Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/74187/?format=api
{ "id": 74187, "url": "http://patches.dpdk.org/api/patches/74187/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20200716083931.29092-8-ktejasree@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20200716083931.29092-8-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20200716083931.29092-8-ktejasree@marvell.com", "date": "2020-07-16T08:39:30", "name": "[v3,7/8] crypto/octeontx2: add cryptodev sec session create", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "b06b3e2104c2c20cb7d9d03942b30b395bbc3149", "submitter": { "id": 1789, "url": "http://patches.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20200716083931.29092-8-ktejasree@marvell.com/mbox/", "series": [ { "id": 11079, "url": "http://patches.dpdk.org/api/series/11079/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=11079", "date": "2020-07-16T08:39:23", "name": "add OCTEON TX2 lookaside IPsec support", "version": 3, "mbox": "http://patches.dpdk.org/series/11079/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/74187/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/74187/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 8EF8CA0546;\n\tThu, 16 Jul 2020 09:46:34 +0200 (CEST)", "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 053941BEA1;\n\tThu, 16 Jul 2020 09:46:07 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 6E7BA2C4F\n for <dev@dpdk.org>; Thu, 16 Jul 2020 09:46:05 +0200 (CEST)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id\n 06G7j0mP025172; Thu, 16 Jul 2020 00:46:04 -0700", "from sc-exch03.marvell.com ([199.233.58.183])\n by mx0a-0016f401.pphosted.com with ESMTP id 327asnnkyg-2\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Thu, 16 Jul 2020 00:46:04 -0700", "from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com\n (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2;\n Thu, 16 Jul 2020 00:46:03 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Thu, 16 Jul 2020 00:46:03 -0700", "from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id 5C8863F7040;\n Thu, 16 Jul 2020 00:46:01 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0818;\n bh=RXh9OZPXNJBGy9FW0ufvkr2qzLKLLs/erhZy+4+n718=;\n b=HNXaOP6u+trQgO0iBPslE8CbtARFielrbiTWInz6Up0U/QB/2eScRpU8by2iYEUCmYjp\n /SY7nWJAlSbFGH3D2NAHOxT1Yss3kPIXGiyPP49HCNHKrzr3k05HZKR4C6EIJB8cgF/D\n JQGDSUsWlMCvX9Y2YtLpJ6yemz9+43yERn32mH3kXvhatZ0j40+zpzVwYYNMIAWNgJxh\n ZNrrusT8ORC4KjpLDkXc0qLF3RVJOPE6qAUQdtT4Xc8xPoPCOua6DPZqKVcAJlIw6dhe\n Tkq3f6QhGeYWcryqas3jx57n7BqwIwwsd/TgrTG9UJBj+JtNp4LJuA2VgCu2YegL6oBS hg==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <akhil.goyal@nxp.com>, Radu Nicolau <radu.nicolau@intel.com>", "CC": "Vamsi Attunuru <vattunuru@marvell.com>, Narayana Prasad\n <pathreya@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Tejasree Kondoj\n <ktejasree@marvell.com>, <dev@dpdk.org>", "Date": "Thu, 16 Jul 2020 14:09:30 +0530", "Message-ID": "<20200716083931.29092-8-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.27.0", "In-Reply-To": "<20200716083931.29092-1-ktejasree@marvell.com>", "References": "<20200716083931.29092-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-Virus-Version": "vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687\n definitions=2020-07-16_04:2020-07-16,\n 2020-07-16 signatures=0", "Subject": "[dpdk-dev] [PATCH v3 7/8] crypto/octeontx2: add cryptodev sec\n\tsession create", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Vamsi Attunuru <vattunuru@marvell.com>\n\nThis patch creates session for lookaside IPsec.\n\nSigned-off-by: Vamsi Attunuru <vattunuru@marvell.com>\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n drivers/crypto/octeontx2/otx2_cryptodev_sec.c | 468 +++++++++++++++++-\n drivers/crypto/octeontx2/otx2_ipsec_po.h | 295 +++++++++++\n drivers/crypto/octeontx2/otx2_security.h | 9 +\n drivers/net/octeontx2/otx2_ethdev_sec.c | 23 +-\n 4 files changed, 777 insertions(+), 18 deletions(-)", "diff": "diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c\nindex 6e14b37a68..0741a592cd 100644\n--- a/drivers/crypto/octeontx2/otx2_cryptodev_sec.c\n+++ b/drivers/crypto/octeontx2/otx2_cryptodev_sec.c\n@@ -3,15 +3,479 @@\n */\n \n #include <rte_cryptodev.h>\n+#include <rte_esp.h>\n+#include <rte_ethdev.h>\n+#include <rte_ip.h>\n #include <rte_malloc.h>\n #include <rte_security.h>\n #include <rte_security_driver.h>\n+#include <rte_udp.h>\n \n #include \"otx2_cryptodev.h\"\n #include \"otx2_cryptodev_capabilities.h\"\n+#include \"otx2_cryptodev_hw_access.h\"\n+#include \"otx2_cryptodev_ops.h\"\n #include \"otx2_cryptodev_sec.h\"\n #include \"otx2_security.h\"\n \n+static int\n+ipsec_lp_len_precalc(struct rte_security_ipsec_xform *ipsec,\n+\t\tstruct rte_crypto_sym_xform *xform,\n+\t\tstruct otx2_sec_session_ipsec_lp *lp)\n+{\n+\tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n+\n+\tlp->partial_len = sizeof(struct rte_ipv4_hdr);\n+\n+\tif (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP) {\n+\t\tlp->partial_len += sizeof(struct rte_esp_hdr);\n+\t\tlp->roundup_len = sizeof(struct rte_esp_tail);\n+\t} else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {\n+\t\tlp->partial_len += OTX2_SEC_AH_HDR_LEN;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (ipsec->options.udp_encap)\n+\t\tlp->partial_len += sizeof(struct rte_udp_hdr);\n+\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\tlp->partial_len += OTX2_SEC_AES_GCM_IV_LEN;\n+\t\t\tlp->partial_len += OTX2_SEC_AES_GCM_MAC_LEN;\n+\t\t\tlp->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN;\n+\t\t\treturn 0;\n+\t\t} else {\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t}\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tcipher_xform = xform;\n+\t\tauth_xform = xform->next;\n+\t} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\tauth_xform = xform;\n+\t\tcipher_xform = xform->next;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tlp->partial_len += OTX2_SEC_AES_CBC_IV_LEN;\n+\t\tlp->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)\n+\t\tlp->partial_len += OTX2_SEC_SHA1_HMAC_LEN;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\treturn 0;\n+}\n+\n+static int\n+otx2_cpt_enq_sa_write(struct otx2_sec_session_ipsec_lp *lp,\n+\t\t struct otx2_cpt_qp *qptr, uint8_t opcode)\n+{\n+\tuint64_t lmt_status, time_out;\n+\tvoid *lmtline = qptr->lmtline;\n+\tstruct otx2_cpt_inst_s inst;\n+\tstruct otx2_cpt_res *res;\n+\tuint64_t *mdata;\n+\tint ret = 0;\n+\n+\tif (unlikely(rte_mempool_get(qptr->meta_info.pool,\n+\t\t\t\t (void **)&mdata) < 0))\n+\t\treturn -ENOMEM;\n+\n+\tres = (struct otx2_cpt_res *)RTE_PTR_ALIGN(mdata, 16);\n+\tres->compcode = CPT_9X_COMP_E_NOTDONE;\n+\n+\tinst.opcode = opcode | (lp->ctx_len << 8);\n+\tinst.param1 = 0;\n+\tinst.param2 = 0;\n+\tinst.dlen = lp->ctx_len << 3;\n+\tinst.dptr = rte_mempool_virt2iova(lp);\n+\tinst.rptr = 0;\n+\tinst.cptr = rte_mempool_virt2iova(lp);\n+\tinst.egrp = OTX2_CPT_EGRP_SE;\n+\n+\tinst.u64[0] = 0;\n+\tinst.u64[2] = 0;\n+\tinst.u64[3] = 0;\n+\tinst.res_addr = rte_mempool_virt2iova(res);\n+\n+\trte_cio_wmb();\n+\n+\tdo {\n+\t\t/* Copy CPT command to LMTLINE */\n+\t\totx2_lmt_mov(lmtline, &inst, 2);\n+\t\tlmt_status = otx2_lmt_submit(qptr->lf_nq_reg);\n+\t} while (lmt_status == 0);\n+\n+\ttime_out = rte_get_timer_cycles() +\n+\t\t\tDEFAULT_COMMAND_TIMEOUT * rte_get_timer_hz();\n+\n+\twhile (res->compcode == CPT_9X_COMP_E_NOTDONE) {\n+\t\tif (rte_get_timer_cycles() > time_out) {\n+\t\t\trte_mempool_put(qptr->meta_info.pool, mdata);\n+\t\t\totx2_err(\"Request timed out\");\n+\t\t\treturn -ETIMEDOUT;\n+\t\t}\n+\t rte_cio_rmb();\n+\t}\n+\n+\tif (unlikely(res->compcode != CPT_9X_COMP_E_GOOD)) {\n+\t\tret = res->compcode;\n+\t\tswitch (ret) {\n+\t\tcase CPT_9X_COMP_E_INSTERR:\n+\t\t\totx2_err(\"Request failed with instruction error\");\n+\t\t\tbreak;\n+\t\tcase CPT_9X_COMP_E_FAULT:\n+\t\t\totx2_err(\"Request failed with DMA fault\");\n+\t\t\tbreak;\n+\t\tcase CPT_9X_COMP_E_HWERR:\n+\t\t\totx2_err(\"Request failed with hardware error\");\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\totx2_err(\"Request failed with unknown hardware \"\n+\t\t\t\t \"completion code : 0x%x\", ret);\n+\t\t}\n+\t\tgoto mempool_put;\n+\t}\n+\n+\tif (unlikely(res->uc_compcode != OTX2_IPSEC_PO_CC_SUCCESS)) {\n+\t\tret = res->uc_compcode;\n+\t\tswitch (ret) {\n+\t\tcase OTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED:\n+\t\t\totx2_err(\"Invalid auth type\");\n+\t\t\tbreak;\n+\t\tcase OTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED:\n+\t\t\totx2_err(\"Invalid encrypt type\");\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\totx2_err(\"Request failed with unknown microcode \"\n+\t\t\t\t \"completion code : 0x%x\", ret);\n+\t\t}\n+\t}\n+\n+mempool_put:\n+\trte_mempool_put(qptr->meta_info.pool, mdata);\n+\treturn ret;\n+}\n+\n+static void\n+set_session_misc_attributes(struct otx2_sec_session_ipsec_lp *sess,\n+\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t struct rte_crypto_sym_xform *auth_xform,\n+\t\t\t struct rte_crypto_sym_xform *cipher_xform)\n+{\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tsess->iv_offset = crypto_xform->aead.iv.offset;\n+\t\tsess->iv_length = crypto_xform->aead.iv.length;\n+\t\tsess->aad_length = crypto_xform->aead.aad_length;\n+\t\tsess->mac_len = crypto_xform->aead.digest_length;\n+\t} else {\n+\t\tsess->iv_offset = cipher_xform->cipher.iv.offset;\n+\t\tsess->iv_length = cipher_xform->cipher.iv.length;\n+\t\tsess->auth_iv_offset = auth_xform->auth.iv.offset;\n+\t\tsess->auth_iv_length = auth_xform->auth.iv.length;\n+\t\tsess->mac_len = auth_xform->auth.digest_length;\n+\t}\n+\n+\tsess->ucmd_param1 = OTX2_IPSEC_PO_PER_PKT_IV;\n+\tsess->ucmd_param2 = 0;\n+}\n+\n+static int\n+crypto_sec_ipsec_outb_session_create(struct rte_cryptodev *crypto_dev,\n+\t\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t\t struct rte_security_session *sec_sess)\n+{\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tconst uint8_t *cipher_key, *auth_key;\n+\tstruct otx2_sec_session_ipsec_lp *lp;\n+\tstruct otx2_ipsec_po_sa_ctl *ctl;\n+\tint cipher_key_len, auth_key_len;\n+\tstruct otx2_ipsec_po_out_sa *sa;\n+\tstruct otx2_sec_session *sess;\n+\tstruct otx2_cpt_inst_s inst;\n+\tstruct rte_ipv4_hdr *ip;\n+\tint ret;\n+\n+\tsess = get_sec_session_private_data(sec_sess);\n+\tlp = &sess->ipsec.lp;\n+\n+\tsa = &lp->out_sa;\n+\tctl = &sa->ctl;\n+\tif (ctl->valid) {\n+\t\totx2_err(\"SA already registered\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tmemset(sa, 0, sizeof(struct otx2_ipsec_po_out_sa));\n+\n+\t/* Initialize lookaside ipsec private data */\n+\tlp->ip_id = 0;\n+\tlp->seq_lo = 1;\n+\tlp->seq_hi = 0;\n+\n+\tret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = ipsec_lp_len_precalc(ipsec, crypto_xform, lp);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tmemcpy(sa->iv.gcm.nonce, &ipsec->salt, 4);\n+\n+\tif (ipsec->options.udp_encap) {\n+\t\tsa->udp_src = 4500;\n+\t\tsa->udp_dst = 4500;\n+\t}\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\t/* Start ip id from 1 */\n+\t\tlp->ip_id = 1;\n+\n+\t\tif (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) {\n+\t\t\tip = &sa->template.ipv4_hdr;\n+\t\t\tip->version_ihl = RTE_IPV4_VHL_DEF;\n+\t\t\tip->next_proto_id = IPPROTO_ESP;\n+\t\t\tip->time_to_live = ipsec->tunnel.ipv4.ttl;\n+\t\t\tip->type_of_service |= (ipsec->tunnel.ipv4.dscp << 2);\n+\t\t\tif (ipsec->tunnel.ipv4.df)\n+\t\t\t\tip->fragment_offset = BIT(14);\n+\t\t\tmemcpy(&ip->src_addr, &ipsec->tunnel.ipv4.src_ip,\n+\t\t\t\tsizeof(struct in_addr));\n+\t\t\tmemcpy(&ip->dst_addr, &ipsec->tunnel.ipv4.dst_ip,\n+\t\t\t\tsizeof(struct in_addr));\n+\t\t} else {\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tcipher_xform = crypto_xform;\n+\tauth_xform = crypto_xform->next;\n+\n+\tcipher_key_len = 0;\n+\tauth_key_len = 0;\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tcipher_key = crypto_xform->aead.key.data;\n+\t\tcipher_key_len = crypto_xform->aead.key.length;\n+\n+\t\tlp->ctx_len = sizeof(struct otx2_ipsec_po_out_sa);\n+\t\tlp->ctx_len >>= 3;\n+\t\tRTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN);\n+\t} else {\n+\t\tcipher_key = cipher_xform->cipher.key.data;\n+\t\tcipher_key_len = cipher_xform->cipher.key.length;\n+\t\tauth_key = auth_xform->auth.key.data;\n+\t\tauth_key_len = auth_xform->auth.key.length;\n+\n+\t\t/* TODO: check the ctx len for supporting ALGO */\n+\t\tlp->ctx_len = sizeof(struct otx2_ipsec_po_out_sa) >> 3;\n+\t\tRTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN);\n+\t}\n+\n+\tif (cipher_key_len != 0)\n+\t\tmemcpy(sa->cipher_key, cipher_key, cipher_key_len);\n+\telse\n+\t\treturn -EINVAL;\n+\n+\t/* Use OPAD & IPAD */\n+\tRTE_SET_USED(auth_key);\n+\tRTE_SET_USED(auth_key_len);\n+\n+\tinst.u64[7] = 0;\n+\tinst.egrp = OTX2_CPT_EGRP_SE;\n+\tinst.cptr = rte_mempool_virt2iova(sa);\n+\n+\tlp->ucmd_w3 = inst.u64[7];\n+\tlp->ucmd_opcode = (lp->ctx_len << 8) |\n+\t\t\t\t(OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB);\n+\n+\tset_session_misc_attributes(lp, crypto_xform,\n+\t\t\t\t auth_xform, cipher_xform);\n+\n+\treturn otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],\n+\t\t\t\t OTX2_IPSEC_PO_WRITE_IPSEC_OUTB);\n+}\n+\n+static int\n+crypto_sec_ipsec_inb_session_create(struct rte_cryptodev *crypto_dev,\n+\t\t\t\t struct rte_security_ipsec_xform *ipsec,\n+\t\t\t\t struct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t\t struct rte_security_session *sec_sess)\n+{\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tstruct otx2_sec_session_ipsec_lp *lp;\n+\tstruct otx2_ipsec_po_sa_ctl *ctl;\n+\tconst uint8_t *cipher_key, *auth_key;\n+\tint cipher_key_len, auth_key_len;\n+\tstruct otx2_ipsec_po_in_sa *sa;\n+\tstruct otx2_sec_session *sess;\n+\tstruct otx2_cpt_inst_s inst;\n+\tint ret;\n+\n+\tsess = get_sec_session_private_data(sec_sess);\n+\tlp = &sess->ipsec.lp;\n+\n+\tsa = &lp->in_sa;\n+\tctl = &sa->ctl;\n+\n+\tif (ctl->valid) {\n+\t\totx2_err(\"SA already registered\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tmemset(sa, 0, sizeof(struct otx2_ipsec_po_in_sa));\n+\n+\tret = ipsec_po_sa_ctl_set(ipsec, crypto_xform, ctl);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tauth_xform = crypto_xform;\n+\tcipher_xform = crypto_xform->next;\n+\n+\tcipher_key_len = 0;\n+\tauth_key_len = 0;\n+\n+\tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (crypto_xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)\n+\t\t\tmemcpy(sa->iv.gcm.nonce, &ipsec->salt, 4);\n+\t\tcipher_key = crypto_xform->aead.key.data;\n+\t\tcipher_key_len = crypto_xform->aead.key.length;\n+\n+\t\tlp->ctx_len = offsetof(struct otx2_ipsec_po_in_sa,\n+\t\t\t\t\t aes_gcm.hmac_key[0]) >> 3;\n+\t\tRTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN);\n+\t} else {\n+\t\tcipher_key = cipher_xform->cipher.key.data;\n+\t\tcipher_key_len = cipher_xform->cipher.key.length;\n+\t\tauth_key = auth_xform->auth.key.data;\n+\t\tauth_key_len = auth_xform->auth.key.length;\n+\n+\t\t/* TODO: check the ctx len for supporting ALGO */\n+\t\tlp->ctx_len = sizeof(struct otx2_ipsec_po_in_sa) >> 2;\n+\t\tRTE_ASSERT(lp->ctx_len == OTX2_IPSEC_PO_MAX_INB_CTX_LEN);\n+\t}\n+\n+\tif (cipher_key_len != 0)\n+\t\tmemcpy(sa->cipher_key, cipher_key, cipher_key_len);\n+\telse\n+\t\treturn -EINVAL;\n+\n+\t/* Use OPAD & IPAD */\n+\tRTE_SET_USED(auth_key);\n+\tRTE_SET_USED(auth_key_len);\n+\n+\tinst.u64[7] = 0;\n+\tinst.egrp = OTX2_CPT_EGRP_SE;\n+\tinst.cptr = rte_mempool_virt2iova(sa);\n+\n+\tlp->ucmd_w3 = inst.u64[7];\n+\tlp->ucmd_opcode = (lp->ctx_len << 8) |\n+\t\t\t\t(OTX2_IPSEC_PO_PROCESS_IPSEC_INB);\n+\n+\tset_session_misc_attributes(lp, crypto_xform,\n+\t\t\t\t auth_xform, cipher_xform);\n+\n+\treturn otx2_cpt_enq_sa_write(lp, crypto_dev->data->queue_pairs[0],\n+\t\t\t\t OTX2_IPSEC_PO_WRITE_IPSEC_INB);\n+}\n+\n+static int\n+crypto_sec_ipsec_session_create(struct rte_cryptodev *crypto_dev,\n+\t\t\t\tstruct rte_security_ipsec_xform *ipsec,\n+\t\t\t\tstruct rte_crypto_sym_xform *crypto_xform,\n+\t\t\t\tstruct rte_security_session *sess)\n+{\n+\tint ret;\n+\n+\tif (crypto_dev->data->queue_pairs[0] == NULL) {\n+\t\totx2_err(\"Setup cpt queue pair before creating sec session\");\n+\t\treturn -EPERM;\n+\t}\n+\n+\tret = ipsec_po_xform_verify(ipsec, crypto_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)\n+\t\treturn crypto_sec_ipsec_inb_session_create(crypto_dev, ipsec,\n+\t\t\t\t\t\t\t crypto_xform, sess);\n+\telse\n+\t\treturn crypto_sec_ipsec_outb_session_create(crypto_dev, ipsec,\n+\t\t\t\t\t\t\t crypto_xform, sess);\n+}\n+\n+static int\n+otx2_crypto_sec_session_create(void *device,\n+\t\t\t struct rte_security_session_conf *conf,\n+\t\t\t struct rte_security_session *sess,\n+\t\t\t struct rte_mempool *mempool)\n+{\n+\tstruct otx2_sec_session *priv;\n+\tint ret;\n+\n+\tif (conf->action_type != RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL)\n+\t\treturn -ENOTSUP;\n+\n+\tif (rte_mempool_get(mempool, (void **)&priv)) {\n+\t\totx2_err(\"Could not allocate security session private data\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tset_sec_session_private_data(sess, priv);\n+\n+\tpriv->userdata = conf->userdata;\n+\n+\tif (conf->protocol == RTE_SECURITY_PROTOCOL_IPSEC)\n+\t\tret = crypto_sec_ipsec_session_create(device, &conf->ipsec,\n+\t\t\t\t\t\t conf->crypto_xform,\n+\t\t\t\t\t\t sess);\n+\telse\n+\t\tret = -ENOTSUP;\n+\n+\tif (ret)\n+\t\tgoto mempool_put;\n+\n+\treturn 0;\n+\n+mempool_put:\n+\trte_mempool_put(mempool, priv);\n+\tset_sec_session_private_data(sess, NULL);\n+\treturn ret;\n+}\n+\n+static int\n+otx2_crypto_sec_session_destroy(void *device __rte_unused,\n+\t\t\t\tstruct rte_security_session *sess)\n+{\n+\tstruct otx2_sec_session *priv;\n+\tstruct rte_mempool *sess_mp;\n+\n+\tpriv = get_sec_session_private_data(sess);\n+\n+\tif (priv == NULL)\n+\t\treturn 0;\n+\n+\tsess_mp = rte_mempool_from_obj(priv);\n+\n+\tset_sec_session_private_data(sess, NULL);\n+\trte_mempool_put(sess_mp, priv);\n+\n+\treturn 0;\n+}\n+\n static unsigned int\n otx2_crypto_sec_session_get_size(void *device __rte_unused)\n {\n@@ -40,8 +504,8 @@ otx2_crypto_sec_get_userdata(void *device __rte_unused, uint64_t md,\n }\n \n static struct rte_security_ops otx2_crypto_sec_ops = {\n-\t.session_create\t\t= NULL,\n-\t.session_destroy\t= NULL,\n+\t.session_create\t\t= otx2_crypto_sec_session_create,\n+\t.session_destroy\t= otx2_crypto_sec_session_destroy,\n \t.session_get_size\t= otx2_crypto_sec_session_get_size,\n \t.set_pkt_metadata\t= otx2_crypto_sec_set_pkt_mdata,\n \t.get_userdata\t\t= otx2_crypto_sec_get_userdata,\ndiff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h\nindex 217dfeaff0..f2167f220a 100644\n--- a/drivers/crypto/octeontx2/otx2_ipsec_po.h\n+++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h\n@@ -9,6 +9,83 @@\n #include <rte_ip.h>\n #include <rte_security.h>\n \n+#define OTX2_IPSEC_PO_AES_GCM_INB_CTX_LEN 0x09\n+#define OTX2_IPSEC_PO_AES_GCM_OUTB_CTX_LEN 0x28\n+\n+#define OTX2_IPSEC_PO_MAX_INB_CTX_LEN 0x22\n+#define OTX2_IPSEC_PO_MAX_OUTB_CTX_LEN 0x38\n+\n+#define OTX2_IPSEC_PO_PER_PKT_IV BIT(11)\n+\n+#define OTX2_IPSEC_PO_WRITE_IPSEC_OUTB 0x20\n+#define OTX2_IPSEC_PO_WRITE_IPSEC_INB 0x21\n+#define OTX2_IPSEC_PO_PROCESS_IPSEC_OUTB 0x23\n+#define OTX2_IPSEC_PO_PROCESS_IPSEC_INB 0x24\n+\n+enum otx2_ipsec_po_comp_e {\n+\tOTX2_IPSEC_PO_CC_SUCCESS = 0x00,\n+\tOTX2_IPSEC_PO_CC_AUTH_UNSUPPORTED = 0xB0,\n+\tOTX2_IPSEC_PO_CC_ENCRYPT_UNSUPPORTED = 0xB1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_DIRECTION_INBOUND = 0,\n+\tOTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_IP_VERSION_4 = 0,\n+\tOTX2_IPSEC_PO_SA_IP_VERSION_6 = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_MODE_TRANSPORT = 0,\n+\tOTX2_IPSEC_PO_SA_MODE_TUNNEL = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_PROTOCOL_AH = 0,\n+\tOTX2_IPSEC_PO_SA_PROTOCOL_ESP = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_AES_KEY_LEN_128 = 1,\n+\tOTX2_IPSEC_PO_SA_AES_KEY_LEN_192 = 2,\n+\tOTX2_IPSEC_PO_SA_AES_KEY_LEN_256 = 3,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_ENC_NULL = 0,\n+\tOTX2_IPSEC_PO_SA_ENC_DES_CBC = 1,\n+\tOTX2_IPSEC_PO_SA_ENC_3DES_CBC = 2,\n+\tOTX2_IPSEC_PO_SA_ENC_AES_CBC = 3,\n+\tOTX2_IPSEC_PO_SA_ENC_AES_CTR = 4,\n+\tOTX2_IPSEC_PO_SA_ENC_AES_GCM = 5,\n+\tOTX2_IPSEC_PO_SA_ENC_AES_CCM = 6,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_AUTH_NULL = 0,\n+\tOTX2_IPSEC_PO_SA_AUTH_MD5 = 1,\n+\tOTX2_IPSEC_PO_SA_AUTH_SHA1 = 2,\n+\tOTX2_IPSEC_PO_SA_AUTH_SHA2_224 = 3,\n+\tOTX2_IPSEC_PO_SA_AUTH_SHA2_256 = 4,\n+\tOTX2_IPSEC_PO_SA_AUTH_SHA2_384 = 5,\n+\tOTX2_IPSEC_PO_SA_AUTH_SHA2_512 = 6,\n+\tOTX2_IPSEC_PO_SA_AUTH_AES_GMAC = 7,\n+\tOTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128 = 8,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_FRAG_POST = 0,\n+\tOTX2_IPSEC_PO_SA_FRAG_PRE = 1,\n+};\n+\n+enum {\n+\tOTX2_IPSEC_PO_SA_ENCAP_NONE = 0,\n+\tOTX2_IPSEC_PO_SA_ENCAP_UDP = 1,\n+};\n+\n union otx2_ipsec_po_bit_perfect_iv {\n \tuint8_t aes_iv[16];\n \tuint8_t des_iv[8];\n@@ -107,4 +184,222 @@ struct otx2_ipsec_po_out_sa {\n \tuint16_t udp_dst;\n };\n \n+static inline int\n+ipsec_po_xform_cipher_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tif (xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tswitch (xform->cipher.key.length) {\n+\t\tcase 16:\n+\t\tcase 24:\n+\t\tcase 32:\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static inline int\n+ipsec_po_xform_auth_verify(struct rte_crypto_sym_xform *xform)\n+{\n+\tuint16_t keylen = xform->auth.key.length;\n+\n+\tif (xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) {\n+\t\tif (keylen >= 20 && keylen <= 64)\n+\t\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static inline int\n+ipsec_po_xform_aead_verify(struct rte_security_ipsec_xform *ipsec,\n+\t\t\t struct rte_crypto_sym_xform *xform)\n+{\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS &&\n+\t xform->aead.op != RTE_CRYPTO_AEAD_OP_ENCRYPT)\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS &&\n+\t xform->aead.op != RTE_CRYPTO_AEAD_OP_DECRYPT)\n+\t\treturn -EINVAL;\n+\n+\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\tswitch (xform->aead.key.length) {\n+\t\tcase 16:\n+\t\tcase 24:\n+\t\tcase 32:\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\treturn -ENOTSUP;\n+}\n+\n+static inline int\n+ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *xform)\n+{\n+\tstruct rte_crypto_sym_xform *auth_xform, *cipher_xform;\n+\tint ret;\n+\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n+\t\treturn ipsec_po_xform_aead_verify(ipsec, xform);\n+\n+\tif (xform->next == NULL)\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\t/* Ingress */\n+\t\tif (xform->type != RTE_CRYPTO_SYM_XFORM_AUTH ||\n+\t\t xform->next->type != RTE_CRYPTO_SYM_XFORM_CIPHER)\n+\t\t\treturn -EINVAL;\n+\t\tauth_xform = xform;\n+\t\tcipher_xform = xform->next;\n+\t} else {\n+\t\t/* Egress */\n+\t\tif (xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER ||\n+\t\t xform->next->type != RTE_CRYPTO_SYM_XFORM_AUTH)\n+\t\t\treturn -EINVAL;\n+\t\tcipher_xform = xform;\n+\t\tauth_xform = xform->next;\n+\t}\n+\n+\tret = ipsec_po_xform_cipher_verify(cipher_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = ipsec_po_xform_auth_verify(auth_xform);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\treturn 0;\n+}\n+\n+static inline int\n+ipsec_po_sa_ctl_set(struct rte_security_ipsec_xform *ipsec,\n+\t\t struct rte_crypto_sym_xform *xform,\n+\t\t struct otx2_ipsec_po_sa_ctl *ctl)\n+{\n+\tstruct rte_crypto_sym_xform *cipher_xform, *auth_xform;\n+\tint aes_key_len;\n+\n+\tif (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) {\n+\t\tctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_OUTBOUND;\n+\t\tcipher_xform = xform;\n+\t\tauth_xform = xform->next;\n+\t} else if (ipsec->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) {\n+\t\tctl->direction = OTX2_IPSEC_PO_SA_DIRECTION_INBOUND;\n+\t\tauth_xform = xform;\n+\t\tcipher_xform = xform->next;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL) {\n+\t\tif (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV4)\n+\t\t\tctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;\n+\t\telse if (ipsec->tunnel.type == RTE_SECURITY_IPSEC_TUNNEL_IPV6)\n+\t\t\tctl->outer_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_6;\n+\t\telse\n+\t\t\treturn -EINVAL;\n+\t}\n+\n+\tctl->inner_ip_ver = OTX2_IPSEC_PO_SA_IP_VERSION_4;\n+\n+\tif (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT)\n+\t\tctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TRANSPORT;\n+\telse if (ipsec->mode == RTE_SECURITY_IPSEC_SA_MODE_TUNNEL)\n+\t\tctl->ipsec_mode = OTX2_IPSEC_PO_SA_MODE_TUNNEL;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tif (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH)\n+\t\tctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_AH;\n+\telse if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_ESP)\n+\t\tctl->ipsec_proto = OTX2_IPSEC_PO_SA_PROTOCOL_ESP;\n+\telse\n+\t\treturn -EINVAL;\n+\n+\tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\tctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_GCM;\n+\t\t\taes_key_len = xform->aead.key.length;\n+\t\t} else {\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t} else if (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n+\t\tctl->enc_type = OTX2_IPSEC_PO_SA_ENC_AES_CCM;\n+\t\taes_key_len = xform->cipher.key.length;\n+\t} else {\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\n+\tswitch (aes_key_len) {\n+\tcase 16:\n+\t\tctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_128;\n+\t\tbreak;\n+\tcase 24:\n+\t\tctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_192;\n+\t\tbreak;\n+\tcase 32:\n+\t\tctl->aes_key_len = OTX2_IPSEC_PO_SA_AES_KEY_LEN_256;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\tswitch (auth_xform->auth.algo) {\n+\t\tcase RTE_CRYPTO_AUTH_NULL:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_NULL;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_MD5_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_MD5;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA1;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA224_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_224;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_256;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_384;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SHA512_HMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_SHA2_512;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_GMAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_GMAC;\n+\t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t\tctl->auth_type = OTX2_IPSEC_PO_SA_AUTH_AES_XCBC_128;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n+\t}\n+\n+\tif (ipsec->options.esn)\n+\t\tctl->esn_en = 1;\n+\n+\tif (ipsec->options.udp_encap == 1)\n+\t\tctl->encap_type = OTX2_IPSEC_PO_SA_ENCAP_UDP;\n+\n+\tctl->spi = rte_cpu_to_be_32(ipsec->spi);\n+\tctl->valid = 1;\n+\n+\treturn 0;\n+}\n+\n #endif /* __OTX2_IPSEC_PO_H__ */\ndiff --git a/drivers/crypto/octeontx2/otx2_security.h b/drivers/crypto/octeontx2/otx2_security.h\nindex 9b4fe263c4..086b506047 100644\n--- a/drivers/crypto/octeontx2/otx2_security.h\n+++ b/drivers/crypto/octeontx2/otx2_security.h\n@@ -8,6 +8,15 @@\n #include \"otx2_cryptodev_sec.h\"\n #include \"otx2_ethdev_sec.h\"\n \n+#define OTX2_SEC_AH_HDR_LEN\t\t\t12\n+#define OTX2_SEC_AES_GCM_IV_LEN\t\t\t8\n+#define OTX2_SEC_AES_GCM_MAC_LEN\t\t16\n+#define OTX2_SEC_AES_CBC_IV_LEN\t\t\t16\n+#define OTX2_SEC_SHA1_HMAC_LEN\t\t\t12\n+\n+#define OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN\t4\n+#define OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN\t16\n+\n union otx2_sec_session_ipsec {\n \tstruct otx2_sec_session_ipsec_ip ip;\n \tstruct otx2_sec_session_ipsec_lp lp;\ndiff --git a/drivers/net/octeontx2/otx2_ethdev_sec.c b/drivers/net/octeontx2/otx2_ethdev_sec.c\nindex c2ad32cf0c..a155594e25 100644\n--- a/drivers/net/octeontx2/otx2_ethdev_sec.c\n+++ b/drivers/net/octeontx2/otx2_ethdev_sec.c\n@@ -21,15 +21,6 @@\n #include \"otx2_sec_idev.h\"\n #include \"otx2_security.h\"\n \n-#define AH_HDR_LEN\t12\n-#define AES_GCM_IV_LEN\t8\n-#define AES_GCM_MAC_LEN\t16\n-#define AES_CBC_IV_LEN\t16\n-#define SHA1_HMAC_LEN\t12\n-\n-#define AES_GCM_ROUNDUP_BYTE_LEN\t4\n-#define AES_CBC_ROUNDUP_BYTE_LEN\t16\n-\n struct eth_sec_tag_const {\n \tRTE_STD_C11\n \tunion {\n@@ -238,7 +229,7 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,\n \t\tsess->partial_len += sizeof(struct rte_esp_hdr);\n \t\tsess->roundup_len = sizeof(struct rte_esp_tail);\n \t} else if (ipsec->proto == RTE_SECURITY_IPSEC_SA_PROTO_AH) {\n-\t\tsess->partial_len += AH_HDR_LEN;\n+\t\tsess->partial_len += OTX2_SEC_AH_HDR_LEN;\n \t} else {\n \t\treturn -EINVAL;\n \t}\n@@ -248,9 +239,9 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,\n \n \tif (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n \t\tif (xform->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n-\t\t\tsess->partial_len += AES_GCM_IV_LEN;\n-\t\t\tsess->partial_len += AES_GCM_MAC_LEN;\n-\t\t\tsess->roundup_byte = AES_GCM_ROUNDUP_BYTE_LEN;\n+\t\t\tsess->partial_len += OTX2_SEC_AES_GCM_IV_LEN;\n+\t\t\tsess->partial_len += OTX2_SEC_AES_GCM_MAC_LEN;\n+\t\t\tsess->roundup_byte = OTX2_SEC_AES_GCM_ROUNDUP_BYTE_LEN;\n \t\t}\n \t\treturn 0;\n \t}\n@@ -265,14 +256,14 @@ ipsec_sa_const_set(struct rte_security_ipsec_xform *ipsec,\n \t\treturn -EINVAL;\n \t}\n \tif (cipher_xform->cipher.algo == RTE_CRYPTO_CIPHER_AES_CBC) {\n-\t\tsess->partial_len += AES_CBC_IV_LEN;\n-\t\tsess->roundup_byte = AES_CBC_ROUNDUP_BYTE_LEN;\n+\t\tsess->partial_len += OTX2_SEC_AES_CBC_IV_LEN;\n+\t\tsess->roundup_byte = OTX2_SEC_AES_CBC_ROUNDUP_BYTE_LEN;\n \t} else {\n \t\treturn -EINVAL;\n \t}\n \n \tif (auth_xform->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC)\n-\t\tsess->partial_len += SHA1_HMAC_LEN;\n+\t\tsess->partial_len += OTX2_SEC_SHA1_HMAC_LEN;\n \telse\n \t\treturn -EINVAL;\n \n", "prefixes": [ "v3", "7/8" ] }