Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 114691,
    "url": "http://patches.dpdk.org/api/patches/114691/?format=api",
    "web_url": "http://patches.dpdk.org/project/dpdk/patch/20220808080606.220-2-anoobj@marvell.com/",
    "project": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20220808080606.220-2-anoobj@marvell.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20220808080606.220-2-anoobj@marvell.com",
    "date": "2022-08-08T08:05:49",
    "name": "[01/18] crypto/cnxk: add AES-CCM support",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "0bd94a9bb35dcd3876d6c801543f200c91c3f801",
    "submitter": {
        "id": 1205,
        "url": "http://patches.dpdk.org/api/people/1205/?format=api",
        "name": "Anoob Joseph",
        "email": "anoobj@marvell.com"
    },
    "delegate": {
        "id": 6690,
        "url": "http://patches.dpdk.org/api/users/6690/?format=api",
        "username": "akhil",
        "first_name": "akhil",
        "last_name": "goyal",
        "email": "gakhil@marvell.com"
    },
    "mbox": "http://patches.dpdk.org/project/dpdk/patch/20220808080606.220-2-anoobj@marvell.com/mbox/",
    "series": [
        {
            "id": 24219,
            "url": "http://patches.dpdk.org/api/series/24219/?format=api",
            "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=24219",
            "date": "2022-08-08T08:05:48",
            "name": "Fixes and improvements in cnxk crypto PMDs",
            "version": 1,
            "mbox": "http://patches.dpdk.org/series/24219/mbox/"
        }
    ],
    "comments": "http://patches.dpdk.org/api/patches/114691/comments/",
    "check": "warning",
    "checks": "http://patches.dpdk.org/api/patches/114691/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id B0D11A034C;\n\tMon,  8 Aug 2022 10:06:18 +0200 (CEST)",
            "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 3FDAE42B79;\n\tMon,  8 Aug 2022 10:06:13 +0200 (CEST)",
            "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id 2245342B77\n for <dev@dpdk.org>; Mon,  8 Aug 2022 10:06:12 +0200 (CEST)",
            "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id\n 277MwkKn002933\n for <dev@dpdk.org>; Mon, 8 Aug 2022 01:06:11 -0700",
            "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3hsqtmmxdq-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Mon, 08 Aug 2022 01:06:11 -0700",
            "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Mon, 8 Aug 2022 01:06:09 -0700",
            "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend\n Transport; Mon, 8 Aug 2022 01:06:09 -0700",
            "from BG-LT92004.corp.innovium.com (unknown [10.28.160.62])\n by maili.marvell.com (Postfix) with ESMTP id 2E1C03F7043;\n Mon,  8 Aug 2022 01:06:06 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=OnIKocMc22pkSG+IkxP5G4WyVzBqGbZQm5JJM091grk=;\n b=GlDWUbht7vB5nElVW1SHjzcCLxRwsi15c2Wd3KBPmsj0VqrXn1b9cWMVdNKiPJFbOvMY\n PgmANNnPiv2hiDoRdkg292BPZ1PIqx0wGWc7NbRMxmqAOL97KBKStJ8msy3KSgG3M6jq\n sF378BE5syA/YtVxO1KPB+j3QmU8OsM2RVAKRSo4VfC+5qYBkfrnFC+h+uumv8tOTFp0\n pQH+qzBiqAY6Ihe9elpsDxUThhukk6lGIEDKU35dygvmvl4MwntPy/KvqoyFgilyR/pv\n g1u4t8kHZLyBY9PebbwvpM74Iki+puH6qgbuMaC+MruE7VqJiU9S3qU8pN7kqEU/Wl6C iA==",
        "From": "Anoob Joseph <anoobj@marvell.com>",
        "To": "Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>",
        "CC": "Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, <dev@dpdk.org>",
        "Subject": "[PATCH 01/18] crypto/cnxk: add AES-CCM support",
        "Date": "Mon, 8 Aug 2022 13:35:49 +0530",
        "Message-ID": "<20220808080606.220-2-anoobj@marvell.com>",
        "X-Mailer": "git-send-email 2.25.1",
        "In-Reply-To": "<20220808080606.220-1-anoobj@marvell.com>",
        "References": "<20220808080606.220-1-anoobj@marvell.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Content-Type": "text/plain",
        "X-Proofpoint-GUID": "fxYBbm1aNGEWbobCbCLrb68A6q4P3ycM",
        "X-Proofpoint-ORIG-GUID": "fxYBbm1aNGEWbobCbCLrb68A6q4P3ycM",
        "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1\n definitions=2022-08-08_05,2022-08-05_01,2022-06-22_01",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org"
    },
    "content": "From: Archana Muniganti <marchana@marvell.com>\n\nAdd lookaside IPsec AES-CCM support in CN9K & CN10K PMDs.\n\nSigned-off-by: Archana Muniganti <marchana@marvell.com>\n---\n doc/guides/rel_notes/release_22_11.rst        |  4 ++\n drivers/common/cnxk/cnxk_security.c           | 38 ++++++++++++--\n drivers/common/cnxk/roc_cpt.h                 | 13 ++---\n drivers/crypto/cnxk/cn10k_ipsec_la_ops.h      |  1 +\n drivers/crypto/cnxk/cnxk_cryptodev.h          |  2 +-\n .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 49 ++++++++++++++++---\n drivers/crypto/cnxk/cnxk_ipsec.h              |  3 +-\n 7 files changed, 93 insertions(+), 17 deletions(-)",
    "diff": "diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst\nindex 8c021cf050..333f66bef3 100644\n--- a/doc/guides/rel_notes/release_22_11.rst\n+++ b/doc/guides/rel_notes/release_22_11.rst\n@@ -55,6 +55,10 @@ New Features\n      Also, make sure to start the actual text at the margin.\n      =======================================================\n \n+* **Updated Marvell cnxk crypto driver.**\n+\n+  * Added AES-CCM support in lookaside protocol (IPsec) for CN9K & CN10K.\n+\n \n Removed Items\n -------------\ndiff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c\nindex dca8742be3..8a0e4dea4c 100644\n--- a/drivers/common/cnxk/cnxk_security.c\n+++ b/drivers/common/cnxk/cnxk_security.c\n@@ -58,6 +58,7 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n {\n \tstruct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;\n \tconst uint8_t *key = NULL;\n+\tuint8_t ccm_flag = 0;\n \tuint32_t *tmp_salt;\n \tuint64_t *tmp_key;\n \tint i, length = 0;\n@@ -113,6 +114,15 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t\t\ttmp_salt = (uint32_t *)salt_key;\n \t\t\t*tmp_salt = rte_be_to_cpu_32(*tmp_salt);\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AEAD_AES_CCM:\n+\t\t\tw2->s.enc_type = ROC_IE_OT_SA_ENC_AES_CCM;\n+\t\t\tw2->s.auth_type = ROC_IE_OT_SA_AUTH_NULL;\n+\t\t\tccm_flag = 0x07 & ~ROC_CPT_AES_CCM_CTR_LEN;\n+\t\t\t*salt_key = ccm_flag;\n+\t\t\tmemcpy(PLT_PTR_ADD(salt_key, 1), &ipsec_xfrm->salt, 3);\n+\t\t\ttmp_salt = (uint32_t *)salt_key;\n+\t\t\t*tmp_salt = rte_be_to_cpu_32(*tmp_salt);\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\treturn -ENOTSUP;\n \t\t}\n@@ -204,6 +214,7 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2,\n \t    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||\n \t    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CTR ||\n \t    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||\n+\t    w2->s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||\n \t    w2->s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC) {\n \t\tswitch (length) {\n \t\tcase ROC_CPT_AES128_KEY_LEN:\n@@ -612,6 +623,7 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,\n \tstruct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;\n \tint rc, length, auth_key_len;\n \tconst uint8_t *key = NULL;\n+\tuint8_t ccm_flag = 0;\n \n \t/* Set direction */\n \tswitch (ipsec_xfrm->direction) {\n@@ -663,6 +675,14 @@ onf_ipsec_sa_common_param_fill(struct roc_ie_onf_sa_ctl *ctl, uint8_t *salt,\n \t\t\tmemcpy(salt, &ipsec_xfrm->salt, 4);\n \t\t\tkey = crypto_xfrm->aead.key.data;\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AEAD_AES_CCM:\n+\t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CCM;\n+\t\t\tctl->auth_type = ROC_IE_ON_SA_AUTH_NULL;\n+\t\t\tccm_flag = 0x07 & ~ROC_CPT_AES_CCM_CTR_LEN;\n+\t\t\t*salt = ccm_flag;\n+\t\t\tmemcpy(PLT_PTR_ADD(salt, 1), &ipsec_xfrm->salt, 3);\n+\t\t\tkey = crypto_xfrm->aead.key.data;\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\treturn -ENOTSUP;\n \t\t}\n@@ -810,7 +830,7 @@ cnxk_ipsec_ivlen_get(enum rte_crypto_cipher_algorithm c_algo,\n {\n \tuint8_t ivlen = 0;\n \n-\tif (aead_algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\tif ((aead_algo == RTE_CRYPTO_AEAD_AES_GCM) || (aead_algo == RTE_CRYPTO_AEAD_AES_CCM))\n \t\tivlen = 8;\n \n \tswitch (c_algo) {\n@@ -873,6 +893,7 @@ cnxk_ipsec_icvlen_get(enum rte_crypto_cipher_algorithm c_algo,\n \n \tswitch (aead_algo) {\n \tcase RTE_CRYPTO_AEAD_AES_GCM:\n+\tcase RTE_CRYPTO_AEAD_AES_CCM:\n \t\ticv = 16;\n \t\tbreak;\n \tdefault:\n@@ -888,7 +909,7 @@ cnxk_ipsec_outb_roundup_byte(enum rte_crypto_cipher_algorithm c_algo,\n {\n \tuint8_t roundup_byte = 4;\n \n-\tif (aead_algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\tif ((aead_algo == RTE_CRYPTO_AEAD_AES_GCM) || (aead_algo == RTE_CRYPTO_AEAD_AES_CCM))\n \t\treturn roundup_byte;\n \n \tswitch (c_algo) {\n@@ -1023,6 +1044,10 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n \t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_GCM;\n \t\t\taes_key_len = crypto_xform->aead.key.length;\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AEAD_AES_CCM:\n+\t\t\tctl->enc_type = ROC_IE_ON_SA_ENC_AES_CCM;\n+\t\t\taes_key_len = crypto_xform->aead.key.length;\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\tplt_err(\"Unsupported AEAD algorithm\");\n \t\t\treturn -ENOTSUP;\n@@ -1087,6 +1112,7 @@ on_ipsec_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n \t    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM ||\n \t    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CTR ||\n \t    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||\n+\t    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM ||\n \t    ctl->auth_type == ROC_IE_ON_SA_AUTH_AES_GMAC) {\n \t\tswitch (aes_key_len) {\n \t\tcase 16:\n@@ -1129,6 +1155,7 @@ on_fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec,\n \tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n \tconst uint8_t *cipher_key;\n \tint cipher_key_len = 0;\n+\tuint8_t ccm_flag = 0;\n \tint ret;\n \n \tret = on_ipsec_sa_ctl_set(ipsec, crypto_xform, &common_sa->ctl);\n@@ -1146,6 +1173,11 @@ on_fill_ipsec_common_sa(struct rte_security_ipsec_xform *ipsec,\n \tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n \t\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)\n \t\t\tmemcpy(common_sa->iv.gcm.nonce, &ipsec->salt, 4);\n+\t\telse if (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM) {\n+\t\t\tccm_flag = 0x07 & ~ROC_CPT_AES_CCM_CTR_LEN;\n+\t\t\t*common_sa->iv.gcm.nonce = ccm_flag;\n+\t\t\tmemcpy(PLT_PTR_ADD(common_sa->iv.gcm.nonce, 1), &ipsec->salt, 3);\n+\t\t}\n \t\tcipher_key = crypto_xform->aead.key.data;\n \t\tcipher_key_len = crypto_xform->aead.key.length;\n \t} else {\n@@ -1194,7 +1226,7 @@ cnxk_on_ipsec_outb_sa_create(struct rte_security_ipsec_xform *ipsec,\n \t\treturn ret;\n \n \tif (ctl->enc_type == ROC_IE_ON_SA_ENC_AES_GCM ||\n-\t    ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL ||\n+\t    ctl->enc_type == ROC_IE_ON_SA_ENC_AES_CCM || ctl->auth_type == ROC_IE_ON_SA_AUTH_NULL ||\n \t    ctl->auth_type == ROC_IE_ON_SA_AUTH_AES_GMAC) {\n \t\ttemplate = &out_sa->aes_gcm.template;\n \t\tctx_len = offsetof(struct roc_ie_on_outb_sa, aes_gcm.template);\ndiff --git a/drivers/common/cnxk/roc_cpt.h b/drivers/common/cnxk/roc_cpt.h\nindex a3a65f1e94..0cebc05c74 100644\n--- a/drivers/common/cnxk/roc_cpt.h\n+++ b/drivers/common/cnxk/roc_cpt.h\n@@ -43,12 +43,13 @@\n \t ROC_CN10K_CPT_INST_DW_M1 << (19 + 3 * 14))\n \n /* CPT helper macros */\n-#define ROC_CPT_AH_HDR_LEN\t 12\n-#define ROC_CPT_AES_GCM_IV_LEN\t 8\n-#define ROC_CPT_AES_GCM_MAC_LEN\t 16\n-#define ROC_CPT_AES_CBC_IV_LEN\t 16\n-#define ROC_CPT_SHA1_HMAC_LEN\t 12\n-#define ROC_CPT_SHA2_HMAC_LEN\t 16\n+#define ROC_CPT_AH_HDR_LEN\t12\n+#define ROC_CPT_AES_GCM_IV_LEN\t8\n+#define ROC_CPT_AES_GCM_MAC_LEN 16\n+#define ROC_CPT_AES_CCM_CTR_LEN 4\n+#define ROC_CPT_AES_CBC_IV_LEN\t16\n+#define ROC_CPT_SHA1_HMAC_LEN\t12\n+#define ROC_CPT_SHA2_HMAC_LEN\t16\n \n #define ROC_CPT_DES3_KEY_LEN\t    24\n #define ROC_CPT_AES128_KEY_LEN\t    16\ndiff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h\nindex 66cfe6ca98..e220863799 100644\n--- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h\n+++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h\n@@ -66,6 +66,7 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop,\n #ifdef LA_IPSEC_DEBUG\n \tif (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) {\n \t\tif (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM ||\n+\t\t    sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_CCM ||\n \t\t    sess->out_sa.w2.s.auth_type == ROC_IE_OT_SA_AUTH_AES_GMAC)\n \t\t\tipsec_po_sa_aes_gcm_iv_set(sess, cop);\n \t\telse\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h\nindex 8870021725..a3dcfbfa6d 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev.h\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h\n@@ -11,7 +11,7 @@\n #include \"roc_cpt.h\"\n \n #define CNXK_CPT_MAX_CAPS\t 35\n-#define CNXK_SEC_CRYPTO_MAX_CAPS 13\n+#define CNXK_SEC_CRYPTO_MAX_CAPS 14\n #define CNXK_SEC_MAX_CAPS\t 9\n #define CNXK_AE_EC_ID_MAX\t 8\n /**\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex 705d67e91f..fdc646a6fc 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -775,6 +775,36 @@ static const struct rte_cryptodev_capabilities sec_caps_aes[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* AES CCM */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t{.aead = {\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_AES_CCM,\n+\t\t\t\t.block_size = 16,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 8\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.aad_size = {\n+\t\t\t\t\t.min = 8,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 4\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 12,\n+\t\t\t\t\t.max = 12,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n \t{\t/* AES CTR */\n \t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n \t\t{.sym = {\n@@ -1155,14 +1185,23 @@ cnxk_crypto_capabilities_get(struct cnxk_cpt_vf *vf)\n \treturn vf->crypto_caps;\n }\n \n+static bool\n+sec_caps_limit_check(int *cur_pos, int nb_caps)\n+{\n+\tif (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS) {\n+\t\trte_panic(\"Could not add sec crypto caps\");\n+\t\treturn true;\n+\t}\n+\n+\treturn false;\n+}\n+\n static void\n sec_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,\n \t     const struct rte_cryptodev_capabilities *caps, int nb_caps)\n {\n-\tif (*cur_pos + nb_caps > CNXK_SEC_CRYPTO_MAX_CAPS) {\n-\t\trte_panic(\"Could not add sec crypto caps\");\n+\tif (sec_caps_limit_check(cur_pos, nb_caps))\n \t\treturn;\n-\t}\n \n \tmemcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));\n \t*cur_pos += nb_caps;\n@@ -1175,10 +1214,8 @@ cn10k_sec_crypto_caps_update(struct rte_cryptodev_capabilities cnxk_caps[],\n \tconst struct rte_cryptodev_capabilities *cap;\n \tunsigned int i;\n \n-\tif ((CNXK_SEC_CRYPTO_MAX_CAPS - *cur_pos) < 1) {\n-\t\trte_panic(\"Could not add sec crypto caps\");\n+\tif (sec_caps_limit_check(cur_pos, 1))\n \t\treturn;\n-\t}\n \n \t/* NULL auth */\n \tfor (i = 0; i < RTE_DIM(caps_null); i++) {\ndiff --git a/drivers/crypto/cnxk/cnxk_ipsec.h b/drivers/crypto/cnxk/cnxk_ipsec.h\nindex 07ab2cf4ee..00873ca6ac 100644\n--- a/drivers/crypto/cnxk/cnxk_ipsec.h\n+++ b/drivers/crypto/cnxk/cnxk_ipsec.h\n@@ -87,7 +87,8 @@ ipsec_xform_aead_verify(struct rte_security_ipsec_xform *ipsec_xform,\n \t    crypto_xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)\n \t\treturn -EINVAL;\n \n-\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM ||\n+\t    crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM) {\n \t\tswitch (crypto_xform->aead.key.length) {\n \t\tcase 16:\n \t\tcase 24:\n",
    "prefixes": [
        "01/18"
    ]
}