {
+	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_SNOW;
+		break;
+	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_ZUC;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_AES;
+		break;
+	case RTE_CRYPTO_CIPHER_NULL:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_NULL;
+		break;
+	default:
+		DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %u",
+			      session->cipher_alg);
+		goto out;
+	}
+
+	/* Auth is only applicable for control mode operation. */
+	if (pdcp_xform->domain =3D=3D RTE_SECURITY_PDCP_MODE_CONTROL) {
+		if (pdcp_xform->sn_size !=3D RTE_SECURITY_PDCP_SN_SIZE_5) {
+			DPAA2_SEC_ERR(
+				"PDCP Seq Num size should be 5 bits for cmode");
+			goto out;
+		}
+		if (auth_xform) {
+			session->auth_key.data =3D rte_zmalloc(NULL,
+							auth_xform->key.length,
+							RTE_CACHE_LINE_SIZE);
+			if (session->auth_key.data =3D=3D NULL &&
+					auth_xform->key.length > 0) {
+				DPAA2_SEC_ERR("No Memory for auth key");
+				rte_free(session->cipher_key.data);
+				rte_free(priv);
+				return -ENOMEM;
+			}
+			session->auth_key.length =3D auth_xform->key.length;
+			memcpy(session->auth_key.data, auth_xform->key.data,
+					auth_xform->key.length);
+			session->auth_alg =3D auth_xform->algo;
+		} else {
+			session->auth_key.data =3D NULL;
+			session->auth_key.length =3D 0;
+			session->auth_alg =3D RTE_CRYPTO_AUTH_NULL;
+		}
+		authdata.key =3D (size_t)session->auth_key.data;
+		authdata.keylen =3D session->auth_key.length;
+		authdata.key_enc_flags =3D 0;
+		authdata.key_type =3D RTA_DATA_IMM;
+
+		switch (session->auth_alg) {
+		case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
+			authdata.algtype =3D PDCP_AUTH_TYPE_SNOW;
+			break;
+		case RTE_CRYPTO_AUTH_ZUC_EIA3:
+			authdata.algtype =3D PDCP_AUTH_TYPE_ZUC;
+			break;
+		case RTE_CRYPTO_AUTH_AES_CMAC:
+			authdata.algtype =3D PDCP_AUTH_TYPE_AES;
+			break;
+		case RTE_CRYPTO_AUTH_NULL:
+			authdata.algtype =3D PDCP_AUTH_TYPE_NULL;
+			break;
+		default:
+			DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
+				      session->auth_alg);
+			goto out;
+		}
+
+		if (session->dir =3D=3D DIR_ENC)
+			bufsize =3D cnstr_shdsc_pdcp_c_plane_encap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, &authdata,
+					0);
+		else if (session->dir =3D=3D DIR_DEC)
+			bufsize =3D cnstr_shdsc_pdcp_c_plane_decap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, &authdata,
+					0);
+	} else {
+		if (session->dir =3D=3D DIR_ENC)
+			bufsize =3D cnstr_shdsc_pdcp_u_plane_encap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->sn_size,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, 0);
+		else if (session->dir =3D=3D DIR_DEC)
+			bufsize =3D cnstr_shdsc_pdcp_u_plane_decap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->sn_size,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, 0);
+	}
+
+	if (bufsize < 0) {
+		DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+		goto out;
+	}
+
+	/* Enable the stashing control bit */
+	DPAA2_SET_FLC_RSC(flc);
+	flc->word2_rflc_31_0 =3D lower_32_bits(
+			(size_t)&(((struct dpaa2_sec_qp *)
+			dev->data->queue_pairs[0])->rx_vq) | 0x14);
+	flc->word3_rflc_63_32 =3D upper_32_bits(
+			(size_t)&(((struct dpaa2_sec_qp *)
+			dev->data->queue_pairs[0])->rx_vq));
+
+	flc->word1_sdl =3D (uint8_t)bufsize;
+
+	/* Set EWS bit i.e. enable write-safe */
+	DPAA2_SET_FLC_EWS(flc);
+	/* Set BS =3D 1 i.e reuse input buffers as output buffers */
+	DPAA2_SET_FLC_REUSE_BS(flc);
+	/* Set FF =3D 10; reuse input buffers if they provide sufficient space */
+	DPAA2_SET_FLC_REUSE_FF(flc);
+
+	session->ctxt =3D priv;
+
+	return 0;
+out:
+	rte_free(session->auth_key.data);
+	rte_free(session->cipher_key.data);
+	rte_free(priv);
+	return -1;
+}
+
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
@@ -2573,6 +2826,10 @@ dpaa2_sec_security_session_create(void *dev,
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
+	case RTE_SECURITY_PROTOCOL_PDCP:
+		ret =3D dpaa2_sec_set_pdcp_session(cdev, conf,
+				sess_private_data);
+		break;
 	default:
 		return -EINVAL;
 	}
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpa=
a2_sec/dpaa2_sec_priv.h
index bce9633c0..51751103d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -137,6 +137,19 @@ struct dpaa2_sec_aead_ctxt {
 	uint8_t auth_cipher_text;       /**< Authenticate/cipher ordering */
 };
=20
+/*
+ * The structure is to be filled by user for PDCP Protocol
+ */
+struct dpaa2_pdcp_ctxt {
+	enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
+	int8_t bearer;	/*!< PDCP bearer ID */
+	int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
+	int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
+	uint32_t hfn;	/*!< Hyper Frame Number */
+	uint32_t hfn_threshold;	/*!< HFN Threashold for key renegotiation */
+	uint8_t sn_size;	/*!< Sequence number size, 7/12/15 */
+};
+
 typedef struct dpaa2_sec_session_entry {
 	void *ctxt;
 	uint8_t ctxt_type;
@@ -160,15 +173,20 @@ typedef struct dpaa2_sec_session_entry {
 			} auth_key;
 		};
 	};
-	struct {
-		uint16_t length; /**< IV length in bytes */
-		uint16_t offset; /**< IV offset in bytes */
-	} iv;
-	uint16_t digest_length;
-	uint8_t status;
 	union {
-		struct dpaa2_sec_aead_ctxt aead_ctxt;
-	} ext_params;
+		struct {
+			struct {
+				uint16_t length; /**< IV length in bytes */
+				uint16_t offset; /**< IV offset in bytes */
+			} iv;
+			uint16_t digest_length;
+			uint8_t status;
+			union {
+				struct dpaa2_sec_aead_ctxt aead_ctxt;
+			} ext_params;
+		};
+		struct dpaa2_pdcp_ctxt pdcp;
+	};
 } dpaa2_sec_session;
=20
 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] =
=3D {
@@ -392,6 +410,162 @@ static const struct rte_cryptodev_capabilities dpaa2_=
sec_capabilities[] =3D {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
=20
+static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] =
=3D {
+	{	/* SNOW 3G (UIA2) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth =3D {
+				.algo =3D RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.digest_size =3D {
+					.min =3D 4,
+					.max =3D 4,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SNOW 3G (UEA2) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* AES CTR */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_AES_CTR,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 32,
+					.increment =3D 8
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* NULL (AUTH) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth =3D {
+				.algo =3D RTE_CRYPTO_AUTH_NULL,
+				.block_size =3D 1,
+				.key_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				},
+				.digest_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				},
+				.iv_size =3D { 0 }
+			}, },
+		}, },
+	},
+	{	/* NULL (CIPHER) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_NULL,
+				.block_size =3D 1,
+				.key_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				}
+			}, },
+		}, }
+	},
+	{	/* ZUC (EEA3) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_ZUC_EEA3,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* ZUC (EIA3) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth =3D {
+				.algo =3D RTE_CRYPTO_AUTH_ZUC_EIA3,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.digest_size =3D {
+					.min =3D 4,
+					.max =3D 4,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+
+	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
 static const struct rte_security_capability dpaa2_sec_security_cap[] =3D {
 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
 		.action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
@@ -415,6 +589,24 @@ static const struct rte_security_capability dpaa2_sec_=
security_cap[] =3D {
 		},
 		.crypto_capabilities =3D dpaa2_sec_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Data */
+		.action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol =3D RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp =3D {
+			.domain =3D RTE_SECURITY_PDCP_MODE_DATA,
+			.capa_flags =3D 0
+		},
+		.crypto_capabilities =3D dpaa2_pdcp_capabilities
+	},
+	{ /* PDCP Lookaside Protocol offload Control */
+		.action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol =3D RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp =3D {
+			.domain =3D RTE_SECURITY_PDCP_MODE_CONTROL,
+			.capa_flags =3D 0
+		},
+		.crypto_capabilities =3D dpaa2_pdcp_capabilities
+	},
 	{
 		.action =3D RTE_SECURITY_ACTION_TYPE_NONE
 	}
--=20
2.17.1