From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <akhil.goyal@nxp.com>
Received: from EUR04-HE1-obe.outbound.protection.outlook.com
 (mail-eopbgr70082.outbound.protection.outlook.com [40.107.7.82])
 by dpdk.org (Postfix) with ESMTP id D9A7A548B
 for <dev@dpdk.org>; Tue, 16 Oct 2018 12:39:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=XONOKgx2DqsFAH5qH9dJ0bVE7MzKNTWDnSyOGQ8hgEI=;
 b=E3XzhzMte/XCrp3FillIcsBvgpmJ/J0zwPTWzPKtcrbj6mF3GBzzPRpjAuYCeY/wdjReWUUkd8l2AyH38NfzNefbDDD6rcL0AkLQf8cxB792jrjUCKqKUNoGLgGxc4YrbJCl0WYmL7sXXUQL3F2ZnnIaWpb0+UyT9Pk9LyYzuJM=
Received: from VI1PR04MB4893.eurprd04.prod.outlook.com (20.177.49.154) by
 VI1PR04MB3231.eurprd04.prod.outlook.com (10.170.227.28) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1228.31; Tue, 16 Oct 2018 10:39:12 +0000
Received: from VI1PR04MB4893.eurprd04.prod.outlook.com
 ([fe80::cc19:b6c6:27db:3fec]) by VI1PR04MB4893.eurprd04.prod.outlook.com
 ([fe80::cc19:b6c6:27db:3fec%3]) with mapi id 15.20.1228.027; Tue, 16 Oct 2018
 10:39:12 +0000
From: Akhil Goyal <akhil.goyal@nxp.com>
To: "dev@dpdk.org" <dev@dpdk.org>
CC: "pablo.de.lara.guarch@intel.com" <pablo.de.lara.guarch@intel.com>,
 "radu.nicolau@intel.com" <radu.nicolau@intel.com>,
 "jerin.jacob@caviumnetworks.com" <jerin.jacob@caviumnetworks.com>,
 "narayanaprasad.athreya@caviumnetworks.com"
 <narayanaprasad.athreya@caviumnetworks.com>,
 "Shally.Verma@caviumnetworks.com" <Shally.Verma@caviumnetworks.com>,
 "Anoob.Joseph@caviumnetworks.com" <Anoob.Joseph@caviumnetworks.com>,
 "Vidya.Velumuri@caviumnetworks.com" <Vidya.Velumuri@caviumnetworks.com>,
 Hemant Agrawal <hemant.agrawal@nxp.com>, Akhil Goyal <akhil.goyal@nxp.com>
Thread-Topic: [PATCH v5 3/3] crypto/dpaa2_sec: support pdcp offload
Thread-Index: AQHUZTx6lO7HDUOT0kqLcL70gdxmOw==
Date: Tue, 16 Oct 2018 10:39:12 +0000
Message-ID: <20181016103352.2678-4-akhil.goyal@nxp.com>
References: <20181015124858.5562-1-akhil.goyal@nxp.com>
 <20181016103352.2678-1-akhil.goyal@nxp.com>
In-Reply-To: <20181016103352.2678-1-akhil.goyal@nxp.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: TYAPR01CA0026.jpnprd01.prod.outlook.com
 (2603:1096:404:28::14) To VI1PR04MB4893.eurprd04.prod.outlook.com
 (2603:10a6:803:56::26)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=akhil.goyal@nxp.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [14.143.30.134]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR04MB3231;
 6:549yu5BfDK8KcVKuwOCnegdZIDbcvUrxHlnfr2aF3h4o+CpdnuZhHOf/aNii8DA8yq8KQWnXXtqXJ0ZUOOUTNn69aHGw22AqpCPlpBq+nc8VRigpWVX0/P8iENV/5Z33mSYI9fH83poNXzz1p9eslEzZk+K9lRNv/hAZOjhqqynRz3oRfLLh9XZ42B7sOg10/LN9C1+cI/n98/L28arLHARX+EWOaKyxZ8sWYIN0K6eml5Pp0ezUJac8w8KB4hARPFQgI2h4hML+6qwoaQ7UmC6CFqO3BoWUhP7h1SVaRbbGM8B1VronV+ZTsoTl7Zi3XNVlOcQS3HhWLJjxnKe7owhaAfyHY/OBgrBpc2R+MfTpnwwMzm0s9SR79X88CbZLiQc5+9E/GDLGTxWCgjN8ik0ZaHmP49ZGiuEx2Uv0lsdJ5Uep/4IplAvrchEvRzuQaPMon4Dg2bNAHRyMI1FC0w==;
 5:ycmt9+NWD4zn9W7Ha0YPqzJpiY3r32YkyaBLNdhKgxjZy37AND/se5y0LSQA3sm0pNYYXCBZL7/ij58ChQmqsG3/e9gQldHw2ckap3dvPvsO220HZ46vixtISdBHoPWCG7N9EAWoiQYYaMicHVc86zKEtdHzUZJ5tyUc2+gqHvE=;
 7:R2QuwP9mNXFxgj8VGUcCxA1EQYd+NnpFEDgRP1zBQPhIMu6b9uia0ldjNejcs7AJcU2bNPvs5oOztPiaqC5oS8N1hG5bDg6Z06ry/brWXXWobJ3VO50I+acj0djyGJ3MEMZlBOaaYOA2ghAuV9UPjIM6GtcGFzdF99cdIpLTpKnPnX6U1s5Wi9EIFU7UcVYPYT0vA/vkx5Hfx4wRnSetui99UDXJpdrlIz86o3FXr2U39IgZCMKcPFxo9MP5jgte
x-ms-office365-filtering-correlation-id: cf55e0bb-eb2a-476f-ce7d-08d633539c51
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020);
 SRVR:VI1PR04MB3231; 
x-ms-traffictypediagnostic: VI1PR04MB3231:
x-microsoft-antispam-prvs: <VI1PR04MB32310BFCFC6998EDA298E55FE6FE0@VI1PR04MB3231.eurprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(269456686620040)(163750095850)(185117386973197); 
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123560045)(20161123558120)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051);
 SRVR:VI1PR04MB3231; BCL:0; PCL:0; RULEID:; SRVR:VI1PR04MB3231; 
x-forefront-prvs: 0827D7ACB9
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(136003)(39860400002)(396003)(346002)(366004)(376002)(189003)(199004)(1076002)(53936002)(6512007)(14444005)(256004)(6916009)(3846002)(86362001)(44832011)(97736004)(5640700003)(476003)(68736007)(6436002)(4744004)(55236004)(66066001)(6116002)(76176011)(2900100001)(36756003)(6506007)(6486002)(386003)(71200400001)(71190400001)(105586002)(2351001)(5250100002)(106356001)(99286004)(102836004)(8936002)(1730700003)(8676002)(2906002)(305945005)(478600001)(25786009)(81166006)(446003)(4326008)(81156014)(7736002)(316002)(54906003)(14454004)(2501003)(2616005)(486006)(186003)(11346002)(52116002)(26005)(5660300001);
 DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR04MB3231;
 H:VI1PR04MB4893.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: nxp.com does not designate
 permitted sender hosts)
x-microsoft-antispam-message-info: I7da8VP9z5aIh5koVKminZCUBEIDh0zZTq8fcJEQvFo4zEX2u8IAStlAgP9538XJBu+zL3P6e+xXtJmeJCBXd/zja4vuZVLTwxbA8z75FF/YkuFwrLGXbeMUxANAbdUM2Xq8YGM7EjJeChENPakr3rP3fMCizWENRVf9tvZk69SdLTQ1TzW8Ta45lVJqdOYUd5DwQrpbzkPeP+F/ha9DythFBuxIYuhsIc/dRz9p4RSPI6gTpHbKk40Pfta7cjYp5e0cWvuzAyoW4vgYOaqLSCjbvVwyQ3a8oT5IvwO+7gQnlmHLWoKZOP2Dv86ZU5v9QJBq13hHF5sigsokGcWBPXKW5eAk2NZZmFT04SLa8hc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cf55e0bb-eb2a-476f-ce7d-08d633539c51
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2018 10:39:12.1786 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB3231
Subject: [dpdk-dev] [PATCH v5 3/3] crypto/dpaa2_sec: support pdcp offload
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 10:39:14 -0000

From: Akhil Goyal <akhil.goyal@nxp.com>

PDCP session configuration for lookaside protocol offload
and data path is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 257 ++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   | 208 +++++++++++++++-
 2 files changed, 457 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/d=
paa2_sec/dpaa2_sec_dpseci.c
index 0336d5f4b..fe769a932 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -35,6 +35,7 @@ typedef uint64_t	dma_addr_t;
=20
 /* RTA header files */
 #include <hw/desc/ipsec.h>
+#include <hw/desc/pdcp.h>
 #include <hw/desc/algo.h>
=20
 /* Minimum job descriptor consists of a oneword job descriptor HEADER and
@@ -74,6 +75,9 @@ build_proto_compound_fd(dpaa2_sec_session *sess,
 	struct rte_mbuf *dst_mbuf =3D sym_op->m_dst;
 	int retval;
=20
+	if (!dst_mbuf)
+		dst_mbuf =3D src_mbuf;
+
 	/* Save the shared descriptor */
 	flc =3D &priv->flc_desc[0].flc;
=20
@@ -118,6 +122,15 @@ build_proto_compound_fd(dpaa2_sec_session *sess,
 	DPAA2_SET_FD_LEN(fd, ip_fle->length);
 	DPAA2_SET_FLE_FIN(ip_fle);
=20
+#ifdef ENABLE_HFN_OVERRIDE
+	if (sess->ctxt_type =3D=3D DPAA2_SEC_PDCP && sess->pdcp.hfn_ovd) {
+		/*enable HFN override override */
+		DPAA2_SET_FLE_INTERNAL_JD(ip_fle, sess->pdcp.hfn_ovd);
+		DPAA2_SET_FLE_INTERNAL_JD(op_fle, sess->pdcp.hfn_ovd);
+		DPAA2_SET_FD_INTERNAL_JD(fd, sess->pdcp.hfn_ovd);
+	}
+#endif
+
 	return 0;
=20
 }
@@ -1188,6 +1201,9 @@ build_sec_fd(struct rte_crypto_op *op,
 		case DPAA2_SEC_IPSEC:
 			ret =3D build_proto_fd(sess, op, fd, bpid);
 			break;
+		case DPAA2_SEC_PDCP:
+			ret =3D build_proto_compound_fd(sess, op, fd, bpid);
+			break;
 		case DPAA2_SEC_HASH_CIPHER:
 		default:
 			DPAA2_SEC_ERR("error: Unsupported session");
@@ -2551,6 +2567,243 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *d=
ev,
 	return ret;
 }
=20
+static int
+dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
+			   struct rte_security_session_conf *conf,
+			   void *sess)
+{
+	struct rte_security_pdcp_xform *pdcp_xform =3D &conf->pdcp;
+	struct rte_crypto_sym_xform *xform =3D conf->crypto_xform;
+	struct rte_crypto_auth_xform *auth_xform =3D NULL;
+	struct rte_crypto_cipher_xform *cipher_xform;
+	dpaa2_sec_session *session =3D (dpaa2_sec_session *)sess;
+	struct ctxt_priv *priv;
+	struct dpaa2_sec_dev_private *dev_priv =3D dev->data->dev_private;
+	struct alginfo authdata, cipherdata;
+	int bufsize =3D -1;
+	struct sec_flow_context *flc;
+#if RTE_BYTE_ORDER =3D=3D RTE_BIG_ENDIAN
+	int swap =3D true;
+#else
+	int swap =3D false;
+#endif
+
+	PMD_INIT_FUNC_TRACE();
+
+	memset(session, 0, sizeof(dpaa2_sec_session));
+
+	priv =3D (struct ctxt_priv *)rte_zmalloc(NULL,
+				sizeof(struct ctxt_priv) +
+				sizeof(struct sec_flc_desc),
+				RTE_CACHE_LINE_SIZE);
+
+	if (priv =3D=3D NULL) {
+		DPAA2_SEC_ERR("No memory for priv CTXT");
+		return -ENOMEM;
+	}
+
+	priv->fle_pool =3D dev_priv->fle_pool;
+	flc =3D &priv->flc_desc[0].flc;
+
+	/* find xfrm types */
+	if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next =3D=3D =
NULL) {
+		cipher_xform =3D &xform->cipher;
+	} else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER &&
+		   xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) {
+		session->ext_params.aead_ctxt.auth_cipher_text =3D true;
+		cipher_xform =3D &xform->cipher;
+		auth_xform =3D &xform->next->auth;
+	} else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH &&
+		   xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) {
+		session->ext_params.aead_ctxt.auth_cipher_text =3D false;
+		cipher_xform =3D &xform->next->cipher;
+		auth_xform =3D &xform->auth;
+	} else {
+		DPAA2_SEC_ERR("Invalid crypto type");
+		return -EINVAL;
+	}
+
+	session->ctxt_type =3D DPAA2_SEC_PDCP;
+	if (cipher_xform) {
+		session->cipher_key.data =3D rte_zmalloc(NULL,
+					       cipher_xform->key.length,
+					       RTE_CACHE_LINE_SIZE);
+		if (session->cipher_key.data =3D=3D NULL &&
+				cipher_xform->key.length > 0) {
+			DPAA2_SEC_ERR("No Memory for cipher key");
+			rte_free(priv);
+			return -ENOMEM;
+		}
+		session->cipher_key.length =3D cipher_xform->key.length;
+		memcpy(session->cipher_key.data, cipher_xform->key.data,
+			cipher_xform->key.length);
+		session->dir =3D (cipher_xform->op =3D=3D RTE_CRYPTO_CIPHER_OP_ENCRYPT) =
?
+					DIR_ENC : DIR_DEC;
+		session->cipher_alg =3D cipher_xform->algo;
+	} else {
+		session->cipher_key.data =3D NULL;
+		session->cipher_key.length =3D 0;
+		session->cipher_alg =3D RTE_CRYPTO_CIPHER_NULL;
+		session->dir =3D DIR_ENC;
+	}
+
+	session->pdcp.domain =3D pdcp_xform->domain;
+	session->pdcp.bearer =3D pdcp_xform->bearer;
+	session->pdcp.pkt_dir =3D pdcp_xform->pkt_dir;
+	session->pdcp.sn_size =3D pdcp_xform->sn_size;
+#ifdef ENABLE_HFN_OVERRIDE
+	session->pdcp.hfn_ovd =3D pdcp_xform->hfn_ovd;
+#endif
+	session->pdcp.hfn =3D pdcp_xform->hfn;
+	session->pdcp.hfn_threshold =3D pdcp_xform->hfn_threshold;
+
+	cipherdata.key =3D (size_t)session->cipher_key.data;
+	cipherdata.keylen =3D session->cipher_key.length;
+	cipherdata.key_enc_flags =3D 0;
+	cipherdata.key_type =3D RTA_DATA_IMM;
+
+	switch (session->cipher_alg) {
+	case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_SNOW;
+		break;
+	case RTE_CRYPTO_CIPHER_ZUC_EEA3:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_ZUC;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_CTR:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_AES;
+		break;
+	case RTE_CRYPTO_CIPHER_NULL:
+		cipherdata.algtype =3D PDCP_CIPHER_TYPE_NULL;
+		break;
+	default:
+		DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %u",
+			      session->cipher_alg);
+		goto out;
+	}
+
+	/* Auth is only applicable for control mode operation. */
+	if (pdcp_xform->domain =3D=3D RTE_SECURITY_PDCP_MODE_CONTROL) {
+		if (pdcp_xform->sn_size !=3D RTE_SECURITY_PDCP_SN_SIZE_5) {
+			DPAA2_SEC_ERR(
+				"PDCP Seq Num size should be 5 bits for cmode");
+			goto out;
+		}
+		if (auth_xform) {
+			session->auth_key.data =3D rte_zmalloc(NULL,
+							auth_xform->key.length,
+							RTE_CACHE_LINE_SIZE);
+			if (session->auth_key.data =3D=3D NULL &&
+					auth_xform->key.length > 0) {
+				DPAA2_SEC_ERR("No Memory for auth key");
+				rte_free(session->cipher_key.data);
+				rte_free(priv);
+				return -ENOMEM;
+			}
+			session->auth_key.length =3D auth_xform->key.length;
+			memcpy(session->auth_key.data, auth_xform->key.data,
+					auth_xform->key.length);
+			session->auth_alg =3D auth_xform->algo;
+		} else {
+			session->auth_key.data =3D NULL;
+			session->auth_key.length =3D 0;
+			session->auth_alg =3D RTE_CRYPTO_AUTH_NULL;
+		}
+		authdata.key =3D (size_t)session->auth_key.data;
+		authdata.keylen =3D session->auth_key.length;
+		authdata.key_enc_flags =3D 0;
+		authdata.key_type =3D RTA_DATA_IMM;
+
+		switch (session->auth_alg) {
+		case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
+			authdata.algtype =3D PDCP_AUTH_TYPE_SNOW;
+			break;
+		case RTE_CRYPTO_AUTH_ZUC_EIA3:
+			authdata.algtype =3D PDCP_AUTH_TYPE_ZUC;
+			break;
+		case RTE_CRYPTO_AUTH_AES_CMAC:
+			authdata.algtype =3D PDCP_AUTH_TYPE_AES;
+			break;
+		case RTE_CRYPTO_AUTH_NULL:
+			authdata.algtype =3D PDCP_AUTH_TYPE_NULL;
+			break;
+		default:
+			DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
+				      session->auth_alg);
+			goto out;
+		}
+
+		if (session->dir =3D=3D DIR_ENC)
+			bufsize =3D cnstr_shdsc_pdcp_c_plane_encap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, &authdata,
+					0);
+		else if (session->dir =3D=3D DIR_DEC)
+			bufsize =3D cnstr_shdsc_pdcp_c_plane_decap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, &authdata,
+					0);
+	} else {
+		if (session->dir =3D=3D DIR_ENC)
+			bufsize =3D cnstr_shdsc_pdcp_u_plane_encap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->sn_size,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, 0);
+		else if (session->dir =3D=3D DIR_DEC)
+			bufsize =3D cnstr_shdsc_pdcp_u_plane_decap(
+					priv->flc_desc[0].desc, 1, swap,
+					pdcp_xform->sn_size,
+					pdcp_xform->hfn,
+					pdcp_xform->bearer,
+					pdcp_xform->pkt_dir,
+					pdcp_xform->hfn_threshold,
+					&cipherdata, 0);
+	}
+
+	if (bufsize < 0) {
+		DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+		goto out;
+	}
+
+	/* Enable the stashing control bit */
+	DPAA2_SET_FLC_RSC(flc);
+	flc->word2_rflc_31_0 =3D lower_32_bits(
+			(size_t)&(((struct dpaa2_sec_qp *)
+			dev->data->queue_pairs[0])->rx_vq) | 0x14);
+	flc->word3_rflc_63_32 =3D upper_32_bits(
+			(size_t)&(((struct dpaa2_sec_qp *)
+			dev->data->queue_pairs[0])->rx_vq));
+
+	flc->word1_sdl =3D (uint8_t)bufsize;
+
+	/* Set EWS bit i.e. enable write-safe */
+	DPAA2_SET_FLC_EWS(flc);
+	/* Set BS =3D 1 i.e reuse input buffers as output buffers */
+	DPAA2_SET_FLC_REUSE_BS(flc);
+	/* Set FF =3D 10; reuse input buffers if they provide sufficient space */
+	DPAA2_SET_FLC_REUSE_FF(flc);
+
+	session->ctxt =3D priv;
+
+	return 0;
+out:
+	rte_free(session->auth_key.data);
+	rte_free(session->cipher_key.data);
+	rte_free(priv);
+	return -1;
+}
+
 static int
 dpaa2_sec_security_session_create(void *dev,
 				  struct rte_security_session_conf *conf,
@@ -2573,6 +2826,10 @@ dpaa2_sec_security_session_create(void *dev,
 		break;
 	case RTE_SECURITY_PROTOCOL_MACSEC:
 		return -ENOTSUP;
+	case RTE_SECURITY_PROTOCOL_PDCP:
+		ret =3D dpaa2_sec_set_pdcp_session(cdev, conf,
+				sess_private_data);
+		break;
 	default:
 		return -EINVAL;
 	}
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpa=
a2_sec/dpaa2_sec_priv.h
index bce9633c0..51751103d 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -137,6 +137,19 @@ struct dpaa2_sec_aead_ctxt {
 	uint8_t auth_cipher_text;       /**< Authenticate/cipher ordering */
 };
=20
+/*
+ * The structure is to be filled by user for PDCP Protocol
+ */
+struct dpaa2_pdcp_ctxt {
+	enum rte_security_pdcp_domain domain; /*!< Data/Control mode*/
+	int8_t bearer;	/*!< PDCP bearer ID */
+	int8_t pkt_dir;/*!< PDCP Frame Direction 0:UL 1:DL*/
+	int8_t hfn_ovd;/*!< Overwrite HFN per packet*/
+	uint32_t hfn;	/*!< Hyper Frame Number */
+	uint32_t hfn_threshold;	/*!< HFN Threashold for key renegotiation */
+	uint8_t sn_size;	/*!< Sequence number size, 7/12/15 */
+};
+
 typedef struct dpaa2_sec_session_entry {
 	void *ctxt;
 	uint8_t ctxt_type;
@@ -160,15 +173,20 @@ typedef struct dpaa2_sec_session_entry {
 			} auth_key;
 		};
 	};
-	struct {
-		uint16_t length; /**< IV length in bytes */
-		uint16_t offset; /**< IV offset in bytes */
-	} iv;
-	uint16_t digest_length;
-	uint8_t status;
 	union {
-		struct dpaa2_sec_aead_ctxt aead_ctxt;
-	} ext_params;
+		struct {
+			struct {
+				uint16_t length; /**< IV length in bytes */
+				uint16_t offset; /**< IV offset in bytes */
+			} iv;
+			uint16_t digest_length;
+			uint8_t status;
+			union {
+				struct dpaa2_sec_aead_ctxt aead_ctxt;
+			} ext_params;
+		};
+		struct dpaa2_pdcp_ctxt pdcp;
+	};
 } dpaa2_sec_session;
=20
 static const struct rte_cryptodev_capabilities dpaa2_sec_capabilities[] =
=3D {
@@ -392,6 +410,162 @@ static const struct rte_cryptodev_capabilities dpaa2_=
sec_capabilities[] =3D {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
=20
+static const struct rte_cryptodev_capabilities dpaa2_pdcp_capabilities[] =
=3D {
+	{	/* SNOW 3G (UIA2) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth =3D {
+				.algo =3D RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.digest_size =3D {
+					.min =3D 4,
+					.max =3D 4,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* SNOW 3G (UEA2) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* AES CTR */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_AES_CTR,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 32,
+					.increment =3D 8
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* NULL (AUTH) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth =3D {
+				.algo =3D RTE_CRYPTO_AUTH_NULL,
+				.block_size =3D 1,
+				.key_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				},
+				.digest_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				},
+				.iv_size =3D { 0 }
+			}, },
+		}, },
+	},
+	{	/* NULL (CIPHER) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_NULL,
+				.block_size =3D 1,
+				.key_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 0,
+					.max =3D 0,
+					.increment =3D 0
+				}
+			}, },
+		}, }
+	},
+	{	/* ZUC (EEA3) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher =3D {
+				.algo =3D RTE_CRYPTO_CIPHER_ZUC_EEA3,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+	{	/* ZUC (EIA3) */
+		.op =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym =3D {
+			.xform_type =3D RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth =3D {
+				.algo =3D RTE_CRYPTO_AUTH_ZUC_EIA3,
+				.block_size =3D 16,
+				.key_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				},
+				.digest_size =3D {
+					.min =3D 4,
+					.max =3D 4,
+					.increment =3D 0
+				},
+				.iv_size =3D {
+					.min =3D 16,
+					.max =3D 16,
+					.increment =3D 0
+				}
+			}, }
+		}, }
+	},
+
+	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
 static const struct rte_security_capability dpaa2_sec_security_cap[] =3D {
 	{ /* IPsec Lookaside Protocol offload ESP Transport Egress */
 		.action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
@@ -415,6 +589,24 @@ static const struct rte_security_capability dpaa2_sec_=
security_cap[] =3D {
 		},
 		.crypto_capabilities =3D dpaa2_sec_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Data */
+		.action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol =3D RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp =3D {
+			.domain =3D RTE_SECURITY_PDCP_MODE_DATA,
+			.capa_flags =3D 0
+		},
+		.crypto_capabilities =3D dpaa2_pdcp_capabilities
+	},
+	{ /* PDCP Lookaside Protocol offload Control */
+		.action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol =3D RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp =3D {
+			.domain =3D RTE_SECURITY_PDCP_MODE_CONTROL,
+			.capa_flags =3D 0
+		},
+		.crypto_capabilities =3D dpaa2_pdcp_capabilities
+	},
 	{
 		.action =3D RTE_SECURITY_ACTION_TYPE_NONE
 	}
--=20
2.17.1