DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements
@ 2018-08-30  5:50 Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 01/10] crypto/dpaa2_sec: update the flib RTA to latest Hemant Agrawal
                   ` (10 more replies)
  0 siblings, 11 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:50 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

This patch series includes enhancements for the dpaa and dpaa2_sec
crypto drivers

Akhil Goyal (5):
  crypto/dpaa_sec: session reset before init
  crypto/dpaa_sec: add LOCK before Rx HW queue attach
  crypto/dpaa_sec: session qp should match with given qp
  crypto/dpaa_sec: enable sequence no rollover
  crypto/dpaa2_sec: enable sequence no rollover

Hemant Agrawal (5):
  crypto/dpaa2_sec: update the flib RTA to latest
  crypto/dpaa_sec: reduce the number of QP per device
  crypto/dpaa2_sec: add out of place crypto support
  crypto/dpaa2_sec: multi algo support for ipsec session
  crypto/dpaa_sec: ipsec offload add null algo support

 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        | 374 +++++++---
 drivers/crypto/dpaa2_sec/hw/desc.h                 | 814 +++++----------------
 drivers/crypto/dpaa2_sec/hw/desc/algo.h            |  58 +-
 drivers/crypto/dpaa2_sec/hw/desc/ipsec.h           | 195 ++++-
 drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h     | 346 ++++-----
 drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h |  22 +
 drivers/crypto/dpaa_sec/dpaa_sec.c                 | 303 +++++---
 drivers/crypto/dpaa_sec/dpaa_sec.h                 |   3 +-
 8 files changed, 1012 insertions(+), 1103 deletions(-)

-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 01/10] crypto/dpaa2_sec: update the flib RTA to latest
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
@ 2018-08-30  5:50 ` Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 02/10] crypto/dpaa_sec: session reset before init Hemant Agrawal
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:50 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   5 +-
 drivers/crypto/dpaa2_sec/hw/desc.h                 | 814 +++++----------------
 drivers/crypto/dpaa2_sec/hw/desc/algo.h            |  58 +-
 drivers/crypto/dpaa2_sec/hw/desc/ipsec.h           | 195 ++++-
 drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h     | 346 ++++-----
 drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h |  22 +
 drivers/crypto/dpaa_sec/dpaa_sec.c                 |   6 +-
 7 files changed, 565 insertions(+), 881 deletions(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 2a3c61c..ac49029 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2328,7 +2328,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 
 		session->dir = DIR_ENC;
 		bufsize = cnstr_shdsc_ipsec_new_encap(priv->flc_desc[0].desc,
-				1, 0, &encap_pdb,
+				1, 0, SHR_SERIAL, &encap_pdb,
 				(uint8_t *)&ip4_hdr,
 				&cipherdata, &authdata);
 	} else if (ipsec_xform->direction ==
@@ -2338,7 +2338,8 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		decap_pdb.options = sizeof(struct ip) << 16;
 		session->dir = DIR_DEC;
 		bufsize = cnstr_shdsc_ipsec_new_decap(priv->flc_desc[0].desc,
-				1, 0, &decap_pdb, &cipherdata, &authdata);
+				1, 0, SHR_SERIAL,
+				&decap_pdb, &cipherdata, &authdata);
 	} else
 		goto out;
 
diff --git a/drivers/crypto/dpaa2_sec/hw/desc.h b/drivers/crypto/dpaa2_sec/hw/desc.h
index e925583..ca94ea3 100644
--- a/drivers/crypto/dpaa2_sec/hw/desc.h
+++ b/drivers/crypto/dpaa2_sec/hw/desc.h
@@ -588,7 +588,7 @@
 #define OP_PCLID_TLS10_PRF	(0x09 << OP_PCLID_SHIFT)
 #define OP_PCLID_TLS11_PRF	(0x0a << OP_PCLID_SHIFT)
 #define OP_PCLID_TLS12_PRF	(0x0b << OP_PCLID_SHIFT)
-#define OP_PCLID_DTLS10_PRF	(0x0c << OP_PCLID_SHIFT)
+#define OP_PCLID_DTLS_PRF	(0x0c << OP_PCLID_SHIFT)
 #define OP_PCLID_PUBLICKEYPAIR	(0x14 << OP_PCLID_SHIFT)
 #define OP_PCLID_DSASIGN	(0x15 << OP_PCLID_SHIFT)
 #define OP_PCLID_DSAVERIFY	(0x16 << OP_PCLID_SHIFT)
@@ -612,7 +612,7 @@
 #define OP_PCLID_TLS10		(0x09 << OP_PCLID_SHIFT)
 #define OP_PCLID_TLS11		(0x0a << OP_PCLID_SHIFT)
 #define OP_PCLID_TLS12		(0x0b << OP_PCLID_SHIFT)
-#define OP_PCLID_DTLS10		(0x0c << OP_PCLID_SHIFT)
+#define OP_PCLID_DTLS		(0x0c << OP_PCLID_SHIFT)
 #define OP_PCLID_BLOB		(0x0d << OP_PCLID_SHIFT)
 #define OP_PCLID_IPSEC_NEW	(0x11 << OP_PCLID_SHIFT)
 #define OP_PCLID_3G_DCRC	(0x31 << OP_PCLID_SHIFT)
@@ -665,643 +665,179 @@
 
 #define OP_PCL_SRTP_HMAC_SHA1_160		 0x0007
 
-/* For SSL 3.0 - OP_PCLID_SSL30 */
-#define OP_PCL_SSL30_AES_128_CBC_SHA		 0x002f
-#define OP_PCL_SSL30_AES_128_CBC_SHA_2		 0x0030
-#define OP_PCL_SSL30_AES_128_CBC_SHA_3		 0x0031
-#define OP_PCL_SSL30_AES_128_CBC_SHA_4		 0x0032
-#define OP_PCL_SSL30_AES_128_CBC_SHA_5		 0x0033
-#define OP_PCL_SSL30_AES_128_CBC_SHA_6		 0x0034
-#define OP_PCL_SSL30_AES_128_CBC_SHA_7		 0x008c
-#define OP_PCL_SSL30_AES_128_CBC_SHA_8		 0x0090
-#define OP_PCL_SSL30_AES_128_CBC_SHA_9		 0x0094
-#define OP_PCL_SSL30_AES_128_CBC_SHA_10		 0xc004
-#define OP_PCL_SSL30_AES_128_CBC_SHA_11		 0xc009
-#define OP_PCL_SSL30_AES_128_CBC_SHA_12		 0xc00e
-#define OP_PCL_SSL30_AES_128_CBC_SHA_13		 0xc013
-#define OP_PCL_SSL30_AES_128_CBC_SHA_14		 0xc018
-#define OP_PCL_SSL30_AES_128_CBC_SHA_15		 0xc01d
-#define OP_PCL_SSL30_AES_128_CBC_SHA_16		 0xc01e
-#define OP_PCL_SSL30_AES_128_CBC_SHA_17		 0xc01f
-
-#define OP_PCL_SSL30_AES_256_CBC_SHA		 0x0035
-#define OP_PCL_SSL30_AES_256_CBC_SHA_2		 0x0036
-#define OP_PCL_SSL30_AES_256_CBC_SHA_3		 0x0037
-#define OP_PCL_SSL30_AES_256_CBC_SHA_4		 0x0038
-#define OP_PCL_SSL30_AES_256_CBC_SHA_5		 0x0039
-#define OP_PCL_SSL30_AES_256_CBC_SHA_6		 0x003a
-#define OP_PCL_SSL30_AES_256_CBC_SHA_7		 0x008d
-#define OP_PCL_SSL30_AES_256_CBC_SHA_8		 0x0091
-#define OP_PCL_SSL30_AES_256_CBC_SHA_9		 0x0095
-#define OP_PCL_SSL30_AES_256_CBC_SHA_10		 0xc005
-#define OP_PCL_SSL30_AES_256_CBC_SHA_11		 0xc00a
-#define OP_PCL_SSL30_AES_256_CBC_SHA_12		 0xc00f
-#define OP_PCL_SSL30_AES_256_CBC_SHA_13		 0xc014
-#define OP_PCL_SSL30_AES_256_CBC_SHA_14		 0xc019
-#define OP_PCL_SSL30_AES_256_CBC_SHA_15		 0xc020
-#define OP_PCL_SSL30_AES_256_CBC_SHA_16		 0xc021
-#define OP_PCL_SSL30_AES_256_CBC_SHA_17		 0xc022
-
-#define OP_PCL_SSL30_AES_128_GCM_SHA256_1	 0x009C
-#define OP_PCL_SSL30_AES_256_GCM_SHA384_1	 0x009D
-#define OP_PCL_SSL30_AES_128_GCM_SHA256_2	 0x009E
-#define OP_PCL_SSL30_AES_256_GCM_SHA384_2	 0x009F
-#define OP_PCL_SSL30_AES_128_GCM_SHA256_3	 0x00A0
-#define OP_PCL_SSL30_AES_256_GCM_SHA384_3	 0x00A1
-#define OP_PCL_SSL30_AES_128_GCM_SHA256_4	 0x00A2
-#define OP_PCL_SSL30_AES_256_GCM_SHA384_4	 0x00A3
-#define OP_PCL_SSL30_AES_128_GCM_SHA256_5	 0x00A4
-#define OP_PCL_SSL30_AES_256_GCM_SHA384_5	 0x00A5
-#define OP_PCL_SSL30_AES_128_GCM_SHA256_6	 0x00A6
-
-#define OP_PCL_TLS_DH_ANON_AES_256_GCM_SHA384	 0x00A7
-#define OP_PCL_TLS_PSK_AES_128_GCM_SHA256	 0x00A8
-#define OP_PCL_TLS_PSK_AES_256_GCM_SHA384	 0x00A9
-#define OP_PCL_TLS_DHE_PSK_AES_128_GCM_SHA256	 0x00AA
-#define OP_PCL_TLS_DHE_PSK_AES_256_GCM_SHA384	 0x00AB
-#define OP_PCL_TLS_RSA_PSK_AES_128_GCM_SHA256	 0x00AC
-#define OP_PCL_TLS_RSA_PSK_AES_256_GCM_SHA384	 0x00AD
-#define OP_PCL_TLS_PSK_AES_128_CBC_SHA256	 0x00AE
-#define OP_PCL_TLS_PSK_AES_256_CBC_SHA384	 0x00AF
-#define OP_PCL_TLS_DHE_PSK_AES_128_CBC_SHA256	 0x00B2
-#define OP_PCL_TLS_DHE_PSK_AES_256_CBC_SHA384	 0x00B3
-#define OP_PCL_TLS_RSA_PSK_AES_128_CBC_SHA256	 0x00B6
-#define OP_PCL_TLS_RSA_PSK_AES_256_CBC_SHA384	 0x00B7
-
-#define OP_PCL_SSL30_3DES_EDE_CBC_MD5		 0x0023
-
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA		 0x001f
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_2		 0x008b
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_3		 0x008f
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_4		 0x0093
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_5		 0x000a
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_6		 0x000d
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_7		 0x0010
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_8		 0x0013
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_9		 0x0016
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_10	 0x001b
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_11	 0xc003
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_12	 0xc008
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_13	 0xc00d
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_14	 0xc012
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_15	 0xc017
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_16	 0xc01a
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_17	 0xc01b
-#define OP_PCL_SSL30_3DES_EDE_CBC_SHA_18	 0xc01c
-
-#define OP_PCL_SSL30_DES40_CBC_MD5		 0x0029
-
-#define OP_PCL_SSL30_DES_CBC_MD5		 0x0022
-
-#define OP_PCL_SSL30_DES40_CBC_SHA		 0x0008
-#define OP_PCL_SSL30_DES40_CBC_SHA_2		 0x000b
-#define OP_PCL_SSL30_DES40_CBC_SHA_3		 0x000e
-#define OP_PCL_SSL30_DES40_CBC_SHA_4		 0x0011
-#define OP_PCL_SSL30_DES40_CBC_SHA_5		 0x0014
-#define OP_PCL_SSL30_DES40_CBC_SHA_6		 0x0019
-#define OP_PCL_SSL30_DES40_CBC_SHA_7		 0x0026
-
-#define OP_PCL_SSL30_DES_CBC_SHA		 0x001e
-#define OP_PCL_SSL30_DES_CBC_SHA_2		 0x0009
-#define OP_PCL_SSL30_DES_CBC_SHA_3		 0x000c
-#define OP_PCL_SSL30_DES_CBC_SHA_4		 0x000f
-#define OP_PCL_SSL30_DES_CBC_SHA_5		 0x0012
-#define OP_PCL_SSL30_DES_CBC_SHA_6		 0x0015
-#define OP_PCL_SSL30_DES_CBC_SHA_7		 0x001a
-
-#define OP_PCL_SSL30_RC4_128_MD5		 0x0024
-#define OP_PCL_SSL30_RC4_128_MD5_2		 0x0004
-#define OP_PCL_SSL30_RC4_128_MD5_3		 0x0018
-
-#define OP_PCL_SSL30_RC4_40_MD5			 0x002b
-#define OP_PCL_SSL30_RC4_40_MD5_2		 0x0003
-#define OP_PCL_SSL30_RC4_40_MD5_3		 0x0017
-
-#define OP_PCL_SSL30_RC4_128_SHA		 0x0020
-#define OP_PCL_SSL30_RC4_128_SHA_2		 0x008a
-#define OP_PCL_SSL30_RC4_128_SHA_3		 0x008e
-#define OP_PCL_SSL30_RC4_128_SHA_4		 0x0092
-#define OP_PCL_SSL30_RC4_128_SHA_5		 0x0005
-#define OP_PCL_SSL30_RC4_128_SHA_6		 0xc002
-#define OP_PCL_SSL30_RC4_128_SHA_7		 0xc007
-#define OP_PCL_SSL30_RC4_128_SHA_8		 0xc00c
-#define OP_PCL_SSL30_RC4_128_SHA_9		 0xc011
-#define OP_PCL_SSL30_RC4_128_SHA_10		 0xc016
-
-#define OP_PCL_SSL30_RC4_40_SHA			 0x0028
-
-/* For TLS 1.0 - OP_PCLID_TLS10 */
-#define OP_PCL_TLS10_AES_128_CBC_SHA		 0x002f
-#define OP_PCL_TLS10_AES_128_CBC_SHA_2		 0x0030
-#define OP_PCL_TLS10_AES_128_CBC_SHA_3		 0x0031
-#define OP_PCL_TLS10_AES_128_CBC_SHA_4		 0x0032
-#define OP_PCL_TLS10_AES_128_CBC_SHA_5		 0x0033
-#define OP_PCL_TLS10_AES_128_CBC_SHA_6		 0x0034
-#define OP_PCL_TLS10_AES_128_CBC_SHA_7		 0x008c
-#define OP_PCL_TLS10_AES_128_CBC_SHA_8		 0x0090
-#define OP_PCL_TLS10_AES_128_CBC_SHA_9		 0x0094
-#define OP_PCL_TLS10_AES_128_CBC_SHA_10		 0xc004
-#define OP_PCL_TLS10_AES_128_CBC_SHA_11		 0xc009
-#define OP_PCL_TLS10_AES_128_CBC_SHA_12		 0xc00e
-#define OP_PCL_TLS10_AES_128_CBC_SHA_13		 0xc013
-#define OP_PCL_TLS10_AES_128_CBC_SHA_14		 0xc018
-#define OP_PCL_TLS10_AES_128_CBC_SHA_15		 0xc01d
-#define OP_PCL_TLS10_AES_128_CBC_SHA_16		 0xc01e
-#define OP_PCL_TLS10_AES_128_CBC_SHA_17		 0xc01f
-
-#define OP_PCL_TLS10_AES_256_CBC_SHA		 0x0035
-#define OP_PCL_TLS10_AES_256_CBC_SHA_2		 0x0036
-#define OP_PCL_TLS10_AES_256_CBC_SHA_3		 0x0037
-#define OP_PCL_TLS10_AES_256_CBC_SHA_4		 0x0038
-#define OP_PCL_TLS10_AES_256_CBC_SHA_5		 0x0039
-#define OP_PCL_TLS10_AES_256_CBC_SHA_6		 0x003a
-#define OP_PCL_TLS10_AES_256_CBC_SHA_7		 0x008d
-#define OP_PCL_TLS10_AES_256_CBC_SHA_8		 0x0091
-#define OP_PCL_TLS10_AES_256_CBC_SHA_9		 0x0095
-#define OP_PCL_TLS10_AES_256_CBC_SHA_10		 0xc005
-#define OP_PCL_TLS10_AES_256_CBC_SHA_11		 0xc00a
-#define OP_PCL_TLS10_AES_256_CBC_SHA_12		 0xc00f
-#define OP_PCL_TLS10_AES_256_CBC_SHA_13		 0xc014
-#define OP_PCL_TLS10_AES_256_CBC_SHA_14		 0xc019
-#define OP_PCL_TLS10_AES_256_CBC_SHA_15		 0xc020
-#define OP_PCL_TLS10_AES_256_CBC_SHA_16		 0xc021
-#define OP_PCL_TLS10_AES_256_CBC_SHA_17		 0xc022
-
-#define OP_PCL_TLS_ECDHE_ECDSA_AES_128_CBC_SHA256  0xC023
-#define OP_PCL_TLS_ECDHE_ECDSA_AES_256_CBC_SHA384  0xC024
-#define OP_PCL_TLS_ECDH_ECDSA_AES_128_CBC_SHA256   0xC025
-#define OP_PCL_TLS_ECDH_ECDSA_AES_256_CBC_SHA384   0xC026
-#define OP_PCL_TLS_ECDHE_RSA_AES_128_CBC_SHA256	   0xC027
-#define OP_PCL_TLS_ECDHE_RSA_AES_256_CBC_SHA384	   0xC028
-#define OP_PCL_TLS_ECDH_RSA_AES_128_CBC_SHA256	   0xC029
-#define OP_PCL_TLS_ECDH_RSA_AES_256_CBC_SHA384	   0xC02A
-#define OP_PCL_TLS_ECDHE_ECDSA_AES_128_GCM_SHA256  0xC02B
-#define OP_PCL_TLS_ECDHE_ECDSA_AES_256_GCM_SHA384  0xC02C
-#define OP_PCL_TLS_ECDH_ECDSA_AES_128_GCM_SHA256   0xC02D
-#define OP_PCL_TLS_ECDH_ECDSA_AES_256_GCM_SHA384   0xC02E
-#define OP_PCL_TLS_ECDHE_RSA_AES_128_GCM_SHA256	   0xC02F
-#define OP_PCL_TLS_ECDHE_RSA_AES_256_GCM_SHA384	   0xC030
-#define OP_PCL_TLS_ECDH_RSA_AES_128_GCM_SHA256	   0xC031
-#define OP_PCL_TLS_ECDH_RSA_AES_256_GCM_SHA384	   0xC032
-#define OP_PCL_TLS_ECDHE_PSK_RC4_128_SHA	   0xC033
-#define OP_PCL_TLS_ECDHE_PSK_3DES_EDE_CBC_SHA	   0xC034
-#define OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA	   0xC035
-#define OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA	   0xC036
-#define OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA256	   0xC037
-#define OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA384	   0xC038
-
-/* #define OP_PCL_TLS10_3DES_EDE_CBC_MD5	0x0023 */
-
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA		 0x001f
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_2		 0x008b
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_3		 0x008f
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_4		 0x0093
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_5		 0x000a
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_6		 0x000d
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_7		 0x0010
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_8		 0x0013
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_9		 0x0016
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_10	 0x001b
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_11	 0xc003
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_12	 0xc008
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_13	 0xc00d
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_14	 0xc012
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_15	 0xc017
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_16	 0xc01a
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_17	 0xc01b
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA_18	 0xc01c
-
-#define OP_PCL_TLS10_DES40_CBC_MD5		 0x0029
-
-#define OP_PCL_TLS10_DES_CBC_MD5		 0x0022
-
-#define OP_PCL_TLS10_DES40_CBC_SHA		 0x0008
-#define OP_PCL_TLS10_DES40_CBC_SHA_2		 0x000b
-#define OP_PCL_TLS10_DES40_CBC_SHA_3		 0x000e
-#define OP_PCL_TLS10_DES40_CBC_SHA_4		 0x0011
-#define OP_PCL_TLS10_DES40_CBC_SHA_5		 0x0014
-#define OP_PCL_TLS10_DES40_CBC_SHA_6		 0x0019
-#define OP_PCL_TLS10_DES40_CBC_SHA_7		 0x0026
-
-#define OP_PCL_TLS10_DES_CBC_SHA		 0x001e
-#define OP_PCL_TLS10_DES_CBC_SHA_2		 0x0009
-#define OP_PCL_TLS10_DES_CBC_SHA_3		 0x000c
-#define OP_PCL_TLS10_DES_CBC_SHA_4		 0x000f
-#define OP_PCL_TLS10_DES_CBC_SHA_5		 0x0012
-#define OP_PCL_TLS10_DES_CBC_SHA_6		 0x0015
-#define OP_PCL_TLS10_DES_CBC_SHA_7		 0x001a
-
-#define OP_PCL_TLS10_RC4_128_MD5		 0x0024
-#define OP_PCL_TLS10_RC4_128_MD5_2		 0x0004
-#define OP_PCL_TLS10_RC4_128_MD5_3		 0x0018
-
-#define OP_PCL_TLS10_RC4_40_MD5			 0x002b
-#define OP_PCL_TLS10_RC4_40_MD5_2		 0x0003
-#define OP_PCL_TLS10_RC4_40_MD5_3		 0x0017
-
-#define OP_PCL_TLS10_RC4_128_SHA		 0x0020
-#define OP_PCL_TLS10_RC4_128_SHA_2		 0x008a
-#define OP_PCL_TLS10_RC4_128_SHA_3		 0x008e
-#define OP_PCL_TLS10_RC4_128_SHA_4		 0x0092
-#define OP_PCL_TLS10_RC4_128_SHA_5		 0x0005
-#define OP_PCL_TLS10_RC4_128_SHA_6		 0xc002
-#define OP_PCL_TLS10_RC4_128_SHA_7		 0xc007
-#define OP_PCL_TLS10_RC4_128_SHA_8		 0xc00c
-#define OP_PCL_TLS10_RC4_128_SHA_9		 0xc011
-#define OP_PCL_TLS10_RC4_128_SHA_10		 0xc016
-
-#define OP_PCL_TLS10_RC4_40_SHA			 0x0028
-
-#define OP_PCL_TLS10_3DES_EDE_CBC_MD5		 0xff23
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA160	 0xff30
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA224	 0xff34
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA256	 0xff36
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA384	 0xff33
-#define OP_PCL_TLS10_3DES_EDE_CBC_SHA512	 0xff35
-#define OP_PCL_TLS10_AES_128_CBC_SHA160		 0xff80
-#define OP_PCL_TLS10_AES_128_CBC_SHA224		 0xff84
-#define OP_PCL_TLS10_AES_128_CBC_SHA256		 0xff86
-#define OP_PCL_TLS10_AES_128_CBC_SHA384		 0xff83
-#define OP_PCL_TLS10_AES_128_CBC_SHA512		 0xff85
-#define OP_PCL_TLS10_AES_192_CBC_SHA160		 0xff20
-#define OP_PCL_TLS10_AES_192_CBC_SHA224		 0xff24
-#define OP_PCL_TLS10_AES_192_CBC_SHA256		 0xff26
-#define OP_PCL_TLS10_AES_192_CBC_SHA384		 0xff23
-#define OP_PCL_TLS10_AES_192_CBC_SHA512		 0xff25
-#define OP_PCL_TLS10_AES_256_CBC_SHA160		 0xff60
-#define OP_PCL_TLS10_AES_256_CBC_SHA224		 0xff64
-#define OP_PCL_TLS10_AES_256_CBC_SHA256		 0xff66
-#define OP_PCL_TLS10_AES_256_CBC_SHA384		 0xff63
-#define OP_PCL_TLS10_AES_256_CBC_SHA512		 0xff65
-
-#define OP_PCL_TLS_PVT_AES_192_CBC_SHA160	 0xff90
-#define OP_PCL_TLS_PVT_AES_192_CBC_SHA384	 0xff93
-#define OP_PCL_TLS_PVT_AES_192_CBC_SHA224	 0xff94
-#define OP_PCL_TLS_PVT_AES_192_CBC_SHA512	 0xff95
-#define OP_PCL_TLS_PVT_AES_192_CBC_SHA256	 0xff96
-#define OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FE	 0xfffe
-#define OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FF	 0xffff
-
-/* For TLS 1.1 - OP_PCLID_TLS11 */
-#define OP_PCL_TLS11_AES_128_CBC_SHA		 0x002f
-#define OP_PCL_TLS11_AES_128_CBC_SHA_2		 0x0030
-#define OP_PCL_TLS11_AES_128_CBC_SHA_3		 0x0031
-#define OP_PCL_TLS11_AES_128_CBC_SHA_4		 0x0032
-#define OP_PCL_TLS11_AES_128_CBC_SHA_5		 0x0033
-#define OP_PCL_TLS11_AES_128_CBC_SHA_6		 0x0034
-#define OP_PCL_TLS11_AES_128_CBC_SHA_7		 0x008c
-#define OP_PCL_TLS11_AES_128_CBC_SHA_8		 0x0090
-#define OP_PCL_TLS11_AES_128_CBC_SHA_9		 0x0094
-#define OP_PCL_TLS11_AES_128_CBC_SHA_10		 0xc004
-#define OP_PCL_TLS11_AES_128_CBC_SHA_11		 0xc009
-#define OP_PCL_TLS11_AES_128_CBC_SHA_12		 0xc00e
-#define OP_PCL_TLS11_AES_128_CBC_SHA_13		 0xc013
-#define OP_PCL_TLS11_AES_128_CBC_SHA_14		 0xc018
-#define OP_PCL_TLS11_AES_128_CBC_SHA_15		 0xc01d
-#define OP_PCL_TLS11_AES_128_CBC_SHA_16		 0xc01e
-#define OP_PCL_TLS11_AES_128_CBC_SHA_17		 0xc01f
-
-#define OP_PCL_TLS11_AES_256_CBC_SHA		 0x0035
-#define OP_PCL_TLS11_AES_256_CBC_SHA_2		 0x0036
-#define OP_PCL_TLS11_AES_256_CBC_SHA_3		 0x0037
-#define OP_PCL_TLS11_AES_256_CBC_SHA_4		 0x0038
-#define OP_PCL_TLS11_AES_256_CBC_SHA_5		 0x0039
-#define OP_PCL_TLS11_AES_256_CBC_SHA_6		 0x003a
-#define OP_PCL_TLS11_AES_256_CBC_SHA_7		 0x008d
-#define OP_PCL_TLS11_AES_256_CBC_SHA_8		 0x0091
-#define OP_PCL_TLS11_AES_256_CBC_SHA_9		 0x0095
-#define OP_PCL_TLS11_AES_256_CBC_SHA_10		 0xc005
-#define OP_PCL_TLS11_AES_256_CBC_SHA_11		 0xc00a
-#define OP_PCL_TLS11_AES_256_CBC_SHA_12		 0xc00f
-#define OP_PCL_TLS11_AES_256_CBC_SHA_13		 0xc014
-#define OP_PCL_TLS11_AES_256_CBC_SHA_14		 0xc019
-#define OP_PCL_TLS11_AES_256_CBC_SHA_15		 0xc020
-#define OP_PCL_TLS11_AES_256_CBC_SHA_16		 0xc021
-#define OP_PCL_TLS11_AES_256_CBC_SHA_17		 0xc022
-
-/* #define OP_PCL_TLS11_3DES_EDE_CBC_MD5	0x0023 */
-
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA		 0x001f
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_2		 0x008b
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_3		 0x008f
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_4		 0x0093
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_5		 0x000a
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_6		 0x000d
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_7		 0x0010
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_8		 0x0013
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_9		 0x0016
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_10	 0x001b
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_11	 0xc003
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_12	 0xc008
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_13	 0xc00d
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_14	 0xc012
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_15	 0xc017
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_16	 0xc01a
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_17	 0xc01b
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA_18	 0xc01c
-
-#define OP_PCL_TLS11_DES40_CBC_MD5		 0x0029
-
-#define OP_PCL_TLS11_DES_CBC_MD5		 0x0022
-
-#define OP_PCL_TLS11_DES40_CBC_SHA		 0x0008
-#define OP_PCL_TLS11_DES40_CBC_SHA_2		 0x000b
-#define OP_PCL_TLS11_DES40_CBC_SHA_3		 0x000e
-#define OP_PCL_TLS11_DES40_CBC_SHA_4		 0x0011
-#define OP_PCL_TLS11_DES40_CBC_SHA_5		 0x0014
-#define OP_PCL_TLS11_DES40_CBC_SHA_6		 0x0019
-#define OP_PCL_TLS11_DES40_CBC_SHA_7		 0x0026
-
-#define OP_PCL_TLS11_DES_CBC_SHA		 0x001e
-#define OP_PCL_TLS11_DES_CBC_SHA_2		 0x0009
-#define OP_PCL_TLS11_DES_CBC_SHA_3		 0x000c
-#define OP_PCL_TLS11_DES_CBC_SHA_4		 0x000f
-#define OP_PCL_TLS11_DES_CBC_SHA_5		 0x0012
-#define OP_PCL_TLS11_DES_CBC_SHA_6		 0x0015
-#define OP_PCL_TLS11_DES_CBC_SHA_7		 0x001a
-
-#define OP_PCL_TLS11_RC4_128_MD5		 0x0024
-#define OP_PCL_TLS11_RC4_128_MD5_2		 0x0004
-#define OP_PCL_TLS11_RC4_128_MD5_3		 0x0018
-
-#define OP_PCL_TLS11_RC4_40_MD5			 0x002b
-#define OP_PCL_TLS11_RC4_40_MD5_2		 0x0003
-#define OP_PCL_TLS11_RC4_40_MD5_3		 0x0017
-
-#define OP_PCL_TLS11_RC4_128_SHA		 0x0020
-#define OP_PCL_TLS11_RC4_128_SHA_2		 0x008a
-#define OP_PCL_TLS11_RC4_128_SHA_3		 0x008e
-#define OP_PCL_TLS11_RC4_128_SHA_4		 0x0092
-#define OP_PCL_TLS11_RC4_128_SHA_5		 0x0005
-#define OP_PCL_TLS11_RC4_128_SHA_6		 0xc002
-#define OP_PCL_TLS11_RC4_128_SHA_7		 0xc007
-#define OP_PCL_TLS11_RC4_128_SHA_8		 0xc00c
-#define OP_PCL_TLS11_RC4_128_SHA_9		 0xc011
-#define OP_PCL_TLS11_RC4_128_SHA_10		 0xc016
-
-#define OP_PCL_TLS11_RC4_40_SHA			 0x0028
-
-#define OP_PCL_TLS11_3DES_EDE_CBC_MD5		 0xff23
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA160	 0xff30
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA224	 0xff34
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA256	 0xff36
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA384	 0xff33
-#define OP_PCL_TLS11_3DES_EDE_CBC_SHA512	 0xff35
-#define OP_PCL_TLS11_AES_128_CBC_SHA160		 0xff80
-#define OP_PCL_TLS11_AES_128_CBC_SHA224		 0xff84
-#define OP_PCL_TLS11_AES_128_CBC_SHA256		 0xff86
-#define OP_PCL_TLS11_AES_128_CBC_SHA384		 0xff83
-#define OP_PCL_TLS11_AES_128_CBC_SHA512		 0xff85
-#define OP_PCL_TLS11_AES_192_CBC_SHA160		 0xff20
-#define OP_PCL_TLS11_AES_192_CBC_SHA224		 0xff24
-#define OP_PCL_TLS11_AES_192_CBC_SHA256		 0xff26
-#define OP_PCL_TLS11_AES_192_CBC_SHA384		 0xff23
-#define OP_PCL_TLS11_AES_192_CBC_SHA512		 0xff25
-#define OP_PCL_TLS11_AES_256_CBC_SHA160		 0xff60
-#define OP_PCL_TLS11_AES_256_CBC_SHA224		 0xff64
-#define OP_PCL_TLS11_AES_256_CBC_SHA256		 0xff66
-#define OP_PCL_TLS11_AES_256_CBC_SHA384		 0xff63
-#define OP_PCL_TLS11_AES_256_CBC_SHA512		 0xff65
-
-
-/* For TLS 1.2 - OP_PCLID_TLS12 */
-#define OP_PCL_TLS12_AES_128_CBC_SHA		 0x002f
-#define OP_PCL_TLS12_AES_128_CBC_SHA_2		 0x0030
-#define OP_PCL_TLS12_AES_128_CBC_SHA_3		 0x0031
-#define OP_PCL_TLS12_AES_128_CBC_SHA_4		 0x0032
-#define OP_PCL_TLS12_AES_128_CBC_SHA_5		 0x0033
-#define OP_PCL_TLS12_AES_128_CBC_SHA_6		 0x0034
-#define OP_PCL_TLS12_AES_128_CBC_SHA_7		 0x008c
-#define OP_PCL_TLS12_AES_128_CBC_SHA_8		 0x0090
-#define OP_PCL_TLS12_AES_128_CBC_SHA_9		 0x0094
-#define OP_PCL_TLS12_AES_128_CBC_SHA_10		 0xc004
-#define OP_PCL_TLS12_AES_128_CBC_SHA_11		 0xc009
-#define OP_PCL_TLS12_AES_128_CBC_SHA_12		 0xc00e
-#define OP_PCL_TLS12_AES_128_CBC_SHA_13		 0xc013
-#define OP_PCL_TLS12_AES_128_CBC_SHA_14		 0xc018
-#define OP_PCL_TLS12_AES_128_CBC_SHA_15		 0xc01d
-#define OP_PCL_TLS12_AES_128_CBC_SHA_16		 0xc01e
-#define OP_PCL_TLS12_AES_128_CBC_SHA_17		 0xc01f
-
-#define OP_PCL_TLS12_AES_256_CBC_SHA		 0x0035
-#define OP_PCL_TLS12_AES_256_CBC_SHA_2		 0x0036
-#define OP_PCL_TLS12_AES_256_CBC_SHA_3		 0x0037
-#define OP_PCL_TLS12_AES_256_CBC_SHA_4		 0x0038
-#define OP_PCL_TLS12_AES_256_CBC_SHA_5		 0x0039
-#define OP_PCL_TLS12_AES_256_CBC_SHA_6		 0x003a
-#define OP_PCL_TLS12_AES_256_CBC_SHA_7		 0x008d
-#define OP_PCL_TLS12_AES_256_CBC_SHA_8		 0x0091
-#define OP_PCL_TLS12_AES_256_CBC_SHA_9		 0x0095
-#define OP_PCL_TLS12_AES_256_CBC_SHA_10		 0xc005
-#define OP_PCL_TLS12_AES_256_CBC_SHA_11		 0xc00a
-#define OP_PCL_TLS12_AES_256_CBC_SHA_12		 0xc00f
-#define OP_PCL_TLS12_AES_256_CBC_SHA_13		 0xc014
-#define OP_PCL_TLS12_AES_256_CBC_SHA_14		 0xc019
-#define OP_PCL_TLS12_AES_256_CBC_SHA_15		 0xc020
-#define OP_PCL_TLS12_AES_256_CBC_SHA_16		 0xc021
-#define OP_PCL_TLS12_AES_256_CBC_SHA_17		 0xc022
-
-/* #define OP_PCL_TLS12_3DES_EDE_CBC_MD5	0x0023 */
-
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA		 0x001f
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_2		 0x008b
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_3		 0x008f
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_4		 0x0093
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_5		 0x000a
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_6		 0x000d
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_7		 0x0010
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_8		 0x0013
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_9		 0x0016
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_10	 0x001b
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_11	 0xc003
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_12	 0xc008
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_13	 0xc00d
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_14	 0xc012
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_15	 0xc017
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_16	 0xc01a
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_17	 0xc01b
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA_18	 0xc01c
-
-#define OP_PCL_TLS12_DES40_CBC_MD5		 0x0029
-
-#define OP_PCL_TLS12_DES_CBC_MD5		 0x0022
-
-#define OP_PCL_TLS12_DES40_CBC_SHA		 0x0008
-#define OP_PCL_TLS12_DES40_CBC_SHA_2		 0x000b
-#define OP_PCL_TLS12_DES40_CBC_SHA_3		 0x000e
-#define OP_PCL_TLS12_DES40_CBC_SHA_4		 0x0011
-#define OP_PCL_TLS12_DES40_CBC_SHA_5		 0x0014
-#define OP_PCL_TLS12_DES40_CBC_SHA_6		 0x0019
-#define OP_PCL_TLS12_DES40_CBC_SHA_7		 0x0026
-
-#define OP_PCL_TLS12_DES_CBC_SHA		 0x001e
-#define OP_PCL_TLS12_DES_CBC_SHA_2		 0x0009
-#define OP_PCL_TLS12_DES_CBC_SHA_3		 0x000c
-#define OP_PCL_TLS12_DES_CBC_SHA_4		 0x000f
-#define OP_PCL_TLS12_DES_CBC_SHA_5		 0x0012
-#define OP_PCL_TLS12_DES_CBC_SHA_6		 0x0015
-#define OP_PCL_TLS12_DES_CBC_SHA_7		 0x001a
-
-#define OP_PCL_TLS12_RC4_128_MD5		 0x0024
-#define OP_PCL_TLS12_RC4_128_MD5_2		 0x0004
-#define OP_PCL_TLS12_RC4_128_MD5_3		 0x0018
-
-#define OP_PCL_TLS12_RC4_40_MD5			 0x002b
-#define OP_PCL_TLS12_RC4_40_MD5_2		 0x0003
-#define OP_PCL_TLS12_RC4_40_MD5_3		 0x0017
-
-#define OP_PCL_TLS12_RC4_128_SHA		 0x0020
-#define OP_PCL_TLS12_RC4_128_SHA_2		 0x008a
-#define OP_PCL_TLS12_RC4_128_SHA_3		 0x008e
-#define OP_PCL_TLS12_RC4_128_SHA_4		 0x0092
-#define OP_PCL_TLS12_RC4_128_SHA_5		 0x0005
-#define OP_PCL_TLS12_RC4_128_SHA_6		 0xc002
-#define OP_PCL_TLS12_RC4_128_SHA_7		 0xc007
-#define OP_PCL_TLS12_RC4_128_SHA_8		 0xc00c
-#define OP_PCL_TLS12_RC4_128_SHA_9		 0xc011
-#define OP_PCL_TLS12_RC4_128_SHA_10		 0xc016
-
-#define OP_PCL_TLS12_RC4_40_SHA			 0x0028
-
-/* #define OP_PCL_TLS12_AES_128_CBC_SHA256	0x003c */
-#define OP_PCL_TLS12_AES_128_CBC_SHA256_2	 0x003e
-#define OP_PCL_TLS12_AES_128_CBC_SHA256_3	 0x003f
-#define OP_PCL_TLS12_AES_128_CBC_SHA256_4	 0x0040
-#define OP_PCL_TLS12_AES_128_CBC_SHA256_5	 0x0067
-#define OP_PCL_TLS12_AES_128_CBC_SHA256_6	 0x006c
-
-/* #define OP_PCL_TLS12_AES_256_CBC_SHA256	0x003d */
-#define OP_PCL_TLS12_AES_256_CBC_SHA256_2	 0x0068
-#define OP_PCL_TLS12_AES_256_CBC_SHA256_3	 0x0069
-#define OP_PCL_TLS12_AES_256_CBC_SHA256_4	 0x006a
-#define OP_PCL_TLS12_AES_256_CBC_SHA256_5	 0x006b
-#define OP_PCL_TLS12_AES_256_CBC_SHA256_6	 0x006d
-
-/* AEAD_AES_xxx_CCM/GCM remain to be defined... */
-
-#define OP_PCL_TLS12_3DES_EDE_CBC_MD5		 0xff23
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA160	 0xff30
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA224	 0xff34
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA256	 0xff36
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA384	 0xff33
-#define OP_PCL_TLS12_3DES_EDE_CBC_SHA512	 0xff35
-#define OP_PCL_TLS12_AES_128_CBC_SHA160		 0xff80
-#define OP_PCL_TLS12_AES_128_CBC_SHA224		 0xff84
-#define OP_PCL_TLS12_AES_128_CBC_SHA256		 0xff86
-#define OP_PCL_TLS12_AES_128_CBC_SHA384		 0xff83
-#define OP_PCL_TLS12_AES_128_CBC_SHA512		 0xff85
-#define OP_PCL_TLS12_AES_192_CBC_SHA160		 0xff20
-#define OP_PCL_TLS12_AES_192_CBC_SHA224		 0xff24
-#define OP_PCL_TLS12_AES_192_CBC_SHA256		 0xff26
-#define OP_PCL_TLS12_AES_192_CBC_SHA384		 0xff23
-#define OP_PCL_TLS12_AES_192_CBC_SHA512		 0xff25
-#define OP_PCL_TLS12_AES_256_CBC_SHA160		 0xff60
-#define OP_PCL_TLS12_AES_256_CBC_SHA224		 0xff64
-#define OP_PCL_TLS12_AES_256_CBC_SHA256		 0xff66
-#define OP_PCL_TLS12_AES_256_CBC_SHA384		 0xff63
-#define OP_PCL_TLS12_AES_256_CBC_SHA512		 0xff65
-
-/* For DTLS - OP_PCLID_DTLS */
-
-#define OP_PCL_DTLS_AES_128_CBC_SHA		 0x002f
-#define OP_PCL_DTLS_AES_128_CBC_SHA_2		 0x0030
-#define OP_PCL_DTLS_AES_128_CBC_SHA_3		 0x0031
-#define OP_PCL_DTLS_AES_128_CBC_SHA_4		 0x0032
-#define OP_PCL_DTLS_AES_128_CBC_SHA_5		 0x0033
-#define OP_PCL_DTLS_AES_128_CBC_SHA_6		 0x0034
-#define OP_PCL_DTLS_AES_128_CBC_SHA_7		 0x008c
-#define OP_PCL_DTLS_AES_128_CBC_SHA_8		 0x0090
-#define OP_PCL_DTLS_AES_128_CBC_SHA_9		 0x0094
-#define OP_PCL_DTLS_AES_128_CBC_SHA_10		 0xc004
-#define OP_PCL_DTLS_AES_128_CBC_SHA_11		 0xc009
-#define OP_PCL_DTLS_AES_128_CBC_SHA_12		 0xc00e
-#define OP_PCL_DTLS_AES_128_CBC_SHA_13		 0xc013
-#define OP_PCL_DTLS_AES_128_CBC_SHA_14		 0xc018
-#define OP_PCL_DTLS_AES_128_CBC_SHA_15		 0xc01d
-#define OP_PCL_DTLS_AES_128_CBC_SHA_16		 0xc01e
-#define OP_PCL_DTLS_AES_128_CBC_SHA_17		 0xc01f
-
-#define OP_PCL_DTLS_AES_256_CBC_SHA		 0x0035
-#define OP_PCL_DTLS_AES_256_CBC_SHA_2		 0x0036
-#define OP_PCL_DTLS_AES_256_CBC_SHA_3		 0x0037
-#define OP_PCL_DTLS_AES_256_CBC_SHA_4		 0x0038
-#define OP_PCL_DTLS_AES_256_CBC_SHA_5		 0x0039
-#define OP_PCL_DTLS_AES_256_CBC_SHA_6		 0x003a
-#define OP_PCL_DTLS_AES_256_CBC_SHA_7		 0x008d
-#define OP_PCL_DTLS_AES_256_CBC_SHA_8		 0x0091
-#define OP_PCL_DTLS_AES_256_CBC_SHA_9		 0x0095
-#define OP_PCL_DTLS_AES_256_CBC_SHA_10		 0xc005
-#define OP_PCL_DTLS_AES_256_CBC_SHA_11		 0xc00a
-#define OP_PCL_DTLS_AES_256_CBC_SHA_12		 0xc00f
-#define OP_PCL_DTLS_AES_256_CBC_SHA_13		 0xc014
-#define OP_PCL_DTLS_AES_256_CBC_SHA_14		 0xc019
-#define OP_PCL_DTLS_AES_256_CBC_SHA_15		 0xc020
-#define OP_PCL_DTLS_AES_256_CBC_SHA_16		 0xc021
-#define OP_PCL_DTLS_AES_256_CBC_SHA_17		 0xc022
-
-/* #define OP_PCL_DTLS_3DES_EDE_CBC_MD5		0x0023 */
-
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA		 0x001f
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_2		 0x008b
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_3		 0x008f
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_4		 0x0093
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_5		 0x000a
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_6		 0x000d
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_7		 0x0010
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_8		 0x0013
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_9		 0x0016
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_10		 0x001b
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_11		 0xc003
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_12		 0xc008
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_13		 0xc00d
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_14		 0xc012
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_15		 0xc017
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_16		 0xc01a
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_17		 0xc01b
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA_18		 0xc01c
-
-#define OP_PCL_DTLS_DES40_CBC_MD5		 0x0029
-
-#define OP_PCL_DTLS_DES_CBC_MD5			 0x0022
-
-#define OP_PCL_DTLS_DES40_CBC_SHA		 0x0008
-#define OP_PCL_DTLS_DES40_CBC_SHA_2		 0x000b
-#define OP_PCL_DTLS_DES40_CBC_SHA_3		 0x000e
-#define OP_PCL_DTLS_DES40_CBC_SHA_4		 0x0011
-#define OP_PCL_DTLS_DES40_CBC_SHA_5		 0x0014
-#define OP_PCL_DTLS_DES40_CBC_SHA_6		 0x0019
-#define OP_PCL_DTLS_DES40_CBC_SHA_7		 0x0026
-
-
-#define OP_PCL_DTLS_DES_CBC_SHA			 0x001e
-#define OP_PCL_DTLS_DES_CBC_SHA_2		 0x0009
-#define OP_PCL_DTLS_DES_CBC_SHA_3		 0x000c
-#define OP_PCL_DTLS_DES_CBC_SHA_4		 0x000f
-#define OP_PCL_DTLS_DES_CBC_SHA_5		 0x0012
-#define OP_PCL_DTLS_DES_CBC_SHA_6		 0x0015
-#define OP_PCL_DTLS_DES_CBC_SHA_7		 0x001a
-
-#define OP_PCL_DTLS_3DES_EDE_CBC_MD5		 0xff23
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA160		 0xff30
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA224		 0xff34
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA256		 0xff36
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA384		 0xff33
-#define OP_PCL_DTLS_3DES_EDE_CBC_SHA512		 0xff35
-#define OP_PCL_DTLS_AES_128_CBC_SHA160		 0xff80
-#define OP_PCL_DTLS_AES_128_CBC_SHA224		 0xff84
-#define OP_PCL_DTLS_AES_128_CBC_SHA256		 0xff86
-#define OP_PCL_DTLS_AES_128_CBC_SHA384		 0xff83
-#define OP_PCL_DTLS_AES_128_CBC_SHA512		 0xff85
-#define OP_PCL_DTLS_AES_192_CBC_SHA160		 0xff20
-#define OP_PCL_DTLS_AES_192_CBC_SHA224		 0xff24
-#define OP_PCL_DTLS_AES_192_CBC_SHA256		 0xff26
-#define OP_PCL_DTLS_AES_192_CBC_SHA384		 0xff23
-#define OP_PCL_DTLS_AES_192_CBC_SHA512		 0xff25
-#define OP_PCL_DTLS_AES_256_CBC_SHA160		 0xff60
-#define OP_PCL_DTLS_AES_256_CBC_SHA224		 0xff64
-#define OP_PCL_DTLS_AES_256_CBC_SHA256		 0xff66
-#define OP_PCL_DTLS_AES_256_CBC_SHA384		 0xff63
-#define OP_PCL_DTLS_AES_256_CBC_SHA512		 0xff65
+/*
+ * For SSL/TLS/DTLS - OP_PCL_TLS
+ * For more details see IANA TLS Cipher Suite registry:
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
+ * Note: for private/internal use (reserved by IANA) - OP_PCL_PVT_TLS
+ */
+#define OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5		0x0003
+#define OP_PCL_TLS_RSA_WITH_RC4_128_MD5			0x0004
+#define OP_PCL_TLS_RSA_WITH_RC4_128_SHA			0x0005
+#define OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
+#define OP_PCL_TLS_RSA_WITH_DES_CBC_SHA			0x0009
+#define OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA		0x000a
+#define OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
+#define OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA		0x000c
+#define OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA		0x000d
+#define OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
+#define OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA		0x000f
+#define OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA		0x0010
+#define OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
+#define OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA		0x0012
+#define OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
+#define OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
+#define OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA		0x0015
+#define OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
+#define OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5	0x0017
+#define OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5		0x0018
+#define OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA	0x0019
+#define OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA		0x001a
+#define OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA	0x001b
+#define OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA		0x001e
+#define OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA		0x001f
+#define OP_PCL_TLS_KRB5_WITH_RC4_128_SHA		0x0020
+#define OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5		0x0023
+#define OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5		0x0022
+#define OP_PCL_TLS_KRB5_WITH_RC4_128_MD5		0x0024
+#define OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA	0x0026
+#define OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA		0x0028
+#define OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5	0x0029
+#define OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5		0x002b
+#define OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA		0x002f
+#define OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA		0x0030
+#define OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA		0x0031
+#define OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA		0x0032
+#define OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA		0x0033
+#define OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA		0x0034
+#define OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA		0x0035
+#define OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA		0x0036
+#define OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA		0x0037
+#define OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA		0x0038
+#define OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA		0x0039
+#define OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA		0x003a
+#define OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256		0x003c
+#define OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256		0x003d
+#define OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256	0x003e
+#define OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256	0x003f
+#define OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	0x0040
+#define OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256	0x0067
+#define OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256	0x0068
+#define OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256	0x0069
+#define OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	0x006a
+#define OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256	0x006b
+#define OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256	0x006c
+#define OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256	0x006d
+#define OP_PCL_TLS_PSK_WITH_RC4_128_SHA			0x008a
+#define OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA		0x008b
+#define OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA		0x008c
+#define OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA		0x008d
+#define OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA		0x008e
+#define OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA	0x008f
+#define OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA		0x0090
+#define OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA		0x0091
+#define OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA		0x0092
+#define OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA	0x0093
+#define OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA		0x0094
+#define OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA		0x0095
+#define OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256		0x009c
+#define OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384		0x009d
+#define OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256	0x009e
+#define OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384	0x009f
+#define OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256	0x00a0
+#define OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384	0x00a1
+#define OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256	0x00a2
+#define OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384	0x00a3
+#define OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256	0x00a4
+#define OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384	0x00a5
+#define OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256	0x00a6
+#define OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384	0x00a7
+#define OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256		0x00a8
+#define OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384		0x00a9
+#define OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256	0x00aa
+#define OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384	0x00ab
+#define OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256	0x00ac
+#define OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384	0x00ad
+#define OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256		0x00ae
+#define OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384		0x00af
+#define OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256	0x00b2
+#define OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384	0x00b3
+#define OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256	0x00b6
+#define OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384	0x00b7
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA		0xc002
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xc003
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xc004
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xc005
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA		0xc007
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xc008
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xc009
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xc00a
+#define OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA		0xc00c
+#define OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xc00d
+#define OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xc00e
+#define OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xc00f
+#define OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA		0xc011
+#define OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xc012
+#define OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xc013
+#define OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xc014
+#define OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA		0xc016
+#define OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA	0xc017
+#define OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA	0xc018
+#define OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA	0xc019
+#define OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA	0xc01a
+#define OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0xc01b
+#define OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0xc01c
+#define OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA		0xc01d
+#define OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0xc01e
+#define OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0xc01f
+#define OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA		0xc020
+#define OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0xc021
+#define OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0xc022
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	0xc023
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384	0xc024
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256	0xc025
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384	0xc026
+#define OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	0xc027
+#define OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	0xc028
+#define OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256	0xc029
+#define OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384	0xc02a
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0xc02b
+#define OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	0xc02c
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256	0xc02d
+#define OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384	0xc02e
+#define OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	0xc02f
+#define OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	0xc030
+#define OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256	0xc031
+#define OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384	0xc032
+#define OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA		0xc033
+#define OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA	0xc034
+#define OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA	0xc035
+#define OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA	0xc036
+#define OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256	0xc037
+#define OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384	0xc038
+#define OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5			0xff23
+#define OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160		0xff30
+#define OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384		0xff33
+#define OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224		0xff34
+#define OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512		0xff35
+#define OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256		0xff36
+#define OP_PCL_PVT_TLS_AES_256_CBC_SHA160		0xff60
+#define OP_PCL_PVT_TLS_AES_256_CBC_SHA384		0xff63
+#define OP_PCL_PVT_TLS_AES_256_CBC_SHA224		0xff64
+#define OP_PCL_PVT_TLS_AES_256_CBC_SHA512		0xff65
+#define OP_PCL_PVT_TLS_AES_256_CBC_SHA256		0xff66
+#define OP_PCL_PVT_TLS_AES_128_CBC_SHA160		0xff80
+#define OP_PCL_PVT_TLS_AES_128_CBC_SHA384		0xff83
+#define OP_PCL_PVT_TLS_AES_128_CBC_SHA224		0xff84
+#define OP_PCL_PVT_TLS_AES_128_CBC_SHA512		0xff85
+#define OP_PCL_PVT_TLS_AES_128_CBC_SHA256		0xff86
+#define OP_PCL_PVT_TLS_AES_192_CBC_SHA160		0xff90
+#define OP_PCL_PVT_TLS_AES_192_CBC_SHA384		0xff93
+#define OP_PCL_PVT_TLS_AES_192_CBC_SHA224		0xff94
+#define OP_PCL_PVT_TLS_AES_192_CBC_SHA512		0xff95
+#define OP_PCL_PVT_TLS_AES_192_CBC_SHA256		0xff96
+#define OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE		0xfffe
+#define OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF		0xffff
 
 /* 802.16 WiMAX protinfos */
 #define OP_PCL_WIMAX_OFDM			 0x0201
diff --git a/drivers/crypto/dpaa2_sec/hw/desc/algo.h b/drivers/crypto/dpaa2_sec/hw/desc/algo.h
index 91f3e06..febcb6d 100644
--- a/drivers/crypto/dpaa2_sec/hw/desc/algo.h
+++ b/drivers/crypto/dpaa2_sec/hw/desc/algo.h
@@ -410,6 +410,35 @@ cnstr_shdsc_kasumi_f9(uint32_t *descbuf, bool ps, bool swap,
 }
 
 /**
+ * cnstr_shdsc_crc - CRC32 Accelerator (IEEE 802 CRC32 protocol mode)
+ * @descbuf: pointer to descriptor-under-construction buffer
+ * @swap: must be true when core endianness doesn't match SEC endianness
+ *
+ * Return: size of descriptor written in words or negative number on error
+ */
+static inline int
+cnstr_shdsc_crc(uint32_t *descbuf, bool swap)
+{
+	struct program prg;
+	struct program *p = &prg;
+
+	PROGRAM_CNTXT_INIT(p, descbuf, 0);
+	if (swap)
+		PROGRAM_SET_BSWAP(p);
+
+	SHR_HDR(p, SHR_ALWAYS, 1, 0);
+
+	MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
+	ALG_OPERATION(p, OP_ALG_ALGSEL_CRC,
+		      OP_ALG_AAI_802 | OP_ALG_AAI_DOC,
+		      OP_ALG_AS_FINALIZE, 0, DIR_ENC);
+	SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
+	SEQSTORE(p, CONTEXT2, 0, 4, 0);
+
+	return PROGRAM_FINALIZE(p);
+}
+
+/**
  * cnstr_shdsc_gcm_encap - AES-GCM encap as a shared descriptor
  * @descbuf: pointer to descriptor-under-construction buffer
  * @ps: if 36/40bit addressing is desired, this parameter must be true
@@ -614,33 +643,4 @@ cnstr_shdsc_gcm_decap(uint32_t *descbuf, bool ps, bool swap,
 	return PROGRAM_FINALIZE(p);
 }
 
-/**
- * cnstr_shdsc_crc - CRC32 Accelerator (IEEE 802 CRC32 protocol mode)
- * @descbuf: pointer to descriptor-under-construction buffer
- * @swap: must be true when core endianness doesn't match SEC endianness
- *
- * Return: size of descriptor written in words or negative number on error
- */
-static inline int
-cnstr_shdsc_crc(uint32_t *descbuf, bool swap)
-{
-	struct program prg;
-	struct program *p = &prg;
-
-	PROGRAM_CNTXT_INIT(p, descbuf, 0);
-	if (swap)
-		PROGRAM_SET_BSWAP(p);
-
-	SHR_HDR(p, SHR_ALWAYS, 1, 0);
-
-	MATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);
-	ALG_OPERATION(p, OP_ALG_ALGSEL_CRC,
-		      OP_ALG_AAI_802 | OP_ALG_AAI_DOC,
-		      OP_ALG_AS_FINALIZE, 0, DIR_ENC);
-	SEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);
-	SEQSTORE(p, CONTEXT2, 0, 4, 0);
-
-	return PROGRAM_FINALIZE(p);
-}
-
 #endif /* __DESC_ALGO_H__ */
diff --git a/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h b/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h
index 35cc02a..d256a39 100644
--- a/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h
+++ b/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h
@@ -522,44 +522,133 @@ enum ipsec_icv_size {
 
 /*
  * IPSec ESP Datapath Protocol Override Register (DPOVRD)
+ * IPSEC_N_* defines are for IPsec new mode.
  */
 
-#define IPSEC_DECO_DPOVRD_USE		0x80
+/**
+ * IPSEC_DPOVRD_USE - DPOVRD will override values specified in the PDB
+ */
+#define IPSEC_DPOVRD_USE	BIT(31)
 
-struct ipsec_deco_dpovrd {
-	uint8_t ovrd_ecn;
-	uint8_t ip_hdr_len;
-	uint8_t nh_offset;
-	union {
-		uint8_t next_header;	/* next header if encap */
-		uint8_t rsvd;		/* reserved if decap */
-	};
-};
+/**
+ * IPSEC_DPOVRD_ECN_SHIFT - Explicit Congestion Notification
+ *
+ * If set, MSB of the 4 bits indicates that the 2 LSBs will replace the ECN bits
+ * in the IP header.
+ */
+#define IPSEC_DPOVRD_ECN_SHIFT		24
 
-struct ipsec_new_encap_deco_dpovrd {
-#define IPSEC_NEW_ENCAP_DECO_DPOVRD_USE	0x8000
-	uint16_t ovrd_ip_hdr_len;	/* OVRD + outer IP header material
-					 * length
-					 */
-#define IPSEC_NEW_ENCAP_OIMIF		0x80
-	uint8_t oimif_aoipho;		/* OIMIF + actual outer IP header
-					 * offset
-					 */
-	uint8_t rsvd;
-};
+/**
+ * IPSEC_DPOVRD_ECN_MASK - See IPSEC_DPOVRD_ECN_SHIFT
+ */
+#define IPSEC_DPOVRD_ECN_MASK		(0xf << IPSEC_ENCAP_DPOVRD_ECN_SHIFT)
 
-struct ipsec_new_decap_deco_dpovrd {
-	uint8_t ovrd;
-	uint8_t aoipho_hi;		/* upper nibble of actual outer IP
-					 * header
-					 */
-	uint16_t aoipho_lo_ip_hdr_len;	/* lower nibble of actual outer IP
-					 * header + outer IP header material
-					 */
-};
+/**
+ * IPSEC_DPOVRD_IP_HDR_LEN_SHIFT - The length (in bytes) of the portion of the
+ *                                 IP header that is not encrypted
+ */
+#define IPSEC_DPOVRD_IP_HDR_LEN_SHIFT	16
+
+/**
+ * IPSEC_DPOVRD_IP_HDR_LEN_MASK - See IPSEC_DPOVRD_IP_HDR_LEN_SHIFT
+ */
+#define IPSEC_DPOVRD_IP_HDR_LEN_MASK	(0xff << IPSEC_DPOVRD_IP_HDR_LEN_SHIFT)
+
+/**
+ * IPSEC_DPOVRD_NH_OFFSET_SHIFT - The location of the next header field within
+ *                                the IP header of the transport mode packet
+ *
+ * Encap:
+ *	ESP_Trailer_NH <-- IP_Hdr[DPOVRD[NH_OFFSET]]
+ *	IP_Hdr[DPOVRD[NH_OFFSET]] <-- DPOVRD[NH]
+ *Decap:
+ *	IP_Hdr[DPOVRD[NH_OFFSET]] <-- ESP_Trailer_NH
+ */
+#define IPSEC_DPOVRD_NH_OFFSET_SHIFT	8
+
+/**
+ * IPSEC_DPOVRD_NH_OFFSET_MASK - See IPSEC_DPOVRD_NH_OFFSET_SHIFT
+ */
+#define IPSEC_DPOVRD_NH_OFFSET_MASK	(0xff << IPSEC_DPOVRD_NH_OFFSET_SHIFT)
+
+/**
+ * IPSEC_DPOVRD_NH_MASK - See IPSEC_DPOVRD_NH_OFFSET_SHIFT
+ *                        Valid only for encapsulation.
+ */
+#define IPSEC_DPOVRD_NH_MASK		0xff
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT - Outer IP header Material length (encap)
+ *                                      Valid only if L2_COPY is not set.
+ */
+#define IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT	16
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_OIM_LEN_MASK - See IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT
+ */
+#define IPSEC_N_ENCAP_DPOVRD_OIM_LEN_MASK \
+	(0xfff << IPSEC_N_ENCAP_DPOVRD_OIM_LEN_SHIFT)
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT - L2 header length
+ *                                     Valid only if L2_COPY is set.
+ */
+#define IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT	16
 
-static inline void
-__gen_auth_key(struct program *program, struct alginfo *authdata)
+/**
+ * IPSEC_N_ENCAP_DPOVRD_L2_LEN_MASK - See IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT
+ */
+#define IPSEC_N_ENCAP_DPOVRD_L2_LEN_MASK \
+	(0xff << IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT)
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_OIMIF -  Outer IP header Material in Input Frame
+ */
+#define IPSEC_N_ENCAP_DPOVRD_OIMIF		BIT(15)
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_L2_COPY - L2 header present in input frame
+ *
+ * Note: For Era <= 8, this bit is reserved (not used) by HW.
+ */
+#define IPSEC_N_ENCAP_DPOVRD_L2_COPY		BIT(14)
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT - Actual Outer IP Header Offset (encap)
+ */
+#define IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT	8
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_AOIPHO_MASK - See IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT
+ */
+#define IPSEC_N_ENCAP_DPOVRD_AOIPHO_MASK \
+	(0x3c << IPSEC_N_ENCAP_DPOVRD_AOIPHO_SHIFT)
+
+/**
+ * IPSEC_N_ENCAP_DPOVRD_NH_MASK -  Next Header
+ *
+ * Used in the Next Header field of the encapsulated payload.
+ */
+#define IPSEC_N_ENCAP_DPOVRD_NH_MASK		0xff
+
+/**
+ * IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT - Actual Outer IP Header Offset (decap)
+ */
+#define IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT	12
+
+/**
+ * IPSEC_N_DECAP_DPOVRD_AOIPHO_MASK - See IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT
+ */
+#define IPSEC_N_DECAP_DPOVRD_AOIPHO_MASK \
+	(0xff << IPSEC_N_DECAP_DPOVRD_AOIPHO_SHIFT)
+
+/**
+ * IPSEC_N_DECAP_DPOVRD_OIM_LEN_MASK - Outer IP header Material length (decap)
+ */
+#define IPSEC_N_DECAP_DPOVRD_OIM_LEN_MASK	0xfff
+
+static inline void __gen_auth_key(struct program *program,
+				  struct alginfo *authdata)
 {
 	uint32_t dkp_protid;
 
@@ -603,6 +692,7 @@ __gen_auth_key(struct program *program, struct alginfo *authdata)
  * @descbuf: pointer to buffer used for descriptor construction
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: if true, perform descriptor byte swapping on a 4-byte boundary
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -621,6 +711,7 @@ __gen_auth_key(struct program *program, struct alginfo *authdata)
  */
 static inline int
 cnstr_shdsc_ipsec_encap(uint32_t *descbuf, bool ps, bool swap,
+					  enum rta_share_type share,
 			struct ipsec_encap_pdb *pdb,
 			struct alginfo *cipherdata,
 			struct alginfo *authdata)
@@ -638,7 +729,7 @@ cnstr_shdsc_ipsec_encap(uint32_t *descbuf, bool ps, bool swap,
 		PROGRAM_SET_BSWAP(p);
 	if (ps)
 		PROGRAM_SET_36BIT_ADDR(p);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
 	COPY_DATA(p, pdb->ip_hdr, pdb->ip_hdr_len);
 	SET_LABEL(p, hdr);
@@ -669,6 +760,7 @@ cnstr_shdsc_ipsec_encap(uint32_t *descbuf, bool ps, bool swap,
  * @descbuf: pointer to buffer used for descriptor construction
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: if true, perform descriptor byte swapping on a 4-byte boundary
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -687,6 +779,7 @@ cnstr_shdsc_ipsec_encap(uint32_t *descbuf, bool ps, bool swap,
  */
 static inline int
 cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
+			enum rta_share_type share,
 			struct ipsec_decap_pdb *pdb,
 			struct alginfo *cipherdata,
 			struct alginfo *authdata)
@@ -704,7 +797,7 @@ cnstr_shdsc_ipsec_decap(uint32_t *descbuf, bool ps, bool swap,
 		PROGRAM_SET_BSWAP(p);
 	if (ps)
 		PROGRAM_SET_36BIT_ADDR(p);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
 	SET_LABEL(p, hdr);
 	pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, BOTH|SHRD);
@@ -1040,7 +1133,7 @@ cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
  * layers to determine whether Outer IP Header and/or keys can be inlined or
  * not. To be used as first parameter of rta_inline_query().
  */
-#define IPSEC_NEW_ENC_BASE_DESC_LEN	(5 * CAAM_CMD_SZ + \
+#define IPSEC_NEW_ENC_BASE_DESC_LEN	(12 * CAAM_CMD_SZ + \
 					 sizeof(struct ipsec_encap_pdb))
 
 /**
@@ -1052,7 +1145,7 @@ cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
  * layers to determine whether Outer IP Header and/or key can be inlined or
  * not. To be used as first parameter of rta_inline_query().
  */
-#define IPSEC_NEW_NULL_ENC_BASE_DESC_LEN	(4 * CAAM_CMD_SZ + \
+#define IPSEC_NEW_NULL_ENC_BASE_DESC_LEN	(11 * CAAM_CMD_SZ + \
 						 sizeof(struct ipsec_encap_pdb))
 
 /**
@@ -1061,6 +1154,7 @@ cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
  * @descbuf: pointer to buffer used for descriptor construction
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: must be true when core endianness doesn't match SEC endianness
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -1080,11 +1174,21 @@ cnstr_shdsc_ipsec_decap_des_aes_xcbc(uint32_t *descbuf,
  *            compute MDHA on the fly in HW.
  *            Valid algorithm values - one of OP_PCL_IPSEC_*
  *
+ * Note: L2 header copy functionality is implemented assuming that bits 14
+ * (currently reserved) and 16-23 (part of Outer IP Header Material Length)
+ * in DPOVRD register are not used (which is usually the case when L3 header
+ * is provided in PDB).
+ * When DPOVRD[14] is set, frame starts with an L2 header; in this case, the
+ * L2 header length is found at DPOVRD[23:16]. SEC uses this length to copy
+ * the header and then it deletes DPOVRD[23:16] (so there is no side effect
+ * when later running IPsec protocol).
+ *
  * Return: size of descriptor written in words or negative number on error
  */
 static inline int
 cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
 			    bool swap,
+					      enum rta_share_type share,
 			    struct ipsec_encap_pdb *pdb,
 			    uint8_t *opt_ip_hdr,
 			    struct alginfo *cipherdata,
@@ -1097,6 +1201,8 @@ cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
 	REFERENCE(pkeyjmp);
 	LABEL(hdr);
 	REFERENCE(phdr);
+	LABEL(l2copy);
+	REFERENCE(pl2copy);
 
 	if (rta_sec_era < RTA_SEC_ERA_8) {
 		pr_err("IPsec new mode encap: available only for Era %d or above\n",
@@ -1109,7 +1215,7 @@ cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
 		PROGRAM_SET_BSWAP(p);
 	if (ps)
 		PROGRAM_SET_36BIT_ADDR(p);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 
 	__rta_copy_ipsec_encap_pdb(p, pdb, cipherdata->algtype);
 
@@ -1128,6 +1234,16 @@ cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
 	}
 	SET_LABEL(p, hdr);
 
+	MATHB(p, DPOVRD, AND, IPSEC_N_ENCAP_DPOVRD_L2_COPY, NONE, 4, IMMED2);
+	pl2copy = JUMP(p, l2copy, LOCAL_JUMP, ALL_TRUE, MATH_Z);
+	MATHI(p, DPOVRD, RSHIFT, IPSEC_N_ENCAP_DPOVRD_L2_LEN_SHIFT, VSEQOUTSZ,
+	      1, 0);
+	MATHB(p, DPOVRD, AND, ~IPSEC_N_ENCAP_DPOVRD_L2_LEN_MASK, DPOVRD, 4,
+	      IMMED2);
+	/* TODO: CLASS2 corresponds to AUX=2'b10; add more intuitive defines */
+	SEQFIFOSTORE(p, METADATA, 0, 0, CLASS2 | VLF);
+	SET_LABEL(p, l2copy);
+
 	pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
 	if (authdata->keylen)
 		__gen_auth_key(p, authdata);
@@ -1138,6 +1254,7 @@ cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
 	PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
 		 OP_PCLID_IPSEC_NEW,
 		 (uint16_t)(cipherdata->algtype | authdata->algtype));
+	PATCH_JUMP(p, pl2copy, l2copy);
 	PATCH_JUMP(p, pkeyjmp, keyjmp);
 	PATCH_HDR(p, phdr, hdr);
 	return PROGRAM_FINALIZE(p);
@@ -1171,6 +1288,7 @@ cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
  * @descbuf: pointer to buffer used for descriptor construction
  * @ps: if 36/40bit addressing is desired, this parameter must be true
  * @swap: must be true when core endianness doesn't match SEC endianness
+ * @share: sharing type of shared descriptor
  * @pdb: pointer to the PDB to be used with this descriptor
  *       This structure will be copied inline to the descriptor under
  *       construction. No error checking will be made. Refer to the
@@ -1188,6 +1306,7 @@ cnstr_shdsc_ipsec_new_encap(uint32_t *descbuf, bool ps,
 static inline int
 cnstr_shdsc_ipsec_new_decap(uint32_t *descbuf, bool ps,
 			    bool swap,
+					      enum rta_share_type share,
 			    struct ipsec_decap_pdb *pdb,
 			    struct alginfo *cipherdata,
 			    struct alginfo *authdata)
@@ -1211,7 +1330,7 @@ cnstr_shdsc_ipsec_new_decap(uint32_t *descbuf, bool ps,
 		PROGRAM_SET_BSWAP(p);
 	if (ps)
 		PROGRAM_SET_36BIT_ADDR(p);
-	phdr = SHR_HDR(p, SHR_SERIAL, hdr, 0);
+	phdr = SHR_HDR(p, share, hdr, 0);
 	__rta_copy_ipsec_decap_pdb(p, pdb, cipherdata->algtype);
 	SET_LABEL(p, hdr);
 	pkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);
diff --git a/drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h b/drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h
index d9a5b0e..cf8dfb9 100644
--- a/drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h
+++ b/drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h
@@ -14,178 +14,176 @@ static inline int
 __rta_ssl_proto(uint16_t protoinfo)
 {
 	switch (protoinfo) {
-	case OP_PCL_SSL30_RC4_40_MD5_2:
-	case OP_PCL_SSL30_RC4_128_MD5_2:
-	case OP_PCL_SSL30_RC4_128_SHA_5:
-	case OP_PCL_SSL30_RC4_40_MD5_3:
-	case OP_PCL_SSL30_RC4_128_MD5_3:
-	case OP_PCL_SSL30_RC4_128_SHA:
-	case OP_PCL_SSL30_RC4_128_MD5:
-	case OP_PCL_SSL30_RC4_40_SHA:
-	case OP_PCL_SSL30_RC4_40_MD5:
-	case OP_PCL_SSL30_RC4_128_SHA_2:
-	case OP_PCL_SSL30_RC4_128_SHA_3:
-	case OP_PCL_SSL30_RC4_128_SHA_4:
-	case OP_PCL_SSL30_RC4_128_SHA_6:
-	case OP_PCL_SSL30_RC4_128_SHA_7:
-	case OP_PCL_SSL30_RC4_128_SHA_8:
-	case OP_PCL_SSL30_RC4_128_SHA_9:
-	case OP_PCL_SSL30_RC4_128_SHA_10:
-	case OP_PCL_TLS_ECDHE_PSK_RC4_128_SHA:
+	case OP_PCL_TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+	case OP_PCL_TLS_RSA_WITH_RC4_128_MD5:
+	case OP_PCL_TLS_RSA_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
+	case OP_PCL_TLS_DH_anon_WITH_RC4_128_MD5:
+	case OP_PCL_TLS_KRB5_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_KRB5_WITH_RC4_128_MD5:
+	case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_SHA:
+	case OP_PCL_TLS_KRB5_EXPORT_WITH_RC4_40_MD5:
+	case OP_PCL_TLS_PSK_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_DHE_PSK_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_RSA_PSK_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_ECDH_RSA_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_ECDH_anon_WITH_RC4_128_SHA:
+	case OP_PCL_TLS_ECDHE_PSK_WITH_RC4_128_SHA:
 		if (rta_sec_era == RTA_SEC_ERA_7)
 			return -EINVAL;
 		/* fall through if not Era 7 */
-	case OP_PCL_SSL30_DES40_CBC_SHA:
-	case OP_PCL_SSL30_DES_CBC_SHA_2:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_5:
-	case OP_PCL_SSL30_DES40_CBC_SHA_2:
-	case OP_PCL_SSL30_DES_CBC_SHA_3:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_6:
-	case OP_PCL_SSL30_DES40_CBC_SHA_3:
-	case OP_PCL_SSL30_DES_CBC_SHA_4:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_7:
-	case OP_PCL_SSL30_DES40_CBC_SHA_4:
-	case OP_PCL_SSL30_DES_CBC_SHA_5:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_8:
-	case OP_PCL_SSL30_DES40_CBC_SHA_5:
-	case OP_PCL_SSL30_DES_CBC_SHA_6:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_9:
-	case OP_PCL_SSL30_DES40_CBC_SHA_6:
-	case OP_PCL_SSL30_DES_CBC_SHA_7:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_10:
-	case OP_PCL_SSL30_DES_CBC_SHA:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA:
-	case OP_PCL_SSL30_DES_CBC_MD5:
-	case OP_PCL_SSL30_3DES_EDE_CBC_MD5:
-	case OP_PCL_SSL30_DES40_CBC_SHA_7:
-	case OP_PCL_SSL30_DES40_CBC_MD5:
-	case OP_PCL_SSL30_AES_128_CBC_SHA:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_2:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_3:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_4:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_5:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_6:
-	case OP_PCL_SSL30_AES_256_CBC_SHA:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_2:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_3:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_4:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_5:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_6:
-	case OP_PCL_TLS12_AES_128_CBC_SHA256_2:
-	case OP_PCL_TLS12_AES_128_CBC_SHA256_3:
-	case OP_PCL_TLS12_AES_128_CBC_SHA256_4:
-	case OP_PCL_TLS12_AES_128_CBC_SHA256_5:
-	case OP_PCL_TLS12_AES_256_CBC_SHA256_2:
-	case OP_PCL_TLS12_AES_256_CBC_SHA256_3:
-	case OP_PCL_TLS12_AES_256_CBC_SHA256_4:
-	case OP_PCL_TLS12_AES_256_CBC_SHA256_5:
-	case OP_PCL_TLS12_AES_128_CBC_SHA256_6:
-	case OP_PCL_TLS12_AES_256_CBC_SHA256_6:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_2:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_7:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_7:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_3:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_8:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_8:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_4:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_9:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_9:
-	case OP_PCL_SSL30_AES_128_GCM_SHA256_1:
-	case OP_PCL_SSL30_AES_256_GCM_SHA384_1:
-	case OP_PCL_SSL30_AES_128_GCM_SHA256_2:
-	case OP_PCL_SSL30_AES_256_GCM_SHA384_2:
-	case OP_PCL_SSL30_AES_128_GCM_SHA256_3:
-	case OP_PCL_SSL30_AES_256_GCM_SHA384_3:
-	case OP_PCL_SSL30_AES_128_GCM_SHA256_4:
-	case OP_PCL_SSL30_AES_256_GCM_SHA384_4:
-	case OP_PCL_SSL30_AES_128_GCM_SHA256_5:
-	case OP_PCL_SSL30_AES_256_GCM_SHA384_5:
-	case OP_PCL_SSL30_AES_128_GCM_SHA256_6:
-	case OP_PCL_TLS_DH_ANON_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_PSK_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_PSK_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_DHE_PSK_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_DHE_PSK_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_RSA_PSK_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_RSA_PSK_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_PSK_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_PSK_AES_256_CBC_SHA384:
-	case OP_PCL_TLS_DHE_PSK_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_DHE_PSK_AES_256_CBC_SHA384:
-	case OP_PCL_TLS_RSA_PSK_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_RSA_PSK_AES_256_CBC_SHA384:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_11:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_10:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_10:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_12:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_11:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_11:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_12:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_13:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_12:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_14:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_13:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_13:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_15:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_14:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_14:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_16:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_17:
-	case OP_PCL_SSL30_3DES_EDE_CBC_SHA_18:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_15:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_16:
-	case OP_PCL_SSL30_AES_128_CBC_SHA_17:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_15:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_16:
-	case OP_PCL_SSL30_AES_256_CBC_SHA_17:
-	case OP_PCL_TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:
-	case OP_PCL_TLS_ECDH_ECDSA_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_ECDH_ECDSA_AES_256_CBC_SHA384:
-	case OP_PCL_TLS_ECDHE_RSA_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_ECDHE_RSA_AES_256_CBC_SHA384:
-	case OP_PCL_TLS_ECDH_RSA_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_ECDH_RSA_AES_256_CBC_SHA384:
-	case OP_PCL_TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_ECDH_ECDSA_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_ECDH_ECDSA_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_ECDHE_RSA_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_ECDHE_RSA_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_ECDH_RSA_AES_128_GCM_SHA256:
-	case OP_PCL_TLS_ECDH_RSA_AES_256_GCM_SHA384:
-	case OP_PCL_TLS_ECDHE_PSK_3DES_EDE_CBC_SHA:
-	case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA:
-	case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA:
-	case OP_PCL_TLS_ECDHE_PSK_AES_128_CBC_SHA256:
-	case OP_PCL_TLS_ECDHE_PSK_AES_256_CBC_SHA384:
-	case OP_PCL_TLS12_3DES_EDE_CBC_MD5:
-	case OP_PCL_TLS12_3DES_EDE_CBC_SHA160:
-	case OP_PCL_TLS12_3DES_EDE_CBC_SHA224:
-	case OP_PCL_TLS12_3DES_EDE_CBC_SHA256:
-	case OP_PCL_TLS12_3DES_EDE_CBC_SHA384:
-	case OP_PCL_TLS12_3DES_EDE_CBC_SHA512:
-	case OP_PCL_TLS12_AES_128_CBC_SHA160:
-	case OP_PCL_TLS12_AES_128_CBC_SHA224:
-	case OP_PCL_TLS12_AES_128_CBC_SHA256:
-	case OP_PCL_TLS12_AES_128_CBC_SHA384:
-	case OP_PCL_TLS12_AES_128_CBC_SHA512:
-	case OP_PCL_TLS12_AES_192_CBC_SHA160:
-	case OP_PCL_TLS12_AES_192_CBC_SHA224:
-	case OP_PCL_TLS12_AES_192_CBC_SHA256:
-	case OP_PCL_TLS12_AES_192_CBC_SHA512:
-	case OP_PCL_TLS12_AES_256_CBC_SHA160:
-	case OP_PCL_TLS12_AES_256_CBC_SHA224:
-	case OP_PCL_TLS12_AES_256_CBC_SHA256:
-	case OP_PCL_TLS12_AES_256_CBC_SHA384:
-	case OP_PCL_TLS12_AES_256_CBC_SHA512:
-	case OP_PCL_TLS_PVT_AES_192_CBC_SHA160:
-	case OP_PCL_TLS_PVT_AES_192_CBC_SHA384:
-	case OP_PCL_TLS_PVT_AES_192_CBC_SHA224:
-	case OP_PCL_TLS_PVT_AES_192_CBC_SHA512:
-	case OP_PCL_TLS_PVT_AES_192_CBC_SHA256:
-	case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FE:
-	case OP_PCL_TLS_PVT_MASTER_SECRET_PRF_FF:
+	case OP_PCL_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA:
+	case OP_PCL_TLS_RSA_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_RSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
+	case OP_PCL_TLS_DH_DSS_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
+	case OP_PCL_TLS_DH_RSA_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
+	case OP_PCL_TLS_DHE_DSS_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
+	case OP_PCL_TLS_DHE_RSA_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
+	case OP_PCL_TLS_DH_anon_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_KRB5_WITH_DES_CBC_SHA:
+	case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_KRB5_WITH_DES_CBC_MD5:
+	case OP_PCL_TLS_KRB5_WITH_3DES_EDE_CBC_MD5:
+	case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA:
+	case OP_PCL_TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5:
+	case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
+	case OP_PCL_TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
+	case OP_PCL_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+	case OP_PCL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+	case OP_PCL_TLS_DH_anon_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_DH_anon_WITH_AES_256_CBC_SHA256:
+	case OP_PCL_TLS_PSK_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_RSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_RSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_DH_anon_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_DH_anon_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_PSK_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_PSK_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_PSK_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_PSK_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
+	case OP_PCL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
+	case OP_PCL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:
+	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:
+	case OP_PCL_TLS_RSA_WITH_AES_128_CBC_SHA256:
+	case OP_PCL_TLS_RSA_WITH_AES_256_CBC_SHA256:
+	case OP_PCL_PVT_TLS_3DES_EDE_CBC_MD5:
+	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA160:
+	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA224:
+	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA256:
+	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA384:
+	case OP_PCL_PVT_TLS_3DES_EDE_CBC_SHA512:
+	case OP_PCL_PVT_TLS_AES_128_CBC_SHA160:
+	case OP_PCL_PVT_TLS_AES_128_CBC_SHA224:
+	case OP_PCL_PVT_TLS_AES_128_CBC_SHA256:
+	case OP_PCL_PVT_TLS_AES_128_CBC_SHA384:
+	case OP_PCL_PVT_TLS_AES_128_CBC_SHA512:
+	case OP_PCL_PVT_TLS_AES_192_CBC_SHA160:
+	case OP_PCL_PVT_TLS_AES_192_CBC_SHA224:
+	case OP_PCL_PVT_TLS_AES_192_CBC_SHA256:
+	case OP_PCL_PVT_TLS_AES_192_CBC_SHA512:
+	case OP_PCL_PVT_TLS_AES_256_CBC_SHA160:
+	case OP_PCL_PVT_TLS_AES_256_CBC_SHA224:
+	case OP_PCL_PVT_TLS_AES_256_CBC_SHA384:
+	case OP_PCL_PVT_TLS_AES_256_CBC_SHA512:
+	case OP_PCL_PVT_TLS_AES_256_CBC_SHA256:
+	case OP_PCL_PVT_TLS_AES_192_CBC_SHA384:
+	case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FE:
+	case OP_PCL_PVT_TLS_MASTER_SECRET_PRF_FF:
 		return 0;
 	}
 
@@ -323,6 +321,12 @@ static const uint32_t proto_blob_flags[] = {
 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
 	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
+		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
+	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
+		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
+	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
+		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM,
+	OP_PCL_BLOB_FORMAT_MASK | OP_PCL_BLOB_BLACK | OP_PCL_BLOB_TKEK |
 		OP_PCL_BLOB_EKT | OP_PCL_BLOB_REG_MASK | OP_PCL_BLOB_SEC_MEM
 };
 
@@ -556,7 +560,7 @@ static const struct proto_map proto_table[] = {
 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS10_PRF,	 __rta_ssl_proto},
 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS11_PRF,	 __rta_ssl_proto},
 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_TLS12_PRF,	 __rta_ssl_proto},
-	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DTLS10_PRF,	 __rta_ssl_proto},
+	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_DTLS_PRF,	 __rta_ssl_proto},
 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_IKEV1_PRF,	 __rta_ike_proto},
 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_IKEV2_PRF,	 __rta_ike_proto},
 	{OP_TYPE_UNI_PROTOCOL,   OP_PCLID_PUBLICKEYPAIR, __rta_dlc_proto},
@@ -568,7 +572,7 @@ static const struct proto_map proto_table[] = {
 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS10,	 __rta_ssl_proto},
 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS11,	 __rta_ssl_proto},
 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_TLS12,	 __rta_ssl_proto},
-	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS10,	 __rta_ssl_proto},
+	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_DTLS,		 __rta_ssl_proto},
 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_MACSEC,        __rta_macsec_proto},
 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIFI,          __rta_wifi_proto},
 	{OP_TYPE_DECAP_PROTOCOL, OP_PCLID_WIMAX,         __rta_wimax_proto},
diff --git a/drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h b/drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h
index 6e66610..5357187 100644
--- a/drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h
+++ b/drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h
@@ -497,6 +497,28 @@ __rta_out64(struct program *program, bool is_ext, uint64_t val)
 	}
 }
 
+static inline void __rta_out_be64(struct program *program, bool is_ext,
+				  uint64_t val)
+{
+	if (is_ext) {
+		__rta_out_be32(program, upper_32_bits(val));
+		__rta_out_be32(program, lower_32_bits(val));
+	} else {
+		__rta_out_be32(program, lower_32_bits(val));
+	}
+}
+
+static inline void __rta_out_le64(struct program *program, bool is_ext,
+				  uint64_t val)
+{
+	if (is_ext) {
+		__rta_out_le32(program, lower_32_bits(val));
+		__rta_out_le32(program, upper_32_bits(val));
+	} else {
+		__rta_out_le32(program, lower_32_bits(val));
+	}
+}
+
 static inline unsigned int
 rta_word(struct program *program, uint32_t val)
 {
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index f571050..8f183e9 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -488,13 +488,15 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 			if (ses->dir == DIR_ENC) {
 				shared_desc_len = cnstr_shdsc_ipsec_new_encap(
 						cdb->sh_desc,
-						true, swap, &ses->encap_pdb,
+						true, swap, SHR_SERIAL,
+						&ses->encap_pdb,
 						(uint8_t *)&ses->ip4_hdr,
 						&alginfo_c, &alginfo_a);
 			} else if (ses->dir == DIR_DEC) {
 				shared_desc_len = cnstr_shdsc_ipsec_new_decap(
 						cdb->sh_desc,
-						true, swap, &ses->decap_pdb,
+						true, swap, SHR_SERIAL,
+						&ses->decap_pdb,
 						&alginfo_c, &alginfo_a);
 			}
 		} else {
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 02/10] crypto/dpaa_sec: session reset before init
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 01/10] crypto/dpaa2_sec: update the flib RTA to latest Hemant Agrawal
@ 2018-08-30  5:50 ` Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 03/10] crypto/dpaa_sec: add LOCK before Rx HW queue attach Hemant Agrawal
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:50 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 2 ++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index ac49029..27f2eca 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2099,6 +2099,7 @@ dpaa2_sec_set_session_parameters(struct rte_cryptodev *dev,
 		return -1;
 	}
 
+	memset(session, 0, sizeof(dpaa2_sec_session));
 	/* Default IV length = 0 */
 	session->iv.length = 0;
 
@@ -2156,6 +2157,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 
 	PMD_INIT_FUNC_TRACE();
 
+	memset(session, 0, sizeof(dpaa2_sec_session));
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
 		cipher_xform = &conf->crypto_xform->cipher;
 		auth_xform = &conf->crypto_xform->next->auth;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 8f183e9..95f317d 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1762,6 +1762,7 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 		DPAA_SEC_ERR("invalid session struct");
 		return -EINVAL;
 	}
+	memset(session, 0, sizeof(dpaa_sec_session));
 
 	/* Default IV length = 0 */
 	session->iv.length = 0;
@@ -1896,6 +1897,7 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 
 	PMD_INIT_FUNC_TRACE();
 
+	memset(session, 0, sizeof(dpaa_sec_session));
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
 		cipher_xform = &conf->crypto_xform->cipher;
 		auth_xform = &conf->crypto_xform->next->auth;
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 03/10] crypto/dpaa_sec: add LOCK before Rx HW queue attach
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 01/10] crypto/dpaa2_sec: update the flib RTA to latest Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 02/10] crypto/dpaa_sec: session reset before init Hemant Agrawal
@ 2018-08-30  5:50 ` Hemant Agrawal
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 04/10] crypto/dpaa_sec: session qp should match with given qp Hemant Agrawal
                   ` (7 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:50 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

This is to safegaurd as the session config can be done from multi-threads.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c | 6 ++++++
 drivers/crypto/dpaa_sec/dpaa_sec.h | 1 +
 2 files changed, 7 insertions(+)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 95f317d..35e4e3e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -23,6 +23,7 @@
 #include <rte_mbuf.h>
 #include <rte_memcpy.h>
 #include <rte_string_fns.h>
+#include <rte_spinlock.h>
 
 #include <fsl_usd.h>
 #include <fsl_qman.h>
@@ -1810,7 +1811,9 @@ dpaa_sec_set_session_parameters(struct rte_cryptodev *dev,
 		return -EINVAL;
 	}
 	session->ctx_pool = internals->ctx_pool;
+	rte_spinlock_lock(&internals->lock);
 	session->inq = dpaa_sec_attach_rxq(internals);
+	rte_spinlock_unlock(&internals->lock);
 	if (session->inq == NULL) {
 		DPAA_SEC_ERR("unable to attach sec queue");
 		goto err1;
@@ -2037,7 +2040,9 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 	} else
 		goto out;
 	session->ctx_pool = internals->ctx_pool;
+	rte_spinlock_lock(&internals->lock);
 	session->inq = dpaa_sec_attach_rxq(internals);
+	rte_spinlock_unlock(&internals->lock);
 	if (session->inq == NULL) {
 		DPAA_SEC_ERR("unable to attach sec queue");
 		goto out;
@@ -2288,6 +2293,7 @@ dpaa_sec_dev_init(struct rte_cryptodev *cryptodev)
 	security_instance->sess_cnt = 0;
 	cryptodev->security_ctx = security_instance;
 
+	rte_spinlock_init(&internals->lock);
 	for (i = 0; i < internals->max_nb_queue_pairs; i++) {
 		/* init qman fq for queue pair */
 		qp = &internals->qps[i];
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index ac6c00a..e923942 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -150,6 +150,7 @@ struct dpaa_sec_dev_private {
 	unsigned char inq_attach[RTE_DPAA_MAX_RX_QUEUE];
 	unsigned int max_nb_queue_pairs;
 	unsigned int max_nb_sessions;
+	rte_spinlock_t lock;
 };
 
 #define MAX_SG_ENTRIES		16
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 04/10] crypto/dpaa_sec: session qp should match with given qp
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (2 preceding siblings ...)
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 03/10] crypto/dpaa_sec: add LOCK before Rx HW queue attach Hemant Agrawal
@ 2018-08-30  5:50 ` Hemant Agrawal
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 05/10] crypto/dpaa_sec: reduce the number of QP per device Hemant Agrawal
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:50 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

if session->qp != qp to be enqueued, it should show an error and
not try to re-attach another qp.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 35e4e3e..30c60e9 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1448,14 +1448,18 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 				nb_ops = loop;
 				goto send_pkts;
 			}
-			if (unlikely(!ses->qp || ses->qp != qp)) {
-				DPAA_SEC_DP_ERR("sess->qp - %p qp %p",
-					     ses->qp, qp);
+			if (unlikely(!ses->qp)) {
 				if (dpaa_sec_attach_sess_q(qp, ses)) {
 					frames_to_send = loop;
 					nb_ops = loop;
 					goto send_pkts;
 				}
+			} else if (unlikely(ses->qp != qp)) {
+				DPAA_SEC_DP_ERR("Old:sess->qp = %p"
+					" New qp = %p\n", ses->qp, qp);
+				frames_to_send = loop;
+				nb_ops = loop;
+				goto send_pkts;
 			}
 
 			auth_only_len = op->sym->auth.data.length -
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 05/10] crypto/dpaa_sec: reduce the number of QP per device
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (3 preceding siblings ...)
  2018-08-30  5:50 ` [dpdk-dev] [PATCH 04/10] crypto/dpaa_sec: session qp should match with given qp Hemant Agrawal
@ 2018-08-30  5:51 ` Hemant Agrawal
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 06/10] crypto/dpaa_sec: enable sequence no rollover Hemant Agrawal
                   ` (5 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:51 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index e923942..f4b8784 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -137,7 +137,7 @@ struct dpaa_sec_qp {
 	int tx_errs;
 };
 
-#define RTE_DPAA_MAX_NB_SEC_QPS 8
+#define RTE_DPAA_MAX_NB_SEC_QPS 2
 #define RTE_DPAA_MAX_RX_QUEUE RTE_DPAA_SEC_PMD_MAX_NB_SESSIONS
 #define DPAA_MAX_DEQUEUE_NUM_FRAMES 63
 
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 06/10] crypto/dpaa_sec: enable sequence no rollover
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (4 preceding siblings ...)
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 05/10] crypto/dpaa_sec: reduce the number of QP per device Hemant Agrawal
@ 2018-08-30  5:51 ` Hemant Agrawal
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 07/10] crypto/dpaa2_sec: " Hemant Agrawal
                   ` (4 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:51 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

With this patch sequence number will be rolled over and
SEC block will ignore the sequence number overflow error.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 30c60e9..e5b18df 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2031,7 +2031,8 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 			(IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
 			PDBOPTS_ESP_OIHI_PDB_INL |
 			PDBOPTS_ESP_IVSRC |
-			PDBHMO_ESP_ENCAP_DTTL;
+			PDBHMO_ESP_ENCAP_DTTL |
+			PDBHMO_ESP_SNR;
 		session->encap_pdb.spi = ipsec_xform->spi;
 		session->encap_pdb.ip_hdr_len = sizeof(struct ip);
 
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 07/10] crypto/dpaa2_sec: enable sequence no rollover
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (5 preceding siblings ...)
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 06/10] crypto/dpaa_sec: enable sequence no rollover Hemant Agrawal
@ 2018-08-30  5:51 ` Hemant Agrawal
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 08/10] crypto/dpaa2_sec: add out of place crypto support Hemant Agrawal
                   ` (3 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:51 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

From: Akhil Goyal <akhil.goyal@nxp.com>

With this patch sequence number will be rolled over and
SEC block will ignore the sequence number overflow error.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 27f2eca..99cc719 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2324,7 +2324,8 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		encap_pdb.options = (IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |
 			PDBOPTS_ESP_OIHI_PDB_INL |
 			PDBOPTS_ESP_IVSRC |
-			PDBHMO_ESP_ENCAP_DTTL;
+			PDBHMO_ESP_ENCAP_DTTL |
+			PDBHMO_ESP_SNR;
 		encap_pdb.spi = ipsec_xform->spi;
 		encap_pdb.ip_hdr_len = sizeof(struct ip);
 
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 08/10] crypto/dpaa2_sec: add out of place crypto support
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (6 preceding siblings ...)
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 07/10] crypto/dpaa2_sec: " Hemant Agrawal
@ 2018-08-30  5:51 ` Hemant Agrawal
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 09/10] crypto/dpaa2_sec: multi algo support for ipsec session Hemant Agrawal
                   ` (2 subsequent siblings)
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:51 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 76 +++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 99cc719..ca6ddad 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -62,11 +62,75 @@ static uint8_t cryptodev_driver_id;
 int dpaa2_logtype_sec;
 
 static inline int
+build_proto_compound_fd(dpaa2_sec_session *sess,
+	       struct rte_crypto_op *op,
+	       struct qbman_fd *fd, uint16_t bpid)
+{
+	struct rte_crypto_sym_op *sym_op = op->sym;
+	struct ctxt_priv *priv = sess->ctxt;
+	struct qbman_fle *fle, *ip_fle, *op_fle;
+	struct sec_flow_context *flc;
+	struct rte_mbuf *src_mbuf = sym_op->m_src;
+	struct rte_mbuf *dst_mbuf = sym_op->m_dst;
+	int retval;
+
+	/* Save the shared descriptor */
+	flc = &priv->flc_desc[0].flc;
+
+	/* we are using the first FLE entry to store Mbuf */
+	retval = rte_mempool_get(priv->fle_pool, (void **)(&fle));
+	if (retval) {
+		DPAA2_SEC_ERR("Memory alloc failed");
+		return -1;
+	}
+	memset(fle, 0, FLE_POOL_BUF_SIZE);
+	DPAA2_SET_FLE_ADDR(fle, (size_t)op);
+	DPAA2_FLE_SAVE_CTXT(fle, (ptrdiff_t)priv);
+
+	op_fle = fle + 1;
+	ip_fle = fle + 2;
+
+	if (likely(bpid < MAX_BPID)) {
+		DPAA2_SET_FD_BPID(fd, bpid);
+		DPAA2_SET_FLE_BPID(op_fle, bpid);
+		DPAA2_SET_FLE_BPID(ip_fle, bpid);
+	} else {
+		DPAA2_SET_FD_IVP(fd);
+		DPAA2_SET_FLE_IVP(op_fle);
+		DPAA2_SET_FLE_IVP(ip_fle);
+	}
+
+	/* Configure FD as a FRAME LIST */
+	DPAA2_SET_FD_ADDR(fd, DPAA2_VADDR_TO_IOVA(op_fle));
+	DPAA2_SET_FD_COMPOUND_FMT(fd);
+	DPAA2_SET_FD_FLC(fd, (ptrdiff_t)flc);
+
+	/* Configure Output FLE with dst mbuf data  */
+	DPAA2_SET_FLE_ADDR(op_fle, DPAA2_MBUF_VADDR_TO_IOVA(dst_mbuf));
+	DPAA2_SET_FLE_OFFSET(op_fle, dst_mbuf->data_off);
+	DPAA2_SET_FLE_LEN(op_fle, dst_mbuf->buf_len);
+
+	/* Configure Input FLE with src mbuf data */
+	DPAA2_SET_FLE_ADDR(ip_fle, DPAA2_MBUF_VADDR_TO_IOVA(src_mbuf));
+	DPAA2_SET_FLE_OFFSET(ip_fle, src_mbuf->data_off);
+	DPAA2_SET_FLE_LEN(ip_fle, src_mbuf->pkt_len);
+
+	DPAA2_SET_FD_LEN(fd, ip_fle->length);
+	DPAA2_SET_FLE_FIN(ip_fle);
+
+	return 0;
+
+}
+
+static inline int
 build_proto_fd(dpaa2_sec_session *sess,
 	       struct rte_crypto_op *op,
 	       struct qbman_fd *fd, uint16_t bpid)
 {
 	struct rte_crypto_sym_op *sym_op = op->sym;
+	if (sym_op->m_dst)
+		return build_proto_compound_fd(sess, op, fd, bpid);
+
 	struct ctxt_priv *priv = sess->ctxt;
 	struct sec_flow_context *flc;
 	struct rte_mbuf *mbuf = sym_op->m_src;
@@ -1273,6 +1337,16 @@ sec_fd_to_mbuf(const struct qbman_fd *fd, uint8_t driver_id)
 	} else
 		dst = src;
 
+	if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
+		dpaa2_sec_session *sess = (dpaa2_sec_session *)
+			get_sec_session_private_data(op->sym->sec_session);
+		if (sess->ctxt_type == DPAA2_SEC_IPSEC) {
+			uint16_t len = DPAA2_GET_FD_LEN(fd);
+			dst->pkt_len = len;
+			dst->data_len = len;
+		}
+	}
+
 	DPAA2_SEC_DP_DEBUG("mbuf %p BMAN buf addr %p,"
 		" fdaddr =%" PRIx64 " bpid =%d meta =%d off =%d, len =%d\n",
 		(void *)dst,
@@ -2154,6 +2228,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 	struct alginfo authdata, cipherdata;
 	int bufsize;
 	struct sec_flow_context *flc;
+	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
 
 	PMD_INIT_FUNC_TRACE();
 
@@ -2175,6 +2250,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		return -ENOMEM;
 	}
 
+	priv->fle_pool = dev_priv->fle_pool;
 	flc = &priv->flc_desc[0].flc;
 
 	session->ctxt_type = DPAA2_SEC_IPSEC;
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 09/10] crypto/dpaa2_sec: multi algo support for ipsec session
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (7 preceding siblings ...)
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 08/10] crypto/dpaa2_sec: add out of place crypto support Hemant Agrawal
@ 2018-08-30  5:51 ` Hemant Agrawal
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: ipsec offload add null algo support Hemant Agrawal
  2018-09-26 12:27 ` [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Akhil Goyal
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:51 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 294 ++++++++++++++++++----------
 1 file changed, 190 insertions(+), 104 deletions(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index ca6ddad..e3dafeb 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2214,110 +2214,127 @@ dpaa2_sec_set_session_parameters(struct rte_cryptodev *dev,
 }
 
 static int
-dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
-			    struct rte_security_session_conf *conf,
-			    void *sess)
+dpaa2_sec_ipsec_aead_init(struct rte_crypto_aead_xform *aead_xform,
+			dpaa2_sec_session *session,
+			struct alginfo *aeaddata)
 {
-	struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
-	struct rte_crypto_auth_xform *auth_xform;
-	struct rte_crypto_cipher_xform *cipher_xform;
-	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
-	struct ctxt_priv *priv;
-	struct ipsec_encap_pdb encap_pdb;
-	struct ipsec_decap_pdb decap_pdb;
-	struct alginfo authdata, cipherdata;
-	int bufsize;
-	struct sec_flow_context *flc;
-	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
-
 	PMD_INIT_FUNC_TRACE();
 
-	memset(session, 0, sizeof(dpaa2_sec_session));
-	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
-		cipher_xform = &conf->crypto_xform->cipher;
-		auth_xform = &conf->crypto_xform->next->auth;
-	} else {
-		auth_xform = &conf->crypto_xform->auth;
-		cipher_xform = &conf->crypto_xform->next->cipher;
+	session->aead_key.data = rte_zmalloc(NULL, aead_xform->key.length,
+					       RTE_CACHE_LINE_SIZE);
+	if (session->aead_key.data == NULL && aead_xform->key.length > 0) {
+		DPAA2_SEC_ERR("No Memory for aead key");
+		return -1;
 	}
-	priv = (struct ctxt_priv *)rte_zmalloc(NULL,
-				sizeof(struct ctxt_priv) +
-				sizeof(struct sec_flc_desc),
-				RTE_CACHE_LINE_SIZE);
+	memcpy(session->aead_key.data, aead_xform->key.data,
+	       aead_xform->key.length);
 
-	if (priv == NULL) {
-		DPAA2_SEC_ERR("No memory for priv CTXT");
-		return -ENOMEM;
-	}
+	session->digest_length = aead_xform->digest_length;
+	session->aead_key.length = aead_xform->key.length;
 
-	priv->fle_pool = dev_priv->fle_pool;
-	flc = &priv->flc_desc[0].flc;
+	aeaddata->key = (size_t)session->aead_key.data;
+	aeaddata->keylen = session->aead_key.length;
+	aeaddata->key_enc_flags = 0;
+	aeaddata->key_type = RTA_DATA_IMM;
 
-	session->ctxt_type = DPAA2_SEC_IPSEC;
-	session->cipher_key.data = rte_zmalloc(NULL,
-					       cipher_xform->key.length,
-					       RTE_CACHE_LINE_SIZE);
-	if (session->cipher_key.data == NULL &&
-			cipher_xform->key.length > 0) {
-		DPAA2_SEC_ERR("No Memory for cipher key");
-		rte_free(priv);
-		return -ENOMEM;
+	switch (aead_xform->algo) {
+	case RTE_CRYPTO_AEAD_AES_GCM:
+		aeaddata->algtype = OP_ALG_ALGSEL_AES;
+		aeaddata->algmode = OP_ALG_AAI_GCM;
+		session->aead_alg = RTE_CRYPTO_AEAD_AES_GCM;
+		break;
+	case RTE_CRYPTO_AEAD_AES_CCM:
+		aeaddata->algtype = OP_ALG_ALGSEL_AES;
+		aeaddata->algmode = OP_ALG_AAI_CCM;
+		session->aead_alg = RTE_CRYPTO_AEAD_AES_CCM;
+		break;
+	default:
+		DPAA2_SEC_ERR("Crypto: Undefined AEAD specified %u",
+			      aead_xform->algo);
+		return -1;
 	}
+	session->dir = (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
+				DIR_ENC : DIR_DEC;
 
-	session->cipher_key.length = cipher_xform->key.length;
-	session->auth_key.data = rte_zmalloc(NULL,
-					auth_xform->key.length,
-					RTE_CACHE_LINE_SIZE);
-	if (session->auth_key.data == NULL &&
-			auth_xform->key.length > 0) {
-		DPAA2_SEC_ERR("No Memory for auth key");
-		rte_free(session->cipher_key.data);
-		rte_free(priv);
-		return -ENOMEM;
+	return 0;
+}
+
+static int
+dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
+	struct rte_crypto_auth_xform *auth_xform,
+	dpaa2_sec_session *session,
+	struct alginfo *cipherdata,
+	struct alginfo *authdata)
+{
+	if (cipher_xform) {
+		session->cipher_key.data = rte_zmalloc(NULL,
+						       cipher_xform->key.length,
+						       RTE_CACHE_LINE_SIZE);
+		if (session->cipher_key.data == NULL &&
+				cipher_xform->key.length > 0) {
+			DPAA2_SEC_ERR("No Memory for cipher key");
+			return -ENOMEM;
+		}
+
+		session->cipher_key.length = cipher_xform->key.length;
+		memcpy(session->cipher_key.data, cipher_xform->key.data,
+				cipher_xform->key.length);
+		session->cipher_alg = cipher_xform->algo;
+	} else {
+		session->cipher_key.data = NULL;
+		session->cipher_key.length = 0;
+		session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
+	}
+
+	if (auth_xform) {
+		session->auth_key.data = rte_zmalloc(NULL,
+						auth_xform->key.length,
+						RTE_CACHE_LINE_SIZE);
+		if (session->auth_key.data == NULL &&
+				auth_xform->key.length > 0) {
+			DPAA2_SEC_ERR("No Memory for auth key");
+			return -ENOMEM;
+		}
+		session->auth_key.length = auth_xform->key.length;
+		memcpy(session->auth_key.data, auth_xform->key.data,
+				auth_xform->key.length);
+		session->auth_alg = auth_xform->algo;
+	} else {
+		session->auth_key.data = NULL;
+		session->auth_key.length = 0;
+		session->auth_alg = RTE_CRYPTO_AUTH_NULL;
 	}
-	session->auth_key.length = auth_xform->key.length;
-	memcpy(session->cipher_key.data, cipher_xform->key.data,
-			cipher_xform->key.length);
-	memcpy(session->auth_key.data, auth_xform->key.data,
-			auth_xform->key.length);
 
-	authdata.key = (size_t)session->auth_key.data;
-	authdata.keylen = session->auth_key.length;
-	authdata.key_enc_flags = 0;
-	authdata.key_type = RTA_DATA_IMM;
-	switch (auth_xform->algo) {
+	authdata->key = (size_t)session->auth_key.data;
+	authdata->keylen = session->auth_key.length;
+	authdata->key_enc_flags = 0;
+	authdata->key_type = RTA_DATA_IMM;
+	switch (session->auth_alg) {
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		authdata.algtype = OP_PCL_IPSEC_HMAC_SHA1_96;
-		authdata.algmode = OP_ALG_AAI_HMAC;
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA1_HMAC;
+		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA1_96;
+		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
-		authdata.algtype = OP_PCL_IPSEC_HMAC_MD5_96;
-		authdata.algmode = OP_ALG_AAI_HMAC;
-		session->auth_alg = RTE_CRYPTO_AUTH_MD5_HMAC;
+		authdata->algtype = OP_PCL_IPSEC_HMAC_MD5_96;
+		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		authdata.algtype = OP_PCL_IPSEC_HMAC_SHA2_256_128;
-		authdata.algmode = OP_ALG_AAI_HMAC;
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA256_HMAC;
+		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_256_128;
+		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
-		authdata.algtype = OP_PCL_IPSEC_HMAC_SHA2_384_192;
-		authdata.algmode = OP_ALG_AAI_HMAC;
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA384_HMAC;
+		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_384_192;
+		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
-		authdata.algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256;
-		authdata.algmode = OP_ALG_AAI_HMAC;
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
+		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_512_256;
+		authdata->algmode = OP_ALG_AAI_HMAC;
 		break;
 	case RTE_CRYPTO_AUTH_AES_CMAC:
-		authdata.algtype = OP_PCL_IPSEC_AES_CMAC_96;
-		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
+		authdata->algtype = OP_PCL_IPSEC_AES_CMAC_96;
 		break;
 	case RTE_CRYPTO_AUTH_NULL:
-		authdata.algtype = OP_PCL_IPSEC_HMAC_NULL;
-		session->auth_alg = RTE_CRYPTO_AUTH_NULL;
+		authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
 		break;
 	case RTE_CRYPTO_AUTH_SHA224_HMAC:
 	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
@@ -2333,50 +2350,119 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 	case RTE_CRYPTO_AUTH_ZUC_EIA3:
 		DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
-			      auth_xform->algo);
-		goto out;
+			      session->auth_alg);
+		return -1;
 	default:
 		DPAA2_SEC_ERR("Crypto: Undefined Auth specified %u",
-			      auth_xform->algo);
-		goto out;
+			      session->auth_alg);
+		return -1;
 	}
-	cipherdata.key = (size_t)session->cipher_key.data;
-	cipherdata.keylen = session->cipher_key.length;
-	cipherdata.key_enc_flags = 0;
-	cipherdata.key_type = RTA_DATA_IMM;
+	cipherdata->key = (size_t)session->cipher_key.data;
+	cipherdata->keylen = session->cipher_key.length;
+	cipherdata->key_enc_flags = 0;
+	cipherdata->key_type = RTA_DATA_IMM;
 
-	switch (cipher_xform->algo) {
+	switch (session->cipher_alg) {
 	case RTE_CRYPTO_CIPHER_AES_CBC:
-		cipherdata.algtype = OP_PCL_IPSEC_AES_CBC;
-		cipherdata.algmode = OP_ALG_AAI_CBC;
-		session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CBC;
+		cipherdata->algtype = OP_PCL_IPSEC_AES_CBC;
+		cipherdata->algmode = OP_ALG_AAI_CBC;
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
-		cipherdata.algtype = OP_PCL_IPSEC_3DES;
-		cipherdata.algmode = OP_ALG_AAI_CBC;
-		session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
+		cipherdata->algtype = OP_PCL_IPSEC_3DES;
+		cipherdata->algmode = OP_ALG_AAI_CBC;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CTR:
-		cipherdata.algtype = OP_PCL_IPSEC_AES_CTR;
-		cipherdata.algmode = OP_ALG_AAI_CTR;
-		session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR;
+		cipherdata->algtype = OP_PCL_IPSEC_AES_CTR;
+		cipherdata->algmode = OP_ALG_AAI_CTR;
 		break;
 	case RTE_CRYPTO_CIPHER_NULL:
-		cipherdata.algtype = OP_PCL_IPSEC_NULL;
+		cipherdata->algtype = OP_PCL_IPSEC_NULL;
 		break;
 	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_KASUMI_F8:
 		DPAA2_SEC_ERR("Crypto: Unsupported Cipher alg %u",
-			      cipher_xform->algo);
-		goto out;
+			      session->cipher_alg);
+		return -1;
 	default:
 		DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %u",
-			      cipher_xform->algo);
+			      session->cipher_alg);
+		return -1;
+	}
+
+	return 0;
+}
+
+#ifdef RTE_LIBRTE_SECURITY_TEST
+static uint8_t aes_cbc_iv[] = {
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
+#endif
+
+static int
+dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
+			    struct rte_security_session_conf *conf,
+			    void *sess)
+{
+	struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
+	struct rte_crypto_auth_xform *auth_xform = NULL;
+	struct rte_crypto_aead_xform *aead_xform = NULL;
+	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
+	struct ctxt_priv *priv;
+	struct ipsec_encap_pdb encap_pdb;
+	struct ipsec_decap_pdb decap_pdb;
+	struct alginfo authdata, cipherdata;
+	int bufsize;
+	struct sec_flow_context *flc;
+	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
+	int ret = -1;
+
+	PMD_INIT_FUNC_TRACE();
+
+	priv = (struct ctxt_priv *)rte_zmalloc(NULL,
+				sizeof(struct ctxt_priv) +
+				sizeof(struct sec_flc_desc),
+				RTE_CACHE_LINE_SIZE);
+
+	if (priv == NULL) {
+		DPAA2_SEC_ERR("No memory for priv CTXT");
+		return -ENOMEM;
+	}
+
+	priv->fle_pool = dev_priv->fle_pool;
+	flc = &priv->flc_desc[0].flc;
+
+	memset(session, 0, sizeof(dpaa2_sec_session));
+
+	if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+		cipher_xform = &conf->crypto_xform->cipher;
+		if (conf->crypto_xform->next)
+			auth_xform = &conf->crypto_xform->next->auth;
+		ret = dpaa2_sec_ipsec_proto_init(cipher_xform, auth_xform,
+					session, &cipherdata, &authdata);
+	} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+		auth_xform = &conf->crypto_xform->auth;
+		if (conf->crypto_xform->next)
+			cipher_xform = &conf->crypto_xform->next->cipher;
+		ret = dpaa2_sec_ipsec_proto_init(cipher_xform, auth_xform,
+					session, &cipherdata, &authdata);
+	} else if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+		aead_xform = &conf->crypto_xform->aead;
+		ret = dpaa2_sec_ipsec_aead_init(aead_xform,
+					session, &cipherdata);
+	} else {
+		DPAA2_SEC_ERR("XFORM not specified");
+		ret = -EINVAL;
+		goto out;
+	}
+	if (ret) {
+		DPAA2_SEC_ERR("Failed to process xform");
 		goto out;
 	}
 
+	session->ctxt_type = DPAA2_SEC_IPSEC;
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
 		struct ip ip4_hdr;
 
@@ -2388,7 +2474,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 		ip4_hdr.ip_id = 0;
 		ip4_hdr.ip_off = 0;
 		ip4_hdr.ip_ttl = ipsec_xform->tunnel.ipv4.ttl;
-		ip4_hdr.ip_p = 0x32;
+		ip4_hdr.ip_p = IPPROTO_ESP;
 		ip4_hdr.ip_sum = 0;
 		ip4_hdr.ip_src = ipsec_xform->tunnel.ipv4.src_ip;
 		ip4_hdr.ip_dst = ipsec_xform->tunnel.ipv4.dst_ip;
@@ -2452,7 +2538,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 	rte_free(session->auth_key.data);
 	rte_free(session->cipher_key.data);
 	rte_free(priv);
-	return -1;
+	return ret;
 }
 
 static int
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: ipsec offload add null algo support
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (8 preceding siblings ...)
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 09/10] crypto/dpaa2_sec: multi algo support for ipsec session Hemant Agrawal
@ 2018-08-30  5:51 ` Hemant Agrawal
  2018-09-26 12:27 ` [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Akhil Goyal
  10 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2018-08-30  5:51 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c | 284 +++++++++++++++++++++----------------
 1 file changed, 165 insertions(+), 119 deletions(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index e5b18df..2f0a5d2 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -275,6 +275,9 @@ caam_auth_alg(dpaa_sec_session *ses, struct alginfo *alginfo_a)
 {
 	switch (ses->auth_alg) {
 	case RTE_CRYPTO_AUTH_NULL:
+		alginfo_a->algtype =
+			(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
+			OP_PCL_IPSEC_HMAC_NULL : 0;
 		ses->digest_length = 0;
 		break;
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
@@ -323,6 +326,9 @@ caam_cipher_alg(dpaa_sec_session *ses, struct alginfo *alginfo_c)
 {
 	switch (ses->cipher_alg) {
 	case RTE_CRYPTO_CIPHER_NULL:
+		alginfo_c->algtype =
+			(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?
+			OP_PCL_IPSEC_NULL : 0;
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		alginfo_c->algtype =
@@ -360,6 +366,87 @@ caam_aead_alg(dpaa_sec_session *ses, struct alginfo *alginfo)
 	}
 }
 
+/* prepare ipsec proto command block of the session */
+static int
+dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
+{
+	struct alginfo cipherdata = {0}, authdata = {0};
+	struct sec_cdb *cdb = &ses->cdb;
+	int32_t shared_desc_len = 0;
+	int err;
+#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+	int swap = false;
+#else
+	int swap = true;
+#endif
+
+	caam_cipher_alg(ses, &cipherdata);
+	if (cipherdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
+		DPAA_SEC_ERR("not supported cipher alg");
+		return -ENOTSUP;
+	}
+
+	cipherdata.key = (size_t)ses->cipher_key.data;
+	cipherdata.keylen = ses->cipher_key.length;
+	cipherdata.key_enc_flags = 0;
+	cipherdata.key_type = RTA_DATA_IMM;
+
+	caam_auth_alg(ses, &authdata);
+	if (authdata.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
+		DPAA_SEC_ERR("not supported auth alg");
+		return -ENOTSUP;
+	}
+
+	authdata.key = (size_t)ses->auth_key.data;
+	authdata.keylen = ses->auth_key.length;
+	authdata.key_enc_flags = 0;
+	authdata.key_type = RTA_DATA_IMM;
+
+	cdb->sh_desc[0] = cipherdata.keylen;
+	cdb->sh_desc[1] = authdata.keylen;
+	err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
+			       MIN_JOB_DESC_SIZE,
+			       (unsigned int *)cdb->sh_desc,
+			       &cdb->sh_desc[2], 2);
+
+	if (err < 0) {
+		DPAA_SEC_ERR("Crypto: Incorrect key lengths");
+		return err;
+	}
+	if (cdb->sh_desc[2] & 1)
+		cipherdata.key_type = RTA_DATA_IMM;
+	else {
+		cipherdata.key = (size_t)dpaa_mem_vtop(
+					(void *)(size_t)cipherdata.key);
+		cipherdata.key_type = RTA_DATA_PTR;
+	}
+	if (cdb->sh_desc[2] & (1<<1))
+		authdata.key_type = RTA_DATA_IMM;
+	else {
+		authdata.key = (size_t)dpaa_mem_vtop(
+					(void *)(size_t)authdata.key);
+		authdata.key_type = RTA_DATA_PTR;
+	}
+
+	cdb->sh_desc[0] = 0;
+	cdb->sh_desc[1] = 0;
+	cdb->sh_desc[2] = 0;
+	if (ses->dir == DIR_ENC) {
+		shared_desc_len = cnstr_shdsc_ipsec_new_encap(
+				cdb->sh_desc,
+				true, swap, SHR_SERIAL,
+				&ses->encap_pdb,
+				(uint8_t *)&ses->ip4_hdr,
+				&cipherdata, &authdata);
+	} else if (ses->dir == DIR_DEC) {
+		shared_desc_len = cnstr_shdsc_ipsec_new_decap(
+				cdb->sh_desc,
+				true, swap, SHR_SERIAL,
+				&ses->decap_pdb,
+				&cipherdata, &authdata);
+	}
+	return shared_desc_len;
+}
 
 /* prepare command block of the session */
 static int
@@ -377,7 +464,9 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 
 	memset(cdb, 0, sizeof(struct sec_cdb));
 
-	if (is_cipher_only(ses)) {
+	if (is_proto_ipsec(ses)) {
+		shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
+	} else if (is_cipher_only(ses)) {
 		caam_cipher_alg(ses, &alginfo_c);
 		if (alginfo_c.algtype == (unsigned int)DPAA_SEC_ALG_UNSUPPORT) {
 			DPAA_SEC_ERR("not supported cipher alg");
@@ -485,30 +574,13 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
 		cdb->sh_desc[0] = 0;
 		cdb->sh_desc[1] = 0;
 		cdb->sh_desc[2] = 0;
-		if (is_proto_ipsec(ses)) {
-			if (ses->dir == DIR_ENC) {
-				shared_desc_len = cnstr_shdsc_ipsec_new_encap(
-						cdb->sh_desc,
-						true, swap, SHR_SERIAL,
-						&ses->encap_pdb,
-						(uint8_t *)&ses->ip4_hdr,
-						&alginfo_c, &alginfo_a);
-			} else if (ses->dir == DIR_DEC) {
-				shared_desc_len = cnstr_shdsc_ipsec_new_decap(
-						cdb->sh_desc,
-						true, swap, SHR_SERIAL,
-						&ses->decap_pdb,
-						&alginfo_c, &alginfo_a);
-			}
-		} else {
-			/* Auth_only_len is set as 0 here and it will be
-			 * overwritten in fd for each packet.
-			 */
-			shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,
-					true, swap, &alginfo_c, &alginfo_a,
-					ses->iv.length, 0,
-					ses->digest_length, ses->dir);
-		}
+		/* Auth_only_len is set as 0 here and it will be
+		 * overwritten in fd for each packet.
+		 */
+		shared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,
+				true, swap, &alginfo_c, &alginfo_a,
+				ses->iv.length, 0,
+				ses->digest_length, ses->dir);
 	}
 
 	if (shared_desc_len < 0) {
@@ -1465,7 +1537,9 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 			auth_only_len = op->sym->auth.data.length -
 						op->sym->cipher.data.length;
 			if (rte_pktmbuf_is_contiguous(op->sym->m_src)) {
-				if (is_auth_only(ses)) {
+				if (is_proto_ipsec(ses)) {
+					cf = build_proto(op, ses);
+				} else if (is_auth_only(ses)) {
 					cf = build_auth_only(op, ses);
 				} else if (is_cipher_only(ses)) {
 					cf = build_cipher_only(op, ses);
@@ -1474,8 +1548,6 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
 					auth_only_len = ses->auth_only_len;
 				} else if (is_auth_cipher(ses)) {
 					cf = build_cipher_auth(op, ses);
-				} else if (is_proto_ipsec(ses)) {
-					cf = build_proto(op, ses);
 				} else {
 					DPAA_SEC_DP_ERR("not supported ops");
 					frames_to_send = loop;
@@ -1898,8 +1970,8 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 {
 	struct dpaa_sec_dev_private *internals = dev->data->dev_private;
 	struct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;
-	struct rte_crypto_auth_xform *auth_xform;
-	struct rte_crypto_cipher_xform *cipher_xform;
+	struct rte_crypto_auth_xform *auth_xform = NULL;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	dpaa_sec_session *session = (dpaa_sec_session *)sess;
 
 	PMD_INIT_FUNC_TRACE();
@@ -1907,103 +1979,77 @@ dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
 	memset(session, 0, sizeof(dpaa_sec_session));
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
 		cipher_xform = &conf->crypto_xform->cipher;
-		auth_xform = &conf->crypto_xform->next->auth;
+		if (conf->crypto_xform->next)
+			auth_xform = &conf->crypto_xform->next->auth;
 	} else {
 		auth_xform = &conf->crypto_xform->auth;
-		cipher_xform = &conf->crypto_xform->next->cipher;
+		if (conf->crypto_xform->next)
+			cipher_xform = &conf->crypto_xform->next->cipher;
 	}
 	session->proto_alg = conf->protocol;
-	session->cipher_key.data = rte_zmalloc(NULL,
-					       cipher_xform->key.length,
-					       RTE_CACHE_LINE_SIZE);
-	if (session->cipher_key.data == NULL &&
-			cipher_xform->key.length > 0) {
-		DPAA_SEC_ERR("No Memory for cipher key");
-		return -ENOMEM;
-	}
 
-	session->cipher_key.length = cipher_xform->key.length;
-	session->auth_key.data = rte_zmalloc(NULL,
-					auth_xform->key.length,
-					RTE_CACHE_LINE_SIZE);
-	if (session->auth_key.data == NULL &&
-			auth_xform->key.length > 0) {
-		DPAA_SEC_ERR("No Memory for auth key");
-		rte_free(session->cipher_key.data);
-		return -ENOMEM;
+	if (cipher_xform && cipher_xform->algo != RTE_CRYPTO_CIPHER_NULL) {
+		session->cipher_key.data = rte_zmalloc(NULL,
+						       cipher_xform->key.length,
+						       RTE_CACHE_LINE_SIZE);
+		if (session->cipher_key.data == NULL &&
+				cipher_xform->key.length > 0) {
+			DPAA_SEC_ERR("No Memory for cipher key");
+			return -ENOMEM;
+		}
+		memcpy(session->cipher_key.data, cipher_xform->key.data,
+				cipher_xform->key.length);
+		session->cipher_key.length = cipher_xform->key.length;
+
+		switch (cipher_xform->algo) {
+		case RTE_CRYPTO_CIPHER_AES_CBC:
+		case RTE_CRYPTO_CIPHER_3DES_CBC:
+		case RTE_CRYPTO_CIPHER_AES_CTR:
+			break;
+		default:
+			DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
+				cipher_xform->algo);
+			goto out;
+		}
+		session->cipher_alg = cipher_xform->algo;
+	} else {
+		session->cipher_key.data = NULL;
+		session->cipher_key.length = 0;
+		session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
 	}
-	session->auth_key.length = auth_xform->key.length;
-	memcpy(session->cipher_key.data, cipher_xform->key.data,
-			cipher_xform->key.length);
-	memcpy(session->auth_key.data, auth_xform->key.data,
-			auth_xform->key.length);
 
-	switch (auth_xform->algo) {
-	case RTE_CRYPTO_AUTH_SHA1_HMAC:
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA1_HMAC;
-		break;
-	case RTE_CRYPTO_AUTH_MD5_HMAC:
-		session->auth_alg = RTE_CRYPTO_AUTH_MD5_HMAC;
-		break;
-	case RTE_CRYPTO_AUTH_SHA256_HMAC:
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA256_HMAC;
-		break;
-	case RTE_CRYPTO_AUTH_SHA384_HMAC:
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA384_HMAC;
-		break;
-	case RTE_CRYPTO_AUTH_SHA512_HMAC:
-		session->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
-		break;
-	case RTE_CRYPTO_AUTH_AES_CMAC:
-		session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
-		break;
-	case RTE_CRYPTO_AUTH_NULL:
+	if (auth_xform && auth_xform->algo != RTE_CRYPTO_AUTH_NULL) {
+		session->auth_key.data = rte_zmalloc(NULL,
+						auth_xform->key.length,
+						RTE_CACHE_LINE_SIZE);
+		if (session->auth_key.data == NULL &&
+				auth_xform->key.length > 0) {
+			DPAA_SEC_ERR("No Memory for auth key");
+			rte_free(session->cipher_key.data);
+			return -ENOMEM;
+		}
+		memcpy(session->auth_key.data, auth_xform->key.data,
+				auth_xform->key.length);
+		session->auth_key.length = auth_xform->key.length;
+
+		switch (auth_xform->algo) {
+		case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		case RTE_CRYPTO_AUTH_MD5_HMAC:
+		case RTE_CRYPTO_AUTH_SHA256_HMAC:
+		case RTE_CRYPTO_AUTH_SHA384_HMAC:
+		case RTE_CRYPTO_AUTH_SHA512_HMAC:
+		case RTE_CRYPTO_AUTH_AES_CMAC:
+			break;
+		default:
+			DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
+				auth_xform->algo);
+			goto out;
+		}
+		session->auth_alg = auth_xform->algo;
+	} else {
+		session->auth_key.data = NULL;
+		session->auth_key.length = 0;
 		session->auth_alg = RTE_CRYPTO_AUTH_NULL;
-		break;
-	case RTE_CRYPTO_AUTH_SHA224_HMAC:
-	case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
-	case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
-	case RTE_CRYPTO_AUTH_SHA1:
-	case RTE_CRYPTO_AUTH_SHA256:
-	case RTE_CRYPTO_AUTH_SHA512:
-	case RTE_CRYPTO_AUTH_SHA224:
-	case RTE_CRYPTO_AUTH_SHA384:
-	case RTE_CRYPTO_AUTH_MD5:
-	case RTE_CRYPTO_AUTH_AES_GMAC:
-	case RTE_CRYPTO_AUTH_KASUMI_F9:
-	case RTE_CRYPTO_AUTH_AES_CBC_MAC:
-	case RTE_CRYPTO_AUTH_ZUC_EIA3:
-		DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
-			auth_xform->algo);
-		goto out;
-	default:
-		DPAA_SEC_ERR("Crypto: Undefined Auth specified %u",
-			auth_xform->algo);
-		goto out;
-	}
-
-	switch (cipher_xform->algo) {
-	case RTE_CRYPTO_CIPHER_AES_CBC:
-		session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CBC;
-		break;
-	case RTE_CRYPTO_CIPHER_3DES_CBC:
-		session->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;
-		break;
-	case RTE_CRYPTO_CIPHER_AES_CTR:
-		session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR;
-		break;
-	case RTE_CRYPTO_CIPHER_NULL:
-	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
-	case RTE_CRYPTO_CIPHER_3DES_ECB:
-	case RTE_CRYPTO_CIPHER_AES_ECB:
-	case RTE_CRYPTO_CIPHER_KASUMI_F8:
-		DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
-			cipher_xform->algo);
-		goto out;
-	default:
-		DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
-			cipher_xform->algo);
-		goto out;
 	}
 
 	if (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {
-- 
2.7.4

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements
  2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
                   ` (9 preceding siblings ...)
  2018-08-30  5:51 ` [dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: ipsec offload add null algo support Hemant Agrawal
@ 2018-09-26 12:27 ` Akhil Goyal
  10 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2018-09-26 12:27 UTC (permalink / raw)
  To: Hemant Agrawal, dev



On 8/30/2018 11:20 AM, Hemant Agrawal wrote:
> This patch series includes enhancements for the dpaa and dpaa2_sec
> crypto drivers
>
> Akhil Goyal (5):
>    crypto/dpaa_sec: session reset before init
>    crypto/dpaa_sec: add LOCK before Rx HW queue attach
>    crypto/dpaa_sec: session qp should match with given qp
>    crypto/dpaa_sec: enable sequence no rollover
>    crypto/dpaa2_sec: enable sequence no rollover
>
> Hemant Agrawal (5):
>    crypto/dpaa2_sec: update the flib RTA to latest
>    crypto/dpaa_sec: reduce the number of QP per device
>    crypto/dpaa2_sec: add out of place crypto support
>    crypto/dpaa2_sec: multi algo support for ipsec session
>    crypto/dpaa_sec: ipsec offload add null algo support
>
>   drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        | 374 +++++++---
>   drivers/crypto/dpaa2_sec/hw/desc.h                 | 814 +++++----------------
>   drivers/crypto/dpaa2_sec/hw/desc/algo.h            |  58 +-
>   drivers/crypto/dpaa2_sec/hw/desc/ipsec.h           | 195 ++++-
>   drivers/crypto/dpaa2_sec/hw/rta/protocol_cmd.h     | 346 ++++-----
>   drivers/crypto/dpaa2_sec/hw/rta/sec_run_time_asm.h |  22 +
>   drivers/crypto/dpaa_sec/dpaa_sec.c                 | 303 +++++---
>   drivers/crypto/dpaa_sec/dpaa_sec.h                 |   3 +-
>   8 files changed, 1012 insertions(+), 1103 deletions(-)
>
Series applied to dpdk-next-crypto

Added some of the patch descriptions and updated patch title

Thanks.

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2018-09-26 12:27 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-30  5:50 [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Hemant Agrawal
2018-08-30  5:50 ` [dpdk-dev] [PATCH 01/10] crypto/dpaa2_sec: update the flib RTA to latest Hemant Agrawal
2018-08-30  5:50 ` [dpdk-dev] [PATCH 02/10] crypto/dpaa_sec: session reset before init Hemant Agrawal
2018-08-30  5:50 ` [dpdk-dev] [PATCH 03/10] crypto/dpaa_sec: add LOCK before Rx HW queue attach Hemant Agrawal
2018-08-30  5:50 ` [dpdk-dev] [PATCH 04/10] crypto/dpaa_sec: session qp should match with given qp Hemant Agrawal
2018-08-30  5:51 ` [dpdk-dev] [PATCH 05/10] crypto/dpaa_sec: reduce the number of QP per device Hemant Agrawal
2018-08-30  5:51 ` [dpdk-dev] [PATCH 06/10] crypto/dpaa_sec: enable sequence no rollover Hemant Agrawal
2018-08-30  5:51 ` [dpdk-dev] [PATCH 07/10] crypto/dpaa2_sec: " Hemant Agrawal
2018-08-30  5:51 ` [dpdk-dev] [PATCH 08/10] crypto/dpaa2_sec: add out of place crypto support Hemant Agrawal
2018-08-30  5:51 ` [dpdk-dev] [PATCH 09/10] crypto/dpaa2_sec: multi algo support for ipsec session Hemant Agrawal
2018-08-30  5:51 ` [dpdk-dev] [PATCH 10/10] crypto/dpaa_sec: ipsec offload add null algo support Hemant Agrawal
2018-09-26 12:27 ` [dpdk-dev] [PATCH 00/10] crypto: DPAA and DPAA2_SEC enhancements Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).