GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/75452/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 75452,
    "url": "http://patches.dpdk.org/api/patches/75452/?format=api",
    "web_url": "http://patches.dpdk.org/project/dpdk/patch/20200812063127.8687-8-vikas.gupta@broadcom.com/",
    "project": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20200812063127.8687-8-vikas.gupta@broadcom.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20200812063127.8687-8-vikas.gupta@broadcom.com",
    "date": "2020-08-12T06:31:26",
    "name": "[v1,7/8] crypto/bcmfs: add crypto h/w module",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "1af1fad9527def7a480fd6859eac4d51c8d951c6",
    "submitter": {
        "id": 1907,
        "url": "http://patches.dpdk.org/api/people/1907/?format=api",
        "name": "Vikas Gupta",
        "email": "vikas.gupta@broadcom.com"
    },
    "delegate": null,
    "mbox": "http://patches.dpdk.org/project/dpdk/patch/20200812063127.8687-8-vikas.gupta@broadcom.com/mbox/",
    "series": [
        {
            "id": 11611,
            "url": "http://patches.dpdk.org/api/series/11611/?format=api",
            "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=11611",
            "date": "2020-08-12T06:31:19",
            "name": "Add Crypto PMD for Broadcom`s FlexSparc devices",
            "version": 1,
            "mbox": "http://patches.dpdk.org/series/11611/mbox/"
        }
    ],
    "comments": "http://patches.dpdk.org/api/patches/75452/comments/",
    "check": "success",
    "checks": "http://patches.dpdk.org/api/patches/75452/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from dpdk.org (dpdk.org [92.243.14.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id E6996A04C2;\n\tWed, 12 Aug 2020 08:33:22 +0200 (CEST)",
            "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 91FD81C11E;\n\tWed, 12 Aug 2020 08:32:08 +0200 (CEST)",
            "from mail-qt1-f182.google.com (mail-qt1-f182.google.com\n [209.85.160.182]) by dpdk.org (Postfix) with ESMTP id D7C901C0CF\n for <dev@dpdk.org>; Wed, 12 Aug 2020 08:32:06 +0200 (CEST)",
            "by mail-qt1-f182.google.com with SMTP id b25so770739qto.2\n for <dev@dpdk.org>; Tue, 11 Aug 2020 23:32:06 -0700 (PDT)",
            "from rahul_yocto_ubuntu18.ibn.broadcom.net ([192.19.234.250])\n by smtp.gmail.com with ESMTPSA id x3sm1301552qkx.3.2020.08.11.23.32.00\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 11 Aug 2020 23:32:03 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com;\n s=google;\n h=from:to:cc:subject:date:message-id:in-reply-to:references;\n bh=3ywXqGhw5hAxuHzMXeGMiqEx1BYh8w0QEOltdhv+awQ=;\n b=P6K14600hsm7thHMU/tbLGWKJ1O8xbMXtrJ2X58Jdv0HosoWFiuXEgv2kzZo8RGq4f\n emaB7lN1MkfYUOEi812lR3oj7aa4Ku7wa2lYK6PyNOzHm+WgSAlkuaPrDZO4uWF28i84\n uQ0WycewXA/ingafCqbTMJiT8UYRNmaJmjKKM=",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20161025;\n h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n :references;\n bh=3ywXqGhw5hAxuHzMXeGMiqEx1BYh8w0QEOltdhv+awQ=;\n b=DPY97k3SLlzRlvFx9I/sRgMBRbCRfWXAqf5nPkRXw1oxtNpXDyLXzAzFAxwt0BcK0L\n DsN7qsylywIKQdCt7MOr9MqOXuf7Ony6natf84LymOyvaeTXwoYGpnSm0mA+8k1g4PRZ\n Hfe7z8ndieTqpCP59vCbuaJ6+ze54zggw8gleegXCw3QLd/tBxeHOVGQo7fjyfuxrhgQ\n a/N7NEVvju7cMTAbtGElYH7XM45yfabNrPMuDjW4up2InHTdQCDzCfZUmV+SG3L9VNXI\n MG1Dn66On97iXpYPR/Zt6YDY2n8tbXP/lRk3KOFCtFUEhhalhhMI//duhL/38eyS/jIf\n d/Mg==",
        "X-Gm-Message-State": "AOAM532+h07i30lNW/T9wNwqq9/rUkiiwnfarpbQ7uGHKM1Q43LNkD+S\n tE4oc4SobiNvFaFICt/r3C9BKzLxnYTTKGqCYEvTdzqAgfX+Ev0FlqWooG/Z1xgw94hOqB5Vp/w\n cShKWrFOTmwYZ36JBsSPAfb13W/ICuqAG6+GMXcnrknc0khzkKPwqO8RprdFS",
        "X-Google-Smtp-Source": "\n ABdhPJzwIhEktPKV0IG1ybSHitF6HVVRi9+nMxCLYsoVxZ92jagwterV4fmiMxlq2NYV14UTQ9hnpQ==",
        "X-Received": "by 2002:ac8:e89:: with SMTP id v9mr4997110qti.100.1597213923663;\n Tue, 11 Aug 2020 23:32:03 -0700 (PDT)",
        "From": "Vikas Gupta <vikas.gupta@broadcom.com>",
        "To": "dev@dpdk.org,\n\takhil.goyal@nxp.com",
        "Cc": "ajit.khaparde@broadcom.com, vikram.prakash@broadcom.com,\n Vikas Gupta <vikas.gupta@broadcom.com>,\n Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>",
        "Date": "Wed, 12 Aug 2020 12:01:26 +0530",
        "Message-Id": "<20200812063127.8687-8-vikas.gupta@broadcom.com>",
        "X-Mailer": "git-send-email 2.17.1",
        "In-Reply-To": "<20200812063127.8687-1-vikas.gupta@broadcom.com>",
        "References": "<20200811145813.44754-1-vikas.gupta@broadcom.com>\n <20200812063127.8687-1-vikas.gupta@broadcom.com>",
        "Subject": "[dpdk-dev] [PATCH v1 7/8] crypto/bcmfs: add crypto h/w module",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org",
        "Sender": "\"dev\" <dev-bounces@dpdk.org>"
    },
    "content": "Add crypto h/w module to process crypto op. Crypto op is processed via\nsym_engine module before submitting the crypto request to h/w queues.\n\nSigned-off-by: Vikas Gupta <vikas.gupta@broadcom.com>\nSigned-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>\nReviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>\n---\n drivers/crypto/bcmfs/bcmfs_sym.c        | 316 ++++++++\n drivers/crypto/bcmfs/bcmfs_sym_defs.h   |  16 +\n drivers/crypto/bcmfs/bcmfs_sym_engine.c | 994 ++++++++++++++++++++++++\n drivers/crypto/bcmfs/bcmfs_sym_engine.h | 103 +++\n drivers/crypto/bcmfs/bcmfs_sym_pmd.c    |  26 +\n drivers/crypto/bcmfs/bcmfs_sym_req.h    |  40 +\n drivers/crypto/bcmfs/meson.build        |   4 +-\n 7 files changed, 1498 insertions(+), 1 deletion(-)\n create mode 100644 drivers/crypto/bcmfs/bcmfs_sym.c\n create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_engine.c\n create mode 100644 drivers/crypto/bcmfs/bcmfs_sym_engine.h",
    "diff": "diff --git a/drivers/crypto/bcmfs/bcmfs_sym.c b/drivers/crypto/bcmfs/bcmfs_sym.c\nnew file mode 100644\nindex 000000000..8f9415b5e\n--- /dev/null\n+++ b/drivers/crypto/bcmfs/bcmfs_sym.c\n@@ -0,0 +1,316 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2020 Broadcom\n+ * All rights reserved.\n+ */\n+\n+#include <stdbool.h>\n+\n+#include <rte_byteorder.h>\n+#include <rte_crypto_sym.h>\n+#include <rte_cryptodev.h>\n+#include <rte_mbuf.h>\n+#include <rte_mempool.h>\n+\n+#include \"bcmfs_sym_defs.h\"\n+#include \"bcmfs_sym_engine.h\"\n+#include \"bcmfs_sym_req.h\"\n+#include \"bcmfs_sym_session.h\"\n+\n+/** Process cipher operation */\n+static int\n+process_crypto_cipher_op(struct rte_crypto_op *op,\n+\t\t\t struct rte_mbuf *mbuf_src,\n+\t\t\t struct rte_mbuf *mbuf_dst,\n+\t\t\t struct bcmfs_sym_session *sess,\n+\t\t\t struct bcmfs_sym_request *req)\n+{\n+\tint rc = 0;\n+\tstruct fsattr src, dst, iv, key;\n+\tstruct rte_crypto_sym_op *sym_op = op->sym;\n+\n+\tfsattr_sz(&src) = sym_op->cipher.data.length;\n+\tfsattr_sz(&dst) = sym_op->cipher.data.length;\n+\n+\tfsattr_va(&src) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t(mbuf_src,\n+\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t op->sym->cipher.data.offset);\n+\n+\tfsattr_va(&dst) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t(mbuf_dst,\n+\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t op->sym->cipher.data.offset);\n+\n+\tfsattr_pa(&src) = rte_pktmbuf_iova(mbuf_src);\n+\tfsattr_pa(&dst) = rte_pktmbuf_iova(mbuf_dst);\n+\n+\tfsattr_va(&iv) = rte_crypto_op_ctod_offset(op,\n+\t\t\t\t\t\t     uint8_t *,\n+\t\t\t\t\t\t     sess->cipher.iv.offset);\n+\n+\tfsattr_sz(&iv) = sess->cipher.iv.length;\n+\n+\tfsattr_va(&key) = sess->cipher.key.data;\n+\tfsattr_pa(&key) = 0;\n+\tfsattr_sz(&key) = sess->cipher.key.length;\n+\n+\trc = bcmfs_crypto_build_cipher_req(req, sess->cipher.algo,\n+\t\t\t\t\t   sess->cipher.direction, &src,\n+\t\t\t\t\t   &dst, &key, &iv);\n+\tif (rc)\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\n+\treturn rc;\n+}\n+\n+/** Process auth operation */\n+static int\n+process_crypto_auth_op(struct rte_crypto_op *op,\n+\t\t\t   struct rte_mbuf *mbuf_src,\n+\t\t\t   struct bcmfs_sym_session *sess,\n+\t\t\t   struct bcmfs_sym_request *req)\n+{\n+\tint rc = 0;\n+\tstruct fsattr src, dst, mac, key;\n+\n+\tfsattr_sz(&src) = op->sym->auth.data.length;\n+\tfsattr_va(&src) = rte_pktmbuf_mtod_offset(mbuf_src,\n+\t\t\t\t\t\t   uint8_t *,\n+\t\t\t\t\t\t   op->sym->auth.data.offset);\n+\tfsattr_pa(&src) = rte_pktmbuf_iova(mbuf_src);\n+\n+\tif (!sess->auth.operation) {\n+\t\tfsattr_va(&mac) = op->sym->auth.digest.data;\n+\t\tfsattr_pa(&mac) = op->sym->auth.digest.phys_addr;\n+\t\tfsattr_sz(&mac) = sess->auth.digest_length;\n+\t} else {\n+\t\tfsattr_va(&dst) = op->sym->auth.digest.data;\n+\t\tfsattr_pa(&dst) = op->sym->auth.digest.phys_addr;\n+\t\tfsattr_sz(&dst) = sess->auth.digest_length;\n+\t}\n+\n+\tfsattr_va(&key) = sess->auth.key.data;\n+\tfsattr_pa(&key) = 0;\n+\tfsattr_sz(&key) = sess->auth.key.length;\n+\n+\t/* AES-GMAC uses AES-GCM-128 authenticator */\n+\tif (sess->auth.algo == BCMFS_CRYPTO_AUTH_AES_GMAC) {\n+\t\tstruct fsattr  iv;\n+\t\tfsattr_va(&iv) = rte_crypto_op_ctod_offset(op,\n+\t\t\t\t\t\t\t    uint8_t *,\n+\t\t\t\t\t\t\t    sess->auth.iv.offset);\n+\t\tfsattr_pa(&iv) = 0;\n+\t\tfsattr_sz(&iv) = sess->auth.iv.length;\n+\n+\t\trc = bcmfs_crypto_build_aead_request(req,\n+\t\t\t\t\t\t     BCMFS_CRYPTO_CIPHER_NONE,\n+\t\t\t\t\t\t     0,\n+\t\t\t\t\t\t     BCMFS_CRYPTO_AUTH_AES_GMAC,\n+\t\t\t\t\t\t     sess->auth.operation,\n+\t\t\t\t\t\t     &src, NULL, NULL, &key,\n+\t\t\t\t\t\t     &iv, NULL,\n+\t\t\t\t\t\t     sess->auth.operation ?\n+\t\t\t\t\t\t\t(&dst) : &(mac),\n+\t\t\t\t\t\t     0);\n+\t} else {\n+\t\trc = bcmfs_crypto_build_auth_req(req, sess->auth.algo,\n+\t\t\t\t\t\t sess->auth.operation,\n+\t\t\t\t\t\t &src,\n+\t\t\t\t\t\t (sess->auth.operation) ? (&dst) : NULL,\n+\t\t\t\t\t\t (sess->auth.operation) ? NULL  : (&mac),\n+\t\t\t\t\t\t &key);\n+\t}\n+\n+\tif (rc)\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\n+\treturn rc;\n+}\n+\n+/** Process combined/chained mode operation */\n+static int\n+process_crypto_combined_op(struct rte_crypto_op *op,\n+\t\t\t   struct rte_mbuf *mbuf_src,\n+\t\t\t   struct rte_mbuf *mbuf_dst,\n+\t\t\t   struct bcmfs_sym_session *sess,\n+\t\t\t   struct bcmfs_sym_request *req)\n+{\n+\tint rc = 0, aad_size = 0;\n+\tstruct fsattr src, dst, iv;\n+\tstruct rte_crypto_sym_op *sym_op = op->sym;\n+\tstruct fsattr cipher_key, aad, mac, auth_key;\n+\n+\tfsattr_sz(&src) = sym_op->cipher.data.length;\n+\tfsattr_sz(&dst) = sym_op->cipher.data.length;\n+\n+\tfsattr_va(&src) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t(mbuf_src,\n+\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t sym_op->cipher.data.offset);\n+\n+\tfsattr_va(&dst) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t(mbuf_dst,\n+\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t sym_op->cipher.data.offset);\n+\n+\tfsattr_pa(&src) = rte_pktmbuf_iova_offset(mbuf_src,\n+\t\t\t\t\t\tsym_op->cipher.data.offset);\n+\tfsattr_pa(&dst) = rte_pktmbuf_iova_offset(mbuf_dst,\n+\t\t\t\t\t\tsym_op->cipher.data.offset);\n+\n+\tfsattr_va(&iv) = rte_crypto_op_ctod_offset(op,\n+\t\t\t\t\t\t     uint8_t *,\n+\t\t\t\t\t\t     sess->cipher.iv.offset);\n+\n+\tfsattr_pa(&iv) = 0;\n+\tfsattr_sz(&iv) = sess->cipher.iv.length;\n+\n+\tfsattr_va(&cipher_key) = sess->cipher.key.data;\n+\tfsattr_pa(&cipher_key) = 0;\n+\tfsattr_sz(&cipher_key) = sess->cipher.key.length;\n+\n+\tfsattr_va(&auth_key) = sess->auth.key.data;\n+\tfsattr_pa(&auth_key) = 0;\n+\tfsattr_sz(&auth_key) = sess->auth.key.length;\n+\n+\tfsattr_va(&mac) = op->sym->auth.digest.data;\n+\tfsattr_pa(&mac) = op->sym->auth.digest.phys_addr;\n+\tfsattr_sz(&mac) = sess->auth.digest_length;\n+\n+\taad_size = sym_op->auth.data.length - sym_op->cipher.data.length;\n+\n+\tif (aad_size > 0) {\n+\t\tfsattr_sz(&aad) =  aad_size;\n+\t\tfsattr_va(&aad) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t\t(mbuf_src,\n+\t\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t\tsym_op->auth.data.offset);\n+\t\tfsattr_pa(&aad) = rte_pktmbuf_iova_offset(mbuf_src,\n+\t\t\t\t\t\tsym_op->auth.data.offset);\n+\t}\n+\n+\trc = bcmfs_crypto_build_aead_request(req, sess->cipher.algo,\n+\t\t\t\t\t     sess->cipher.direction,\n+\t\t\t\t\t     sess->auth.algo,\n+\t\t\t\t\t     sess->auth.operation,\n+\t\t\t\t\t     &src, &dst, &cipher_key,\n+\t\t\t\t\t     &auth_key, &iv,\n+\t\t\t\t\t     (aad_size > 0) ? (&aad) : NULL,\n+\t\t\t\t\t     &mac, sess->cipher_first);\n+\n+\tif (rc)\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\n+\treturn rc;\n+}\n+\n+/** Process AEAD operation */\n+static int\n+process_crypto_aead_op(struct rte_crypto_op *op,\n+\t\t       struct rte_mbuf *mbuf_src,\n+\t\t       struct rte_mbuf *mbuf_dst,\n+\t\t       struct bcmfs_sym_session *sess,\n+\t\t       struct bcmfs_sym_request *req)\n+{\n+\tint rc = 0;\n+\tstruct fsattr src, dst, iv;\n+\tstruct rte_crypto_sym_op *sym_op = op->sym;\n+\tstruct fsattr cipher_key, aad, mac, auth_key;\n+\tenum bcmfs_crypto_cipher_op cipher_op;\n+\tenum bcmfs_crypto_auth_op auth_op;\n+\n+\tif (sess->cipher.direction) {\n+\t\tauth_op = BCMFS_CRYPTO_AUTH_OP_VERIFY;\n+\t\tcipher_op = BCMFS_CRYPTO_CIPHER_OP_DECRYPT;\n+\t} else {\n+\t\tauth_op = BCMFS_CRYPTO_AUTH_OP_GENERATE;\n+\t\tcipher_op = BCMFS_CRYPTO_CIPHER_OP_ENCRYPT;\n+\t}\n+\n+\tfsattr_sz(&src) = sym_op->aead.data.length;\n+\tfsattr_sz(&dst) = sym_op->aead.data.length;\n+\n+\tfsattr_va(&src) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t(mbuf_src,\n+\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t sym_op->aead.data.offset);\n+\n+\tfsattr_va(&dst) = rte_pktmbuf_mtod_offset\n+\t\t\t\t\t(mbuf_dst,\n+\t\t\t\t\t uint8_t *,\n+\t\t\t\t\t sym_op->aead.data.offset);\n+\n+\tfsattr_pa(&src) = rte_pktmbuf_iova_offset(mbuf_src,\n+\t\t\t\t\t\tsym_op->aead.data.offset);\n+\tfsattr_pa(&dst) = rte_pktmbuf_iova_offset(mbuf_dst,\n+\t\t\t\t\t\tsym_op->aead.data.offset);\n+\n+\tfsattr_va(&iv) = rte_crypto_op_ctod_offset(op,\n+\t\t\t\t\t\t    uint8_t *,\n+\t\t\t\t\t\t    sess->cipher.iv.offset);\n+\n+\tfsattr_pa(&iv) = 0;\n+\tfsattr_sz(&iv) = sess->cipher.iv.length;\n+\n+\tfsattr_va(&cipher_key) = sess->cipher.key.data;\n+\tfsattr_pa(&cipher_key) = 0;\n+\tfsattr_sz(&cipher_key) = sess->cipher.key.length;\n+\n+\tfsattr_va(&auth_key) = sess->auth.key.data;\n+\tfsattr_pa(&auth_key) = 0;\n+\tfsattr_sz(&auth_key) = sess->auth.key.length;\n+\n+\tfsattr_va(&mac) = op->sym->aead.digest.data;\n+\tfsattr_pa(&mac) = op->sym->aead.digest.phys_addr;\n+\tfsattr_sz(&mac) = sess->auth.digest_length;\n+\n+\tfsattr_va(&aad) = op->sym->aead.aad.data;\n+\tfsattr_pa(&aad) = op->sym->aead.aad.phys_addr;\n+\tfsattr_sz(&aad) = sess->aead.aad_length;\n+\n+\trc = bcmfs_crypto_build_aead_request(req, sess->cipher.algo,\n+\t\t\t\t\t     cipher_op, sess->auth.algo,\n+\t\t\t\t\t     auth_op, &src, &dst, &cipher_key,\n+\t\t\t\t\t     &auth_key, &iv, &aad, &mac,\n+\t\t\t\t\t     sess->cipher.direction ? 0 : 1);\n+\n+\tif (rc)\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\n+\treturn rc;\n+}\n+\n+/** Process crypto operation for mbuf */\n+int\n+bcmfs_process_sym_crypto_op(struct rte_crypto_op *op,\n+\t\t\t    struct bcmfs_sym_session *sess,\n+\t\t\t    struct bcmfs_sym_request *req)\n+{\n+\tstruct rte_mbuf *msrc, *mdst;\n+\tint rc = 0;\n+\n+\tmsrc = op->sym->m_src;\n+\tmdst = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src;\n+\top->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;\n+\n+\tswitch (sess->chain_order) {\n+\tcase BCMFS_SYM_CHAIN_ONLY_CIPHER:\n+\t\trc = process_crypto_cipher_op(op, msrc, mdst, sess, req);\n+\t\tbreak;\n+\tcase BCMFS_SYM_CHAIN_ONLY_AUTH:\n+\t\trc = process_crypto_auth_op(op, msrc, sess, req);\n+\t\tbreak;\n+\tcase BCMFS_SYM_CHAIN_CIPHER_AUTH:\n+\tcase BCMFS_SYM_CHAIN_AUTH_CIPHER:\n+\t\trc = process_crypto_combined_op(op, msrc, mdst, sess, req);\n+\t\tbreak;\n+\tcase BCMFS_SYM_CHAIN_AEAD:\n+\t\trc = process_crypto_aead_op(op, msrc, mdst, sess, req);\n+\t\tbreak;\n+\tdefault:\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\t\tbreak;\n+\t}\n+\n+\treturn rc;\n+}\ndiff --git a/drivers/crypto/bcmfs/bcmfs_sym_defs.h b/drivers/crypto/bcmfs/bcmfs_sym_defs.h\nindex b5657a9bc..8824521dd 100644\n--- a/drivers/crypto/bcmfs/bcmfs_sym_defs.h\n+++ b/drivers/crypto/bcmfs/bcmfs_sym_defs.h\n@@ -15,6 +15,18 @@\n #define BCMFS_MAX_IV_SIZE\t16\n #define BCMFS_MAX_DIGEST_SIZE\t64\n \n+struct bcmfs_sym_session;\n+struct bcmfs_sym_request;\n+\n+/** Crypto Request processing successful. */\n+#define BCMFS_SYM_RESPONSE_SUCCESS               (0)\n+/** Crypot Request processing protocol failure. */\n+#define BCMFS_SYM_RESPONSE_PROTO_FAILURE         (1)\n+/** Crypot Request processing completion failure. */\n+#define BCMFS_SYM_RESPONSE_COMPL_ERROR           (2)\n+/** Crypot Request processing hash tag check error. */\n+#define BCMFS_SYM_RESPONSE_HASH_TAG_ERROR        (3)\n+\n /** Symmetric Cipher Direction */\n enum bcmfs_crypto_cipher_op {\n \t/** Encrypt cipher operation */\n@@ -167,4 +179,8 @@ enum bcmfs_sym_crypto_class {\n \tBCMFS_CRYPTO_AEAD,\n };\n \n+int\n+bcmfs_process_sym_crypto_op(struct rte_crypto_op *op,\n+\t\t\t    struct bcmfs_sym_session *sess,\n+\t\t\t    struct bcmfs_sym_request *req);\n #endif /* _BCMFS_SYM_DEFS_H_ */\ndiff --git a/drivers/crypto/bcmfs/bcmfs_sym_engine.c b/drivers/crypto/bcmfs/bcmfs_sym_engine.c\nnew file mode 100644\nindex 000000000..b8cf3eab9\n--- /dev/null\n+++ b/drivers/crypto/bcmfs/bcmfs_sym_engine.c\n@@ -0,0 +1,994 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(C) 2020 Broadcom.\n+ * All rights reserved.\n+ */\n+\n+#include <stdbool.h>\n+#include <string.h>\n+\n+#include <rte_common.h>\n+#include <rte_cryptodev.h>\n+\n+#include \"bcmfs_logs.h\"\n+#include \"bcmfs_sym_defs.h\"\n+#include \"bcmfs_dev_msg.h\"\n+#include \"bcmfs_sym_req.h\"\n+#include \"bcmfs_sym_engine.h\"\n+\n+enum spu2_cipher_type {\n+\tSPU2_CIPHER_TYPE_NONE = 0x0,\n+\tSPU2_CIPHER_TYPE_AES128 = 0x1,\n+\tSPU2_CIPHER_TYPE_AES192 = 0x2,\n+\tSPU2_CIPHER_TYPE_AES256 = 0x3,\n+\tSPU2_CIPHER_TYPE_DES = 0x4,\n+\tSPU2_CIPHER_TYPE_3DES = 0x5,\n+\tSPU2_CIPHER_TYPE_LAST\n+};\n+\n+enum spu2_cipher_mode {\n+\tSPU2_CIPHER_MODE_ECB = 0x0,\n+\tSPU2_CIPHER_MODE_CBC = 0x1,\n+\tSPU2_CIPHER_MODE_CTR = 0x2,\n+\tSPU2_CIPHER_MODE_CFB = 0x3,\n+\tSPU2_CIPHER_MODE_OFB = 0x4,\n+\tSPU2_CIPHER_MODE_XTS = 0x5,\n+\tSPU2_CIPHER_MODE_CCM = 0x6,\n+\tSPU2_CIPHER_MODE_GCM = 0x7,\n+\tSPU2_CIPHER_MODE_LAST\n+};\n+\n+enum spu2_hash_type {\n+\tSPU2_HASH_TYPE_NONE = 0x0,\n+\tSPU2_HASH_TYPE_AES128 = 0x1,\n+\tSPU2_HASH_TYPE_AES192 = 0x2,\n+\tSPU2_HASH_TYPE_AES256 = 0x3,\n+\tSPU2_HASH_TYPE_MD5 = 0x6,\n+\tSPU2_HASH_TYPE_SHA1 = 0x7,\n+\tSPU2_HASH_TYPE_SHA224 = 0x8,\n+\tSPU2_HASH_TYPE_SHA256 = 0x9,\n+\tSPU2_HASH_TYPE_SHA384 = 0xa,\n+\tSPU2_HASH_TYPE_SHA512 = 0xb,\n+\tSPU2_HASH_TYPE_SHA512_224 = 0xc,\n+\tSPU2_HASH_TYPE_SHA512_256 = 0xd,\n+\tSPU2_HASH_TYPE_SHA3_224 = 0xe,\n+\tSPU2_HASH_TYPE_SHA3_256 = 0xf,\n+\tSPU2_HASH_TYPE_SHA3_384 = 0x10,\n+\tSPU2_HASH_TYPE_SHA3_512 = 0x11,\n+\tSPU2_HASH_TYPE_LAST\n+};\n+\n+enum spu2_hash_mode {\n+\tSPU2_HASH_MODE_CMAC = 0x0,\n+\tSPU2_HASH_MODE_CBC_MAC = 0x1,\n+\tSPU2_HASH_MODE_XCBC_MAC = 0x2,\n+\tSPU2_HASH_MODE_HMAC = 0x3,\n+\tSPU2_HASH_MODE_RABIN = 0x4,\n+\tSPU2_HASH_MODE_CCM = 0x5,\n+\tSPU2_HASH_MODE_GCM = 0x6,\n+\tSPU2_HASH_MODE_RESERVED = 0x7,\n+\tSPU2_HASH_MODE_LAST\n+};\n+\n+enum spu2_proto_sel {\n+\tSPU2_PROTO_RESV = 0,\n+\tSPU2_MACSEC_SECTAG8_ECB = 1,\n+\tSPU2_MACSEC_SECTAG8_SCB = 2,\n+\tSPU2_MACSEC_SECTAG16 = 3,\n+\tSPU2_MACSEC_SECTAG16_8_XPN = 4,\n+\tSPU2_IPSEC = 5,\n+\tSPU2_IPSEC_ESN = 6,\n+\tSPU2_TLS_CIPHER = 7,\n+\tSPU2_TLS_AEAD = 8,\n+\tSPU2_DTLS_CIPHER = 9,\n+\tSPU2_DTLS_AEAD = 10\n+};\n+\n+/* SPU2 response size */\n+#define SPU2_STATUS_LEN\t\t\t2\n+\n+/* Metadata settings in response */\n+enum spu2_ret_md_opts {\n+\tSPU2_RET_NO_MD = 0,\t\t/* return no metadata */\n+\tSPU2_RET_FMD_OMD = 1,\t\t/* return both FMD and OMD */\n+\tSPU2_RET_FMD_ONLY = 2,\t\t/* return only FMD */\n+\tSPU2_RET_FMD_OMD_IV = 3,\t/* return FMD and OMD with just IVs */\n+};\n+\n+/* FMD ctrl0 field masks */\n+#define SPU2_CIPH_ENCRYPT_EN            0x1 /* 0: decrypt, 1: encrypt */\n+#define SPU2_CIPH_TYPE_SHIFT              4\n+#define SPU2_CIPH_MODE                0xF00 /* one of spu2_cipher_mode */\n+#define SPU2_CIPH_MODE_SHIFT              8\n+#define SPU2_CFB_MASK                0x7000 /* cipher feedback mask */\n+#define SPU2_CFB_MASK_SHIFT              12\n+#define SPU2_PROTO_SEL             0xF00000 /* MACsec, IPsec, TLS... */\n+#define SPU2_PROTO_SEL_SHIFT             20\n+#define SPU2_HASH_FIRST           0x1000000 /* 1: hash input is input pkt\n+\t\t\t\t\t     * data\n+\t\t\t\t\t     */\n+#define SPU2_CHK_TAG              0x2000000 /* 1: check digest provided */\n+#define SPU2_HASH_TYPE          0x1F0000000 /* one of spu2_hash_type */\n+#define SPU2_HASH_TYPE_SHIFT             28\n+#define SPU2_HASH_MODE         0xF000000000 /* one of spu2_hash_mode */\n+#define SPU2_HASH_MODE_SHIFT             36\n+#define SPU2_CIPH_PAD_EN     0x100000000000 /* 1: Add pad to end of payload for\n+\t\t\t\t\t     *    enc\n+\t\t\t\t\t     */\n+#define SPU2_CIPH_PAD      0xFF000000000000 /* cipher pad value */\n+#define SPU2_CIPH_PAD_SHIFT              48\n+\n+/* FMD ctrl1 field masks */\n+#define SPU2_TAG_LOC                    0x1 /* 1: end of payload, 0: undef */\n+#define SPU2_HAS_FR_DATA                0x2 /* 1: msg has frame data */\n+#define SPU2_HAS_AAD1                   0x4 /* 1: msg has AAD1 field */\n+#define SPU2_HAS_NAAD                   0x8 /* 1: msg has NAAD field */\n+#define SPU2_HAS_AAD2                  0x10 /* 1: msg has AAD2 field */\n+#define SPU2_HAS_ESN                   0x20 /* 1: msg has ESN field */\n+#define SPU2_HASH_KEY_LEN            0xFF00 /* len of hash key in bytes.\n+\t\t\t\t\t     * HMAC only.\n+\t\t\t\t\t     */\n+#define SPU2_HASH_KEY_LEN_SHIFT           8\n+#define SPU2_CIPH_KEY_LEN         0xFF00000 /* len of cipher key in bytes */\n+#define SPU2_CIPH_KEY_LEN_SHIFT          20\n+#define SPU2_GENIV               0x10000000 /* 1: hw generates IV */\n+#define SPU2_HASH_IV             0x20000000 /* 1: IV incl in hash */\n+#define SPU2_RET_IV              0x40000000 /* 1: return IV in output msg\n+\t\t\t\t\t     *    b4 payload\n+\t\t\t\t\t     */\n+#define SPU2_RET_IV_LEN         0xF00000000 /* length in bytes of IV returned.\n+\t\t\t\t\t     * 0 = 16 bytes\n+\t\t\t\t\t     */\n+#define SPU2_RET_IV_LEN_SHIFT            32\n+#define SPU2_IV_OFFSET         0xF000000000 /* gen IV offset */\n+#define SPU2_IV_OFFSET_SHIFT             36\n+#define SPU2_IV_LEN          0x1F0000000000 /* length of input IV in bytes */\n+#define SPU2_IV_LEN_SHIFT                40\n+#define SPU2_HASH_TAG_LEN  0x7F000000000000 /* hash tag length in bytes */\n+#define SPU2_HASH_TAG_LEN_SHIFT          48\n+#define SPU2_RETURN_MD    0x300000000000000 /* return metadata */\n+#define SPU2_RETURN_MD_SHIFT             56\n+#define SPU2_RETURN_FD    0x400000000000000\n+#define SPU2_RETURN_AAD1  0x800000000000000\n+#define SPU2_RETURN_NAAD 0x1000000000000000\n+#define SPU2_RETURN_AAD2 0x2000000000000000\n+#define SPU2_RETURN_PAY  0x4000000000000000 /* return payload */\n+\n+/* FMD ctrl2 field masks */\n+#define SPU2_AAD1_OFFSET              0xFFF /* byte offset of AAD1 field */\n+#define SPU2_AAD1_LEN               0xFF000 /* length of AAD1 in bytes */\n+#define SPU2_AAD1_LEN_SHIFT              12\n+#define SPU2_AAD2_OFFSET         0xFFF00000 /* byte offset of AAD2 field */\n+#define SPU2_AAD2_OFFSET_SHIFT           20\n+#define SPU2_PL_OFFSET   0xFFFFFFFF00000000 /* payload offset from AAD2 */\n+#define SPU2_PL_OFFSET_SHIFT             32\n+\n+/* FMD ctrl3 field masks */\n+#define SPU2_PL_LEN              0xFFFFFFFF /* payload length in bytes */\n+#define SPU2_TLS_LEN         0xFFFF00000000 /* TLS encrypt: cipher len\n+\t\t\t\t\t     * TLS decrypt: compressed len\n+\t\t\t\t\t     */\n+#define SPU2_TLS_LEN_SHIFT               32\n+\n+/*\n+ * Max value that can be represented in the Payload Length field of the\n+ * ctrl3 word of FMD.\n+ */\n+#define SPU2_MAX_PAYLOAD  SPU2_PL_LEN\n+\n+#define SPU2_VAL_NONE\t0\n+\n+/* CCM B_0 field definitions, common for SPU-M and SPU2 */\n+#define CCM_B0_ADATA\t\t0x40\n+#define CCM_B0_ADATA_SHIFT\t   6\n+#define CCM_B0_M_PRIME\t\t0x38\n+#define CCM_B0_M_PRIME_SHIFT\t   3\n+#define CCM_B0_L_PRIME\t\t0x07\n+#define CCM_B0_L_PRIME_SHIFT\t   0\n+#define CCM_ESP_L_VALUE\t\t   4\n+\n+static uint16_t\n+spu2_cipher_type_xlate(enum bcmfs_crypto_cipher_algorithm cipher_alg,\n+\t\t       enum spu2_cipher_type *spu2_type,\n+\t\t       struct fsattr *key)\n+{\n+\tint ret = 0;\n+\tint key_size = fsattr_sz(key);\n+\n+\tif (cipher_alg == BCMFS_CRYPTO_CIPHER_AES_XTS)\n+\t\tkey_size = key_size / 2;\n+\n+\tswitch (key_size) {\n+\tcase BCMFS_CRYPTO_AES128:\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_AES128;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AES192:\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_AES192;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AES256:\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_AES256;\n+\t\tbreak;\n+\tdefault:\n+\t\tret = -EINVAL;\n+\t}\n+\n+\treturn ret;\n+}\n+\n+static int\n+spu2_hash_xlate(enum bcmfs_crypto_auth_algorithm auth_alg,\n+\t\tstruct fsattr *key,\n+\t\tenum spu2_hash_type *spu2_type,\n+\t\tenum spu2_hash_mode *spu2_mode)\n+{\n+\t*spu2_mode = 0;\n+\n+\tswitch (auth_alg) {\n+\tcase BCMFS_CRYPTO_AUTH_NONE:\n+\t\t*spu2_type = SPU2_HASH_TYPE_NONE;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_MD5:\n+\t\t*spu2_type = SPU2_HASH_TYPE_MD5;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_MD5_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_MD5;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA1:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA1;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA1;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA224:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA224;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA224_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA224;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA256:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA256;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA256_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA256;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA384:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA384;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA384_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA384;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA512:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA512;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA512_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA512;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_224:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_224;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_224_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_224;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_256:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_256;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_256_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_256;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_384:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_384;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_384_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_384;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_512:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_512;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_SHA3_512_HMAC:\n+\t\t*spu2_type = SPU2_HASH_TYPE_SHA3_512;\n+\t\t*spu2_mode = SPU2_HASH_MODE_HMAC;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_AES_XCBC_MAC:\n+\t\t*spu2_mode = SPU2_HASH_MODE_XCBC_MAC;\n+\t\tswitch (fsattr_sz(key)) {\n+\t\tcase BCMFS_CRYPTO_AES128:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES128;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES192:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES192;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES256:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES256;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_AES_CMAC:\n+\t\t*spu2_mode = SPU2_HASH_MODE_CMAC;\n+\t\tswitch (fsattr_sz(key)) {\n+\t\tcase BCMFS_CRYPTO_AES128:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES128;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES192:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES192;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES256:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES256;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_AES_GMAC:\n+\t\t*spu2_mode = SPU2_HASH_MODE_GCM;\n+\t\tswitch (fsattr_sz(key)) {\n+\t\tcase BCMFS_CRYPTO_AES128:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES128;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES192:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES192;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES256:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES256;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_AES_CBC_MAC:\n+\t\t*spu2_mode = SPU2_HASH_MODE_CBC_MAC;\n+\t\tswitch (fsattr_sz(key)) {\n+\t\tcase BCMFS_CRYPTO_AES128:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES128;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES192:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES192;\n+\t\t\tbreak;\n+\t\tcase BCMFS_CRYPTO_AES256:\n+\t\t\t*spu2_type = SPU2_HASH_TYPE_AES256;\n+\t\t\tbreak;\n+\t\tdefault:\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_AES_GCM:\n+\t\t*spu2_mode = SPU2_HASH_MODE_GCM;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_AUTH_AES_CCM:\n+\t\t*spu2_mode = SPU2_HASH_MODE_CCM;\n+\t\tbreak;\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static int\n+spu2_cipher_xlate(enum bcmfs_crypto_cipher_algorithm cipher_alg,\n+\t\t  struct fsattr *key,\n+\t\t  enum spu2_cipher_type *spu2_type,\n+\t\t  enum spu2_cipher_mode *spu2_mode)\n+{\n+\tint ret = 0;\n+\n+\tswitch (cipher_alg) {\n+\tcase BCMFS_CRYPTO_CIPHER_NONE:\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_NONE;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_DES_ECB:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_ECB;\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_DES;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_DES_CBC:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_CBC;\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_DES;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_3DES_ECB:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_ECB;\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_3DES;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_3DES_CBC:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_CBC;\n+\t\t*spu2_type = SPU2_CIPHER_TYPE_3DES;\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_CBC:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_CBC;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_ECB:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_ECB;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_CTR:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_CTR;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_CCM:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_CCM;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_GCM:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_GCM;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_XTS:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_XTS;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\tcase BCMFS_CRYPTO_CIPHER_AES_OFB:\n+\t\t*spu2_mode =  SPU2_CIPHER_MODE_OFB;\n+\t\tret = spu2_cipher_type_xlate(cipher_alg, spu2_type, key);\n+\t\tbreak;\n+\t}\n+\n+\treturn ret;\n+}\n+\n+static void\n+spu2_fmd_ctrl0_write(struct spu2_fmd *fmd,\n+\t\t     bool is_inbound, bool auth_first,\n+\t\t     enum spu2_proto_sel protocol,\n+\t\t     enum spu2_cipher_type cipher_type,\n+\t\t     enum spu2_cipher_mode cipher_mode,\n+\t\t     enum spu2_hash_type auth_type,\n+\t\t     enum spu2_hash_mode auth_mode)\n+{\n+\tuint64_t ctrl0 = 0;\n+\n+\tif (cipher_type != SPU2_CIPHER_TYPE_NONE && !is_inbound)\n+\t\tctrl0 |= SPU2_CIPH_ENCRYPT_EN;\n+\n+\tctrl0 |= ((uint64_t)cipher_type << SPU2_CIPH_TYPE_SHIFT) |\n+\t\t  ((uint64_t)cipher_mode << SPU2_CIPH_MODE_SHIFT);\n+\n+\tif (protocol != SPU2_PROTO_RESV)\n+\t\tctrl0 |= (uint64_t)protocol << SPU2_PROTO_SEL_SHIFT;\n+\n+\tif (auth_first)\n+\t\tctrl0 |= SPU2_HASH_FIRST;\n+\n+\tif (is_inbound && auth_type != SPU2_HASH_TYPE_NONE)\n+\t\tctrl0 |= SPU2_CHK_TAG;\n+\n+\tctrl0 |= (((uint64_t)auth_type << SPU2_HASH_TYPE_SHIFT) |\n+\t\t  ((uint64_t)auth_mode << SPU2_HASH_MODE_SHIFT));\n+\n+\tfmd->ctrl0 = ctrl0;\n+\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"ctrl0:\", &fmd->ctrl0, sizeof(uint64_t));\n+#endif\n+}\n+\n+static void\n+spu2_fmd_ctrl1_write(struct spu2_fmd *fmd, bool is_inbound,\n+\t\t     uint64_t assoc_size, uint64_t auth_key_len,\n+\t\t     uint64_t cipher_key_len, bool gen_iv, bool hash_iv,\n+\t\t     bool return_iv, uint64_t ret_iv_len,\n+\t\t     uint64_t ret_iv_offset, uint64_t cipher_iv_len,\n+\t\t     uint64_t digest_size, bool return_payload, bool return_md)\n+{\n+\tuint64_t ctrl1 = 0;\n+\n+\tif (is_inbound && digest_size != 0)\n+\t\tctrl1 |= SPU2_TAG_LOC;\n+\n+\tif (assoc_size != 0)\n+\t\tctrl1 |= SPU2_HAS_AAD2;\n+\n+\tif (auth_key_len != 0)\n+\t\tctrl1 |= ((auth_key_len << SPU2_HASH_KEY_LEN_SHIFT) &\n+\t\t\t  SPU2_HASH_KEY_LEN);\n+\n+\tif (cipher_key_len != 0)\n+\t\tctrl1 |= ((cipher_key_len << SPU2_CIPH_KEY_LEN_SHIFT) &\n+\t\t\t  SPU2_CIPH_KEY_LEN);\n+\n+\tif (gen_iv)\n+\t\tctrl1 |= SPU2_GENIV;\n+\n+\tif (hash_iv)\n+\t\tctrl1 |= SPU2_HASH_IV;\n+\n+\tif (return_iv) {\n+\t\tctrl1 |= SPU2_RET_IV;\n+\t\tctrl1 |= ret_iv_len << SPU2_RET_IV_LEN_SHIFT;\n+\t\tctrl1 |= ret_iv_offset << SPU2_IV_OFFSET_SHIFT;\n+\t}\n+\n+\tctrl1 |= ((cipher_iv_len << SPU2_IV_LEN_SHIFT) & SPU2_IV_LEN);\n+\n+\tif (digest_size != 0) {\n+\t\tctrl1 |= ((digest_size << SPU2_HASH_TAG_LEN_SHIFT) &\n+\t\t\t  SPU2_HASH_TAG_LEN);\n+\t}\n+\n+\t/*\n+\t * Let's ask for the output pkt to include FMD, but don't need to\n+\t * get keys and IVs back in OMD.\n+\t */\n+\tif (return_md)\n+\t\tctrl1 |= ((uint64_t)SPU2_RET_FMD_ONLY << SPU2_RETURN_MD_SHIFT);\n+\telse\n+\t\tctrl1 |= ((uint64_t)SPU2_RET_NO_MD << SPU2_RETURN_MD_SHIFT);\n+\n+\t/* Crypto API does not get assoc data back. So no need for AAD2. */\n+\n+\tif (return_payload)\n+\t\tctrl1 |= SPU2_RETURN_PAY;\n+\n+\tfmd->ctrl1 = ctrl1;\n+\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"ctrl1:\", &fmd->ctrl1, sizeof(uint64_t));\n+#endif\n+}\n+\n+static void\n+spu2_fmd_ctrl2_write(struct spu2_fmd *fmd, uint64_t cipher_offset,\n+\t\t     uint64_t auth_key_len __rte_unused,\n+\t\t     uint64_t auth_iv_len  __rte_unused,\n+\t\t     uint64_t cipher_key_len  __rte_unused,\n+\t\t     uint64_t cipher_iv_len  __rte_unused)\n+{\n+\tuint64_t aad1_offset;\n+\tuint64_t aad2_offset;\n+\tuint16_t aad1_len = 0;\n+\tuint64_t payload_offset;\n+\n+\t/* AAD1 offset is from start of FD. FD length always 0. */\n+\taad1_offset = 0;\n+\n+\taad2_offset = aad1_offset;\n+\tpayload_offset = cipher_offset;\n+\tfmd->ctrl2 = aad1_offset |\n+\t\t     (aad1_len << SPU2_AAD1_LEN_SHIFT) |\n+\t\t     (aad2_offset << SPU2_AAD2_OFFSET_SHIFT) |\n+\t\t     (payload_offset << SPU2_PL_OFFSET_SHIFT);\n+\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"ctrl2:\", &fmd->ctrl2, sizeof(uint64_t));\n+#endif\n+}\n+\n+static void\n+spu2_fmd_ctrl3_write(struct spu2_fmd *fmd, uint64_t payload_len)\n+{\n+\tfmd->ctrl3 = payload_len & SPU2_PL_LEN;\n+\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"ctrl3:\", &fmd->ctrl3, sizeof(uint64_t));\n+#endif\n+}\n+\n+int\n+bcmfs_crypto_build_auth_req(struct bcmfs_sym_request *sreq,\n+\t\t\t    enum bcmfs_crypto_auth_algorithm a_alg,\n+\t\t\t    enum bcmfs_crypto_auth_op auth_op,\n+\t\t\t    struct fsattr *src, struct fsattr *dst,\n+\t\t\t    struct fsattr *mac, struct fsattr *auth_key)\n+{\n+\tint ret;\n+\tuint64_t dst_size;\n+\tint src_index = 0;\n+\tstruct spu2_fmd *fmd;\n+\tenum spu2_hash_mode spu2_auth_mode;\n+\tenum spu2_hash_type spu2_auth_type = SPU2_HASH_TYPE_NONE;\n+\tuint64_t auth_ksize = (auth_key != NULL) ? fsattr_sz(auth_key) : 0;\n+\tbool is_inbound = (auth_op == BCMFS_CRYPTO_AUTH_OP_VERIFY);\n+\n+\tif (src == NULL)\n+\t\treturn -EINVAL;\n+\n+\t/* one of dst or mac should not be NULL */\n+\tif (dst == NULL && mac == NULL)\n+\t\treturn -EINVAL;\n+\n+\tdst_size = (auth_op == BCMFS_CRYPTO_AUTH_OP_GENERATE) ?\n+\t\t\t\tfsattr_sz(dst) : fsattr_sz(mac);\n+\n+\t/* spu2 hash algorithm and hash algorithm mode */\n+\tret = spu2_hash_xlate(a_alg, auth_key, &spu2_auth_type,\n+\t\t\t      &spu2_auth_mode);\n+\tif (ret)\n+\t\treturn -EINVAL;\n+\n+\tfmd  = &sreq->fmd;\n+\n+\tspu2_fmd_ctrl0_write(fmd, is_inbound, SPU2_VAL_NONE,\n+\t\t\t     SPU2_VAL_NONE, SPU2_PROTO_RESV,\n+\t\t\t     SPU2_VAL_NONE, spu2_auth_type, spu2_auth_mode);\n+\n+\tspu2_fmd_ctrl1_write(fmd, is_inbound, SPU2_VAL_NONE,\n+\t\t\t     auth_ksize, SPU2_VAL_NONE, false,\n+\t\t\t     false, SPU2_VAL_NONE, SPU2_VAL_NONE,\n+\t\t\t     SPU2_VAL_NONE, SPU2_VAL_NONE,\n+\t\t\t     dst_size, SPU2_VAL_NONE, SPU2_VAL_NONE);\n+\n+\tmemset(&fmd->ctrl2, 0, sizeof(uint64_t));\n+\n+\tspu2_fmd_ctrl3_write(fmd, fsattr_sz(src));\n+\n+\t/* Source metadata and data pointers */\n+\tsreq->msgs.srcs_addr[src_index] = sreq->fptr;\n+\tsreq->msgs.srcs_len[src_index] = sizeof(struct spu2_fmd);\n+\tsrc_index++;\n+\n+\tif (auth_key != NULL && fsattr_sz(auth_key) != 0) {\n+\t\tmemcpy(sreq->auth_key, fsattr_va(auth_key),\n+\t\t       fsattr_sz(auth_key));\n+\n+\t\tsreq->msgs.srcs_addr[src_index] = sreq->aptr;\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(auth_key);\n+\t\tsrc_index++;\n+\t}\n+\n+\tsreq->msgs.srcs_addr[src_index] = fsattr_pa(src);\n+\tsreq->msgs.srcs_len[src_index] = fsattr_sz(src);\n+\tsrc_index++;\n+\n+\t/*\n+\t * In case of authentication verify operation, use input mac data to\n+\t * SPU2 engine.\n+\t */\n+\tif (auth_op == BCMFS_CRYPTO_AUTH_OP_VERIFY && mac != NULL) {\n+\t\tsreq->msgs.srcs_addr[src_index] = fsattr_pa(mac);\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(mac);\n+\t\tsrc_index++;\n+\t}\n+\tsreq->msgs.srcs_count = src_index;\n+\n+\t/*\n+\t * Output packet contains actual output from SPU2 and\n+\t * the status packet, so the dsts_count is always 2  below.\n+\t */\n+\tif (auth_op == BCMFS_CRYPTO_AUTH_OP_GENERATE) {\n+\t\tsreq->msgs.dsts_addr[0] = fsattr_pa(dst);\n+\t\tsreq->msgs.dsts_len[0] = fsattr_sz(dst);\n+\t} else {\n+\t\t/*\n+\t\t * In case of authentication verify operation, provide dummy\n+\t\t * location to SPU2 engine to generate hash. This is needed\n+\t\t * because SPU2 generates hash even in case of verify operation.\n+\t\t */\n+\t\tsreq->msgs.dsts_addr[0] = sreq->dptr;\n+\t\tsreq->msgs.dsts_len[0] = fsattr_sz(mac);\n+\t}\n+\n+\tsreq->msgs.dsts_addr[1] = sreq->rptr;\n+\tsreq->msgs.dsts_len[1] = SPU2_STATUS_LEN;\n+\tsreq->msgs.dsts_count = 2;\n+\n+\treturn 0;\n+}\n+\n+int\n+bcmfs_crypto_build_cipher_req(struct bcmfs_sym_request *sreq,\n+\t\t\t      enum bcmfs_crypto_cipher_algorithm calgo,\n+\t\t\t      enum bcmfs_crypto_cipher_op cipher_op,\n+\t\t\t      struct fsattr *src, struct fsattr *dst,\n+\t\t\t      struct fsattr *cipher_key, struct fsattr *iv)\n+{\n+\tint ret = 0;\n+\tint src_index = 0;\n+\tstruct spu2_fmd *fmd;\n+\tunsigned int xts_keylen;\n+\tenum spu2_cipher_mode spu2_ciph_mode = 0;\n+\tenum spu2_cipher_type spu2_ciph_type = SPU2_CIPHER_TYPE_NONE;\n+\tbool is_inbound = (cipher_op == BCMFS_CRYPTO_CIPHER_OP_DECRYPT);\n+\n+\tif (src == NULL || dst == NULL || iv == NULL)\n+\t\treturn -EINVAL;\n+\n+\tfmd  = &sreq->fmd;\n+\n+\t/* spu2 cipher algorithm and cipher algorithm mode */\n+\tret = spu2_cipher_xlate(calgo, cipher_key,\n+\t\t\t\t&spu2_ciph_type, &spu2_ciph_mode);\n+\tif (ret)\n+\t\treturn -EINVAL;\n+\n+\tspu2_fmd_ctrl0_write(fmd, is_inbound, SPU2_VAL_NONE,\n+\t\t\t     SPU2_PROTO_RESV, spu2_ciph_type, spu2_ciph_mode,\n+\t\t\t     SPU2_VAL_NONE, SPU2_VAL_NONE);\n+\n+\tspu2_fmd_ctrl1_write(fmd, SPU2_VAL_NONE, SPU2_VAL_NONE, SPU2_VAL_NONE,\n+\t\t\t     fsattr_sz(cipher_key), false, false,\n+\t\t\t     SPU2_VAL_NONE, SPU2_VAL_NONE, SPU2_VAL_NONE,\n+\t\t\t     fsattr_sz(iv), SPU2_VAL_NONE, SPU2_VAL_NONE,\n+\t\t\t     SPU2_VAL_NONE);\n+\n+\t/* Nothing for FMD2 */\n+\tmemset(&fmd->ctrl2, 0, sizeof(uint64_t));\n+\n+\tspu2_fmd_ctrl3_write(fmd, fsattr_sz(src));\n+\n+\t/* Source metadata and data pointers */\n+\tsreq->msgs.srcs_addr[src_index] = sreq->fptr;\n+\tsreq->msgs.srcs_len[src_index] = sizeof(struct spu2_fmd);\n+\tsrc_index++;\n+\n+\tif (cipher_key != NULL && fsattr_sz(cipher_key) != 0) {\n+\t\tif (calgo == BCMFS_CRYPTO_CIPHER_AES_XTS) {\n+\t\t\txts_keylen = fsattr_sz(cipher_key) / 2;\n+\t\t\tmemcpy(sreq->cipher_key,\n+\t\t\t       (uint8_t *)fsattr_va(cipher_key) + xts_keylen,\n+\t\t\t       xts_keylen);\n+\t\t\tmemcpy(sreq->cipher_key + xts_keylen,\n+\t\t\t       fsattr_va(cipher_key), xts_keylen);\n+\t\t} else {\n+\t\t\tmemcpy(sreq->cipher_key,\n+\t\t\t\tfsattr_va(cipher_key), fsattr_sz(cipher_key));\n+\t\t}\n+\n+\t\tsreq->msgs.srcs_addr[src_index] = sreq->cptr;\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(cipher_key);\n+\t\tsrc_index++;\n+\t}\n+\n+\tif (iv != NULL && fsattr_sz(iv) != 0) {\n+\t\tmemcpy(sreq->iv,\n+\t\t\tfsattr_va(iv), fsattr_sz(iv));\n+\t\tsreq->msgs.srcs_addr[src_index] = sreq->iptr;\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(iv);\n+\t\tsrc_index++;\n+\t}\n+\n+\tsreq->msgs.srcs_addr[src_index] = fsattr_pa(src);\n+\tsreq->msgs.srcs_len[src_index] = fsattr_sz(src);\n+\tsrc_index++;\n+\tsreq->msgs.srcs_count = src_index;\n+\n+\t/**\n+\t * Output packet contains actual output from SPU2 and\n+\t * the status packet, so the dsts_count is always 2  below.\n+\t */\n+\tsreq->msgs.dsts_addr[0] = fsattr_pa(dst);\n+\tsreq->msgs.dsts_len[0] = fsattr_sz(dst);\n+\n+\tsreq->msgs.dsts_addr[1] = sreq->rptr;\n+\tsreq->msgs.dsts_len[1] = SPU2_STATUS_LEN;\n+\tsreq->msgs.dsts_count = 2;\n+\n+\treturn 0;\n+}\n+\n+static void\n+bcmfs_crypto_ccm_update_iv(uint8_t *ivbuf,\n+\t\t\t   unsigned int *ivlen, bool is_esp)\n+{\n+\tint L;  /* size of length field, in bytes */\n+\n+\t/*\n+\t * In RFC4309 mode, L is fixed at 4 bytes; otherwise, IV from\n+\t * testmgr contains (L-1) in bottom 3 bits of first byte,\n+\t * per RFC 3610.\n+\t */\n+\tif (is_esp)\n+\t\tL = CCM_ESP_L_VALUE;\n+\telse\n+\t\tL = ((ivbuf[0] & CCM_B0_L_PRIME) >>\n+\t\t      CCM_B0_L_PRIME_SHIFT) + 1;\n+\n+\t/* SPU2 doesn't want these length bytes nor the first byte... */\n+\t*ivlen -= (1 + L);\n+\tmemmove(ivbuf, &ivbuf[1], *ivlen);\n+}\n+\n+int\n+bcmfs_crypto_build_aead_request(struct bcmfs_sym_request *sreq,\n+\t\t\t\tenum bcmfs_crypto_cipher_algorithm cipher_alg,\n+\t\t\t\tenum bcmfs_crypto_cipher_op cipher_op,\n+\t\t\t\tenum bcmfs_crypto_auth_algorithm auth_alg,\n+\t\t\t\tenum bcmfs_crypto_auth_op auth_op,\n+\t\t\t\tstruct fsattr *src, struct fsattr *dst,\n+\t\t\t\tstruct fsattr *cipher_key,\n+\t\t\t\tstruct fsattr *auth_key,\n+\t\t\t\tstruct fsattr *iv, struct fsattr *aad,\n+\t\t\t\tstruct fsattr *digest, bool cipher_first)\n+{\n+\tint ret = 0;\n+\tint src_index = 0;\n+\tint dst_index = 0;\n+\tbool auth_first = 0;\n+\tstruct spu2_fmd *fmd;\n+\tunsigned int payload_len;\n+\tenum spu2_cipher_mode spu2_ciph_mode = 0;\n+\tenum spu2_hash_mode spu2_auth_mode = 0;\n+\tuint64_t aad_size = (aad != NULL) ? fsattr_sz(aad) : 0;\n+\tunsigned int iv_size = (iv != NULL) ? fsattr_sz(iv) : 0;\n+\tenum spu2_cipher_type spu2_ciph_type = SPU2_CIPHER_TYPE_NONE;\n+\tuint64_t auth_ksize = (auth_key != NULL) ?\n+\t\t\t\tfsattr_sz(auth_key) : 0;\n+\tuint64_t cipher_ksize = (cipher_key != NULL) ?\n+\t\t\t\t\tfsattr_sz(cipher_key) : 0;\n+\tuint64_t digest_size = (digest != NULL) ?\n+\t\t\t\t\tfsattr_sz(digest) : 0;\n+\tenum spu2_hash_type spu2_auth_type = SPU2_HASH_TYPE_NONE;\n+\tbool is_inbound = (auth_op == BCMFS_CRYPTO_AUTH_OP_VERIFY);\n+\n+\tif (src == NULL)\n+\t\treturn -EINVAL;\n+\n+\tpayload_len = fsattr_sz(src);\n+\tif (!payload_len) {\n+\t\tBCMFS_DP_LOG(ERR, \"null payload not supported\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\t/* spu2 hash algorithm and hash algorithm mode */\n+\tret = spu2_hash_xlate(auth_alg, auth_key, &spu2_auth_type,\n+\t\t\t      &spu2_auth_mode);\n+\tif (ret)\n+\t\treturn -EINVAL;\n+\n+\t/* spu2 cipher algorithm and cipher algorithm mode */\n+\tret = spu2_cipher_xlate(cipher_alg, cipher_key, &spu2_ciph_type,\n+\t\t\t\t&spu2_ciph_mode);\n+\tif (ret) {\n+\t\tBCMFS_DP_LOG(ERR, \"cipher xlate error\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tauth_first = cipher_first ? 0 : 1;\n+\n+\tif (cipher_alg == BCMFS_CRYPTO_CIPHER_AES_GCM) {\n+\t\tspu2_auth_type = spu2_ciph_type;\n+\t\t/*\n+\t\t * SPU2 needs in total 12 bytes of IV\n+\t\t * ie IV of 8 bytes(random number) and 4 bytes of salt.\n+\t\t */\n+\t\tif (fsattr_sz(iv) > 12)\n+\t\t\tiv_size = 12;\n+\n+\t\t/*\n+\t\t * On SPU 2, aes gcm cipher first on encrypt, auth first on\n+\t\t * decrypt\n+\t\t */\n+\n+\t\tauth_first = (cipher_op == BCMFS_CRYPTO_CIPHER_OP_ENCRYPT) ?\n+\t\t\t\t0 : 1;\n+\t}\n+\n+\tif (iv != NULL && fsattr_sz(iv) != 0)\n+\t\tmemcpy(sreq->iv, fsattr_va(iv), fsattr_sz(iv));\n+\n+\tif (cipher_alg == BCMFS_CRYPTO_CIPHER_AES_CCM) {\n+\t\tspu2_auth_type = spu2_ciph_type;\n+\t\tif (iv != NULL)  {\n+\t\t\tmemcpy(sreq->iv, fsattr_va(iv),\n+\t\t\t       fsattr_sz(iv));\n+\t\t\tiv_size = fsattr_sz(iv);\n+\t\t\tbcmfs_crypto_ccm_update_iv(sreq->iv, &iv_size, false);\n+\t\t}\n+\n+\t\t/* opposite for ccm (auth 1st on encrypt) */\n+\t\tauth_first = (cipher_op == BCMFS_CRYPTO_CIPHER_OP_ENCRYPT) ?\n+\t\t\t      1 : 0;\n+\t}\n+\n+\tfmd  = &sreq->fmd;\n+\n+\tspu2_fmd_ctrl0_write(fmd, is_inbound, auth_first, SPU2_PROTO_RESV,\n+\t\t\t     spu2_ciph_type, spu2_ciph_mode,\n+\t\t\t     spu2_auth_type, spu2_auth_mode);\n+\n+\tspu2_fmd_ctrl1_write(fmd, is_inbound, aad_size, auth_ksize,\n+\t\t\t     cipher_ksize, false, false, SPU2_VAL_NONE,\n+\t\t\t     SPU2_VAL_NONE, SPU2_VAL_NONE, iv_size,\n+\t\t\t     digest_size, false, SPU2_VAL_NONE);\n+\n+\tspu2_fmd_ctrl2_write(fmd, aad_size, auth_ksize, 0,\n+\t\t\t     cipher_ksize, iv_size);\n+\n+\tspu2_fmd_ctrl3_write(fmd, payload_len);\n+\n+\t/* Source metadata and data pointers */\n+\tsreq->msgs.srcs_addr[src_index] = sreq->fptr;\n+\tsreq->msgs.srcs_len[src_index] = sizeof(struct spu2_fmd);\n+\tsrc_index++;\n+\n+\tif (auth_key != NULL && fsattr_sz(auth_key) != 0) {\n+\t\tmemcpy(sreq->auth_key,\n+\t\t       fsattr_va(auth_key), fsattr_sz(auth_key));\n+\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"auth key:\", fsattr_va(auth_key),\n+\t\t\t     fsattr_sz(auth_key));\n+#endif\n+\t\tsreq->msgs.srcs_addr[src_index] = sreq->aptr;\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(auth_key);\n+\t\tsrc_index++;\n+\t}\n+\n+\tif (cipher_key != NULL && fsattr_sz(cipher_key) != 0) {\n+\t\tmemcpy(sreq->cipher_key,\n+\t\t       fsattr_va(cipher_key), fsattr_sz(cipher_key));\n+\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"cipher key:\", fsattr_va(cipher_key),\n+\t\t\t     fsattr_sz(cipher_key));\n+#endif\n+\t\tsreq->msgs.srcs_addr[src_index] = sreq->cptr;\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(cipher_key);\n+\t\tsrc_index++;\n+\t}\n+\n+\tif (iv != NULL && fsattr_sz(iv) != 0) {\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\t\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"iv key:\", fsattr_va(iv),\n+\t\t\t\t     fsattr_sz(iv));\n+#endif\n+\t\tsreq->msgs.srcs_addr[src_index] = sreq->iptr;\n+\t\tsreq->msgs.srcs_len[src_index] = iv_size;\n+\t\tsrc_index++;\n+\t}\n+\n+\tif (aad != NULL && fsattr_sz(aad) != 0) {\n+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG\n+\t\tBCMFS_DP_HEXDUMP_LOG(DEBUG, \"aad :\", fsattr_va(aad),\n+\t\t\t\t     fsattr_sz(aad));\n+#endif\n+\t\tsreq->msgs.srcs_addr[src_index] = fsattr_pa(aad);\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(aad);\n+\t\tsrc_index++;\n+\t}\n+\n+\tsreq->msgs.srcs_addr[src_index] = fsattr_pa(src);\n+\tsreq->msgs.srcs_len[src_index] = fsattr_sz(src);\n+\tsrc_index++;\n+\n+\n+\tif (auth_op == BCMFS_CRYPTO_AUTH_OP_VERIFY && digest != NULL &&\n+\t    fsattr_sz(digest) != 0) {\n+\t\tsreq->msgs.srcs_addr[src_index] = fsattr_pa(digest);\n+\t\tsreq->msgs.srcs_len[src_index] = fsattr_sz(digest);\n+\t\tsrc_index++;\n+\t}\n+\tsreq->msgs.srcs_count = src_index;\n+\n+\tif (dst != NULL) {\n+\t\tsreq->msgs.dsts_addr[dst_index] = fsattr_pa(dst);\n+\t\tsreq->msgs.dsts_len[dst_index] = fsattr_sz(dst);\n+\t\tdst_index++;\n+\t}\n+\n+\tif (auth_op == BCMFS_CRYPTO_AUTH_OP_VERIFY) {\n+\t\t/*\n+\t\t * In case of decryption digest data is generated by\n+\t\t * SPU2 engine  but application doesn't need digest\n+\t\t * as such. So program dummy location to capture\n+\t\t * digest data\n+\t\t */\n+\t\tif (digest != NULL && fsattr_sz(digest) != 0) {\n+\t\t\tsreq->msgs.dsts_addr[dst_index] =\n+\t\t\t\tsreq->dptr;\n+\t\t\tsreq->msgs.dsts_len[dst_index] =\n+\t\t\t\tfsattr_sz(digest);\n+\t\t\tdst_index++;\n+\t\t}\n+\t} else {\n+\t\tif (digest != NULL && fsattr_sz(digest) != 0) {\n+\t\t\tsreq->msgs.dsts_addr[dst_index] =\n+\t\t\t\tfsattr_pa(digest);\n+\t\t\tsreq->msgs.dsts_len[dst_index] =\n+\t\t\t\tfsattr_sz(digest);\n+\t\t\tdst_index++;\n+\t\t}\n+\t}\n+\n+\tsreq->msgs.dsts_addr[dst_index] = sreq->rptr;\n+\tsreq->msgs.dsts_len[dst_index] = SPU2_STATUS_LEN;\n+\tdst_index++;\n+\tsreq->msgs.dsts_count = dst_index;\n+\n+\treturn 0;\n+}\ndiff --git a/drivers/crypto/bcmfs/bcmfs_sym_engine.h b/drivers/crypto/bcmfs/bcmfs_sym_engine.h\nnew file mode 100644\nindex 000000000..29cfb4dc2\n--- /dev/null\n+++ b/drivers/crypto/bcmfs/bcmfs_sym_engine.h\n@@ -0,0 +1,103 @@\n+/* SPDX-License-Identifier: BSD-3-Clause\n+ * Copyright(c) 2020 Broadcom\n+ * All rights reserved.\n+ */\n+\n+#ifndef _BCMFS_SYM_ENGINE_H_\n+#define _BCMFS_SYM_ENGINE_H_\n+\n+#include \"bcmfs_dev_msg.h\"\n+#include \"bcmfs_sym_defs.h\"\n+#include \"bcmfs_sym_req.h\"\n+\n+/* structure to hold element's arrtibutes */\n+struct fsattr {\n+\tvoid *va;\n+\tuint64_t pa;\n+\tuint64_t sz;\n+};\n+\n+#define fsattr_va(__ptr)      ((__ptr)->va)\n+#define fsattr_pa(__ptr)      ((__ptr)->pa)\n+#define fsattr_sz(__ptr)      ((__ptr)->sz)\n+\n+/*\n+ *  Macros for Crypto h/w constraints\n+ */\n+\n+#define BCMFS_CRYPTO_AES_BLOCK_SIZE\t16\n+#define BCMFS_CRYPTO_AES_MIN_KEY_SIZE\t16\n+#define BCMFS_CRYPTO_AES_MAX_KEY_SIZE\t32\n+\n+#define BCMFS_CRYPTO_DES_BLOCK_SIZE\t8\n+#define BCMFS_CRYPTO_DES_KEY_SIZE\t8\n+\n+#define BCMFS_CRYPTO_3DES_BLOCK_SIZE\t8\n+#define BCMFS_CRYPTO_3DES_KEY_SIZE\t(3 * 8)\n+\n+#define BCMFS_CRYPTO_MD5_DIGEST_SIZE\t16\n+#define BCMFS_CRYPTO_MD5_BLOCK_SIZE\t64\n+\n+#define BCMFS_CRYPTO_SHA1_DIGEST_SIZE\t20\n+#define BCMFS_CRYPTO_SHA1_BLOCK_SIZE\t64\n+\n+#define BCMFS_CRYPTO_SHA224_DIGEST_SIZE\t28\n+#define BCMFS_CRYPTO_SHA224_BLOCK_SIZE\t64\n+\n+#define BCMFS_CRYPTO_SHA256_DIGEST_SIZE\t32\n+#define BCMFS_CRYPTO_SHA256_BLOCK_SIZE\t64\n+\n+#define BCMFS_CRYPTO_SHA384_DIGEST_SIZE\t48\n+#define BCMFS_CRYPTO_SHA384_BLOCK_SIZE\t128\n+\n+#define BCMFS_CRYPTO_SHA512_DIGEST_SIZE\t64\n+#define BCMFS_CRYPTO_SHA512_BLOCK_SIZE\t128\n+\n+#define BCMFS_CRYPTO_SHA3_224_DIGEST_SIZE\t(224 / 8)\n+#define BCMFS_CRYPTO_SHA3_224_BLOCK_SIZE\t(200 - 2 * \\\n+\t\t\t\t\tBCMFS_CRYPTO_SHA3_224_DIGEST_SIZE)\n+\n+#define BCMFS_CRYPTO_SHA3_256_DIGEST_SIZE\t(256 / 8)\n+#define BCMFS_CRYPTO_SHA3_256_BLOCK_SIZE\t(200 - 2 * \\\n+\t\t\t\t\tBCMFS_CRYPTO_SHA3_256_DIGEST_SIZE)\n+\n+#define BCMFS_CRYPTO_SHA3_384_DIGEST_SIZE\t(384 / 8)\n+#define BCMFS_CRYPTO_SHA3_384_BLOCK_SIZE\t(200 - 2 * \\\n+\t\t\t\t\tBCMFS_CRYPTO_SHA3_384_DIGEST_SIZE)\n+\n+#define BCMFS_CRYPTO_SHA3_512_DIGEST_SIZE\t(512 / 8)\n+#define BCMFS_CRYPTO_SHA3_512_BLOCK_SIZE\t(200 - 2 * \\\n+\t\t\t\t\tBCMFS_CRYPTO_SHA3_512_DIGEST_SIZE)\n+\n+enum bcmfs_crypto_aes_cipher_key {\n+\tBCMFS_CRYPTO_AES128 = 16,\n+\tBCMFS_CRYPTO_AES192 = 24,\n+\tBCMFS_CRYPTO_AES256 = 32,\n+};\n+\n+int\n+bcmfs_crypto_build_cipher_req(struct bcmfs_sym_request *req,\n+\t\t\t      enum bcmfs_crypto_cipher_algorithm c_algo,\n+\t\t\t      enum bcmfs_crypto_cipher_op cop,\n+\t\t\t      struct fsattr *src, struct fsattr *dst,\n+\t\t\t      struct fsattr *key, struct fsattr *iv);\n+\n+int\n+bcmfs_crypto_build_auth_req(struct bcmfs_sym_request *req,\n+\t\t\t    enum bcmfs_crypto_auth_algorithm a_algo,\n+\t\t\t    enum bcmfs_crypto_auth_op aop,\n+\t\t\t    struct fsattr *src, struct fsattr *dst,\n+\t\t\t    struct fsattr *mac, struct fsattr *key);\n+\n+int\n+bcmfs_crypto_build_aead_request(struct bcmfs_sym_request *req,\n+\t\t\t\tenum bcmfs_crypto_cipher_algorithm c_algo,\n+\t\t\t\tenum bcmfs_crypto_cipher_op cop,\n+\t\t\t\tenum bcmfs_crypto_auth_algorithm a_algo,\n+\t\t\t\tenum bcmfs_crypto_auth_op aop,\n+\t\t\t\tstruct fsattr *src, struct fsattr *dst,\n+\t\t\t\tstruct fsattr *cipher_key, struct fsattr *auth_key,\n+\t\t\t\tstruct fsattr *iv, struct fsattr *aad,\n+\t\t\t\tstruct fsattr *digest, bool cipher_first);\n+\n+#endif /* _BCMFS_SYM_ENGINE_H_ */\ndiff --git a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c\nindex 381ca8ea4..568797b4f 100644\n--- a/drivers/crypto/bcmfs/bcmfs_sym_pmd.c\n+++ b/drivers/crypto/bcmfs/bcmfs_sym_pmd.c\n@@ -132,6 +132,12 @@ static void\n spu_req_init(struct bcmfs_sym_request *sr, rte_iova_t iova __rte_unused)\n {\n \tmemset(sr, 0, sizeof(*sr));\n+\tsr->fptr = iova;\n+\tsr->cptr = iova + offsetof(struct bcmfs_sym_request, cipher_key);\n+\tsr->aptr = iova + offsetof(struct bcmfs_sym_request, auth_key);\n+\tsr->iptr = iova + offsetof(struct bcmfs_sym_request, iv);\n+\tsr->dptr = iova + offsetof(struct bcmfs_sym_request, digest);\n+\tsr->rptr = iova + offsetof(struct bcmfs_sym_request, resp);\n }\n \n static void\n@@ -244,6 +250,7 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,\n \t\t\t       uint16_t nb_ops)\n {\n \tint i, j;\n+\tint retval;\n \tuint16_t enq = 0;\n \tstruct bcmfs_sym_request *sreq;\n \tstruct bcmfs_sym_session *sess;\n@@ -273,6 +280,11 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,\n \t\t/* save context */\n \t\tqp->infl_msgs[i] = &sreq->msgs;\n \t\tqp->infl_msgs[i]->ctx = (void *)sreq;\n+\n+\t\t/* pre process the request crypto h/w acceleration */\n+\t\tretval = bcmfs_process_sym_crypto_op(ops[i], sess, sreq);\n+\t\tif (unlikely(retval < 0))\n+\t\t\tgoto enqueue_err;\n \t}\n \t/* Send burst request to hw QP */\n \tenq = bcmfs_enqueue_op_burst(qp, (void **)qp->infl_msgs, i);\n@@ -289,6 +301,17 @@ bcmfs_sym_pmd_enqueue_op_burst(void *queue_pair,\n \treturn enq;\n }\n \n+static void bcmfs_sym_set_request_status(struct rte_crypto_op *op,\n+\t\t\t\t\t struct bcmfs_sym_request *out)\n+{\n+\tif (*out->resp == BCMFS_SYM_RESPONSE_SUCCESS)\n+\t\top->status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n+\telse if (*out->resp == BCMFS_SYM_RESPONSE_HASH_TAG_ERROR)\n+\t\top->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;\n+\telse\n+\t\top->status = RTE_CRYPTO_OP_STATUS_ERROR;\n+}\n+\n static uint16_t\n bcmfs_sym_pmd_dequeue_op_burst(void *queue_pair,\n \t\t\t       struct rte_crypto_op **ops,\n@@ -308,6 +331,9 @@ bcmfs_sym_pmd_dequeue_op_burst(void *queue_pair,\n \tfor (i = 0; i < deq; i++) {\n \t\tsreq = (struct bcmfs_sym_request *)qp->infl_msgs[i]->ctx;\n \n+\t\t/* set the status based on the response from the crypto h/w */\n+\t\tbcmfs_sym_set_request_status(sreq->op, sreq);\n+\n \t\tops[pkts++] = sreq->op;\n \n \t\trte_mempool_put(qp->sr_mp, sreq);\ndiff --git a/drivers/crypto/bcmfs/bcmfs_sym_req.h b/drivers/crypto/bcmfs/bcmfs_sym_req.h\nindex 0f0b051f1..e53c50adc 100644\n--- a/drivers/crypto/bcmfs/bcmfs_sym_req.h\n+++ b/drivers/crypto/bcmfs/bcmfs_sym_req.h\n@@ -6,13 +6,53 @@\n #ifndef _BCMFS_SYM_REQ_H_\n #define _BCMFS_SYM_REQ_H_\n \n+#include <rte_cryptodev.h>\n+\n #include \"bcmfs_dev_msg.h\"\n+#include \"bcmfs_sym_defs.h\"\n+\n+/* Fixed SPU2 Metadata */\n+struct spu2_fmd {\n+\tuint64_t ctrl0;\n+\tuint64_t ctrl1;\n+\tuint64_t ctrl2;\n+\tuint64_t ctrl3;\n+};\n \n /*\n  * This structure hold the supportive data required to process a\n  * rte_crypto_op\n  */\n struct bcmfs_sym_request {\n+\t/* spu2 engine related data */\n+\tstruct spu2_fmd fmd;\n+\t/* cipher key */\n+\tuint8_t cipher_key[BCMFS_MAX_KEY_SIZE];\n+\t/* auth key */\n+\tuint8_t auth_key[BCMFS_MAX_KEY_SIZE];\n+\t/* iv key */\n+\tuint8_t iv[BCMFS_MAX_IV_SIZE];\n+\t/* digest data output from crypto h/w */\n+\tuint8_t digest[BCMFS_MAX_DIGEST_SIZE];\n+\t/* 2-Bytes response from crypto h/w */\n+\tuint8_t resp[2];\n+\t/*\n+\t * Below are all iovas for above members\n+\t * from top\n+\t */\n+\t/* iova for fmd */\n+\trte_iova_t fptr;\n+\t/* iova for cipher key */\n+\trte_iova_t cptr;\n+\t/* iova for auth key */\n+\trte_iova_t aptr;\n+\t/* iova for iv key */\n+\trte_iova_t iptr;\n+\t/* iova for digest */\n+\trte_iova_t dptr;\n+\t/* iova for response */\n+\trte_iova_t rptr;\n+\n \t/* bcmfs qp message for h/w queues to process */\n \tstruct bcmfs_qp_message msgs;\n \t/* crypto op */\ndiff --git a/drivers/crypto/bcmfs/meson.build b/drivers/crypto/bcmfs/meson.build\nindex 2e86c733e..7aa0f05db 100644\n--- a/drivers/crypto/bcmfs/meson.build\n+++ b/drivers/crypto/bcmfs/meson.build\n@@ -14,5 +14,7 @@ sources = files(\n \t\t'hw/bcmfs_rm_common.c',\n \t\t'bcmfs_sym_pmd.c',\n \t\t'bcmfs_sym_capabilities.c',\n-\t\t'bcmfs_sym_session.c'\n+\t\t'bcmfs_sym_session.c',\n+\t\t'bcmfs_sym.c',\n+\t\t'bcmfs_sym_engine.c'\n \t\t)\n",
    "prefixes": [
        "v1",
        "7/8"
    ]
}