From patchwork Thu Jun  4 15:13:22 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Coyle, David" <david.coyle@intel.com>
X-Patchwork-Id: 70858
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D2FA2A00C4;
	Thu,  4 Jun 2020 17:33:06 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id AB5711D5F5;
	Thu,  4 Jun 2020 17:33:01 +0200 (CEST)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by dpdk.org (Postfix) with ESMTP id 37EF91D5F2
 for <dev@dpdk.org>; Thu,  4 Jun 2020 17:33:00 +0200 (CEST)
IronPort-SDR: 
 7N6c0TwXtZ20Y2iY9WuRklHdKnU3R3h2l2wcBJfK0nRHbuM/c0mfkuLzzQncYvHd15zyKN5t64
 sPa/icKLrNzA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 04 Jun 2020 08:32:58 -0700
IronPort-SDR: 
 af8ilZ7SsH4gffcElvRHYi5UVHjGGIA5idCWH/CrbEiXkaFJr4SF8LwizPO7aCg9wTGHZGfVg8
 OEjGsf+spyBw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="445542676"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by orsmga005.jf.intel.com with ESMTP; 04 Jun 2020 08:32:53 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
 roy.fan.zhang@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
 brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com,
 ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com,
 jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com,
 ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com,
 honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
 alexr@mellanox.com, jerinj@marvell.com,
 David Coyle <david.coyle@intel.com>,
 Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Date: Thu,  4 Jun 2020 16:13:22 +0100
Message-Id: <20200604151324.50704-2-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200604151324.50704-1-david.coyle@intel.com>
References: <20200410142757.31508-1-david.coyle@intel.com>
 <20200604151324.50704-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH 1/3] security: add support for DOCSIS protocol
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for DOCSIS protocol to rte_security library. This support
currently comprises the combination of Crypto and CRC operations.

Please note this is API changes only. Implementation will follow in
next version.

Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
 lib/librte_security/rte_security.h | 114 +++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 747830d67..46ec4997a 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -293,6 +293,30 @@ struct rte_security_pdcp_xform {
 	uint32_t hfn_ovrd;
 };
 
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+	RTE_SECURITY_DOCSIS_UPLINK,
+	/**< Uplink
+	 * - Decryption, followed by CRC Verification
+	 */
+	RTE_SECURITY_DOCSIS_DOWNLINK,
+	/**< Downlink
+	 * - CRC Generation, followed by Encryption
+	 */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+	enum rte_security_docsis_direction direction;
+	/** DOCSIS direction */
+	uint16_t crc_size;
+	/**< CRC size in bytes */
+};
+
 /**
  * Security session action type.
  */
@@ -325,6 +349,8 @@ enum rte_security_session_protocol {
 	/**< MACSec Protocol */
 	RTE_SECURITY_PROTOCOL_PDCP,
 	/**< PDCP Protocol */
+	RTE_SECURITY_PROTOCOL_DOCSIS,
+	/**< DOCSIS Protocol */
 };
 
 /**
@@ -340,6 +366,7 @@ struct rte_security_session_conf {
 		struct rte_security_ipsec_xform ipsec;
 		struct rte_security_macsec_xform macsec;
 		struct rte_security_pdcp_xform pdcp;
+		struct rte_security_docsis_xform docsis;
 	};
 	/**< Configuration parameters for security session */
 	struct rte_crypto_sym_xform *crypto_xform;
@@ -355,6 +382,77 @@ struct rte_security_session {
 	/**< Opaque user defined data */
 };
 
+/**
+ * DOCSIS operation parameters
+ */
+struct rte_security_docsis_op {
+	struct rte_crypto_sym_op crypto_sym;
+	/**< Symmetric crypto operation parameters */
+
+	struct {
+		struct {
+			uint16_t offset;
+			/**<
+			 * Starting point for CRC processing, specified
+			 * as the number of bytes from start of the packet in
+			 * the source mbuf in crypto_sym
+			 */
+			uint16_t length;
+			/**<
+			 * The length, in bytes, of the source mbuf on which the
+			 * CRC will be computed
+			 */
+		} data;
+		/**< Data offset and length for CRC */
+
+		struct {
+			uint8_t *data;
+			/**<
+			 * This points to the location where the CRC should be
+			 * written (in the case of generation) or where the
+			 * purported result exists (in the case of
+			 * verification).
+			 *
+			 * The caller must ensure the required length of
+			 * physically contiguous memory is available at this
+			 * address.
+			 *
+			 * This may point into the mbuf packet data. For
+			 * generation, the result will overwrite any data at
+			 * this location.
+			 */
+			rte_iova_t phys_addr;
+			/**< Physical address of output data */
+		} output;
+		/**< Output location */
+	} crc;
+	/**< CRC operation parameters */
+
+	uint64_t reserved;
+	/**< Reserved for future use */
+};
+
+/**
+ * Security operation types
+ */
+enum rte_security_op_type {
+	RTE_SECURITY_OP_TYPE_DOCSIS = 1
+	/**< DOCSIS operation */
+};
+
+/**
+ * Security operation parameters
+ */
+struct rte_security_op {
+	enum rte_security_op_type type;
+	/**< Type of operation */
+	RTE_STD_C11
+	union {
+		struct rte_security_docsis_op docsis;
+	};
+	/**< Parameters for security operation */
+};
+
 /**
  * Create security session as specified by the session configuration
  *
@@ -523,6 +621,10 @@ struct rte_security_pdcp_stats {
 	uint64_t reserved;
 };
 
+struct rte_security_docsis_stats {
+	uint64_t reserved;
+};
+
 struct rte_security_stats {
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
@@ -532,6 +634,7 @@ struct rte_security_stats {
 		struct rte_security_macsec_stats macsec;
 		struct rte_security_ipsec_stats ipsec;
 		struct rte_security_pdcp_stats pdcp;
+		struct rte_security_docsis_stats docsis;
 	};
 };
 
@@ -591,6 +694,13 @@ struct rte_security_capability {
 			/**< Capability flags, see RTE_SECURITY_PDCP_* */
 		} pdcp;
 		/**< PDCP capability */
+		struct {
+			enum rte_security_docsis_direction direction;
+			/**< DOCSIS direction */
+			uint16_t crc_size;
+			/**< CRC size in bytes */
+		} docsis;
+		/**< DOCSIS capability */
 	};
 
 	const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -649,6 +759,10 @@ struct rte_security_capability_idx {
 			enum rte_security_pdcp_domain domain;
 			uint32_t capa_flags;
 		} pdcp;
+		struct {
+			enum rte_security_docsis_direction direction;
+			uint16_t crc_size;
+		} docsis;
 	};
 };
 

From patchwork Thu Jun  4 15:13:23 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Coyle, David" <david.coyle@intel.com>
X-Patchwork-Id: 70859
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 79F8FA00C4;
	Thu,  4 Jun 2020 17:33:19 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id E6CB41D5FD;
	Thu,  4 Jun 2020 17:33:08 +0200 (CEST)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by dpdk.org (Postfix) with ESMTP id C7C6B1D5FD
 for <dev@dpdk.org>; Thu,  4 Jun 2020 17:33:06 +0200 (CEST)
IronPort-SDR: 
 VzD/Re2ukDG9X9aq15Vl+k42ZxLQjwhn0DG6Rh7TmAL1bZS0fpWxtdbmSJbR/s0bnRQk9Fb2bm
 C1CqcqyILP2A==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 04 Jun 2020 08:33:04 -0700
IronPort-SDR: 
 y+gUdyvrgjT7u+eT7jP4Y0n+LsJYYxtLQ6dYBwQFoIUJgnKmuHE0/eVetZpnVkXkV39BbP/o3b
 okmrUxpmXc4Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="445542716"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by orsmga005.jf.intel.com with ESMTP; 04 Jun 2020 08:32:58 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
 roy.fan.zhang@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
 brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com,
 ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com,
 jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com,
 ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com,
 honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
 alexr@mellanox.com, jerinj@marvell.com,
 David Coyle <david.coyle@intel.com>,
 Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Date: Thu,  4 Jun 2020 16:13:23 +0100
Message-Id: <20200604151324.50704-3-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200604151324.50704-1-david.coyle@intel.com>
References: <20200410142757.31508-1-david.coyle@intel.com>
 <20200604151324.50704-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH 2/3] cryptodev: add security operation to crypto
	operation
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add a new security operation structure to the crypto operation to allow
protocol specific parameters defined in rte_security be defined for a
crypto operation.

Please note this is API changes only. Implementation will follow in
next version.

Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
 lib/librte_cryptodev/rte_crypto.h | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
index fd5ef3a87..fbc1df791 100644
--- a/lib/librte_cryptodev/rte_crypto.h
+++ b/lib/librte_cryptodev/rte_crypto.h
@@ -31,8 +31,10 @@ enum rte_crypto_op_type {
 	/**< Undefined operation type */
 	RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 	/**< Symmetric operation */
-	RTE_CRYPTO_OP_TYPE_ASYMMETRIC
+	RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
 	/**< Asymmetric operation */
+	RTE_CRYPTO_OP_TYPE_SECURITY
+	/**< Security operation */
 };
 
 /** Status of crypto operation */
@@ -121,6 +123,13 @@ struct rte_crypto_op {
 		struct rte_crypto_asym_op asym[0];
 		/**< Asymmetric operation parameters */
 
+#ifdef RTE_LIBRTE_SECURITY
+		uint8_t security[0];
+		/**< Security operation parameters
+		 * - Must be accessed through a rte_security_op pointer
+		 */
+#endif
+
 	}; /**< operation specific parameters */
 };
 

From patchwork Thu Jun  4 15:13:24 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Coyle, David" <david.coyle@intel.com>
X-Patchwork-Id: 70860
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0D702A00C4;
	Thu,  4 Jun 2020 17:33:33 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 8E7AF1D610;
	Thu,  4 Jun 2020 17:33:12 +0200 (CEST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by dpdk.org (Postfix) with ESMTP id 635B21D610
 for <dev@dpdk.org>; Thu,  4 Jun 2020 17:33:11 +0200 (CEST)
IronPort-SDR: 
 04mQ6cLFiWHjyvGTbhBy8KEcTvq1g4hio1pZVeR0aHPujqR13T9S2/rkPNeSW8hcO0PJ81DGvR
 Nw5terU1Jk0w==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 04 Jun 2020 08:33:10 -0700
IronPort-SDR: 
 DLKskkl9MwX5fI74gktRQ+0vaQMXkk7NKBUE7yPVW7uF30zQ3Flh/2SZ7r3jS31IpwO7gP7OyX
 pmQf3Qp69oPQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="445542746"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by orsmga005.jf.intel.com with ESMTP; 04 Jun 2020 08:33:04 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
 roy.fan.zhang@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
 brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com,
 ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com,
 jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com,
 ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com,
 honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
 alexr@mellanox.com, jerinj@marvell.com,
 David Coyle <david.coyle@intel.com>,
 Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Date: Thu,  4 Jun 2020 16:13:24 +0100
Message-Id: <20200604151324.50704-4-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200604151324.50704-1-david.coyle@intel.com>
References: <20200410142757.31508-1-david.coyle@intel.com>
 <20200604151324.50704-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: add support for DOCSIS
	protocol
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support to the AESNI-MB PMD for the DOCSIS protocol, through the
rte_security API. This, therefore, includes adding support for the
rte_security API to this PMD.

Please note this is only a partial implementation, with just
capabilities structures populated. Full implementation will follow in
next version.

Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
 drivers/crypto/aesni_mb/meson.build           |  2 +-
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    | 63 +++++++++++++++++++
 2 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/aesni_mb/meson.build b/drivers/crypto/aesni_mb/meson.build
index e557e0103..23f578fd3 100644
--- a/drivers/crypto/aesni_mb/meson.build
+++ b/drivers/crypto/aesni_mb/meson.build
@@ -22,4 +22,4 @@ else
 endif
 
 sources = files('rte_aesni_mb_pmd.c', 'rte_aesni_mb_pmd_ops.c')
-deps += ['bus_vdev']
+deps += ['bus_vdev', 'security']
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 8c5e0cd92..c637ddb5f 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -8,6 +8,9 @@
 #include <rte_common.h>
 #include <rte_malloc.h>
 #include <rte_cryptodev_pmd.h>
+#ifdef RTE_LIBRTE_SECURITY
+#include <rte_security_driver.h>
+#endif
 
 #include "aesni_mb_pmd_private.h"
 
@@ -499,12 +502,72 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
+#ifdef RTE_LIBRTE_SECURITY
+static const struct rte_cryptodev_capabilities
+					aesni_mb_pmd_security_crypto_cap[] = {
+	{	/* AES DOCSIS BPI */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+			{.cipher = {
+				.algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+					.max = 32,
+					.increment = 16
+#else
+					.max = 16,
+					.increment = 0
+#endif
+				},
+				.iv_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+
+	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+static const struct rte_security_capability aesni_mb_pmd_security_cap[] = {
+	{ /* DOCSIS Uplink */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
+		.docsis = {
+			.direction = RTE_SECURITY_DOCSIS_UPLINK,
+			.crc_size = 4
+		},
+		.crypto_capabilities = aesni_mb_pmd_security_crypto_cap
+	},
+	{ /* DOCSIS downlink */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_DOCSIS,
+		.docsis = {
+			.direction = RTE_SECURITY_DOCSIS_DOWNLINK,
+			.crc_size = 4
+		},
+		.crypto_capabilities = aesni_mb_pmd_security_crypto_cap
+	},
+	{
+		.action = RTE_SECURITY_ACTION_TYPE_NONE
+	}
+};
+#endif
 
 /** Configure device */
 static int
 aesni_mb_pmd_config(__rte_unused struct rte_cryptodev *dev,
 		__rte_unused struct rte_cryptodev_config *config)
 {
+#ifdef RTE_LIBRTE_SECURITY
+	/* Temporary to avoid compile issues */
+	(void)aesni_mb_pmd_security_cap;
+#endif
 	return 0;
 }