Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/47186/?format=api
{ "id": 47186, "url": "http://patches.dpdk.org/api/patches/47186/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20181022145644.29277-14-g.singh@nxp.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20181022145644.29277-14-g.singh@nxp.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20181022145644.29277-14-g.singh@nxp.com", "date": "2018-10-22T14:57:50", "name": "[v5,13/15] crypto/caam_jr: add security offload", "commit_ref": null, "pull_url": null, "state": "not-applicable", "archived": true, "hash": "82d9490c3ee195afcc1922eac439c72a4745be51", "submitter": { "id": 1068, "url": "http://patches.dpdk.org/api/people/1068/?format=api", "name": "Gagandeep Singh", "email": "g.singh@nxp.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20181022145644.29277-14-g.singh@nxp.com/mbox/", "series": [ { "id": 2013, "url": "http://patches.dpdk.org/api/series/2013/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=2013", "date": "2018-10-22T14:57:21", "name": "Introducing the NXP CAAM job ring driver", "version": 5, "mbox": "http://patches.dpdk.org/series/2013/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/47186/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/47186/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 2C7031B445;\n\tMon, 22 Oct 2018 16:58:05 +0200 (CEST)", "from EUR02-VE1-obe.outbound.protection.outlook.com\n\t(mail-eopbgr20055.outbound.protection.outlook.com [40.107.2.55])\n\tby dpdk.org (Postfix) with ESMTP id 2BA5A1B429\n\tfor <dev@dpdk.org>; Mon, 22 Oct 2018 16:57:54 +0200 (CEST)", "from HE1PR04MB1530.eurprd04.prod.outlook.com (10.164.48.20) by\n\tHE1PR04MB1305.eurprd04.prod.outlook.com (10.162.249.27) with\n\tMicrosoft SMTP Server (version=TLS1_2,\n\tcipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n\t15.20.1250.30; Mon, 22 Oct 2018 14:57:51 +0000", "from HE1PR04MB1530.eurprd04.prod.outlook.com\n\t([fe80::95cd:198:d5c5:59a4]) by\n\tHE1PR04MB1530.eurprd04.prod.outlook.com\n\t([fe80::95cd:198:d5c5:59a4%5]) with mapi id 15.20.1250.028;\n\tMon, 22 Oct 2018 14:57:51 +0000" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1;\n\th=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n\tbh=rJKxSWPZZXdC1WC8WxDj+pbeOlQgrVPcI2gHCu47CeU=;\n\tb=cxkTD4/iSnPLqLgd5IQusKriaHmPUN1tAefGgBigLlGdBVPXaYeJ9k3/k1k6MO+e7Heou5V2XXwToAdMSPHXYemj8X94nGexNCIihYx/+K93eTPlMUyBxjCUCUM3lsC5ZBJsEZXw3WvfcRArVySW/pJ/LAlduDal3GNBmSFgNFc=", "From": "Gagandeep Singh <G.Singh@nxp.com>", "To": "\"dev@dpdk.org\" <dev@dpdk.org>, Akhil Goyal <akhil.goyal@nxp.com>", "CC": "Hemant Agrawal <hemant.agrawal@nxp.com>,\n\tGagandeep Singh <G.Singh@nxp.com>", "Thread-Topic": "[PATCH v5 13/15] crypto/caam_jr: add security offload", "Thread-Index": "AQHUahea9xTdA17CAUWiusarOotskQ==", "Date": "Mon, 22 Oct 2018 14:57:50 +0000", "Message-ID": "<20181022145644.29277-14-g.singh@nxp.com>", "References": "<20181022141657.4727-1-g.singh@nxp.com>\n\t<20181022145644.29277-1-g.singh@nxp.com>", "In-Reply-To": "<20181022145644.29277-1-g.singh@nxp.com>", "Accept-Language": "en-US", "Content-Language": "en-US", "X-MS-Has-Attach": "", "X-MS-TNEF-Correlator": "", "x-clientproxiedby": "BM1PR0101CA0067.INDPRD01.PROD.OUTLOOK.COM\n\t(2603:1096:b00:19::29) To HE1PR04MB1530.eurprd04.prod.outlook.com\n\t(2a01:111:e400:59a8::20)", "authentication-results": "spf=none (sender IP is )\n\tsmtp.mailfrom=G.Singh@nxp.com; ", "x-ms-exchange-messagesentrepresentingtype": "1", "x-originating-ip": "[14.142.187.166]", "x-ms-publictraffictype": "Email", "x-microsoft-exchange-diagnostics": "1; HE1PR04MB1305;\n\t6:7Vct9J1+YbS43lMRnsQjYEOE0pV1QdFpKhYrY5MyrF60ZaOrErt/0IaNJ+XocXhPoQmvXpoRZnum4PHxLU6Vlx0w80BOWLplzjJkYUzLvDMu2MLl9S8+1tmzKxP8sGNk+ZanR+XXaXcgIScFoFQiTsu3Mn36PqyRPnIGNBZ6YQ0nRV50d2YqEvkPX7TdM3CwvqRHNdEE4/r8CGDoN4rOEDOucYHKn8LumsXkVRQuYrjhUd0r5uzA4Ro5sqba4FnZ+H9tAnlp5WHkyFnZmXVN2k1SFNJ1NBCCpfztrPMQgpFj1Vt4MR0Hrh47hGUdlJPqL6ZAeLzzHH5mmZff7kyyl3Frr/2JF5HXZFG1uadgYkPXBSwDD+JSZSOKHJbqC2dFevOb324T0Qq+GVnARbjbrqWi4tDKa/Gk5lXHv/sT2W+iogCSHKIDp21nYMRD+YSX34BK7lmX+5Hle2U/1XDhhA==;\n\t5:xA0sys41iZgpWP56IdRm+nln5qZ38HZgTJknRoZEtw2DLny3wOtEZPYdyR+pGc15/PoIsPTE94eQse74yHmXmY8bVo2aCBf6V51JkcwBe7cZfKrogj7SOOvdRnEFX9V2WQ2flcQQ7qOR7UL9dnnsTEpT7fTUZmfKOPyOmo93jgY=;\n\t7:tvNd/Ezy+qxZ8yQ4KjFpN1ldODkn8kjw2y/Ija2B+2KNP5DF6iEug4ecTxNXhEYnq7/C9daD2TWSajqRw8MZPUF4LADixJtpVK9fFdGamgifcwqUL2HkOB7SFH1D6R1ssE6UOOgqruXcaAVv6Cj/6xoX3sEh6PBoK8GRbN6yJriaYCp7p6ICx09JG3NEpahSG5kwNdNHpYbP7XjNm5F05Q4fcGLIFbfwveqp59w0vIkN+mke/BHFUwl4oA9+CaW8", "x-ms-office365-filtering-correlation-id": "9b26725f-8421-49c8-6c64-08d6382ebc84", "x-ms-office365-filtering-ht": "Tenant", "x-microsoft-antispam": "BCL:0; PCL:0;\n\tRULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020);\n\tSRVR:HE1PR04MB1305; ", "x-ms-traffictypediagnostic": "HE1PR04MB1305:", "x-microsoft-antispam-prvs": "<HE1PR04MB13054861A7582C2747C0EEC3E1F40@HE1PR04MB1305.eurprd04.prod.outlook.com>", "x-exchange-antispam-report-test": "UriScan:(192374486261705)(185117386973197); ", "x-ms-exchange-senderadcheck": "1", "x-exchange-antispam-report-cfa-test": "BCL:0; PCL:0;\n\tRULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231355)(944501410)(52105095)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095);\n\tSRVR:HE1PR04MB1305; BCL:0; PCL:0; RULEID:; SRVR:HE1PR04MB1305; ", "x-forefront-prvs": "08331F819E", "x-forefront-antispam-report": "SFV:NSPM;\n\tSFS:(10009020)(376002)(39860400002)(396003)(136003)(366004)(346002)(199004)(189003)(8676002)(256004)(81156014)(81166006)(11346002)(476003)(99286004)(446003)(316002)(52116002)(2616005)(486006)(106356001)(15650500001)(8936002)(105586002)(186003)(71200400001)(5250100002)(78486010)(3846002)(2501003)(4744004)(71190400001)(25786009)(2900100001)(305945005)(7736002)(97736004)(478600001)(4326008)(2906002)(72206003)(6636002)(53936002)(14454004)(66066001)(6512007)(5660300001)(6116002)(1076002)(6436002)(53946003)(6486002)(36756003)(14444005)(54906003)(6506007)(76176011)(55236004)(386003)(68736007)(26005)(86362001)(102836004)(110136005)(579004);\n\tDIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR04MB1305;\n\tH:HE1PR04MB1530.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en;\n\tPTR:InfoNoRecords; A:1; MX:1; ", "received-spf": "None (protection.outlook.com: nxp.com does not designate\n\tpermitted sender hosts)", "x-microsoft-antispam-message-info": "hgR+UylJ2EeRwpq2ts1UzQ1YPok/81XMZjpUeuTNCYtB0ERjOHrOuZcp4m01USFYKF8pQ3mOEMd7b3WatMtdHwVSCFkp2C7ta9WUoqcx5MEvcRFqu0gyTK6IW9QvCXcnvCFG2CUBrujyDt+6nJp+foItuh0lBp4dkNjFw2qX3q15cJ1h8izrQCTajRoQ2E3L7myrojcWih4wg2hUYC+9SBCZUK6DFchzwug7ZutruUQBJXiVOtm8NQU4mNeaj6gGerJHuK71qgrwCkfGaqc6ZEp/HdlrE13MYuedGVa21TOh49gqIjWV9Fjg25NTfyQHLi9iRAlRnR9+UIaB/zvIyqgB8wrlN+a7BdoumWwJ/Vc=", "spamdiagnosticoutput": "1:99", "spamdiagnosticmetadata": "NSPM", "Content-Type": "text/plain; charset=\"iso-8859-1\"", "Content-Transfer-Encoding": "quoted-printable", "MIME-Version": "1.0", "X-OriginatorOrg": "nxp.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "9b26725f-8421-49c8-6c64-08d6382ebc84", "X-MS-Exchange-CrossTenant-originalarrivaltime": "22 Oct 2018 14:57:50.9226\n\t(UTC)", "X-MS-Exchange-CrossTenant-fromentityheader": "Hosted", "X-MS-Exchange-CrossTenant-id": "686ea1d3-bc2b-4c6f-a92c-d99c5c301635", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "HE1PR04MB1305", "Subject": "[dpdk-dev] [PATCH v5 13/15] crypto/caam_jr: add security offload", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Hemant Agrawal <hemant.agrawal@nxp.com>\n\nThis patch provides the support for protocol offload\nto the hardware. following security operations are\nadded:\n - session_create\n - session_destroy\n - capabilities_get\n\nSigned-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>\nSigned-off-by: Gagandeep Singh <g.singh@nxp.com>\nAcked-by: Akhil Goyal <akhil.goyal@nxp.com>\n---\n drivers/crypto/caam_jr/caam_jr.c | 425 +++++++++++++++++-\n drivers/crypto/caam_jr/caam_jr_capabilities.c | 36 ++\n drivers/crypto/caam_jr/caam_jr_capabilities.h | 8 +\n drivers/crypto/caam_jr/caam_jr_hw.c | 3 +\n drivers/crypto/caam_jr/caam_jr_pvt.h | 10 +\n drivers/crypto/caam_jr/caam_jr_uio.c | 3 +\n 6 files changed, 483 insertions(+), 2 deletions(-)", "diff": "diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c\nindex c89d76dab..1c18453e4 100644\n--- a/drivers/crypto/caam_jr/caam_jr.c\n+++ b/drivers/crypto/caam_jr/caam_jr.c\n@@ -14,6 +14,9 @@\n #include <rte_cryptodev.h>\n #include <rte_bus_vdev.h>\n #include <rte_malloc.h>\n+#ifdef RTE_LIBRTE_SECURITY\n+#include <rte_security_driver.h>\n+#endif\n #include <rte_hexdump.h>\n \n #include <caam_jr_capabilities.h>\n@@ -26,7 +29,6 @@\n /* RTA header files */\n #include <hw/desc/common.h>\n #include <hw/desc/algo.h>\n-#include <hw/desc/ipsec.h>\n #include <of.h>\n \n #define CAAM_JR_DBG\t0\n@@ -185,8 +187,21 @@ is_auth_cipher(struct caam_jr_session *ses)\n {\n \tPMD_INIT_FUNC_TRACE();\n \treturn ((ses->cipher_alg != RTE_CRYPTO_CIPHER_NULL) &&\n-\t\t(ses->auth_alg != RTE_CRYPTO_AUTH_NULL));\n+\t\t(ses->auth_alg != RTE_CRYPTO_AUTH_NULL)\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\t&& (ses->proto_alg != RTE_SECURITY_PROTOCOL_IPSEC)\n+#endif\n+\t\t);\n+}\n+\n+#ifdef RTE_LIBRTE_SECURITY\n+static inline int\n+is_proto_ipsec(struct caam_jr_session *ses)\n+{\n+\tPMD_INIT_FUNC_TRACE();\n+\treturn (ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC);\n }\n+#endif\n \n static inline int\n is_encode(struct caam_jr_session *ses)\n@@ -211,27 +226,63 @@ caam_auth_alg(struct caam_jr_session *ses, struct alginfo *alginfo_a)\n \t\tses->digest_length = 0;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_a->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_HMAC_MD5_96 : OP_ALG_ALGSEL_MD5;\n+#else\n \t\talginfo_a->algtype = OP_ALG_ALGSEL_MD5;\n+#endif\n \t\talginfo_a->algmode = OP_ALG_AAI_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_a->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_HMAC_SHA1_96 : OP_ALG_ALGSEL_SHA1;\n+#else\n \t\talginfo_a->algtype = OP_ALG_ALGSEL_SHA1;\n+#endif\n \t\talginfo_a->algmode = OP_ALG_AAI_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_SHA224_HMAC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_a->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_HMAC_SHA1_160 : OP_ALG_ALGSEL_SHA224;\n+#else\n \t\talginfo_a->algtype = OP_ALG_ALGSEL_SHA224;\n+#endif\n \t\talginfo_a->algmode = OP_ALG_AAI_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_a->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_HMAC_SHA2_256_128 : OP_ALG_ALGSEL_SHA256;\n+#else\n \t\talginfo_a->algtype = OP_ALG_ALGSEL_SHA256;\n+#endif\n \t\talginfo_a->algmode = OP_ALG_AAI_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_a->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_HMAC_SHA2_384_192 : OP_ALG_ALGSEL_SHA384;\n+#else\n \t\talginfo_a->algtype = OP_ALG_ALGSEL_SHA384;\n+#endif\n \t\talginfo_a->algmode = OP_ALG_AAI_HMAC;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_a->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_HMAC_SHA2_512_256 : OP_ALG_ALGSEL_SHA512;\n+#else\n \t\talginfo_a->algtype = OP_ALG_ALGSEL_SHA512;\n+#endif\n \t\talginfo_a->algmode = OP_ALG_AAI_HMAC;\n \t\tbreak;\n \tdefault:\n@@ -247,15 +298,33 @@ caam_cipher_alg(struct caam_jr_session *ses, struct alginfo *alginfo_c)\n \tcase RTE_CRYPTO_CIPHER_NULL:\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_c->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_AES_CBC : OP_ALG_ALGSEL_AES;\n+#else\n \t\talginfo_c->algtype = OP_ALG_ALGSEL_AES;\n+#endif\n \t\talginfo_c->algmode = OP_ALG_AAI_CBC;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_c->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_3DES : OP_ALG_ALGSEL_3DES;\n+#else\n \t\talginfo_c->algtype = OP_ALG_ALGSEL_3DES;\n+#endif\n \t\talginfo_c->algmode = OP_ALG_AAI_CBC;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\talginfo_c->algtype =\n+\t\t\t(ses->proto_alg == RTE_SECURITY_PROTOCOL_IPSEC) ?\n+\t\t\tOP_PCL_IPSEC_AES_CTR : OP_ALG_ALGSEL_AES;\n+#else\n \t\talginfo_c->algtype = OP_ALG_ALGSEL_AES;\n+#endif\n \t\talginfo_c->algmode = OP_ALG_AAI_CTR;\n \t\tbreak;\n \tdefault:\n@@ -419,6 +488,24 @@ caam_jr_prep_cdb(struct caam_jr_session *ses)\n \t\tcdb->sh_desc[0] = 0;\n \t\tcdb->sh_desc[1] = 0;\n \t\tcdb->sh_desc[2] = 0;\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\tif (is_proto_ipsec(ses)) {\n+\t\t\tif (ses->dir == DIR_ENC) {\n+\t\t\t\tshared_desc_len = cnstr_shdsc_ipsec_new_encap(\n+\t\t\t\t\t\tcdb->sh_desc,\n+\t\t\t\t\t\ttrue, swap, SHR_SERIAL,\n+\t\t\t\t\t\t&ses->encap_pdb,\n+\t\t\t\t\t\t(uint8_t *)&ses->ip4_hdr,\n+\t\t\t\t\t\t&alginfo_c, &alginfo_a);\n+\t\t\t} else if (ses->dir == DIR_DEC) {\n+\t\t\t\tshared_desc_len = cnstr_shdsc_ipsec_new_decap(\n+\t\t\t\t\t\tcdb->sh_desc,\n+\t\t\t\t\t\ttrue, swap, SHR_SERIAL,\n+\t\t\t\t\t\t&ses->decap_pdb,\n+\t\t\t\t\t\t&alginfo_c, &alginfo_a);\n+\t\t\t}\n+\t\t} else {\n+#endif\n \t\t\t/* Auth_only_len is set as 0 here and it will be\n \t\t\t * overwritten in fd for each packet.\n \t\t\t */\n@@ -426,6 +513,9 @@ caam_jr_prep_cdb(struct caam_jr_session *ses)\n \t\t\t\t\ttrue, swap, &alginfo_c, &alginfo_a,\n \t\t\t\t\tses->iv.length, 0,\n \t\t\t\t\tses->digest_length, ses->dir);\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\t}\n+#endif\n \t}\n \n \tif (shared_desc_len < 0) {\n@@ -601,6 +691,28 @@ hw_poll_job_ring(struct sec_job_ring_t *job_ring,\n \t\t\t}\n #endif\n \t\t}\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\tif (ctx->op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {\n+\t\t\tstruct ip *ip4_hdr;\n+\n+\t\t\tif (ctx->op->sym->m_dst) {\n+\t\t\t\t/*TODO check for ip header or other*/\n+\t\t\t\tip4_hdr = (struct ip *)\n+\t\t\t\trte_pktmbuf_mtod(ctx->op->sym->m_dst, char*);\n+\t\t\t\tctx->op->sym->m_dst->pkt_len =\n+\t\t\t\t\trte_be_to_cpu_16(ip4_hdr->ip_len);\n+\t\t\t\tctx->op->sym->m_dst->data_len =\n+\t\t\t\t\trte_be_to_cpu_16(ip4_hdr->ip_len);\n+\t\t\t} else {\n+\t\t\t\tip4_hdr = (struct ip *)\n+\t\t\t\trte_pktmbuf_mtod(ctx->op->sym->m_src, char*);\n+\t\t\t\tctx->op->sym->m_src->pkt_len =\n+\t\t\t\t\trte_be_to_cpu_16(ip4_hdr->ip_len);\n+\t\t\t\tctx->op->sym->m_src->data_len =\n+\t\t\t\t\trte_be_to_cpu_16(ip4_hdr->ip_len);\n+\t\t\t}\n+\t\t}\n+#endif\n \t\t*ops = ctx->op;\n \t\tcaam_jr_op_ending(ctx);\n \t\tops++;\n@@ -1260,6 +1372,52 @@ build_cipher_auth(struct rte_crypto_op *op, struct caam_jr_session *ses)\n \n \treturn ctx;\n }\n+\n+#ifdef RTE_LIBRTE_SECURITY\n+static inline struct caam_jr_op_ctx *\n+build_proto(struct rte_crypto_op *op, struct caam_jr_session *ses)\n+{\n+\tstruct rte_crypto_sym_op *sym = op->sym;\n+\tstruct caam_jr_op_ctx *ctx = NULL;\n+\tphys_addr_t src_start_addr, dst_start_addr;\n+\tstruct sec_cdb *cdb;\n+\tuint64_t sdesc_offset;\n+\tstruct sec_job_descriptor_t *jobdescr;\n+\n+\tPMD_INIT_FUNC_TRACE();\n+\tctx = caam_jr_alloc_ctx(ses);\n+\tif (!ctx)\n+\t\treturn NULL;\n+\tctx->op = op;\n+\n+\tsrc_start_addr = rte_pktmbuf_iova(sym->m_src);\n+\tif (sym->m_dst)\n+\t\tdst_start_addr = rte_pktmbuf_iova(sym->m_dst);\n+\telse\n+\t\tdst_start_addr = src_start_addr;\n+\n+\tcdb = ses->cdb;\n+\tsdesc_offset = (size_t) ((char *)&cdb->sh_desc - (char *)cdb);\n+\n+\tjobdescr = (struct sec_job_descriptor_t *) ctx->jobdes.desc;\n+\n+\tSEC_JD_INIT(jobdescr);\n+\tSEC_JD_SET_SD(jobdescr,\n+\t\t(phys_addr_t)(caam_jr_dma_vtop(cdb)) + sdesc_offset,\n+\t\t\tcdb->sh_hdr.hi.field.idlen);\n+\n+\t/* output */\n+\tSEC_JD_SET_OUT_PTR(jobdescr, (uint64_t)dst_start_addr, 0,\n+\t\t\tsym->m_src->buf_len - sym->m_src->data_off);\n+\t/* input */\n+\tSEC_JD_SET_IN_PTR(jobdescr, (uint64_t)src_start_addr, 0,\n+\t\t\tsym->m_src->pkt_len);\n+\tsym->m_src->packet_type &= ~RTE_PTYPE_L4_MASK;\n+\n+\treturn ctx;\n+}\n+#endif\n+\n static int\n caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)\n {\n@@ -1275,6 +1433,13 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)\n \t\tget_sym_session_private_data(op->sym->session,\n \t\t\t\t\tcryptodev_driver_id);\n \t\tbreak;\n+#ifdef RTE_LIBRTE_SECURITY\n+\tcase RTE_CRYPTO_OP_SECURITY_SESSION:\n+\t\tses = (struct caam_jr_session *)\n+\t\t\tget_sec_session_private_data(\n+\t\t\t\t\top->sym->sec_session);\n+\t\tbreak;\n+#endif\n \tdefault:\n \t\tCAAM_JR_DP_ERR(\"sessionless crypto op not supported\");\n \t\tqp->tx_errs++;\n@@ -1296,6 +1461,10 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp)\n \t\t\tctx = build_auth_only(op, ses);\n \t\telse if (is_cipher_only(ses))\n \t\t\tctx = build_cipher_only(op, ses);\n+#ifdef RTE_LIBRTE_SECURITY\n+\t\telse if (is_proto_ipsec(ses))\n+\t\t\tctx = build_proto(op, ses);\n+#endif\n \t} else {\n \t\tif (is_auth_cipher(ses))\n \t\t\tctx = build_cipher_auth_sg(op, ses);\n@@ -1666,6 +1835,229 @@ caam_jr_sym_session_clear(struct rte_cryptodev *dev,\n \t}\n }\n \n+#ifdef RTE_LIBRTE_SECURITY\n+static int\n+caam_jr_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,\n+\t\t\t struct rte_security_session_conf *conf,\n+\t\t\t void *sess)\n+{\n+\tstruct sec_job_ring_t *internals = dev->data->dev_private;\n+\tstruct rte_security_ipsec_xform *ipsec_xform = &conf->ipsec;\n+\tstruct rte_crypto_auth_xform *auth_xform;\n+\tstruct rte_crypto_cipher_xform *cipher_xform;\n+\tstruct caam_jr_session *session = (struct caam_jr_session *)sess;\n+\n+\tPMD_INIT_FUNC_TRACE();\n+\n+\tif (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tcipher_xform = &conf->crypto_xform->cipher;\n+\t\tauth_xform = &conf->crypto_xform->next->auth;\n+\t} else {\n+\t\tauth_xform = &conf->crypto_xform->auth;\n+\t\tcipher_xform = &conf->crypto_xform->next->cipher;\n+\t}\n+\tsession->proto_alg = conf->protocol;\n+\tsession->cipher_key.data = rte_zmalloc(NULL,\n+\t\t\t\t\t cipher_xform->key.length,\n+\t\t\t\t\t RTE_CACHE_LINE_SIZE);\n+\tif (session->cipher_key.data == NULL &&\n+\t\t\tcipher_xform->key.length > 0) {\n+\t\tCAAM_JR_ERR(\"No Memory for cipher key\\n\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tsession->cipher_key.length = cipher_xform->key.length;\n+\tsession->auth_key.data = rte_zmalloc(NULL,\n+\t\t\t\t\tauth_xform->key.length,\n+\t\t\t\t\tRTE_CACHE_LINE_SIZE);\n+\tif (session->auth_key.data == NULL &&\n+\t\t\tauth_xform->key.length > 0) {\n+\t\tCAAM_JR_ERR(\"No Memory for auth key\\n\");\n+\t\trte_free(session->cipher_key.data);\n+\t\treturn -ENOMEM;\n+\t}\n+\tsession->auth_key.length = auth_xform->key.length;\n+\tmemcpy(session->cipher_key.data, cipher_xform->key.data,\n+\t\t\tcipher_xform->key.length);\n+\tmemcpy(session->auth_key.data, auth_xform->key.data,\n+\t\t\tauth_xform->key.length);\n+\n+\tswitch (auth_xform->algo) {\n+\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_SHA1_HMAC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_MD5_HMAC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_SHA256_HMAC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_SHA384_HMAC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_SHA512_HMAC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_AES_CMAC:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\tsession->auth_alg = RTE_CRYPTO_AUTH_NULL;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA224_HMAC:\n+\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\tcase RTE_CRYPTO_AUTH_SNOW3G_UIA2:\n+\tcase RTE_CRYPTO_AUTH_SHA1:\n+\tcase RTE_CRYPTO_AUTH_SHA256:\n+\tcase RTE_CRYPTO_AUTH_SHA512:\n+\tcase RTE_CRYPTO_AUTH_SHA224:\n+\tcase RTE_CRYPTO_AUTH_SHA384:\n+\tcase RTE_CRYPTO_AUTH_MD5:\n+\tcase RTE_CRYPTO_AUTH_AES_GMAC:\n+\tcase RTE_CRYPTO_AUTH_KASUMI_F9:\n+\tcase RTE_CRYPTO_AUTH_AES_CBC_MAC:\n+\tcase RTE_CRYPTO_AUTH_ZUC_EIA3:\n+\t\tCAAM_JR_ERR(\"Crypto: Unsupported auth alg %u\\n\",\n+\t\t\tauth_xform->algo);\n+\t\tgoto out;\n+\tdefault:\n+\t\tCAAM_JR_ERR(\"Crypto: Undefined Auth specified %u\\n\",\n+\t\t\tauth_xform->algo);\n+\t\tgoto out;\n+\t}\n+\n+\tswitch (cipher_xform->algo) {\n+\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\tsession->cipher_alg = RTE_CRYPTO_CIPHER_AES_CBC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n+\t\tsession->cipher_alg = RTE_CRYPTO_CIPHER_3DES_CBC;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\tsession->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR;\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_NULL:\n+\tcase RTE_CRYPTO_CIPHER_SNOW3G_UEA2:\n+\tcase RTE_CRYPTO_CIPHER_3DES_ECB:\n+\tcase RTE_CRYPTO_CIPHER_AES_ECB:\n+\tcase RTE_CRYPTO_CIPHER_KASUMI_F8:\n+\t\tCAAM_JR_ERR(\"Crypto: Unsupported Cipher alg %u\\n\",\n+\t\t\tcipher_xform->algo);\n+\t\tgoto out;\n+\tdefault:\n+\t\tCAAM_JR_ERR(\"Crypto: Undefined Cipher specified %u\\n\",\n+\t\t\tcipher_xform->algo);\n+\t\tgoto out;\n+\t}\n+\n+\tif (ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tmemset(&session->encap_pdb, 0, sizeof(struct ipsec_encap_pdb) +\n+\t\t\t\tsizeof(session->ip4_hdr));\n+\t\tsession->ip4_hdr.ip_v = IPVERSION;\n+\t\tsession->ip4_hdr.ip_hl = 5;\n+\t\tsession->ip4_hdr.ip_len = rte_cpu_to_be_16(\n+\t\t\t\t\t\tsizeof(session->ip4_hdr));\n+\t\tsession->ip4_hdr.ip_tos = ipsec_xform->tunnel.ipv4.dscp;\n+\t\tsession->ip4_hdr.ip_id = 0;\n+\t\tsession->ip4_hdr.ip_off = 0;\n+\t\tsession->ip4_hdr.ip_ttl = ipsec_xform->tunnel.ipv4.ttl;\n+\t\tsession->ip4_hdr.ip_p = (ipsec_xform->proto ==\n+\t\t\t\tRTE_SECURITY_IPSEC_SA_PROTO_ESP) ? IPPROTO_ESP\n+\t\t\t\t: IPPROTO_AH;\n+\t\tsession->ip4_hdr.ip_sum = 0;\n+\t\tsession->ip4_hdr.ip_src = ipsec_xform->tunnel.ipv4.src_ip;\n+\t\tsession->ip4_hdr.ip_dst = ipsec_xform->tunnel.ipv4.dst_ip;\n+\t\tsession->ip4_hdr.ip_sum = calc_chksum((uint16_t *)\n+\t\t\t\t\t\t(void *)&session->ip4_hdr,\n+\t\t\t\t\t\tsizeof(struct ip));\n+\n+\t\tsession->encap_pdb.options =\n+\t\t\t(IPVERSION << PDBNH_ESP_ENCAP_SHIFT) |\n+\t\t\tPDBOPTS_ESP_OIHI_PDB_INL |\n+\t\t\tPDBOPTS_ESP_IVSRC |\n+\t\t\tPDBHMO_ESP_ENCAP_DTTL;\n+\t\tsession->encap_pdb.spi = ipsec_xform->spi;\n+\t\tsession->encap_pdb.ip_hdr_len = sizeof(struct ip);\n+\n+\t\tsession->dir = DIR_ENC;\n+\t} else if (ipsec_xform->direction ==\n+\t\t\tRTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\tmemset(&session->decap_pdb, 0, sizeof(struct ipsec_decap_pdb));\n+\t\tsession->decap_pdb.options = sizeof(struct ip) << 16;\n+\t\tsession->dir = DIR_DEC;\n+\t} else\n+\t\tgoto out;\n+\tsession->ctx_pool = internals->ctx_pool;\n+\n+\treturn 0;\n+out:\n+\trte_free(session->auth_key.data);\n+\trte_free(session->cipher_key.data);\n+\tmemset(session, 0, sizeof(struct caam_jr_session));\n+\treturn -1;\n+}\n+\n+static int\n+caam_jr_security_session_create(void *dev,\n+\t\t\t\tstruct rte_security_session_conf *conf,\n+\t\t\t\tstruct rte_security_session *sess,\n+\t\t\t\tstruct rte_mempool *mempool)\n+{\n+\tvoid *sess_private_data;\n+\tstruct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;\n+\tint ret;\n+\n+\tPMD_INIT_FUNC_TRACE();\n+\tif (rte_mempool_get(mempool, &sess_private_data)) {\n+\t\tCAAM_JR_ERR(\"Couldn't get object from session mempool\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tswitch (conf->protocol) {\n+\tcase RTE_SECURITY_PROTOCOL_IPSEC:\n+\t\tret = caam_jr_set_ipsec_session(cdev, conf,\n+\t\t\t\tsess_private_data);\n+\t\tbreak;\n+\tcase RTE_SECURITY_PROTOCOL_MACSEC:\n+\t\treturn -ENOTSUP;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\tif (ret != 0) {\n+\t\tCAAM_JR_ERR(\"failed to configure session parameters\");\n+\t\t/* Return session to mempool */\n+\t\trte_mempool_put(mempool, sess_private_data);\n+\t\treturn ret;\n+\t}\n+\n+\tset_sec_session_private_data(sess, sess_private_data);\n+\n+\treturn ret;\n+}\n+\n+/* Clear the memory of session so it doesn't leave key material behind */\n+static int\n+caam_jr_security_session_destroy(void *dev __rte_unused,\n+\t\t\t\t struct rte_security_session *sess)\n+{\n+\tPMD_INIT_FUNC_TRACE();\n+\tvoid *sess_priv = get_sec_session_private_data(sess);\n+\n+\tstruct caam_jr_session *s = (struct caam_jr_session *)sess_priv;\n+\n+\tif (sess_priv) {\n+\t\tstruct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);\n+\n+\t\trte_free(s->cipher_key.data);\n+\t\trte_free(s->auth_key.data);\n+\t\tmemset(sess, 0, sizeof(struct caam_jr_session));\n+\t\tset_sec_session_private_data(sess, NULL);\n+\t\trte_mempool_put(sess_mp, sess_priv);\n+\t}\n+\treturn 0;\n+}\n+#endif\n+\n static int\n caam_jr_dev_configure(struct rte_cryptodev *dev,\n \t\t struct rte_cryptodev_config *config __rte_unused)\n@@ -1757,6 +2149,16 @@ static struct rte_cryptodev_ops caam_jr_ops = {\n \t.sym_session_clear = caam_jr_sym_session_clear\n };\n \n+#ifdef RTE_LIBRTE_SECURITY\n+static struct rte_security_ops caam_jr_security_ops = {\n+\t.session_create = caam_jr_security_session_create,\n+\t.session_update = NULL,\n+\t.session_stats_get = NULL,\n+\t.session_destroy = caam_jr_security_session_destroy,\n+\t.set_pkt_metadata = NULL,\n+\t.capabilities_get = caam_jr_get_security_capabilities\n+};\n+#endif\n \n /* @brief Flush job rings of any processed descs.\n * The processed descs are silently dropped,\n@@ -1976,6 +2378,9 @@ caam_jr_dev_init(const char *name,\n \t\t struct rte_cryptodev_pmd_init_params *init_params)\n {\n \tstruct rte_cryptodev *dev;\n+#ifdef RTE_LIBRTE_SECURITY\n+\tstruct rte_security_ctx *security_instance;\n+#endif\n \tstruct uio_job_ring *job_ring;\n \tchar str[RTE_CRYPTODEV_NAME_MAX_LEN];\n \n@@ -2045,6 +2450,22 @@ caam_jr_dev_init(const char *name,\n \t\treturn 0;\n \t}\n \n+#ifdef RTE_LIBRTE_SECURITY\n+\t/*TODO free it during teardown*/\n+\tsecurity_instance = rte_malloc(\"caam_jr\",\n+\t\t\t\tsizeof(struct rte_security_ctx), 0);\n+\tif (security_instance == NULL) {\n+\t\tCAAM_JR_ERR(\"memory allocation failed\\n\");\n+\t\t//todo error handling.\n+\t\tgoto cleanup2;\n+\t}\n+\n+\tsecurity_instance->device = (void *)dev;\n+\tsecurity_instance->ops = &caam_jr_security_ops;\n+\tsecurity_instance->sess_cnt = 0;\n+\tdev->security_ctx = security_instance;\n+#endif\n+\n \tRTE_LOG(INFO, PMD, \"%s cryptodev init\\n\", dev->data->name);\n \n \treturn 0;\ndiff --git a/drivers/crypto/caam_jr/caam_jr_capabilities.c b/drivers/crypto/caam_jr/caam_jr_capabilities.c\nindex 92aa429cc..eacea7db3 100644\n--- a/drivers/crypto/caam_jr/caam_jr_capabilities.c\n+++ b/drivers/crypto/caam_jr/caam_jr_capabilities.c\n@@ -225,6 +225,42 @@ static const struct rte_cryptodev_capabilities caam_jr_capabilities[] = {\n \tRTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()\n };\n \n+#ifdef RTE_LIBRTE_SECURITY\n+static const struct rte_security_capability caam_jr_security_cap[] = {\n+\t{ /* IPsec Lookaside Protocol offload ESP Transport Egress */\n+\t\t.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,\n+\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t.ipsec = {\n+\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS,\n+\t\t\t.options = { 0 }\n+\t\t},\n+\t\t.crypto_capabilities = caam_jr_capabilities\n+\t},\n+\t{ /* IPsec Lookaside Protocol offload ESP Tunnel Ingress */\n+\t\t.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,\n+\t\t.protocol = RTE_SECURITY_PROTOCOL_IPSEC,\n+\t\t.ipsec = {\n+\t\t\t.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,\n+\t\t\t.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,\n+\t\t\t.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS,\n+\t\t\t.options = { 0 }\n+\t\t},\n+\t\t.crypto_capabilities = caam_jr_capabilities\n+\t},\n+\t{\n+\t\t.action = RTE_SECURITY_ACTION_TYPE_NONE\n+\t}\n+};\n+\n+const struct rte_security_capability *\n+caam_jr_get_security_capabilities(void *device __rte_unused)\n+{\n+\treturn caam_jr_security_cap;\n+}\n+#endif\n+\n const struct rte_cryptodev_capabilities *\n caam_jr_get_cryptodev_capabilities(void)\n {\ndiff --git a/drivers/crypto/caam_jr/caam_jr_capabilities.h b/drivers/crypto/caam_jr/caam_jr_capabilities.h\nindex 7a94013e5..d3169b7e9 100644\n--- a/drivers/crypto/caam_jr/caam_jr_capabilities.h\n+++ b/drivers/crypto/caam_jr/caam_jr_capabilities.h\n@@ -6,8 +6,16 @@\n #define CAAM_JR_CAPABILITIES_H\n \n #include <rte_cryptodev.h>\n+#ifdef RTE_LIBRTE_SECURITY\n+#include <rte_security.h>\n+#endif\n \n /* Get cryptodev capabilities */\n const struct rte_cryptodev_capabilities *\n caam_jr_get_cryptodev_capabilities(void);\n+#ifdef RTE_LIBRTE_SECURITY\n+/* Get security capabilities */\n+const struct rte_security_capability *\n+caam_jr_get_security_capabilities(void *device);\n+#endif\n #endif\ndiff --git a/drivers/crypto/caam_jr/caam_jr_hw.c b/drivers/crypto/caam_jr/caam_jr_hw.c\nindex 80602b702..c6833185b 100644\n--- a/drivers/crypto/caam_jr/caam_jr_hw.c\n+++ b/drivers/crypto/caam_jr/caam_jr_hw.c\n@@ -9,6 +9,9 @@\n #include <rte_memory.h>\n #include <rte_malloc.h>\n #include <rte_crypto.h>\n+#ifdef RTE_LIBRTE_SECURITY\n+#include <rte_security.h>\n+#endif\n \n #include <caam_jr_config.h>\n #include <caam_jr_hw_specific.h>\ndiff --git a/drivers/crypto/caam_jr/caam_jr_pvt.h b/drivers/crypto/caam_jr/caam_jr_pvt.h\nindex 333a192d9..c2d35ecd2 100644\n--- a/drivers/crypto/caam_jr/caam_jr_pvt.h\n+++ b/drivers/crypto/caam_jr/caam_jr_pvt.h\n@@ -5,6 +5,8 @@\n #ifndef CAAM_JR_PVT_H\n #define CAAM_JR_PVT_H\n \n+#include <hw/desc/ipsec.h>\n+\n /* NXP CAAM JR PMD device name */\n \n #define CAAM_JR_ALG_UNSUPPORT\t(-1)\n@@ -110,6 +112,9 @@ struct caam_jr_session {\n \tenum rte_crypto_cipher_algorithm cipher_alg; /* Cipher Algorithm*/\n \tenum rte_crypto_auth_algorithm auth_alg; /* Authentication Algorithm*/\n \tenum rte_crypto_aead_algorithm aead_alg; /* AEAD Algorithm*/\n+#ifdef RTE_LIBRTE_SECURITY\n+\tenum rte_security_session_protocol proto_alg; /* Security Algorithm*/\n+#endif\n \tunion {\n \t\tstruct {\n \t\t\tuint8_t *data;\t/* pointer to key data */\n@@ -132,6 +137,11 @@ struct caam_jr_session {\n \t} iv;\t/* Initialisation vector parameters */\n \tuint16_t auth_only_len; /* Length of data for Auth only */\n \tuint32_t digest_length;\n+#ifdef RTE_LIBRTE_SECURITY\n+\tstruct ipsec_encap_pdb encap_pdb;\n+\tstruct ip ip4_hdr;\n+\tstruct ipsec_decap_pdb decap_pdb;\n+#endif\n \tstruct caam_jr_qp *qp;\n \tstruct sec_cdb *cdb;\t/* cmd block associated with qp */\n \tstruct rte_mempool *ctx_pool; /* session mempool for caam_jr_op_ctx */\ndiff --git a/drivers/crypto/caam_jr/caam_jr_uio.c b/drivers/crypto/caam_jr/caam_jr_uio.c\nindex d6aec3e4c..58d86f961 100644\n--- a/drivers/crypto/caam_jr/caam_jr_uio.c\n+++ b/drivers/crypto/caam_jr/caam_jr_uio.c\n@@ -16,6 +16,9 @@\n #include <rte_common.h>\n #include <rte_malloc.h>\n #include <rte_crypto.h>\n+#ifdef RTE_LIBRTE_SECURITY\n+#include <rte_security.h>\n+#endif\n \n #include <caam_jr_config.h>\n #include <caam_jr_hw_specific.h>\n", "prefixes": [ "v5", "13/15" ] }