DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH 00/15] fixes and improvements to cnxk crypto PMD
@ 2023-09-21 11:48 Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 01/15] crypto/cnxk: clear rptr and dptr fields Tejasree Kondoj
                   ` (14 more replies)
  0 siblings, 15 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

This series adds improvements and support for raw
cryptodev API in cnxk crypto PMD.

Aakash Sasidharan (1):
  crypto/cnxk: add support for packets with cipher len zero

Anoob Joseph (4):
  crypto/cnxk: clear rptr and dptr fields
  common/cnxk: set cipher key only for non-null cipher
  crypto/cnxk: add support for raw APIs
  test/crypto: enable raw crypto tests for crypto_cn10k

Gowrishankar Muthukrishnan (1):
  crypto/cnxk: fix private key length in ECDSA param

Tejasree Kondoj (4):
  crypto/cnxk: fix IPsec CCM and GCM capabilities
  crypto/cnxk: remove pdcp chain bit from capabilities
  crypto/cnxk: make IV pointers as constant
  crypto/cnxk: set PDCP chain IV offset based on FVC

Vidya Sagar Velumuri (5):
  common/cnxk: update SE context fields to match ucode spec
  crypto/cnxk: check for sg version in SE engine capabilities
  crypto/cnxk: fix control flow issues
  crypto/cnxk: minor shuffling in the sess structure
  crypto/cnxk: update the iv from proper param for gmac

 app/test/test_cryptodev.c                     |   8 +
 drivers/common/cnxk/hw/cpt.h                  |   7 +-
 drivers/common/cnxk/roc_se.c                  |  11 +-
 drivers/common/cnxk/roc_se.h                  |  15 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     | 461 +++++++++++++++
 drivers/crypto/cnxk/cnxk_ae.h                 |   4 +-
 drivers/crypto/cnxk/cnxk_cryptodev.c          |  20 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c |  10 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  13 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |   6 +-
 drivers/crypto/cnxk/cnxk_se.h                 | 527 ++++++++++++++----
 11 files changed, 936 insertions(+), 146 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 01/15] crypto/cnxk: clear rptr and dptr fields
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 02/15] common/cnxk: update SE context fields to match ucode spec Tejasree Kondoj
                   ` (13 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

From: Anoob Joseph <anoobj@marvell.com>

With SG version 2, hw requires valid rptr & dptr values.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 2 ++
 drivers/crypto/cnxk/cnxk_se.h             | 1 +
 2 files changed, 3 insertions(+)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index e405a2ad9f..75ad3b99f5 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -414,6 +414,8 @@ cn10k_cpt_vec_inst_fill(struct vec_request *vec_req, struct cpt_inst_s *inst,
 	inst->w2.u64 = vec_req->w2;
 	inst->w3.u64 = CNXK_CPT_INST_W3(1, infl_req);
 	inst->w4.u64 = w4.u64;
+	inst->w5.u64 = 0;
+	inst->w6.u64 = 0;
 	inst->w7.u64 = w7.u64;
 }
 
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 75c1dce231..edd929d330 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -2877,6 +2877,7 @@ fill_passthrough_params(struct rte_crypto_op *cop, struct cpt_inst_s *inst)
 
 	inst->w0.u64 = 0;
 	inst->w5.u64 = 0;
+	inst->w6.u64 = 0;
 	inst->w4.u64 = w4.u64;
 
 	return 0;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 02/15] common/cnxk: update SE context fields to match ucode spec
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 01/15] crypto/cnxk: clear rptr and dptr fields Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 03/15] common/cnxk: set cipher key only for non-null cipher Tejasree Kondoj
                   ` (12 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Vidya Sagar Velumuri, Anoob Joseph, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, dev

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Update the fields in SE context and rename to keep it in sync with
microcode spec.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/common/cnxk/roc_se.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 008ab31912..d540d70616 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -183,13 +183,15 @@ typedef enum {
 struct roc_se_enc_context {
 	uint64_t iv_source : 1;
 	uint64_t aes_key : 2;
-	uint64_t rsvd_60 : 1;
+	uint64_t rsvd_59 : 1;
 	uint64_t enc_cipher : 4;
 	uint64_t auth_input_type : 1;
-	uint64_t rsvd_52_54 : 3;
+	uint64_t auth_key_src : 1;
+	uint64_t rsvd_50_51 : 2;
 	uint64_t hash_type : 4;
 	uint64_t mac_len : 8;
-	uint64_t rsvd_39_0 : 40;
+	uint64_t rsvd_16_39 : 24;
+	uint64_t hmac_key_sz : 16;
 	uint8_t encr_key[32];
 	uint8_t encr_iv[16];
 };
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 03/15] common/cnxk: set cipher key only for non-null cipher
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 01/15] crypto/cnxk: clear rptr and dptr fields Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 02/15] common/cnxk: update SE context fields to match ucode spec Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param Tejasree Kondoj
                   ` (11 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

From: Anoob Joseph <anoobj@marvell.com>

Set cipher key only for non-NULL cipher algorithms only.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/common/cnxk/roc_se.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index 2662297315..6ced4ef789 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -58,9 +58,6 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx, uint16_t key_
 	int fc_type = 0;
 
 	switch (type) {
-	case ROC_SE_PASSTHROUGH:
-		fc_type = ROC_SE_FC_GEN;
-		break;
 	case ROC_SE_DES3_CBC:
 	case ROC_SE_DES3_ECB:
 	case ROC_SE_DES_DOCSISBPI:
@@ -526,6 +523,10 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
 	uint8_t *ci_key;
 	int i, ret;
 
+	/* For NULL cipher, no processing required. */
+	if (type == ROC_SE_PASSTHROUGH)
+		return 0;
+
 	zs_ch_ctx = &se_ctx->se_ctx.zs_ch_ctx;
 
 	if (roc_model_is_cn9k()) {
@@ -555,10 +556,6 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type, const ui
 	}
 
 	switch (type) {
-	case ROC_SE_PASSTHROUGH:
-		se_ctx->enc_cipher = 0;
-		fctx->enc.enc_cipher = 0;
-		goto success;
 	case ROC_SE_DES3_CBC:
 		/* CPT performs DES using 3DES with the 8B DES-key
 		 * replicated 2 more times to match the 24B 3DES-key.
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (2 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 03/15] common/cnxk: set cipher key only for non-null cipher Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-24  9:15   ` Akhil Goyal
  2023-09-21 11:48 ` [PATCH 05/15] crypto/cnxk: fix IPsec CCM and GCM capabilities Tejasree Kondoj
                   ` (10 subsequent siblings)
  14 siblings, 1 reply; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Gowrishankar Muthukrishnan, Anoob Joseph, Aakash Sasidharan,
	Vidya Sagar Velumuri, dev

From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

Fix private key length in ECDSA op param to include alignment,
for new microcode.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 drivers/crypto/cnxk/cnxk_ae.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 7ad259b7f4..209bcd0b43 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -527,7 +527,7 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 
 	/* Set write offset for order and private key */
 	o_offset = prime_len - order_len;
-	pk_offset = prime_len - pkey_len;
+	pk_offset = p_align - pkey_len;
 
 	/* Input buffer */
 	dptr = meta_buf->vaddr;
@@ -572,7 +572,7 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
 	w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
 
 	w4.s.param1 = curveid | (message_len << 8);
-	w4.s.param2 = (pkey_len << 8) | k_len;
+	w4.s.param2 = (p_align << 8) | k_len;
 	w4.s.dlen = dlen;
 
 	inst->w4.u64 = w4.u64;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 05/15] crypto/cnxk: fix IPsec CCM and GCM capabilities
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (3 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 06/15] crypto/cnxk: remove pdcp chain bit from capabilities Tejasree Kondoj
                   ` (9 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

Fix lookaside IPsec AES-CCM and AES-GCM capabilities. The patch to
fix AES-CCM capabilities was applied incorrectly which resulted in
wrong AES-GCM capabilities. Fix the same and update AES-CCM to correct
values.

Fixes: eb581897e580 ("crypto/cnxk: fix IPsec CCM capabilities")

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 4c6357353e..ac4a8c1572 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1180,8 +1180,8 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
 					.increment = 4
 				},
 				.iv_size = {
-					.min = 11,
-					.max = 11,
+					.min = 12,
+					.max = 12,
 					.increment = 0
 				}
 			}, }
@@ -1210,8 +1210,8 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {
 					.increment = 4
 				},
 				.iv_size = {
-					.min = 12,
-					.max = 12,
+					.min = 11,
+					.max = 11,
 					.increment = 0
 				}
 			}, }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 06/15] crypto/cnxk: remove pdcp chain bit from capabilities
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (4 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 05/15] crypto/cnxk: fix IPsec CCM and GCM capabilities Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 07/15] crypto/cnxk: check for sg version in SE engine capabilities Tejasree Kondoj
                   ` (8 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

Removing pdcp_chain bit from capabilities as it is
supported on all platforms.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/common/cnxk/hw/cpt.h             |  3 +--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 15 ++++-----------
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 5e1519e202..96a863322a 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -76,8 +76,7 @@ union cpt_eng_caps {
 		uint64_t __io reserved_15_20 : 6;
 		uint64_t __io sm3 : 1;
 		uint64_t __io sm4 : 1;
-		uint64_t __io reserved_23_33 : 11;
-		uint64_t __io pdcp_chain : 1;
+		uint64_t __io reserved_23_34 : 12;
 		uint64_t __io sg_ver2 : 1;
 		uint64_t __io reserved_36_63 : 28;
 	};
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 50150d3f06..99bf853234 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -484,18 +484,13 @@ is_valid_pdcp_cipher_alg(struct rte_crypto_sym_xform *c_xfrm,
 }
 
 static int
-cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform,
-	       struct cnxk_se_sess *sess)
+cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 {
 	struct rte_crypto_sym_xform *aead_xfrm = NULL;
 	struct rte_crypto_sym_xform *c_xfrm = NULL;
 	struct rte_crypto_sym_xform *a_xfrm = NULL;
-	bool pdcp_chain_supported = false;
 	bool ciph_then_auth = false;
 
-	if (roc_cpt->hw_caps[CPT_ENG_TYPE_SE].pdcp_chain)
-		pdcp_chain_supported = true;
-
 	if (xform == NULL)
 		return -EINVAL;
 
@@ -591,8 +586,7 @@ cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform,
 			case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 			case RTE_CRYPTO_AUTH_ZUC_EIA3:
 			case RTE_CRYPTO_AUTH_AES_CMAC:
-				if (!pdcp_chain_supported ||
-				    !is_valid_pdcp_cipher_alg(c_xfrm, sess))
+				if (!is_valid_pdcp_cipher_alg(c_xfrm, sess))
 					return -ENOTSUP;
 				break;
 			default:
@@ -627,8 +621,7 @@ cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform,
 		case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 		case RTE_CRYPTO_AUTH_ZUC_EIA3:
 		case RTE_CRYPTO_AUTH_AES_CMAC:
-			if (!pdcp_chain_supported ||
-			    !is_valid_pdcp_cipher_alg(c_xfrm, sess))
+			if (!is_valid_pdcp_cipher_alg(c_xfrm, sess))
 				return -ENOTSUP;
 			break;
 		default:
@@ -679,7 +672,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xfor
 	if (is_session_less)
 		memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
 
-	ret = cnxk_sess_fill(roc_cpt, xform, sess_priv);
+	ret = cnxk_sess_fill(xform, sess_priv);
 	if (ret)
 		goto priv_put;
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 07/15] crypto/cnxk: check for sg version in SE engine capabilities
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (5 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 06/15] crypto/cnxk: remove pdcp chain bit from capabilities Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 08/15] crypto/cnxk: fix control flow issues Tejasree Kondoj
                   ` (7 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Vidya Sagar Velumuri, Anoob Joseph, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, dev

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Check for supported SG version in SE engine capabilities.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index ac4a8c1572..fd91dec08f 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1619,7 +1619,7 @@ static void
 cn10k_crypto_caps_add(struct rte_cryptodev_capabilities cnxk_caps[],
 		     union cpt_eng_caps *hw_caps, int *cur_pos)
 {
-	if (hw_caps->sg_ver2) {
+	if (hw_caps[CPT_ENG_TYPE_SE].sg_ver2) {
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm3);
 		CPT_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, sm4);
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 08/15] crypto/cnxk: fix control flow issues
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (6 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 07/15] crypto/cnxk: check for sg version in SE engine capabilities Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 09/15] crypto/cnxk: make IV pointers as constant Tejasree Kondoj
                   ` (6 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Vidya Sagar Velumuri, Anoob Joseph, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, dev

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

This patch fixes below coverity issues.

Coverity issue: 393678
Fixes: 21c1c303148b ("crypto/cnxk: support SM4")

Coverity issue: 393679
Fixes: 21c1c303148b ("crypto/cnxk: support SM4")

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cnxk_se.h | 22 +++++-----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index edd929d330..bf70b0a57c 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -1070,7 +1070,6 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 		iv_len = 0;
 
 	encr_offset += iv_len;
-	enc_dlen = encr_data_len + encr_offset;
 	enc_dlen = RTE_ALIGN_CEIL(encr_data_len, 8) + encr_offset;
 
 	inputlen = enc_dlen;
@@ -2543,11 +2542,6 @@ fill_sm_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	char src[SRC_IOV_SIZE];
 	char dst[SRC_IOV_SIZE];
 	void *mdata = NULL;
-#ifdef CPT_ALWAYS_USE_SG_MODE
-	uint8_t inplace = 0;
-#else
-	uint8_t inplace = 1;
-#endif
 	uint32_t flags = 0;
 	int ret;
 
@@ -2577,11 +2571,9 @@ fill_sm_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 
 	fc_params.ctx = &sess->roc_se_ctx;
 
-	if (likely(!m_dst && inplace)) {
+	if (m_dst == NULL) {
 		fc_params.dst_iov = fc_params.src_iov = (void *)src;
-
 		prepare_iov_from_pkt_inplace(m_src, &fc_params, &flags);
-
 	} else {
 		/* Out of place processing */
 		fc_params.src_iov = (void *)src;
@@ -2594,14 +2586,10 @@ fill_sm_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 			goto err_exit;
 		}
 
-		if (unlikely(m_dst != NULL)) {
-			if (prepare_iov_from_pkt(m_dst, fc_params.dst_iov, 0)) {
-				plt_dp_err("Prepare dst iov failed for m_dst %p", m_dst);
-				ret = -EINVAL;
-				goto err_exit;
-			}
-		} else {
-			fc_params.dst_iov = (void *)src;
+		if (prepare_iov_from_pkt(m_dst, fc_params.dst_iov, 0)) {
+			plt_dp_err("Prepare dst iov failed for m_dst %p", m_dst);
+			ret = -EINVAL;
+			goto err_exit;
 		}
 	}
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 09/15] crypto/cnxk: make IV pointers as constant
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (7 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 08/15] crypto/cnxk: fix control flow issues Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 10/15] crypto/cnxk: set PDCP chain IV offset based on FVC Tejasree Kondoj
                   ` (5 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

Make IV pointers as constant.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
 drivers/common/cnxk/roc_se.h  |   4 +-
 drivers/crypto/cnxk/cnxk_se.h | 140 +++++++++++++++++++---------------
 2 files changed, 80 insertions(+), 64 deletions(-)

diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index d540d70616..2a5abd71cf 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -360,8 +360,8 @@ struct roc_se_fc_params {
 			struct roc_se_iov_ptr *dst_iov;
 		};
 	};
-	void *iv_buf;
-	void *auth_iv_buf;
+	const void *iv_buf;
+	const void *auth_iv_buf;
 	struct roc_se_ctx *ctx;
 	struct roc_se_buf_ptr meta_buf;
 	uint8_t cipher_iv_len;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index bf70b0a57c..b8998d401b 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -84,10 +84,10 @@ cpt_pack_iv(uint8_t *iv_src, uint8_t *iv_dst)
 }
 
 static inline void
-pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
-	     uint8_t pack_iv)
+pdcp_iv_copy(uint8_t *iv_d, const uint8_t *iv_s, const uint8_t pdcp_alg_type, uint8_t pack_iv)
 {
-	uint32_t *iv_s_temp, iv_temp[4];
+	const uint32_t *iv_s_temp;
+	uint32_t iv_temp[4];
 	int j;
 
 	if (unlikely(iv_s == NULL)) {
@@ -101,18 +101,37 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
 		 * and BigEndian, MC needs it as IV0 IV1 IV2 IV3
 		 */
 
-		iv_s_temp = (uint32_t *)iv_s;
+		iv_s_temp = (const uint32_t *)iv_s;
 
 		for (j = 0; j < 4; j++)
 			iv_temp[j] = iv_s_temp[3 - j];
 		memcpy(iv_d, iv_temp, 16);
 	} else if ((pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) ||
 		   pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_AES_CTR) {
+		memcpy(iv_d, iv_s, 16);
 		if (pack_iv) {
-			cpt_pack_iv(iv_s, iv_d);
-			memcpy(iv_d + 6, iv_s + 8, 17);
-		} else
-			memcpy(iv_d, iv_s, 16);
+			uint8_t iv_d23, iv_d24;
+
+			/* Save last two bytes as only 23B IV space is available */
+			iv_d23 = iv_d[23];
+			iv_d24 = iv_d[24];
+
+			/* Copy remaining part of IV */
+			memcpy(iv_d + 16, iv_s + 16, 25 - 16);
+
+			/* Swap IV */
+			roc_se_zuc_bytes_swap(iv_d, 25);
+
+			/* Pack IV */
+			cpt_pack_iv(iv_d, iv_d);
+
+			/* Move IV */
+			for (j = 6; j < 23; j++)
+				iv_d[j] = iv_d[j + 2];
+
+			iv_d[23] = iv_d23;
+			iv_d[24] = iv_d24;
+		}
 	}
 }
 
@@ -221,9 +240,9 @@ cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
 
 static __rte_always_inline int
 sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t offset_ctrl,
-	     uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type, int32_t inputlen,
-	     int32_t outputlen, uint32_t passthrough_len, uint32_t req_flags, int pdcp_flag,
-	     int decrypt)
+	     const uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type,
+	     int32_t inputlen, int32_t outputlen, uint32_t passthrough_len, uint32_t req_flags,
+	     int pdcp_flag, int decrypt)
 {
 	struct roc_sglist_comp *gather_comp, *scatter_comp;
 	void *m_vaddr = params->meta_buf.vaddr;
@@ -412,9 +431,9 @@ sg_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t
 
 static __rte_always_inline int
 sg2_inst_prep(struct roc_se_fc_params *params, struct cpt_inst_s *inst, uint64_t offset_ctrl,
-	      uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type, int32_t inputlen,
-	      int32_t outputlen, uint32_t passthrough_len, uint32_t req_flags, int pdcp_flag,
-	      int decrypt)
+	      const uint8_t *iv_s, int iv_len, uint8_t pack_iv, uint8_t pdcp_alg_type,
+	      int32_t inputlen, int32_t outputlen, uint32_t passthrough_len, uint32_t req_flags,
+	      int pdcp_flag, int decrypt)
 {
 	struct roc_sg2list_comp *gather_comp, *scatter_comp;
 	void *m_vaddr = params->meta_buf.vaddr;
@@ -831,9 +850,9 @@ cpt_digest_gen_sg_ver2_prep(uint32_t flags, uint64_t d_lens, struct roc_se_fc_pa
 static inline int
 pdcp_chain_sg1_prep(struct roc_se_fc_params *params, struct roc_se_ctx *cpt_ctx,
 		    struct cpt_inst_s *inst, union cpt_inst_w4 w4, int32_t inputlen,
-		    uint8_t hdr_len, uint64_t offset_ctrl, uint32_t req_flags, uint8_t *cipher_iv,
-		    uint8_t *auth_iv, const int pack_iv, const uint8_t pdcp_ci_alg,
-		    const uint8_t pdcp_auth_alg)
+		    uint8_t hdr_len, uint64_t offset_ctrl, uint32_t req_flags,
+		    const uint8_t *cipher_iv, const uint8_t *auth_iv, const int pack_iv,
+		    const uint8_t pdcp_ci_alg, const uint8_t pdcp_auth_alg)
 {
 	struct roc_sglist_comp *scatter_comp, *gather_comp;
 	void *m_vaddr = params->meta_buf.vaddr;
@@ -940,9 +959,9 @@ pdcp_chain_sg1_prep(struct roc_se_fc_params *params, struct roc_se_ctx *cpt_ctx,
 static inline int
 pdcp_chain_sg2_prep(struct roc_se_fc_params *params, struct roc_se_ctx *cpt_ctx,
 		    struct cpt_inst_s *inst, union cpt_inst_w4 w4, int32_t inputlen,
-		    uint8_t hdr_len, uint64_t offset_ctrl, uint32_t req_flags, uint8_t *cipher_iv,
-		    uint8_t *auth_iv, const int pack_iv, const uint8_t pdcp_ci_alg,
-		    const uint8_t pdcp_auth_alg)
+		    uint8_t hdr_len, uint64_t offset_ctrl, uint32_t req_flags,
+		    const uint8_t *cipher_iv, const uint8_t *auth_iv, const int pack_iv,
+		    const uint8_t pdcp_ci_alg, const uint8_t pdcp_auth_alg)
 {
 	struct roc_sg2list_comp *gather_comp, *scatter_comp;
 	void *m_vaddr = params->meta_buf.vaddr;
@@ -1051,12 +1070,12 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 	int32_t inputlen, outputlen, enc_dlen;
 	union cpt_inst_w4 cpt_inst_w4;
 	uint32_t passthrough_len = 0;
+	const uint8_t *src = NULL;
 	struct roc_se_ctx *se_ctx;
 	uint32_t encr_data_len;
 	uint32_t encr_offset;
 	uint64_t offset_ctrl;
 	uint8_t iv_len = 16;
-	uint8_t *src = NULL;
 	void *offset_vaddr;
 	int ret;
 
@@ -1109,7 +1128,7 @@ cpt_sm_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens, struct roc_se_fc_p
 
 		if (likely(iv_len)) {
 			void *dst = PLT_PTR_ADD(offset_vaddr, ROC_SE_OFF_CTRL_LEN);
-			uint64_t *src = fc_params->iv_buf;
+			const uint64_t *src = fc_params->iv_buf;
 
 			rte_memcpy(dst, src, 16);
 		}
@@ -1142,20 +1161,19 @@ cpt_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 		  struct roc_se_fc_params *fc_params, struct cpt_inst_s *inst,
 		  const bool is_sg_ver2)
 {
-	uint32_t iv_offset = 0;
+	uint32_t encr_data_len, auth_data_len, aad_len = 0;
+	uint32_t encr_offset, auth_offset, iv_offset = 0;
 	int32_t inputlen, outputlen, enc_dlen, auth_dlen;
-	struct roc_se_ctx *se_ctx;
 	uint32_t cipher_type, hash_type;
-	uint32_t mac_len;
-	uint8_t iv_len = 16;
-	uint32_t encr_offset, auth_offset;
-	uint64_t offset_ctrl;
-	uint32_t encr_data_len, auth_data_len, aad_len = 0;
-	uint32_t passthrough_len = 0;
 	union cpt_inst_w4 cpt_inst_w4;
+	uint32_t passthrough_len = 0;
+	const uint8_t *src = NULL;
+	struct roc_se_ctx *se_ctx;
+	uint64_t offset_ctrl;
+	uint8_t iv_len = 16;
 	void *offset_vaddr;
 	uint8_t op_minor;
-	uint8_t *src = NULL;
+	uint32_t mac_len;
 	int ret;
 
 	encr_offset = ROC_SE_ENCR_OFFSET(d_offs);
@@ -1279,7 +1297,7 @@ cpt_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 		if (likely(iv_len)) {
 			uint64_t *dest =
 				(uint64_t *)((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN);
-			uint64_t *src = fc_params->iv_buf;
+			const uint64_t *src = fc_params->iv_buf;
 			dest[0] = src[0];
 			dest[1] = src[1];
 		}
@@ -1312,19 +1330,18 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 		  struct roc_se_fc_params *fc_params, struct cpt_inst_s *inst,
 		  const bool is_sg_ver2)
 {
-	uint32_t iv_offset = 0;
+	uint32_t encr_data_len, auth_data_len, aad_len = 0;
+	uint32_t encr_offset, auth_offset, iv_offset = 0;
 	int32_t inputlen, outputlen, enc_dlen, auth_dlen;
-	struct roc_se_ctx *se_ctx;
+	union cpt_inst_w4 cpt_inst_w4;
+	uint32_t passthrough_len = 0;
 	int32_t hash_type, mac_len;
+	const uint8_t *src = NULL;
+	struct roc_se_ctx *se_ctx;
+	uint64_t offset_ctrl;
 	uint8_t iv_len = 16;
-	uint32_t encr_offset, auth_offset;
-	uint32_t encr_data_len, auth_data_len, aad_len = 0;
-	uint32_t passthrough_len = 0;
-	union cpt_inst_w4 cpt_inst_w4;
 	void *offset_vaddr;
 	uint8_t op_minor;
-	uint64_t offset_ctrl;
-	uint8_t *src = NULL;
 	int ret;
 
 	encr_offset = ROC_SE_ENCR_OFFSET(d_offs);
@@ -1437,7 +1454,7 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 		if (likely(iv_len)) {
 			uint64_t *dest =
 				(uint64_t *)((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN);
-			uint64_t *src = fc_params->iv_buf;
+			const uint64_t *src = fc_params->iv_buf;
 			dest[0] = src[0];
 			dest[1] = src[1];
 		}
@@ -1472,7 +1489,7 @@ cpt_pdcp_chain_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 {
 	uint32_t encr_data_len, auth_data_len, aad_len, passthr_len, pad_len, hdr_len;
 	uint32_t encr_offset, auth_offset, iv_offset = 0;
-	uint8_t *auth_iv = NULL, *cipher_iv = NULL;
+	const uint8_t *auth_iv = NULL, *cipher_iv = NULL;
 	uint8_t pdcp_ci_alg, pdcp_auth_alg;
 	union cpt_inst_w4 cpt_inst_w4;
 	struct roc_se_ctx *se_ctx;
@@ -1581,18 +1598,18 @@ static __rte_always_inline int
 cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 		  struct roc_se_fc_params *params, struct cpt_inst_s *inst, const bool is_sg_ver2)
 {
+	uint32_t encr_data_len, auth_data_len;
+	uint32_t encr_offset, auth_offset;
+	union cpt_inst_w4 cpt_inst_w4;
 	int32_t inputlen, outputlen;
 	struct roc_se_ctx *se_ctx;
-	uint32_t mac_len = 0;
-	uint8_t pdcp_alg_type;
-	uint32_t encr_offset, auth_offset;
-	uint32_t encr_data_len, auth_data_len;
-	int flags, iv_len;
-	uint64_t offset_ctrl;
 	uint64_t *offset_vaddr;
-	uint8_t *iv_s;
+	uint8_t pdcp_alg_type;
+	uint32_t mac_len = 0;
+	const uint8_t *iv_s;
 	uint8_t pack_iv = 0;
-	union cpt_inst_w4 cpt_inst_w4;
+	uint64_t offset_ctrl;
+	int flags, iv_len;
 	int ret;
 
 	se_ctx = params->ctx;
@@ -1617,7 +1634,6 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 			iv_len = params->auth_iv_len;
 
 			if (iv_len == 25) {
-				roc_se_zuc_bytes_swap(iv_s, iv_len);
 				iv_len -= 2;
 				pack_iv = 1;
 			}
@@ -1653,7 +1669,6 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 		pdcp_alg_type = se_ctx->pdcp_ci_alg;
 
 		if (iv_len == 25) {
-			roc_se_zuc_bytes_swap(iv_s, iv_len);
 			iv_len -= 2;
 			pack_iv = 1;
 		}
@@ -1739,16 +1754,16 @@ static __rte_always_inline int
 cpt_kasumi_enc_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 		    struct roc_se_fc_params *params, struct cpt_inst_s *inst, const bool is_sg_ver2)
 {
+	uint32_t encr_data_len, auth_data_len;
 	int32_t inputlen = 0, outputlen = 0;
+	uint32_t encr_offset, auth_offset;
+	const uint8_t *iv_s, iv_len = 8;
+	union cpt_inst_w4 cpt_inst_w4;
 	struct roc_se_ctx *se_ctx;
+	uint64_t offset_ctrl;
 	uint32_t mac_len = 0;
-	uint32_t encr_offset, auth_offset;
-	uint32_t encr_data_len, auth_data_len;
-	int flags;
-	uint8_t *iv_s, iv_len = 8;
 	uint8_t dir = 0;
-	uint64_t offset_ctrl;
-	union cpt_inst_w4 cpt_inst_w4;
+	int flags;
 
 	encr_offset = ROC_SE_ENCR_OFFSET(d_offs) / 8;
 	auth_offset = ROC_SE_AUTH_OFFSET(d_offs) / 8;
@@ -1756,17 +1771,15 @@ cpt_kasumi_enc_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 	auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
 
 	se_ctx = params->ctx;
-	iv_s = params->iv_buf;
 	flags = se_ctx->zsk_flags;
 	mac_len = se_ctx->mac_len;
 
-	dir = iv_s[8] & 0x1;
 	cpt_inst_w4.u64 = se_ctx->template_w4.u64;
 
 	if (flags == 0x0) {
+		iv_s = params->iv_buf;
 		/* Consider IV len */
 		encr_offset += iv_len;
-		auth_offset += iv_len;
 
 		inputlen = encr_offset + (RTE_ALIGN(encr_data_len, 8) / 8);
 		outputlen = inputlen;
@@ -1778,6 +1791,9 @@ cpt_kasumi_enc_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 			return -1;
 		}
 	} else {
+		iv_s = params->auth_iv_buf;
+		dir = iv_s[8] & 0x1;
+
 		inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
 		outputlen = mac_len;
 		/* iv offset is 0 */
@@ -3206,7 +3222,7 @@ fill_digest_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 
 			/* Store it at end of auth iv */
 			iv_buf[8] = direction;
-			params.iv_buf = iv_buf;
+			params.auth_iv_buf = iv_buf;
 		}
 	}
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 10/15] crypto/cnxk: set PDCP chain IV offset based on FVC
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (8 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 09/15] crypto/cnxk: make IV pointers as constant Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 11/15] crypto/cnxk: minor shuffling in the sess structure Tejasree Kondoj
                   ` (4 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

Set PDCP chain IV offset based on zuc 256 firmware

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 drivers/common/cnxk/hw/cpt.h             |  4 +++-
 drivers/common/cnxk/roc_se.h             |  3 +++
 drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 10 ++++++++--
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h |  5 +++--
 drivers/crypto/cnxk/cnxk_se.h            | 16 ++++++++++------
 5 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 96a863322a..cad4ed7e79 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -78,7 +78,9 @@ union cpt_eng_caps {
 		uint64_t __io sm4 : 1;
 		uint64_t __io reserved_23_34 : 12;
 		uint64_t __io sg_ver2 : 1;
-		uint64_t __io reserved_36_63 : 28;
+		uint64_t __io reserved36 : 1;
+		uint64_t __io pdcp_chain_zuc256 : 1;
+		uint64_t __io reserved_38_63 : 26;
 	};
 };
 
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 2a5abd71cf..d8cbd58c9a 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -323,6 +323,8 @@ struct roc_se_ctx {
 	uint64_t ciph_then_auth : 1;
 	uint64_t auth_then_ciph : 1;
 	uint64_t eia2 : 1;
+	/* auth_iv_offset passed to PDCP_CHAIN opcode based on FVC bit */
+	uint8_t pdcp_iv_offset;
 	union cpt_inst_w4 template_w4;
 	/* Below fields are accessed by hardware */
 	struct se_ctx_s {
@@ -366,6 +368,7 @@ struct roc_se_fc_params {
 	struct roc_se_buf_ptr meta_buf;
 	uint8_t cipher_iv_len;
 	uint8_t auth_iv_len;
+	uint8_t pdcp_iv_offset;
 
 	struct roc_se_buf_ptr aad_buf;
 	struct roc_se_buf_ptr mac_buf;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
index 99bf853234..82938c77c8 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c
@@ -484,13 +484,19 @@ is_valid_pdcp_cipher_alg(struct rte_crypto_sym_xform *c_xfrm,
 }
 
 static int
-cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
+cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform,
+	       struct cnxk_se_sess *sess)
 {
 	struct rte_crypto_sym_xform *aead_xfrm = NULL;
 	struct rte_crypto_sym_xform *c_xfrm = NULL;
 	struct rte_crypto_sym_xform *a_xfrm = NULL;
 	bool ciph_then_auth = false;
 
+	if (roc_cpt->hw_caps[CPT_ENG_TYPE_SE].pdcp_chain_zuc256)
+		sess->roc_se_ctx.pdcp_iv_offset = 24;
+	else
+		sess->roc_se_ctx.pdcp_iv_offset = 16;
+
 	if (xform == NULL)
 		return -EINVAL;
 
@@ -672,7 +678,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xfor
 	if (is_session_less)
 		memset(sess_priv, 0, sizeof(struct cnxk_se_sess));
 
-	ret = cnxk_sess_fill(xform, sess_priv);
+	ret = cnxk_sess_fill(roc_cpt, xform, sess_priv);
 	if (ret)
 		goto priv_put;
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index 6ee4cbda70..3d1f9b8a48 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -16,8 +16,9 @@
 #include "roc_errata.h"
 #include "roc_se.h"
 
-#define CNXK_CPT_MIN_HEADROOM_REQ	 32
-#define CNXK_CPT_MIN_TAILROOM_REQ	 102
+/* Space for ctrl_word(8B), IV(48B), passthrough alignment(8B) */
+#define CNXK_CPT_MIN_HEADROOM_REQ 64
+#define CNXK_CPT_MIN_TAILROOM_REQ 102
 
 /* Default command timeout in seconds */
 #define DEFAULT_COMMAND_TIMEOUT 4
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index b8998d401b..fdc1f3651c 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -892,7 +892,7 @@ pdcp_chain_sg1_prep(struct roc_se_fc_params *params, struct roc_se_ctx *cpt_ctx,
 	pdcp_iv_copy(iv_d, cipher_iv, pdcp_ci_alg, pack_iv);
 
 	/* Auth IV */
-	iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + 16);
+	iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + params->pdcp_iv_offset);
 	pdcp_iv_copy(iv_d, auth_iv, pdcp_auth_alg, pack_iv);
 
 	/* input data */
@@ -998,7 +998,7 @@ pdcp_chain_sg2_prep(struct roc_se_fc_params *params, struct roc_se_ctx *cpt_ctx,
 	pdcp_iv_copy(iv_d, cipher_iv, pdcp_ci_alg, pack_iv);
 
 	/* Auth IV */
-	iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + 16);
+	iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + params->pdcp_iv_offset);
 	pdcp_iv_copy(iv_d, auth_iv, pdcp_auth_alg, pack_iv);
 
 	/* input data */
@@ -1490,11 +1490,12 @@ cpt_pdcp_chain_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 	uint32_t encr_data_len, auth_data_len, aad_len, passthr_len, pad_len, hdr_len;
 	uint32_t encr_offset, auth_offset, iv_offset = 0;
 	const uint8_t *auth_iv = NULL, *cipher_iv = NULL;
+	uint8_t pdcp_iv_off = params->pdcp_iv_offset;
+	const int iv_len = pdcp_iv_off * 2;
 	uint8_t pdcp_ci_alg, pdcp_auth_alg;
 	union cpt_inst_w4 cpt_inst_w4;
 	struct roc_se_ctx *se_ctx;
 	uint64_t *offset_vaddr;
-	const int iv_len = 32;
 	uint64_t offset_ctrl;
 	uint8_t pack_iv = 0;
 	int32_t inputlen;
@@ -1576,7 +1577,7 @@ cpt_pdcp_chain_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
 		iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN);
 		pdcp_iv_copy(iv_d, cipher_iv, pdcp_ci_alg, pack_iv);
 
-		iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + 16);
+		iv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + pdcp_iv_off);
 		pdcp_iv_copy(iv_d, auth_iv, pdcp_auth_alg, pack_iv);
 
 		inst->w4.u64 = cpt_inst_w4.u64;
@@ -2909,6 +2910,7 @@ fill_pdcp_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	fc_params.auth_iv_len = 0;
 	fc_params.iv_buf = NULL;
 	fc_params.auth_iv_buf = NULL;
+	fc_params.pdcp_iv_offset = sess->roc_se_ctx.pdcp_iv_offset;
 
 	if (likely(sess->iv_length))
 		fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset);
@@ -2995,6 +2997,7 @@ fill_pdcp_chain_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 	fc_params.auth_iv_len = sess->auth_iv_length;
 	fc_params.iv_buf = NULL;
 	fc_params.auth_iv_buf = NULL;
+	fc_params.pdcp_iv_offset = sess->roc_se_ctx.pdcp_iv_offset;
 
 	m_src = sym_op->m_src;
 	m_dst = sym_op->m_dst;
@@ -3197,8 +3200,9 @@ fill_digest_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
 		d_offs = auth_range_off;
 		auth_range_off = 0;
 		params.auth_iv_len = sess->auth_iv_length;
-		params.auth_iv_buf = rte_crypto_op_ctod_offset(
-			cop, uint8_t *, sess->auth_iv_offset);
+		params.auth_iv_buf =
+			rte_crypto_op_ctod_offset(cop, uint8_t *, sess->auth_iv_offset);
+		params.pdcp_iv_offset = sess->roc_se_ctx.pdcp_iv_offset;
 		if (sess->zsk_flag == ROC_SE_K_F9) {
 			uint32_t length_in_bits, num_bytes;
 			uint8_t *src, direction = 0;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 11/15] crypto/cnxk: minor shuffling in the sess structure
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (9 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 10/15] crypto/cnxk: set PDCP chain IV offset based on FVC Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 12/15] crypto/cnxk: add support for packets with cipher len zero Tejasree Kondoj
                   ` (3 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Vidya Sagar Velumuri, Anoob Joseph, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, dev

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Shuffle the fields in the session structure to make the fields byte
aligned

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cnxk_se.h | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index fdc1f3651c..1fbae54c76 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -31,30 +31,30 @@ enum cpt_dp_thread_type {
 
 struct cnxk_se_sess {
 	struct rte_cryptodev_sym_session rte_sess;
-	uint16_t cpt_op : 4;
-	uint16_t zsk_flag : 4;
-	uint16_t aes_gcm : 1;
-	uint16_t aes_ccm : 1;
-	uint16_t aes_ctr : 1;
-	uint16_t chacha_poly : 1;
-	uint16_t is_null : 1;
-	uint16_t is_gmac : 1;
-	uint16_t chained_op : 1;
-	uint16_t auth_first : 1;
-	uint16_t aes_ctr_eea2 : 1;
-	uint16_t zs_cipher : 4;
-	uint16_t zs_auth : 4;
-	uint16_t dp_thr_type : 8;
-	uint16_t aad_length;
+	uint8_t aes_gcm : 1;
+	uint8_t aes_ccm : 1;
+	uint8_t aes_ctr : 1;
+	uint8_t chacha_poly : 1;
+	uint8_t is_null : 1;
+	uint8_t is_gmac : 1;
+	uint8_t chained_op : 1;
+	uint8_t auth_first : 1;
+	uint8_t aes_ctr_eea2 : 1;
 	uint8_t is_sha3 : 1;
 	uint8_t short_iv : 1;
 	uint8_t is_sm3 : 1;
 	uint8_t passthrough : 1;
 	uint8_t is_sm4 : 1;
-	uint8_t rsvd : 3;
+	uint8_t rsvd : 2;
+	uint8_t cpt_op : 4;
+	uint8_t zsk_flag : 4;
+	uint8_t zs_cipher : 4;
+	uint8_t zs_auth : 4;
+	uint8_t dp_thr_type;
 	uint8_t mac_len;
 	uint8_t iv_length;
 	uint8_t auth_iv_length;
+	uint16_t aad_length;
 	uint16_t iv_offset;
 	uint16_t auth_iv_offset;
 	uint32_t salt;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 12/15] crypto/cnxk: add support for packets with cipher len zero
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (10 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 11/15] crypto/cnxk: minor shuffling in the sess structure Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 13/15] crypto/cnxk: add support for raw APIs Tejasree Kondoj
                   ` (2 subsequent siblings)
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Aakash Sasidharan, Anoob Joseph, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

From: Aakash Sasidharan <asasidharan@marvell.com>

For cipher only zero length packets, submit it to CPT with
passthrough opcode.

Signed-off-by: Aakash Sasidharan <asasidharan@marvell.com>
---
 drivers/crypto/cnxk/cnxk_se.h | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 1fbae54c76..f6884be5ad 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -45,7 +45,8 @@ struct cnxk_se_sess {
 	uint8_t is_sm3 : 1;
 	uint8_t passthrough : 1;
 	uint8_t is_sm4 : 1;
-	uint8_t rsvd : 2;
+	uint8_t cipher_only : 1;
+	uint8_t rsvd : 1;
 	uint8_t cpt_op : 4;
 	uint8_t zsk_flag : 4;
 	uint8_t zs_cipher : 4;
@@ -2192,6 +2193,7 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 		}
 	}
 
+	sess->cipher_only = 1;
 	sess->zsk_flag = zsk_flag;
 	sess->zs_cipher = zs_cipher;
 	sess->aes_gcm = 0;
@@ -3308,9 +3310,19 @@ static __rte_always_inline int __rte_hot
 cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cnxk_se_sess *sess,
 		  struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst, const bool is_sg_ver2)
 {
+	enum cpt_dp_thread_type dp_thr_type;
 	int ret;
 
-	switch (sess->dp_thr_type) {
+	dp_thr_type = sess->dp_thr_type;
+
+	/*
+	 * With cipher only, microcode expects that cipher length is non-zero. To accept such
+	 * instructions, send to CPT as passthrough.
+	 */
+	if (unlikely(sess->cipher_only && op->sym->cipher.data.length == 0))
+		dp_thr_type = CPT_DP_THREAD_TYPE_PT;
+
+	switch (dp_thr_type) {
 	case CPT_DP_THREAD_TYPE_PT:
 		ret = fill_passthrough_params(op, inst);
 		break;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 13/15] crypto/cnxk: add support for raw APIs
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (11 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 12/15] crypto/cnxk: add support for packets with cipher len zero Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-24  9:14   ` Akhil Goyal
  2023-09-21 11:48 ` [PATCH 14/15] crypto/cnxk: update the iv from proper param for gmac Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 15/15] test/crypto: enable raw crypto tests for crypto_cn10k Tejasree Kondoj
  14 siblings, 1 reply; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

From: Anoob Joseph <anoobj@marvell.com>

Add crypto RAW API support in cnxk PMD
Enable the flag to allow execution of raw test suite.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 459 ++++++++++++++++++++++
 drivers/crypto/cnxk/cnxk_cryptodev.c      |  20 +-
 drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   1 +
 drivers/crypto/cnxk/cnxk_se.h             | 293 ++++++++++++++
 4 files changed, 760 insertions(+), 13 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 75ad3b99f5..4b0becce0e 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -1066,6 +1066,461 @@ cn10k_cpt_dev_info_get(struct rte_cryptodev *dev,
 	}
 }
 
+static inline int
+cn10k_cpt_raw_fill_inst(struct cnxk_iov *iov, struct cnxk_cpt_qp *qp,
+			struct cnxk_sym_dp_ctx *dp_ctx, struct cpt_inst_s inst[],
+			struct cpt_inflight_req *infl_req, void *opaque, const bool is_sg_ver2)
+{
+	struct cnxk_se_sess *sess;
+	int ret;
+
+	const union cpt_res_s res = {
+		.cn10k.compcode = CPT_COMP_NOT_DONE,
+	};
+
+	inst[0].w0.u64 = 0;
+	inst[0].w2.u64 = 0;
+	inst[0].w3.u64 = 0;
+
+	sess = dp_ctx->sess;
+
+	switch (sess->dp_thr_type) {
+	case CPT_DP_THREAD_TYPE_PT:
+		ret = fill_raw_passthrough_params(iov, inst);
+		break;
+	case CPT_DP_THREAD_TYPE_FC_CHAIN:
+		ret = fill_raw_fc_params(iov, sess, &qp->meta_info, infl_req, &inst[0], false,
+					 false, is_sg_ver2);
+		break;
+	case CPT_DP_THREAD_TYPE_FC_AEAD:
+		ret = fill_raw_fc_params(iov, sess, &qp->meta_info, infl_req, &inst[0], false, true,
+					 is_sg_ver2);
+		break;
+	case CPT_DP_THREAD_AUTH_ONLY:
+		ret = fill_raw_digest_params(iov, sess, &qp->meta_info, infl_req, &inst[0],
+					     is_sg_ver2);
+		break;
+	default:
+		ret = -EINVAL;
+	}
+
+	if (unlikely(ret))
+		return 0;
+
+	inst[0].res_addr = (uint64_t)&infl_req->res;
+	__atomic_store_n(&infl_req->res.u64[0], res.u64[0], __ATOMIC_RELAXED);
+	infl_req->opaque = opaque;
+
+	inst[0].w7.u64 = sess->cpt_inst_w7;
+
+	return 1;
+}
+
+static uint32_t
+cn10k_cpt_raw_enqueue_burst(void *qpair, uint8_t *drv_ctx, struct rte_crypto_sym_vec *vec,
+			    union rte_crypto_sym_ofs ofs, void *user_data[], int *enqueue_status,
+			    const bool is_sgv2)
+{
+	uint16_t lmt_id, nb_allowed, nb_ops = vec->num;
+	uint64_t lmt_base, lmt_arg, io_addr, head;
+	struct cpt_inflight_req *infl_req;
+	struct cnxk_cpt_qp *qp = qpair;
+	struct cnxk_sym_dp_ctx *dp_ctx;
+	struct pending_queue *pend_q;
+	uint32_t count = 0, index;
+	union cpt_fc_write_s fc;
+	struct cpt_inst_s *inst;
+	uint64_t *fc_addr;
+	int ret, i;
+
+	pend_q = &qp->pend_q;
+	const uint64_t pq_mask = pend_q->pq_mask;
+
+	head = pend_q->head;
+	nb_allowed = pending_queue_free_cnt(head, pend_q->tail, pq_mask);
+	nb_ops = RTE_MIN(nb_ops, nb_allowed);
+
+	if (unlikely(nb_ops == 0))
+		return 0;
+
+	lmt_base = qp->lmtline.lmt_base;
+	io_addr = qp->lmtline.io_addr;
+	fc_addr = qp->lmtline.fc_addr;
+
+	const uint32_t fc_thresh = qp->lmtline.fc_thresh;
+
+	ROC_LMT_BASE_ID_GET(lmt_base, lmt_id);
+	inst = (struct cpt_inst_s *)lmt_base;
+
+	dp_ctx = (struct cnxk_sym_dp_ctx *)drv_ctx;
+again:
+	fc.u64[0] = __atomic_load_n(fc_addr, __ATOMIC_RELAXED);
+	if (unlikely(fc.s.qsize > fc_thresh)) {
+		i = 0;
+		goto pend_q_commit;
+	}
+
+	for (i = 0; i < RTE_MIN(PKTS_PER_LOOP, nb_ops); i++) {
+		struct cnxk_iov iov;
+
+		index = count + i;
+		infl_req = &pend_q->req_queue[head];
+		infl_req->op_flags = 0;
+
+		cnxk_raw_burst_to_iov(vec, &ofs, index, &iov);
+		ret = cn10k_cpt_raw_fill_inst(&iov, qp, dp_ctx, &inst[2 * i], infl_req,
+					      user_data[index], is_sgv2);
+		if (unlikely(ret != 1)) {
+			plt_dp_err("Could not process vec: %d", index);
+			if (i == 0 && count == 0)
+				return -1;
+			else if (i == 0)
+				goto pend_q_commit;
+			else
+				break;
+		}
+		pending_queue_advance(&head, pq_mask);
+	}
+
+	if (i > PKTS_PER_STEORL) {
+		lmt_arg = ROC_CN10K_CPT_LMT_ARG | (PKTS_PER_STEORL - 1) << 12 | (uint64_t)lmt_id;
+		roc_lmt_submit_steorl(lmt_arg, io_addr);
+		lmt_arg = ROC_CN10K_CPT_LMT_ARG | (i - PKTS_PER_STEORL - 1) << 12 |
+			  (uint64_t)(lmt_id + PKTS_PER_STEORL);
+		roc_lmt_submit_steorl(lmt_arg, io_addr);
+	} else {
+		lmt_arg = ROC_CN10K_CPT_LMT_ARG | (i - 1) << 12 | (uint64_t)lmt_id;
+		roc_lmt_submit_steorl(lmt_arg, io_addr);
+	}
+
+	rte_io_wmb();
+
+	if (nb_ops - i > 0 && i == PKTS_PER_LOOP) {
+		nb_ops -= i;
+		count += i;
+		goto again;
+	}
+
+pend_q_commit:
+	rte_atomic_thread_fence(__ATOMIC_RELEASE);
+
+	pend_q->head = head;
+	pend_q->time_out = rte_get_timer_cycles() + DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
+
+	*enqueue_status = 1;
+	return count + i;
+}
+
+static uint32_t
+cn10k_cpt_raw_enqueue_burst_sgv2(void *qpair, uint8_t *drv_ctx, struct rte_crypto_sym_vec *vec,
+				 union rte_crypto_sym_ofs ofs, void *user_data[],
+				 int *enqueue_status)
+{
+	return cn10k_cpt_raw_enqueue_burst(qpair, drv_ctx, vec, ofs, user_data, enqueue_status,
+					   true);
+}
+
+static uint32_t
+cn10k_cpt_raw_enqueue_burst_sgv1(void *qpair, uint8_t *drv_ctx, struct rte_crypto_sym_vec *vec,
+				 union rte_crypto_sym_ofs ofs, void *user_data[],
+				 int *enqueue_status)
+{
+	return cn10k_cpt_raw_enqueue_burst(qpair, drv_ctx, vec, ofs, user_data, enqueue_status,
+					   false);
+}
+
+static int
+cn10k_cpt_raw_enqueue(void *qpair, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
+		      uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
+		      struct rte_crypto_va_iova_ptr *iv, struct rte_crypto_va_iova_ptr *digest,
+		      struct rte_crypto_va_iova_ptr *aad_or_auth_iv, void *user_data,
+		      const bool is_sgv2)
+{
+	uint64_t lmt_base, lmt_arg, io_addr, head;
+	struct cpt_inflight_req *infl_req;
+	struct cnxk_cpt_qp *qp = qpair;
+	struct cnxk_sym_dp_ctx *dp_ctx;
+	uint16_t lmt_id, nb_allowed;
+	struct cpt_inst_s *inst;
+	union cpt_fc_write_s fc;
+	struct cnxk_iov iov;
+	uint64_t *fc_addr;
+	int ret;
+
+	struct pending_queue *pend_q = &qp->pend_q;
+	const uint64_t pq_mask = pend_q->pq_mask;
+	const uint32_t fc_thresh = qp->lmtline.fc_thresh;
+
+	head = pend_q->head;
+	nb_allowed = pending_queue_free_cnt(head, pend_q->tail, pq_mask);
+
+	if (unlikely(nb_allowed == 0))
+		return -1;
+
+	cnxk_raw_to_iov(data_vec, n_data_vecs, &ofs, iv, digest, aad_or_auth_iv, &iov);
+
+	lmt_base = qp->lmtline.lmt_base;
+	io_addr = qp->lmtline.io_addr;
+	fc_addr = qp->lmtline.fc_addr;
+
+	ROC_LMT_BASE_ID_GET(lmt_base, lmt_id);
+	inst = (struct cpt_inst_s *)lmt_base;
+
+	fc.u64[0] = __atomic_load_n(fc_addr, __ATOMIC_RELAXED);
+	if (unlikely(fc.s.qsize > fc_thresh))
+		return -1;
+
+	dp_ctx = (struct cnxk_sym_dp_ctx *)drv_ctx;
+	infl_req = &pend_q->req_queue[head];
+	infl_req->op_flags = 0;
+
+	ret = cn10k_cpt_raw_fill_inst(&iov, qp, dp_ctx, &inst[0], infl_req, user_data, is_sgv2);
+	if (unlikely(ret != 1)) {
+		plt_dp_err("Could not process vec");
+		return -1;
+	}
+
+	pending_queue_advance(&head, pq_mask);
+
+	lmt_arg = ROC_CN10K_CPT_LMT_ARG | (uint64_t)lmt_id;
+	roc_lmt_submit_steorl(lmt_arg, io_addr);
+
+	rte_io_wmb();
+
+	pend_q->head = head;
+	pend_q->time_out = rte_get_timer_cycles() + DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
+
+	return 1;
+}
+
+static int
+cn10k_cpt_raw_enqueue_sgv2(void *qpair, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
+			   uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
+			   struct rte_crypto_va_iova_ptr *iv, struct rte_crypto_va_iova_ptr *digest,
+			   struct rte_crypto_va_iova_ptr *aad_or_auth_iv, void *user_data)
+{
+	return cn10k_cpt_raw_enqueue(qpair, drv_ctx, data_vec, n_data_vecs, ofs, iv, digest,
+				     aad_or_auth_iv, user_data, true);
+}
+
+static int
+cn10k_cpt_raw_enqueue_sgv1(void *qpair, uint8_t *drv_ctx, struct rte_crypto_vec *data_vec,
+			   uint16_t n_data_vecs, union rte_crypto_sym_ofs ofs,
+			   struct rte_crypto_va_iova_ptr *iv, struct rte_crypto_va_iova_ptr *digest,
+			   struct rte_crypto_va_iova_ptr *aad_or_auth_iv, void *user_data)
+{
+	return cn10k_cpt_raw_enqueue(qpair, drv_ctx, data_vec, n_data_vecs, ofs, iv, digest,
+				     aad_or_auth_iv, user_data, false);
+}
+
+static inline int
+cn10k_cpt_raw_dequeue_post_process(struct cpt_cn10k_res_s *res)
+{
+	const uint8_t uc_compcode = res->uc_compcode;
+	const uint8_t compcode = res->compcode;
+	int ret = 1;
+
+	if (likely(compcode == CPT_COMP_GOOD)) {
+		if (unlikely(uc_compcode))
+			plt_dp_info("Request failed with microcode error: 0x%x", res->uc_compcode);
+		else
+			ret = 0;
+	}
+
+	return ret;
+}
+
+static uint32_t
+cn10k_cpt_sym_raw_dequeue_burst(void *qptr, uint8_t *drv_ctx,
+				rte_cryptodev_raw_get_dequeue_count_t get_dequeue_count,
+				uint32_t max_nb_to_dequeue,
+				rte_cryptodev_raw_post_dequeue_t post_dequeue, void **out_user_data,
+				uint8_t is_user_data_array, uint32_t *n_success,
+				int *dequeue_status)
+{
+	struct cpt_inflight_req *infl_req;
+	struct cnxk_cpt_qp *qp = qptr;
+	struct pending_queue *pend_q;
+	uint64_t infl_cnt, pq_tail;
+	union cpt_res_s res;
+	int is_op_success;
+	uint16_t nb_ops;
+	void *opaque;
+	int i = 0;
+
+	pend_q = &qp->pend_q;
+
+	const uint64_t pq_mask = pend_q->pq_mask;
+
+	RTE_SET_USED(drv_ctx);
+	pq_tail = pend_q->tail;
+	infl_cnt = pending_queue_infl_cnt(pend_q->head, pq_tail, pq_mask);
+
+	/* Ensure infl_cnt isn't read before data lands */
+	rte_atomic_thread_fence(__ATOMIC_ACQUIRE);
+
+	infl_req = &pend_q->req_queue[pq_tail];
+
+	opaque = infl_req->opaque;
+	if (get_dequeue_count)
+		nb_ops = get_dequeue_count(opaque);
+	else
+		nb_ops = max_nb_to_dequeue;
+	nb_ops = RTE_MIN(nb_ops, infl_cnt);
+
+	for (i = 0; i < nb_ops; i++) {
+		is_op_success = 0;
+		infl_req = &pend_q->req_queue[pq_tail];
+
+		res.u64[0] = __atomic_load_n(&infl_req->res.u64[0], __ATOMIC_RELAXED);
+
+		if (unlikely(res.cn10k.compcode == CPT_COMP_NOT_DONE)) {
+			if (unlikely(rte_get_timer_cycles() > pend_q->time_out)) {
+				plt_err("Request timed out");
+				cnxk_cpt_dump_on_err(qp);
+				pend_q->time_out = rte_get_timer_cycles() +
+						   DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
+			}
+			break;
+		}
+
+		pending_queue_advance(&pq_tail, pq_mask);
+
+		if (!cn10k_cpt_raw_dequeue_post_process(&res.cn10k)) {
+			is_op_success = 1;
+			*n_success += 1;
+		}
+
+		if (is_user_data_array) {
+			out_user_data[i] = infl_req->opaque;
+			post_dequeue(out_user_data[i], i, is_op_success);
+		} else {
+			if (i == 0)
+				out_user_data[0] = opaque;
+			post_dequeue(out_user_data[0], i, is_op_success);
+		}
+
+		if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_METABUF))
+			rte_mempool_put(qp->meta_info.pool, infl_req->mdata);
+	}
+
+	pend_q->tail = pq_tail;
+	*dequeue_status = 1;
+
+	return i;
+}
+
+static void *
+cn10k_cpt_sym_raw_dequeue(void *qptr, uint8_t *drv_ctx, int *dequeue_status,
+			  enum rte_crypto_op_status *op_status)
+{
+	struct cpt_inflight_req *infl_req;
+	struct cnxk_cpt_qp *qp = qptr;
+	struct pending_queue *pend_q;
+	uint64_t pq_tail;
+	union cpt_res_s res;
+	void *opaque = NULL;
+
+	pend_q = &qp->pend_q;
+
+	const uint64_t pq_mask = pend_q->pq_mask;
+
+	RTE_SET_USED(drv_ctx);
+
+	pq_tail = pend_q->tail;
+
+	rte_atomic_thread_fence(__ATOMIC_ACQUIRE);
+
+	infl_req = &pend_q->req_queue[pq_tail];
+
+	res.u64[0] = __atomic_load_n(&infl_req->res.u64[0], __ATOMIC_RELAXED);
+
+	if (unlikely(res.cn10k.compcode == CPT_COMP_NOT_DONE)) {
+		if (unlikely(rte_get_timer_cycles() > pend_q->time_out)) {
+			plt_err("Request timed out");
+			cnxk_cpt_dump_on_err(qp);
+			pend_q->time_out = rte_get_timer_cycles() +
+					   DEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();
+		}
+		goto exit;
+	}
+
+	pending_queue_advance(&pq_tail, pq_mask);
+
+	opaque = infl_req->opaque;
+
+	if (!cn10k_cpt_raw_dequeue_post_process(&res.cn10k))
+		*op_status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+	else
+		*op_status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+	if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_METABUF))
+		rte_mempool_put(qp->meta_info.pool, infl_req->mdata);
+
+	*dequeue_status = 1;
+exit:
+	return opaque;
+}
+
+static int
+cn10k_sym_get_raw_dp_ctx_size(struct rte_cryptodev *dev __rte_unused)
+{
+	return sizeof(struct cnxk_sym_dp_ctx);
+}
+
+static int
+cn10k_sym_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
+			       struct rte_crypto_raw_dp_ctx *raw_dp_ctx,
+			       enum rte_crypto_op_sess_type sess_type,
+			       union rte_cryptodev_session_ctx session_ctx, uint8_t is_update)
+{
+	struct cnxk_se_sess *sess = (struct cnxk_se_sess *)session_ctx.crypto_sess;
+	struct cnxk_sym_dp_ctx *dp_ctx;
+
+	if (sess_type != RTE_CRYPTO_OP_WITH_SESSION)
+		return -ENOTSUP;
+
+	if (sess == NULL)
+		return -EINVAL;
+
+	if ((sess->dp_thr_type == CPT_DP_THREAD_TYPE_PDCP) ||
+	    (sess->dp_thr_type == CPT_DP_THREAD_TYPE_PDCP_CHAIN) ||
+	    (sess->dp_thr_type == CPT_DP_THREAD_TYPE_KASUMI))
+		return -ENOTSUP;
+
+	if ((sess->dp_thr_type == CPT_DP_THREAD_AUTH_ONLY) &&
+	    ((sess->roc_se_ctx.fc_type == ROC_SE_KASUMI) ||
+	     (sess->roc_se_ctx.fc_type == ROC_SE_PDCP)))
+		return -ENOTSUP;
+
+	if ((sess->roc_se_ctx.hash_type == ROC_SE_GMAC_TYPE) ||
+	    (sess->roc_se_ctx.hash_type == ROC_SE_SHA1_TYPE))
+		return -ENOTSUP;
+
+	dp_ctx = (struct cnxk_sym_dp_ctx *)raw_dp_ctx->drv_ctx_data;
+	dp_ctx->sess = sess;
+
+	if (!is_update) {
+		struct cnxk_cpt_vf *vf;
+
+		raw_dp_ctx->qp_data = (struct cnxk_cpt_qp *)dev->data->queue_pairs[qp_id];
+		raw_dp_ctx->dequeue = cn10k_cpt_sym_raw_dequeue;
+		raw_dp_ctx->dequeue_burst = cn10k_cpt_sym_raw_dequeue_burst;
+
+		vf = dev->data->dev_private;
+		if (vf->cpt.hw_caps[CPT_ENG_TYPE_SE].sg_ver2 &&
+		    vf->cpt.hw_caps[CPT_ENG_TYPE_IE].sg_ver2) {
+			raw_dp_ctx->enqueue = cn10k_cpt_raw_enqueue_sgv2;
+			raw_dp_ctx->enqueue_burst = cn10k_cpt_raw_enqueue_burst_sgv2;
+		} else {
+			raw_dp_ctx->enqueue = cn10k_cpt_raw_enqueue_sgv1;
+			raw_dp_ctx->enqueue_burst = cn10k_cpt_raw_enqueue_burst_sgv1;
+		}
+	}
+
+	return 0;
+}
+
 struct rte_cryptodev_ops cn10k_cpt_ops = {
 	/* Device control ops */
 	.dev_configure = cnxk_cpt_dev_config,
@@ -1092,4 +1547,8 @@ struct rte_cryptodev_ops cn10k_cpt_ops = {
 	/* Event crypto ops */
 	.session_ev_mdata_set = cn10k_cpt_crypto_adapter_ev_mdata_set,
 	.queue_pair_event_error_query = cnxk_cpt_queue_pair_event_error_query,
+
+	/* Raw data-path API related operations */
+	.sym_get_raw_dp_ctx_size = cn10k_sym_get_raw_dp_ctx_size,
+	.sym_configure_raw_dp_ctx = cn10k_sym_configure_raw_dp_ctx,
 };
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c
index 4fa1907cea..4819a14184 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -13,22 +13,16 @@
 uint64_t
 cnxk_cpt_default_ff_get(void)
 {
-	uint64_t ff = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-		      RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
-		      RTE_CRYPTODEV_FF_HW_ACCELERATED |
-		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
+	uint64_t ff = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
+		      RTE_CRYPTODEV_FF_HW_ACCELERATED | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
 		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
-		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-		      RTE_CRYPTODEV_FF_IN_PLACE_SGL |
-		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
-		      RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
-		      RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
-		      RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
-		      RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED |
-		      RTE_CRYPTODEV_FF_SECURITY;
+		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_IN_PLACE_SGL |
+		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
+		      RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
+		      RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | RTE_CRYPTODEV_FF_SECURITY;
 
 	if (roc_model_is_cn10k())
-		ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM;
+		ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM | RTE_CRYPTODEV_FF_SYM_RAW_DP;
 
 	return ff;
 }
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
index 3d1f9b8a48..c6bb8023ea 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.h
@@ -45,6 +45,7 @@ struct cpt_qp_meta_info {
 struct cpt_inflight_req {
 	union cpt_res_s res;
 	union {
+		void *opaque;
 		struct rte_crypto_op *cop;
 		struct rte_event_vector *vec;
 	};
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index f6884be5ad..f05c5078d6 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -66,6 +66,23 @@ struct cnxk_se_sess {
 	struct roc_cpt_lf *lf;
 } __rte_aligned(ROC_ALIGN);
 
+struct cnxk_sym_dp_ctx {
+	struct cnxk_se_sess *sess;
+};
+
+struct cnxk_iov {
+	char src[SRC_IOV_SIZE];
+	char dst[SRC_IOV_SIZE];
+	void *iv_buf;
+	void *aad_buf;
+	void *mac_buf;
+	uint16_t c_head;
+	uint16_t c_tail;
+	uint16_t a_head;
+	uint16_t a_tail;
+	int data_len;
+};
+
 static __rte_always_inline int fill_sess_gmac(struct rte_crypto_sym_xform *xform,
 					      struct cnxk_se_sess *sess);
 
@@ -3358,4 +3375,280 @@ cpt_sym_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cnxk_
 	return ret;
 }
 
+static __rte_always_inline uint32_t
+prepare_iov_from_raw_vec(struct rte_crypto_vec *vec, struct roc_se_iov_ptr *iovec, uint32_t num)
+{
+	uint32_t i, total_len = 0;
+
+	for (i = 0; i < num; i++) {
+		iovec->bufs[i].vaddr = vec[i].base;
+		iovec->bufs[i].size = vec[i].len;
+
+		total_len += vec[i].len;
+	}
+
+	iovec->buf_cnt = i;
+	return total_len;
+}
+
+static __rte_always_inline void
+cnxk_raw_burst_to_iov(struct rte_crypto_sym_vec *vec, union rte_crypto_sym_ofs *ofs, int index,
+		      struct cnxk_iov *iov)
+{
+	iov->iv_buf = vec->iv[index].va;
+	iov->aad_buf = vec->aad[index].va;
+	iov->mac_buf = vec->digest[index].va;
+
+	iov->data_len =
+		prepare_iov_from_raw_vec(vec->src_sgl[index].vec, (struct roc_se_iov_ptr *)iov->src,
+					 vec->src_sgl[index].num);
+
+	if (vec->dest_sgl == NULL)
+		prepare_iov_from_raw_vec(vec->src_sgl[index].vec, (struct roc_se_iov_ptr *)iov->dst,
+					 vec->src_sgl[index].num);
+	else
+		prepare_iov_from_raw_vec(vec->dest_sgl[index].vec,
+					 (struct roc_se_iov_ptr *)iov->dst,
+					 vec->dest_sgl[index].num);
+
+	iov->c_head = ofs->ofs.cipher.head;
+	iov->c_tail = ofs->ofs.cipher.tail;
+
+	iov->a_head = ofs->ofs.auth.head;
+	iov->a_tail = ofs->ofs.auth.tail;
+}
+
+static __rte_always_inline void
+cnxk_raw_to_iov(struct rte_crypto_vec *data_vec, uint16_t n_vecs, union rte_crypto_sym_ofs *ofs,
+		struct rte_crypto_va_iova_ptr *iv, struct rte_crypto_va_iova_ptr *digest,
+		struct rte_crypto_va_iova_ptr *aad, struct cnxk_iov *iov)
+{
+	iov->iv_buf = iv->va;
+	iov->aad_buf = aad->va;
+	iov->mac_buf = digest->va;
+
+	iov->data_len =
+		prepare_iov_from_raw_vec(data_vec, (struct roc_se_iov_ptr *)iov->src, n_vecs);
+	prepare_iov_from_raw_vec(data_vec, (struct roc_se_iov_ptr *)iov->dst, n_vecs);
+
+	iov->c_head = ofs->ofs.cipher.head;
+	iov->c_tail = ofs->ofs.cipher.tail;
+
+	iov->a_head = ofs->ofs.auth.head;
+	iov->a_tail = ofs->ofs.auth.tail;
+}
+
+static inline void
+raw_memcpy(struct cnxk_iov *iov)
+{
+	struct roc_se_iov_ptr *src = (struct roc_se_iov_ptr *)iov->src;
+	struct roc_se_iov_ptr *dst = (struct roc_se_iov_ptr *)iov->dst;
+	int num = src->buf_cnt;
+	int i;
+
+	/* skip copy in case of inplace */
+	if (dst->bufs[0].vaddr == src->bufs[0].vaddr)
+		return;
+
+	for (i = 0; i < num; i++) {
+		rte_memcpy(dst->bufs[i].vaddr, src->bufs[i].vaddr, src->bufs[i].size);
+		dst->bufs[i].size = src->bufs[i].size;
+	}
+}
+
+static inline int
+fill_raw_passthrough_params(struct cnxk_iov *iov, struct cpt_inst_s *inst)
+{
+	const union cpt_inst_w4 w4 = {
+		.s.opcode_major = ROC_SE_MAJOR_OP_MISC,
+		.s.opcode_minor = ROC_SE_MISC_MINOR_OP_PASSTHROUGH,
+		.s.param1 = 1,
+		.s.param2 = 1,
+		.s.dlen = 0,
+	};
+
+	inst->w0.u64 = 0;
+	inst->w5.u64 = 0;
+	inst->w4.u64 = w4.u64;
+
+	raw_memcpy(iov);
+
+	return 0;
+}
+
+static __rte_always_inline int
+fill_raw_fc_params(struct cnxk_iov *iov, struct cnxk_se_sess *sess, struct cpt_qp_meta_info *m_info,
+		   struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst, const bool is_kasumi,
+		   const bool is_aead, const bool is_sg_ver2)
+{
+	uint32_t cipher_len, auth_len = 0;
+	struct roc_se_fc_params fc_params;
+	uint8_t cpt_op = sess->cpt_op;
+	uint64_t d_offs, d_lens;
+	uint8_t ccm_iv_buf[16];
+	uint32_t flags = 0;
+	void *mdata = NULL;
+	uint32_t iv_buf[4];
+	int ret;
+
+	fc_params.cipher_iv_len = sess->iv_length;
+	fc_params.ctx = &sess->roc_se_ctx;
+	fc_params.auth_iv_buf = NULL;
+	fc_params.auth_iv_len = 0;
+	fc_params.mac_buf.size = 0;
+	fc_params.mac_buf.vaddr = 0;
+	fc_params.iv_buf = NULL;
+
+	if (likely(is_kasumi || sess->iv_length)) {
+		flags |= ROC_SE_VALID_IV_BUF;
+		fc_params.iv_buf = iov->iv_buf;
+
+		if (sess->short_iv) {
+			memcpy((uint8_t *)iv_buf, iov->iv_buf, 12);
+			iv_buf[3] = rte_cpu_to_be_32(0x1);
+			fc_params.iv_buf = iv_buf;
+		}
+
+		if (sess->aes_ccm) {
+			memcpy((uint8_t *)ccm_iv_buf, iov->iv_buf, sess->iv_length + 1);
+			ccm_iv_buf[0] = 14 - sess->iv_length;
+			fc_params.iv_buf = ccm_iv_buf;
+		}
+	}
+
+	fc_params.src_iov = (void *)iov->src;
+	fc_params.dst_iov = (void *)iov->dst;
+
+	cipher_len = iov->data_len - iov->c_head - iov->c_tail;
+	auth_len = iov->data_len - iov->a_head - iov->a_tail;
+
+	d_offs = (iov->c_head << 16) | iov->a_head;
+	d_lens = ((uint64_t)cipher_len << 32) | auth_len;
+
+	if (is_aead) {
+		uint16_t aad_len = sess->aad_length;
+
+		if (likely(aad_len == 0)) {
+			d_offs = (iov->c_head << 16) | iov->c_head;
+			d_lens = ((uint64_t)cipher_len << 32) | cipher_len;
+		} else {
+			flags |= ROC_SE_VALID_AAD_BUF;
+			fc_params.aad_buf.size = sess->aad_length;
+			/* For AES CCM, AAD is written 18B after aad.data as per API */
+			if (sess->aes_ccm)
+				fc_params.aad_buf.vaddr = PLT_PTR_ADD((uint8_t *)iov->aad_buf, 18);
+			else
+				fc_params.aad_buf.vaddr = iov->aad_buf;
+
+			d_offs = (iov->c_head << 16);
+			d_lens = ((uint64_t)cipher_len << 32);
+		}
+	}
+
+	if (likely(sess->mac_len)) {
+		flags |= ROC_SE_VALID_MAC_BUF;
+		fc_params.mac_buf.size = sess->mac_len;
+		fc_params.mac_buf.vaddr = iov->mac_buf;
+	}
+
+	fc_params.meta_buf.vaddr = NULL;
+	mdata = alloc_op_meta(&fc_params.meta_buf, m_info->mlen, m_info->pool, infl_req);
+	if (mdata == NULL) {
+		plt_dp_err("Error allocating meta buffer for request");
+		return -ENOMEM;
+	}
+
+	if (is_kasumi) {
+		if (cpt_op & ROC_SE_OP_ENCODE)
+			ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, &fc_params, inst,
+						is_sg_ver2);
+		else
+			ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, &fc_params, inst,
+						is_sg_ver2);
+	} else {
+		if (cpt_op & ROC_SE_OP_ENCODE)
+			ret = cpt_enc_hmac_prep(flags, d_offs, d_lens, &fc_params, inst,
+						is_sg_ver2);
+		else
+			ret = cpt_dec_hmac_prep(flags, d_offs, d_lens, &fc_params, inst,
+						is_sg_ver2);
+	}
+
+	if (unlikely(ret)) {
+		plt_dp_err("Preparing request failed due to bad input arg");
+		goto free_mdata_and_exit;
+	}
+
+	return 0;
+
+free_mdata_and_exit:
+	rte_mempool_put(m_info->pool, infl_req->mdata);
+	return ret;
+}
+
+static __rte_always_inline int
+fill_raw_digest_params(struct cnxk_iov *iov, struct cnxk_se_sess *sess,
+		       struct cpt_qp_meta_info *m_info, struct cpt_inflight_req *infl_req,
+		       struct cpt_inst_s *inst, const bool is_sg_ver2)
+{
+	uint16_t auth_op = sess->cpt_op & ROC_SE_OP_AUTH_MASK;
+	struct roc_se_fc_params fc_params;
+	uint16_t mac_len = sess->mac_len;
+	uint64_t d_offs, d_lens;
+	uint32_t auth_len = 0;
+	uint32_t flags = 0;
+	void *mdata = NULL;
+	uint32_t space = 0;
+	int ret;
+
+	memset(&fc_params, 0, sizeof(struct roc_se_fc_params));
+	fc_params.cipher_iv_len = sess->iv_length;
+	fc_params.ctx = &sess->roc_se_ctx;
+
+	mdata = alloc_op_meta(&fc_params.meta_buf, m_info->mlen, m_info->pool, infl_req);
+	if (mdata == NULL) {
+		plt_dp_err("Error allocating meta buffer for request");
+		ret = -ENOMEM;
+		goto err_exit;
+	}
+
+	flags |= ROC_SE_VALID_MAC_BUF;
+	fc_params.src_iov = (void *)iov->src;
+	auth_len = iov->data_len - iov->a_head - iov->a_tail;
+	d_lens = auth_len;
+	d_offs = iov->a_head;
+
+	if (auth_op == ROC_SE_OP_AUTH_GENERATE) {
+		fc_params.mac_buf.size = sess->mac_len;
+		fc_params.mac_buf.vaddr = iov->mac_buf;
+	} else {
+		uint64_t *op = mdata;
+
+		/* Need space for storing generated mac */
+		space += 2 * sizeof(uint64_t);
+
+		fc_params.mac_buf.vaddr = (uint8_t *)mdata + space;
+		fc_params.mac_buf.size = mac_len;
+		space += RTE_ALIGN_CEIL(mac_len, 8);
+		op[0] = (uintptr_t)iov->mac_buf;
+		op[1] = mac_len;
+		infl_req->op_flags |= CPT_OP_FLAGS_AUTH_VERIFY;
+	}
+
+	fc_params.meta_buf.vaddr = (uint8_t *)mdata + space;
+	fc_params.meta_buf.size -= space;
+
+	ret = cpt_fc_enc_hmac_prep(flags, d_offs, d_lens, &fc_params, inst, is_sg_ver2);
+	if (ret)
+		goto free_mdata_and_exit;
+
+	return 0;
+
+free_mdata_and_exit:
+	if (infl_req->op_flags & CPT_OP_FLAGS_METABUF)
+		rte_mempool_put(m_info->pool, infl_req->mdata);
+err_exit:
+	return ret;
+}
+
 #endif /*_CNXK_SE_H_ */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 14/15] crypto/cnxk: update the iv from proper param for gmac
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (12 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 13/15] crypto/cnxk: add support for raw APIs Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  2023-09-21 11:48 ` [PATCH 15/15] test/crypto: enable raw crypto tests for crypto_cn10k Tejasree Kondoj
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal
  Cc: Vidya Sagar Velumuri, Anoob Joseph, Aakash Sasidharan,
	Gowrishankar Muthukrishnan, dev

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

In raw crypto, aad and auth iv are provided in same param.
Update the auth_iv from proper param in case of GMAC.
Skip the raw for SM ciphers and auths

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c |  6 +++---
 drivers/crypto/cnxk/cnxk_se.h             | 21 +++++++++++++++------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 4b0becce0e..5f181e8839 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -1485,7 +1485,8 @@ cn10k_sym_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 
 	if ((sess->dp_thr_type == CPT_DP_THREAD_TYPE_PDCP) ||
 	    (sess->dp_thr_type == CPT_DP_THREAD_TYPE_PDCP_CHAIN) ||
-	    (sess->dp_thr_type == CPT_DP_THREAD_TYPE_KASUMI))
+	    (sess->dp_thr_type == CPT_DP_THREAD_TYPE_KASUMI) ||
+	    (sess->dp_thr_type == CPT_DP_THREAD_TYPE_SM))
 		return -ENOTSUP;
 
 	if ((sess->dp_thr_type == CPT_DP_THREAD_AUTH_ONLY) &&
@@ -1493,8 +1494,7 @@ cn10k_sym_configure_raw_dp_ctx(struct rte_cryptodev *dev, uint16_t qp_id,
 	     (sess->roc_se_ctx.fc_type == ROC_SE_PDCP)))
 		return -ENOTSUP;
 
-	if ((sess->roc_se_ctx.hash_type == ROC_SE_GMAC_TYPE) ||
-	    (sess->roc_se_ctx.hash_type == ROC_SE_SHA1_TYPE))
+	if (sess->roc_se_ctx.hash_type == ROC_SE_SHA1_TYPE)
 		return -ENOTSUP;
 
 	dp_ctx = (struct cnxk_sym_dp_ctx *)raw_dp_ctx->drv_ctx_data;
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index f05c5078d6..5d138163f0 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -3499,14 +3499,23 @@ fill_raw_fc_params(struct cnxk_iov *iov, struct cnxk_se_sess *sess, struct cpt_q
 	fc_params.mac_buf.vaddr = 0;
 	fc_params.iv_buf = NULL;
 
-	if (likely(is_kasumi || sess->iv_length)) {
+	if (likely(sess->iv_length)) {
 		flags |= ROC_SE_VALID_IV_BUF;
-		fc_params.iv_buf = iov->iv_buf;
 
-		if (sess->short_iv) {
-			memcpy((uint8_t *)iv_buf, iov->iv_buf, 12);
-			iv_buf[3] = rte_cpu_to_be_32(0x1);
-			fc_params.iv_buf = iv_buf;
+		if (sess->is_gmac) {
+			fc_params.iv_buf = iov->aad_buf;
+			if (sess->short_iv) {
+				memcpy((void *)iv_buf, iov->aad_buf, 12);
+				iv_buf[3] = rte_cpu_to_be_32(0x1);
+				fc_params.iv_buf = iv_buf;
+			}
+		} else {
+			fc_params.iv_buf = iov->iv_buf;
+			if (sess->short_iv) {
+				memcpy((void *)iv_buf, iov->iv_buf, 12);
+				iv_buf[3] = rte_cpu_to_be_32(0x1);
+				fc_params.iv_buf = iv_buf;
+			}
 		}
 
 		if (sess->aes_ccm) {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 15/15] test/crypto: enable raw crypto tests for crypto_cn10k
  2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
                   ` (13 preceding siblings ...)
  2023-09-21 11:48 ` [PATCH 14/15] crypto/cnxk: update the iv from proper param for gmac Tejasree Kondoj
@ 2023-09-21 11:48 ` Tejasree Kondoj
  14 siblings, 0 replies; 18+ messages in thread
From: Tejasree Kondoj @ 2023-09-21 11:48 UTC (permalink / raw)
  To: Akhil Goyal, Fan Zhang, Ciara Power
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

From: Anoob Joseph <anoobj@marvell.com>

Enable raw crypto tests with crypto_cn10k.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test/test_cryptodev.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 3a51a5d00f..3f1172e191 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -17721,6 +17721,12 @@ test_cryptodev_cn10k(void)
 	return run_cryptodev_testsuite(RTE_STR(CRYPTODEV_NAME_CN10K_PMD));
 }
 
+static int
+test_cryptodev_cn10k_raw_api(void)
+{
+	return run_cryptodev_raw_testsuite(RTE_STR(CRYPTODEV_NAME_CN10K_PMD));
+}
+
 static int
 test_cryptodev_dpaa2_sec_raw_api(void)
 {
@@ -17733,6 +17739,8 @@ test_cryptodev_dpaa_sec_raw_api(void)
 	return run_cryptodev_raw_testsuite(RTE_STR(CRYPTODEV_NAME_DPAA_SEC_PMD));
 }
 
+REGISTER_TEST_COMMAND(cryptodev_cn10k_raw_api_autotest,
+		test_cryptodev_cn10k_raw_api);
 REGISTER_TEST_COMMAND(cryptodev_dpaa2_sec_raw_api_autotest,
 		test_cryptodev_dpaa2_sec_raw_api);
 REGISTER_TEST_COMMAND(cryptodev_dpaa_sec_raw_api_autotest,
-- 
2.25.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* RE: [PATCH 13/15] crypto/cnxk: add support for raw APIs
  2023-09-21 11:48 ` [PATCH 13/15] crypto/cnxk: add support for raw APIs Tejasree Kondoj
@ 2023-09-24  9:14   ` Akhil Goyal
  0 siblings, 0 replies; 18+ messages in thread
From: Akhil Goyal @ 2023-09-24  9:14 UTC (permalink / raw)
  To: Tejasree Kondoj
  Cc: Anoob Joseph, Aakash Sasidharan, Gowrishankar Muthukrishnan,
	Vidya Sagar Velumuri, dev

> Subject: [PATCH 13/15] crypto/cnxk: add support for raw APIs
> 
> From: Anoob Joseph <anoobj@marvell.com>
> 
> Add crypto RAW API support in cnxk PMD
> Enable the flag to allow execution of raw test suite.
> 
> Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 459 ++++++++++++++++++++++
>  drivers/crypto/cnxk/cnxk_cryptodev.c      |  20 +-
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h  |   1 +
>  drivers/crypto/cnxk/cnxk_se.h             | 293 ++++++++++++++
>  4 files changed, 760 insertions(+), 13 deletions(-)


> diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c
> b/drivers/crypto/cnxk/cnxk_cryptodev.c
> index 4fa1907cea..4819a14184 100644
> --- a/drivers/crypto/cnxk/cnxk_cryptodev.c
> +++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
> @@ -13,22 +13,16 @@
>  uint64_t
>  cnxk_cpt_default_ff_get(void)
>  {
> -	uint64_t ff = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
> -		      RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
> -		      RTE_CRYPTODEV_FF_HW_ACCELERATED |
> -		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
> +	uint64_t ff = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
> RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
> +		      RTE_CRYPTODEV_FF_HW_ACCELERATED |
> RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
>  		      RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
> -		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
> -		      RTE_CRYPTODEV_FF_IN_PLACE_SGL |
> -		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
> -		      RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
> -		      RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
> -		      RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
> -		      RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED |
> -		      RTE_CRYPTODEV_FF_SECURITY;
> +		      RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
> RTE_CRYPTODEV_FF_IN_PLACE_SGL |
> +		      RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
> RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
> +		      RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
> RTE_CRYPTODEV_FF_SYM_SESSIONLESS |
> +		      RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED |
> RTE_CRYPTODEV_FF_SECURITY;
> 
>  	if (roc_model_is_cn10k())
> -		ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM;
> +		ff |= RTE_CRYPTODEV_FF_SECURITY_INNER_CSUM |
> RTE_CRYPTODEV_FF_SYM_RAW_DP;
> 
>  	return ff;
>  }

Update cnxk.ini file accordingly.



^ permalink raw reply	[flat|nested] 18+ messages in thread

* RE: [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param
  2023-09-21 11:48 ` [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param Tejasree Kondoj
@ 2023-09-24  9:15   ` Akhil Goyal
  0 siblings, 0 replies; 18+ messages in thread
From: Akhil Goyal @ 2023-09-24  9:15 UTC (permalink / raw)
  To: Tejasree Kondoj
  Cc: Gowrishankar Muthukrishnan, Anoob Joseph, Aakash Sasidharan,
	Vidya Sagar Velumuri, dev

> Subject: [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param
> 
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> 
> Fix private key length in ECDSA op param to include alignment,
> for new microcode.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Add fixes tag.

^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2023-09-24  9:15 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-21 11:48 [PATCH 00/15] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 01/15] crypto/cnxk: clear rptr and dptr fields Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 02/15] common/cnxk: update SE context fields to match ucode spec Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 03/15] common/cnxk: set cipher key only for non-null cipher Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 04/15] crypto/cnxk: fix private key length in ECDSA param Tejasree Kondoj
2023-09-24  9:15   ` Akhil Goyal
2023-09-21 11:48 ` [PATCH 05/15] crypto/cnxk: fix IPsec CCM and GCM capabilities Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 06/15] crypto/cnxk: remove pdcp chain bit from capabilities Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 07/15] crypto/cnxk: check for sg version in SE engine capabilities Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 08/15] crypto/cnxk: fix control flow issues Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 09/15] crypto/cnxk: make IV pointers as constant Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 10/15] crypto/cnxk: set PDCP chain IV offset based on FVC Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 11/15] crypto/cnxk: minor shuffling in the sess structure Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 12/15] crypto/cnxk: add support for packets with cipher len zero Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 13/15] crypto/cnxk: add support for raw APIs Tejasree Kondoj
2023-09-24  9:14   ` Akhil Goyal
2023-09-21 11:48 ` [PATCH 14/15] crypto/cnxk: update the iv from proper param for gmac Tejasree Kondoj
2023-09-21 11:48 ` [PATCH 15/15] test/crypto: enable raw crypto tests for crypto_cn10k Tejasree Kondoj

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).