From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 4E492A055A;
	Fri, 27 May 2022 14:26:22 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 2354440E78;
	Fri, 27 May 2022 14:26:22 +0200 (CEST)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by mails.dpdk.org (Postfix) with ESMTP id 9ABFC40E5A
 for <dev@dpdk.org>; Fri, 27 May 2022 14:26:20 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1653654380; x=1685190380;
 h=from:to:cc:subject:date:message-id:references:
 in-reply-to:content-transfer-encoding:mime-version;
 bh=Wcbnhqj38mB8W5v62lLyD7z9jj4A/a8oahWP0yp91IA=;
 b=aGygLc5wUPFXeq/VX6OzhzhFDN1qwQtGq0GB6UfEuDW2MtGHWFQIUcd9
 Xd/kTsGdETgiPQdAe/wFePu72q0VnP4Q4Iwm+HmPdyi1VxrMf3GCi8jSC
 jM+m6TgQANnqiPZ/WicdnicWcpSaisAZq+VCzwgiw0Y95C3ZW03DUPHZL
 umUdoptG2wU3mGmHu7dz90AfGUrmnlhrVyborb2O/FF98lv+y55sPfTfv
 15jfBLLtTuN6LJ7GrgIq4JdaJRvQhOkstos4d6IixXMfWl/tJ1KqqS41X
 9wkDGXKnwTkdtNAIFDhbPJ8vOZaaN5zgQ/xbsA7Lipm4VladWuXgfr/Vt g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10359"; a="337510763"
X-IronPort-AV: E=Sophos;i="5.91,255,1647327600"; d="scan'208";a="337510763"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
 by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 27 May 2022 05:26:19 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,255,1647327600"; d="scan'208";a="631570248"
Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17])
 by fmsmga008.fm.intel.com with ESMTP; 27 May 2022 05:26:19 -0700
Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by
 ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27; Fri, 27 May 2022 05:26:18 -0700
Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by
 ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27; Fri, 27 May 2022 05:26:18 -0700
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.27 via Frontend Transport; Fri, 27 May 2022 05:26:18 -0700
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.49) by
 edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2308.27; Fri, 27 May 2022 05:26:18 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=gDPUuXjUS4OMDLQOZv0QRsoumMzZkYkuwgcu7e/0g+rflR9sEgLGtSeiVd80yNsi2lYnXJV45nG4qyb6GtkXZarLm39vpQSDpX1Y84khj/2b7Q3JAnF8geQi0v3T50KEal3SEP64GBxam5TLZBRikz5W28pRNfk1lZF4MwqgP/hZBgOaxfMyC0SznKuGu/0OU7deE8HJvkmIQOivTCZnvQAK/xD4N5p9yH/vz6Qsxawb//QeV4SgqqdzcN8xjSWooo2pJ2pewabGg/hriLcNond4FZwcYK/8jMR12etPJCJCBSQMB8efPk8ta0R0N9T96stQIOd13yX95E7IC1jD3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=8mW1dJKwApDHAWv0p1p/KlGxjCphta7zgnoxB/fkuFQ=;
 b=OEiFVG4ul3rmiOuIlEpWcRN3oaRRpKssKIytCps5E18vU8fsQm4XJZ3+TMkNdVd5wLShSi8vJusMvZv3seydnPyjaChGEH2xVQ0Pi0kEDMeNI2stRxcWxDRR6ubHijk7Ykj0oSWx9kNxl9/vSKlnUwEFIXKjo923YcahSmo0paFBnCtCSq61tWXcX+Q3jgR64aaufPwKHD4Rxpc9/oEPcvaW3IkrUJIBiK0KFMisSYbCu/V9cg9HDKxtL9LfDfq1lqX0N2vAxEZ6EKDs9jmUXev1+P3ApX1morecoKyIbqTFatVHAMGSXMKbMlKJE4CDuA7rsKCN5KeL4aKMO7Jeug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW5PR11MB5809.namprd11.prod.outlook.com (2603:10b6:303:197::6)
 by BY5PR11MB4024.namprd11.prod.outlook.com (2603:10b6:a03:192::24)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.19; Fri, 27 May
 2022 12:26:15 +0000
Received: from MW5PR11MB5809.namprd11.prod.outlook.com
 ([fe80::b9ba:9827:9cbd:9f37]) by MW5PR11MB5809.namprd11.prod.outlook.com
 ([fe80::b9ba:9827:9cbd:9f37%5]) with mapi id 15.20.5273.021; Fri, 27 May 2022
 12:26:15 +0000
From: "Zhang, Roy Fan" <roy.fan.zhang@intel.com>
To: "Ji, Kai" <kai.ji@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
CC: "Richardson, Bruce" <bruce.richardson@intel.com>, "gakhil@marvell.com"
 <gakhil@marvell.com>
Subject: RE: [dpdk-dev v5] crypto/qat: use intel-ipsec-mb for partial hash &
 aes
Thread-Topic: [dpdk-dev v5] crypto/qat: use intel-ipsec-mb for partial hash &
 aes
Thread-Index: AQHYcaeJPin5Wk+6tEKAeLPup6iIkq0yoFUg
Date: Fri, 27 May 2022 12:26:15 +0000
Message-ID: <MW5PR11MB5809279D7EFA219471C3F47AB8D89@MW5PR11MB5809.namprd11.prod.outlook.com>
References: <20220526104703.83605-1-kai.ji@intel.com>
 <20220527085512.21427-1-kai.ji@intel.com>
In-Reply-To: <20220527085512.21427-1-kai.ji@intel.com>
Accept-Language: zh-Hans-HK, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.6.500.17
dlp-reaction: no-action
dlp-product: dlpe-windows
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dddd001f-ad42-46a0-cdb1-08da3fdc17d3
x-ms-traffictypediagnostic: BY5PR11MB4024:EE_
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-microsoft-antispam-prvs: <BY5PR11MB4024C8D1480C07D80E1AD138B8D89@BY5PR11MB4024.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VpOIc20LScLhGiGdNA0vWpAcuyb+lOF9+0kkxceDouIHk5+ACjooL57TDu5pNkE3+EnmG6rWl9b9y/MVu7zm6A2RGowIp/KKtJctBr+GzkgTzEdjnwrKC65rgIB1XNUcr6r58rNhBtEnhEDG0KZ1jEYmuyWJ8uNE6/kOI6B93k9DdIjH1HYtiJMR0nk6O7SQyDjPiWiabjDSa6PRaMzP//GApBqzrgP24ZhmctDJjXglT1Dq4GHxAm8IS0TQzakPI3Fyy84jSTL5mUMXjFivHKoBznXHoPEOQAr5e0SVmr2Jqq29p5QVr8LTOUcSUvPABwX2GF3d86pErAOsek1WHUmvClvg8f0QmSTlfKPNnQACri0zfVWOjP5S0oKW27i5q3aQlrLSzzEjddHjdlMXuujWi6TyRFO0uskNqEE1SVVvy4jg2AsFOVVmTSVxSWomdTeUssmXt/6U0nfNTsI9iQgZ82wrO7nuIRy1EmHE5ZFU/tkEwLNdPU2Tog8q7xUu3hz0Fsd302snooSy4k/EZADM2zGRDL4I2YRgCW3sifxHhriP0TcaxGbmmHV2bAChWAZ8bvM/K3DPzWultofM4m3gfC312po6Cf2hyJsPcotB3AtVsgnc6SXu+FloCsMPsHazdYEBUwJ5K18L3E+HxA/NGO80Gtaq6yc49mg9qAIh6RArm4VxEGMMK/6LhZ0kMv609rA8Xr07KwgvQoIy5Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:MW5PR11MB5809.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230001)(366004)(83380400001)(71200400001)(4326008)(86362001)(66946007)(76116006)(66476007)(64756008)(66446008)(66556008)(122000001)(8676002)(55016003)(186003)(2906002)(508600001)(54906003)(7696005)(9686003)(8936002)(53546011)(110136005)(30864003)(52536014)(38070700005)(33656002)(82960400001)(316002)(5660300002)(26005)(6506007)(38100700002)(579004)(559001);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?0Wxg/JoUah/8v5BPpS2PAfAFNe8mX2ejoN55KM1K8zxLXDQfkk3Btf+m?=
 =?Windows-1252?Q?ZrdaNr0snc3cm/A6NCdWix45yVNdGf51yrkk97udrnz+2NsQRGNhWco6?=
 =?Windows-1252?Q?J6GbpEhVPSNuSXNDGPCC4bEusRiGI0FclwL2ug7N5iSPRwe15Aryc+T9?=
 =?Windows-1252?Q?QuwbEI6KYPQOZyvyvMmVEHZXRiQKwlSNe7ZYvkf/LSKrjOXWbO2/7vkc?=
 =?Windows-1252?Q?GZ20bNfAxe1DmzR9IG7tRT7v0jb5pI+C5Ns4DmGwd3KmYENWeWJE7Ec2?=
 =?Windows-1252?Q?LT9utTx0KXvat/jIcCwh8cp7thghQwHgAKhv39MhrVfkTTrXPZNrVOH4?=
 =?Windows-1252?Q?KB7fn3tccH7Q121BNtMVIyr784iOQUYXagYRjrf/DONAu9qQGM2n0A9D?=
 =?Windows-1252?Q?cb+vrjPfBG2MiGbRyQ70gY6w+Baf0mx0vDOR52ao89GfMLSGxk+PDtyL?=
 =?Windows-1252?Q?9MoFZqKWOT0rCuQbGjUrLbPZeLZSQbZje6i/AOzR6HOkVMplZtJTzxZl?=
 =?Windows-1252?Q?5/JZPM+gn1NI4JuYlpleQoRpULa2wzG7sjSr4dtLFD75jiFa2HThO4D4?=
 =?Windows-1252?Q?wTF0/tggwbBBreMvph38yxsMxXWL2sXDzCO/qL55AYu2E9GGN6DJ/ApG?=
 =?Windows-1252?Q?Asvh+iFgxok57hm/oRu++9YFg0DS+Up0k9NswSQsOkAqgRafAhdvNVuu?=
 =?Windows-1252?Q?NjxMMAl8SRmZA+OBY4Z2DnxvpYqy/3J4sxcoqS4d2tZgmpRfGLMaqqQq?=
 =?Windows-1252?Q?uDJBLf1tYyl7bsxxOErHG4DkejkSIL1IuKofAnvSNY5DWsEDysb9kpTw?=
 =?Windows-1252?Q?fJzMGPSGGpyRIgr6L9wqKbLOoGw/rMNMR4ayouohqk8MwfNT8jRn8uN2?=
 =?Windows-1252?Q?K0zvjzu/dqesBTR39GkUWXv/PQYvubth3YFYyhPt+e6XQGrRSwrzcJnc?=
 =?Windows-1252?Q?J6EHa9n6OthLIMjOR2YYXQivXWVqlW1Tf6lj+NnsNfmEGG/EmO7RSStg?=
 =?Windows-1252?Q?RzhCUC5mFXjoD4fdylPLmAhkVnmz/j3pqhUTJsQBU6HA9O7ioM64z3Fu?=
 =?Windows-1252?Q?1zCud+XveBPxtfcYXl/jrxi+o+JmXjO3dcBDMrFuqHOszNvIBOvKjZWq?=
 =?Windows-1252?Q?UVudY7do7GTAOzlVmoCCC1EBv44c/ldM19E/gzyqMgijd9bjFvsm86R3?=
 =?Windows-1252?Q?0PVLbnOcCAP2Wy8Cc4vuNhIie1K4WGYuzqR0gQn39MLF2GsiXrEauxkM?=
 =?Windows-1252?Q?oxj62H27KPFnh5447EO3v0hHSYsbwG3tBVuD8oZhN5+/ZZMzg6o/Rm8Y?=
 =?Windows-1252?Q?4YkRX0AWpq+/zC1eQW+tfmXyZBM+EAibI6k73AndkIfhA9dv35mLyfsh?=
 =?Windows-1252?Q?JXHSjR2BAvaMoPJLkD/yEuptST7c/PRGCpo31oronDX81WiBz/nXUECR?=
 =?Windows-1252?Q?j8D1aClg/t+Y/HPqQlHh5lGsMxBaeuAMvm6g9SyuqWhS4wS+de+4Z6ef?=
 =?Windows-1252?Q?XZMyJa7qW6a/LVY8tk8U14394zSL+JUU84RyIFe8Vii/pQOcGwEDvY/G?=
 =?Windows-1252?Q?D7cCWDIh/08NBI38JuGrnD4Mub8Z3LhuSt4R40ER05xA99WbSclNGrji?=
 =?Windows-1252?Q?GVNCBoCwGK+kxBxop/mDxRQSn4YDwRri7c55QZdDnTTK0C3rlWRqLwoy?=
 =?Windows-1252?Q?eJx3cRrMB2Tp+3cLcxRB18C2vwlCeoM1i+pH/EwW3RAc3PZK1EET/1Q6?=
 =?Windows-1252?Q?X0IQFtRi2RWHr1fMHVrF3/QcYHQn30xf74yiqQLsFdSZBfjMgQtM69Qh?=
 =?Windows-1252?Q?3F9X7UrNZB23R8tPMZPx03fGFG+J+ZUf50hAFlkrzTYoAmGeluHrM4IU?=
 =?Windows-1252?Q?ZRZWdM7ZYfq1yg=3D=3D?=
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW5PR11MB5809.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dddd001f-ad42-46a0-cdb1-08da3fdc17d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2022 12:26:15.1145 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JShuzEF7xHFvC7w2GPYC02g4BZJTKWkqprz6MnSBIR8o/LqK+1GXqU/1P7rcBPoLGdFATGZ90qSvjDPf2lseAA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4024
X-OriginatorOrg: intel.com
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

> -----Original Message-----
> From: Ji, Kai <kai.ji@intel.com>
> Sent: Friday, May 27, 2022 9:55 AM
> To: dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Richardson, Bruce
> <bruce.richardson@intel.com>; gakhil@marvell.com; Ji, Kai <kai.ji@intel.c=
om>
> Subject: [dpdk-dev v5] crypto/qat: use intel-ipsec-mb for partial hash & =
aes
>=20
> Since openssl 3.0 now deprecates the low level API QAT required to
> perform partial hash & aes operation when creating the session. This
> patch add in qat_ipsec_mb_lib driver parameter to allow QAT PMD to
> switch APIs between openssl and intel ipsec-mb library.
>=20
> Signed-off-by: Kai Ji <kai.ji@intel.com>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
>=20
[FAN: please keep the change log below the "---" line so it won't be captur=
ed by git and keep it in the commit log forever]=20

> v5:
> - fix of Intel IPSEC-MB lib version check
>=20
> v4:
> - fix of memory leak in IMB_MGR
>=20
> v3:
> - Add in qat_ipsec_mb_lib driver parameter
>=20
> v2:
> - Add AES ECB job function for precompute
>=20
> ---
>  doc/guides/cryptodevs/qat.rst        |  13 +
>  drivers/common/qat/meson.build       |  13 +
>  drivers/common/qat/qat_device.c      |   1 +
>  drivers/common/qat/qat_device.h      |   1 +
>  drivers/crypto/qat/qat_sym.c         |   3 +
>  drivers/crypto/qat/qat_sym_session.c | 503
> ++++++++++++++++++++++++---
>  6 files changed, 491 insertions(+), 43 deletions(-)
>=20
> diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rs=
t
> index 785e041324..d92409b77e 100644
> --- a/doc/guides/cryptodevs/qat.rst
> +++ b/doc/guides/cryptodevs/qat.rst
> @@ -287,6 +287,19 @@ by comma. When the same parameter is used more
> than once first occurrence of the
>  is used.
>  Maximum threshold that can be set is 32.
>=20
> +Running QAT PMD with Intel IPSEC MB library for symmetric precomputes
> function
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~
> +
> +The QAT PMD use Openssl library for partial hash calculation in symmetir=
c
> precomputes function by
> +default, the following parameter is allow QAT PMD switch over to multi-
> buffer job API if Intel
> +IPSEC MB library installed on system.
> +
> +- qat_ipsec_mb_lib
> +
> +To use this feature the user must set the parameter on process start as =
a
> device additional parameter::
> +
> +  -a 03:01.1,qat_ipsec_mb_lib=3D1
> +
>=20
>  Device and driver naming
>  ~~~~~~~~~~~~~~~~~~~~~~~~
> diff --git a/drivers/common/qat/meson.build
> b/drivers/common/qat/meson.build
> index b7027f3164..245c0fbe61 100644
> --- a/drivers/common/qat/meson.build
> +++ b/drivers/common/qat/meson.build
> @@ -35,6 +35,19 @@ if qat_crypto and not libcrypto.found()
>              'missing dependency, libcrypto')
>  endif
>=20
> +IMB_required_ver =3D '1.2.0'
> +libipsecmb =3D cc.find_library('IPSec_MB', required: false)
> +if libipsecmb.found()
> +    # version comes with quotes, so we split based on " and take the mid=
dle
> +    imb_ver =3D cc.get_define('IMB_VERSION_STR',
> +        prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
> +
> +    if (imb_ver.version_compare('>=3D' + IMB_required_ver))
> +        ext_deps +=3D libipsecmb
> +        dpdk_conf.set('RTE_QAT_LIBIPSECMB', true)
> +    endif
> +endif
> +
>  # The driver should not build if both compression and crypto are disable=
d
>  #FIXME common code depends on compression files so check only
> compress!
>  if not qat_compress # and not qat_crypto
> diff --git a/drivers/common/qat/qat_device.c
> b/drivers/common/qat/qat_device.c
> index 6824d97050..db4b087d2b 100644
> --- a/drivers/common/qat/qat_device.c
> +++ b/drivers/common/qat/qat_device.c
> @@ -364,6 +364,7 @@ static int qat_pci_probe(struct rte_pci_driver
> *pci_drv __rte_unused,
>  	struct qat_pci_device *qat_pci_dev;
>  	struct qat_dev_hw_spec_funcs *ops_hw;
>  	struct qat_dev_cmd_param qat_dev_cmd_param[] =3D {
> +			{ QAT_IPSEC_MB_LIB, 0 },
>  			{ SYM_ENQ_THRESHOLD_NAME, 0 },
>  			{ ASYM_ENQ_THRESHOLD_NAME, 0 },
>  			{ COMP_ENQ_THRESHOLD_NAME, 0 },
> diff --git a/drivers/common/qat/qat_device.h
> b/drivers/common/qat/qat_device.h
> index 85fae7b7c7..e1a32a7e87 100644
> --- a/drivers/common/qat/qat_device.h
> +++ b/drivers/common/qat/qat_device.h
> @@ -16,6 +16,7 @@
>=20
>  #define QAT_DEV_NAME_MAX_LEN	64
>=20
> +#define QAT_IPSEC_MB_LIB "qat_ipsec_mb_lib"
>  #define SYM_ENQ_THRESHOLD_NAME "qat_sym_enq_threshold"
>  #define ASYM_ENQ_THRESHOLD_NAME "qat_asym_enq_threshold"
>  #define COMP_ENQ_THRESHOLD_NAME "qat_comp_enq_threshold"
> diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
> index ca8c9a8124..3477cd89ad 100644
> --- a/drivers/crypto/qat/qat_sym.c
> +++ b/drivers/crypto/qat/qat_sym.c
> @@ -15,6 +15,7 @@
>  #include "qat_qp.h"
>=20
>  uint8_t qat_sym_driver_id;
> +int qat_ipsec_mb_lib;
>=20
>  struct qat_crypto_gen_dev_ops qat_sym_gen_dev_ops[QAT_N_GENS];
>=20
> @@ -307,6 +308,8 @@ qat_sym_dev_create(struct qat_pci_device
> *qat_pci_dev,
>  		if (!strcmp(qat_dev_cmd_param[i].name,
> SYM_ENQ_THRESHOLD_NAME))
>  			internals->min_enq_burst_threshold =3D
>  					qat_dev_cmd_param[i].val;
> +		if (!strcmp(qat_dev_cmd_param[i].name,
> QAT_IPSEC_MB_LIB))
> +			qat_ipsec_mb_lib =3D qat_dev_cmd_param[i].val;
>  		i++;
>  	}
>=20
> diff --git a/drivers/crypto/qat/qat_sym_session.c
> b/drivers/crypto/qat/qat_sym_session.c
> index 9d6a19c0be..69a97948f5 100644
> --- a/drivers/crypto/qat/qat_sym_session.c
> +++ b/drivers/crypto/qat/qat_sym_session.c
> @@ -7,6 +7,10 @@
>  #include <openssl/md5.h>	/* Needed to calculate pre-compute values
> */
>  #include <openssl/evp.h>	/* Needed for bpi runt block processing */
>=20
> +#ifdef RTE_QAT_LIBIPSECMB
> +#include <intel-ipsec-mb.h>
> +#endif
> +
>  #include <rte_memcpy.h>
>  #include <rte_common.h>
>  #include <rte_spinlock.h>
> @@ -22,6 +26,12 @@
>  #include "qat_sym_session.h"
>  #include "qat_sym.h"
>=20
> +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
> +#include <openssl/provider.h>
> +#endif
> +
> +extern int qat_ipsec_mb_lib;
> +
>  /* SHA1 - 20 bytes - Initialiser state can be found in FIPS stds 180-2 *=
/
>  static const uint8_t sha1InitialState[] =3D {
>  	0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba,
> @@ -470,6 +480,21 @@ qat_sym_session_configure(struct rte_cryptodev
> *dev,
>  		return -ENOMEM;
>  	}
>=20
> +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
> +	OSSL_PROVIDER * legacy;
> +	OSSL_PROVIDER *deflt;
> +
> +	/* Load Multiple providers into the default (NULL) library context */
> +	legacy =3D OSSL_PROVIDER_load(NULL, "legacy");
> +	if (legacy =3D=3D NULL)
> +		return -EINVAL;
> +
> +	deflt =3D OSSL_PROVIDER_load(NULL, "default");
> +	if (deflt =3D=3D NULL) {
> +		OSSL_PROVIDER_unload(legacy);
> +		return  -EINVAL;
> +	}
> +#endif
>  	ret =3D qat_sym_session_set_parameters(dev, xform,
> sess_private_data);
>  	if (ret !=3D 0) {
>  		QAT_LOG(ERR,
> @@ -483,6 +508,10 @@ qat_sym_session_configure(struct rte_cryptodev
> *dev,
>  	set_sym_session_private_data(sess, dev->driver_id,
>  		sess_private_data);
>=20
> +# if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
> +	OSSL_PROVIDER_unload(legacy);
> +	OSSL_PROVIDER_unload(deflt);
> +# endif
>  	return 0;
>  }
>=20
> @@ -1057,6 +1086,293 @@ static int qat_hash_get_block_size(enum
> icp_qat_hw_auth_algo qat_hash_alg)
>  	return -EFAULT;
>  }
>=20
> +#define HMAC_IPAD_VALUE	0x36
> +#define HMAC_OPAD_VALUE	0x5c
> +#define HASH_XCBC_PRECOMP_KEY_NUM 3
> +
> +static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ];
> +
> +#ifdef RTE_QAT_LIBIPSECMB
> +static int aes_ipsecmb_job(uint8_t *in, uint8_t *out, IMB_MGR *m,
> +		const uint8_t *key, uint16_t auth_keylen)
> +{
> +	int err;
> +	struct IMB_JOB *job;
> +	DECLARE_ALIGNED(uint32_t expkey[4*15], 16);
> +	DECLARE_ALIGNED(uint32_t dust[4*15], 16);
> +
> +	if (auth_keylen =3D=3D ICP_QAT_HW_AES_128_KEY_SZ)
> +		IMB_AES_KEYEXP_128(m, key, expkey, dust);
> +	else if (auth_keylen =3D=3D ICP_QAT_HW_AES_192_KEY_SZ)
> +		IMB_AES_KEYEXP_192(m, key, expkey, dust);
> +	else if (auth_keylen =3D=3D ICP_QAT_HW_AES_256_KEY_SZ)
> +		IMB_AES_KEYEXP_256(m, key, expkey, dust);
> +	else
> +		return -EFAULT;
> +
> +	job =3D IMB_GET_NEXT_JOB(m);
> +
> +	job->src =3D in;
> +	job->dst =3D out;
> +	job->enc_keys =3D expkey;
> +	job->key_len_in_bytes =3D auth_keylen;
> +	job->msg_len_to_cipher_in_bytes =3D 16;
> +	job->iv_len_in_bytes =3D 0;
> +	job->cipher_direction =3D IMB_DIR_ENCRYPT;
> +	job->cipher_mode =3D IMB_CIPHER_ECB;
> +	job->hash_alg =3D IMB_AUTH_NULL;
> +
> +	while (IMB_FLUSH_JOB(m) !=3D NULL)
> +		;
> +
> +	job =3D IMB_SUBMIT_JOB(m);
> +	if (job) {
> +		if (job->status =3D=3D IMB_STATUS_COMPLETED)
> +			return 0;
> +	}
> +
> +	err =3D imb_get_errno(m);
> +	if (err)
> +		QAT_LOG(ERR, "Error: %s!\n", imb_get_strerror(err));
> +
> +	return -EFAULT;
> +}
> +
> +static int
> +partial_hash_compute_ipsec_mb(enum icp_qat_hw_auth_algo hash_alg,
> +		uint8_t *data_in, uint8_t *data_out, IMB_MGR *m)
> +{
> +	int digest_size;
> +	uint8_t digest[qat_hash_get_digest_size(
> +			ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
> +	uint32_t *hash_state_out_be32;
> +	uint64_t *hash_state_out_be64;
> +	int i;
> +
> +	/* Initialize to avoid gcc warning */
> +	memset(digest, 0, sizeof(digest));
> +
> +	digest_size =3D qat_hash_get_digest_size(hash_alg);
> +	if (digest_size <=3D 0)
> +		return -EFAULT;
> +
> +	hash_state_out_be32 =3D (uint32_t *)data_out;
> +	hash_state_out_be64 =3D (uint64_t *)data_out;
> +
> +	switch (hash_alg) {
> +	case ICP_QAT_HW_AUTH_ALGO_SHA1:
> +		IMB_SHA1_ONE_BLOCK(m, data_in, digest);
> +		for (i =3D 0; i < digest_size >> 2; i++, hash_state_out_be32++)
> +			*hash_state_out_be32 =3D
> +				rte_bswap32(*(((uint32_t *)digest)+i));
> +		break;
> +	case ICP_QAT_HW_AUTH_ALGO_SHA224:
> +		IMB_SHA224_ONE_BLOCK(m, data_in, digest);
> +		for (i =3D 0; i < digest_size >> 2; i++, hash_state_out_be32++)
> +			*hash_state_out_be32 =3D
> +				rte_bswap32(*(((uint32_t *)digest)+i));
> +		break;
> +	case ICP_QAT_HW_AUTH_ALGO_SHA256:
> +		IMB_SHA256_ONE_BLOCK(m, data_in, digest);
> +		for (i =3D 0; i < digest_size >> 2; i++, hash_state_out_be32++)
> +			*hash_state_out_be32 =3D
> +				rte_bswap32(*(((uint32_t *)digest)+i));
> +		break;
> +	case ICP_QAT_HW_AUTH_ALGO_SHA384:
> +		IMB_SHA384_ONE_BLOCK(m, data_in, digest);
> +		for (i =3D 0; i < digest_size >> 3; i++, hash_state_out_be64++)
> +			*hash_state_out_be64 =3D
> +				rte_bswap64(*(((uint64_t *)digest)+i));
> +		break;
> +	case ICP_QAT_HW_AUTH_ALGO_SHA512:
> +		IMB_SHA512_ONE_BLOCK(m, data_in, digest);
> +		for (i =3D 0; i < digest_size >> 3; i++, hash_state_out_be64++)
> +			*hash_state_out_be64 =3D
> +				rte_bswap64(*(((uint64_t *)digest)+i));
> +		break;
> +	case ICP_QAT_HW_AUTH_ALGO_MD5:
> +		IMB_MD5_ONE_BLOCK(m, data_in, data_out);
> +		break;
> +	default:
> +		QAT_LOG(ERR, "invalid hash alg %u", hash_alg);
> +		return -EFAULT;
> +	}
> +
> +	return 0;
> +}
> +
> +static int qat_sym_do_precomputes_ipsec_mb(enum
> icp_qat_hw_auth_algo hash_alg,
> +				const uint8_t *auth_key,
> +				uint16_t auth_keylen,
> +				uint8_t *p_state_buf,
> +				uint16_t *p_state_len,
> +				uint8_t aes_cmac)
> +{
> +	int block_size;
> +	uint8_t
> ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
> +	uint8_t
> opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
> +	int i, ret =3D 0;
> +
> +	IMB_MGR *m;
> +	m =3D alloc_mb_mgr(0);
> +	if (m =3D=3D NULL)
> +		return -ENOMEM;
> +
> +	init_mb_mgr_auto(m, NULL);
> +
> +	if (hash_alg =3D=3D ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC) {
> +
> +		/* CMAC */
> +		if (aes_cmac) {
> +			uint8_t *in =3D NULL;
> +			uint8_t k0[ICP_QAT_HW_AES_128_KEY_SZ];
> +			uint8_t *k1, *k2;
> +
> +			auth_keylen =3D ICP_QAT_HW_AES_128_KEY_SZ;
> +
> +			in =3D rte_zmalloc("AES CMAC K1",
> +					 ICP_QAT_HW_AES_128_KEY_SZ, 16);
[FAN: other than "in" is allocated and copied 16 bytes of seed, I don't see=
 it is
used anywhere other than freed later. Any reason we need it?]=20
> +
> +			if (in =3D=3D NULL) {
> +				QAT_LOG(ERR, "Failed to alloc memory");
> +				return -ENOMEM;
> +			}
> +
> +			rte_memcpy(in, AES_CMAC_SEED,
> +				   ICP_QAT_HW_AES_128_KEY_SZ);
> +			rte_memcpy(p_state_buf, auth_key, auth_keylen);
> +
> +			DECLARE_ALIGNED(uint32_t expkey[4*15], 16);
> +			DECLARE_ALIGNED(uint32_t dust[4*15], 16);
> +			IMB_AES_KEYEXP_128(m, p_state_buf, expkey,
> dust);
> +			k1 =3D p_state_buf +
> ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
> +			k2 =3D k1 + ICP_QAT_HW_AES_XCBC_MAC_STATE1_SZ;
> +
> +			IMB_AES_CMAC_SUBKEY_GEN_128(m, expkey, k1,
> k2);
> +			memset(k0, 0, ICP_QAT_HW_AES_128_KEY_SZ);
> +			*p_state_len =3D
> ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;
[FAN: if we initialize block_size as 0, we can simply set ret =3D 0 and jum=
p to out here]=20
> +			rte_free(in);
> +			free_mb_mgr(m);
> +			return 0;
> +		}
> +
> +		static uint8_t qat_aes_xcbc_key_seed[
> +				ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ]
> =3D {
> +			0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
> +			0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
> +			0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
> +			0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
> +			0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
> +			0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
> +		};
> +
> +		uint8_t *in =3D NULL;
> +		uint8_t *out =3D p_state_buf;
> +		int x;
> +
> +		in =3D rte_zmalloc("working mem for key",
> +				ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ,
> 16);
> +		if (in =3D=3D NULL) {
> +			QAT_LOG(ERR, "Failed to alloc memory");
> +			return -ENOMEM;
> +		}
> +
> +		rte_memcpy(in, qat_aes_xcbc_key_seed,
> +				ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
> +		for (x =3D 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {
> +			if (aes_ipsecmb_job(in, out, m, auth_key,
> auth_keylen)) {
> +				rte_free(in -
> +				  (x *
> ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ));
> +				memset(out -
> +				   (x *
> ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ),
> +				  0,
> ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
> +				return -EFAULT;
> +			}
> +
> +			in +=3D ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;
> +			out +=3D ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ;
> +		}
> +		*p_state_len =3D ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ;
> +		rte_free(in - x*ICP_QAT_HW_AES_XCBC_MAC_KEY_SZ);
> +		free_mb_mgr(m);
> +		return 0;
> +
> +	} else if ((hash_alg =3D=3D ICP_QAT_HW_AUTH_ALGO_GALOIS_128) ||
> +		(hash_alg =3D=3D ICP_QAT_HW_AUTH_ALGO_GALOIS_64)) {
> +		uint8_t *in =3D NULL;
> +		uint8_t *out =3D p_state_buf;
[FAN: doesn't feel we have to allocate "in" at all, why can't we declare in=
 as an array?]
> +
> +		memset(p_state_buf, 0, ICP_QAT_HW_GALOIS_H_SZ +
> +				ICP_QAT_HW_GALOIS_LEN_A_SZ +
> +				ICP_QAT_HW_GALOIS_E_CTR0_SZ);
> +		in =3D rte_zmalloc("working mem for key",
> +				ICP_QAT_HW_GALOIS_H_SZ, 16);
> +		if (in =3D=3D NULL) {
> +			QAT_LOG(ERR, "Failed to alloc memory");
> +			return -ENOMEM;
> +		}
> +
> +		memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);
> +		if (aes_ipsecmb_job(in, out, m, auth_key, auth_keylen))
> +			return -EFAULT;
> +
> +		*p_state_len =3D ICP_QAT_HW_GALOIS_H_SZ +
> +				ICP_QAT_HW_GALOIS_LEN_A_SZ +
> +				ICP_QAT_HW_GALOIS_E_CTR0_SZ;
> +		rte_free(in);

[FAN: if we initialize block_size as 0, we can simply set ret =3D 0 and jum=
p to out here] =20
> +		free_mb_mgr(m);
> +		return 0;
> +	}
> +
> +	block_size =3D qat_hash_get_block_size(hash_alg);
> +	if (block_size < 0)
> +		return block_size;
> +	/* init ipad and opad from key and xor with fixed values */
> +	memset(ipad, 0, block_size);
> +	memset(opad, 0, block_size);
> +
> +	if (auth_keylen > (unsigned int)block_size) {
> +		QAT_LOG(ERR, "invalid keylen %u", auth_keylen);
> +		free_mb_mgr(m);
> +		return -EFAULT;
> +	}
> +	rte_memcpy(ipad, auth_key, auth_keylen);
> +	rte_memcpy(opad, auth_key, auth_keylen);
> +
> +	for (i =3D 0; i < block_size; i++) {
> +		uint8_t *ipad_ptr =3D ipad + i;
> +		uint8_t *opad_ptr =3D opad + i;
> +		*ipad_ptr ^=3D HMAC_IPAD_VALUE;
> +		*opad_ptr ^=3D HMAC_OPAD_VALUE;
> +	}
> +
> +	/* do partial hash of ipad and copy to state1 */
> +	if (partial_hash_compute_ipsec_mb(hash_alg, ipad, p_state_buf, m))
> {
> +		QAT_LOG(ERR, "ipad precompute failed");
> +		ret =3D -EFAULT;
> +		goto out;
> +	}
> +
> +	/*
> +	 * State len is a multiple of 8, so may be larger than the digest.
> +	 * Put the partial hash of opad state_len bytes after state1
> +	 */
> +	*p_state_len =3D qat_hash_get_state1_size(hash_alg);
> +	if (partial_hash_compute_ipsec_mb(hash_alg, opad,
> +				p_state_buf + *p_state_len, m)) {
> +		QAT_LOG(ERR, "opad precompute failed");
> +		ret =3D -EFAULT;
> +		goto out;
> +	}
> +
> +out:
> +	/*  don't leave data lying around */
> +	memset(ipad, 0, block_size);
> +	memset(opad, 0, block_size);
> +	free_mb_mgr(m);
> +	return ret;
> +}
> +#endif
>  static int partial_hash_sha1(uint8_t *data_in, uint8_t *data_out)
>  {
>  	SHA_CTX ctx;
> @@ -1124,6 +1440,20 @@ static int partial_hash_md5(uint8_t *data_in,
> uint8_t *data_out)
>  	return 0;
>  }
>=20
> +static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived)
> +{
> +	int i;
> +
> +	derived[0] =3D base[0] << 1;
> +	for (i =3D 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) {
> +		derived[i] =3D base[i] << 1;
> +		derived[i - 1] |=3D base[i] >> 7;
> +	}
> +
> +	if (base[0] & 0x80)
> +		derived[ICP_QAT_HW_AES_BLK_SZ - 1] ^=3D
> QAT_AES_CMAC_CONST_RB;
> +}
> +
>  static int
>  partial_hash_compute(enum icp_qat_hw_auth_algo hash_alg,
>  		uint8_t *data_in, uint8_t *data_out)
> @@ -1192,25 +1522,6 @@ partial_hash_compute(enum
> icp_qat_hw_auth_algo hash_alg,
>=20
>  	return 0;
>  }
> -#define HMAC_IPAD_VALUE	0x36
> -#define HMAC_OPAD_VALUE	0x5c
> -#define HASH_XCBC_PRECOMP_KEY_NUM 3
> -
> -static const uint8_t AES_CMAC_SEED[ICP_QAT_HW_AES_128_KEY_SZ];
> -
> -static void aes_cmac_key_derive(uint8_t *base, uint8_t *derived)
> -{
> -	int i;
> -
> -	derived[0] =3D base[0] << 1;
> -	for (i =3D 1; i < ICP_QAT_HW_AES_BLK_SZ ; i++) {
> -		derived[i] =3D base[i] << 1;
> -		derived[i - 1] |=3D base[i] >> 7;
> -	}
> -
> -	if (base[0] & 0x80)
> -		derived[ICP_QAT_HW_AES_BLK_SZ - 1] ^=3D
> QAT_AES_CMAC_CONST_RB;
> -}
>=20
>  static int qat_sym_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
>  				const uint8_t *auth_key,
> @@ -1695,6 +2006,7 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  	uint32_t *aad_len =3D NULL;
>  	uint32_t wordIndex  =3D 0;
>  	uint32_t *pTempKey;
> +	int ret =3D 0;
>=20
>  	if (cdesc->qat_cmd =3D=3D ICP_QAT_FW_LA_CMD_AUTH) {
>  		ICP_QAT_FW_COMN_CURR_ID_SET(hash_cd_ctrl,
> @@ -1766,9 +2078,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  			break;
>  		}
>  		/* SHA-1 HMAC */
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey,
> -			authkeylen, cdesc->cd_cur_ptr, &state1_size,
> -			cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D
> qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA1,
> +				authkey, authkeylen, cdesc->cd_cur_ptr,
> &state1_size,
> +				cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA1, authkey,
> +				authkeylen, cdesc->cd_cur_ptr, &state1_size,
> +				cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(SHA)precompute failed");
>  			return -EFAULT;
>  		}
> @@ -1784,9 +2109,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  			break;
>  		}
>  		/* SHA-224 HMAC */
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey,
> -			authkeylen, cdesc->cd_cur_ptr, &state1_size,
> -			cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D
> qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA224,
> +				authkey, authkeylen, cdesc->cd_cur_ptr,
> &state1_size,
> +				cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA224, authkey,
> +				authkeylen, cdesc->cd_cur_ptr, &state1_size,
> +				cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(SHA)precompute failed");
>  			return -EFAULT;
>  		}
> @@ -1802,9 +2140,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  			break;
>  		}
>  		/* SHA-256 HMAC */
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey,
> -			authkeylen, cdesc->cd_cur_ptr,	&state1_size,
> -			cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D
> qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA256,
> +				authkey, authkeylen, cdesc->cd_cur_ptr,
> &state1_size,
> +				cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA256, authkey,
> +				authkeylen, cdesc->cd_cur_ptr, &state1_size,
> +				cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(SHA)precompute failed");
>  			return -EFAULT;
>  		}
> @@ -1820,9 +2171,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  			break;
>  		}
>  		/* SHA-384 HMAC */
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey,
> -			authkeylen, cdesc->cd_cur_ptr, &state1_size,
> -			cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D
> qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA384,
> +				authkey, authkeylen, cdesc->cd_cur_ptr,
> &state1_size,
> +				cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA384, authkey,
> +				authkeylen, cdesc->cd_cur_ptr, &state1_size,
> +				cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(SHA)precompute failed");
>  			return -EFAULT;
>  		}
> @@ -1838,9 +2202,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  			break;
>  		}
>  		/* SHA-512 HMAC */
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey,
> -			authkeylen, cdesc->cd_cur_ptr,	&state1_size,
> -			cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D
> qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_SHA512,
> +				authkey, authkeylen, cdesc->cd_cur_ptr,
> &state1_size,
> +				cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_SHA512, authkey,
> +				authkeylen, cdesc->cd_cur_ptr, &state1_size,
> +				cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(SHA)precompute failed");
>  			return -EFAULT;
>  		}
> @@ -1851,9 +2228,23 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>=20
>  		if (cdesc->aes_cmac)
>  			memset(cdesc->cd_cur_ptr, 0, state1_size);
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,
> -			authkey, authkeylen, cdesc->cd_cur_ptr +
> state1_size,
> -			&state2_size, cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D qat_sym_do_precomputes_ipsec_mb(
> +
> 	ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,
> +				authkey, authkeylen, cdesc->cd_cur_ptr +
> state1_size,
> +				&state2_size, cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC,
> +				authkey, authkeylen, cdesc->cd_cur_ptr +
> state1_size,
> +				&state2_size, cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			cdesc->aes_cmac ? QAT_LOG(ERR,
>  						  "(CMAC)precompute failed")
>  					: QAT_LOG(ERR,
> @@ -1865,9 +2256,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>  	case ICP_QAT_HW_AUTH_ALGO_GALOIS_64:
>  		cdesc->qat_proto_flag =3D QAT_CRYPTO_PROTO_FLAG_GCM;
>  		state1_size =3D ICP_QAT_HW_GALOIS_128_STATE1_SZ;
> -		if (qat_sym_do_precomputes(cdesc->qat_hash_alg, authkey,
> -			authkeylen, cdesc->cd_cur_ptr + state1_size,
> -			&state2_size, cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D qat_sym_do_precomputes_ipsec_mb(cdesc-
> >qat_hash_alg, authkey,
> +				authkeylen, cdesc->cd_cur_ptr + state1_size,
> +				&state2_size, cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing ?");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D qat_sym_do_precomputes(cdesc-
> >qat_hash_alg, authkey,
> +				authkeylen, cdesc->cd_cur_ptr + state1_size,
> +				&state2_size, cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(GCM)precompute failed");
>  			return -EFAULT;
>  		}
> @@ -1923,9 +2327,22 @@ int qat_sym_cd_auth_set(struct qat_sym_session
> *cdesc,
>=20
>  		break;
>  	case ICP_QAT_HW_AUTH_ALGO_MD5:
> -		if
> (qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey,
> -			authkeylen, cdesc->cd_cur_ptr, &state1_size,
> -			cdesc->aes_cmac)) {
> +		if (qat_ipsec_mb_lib) {
> +#ifdef RTE_QAT_LIBIPSECMB
> +			ret =3D
> qat_sym_do_precomputes_ipsec_mb(ICP_QAT_HW_AUTH_ALGO_MD5,
> +				authkey, authkeylen, cdesc->cd_cur_ptr,
> &state1_size,
> +				cdesc->aes_cmac);
> +#else
> +			QAT_LOG(ERR, "Intel IPSEC-MB LIB missing");
> +			return -EFAULT;
> +#endif
> +		} else {
> +			ret =3D
> qat_sym_do_precomputes(ICP_QAT_HW_AUTH_ALGO_MD5, authkey,
> +				authkeylen, cdesc->cd_cur_ptr, &state1_size,
> +				cdesc->aes_cmac);
> +		}
> +
> +		if (ret) {
>  			QAT_LOG(ERR, "(MD5)precompute failed");
>  			return -EFAULT;
>  		}
> --
> 2.17.1