From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3511BA034E;
	Thu,  7 Nov 2019 09:48:10 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 893101E945;
	Thu,  7 Nov 2019 09:48:09 +0100 (CET)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com
 (mail-eopbgr60059.outbound.protection.outlook.com [40.107.6.59])
 by dpdk.org (Postfix) with ESMTP id D7C9D1E942
 for <dev@dpdk.org>; Thu,  7 Nov 2019 09:48:08 +0100 (CET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=In4whBem7c7PF57YKuSq6E64BrdXEgyAz3Oz95AFGia0rnIkTxkSriIBcrqjx7LZ8HSdrjzFbEpus3m8i8aoyHXLcakgGEHsg1s39rey/AwqW+fG2UhJoshXwHEk1vhhmCCQvK4RedS5Nh17Y7xGlAtogg10GVHqDG8x3IyHp4ISNedPrMb08YnXQmoQoucB6A0XPrMcKCFSx1n3aYj/M0JqCkP78Yi16FRSvUuxeIbV+7Nt7bVEUQPh7vBf5OjYqOtnAv0/gSS9aY8aHYhXurQNjToIfImVIUQotLcTRzUX0MavJ7FfKTP/6Ey/AIfT1DP/nHwLB0km9ofonvkDUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=oWlg9fPsIuOIN5iuVPesiy/8BGMWc33O5ByyrU1f9F8=;
 b=nBY3hJkzAxulHr1rWLExcBG8QMPl9yeBoOgp/nUrjN7LTlvs1bn6eYBEypUebotIY+wZeU0lCVRs7U+IHrQAlDJxZaynQ3fvJiDzkgLIsp9fqgrd7wXfFRJvyGQXNsbtVTwf5vD4Ko2i/UNUN2ZsJKgWgTUMVmjfBDZciE2BgKfP7DO3gAiLTWqS26T94rmPVW706aLBBeTQMYIifAlLpODzvfzGCb5m2H9845pWEnc91jkc3AwZU1uXj/YVt48rGTBttx+Ax6PmJob+Sm6LybgW7Q6JcvIFThOrx4SkfvJ527KbChGa6Wc2VDPfcvPnT80MOYfF5MzvWi9UderI4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass
 header.d=nxp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=oWlg9fPsIuOIN5iuVPesiy/8BGMWc33O5ByyrU1f9F8=;
 b=G0eu3FJifiuitcysC9jBUn7eXuZyQrhaiCIt5vFnhlkX7Vzip7dFovdPC+FRsb2PWZ6ZUgkj7+jVbxOIzPWAJCT60cMxSbIpNc9ntO8q1YddLFjJh7lR9qgfY/xVKvoe/l6UPEXOzi+AqP0qb1sQs4kbWbsncQq+fFmqw/9goMA=
Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com (10.168.62.139) by
 VI1PR0401MB2463.eurprd04.prod.outlook.com (10.168.61.13) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2430.20; Thu, 7 Nov 2019 08:48:07 +0000
Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com
 ([fe80::7012:936f:53fb:f7b6]) by VI1PR0401MB2541.eurprd04.prod.outlook.com
 ([fe80::7012:936f:53fb:f7b6%5]) with mapi id 15.20.2430.020; Thu, 7 Nov 2019
 08:48:07 +0000
From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: Hemant Agrawal <hemant.agrawal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: Akhil Goyal <akhil.goyal@nxp.com>
Thread-Topic: [dpdk-dev] [PATCH v3 07/13] crypto/dpaa_sec: add AES-GCM support
 for lookaside case
Thread-Index: AQHVlGIMUBMaP9FwQ0moFkDn7NciYqd/ZvJg
Date: Thu, 7 Nov 2019 08:48:07 +0000
Message-ID: <VI1PR0401MB2541DB8BB078F3B6E02B2A7189780@VI1PR0401MB2541.eurprd04.prod.outlook.com>
References: <20191101175141.4663-1-hemant.agrawal@nxp.com>
 <20191106051731.3625-1-hemant.agrawal@nxp.com>
 <20191106051731.3625-7-hemant.agrawal@nxp.com>
In-Reply-To: <20191106051731.3625-7-hemant.agrawal@nxp.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=hemant.agrawal@nxp.com; 
x-originating-ip: [92.121.36.197]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 6687e64f-101e-4ba2-ad57-08d7635f3626
x-ms-traffictypediagnostic: VI1PR0401MB2463:|VI1PR0401MB2463:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <VI1PR0401MB2463D0C9CEE3B9D7BAD4170089780@VI1PR0401MB2463.eurprd04.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:747;
x-forefront-prvs: 0214EB3F68
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(366004)(136003)(376002)(346002)(396003)(39850400004)(13464003)(199004)(189003)(6436002)(256004)(7696005)(4326008)(6506007)(30864003)(7736002)(305945005)(44832011)(316002)(53546011)(99286004)(102836004)(186003)(5660300002)(478600001)(26005)(52536014)(76176011)(110136005)(25786009)(6246003)(55016002)(14444005)(8936002)(33656002)(81156014)(11346002)(81166006)(66066001)(446003)(6116002)(64756008)(229853002)(66446008)(76116006)(66946007)(66476007)(3846002)(2501003)(71200400001)(71190400001)(66556008)(74316002)(486006)(476003)(14454004)(2906002)(86362001)(9686003);
 DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2463;
 H:VI1PR0401MB2541.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FKrLcAj1kEADg6RJVJ5zzZL5hbLCIpqGGS7RQkhHkuMswSZxx+7B0N2gLIy9K/yzr+/CRXw4CrQejrc9ac31AawAEINv3NsPFkdhDf2YNExg/OfpdfxCPFtyC5YMR7h4+MrXjOe6+RIptQqv9yzn8l9VRHDSd58oPkxjjNGDh4ilKJ82gq4GvxrL0M/RAuaEIi8Q8hYfBgYYDVACXKC4zXXXu6M5+71zR40SRj3x09oYoFM0ov+CFE8IM16B/vqWsf6+uoe3H5tGTDEZqqJtPQv29j1V9M8zs7N8LQWTIfURhAZ4Z3vv9RNPnkmXpFr8ldO5l55L/YvAJuvPmjpJiqeeHHtw7cn8ISj8sMSUbZVtUFK0bCbeGCwUdrE6X1SecmOF8QbwNEAU0d9TylqkUKYFq7W0VeME4eSEpHDnHvQMHJ5/zu+ojKgdd7xfQ11H
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6687e64f-101e-4ba2-ad57-08d7635f3626
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2019 08:48:07.5882 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kKDjXeKiu0cC9njApLvbsdQFgrx1RnUdlPLv6uEqQE9kDc3/Z2JM7zhUfImVGNODhb7dKM3H/njE90FHXyRhbQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2463
Subject: Re: [dpdk-dev] [PATCH v3 07/13] crypto/dpaa_sec: add AES-GCM
	support	for lookaside case
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Akhil,
=09

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Hemant Agrawal
> Sent: Wednesday, November 6, 2019 10:47 AM
> To: dev@dpdk.org
> Cc: Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [dpdk-dev] [PATCH v3 07/13] crypto/dpaa_sec: add AES-GCM
> support for lookaside case
>=20
> This patch add support for AES-128-GCM, when used in proto lookaside
> mode.
>=20
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
>  drivers/crypto/dpaa_sec/dpaa_sec.c | 309 ++++++++++++++++++++---------
>  1 file changed, 211 insertions(+), 98 deletions(-)
>=20
> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
> b/drivers/crypto/dpaa_sec/dpaa_sec.c
> index 0ef17ee00..27a31d065 100644
> --- a/drivers/crypto/dpaa_sec/dpaa_sec.c
> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
> @@ -382,12 +382,14 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session
> *ses)
>  	cipherdata.algtype =3D ses->cipher_key.alg;
>  	cipherdata.algmode =3D ses->cipher_key.algmode;
>=20
> -	authdata.key =3D (size_t)ses->auth_key.data;
> -	authdata.keylen =3D ses->auth_key.length;
> -	authdata.key_enc_flags =3D 0;
> -	authdata.key_type =3D RTA_DATA_IMM;
> -	authdata.algtype =3D ses->auth_key.alg;
> -	authdata.algmode =3D ses->auth_key.algmode;
> +	if (ses->auth_key.length) {
> +		authdata.key =3D (size_t)ses->auth_key.data;
> +		authdata.keylen =3D ses->auth_key.length;
> +		authdata.key_enc_flags =3D 0;
> +		authdata.key_type =3D RTA_DATA_IMM;
> +		authdata.algtype =3D ses->auth_key.alg;
> +		authdata.algmode =3D ses->auth_key.algmode;
> +	}
>=20
>  	cdb->sh_desc[0] =3D cipherdata.keylen;
>  	cdb->sh_desc[1] =3D authdata.keylen;
> @@ -2523,33 +2525,76 @@ dpaa_sec_sym_session_clear(struct
> rte_cryptodev *dev,
>=20
>  #ifdef RTE_LIBRTE_SECURITY
>  static int
> -dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> -			   struct rte_security_session_conf *conf,
> -			   void *sess)
> +dpaa_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
> +			struct rte_security_ipsec_xform *ipsec_xform,
> +			dpaa_sec_session *session)
>  {
> -	struct dpaa_sec_dev_private *internals =3D dev->data->dev_private;
> -	struct rte_security_ipsec_xform *ipsec_xform =3D &conf->ipsec;
> -	struct rte_crypto_auth_xform *auth_xform =3D NULL;
> -	struct rte_crypto_cipher_xform *cipher_xform =3D NULL;
> -	dpaa_sec_session *session =3D (dpaa_sec_session *)sess;
> -	uint32_t i;
> -
>  	PMD_INIT_FUNC_TRACE();
>=20
> -	memset(session, 0, sizeof(dpaa_sec_session));
> -	if (ipsec_xform->direction =3D=3D
> RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
> -		cipher_xform =3D &conf->crypto_xform->cipher;
> -		if (conf->crypto_xform->next)
> -			auth_xform =3D &conf->crypto_xform->next->auth;
> -	} else {
> -		auth_xform =3D &conf->crypto_xform->auth;
> -		if (conf->crypto_xform->next)
> -			cipher_xform =3D &conf->crypto_xform->next-
> >cipher;
> +	session->aead_key.data =3D rte_zmalloc(NULL, aead_xform-
> >key.length,
> +					       RTE_CACHE_LINE_SIZE);
> +	if (session->aead_key.data =3D=3D NULL && aead_xform->key.length >
> 0) {
> +		DPAA_SEC_ERR("No Memory for aead key");
> +		return -1;
>  	}
> -	session->proto_alg =3D conf->protocol;
> -	session->ctxt =3D DPAA_SEC_IPSEC;
> +	memcpy(session->aead_key.data, aead_xform->key.data,
> +	       aead_xform->key.length);
> +
> +	session->digest_length =3D aead_xform->digest_length;
> +	session->aead_key.length =3D aead_xform->key.length;
> +
> +	switch (aead_xform->algo) {
> +	case RTE_CRYPTO_AEAD_AES_GCM:
> +		switch (session->digest_length) {
> +		case 8:
> +			session->aead_key.alg =3D OP_PCL_IPSEC_AES_GCM8;
> +			break;
> +		case 12:
> +			session->aead_key.alg =3D
> OP_PCL_IPSEC_AES_GCM12;
> +			break;
> +		case 16:
> +			session->aead_key.alg =3D
> OP_PCL_IPSEC_AES_GCM16;
> +			break;
> +		default:
> +			DPAA_SEC_ERR("Crypto: Undefined GCM digest
> %d",
> +				     session->digest_length);
> +			return -1;
> +		}
> +		if (session->dir =3D=3D DIR_ENC) {
> +			memcpy(session->encap_pdb.gcm.salt,
> +				(uint8_t *)&(ipsec_xform->salt), 4);
> +		} else {
> +			memcpy(session->decap_pdb.gcm.salt,
> +				(uint8_t *)&(ipsec_xform->salt), 4);
> +		}
> +		session->aead_key.algmode =3D OP_ALG_AAI_GCM;
> +		session->aead_alg =3D RTE_CRYPTO_AEAD_AES_GCM;
> +		break;


[Hemant] There is a merge error. I see that you have already applied it.=20
Can you remove following line from the patch.
>>> start here.
> +		if (session->dir =3D=3D DIR_ENC) {
> +			/* todo CCM salt length is 3 bytes, left shift 8 bits */
> +			memcpy(session->encap_pdb.ccm.salt,
> +				(uint8_t *)&(ipsec_xform->salt), 4);
> +		} else {
> +			memcpy(session->decap_pdb.ccm.salt,
> +				(uint8_t *)&(ipsec_xform->salt), 4);
> +		}
> +		session->aead_key.algmode =3D OP_ALG_AAI_CCM;
> +		session->aead_alg =3D RTE_CRYPTO_AEAD_AES_CCM;
> +		break;
>>> end here.

> +	default:
> +		DPAA_SEC_ERR("Crypto: Undefined AEAD specified %u",
> +			      aead_xform->algo);
> +		return -1;
> +	}
> +	return 0;
> +}
>=20
> -	if (cipher_xform && cipher_xform->algo !=3D
> RTE_CRYPTO_CIPHER_NULL) {
> +static int
> +dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform
> *cipher_xform,
> +	struct rte_crypto_auth_xform *auth_xform,
> +	dpaa_sec_session *session)
> +{
> +	if (cipher_xform) {
>  		session->cipher_key.data =3D rte_zmalloc(NULL,
>  						       cipher_xform-
> >key.length,
>  						       RTE_CACHE_LINE_SIZE);
> @@ -2558,31 +2603,10 @@ dpaa_sec_set_ipsec_session(__rte_unused
> struct rte_cryptodev *dev,
>  			DPAA_SEC_ERR("No Memory for cipher key");
>  			return -ENOMEM;
>  		}
> +
> +		session->cipher_key.length =3D cipher_xform->key.length;
>  		memcpy(session->cipher_key.data, cipher_xform-
> >key.data,
>  				cipher_xform->key.length);
> -		session->cipher_key.length =3D cipher_xform->key.length;
> -
> -		switch (cipher_xform->algo) {
> -		case RTE_CRYPTO_CIPHER_NULL:
> -			session->cipher_key.alg =3D OP_PCL_IPSEC_NULL;
> -			break;
> -		case RTE_CRYPTO_CIPHER_AES_CBC:
> -			session->cipher_key.alg =3D OP_PCL_IPSEC_AES_CBC;
> -			session->cipher_key.algmode =3D OP_ALG_AAI_CBC;
> -			break;
> -		case RTE_CRYPTO_CIPHER_3DES_CBC:
> -			session->cipher_key.alg =3D OP_PCL_IPSEC_3DES;
> -			session->cipher_key.algmode =3D OP_ALG_AAI_CBC;
> -			break;
> -		case RTE_CRYPTO_CIPHER_AES_CTR:
> -			session->cipher_key.alg =3D OP_PCL_IPSEC_AES_CTR;
> -			session->cipher_key.algmode =3D OP_ALG_AAI_CTR;
> -			break;
> -		default:
> -			DPAA_SEC_ERR("Crypto: Unsupported Cipher alg
> %u",
> -				cipher_xform->algo);
> -			goto out;
> -		}
>  		session->cipher_alg =3D cipher_xform->algo;
>  	} else {
>  		session->cipher_key.data =3D NULL;
> @@ -2590,54 +2614,18 @@ dpaa_sec_set_ipsec_session(__rte_unused
> struct rte_cryptodev *dev,
>  		session->cipher_alg =3D RTE_CRYPTO_CIPHER_NULL;
>  	}
>=20
> -	if (auth_xform && auth_xform->algo !=3D RTE_CRYPTO_AUTH_NULL) {
> +	if (auth_xform) {
>  		session->auth_key.data =3D rte_zmalloc(NULL,
>  						auth_xform->key.length,
>  						RTE_CACHE_LINE_SIZE);
>  		if (session->auth_key.data =3D=3D NULL &&
>  				auth_xform->key.length > 0) {
>  			DPAA_SEC_ERR("No Memory for auth key");
> -			rte_free(session->cipher_key.data);
>  			return -ENOMEM;
>  		}
> +		session->auth_key.length =3D auth_xform->key.length;
>  		memcpy(session->auth_key.data, auth_xform->key.data,
>  				auth_xform->key.length);
> -		session->auth_key.length =3D auth_xform->key.length;
> -
> -		switch (auth_xform->algo) {
> -		case RTE_CRYPTO_AUTH_NULL:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_NULL;
> -			session->digest_length =3D 0;
> -			break;
> -		case RTE_CRYPTO_AUTH_MD5_HMAC:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_MD5_96;
> -			session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> -			break;
> -		case RTE_CRYPTO_AUTH_SHA1_HMAC:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA1_96;
> -			session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> -			break;
> -		case RTE_CRYPTO_AUTH_SHA224_HMAC:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA1_160;
> -			session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> -			break;
> -		case RTE_CRYPTO_AUTH_SHA256_HMAC:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA2_256_128;
> -			session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> -			break;
> -		case RTE_CRYPTO_AUTH_SHA384_HMAC:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA2_384_192;
> -			session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> -			break;
> -		case RTE_CRYPTO_AUTH_SHA512_HMAC:
> -			session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA2_512_256;
> -			session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> -			break;
> -		default:
> -			DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> -				auth_xform->algo);
> -			goto out;
> -		}
>  		session->auth_alg =3D auth_xform->algo;
>  	} else {
>  		session->auth_key.data =3D NULL;
> @@ -2645,12 +2633,142 @@ dpaa_sec_set_ipsec_session(__rte_unused
> struct rte_cryptodev *dev,
>  		session->auth_alg =3D RTE_CRYPTO_AUTH_NULL;
>  	}
>=20
> +	switch (session->auth_alg) {
> +	case RTE_CRYPTO_AUTH_SHA1_HMAC:
> +		session->auth_key.alg =3D OP_PCL_IPSEC_HMAC_SHA1_96;
> +		session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> +		break;
> +	case RTE_CRYPTO_AUTH_MD5_HMAC:
> +		session->auth_key.alg =3D OP_PCL_IPSEC_HMAC_MD5_96;
> +		session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> +		break;
> +	case RTE_CRYPTO_AUTH_SHA256_HMAC:
> +		session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA2_256_128;
> +		session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> +		break;
> +	case RTE_CRYPTO_AUTH_SHA384_HMAC:
> +		session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA2_384_192;
> +		session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> +		break;
> +	case RTE_CRYPTO_AUTH_SHA512_HMAC:
> +		session->auth_key.alg =3D
> OP_PCL_IPSEC_HMAC_SHA2_512_256;
> +		session->auth_key.algmode =3D OP_ALG_AAI_HMAC;
> +		break;
> +	case RTE_CRYPTO_AUTH_AES_CMAC:
> +		session->auth_key.alg =3D OP_PCL_IPSEC_AES_CMAC_96;
> +		break;
> +	case RTE_CRYPTO_AUTH_NULL:
> +		session->auth_key.alg =3D OP_PCL_IPSEC_HMAC_NULL;
> +		break;
> +	case RTE_CRYPTO_AUTH_SHA224_HMAC:
> +	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> +	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
> +	case RTE_CRYPTO_AUTH_SHA1:
> +	case RTE_CRYPTO_AUTH_SHA256:
> +	case RTE_CRYPTO_AUTH_SHA512:
> +	case RTE_CRYPTO_AUTH_SHA224:
> +	case RTE_CRYPTO_AUTH_SHA384:
> +	case RTE_CRYPTO_AUTH_MD5:
> +	case RTE_CRYPTO_AUTH_AES_GMAC:
> +	case RTE_CRYPTO_AUTH_KASUMI_F9:
> +	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
> +	case RTE_CRYPTO_AUTH_ZUC_EIA3:
> +		DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
> +			      session->auth_alg);
> +		return -1;
> +	default:
> +		DPAA_SEC_ERR("Crypto: Undefined Auth specified %u",
> +			      session->auth_alg);
> +		return -1;
> +	}
> +
> +	switch (session->cipher_alg) {
> +	case RTE_CRYPTO_CIPHER_AES_CBC:
> +		session->cipher_key.alg =3D OP_PCL_IPSEC_AES_CBC;
> +		session->cipher_key.algmode =3D OP_ALG_AAI_CBC;
> +		break;
> +	case RTE_CRYPTO_CIPHER_3DES_CBC:
> +		session->cipher_key.alg =3D OP_PCL_IPSEC_3DES;
> +		session->cipher_key.algmode =3D OP_ALG_AAI_CBC;
> +		break;
> +	case RTE_CRYPTO_CIPHER_AES_CTR:
> +		session->cipher_key.alg =3D OP_PCL_IPSEC_AES_CTR;
> +		session->cipher_key.algmode =3D OP_ALG_AAI_CTR;
> +		break;
> +	case RTE_CRYPTO_CIPHER_NULL:
> +		session->cipher_key.alg =3D OP_PCL_IPSEC_NULL;
> +		break;
> +	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
> +	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
> +	case RTE_CRYPTO_CIPHER_3DES_ECB:
> +	case RTE_CRYPTO_CIPHER_AES_ECB:
> +	case RTE_CRYPTO_CIPHER_KASUMI_F8:
> +		DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
> +			      session->cipher_alg);
> +		return -1;
> +	default:
> +		DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
> +			      session->cipher_alg);
> +		return -1;
> +	}
> +
> +	return 0;
> +}
> +
> +static int
> +dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
> +			   struct rte_security_session_conf *conf,
> +			   void *sess)
> +{
> +	struct dpaa_sec_dev_private *internals =3D dev->data->dev_private;
> +	struct rte_security_ipsec_xform *ipsec_xform =3D &conf->ipsec;
> +	struct rte_crypto_auth_xform *auth_xform =3D NULL;
> +	struct rte_crypto_cipher_xform *cipher_xform =3D NULL;
> +	struct rte_crypto_aead_xform *aead_xform =3D NULL;
> +	dpaa_sec_session *session =3D (dpaa_sec_session *)sess;
> +	uint32_t i;
> +	int ret;
> +
> +	PMD_INIT_FUNC_TRACE();
> +
> +	memset(session, 0, sizeof(dpaa_sec_session));
> +	session->proto_alg =3D conf->protocol;
> +	session->ctxt =3D DPAA_SEC_IPSEC;
> +
> +	if (ipsec_xform->direction =3D=3D
> RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
> +		session->dir =3D DIR_ENC;
> +	else
> +		session->dir =3D DIR_DEC;
> +
> +	if (conf->crypto_xform->type =3D=3D
> RTE_CRYPTO_SYM_XFORM_CIPHER) {
> +		cipher_xform =3D &conf->crypto_xform->cipher;
> +		if (conf->crypto_xform->next)
> +			auth_xform =3D &conf->crypto_xform->next->auth;
> +		ret =3D dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
> +					session);
> +	} else if (conf->crypto_xform->type =3D=3D
> RTE_CRYPTO_SYM_XFORM_AUTH) {
> +		auth_xform =3D &conf->crypto_xform->auth;
> +		if (conf->crypto_xform->next)
> +			cipher_xform =3D &conf->crypto_xform->next-
> >cipher;
> +		ret =3D dpaa_sec_ipsec_proto_init(cipher_xform, auth_xform,
> +					session);
> +	} else if (conf->crypto_xform->type =3D=3D
> RTE_CRYPTO_SYM_XFORM_AEAD) {
> +		aead_xform =3D &conf->crypto_xform->aead;
> +		ret =3D dpaa_sec_ipsec_aead_init(aead_xform,
> +					ipsec_xform, session);
> +	} else {
> +		DPAA_SEC_ERR("XFORM not specified");
> +		ret =3D -EINVAL;
> +		goto out;
> +	}
> +	if (ret) {
> +		DPAA_SEC_ERR("Failed to process xform");
> +		goto out;
> +	}
> +
>  	if (ipsec_xform->direction =3D=3D
> RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
>  		if (ipsec_xform->tunnel.type =3D=3D
>  				RTE_SECURITY_IPSEC_TUNNEL_IPV4) {
> -			memset(&session->encap_pdb, 0,
> -				sizeof(struct ipsec_encap_pdb) +
> -				sizeof(session->ip4_hdr));
>  			session->ip4_hdr.ip_v =3D IPVERSION;
>  			session->ip4_hdr.ip_hl =3D 5;
>  			session->ip4_hdr.ip_len =3D rte_cpu_to_be_16( @@ -
> 2673,9 +2791,6 @@ dpaa_sec_set_ipsec_session(__rte_unused struct
> rte_cryptodev *dev,
>  			session->encap_pdb.ip_hdr_len =3D sizeof(struct ip);
>  		} else if (ipsec_xform->tunnel.type =3D=3D
>  				RTE_SECURITY_IPSEC_TUNNEL_IPV6) {
> -			memset(&session->encap_pdb, 0,
> -				sizeof(struct ipsec_encap_pdb) +
> -				sizeof(session->ip6_hdr));
>  			session->ip6_hdr.vtc_flow =3D rte_cpu_to_be_32(
>  				DPAA_IPv6_DEFAULT_VTC_FLOW |
>  				((ipsec_xform->tunnel.ipv6.dscp <<
> @@ -2707,10 +2822,9 @@ dpaa_sec_set_ipsec_session(__rte_unused struct
> rte_cryptodev *dev,
>  		if (ipsec_xform->options.esn)
>  			session->encap_pdb.options |=3D PDBOPTS_ESP_ESN;
>  		session->encap_pdb.spi =3D ipsec_xform->spi;
> -		session->dir =3D DIR_ENC;
> +
>  	} else if (ipsec_xform->direction =3D=3D
>  			RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {
> -		memset(&session->decap_pdb, 0, sizeof(struct
> ipsec_decap_pdb));
>  		if (ipsec_xform->tunnel.type =3D=3D
> RTE_SECURITY_IPSEC_TUNNEL_IPV4)
>  			session->decap_pdb.options =3D sizeof(struct ip) << 16;
>  		else
> @@ -2718,7 +2832,6 @@ dpaa_sec_set_ipsec_session(__rte_unused struct
> rte_cryptodev *dev,
>  					sizeof(struct rte_ipv6_hdr) << 16;
>  		if (ipsec_xform->options.esn)
>  			session->decap_pdb.options |=3D PDBOPTS_ESP_ESN;
> -		session->dir =3D DIR_DEC;
>  	} else
>  		goto out;
>  	rte_spinlock_lock(&internals->lock);
> --
> 2.17.1