From patchwork Wed Jul 17 05:29:10 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
X-Patchwork-Id: 56564
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id C95E01BDE0;
	Wed, 17 Jul 2019 07:29:24 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
	[67.231.156.173]) by dpdk.org (Postfix) with ESMTP id C06071B995
	for <dev@dpdk.org>; Wed, 17 Jul 2019 07:29:14 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
	by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
	x6H5PLO2005628 for <dev@dpdk.org>; Tue, 16 Jul 2019 22:29:14 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
	h=from : to : cc :
	subject : date : message-id : references : in-reply-to : content-type
	: content-transfer-encoding : mime-version; s=pfpt0818;
	bh=A2cRHpH6pTK1RTi3Tywk9z+EnjuD1SLqsMrznlB6+n4=;
	b=XNGVactU+u4NtmAM3qumlX28xEpWSk6lmDy+PyTVQrib8D3WFroaAqNmdWSr9b16nwSG
	ecFHJNNuas8YjVyb9DnAVg8SxIW2NRTPW0gD+ftuVuNtKi6fGfXuu00WpQoP4pHkCjiz
	OZ92UrHf5u+xYnO4eMgRPkN4ahf9jONw1zmVEdWL2yFK3AbXmM1pOYAK+fWraCuZTC45
	m8qOwnvhX7JjEwOIdCQWnOxDAyV7/MieEChC7Tb4FrEw4Zy+JIEA2SGCBkNwPnecW6DX
	615PUoBAbQKW9lv4RrqABS9ZZsoLTXj8na49YNtOnAGzdPfIGar4J6uXdX6S0AUz8Y0c
	VQ==
Received: from sc-exch02.marvell.com ([199.233.58.182])
	by mx0b-0016f401.pphosted.com with ESMTP id 2ts0a2692h-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
	for <dev@dpdk.org>; Tue, 16 Jul 2019 22:29:14 -0700
Received: from SC-EXCH02.marvell.com (10.93.176.82) by SC-EXCH02.marvell.com
	(10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1367.3;
	Tue, 16 Jul 2019 22:29:12 -0700
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (104.47.34.59)
	by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server
	(TLS) id
	15.0.1367.3 via Frontend Transport; Tue, 16 Jul 2019 22:29:12 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
	b=gD7v7YK6JdgMHqsvXC7rRADtv6YXS9etqoH61TRP4JF5apdKFXcSQoLBfrCBaOfKydD8qed+VWsUhg+MY4ulU7G4zeKmAT0jx+x5MmjlRO65aml+vKUaxZsn1zBIxIVqHXn6v1OKrk1F/vZIk/FBjjT49HvlkDyWZDethM4J65ORmcUiwV0ubYdTd1+YiHul2ng2/4Wq1j78vNIb7iuNLu9+T+P1kSlQL1qLoBOwK2sq0Nq+i41h2jzVM99sc+G+wg1oHfSZ/WNRM7XsZzJlsqbhPhiD1LEqDJqjSku1juFiBShJinX/MduzAch31Pu9GJfg4A9sR83EuJ6gNnLCeQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
	s=arcselector9901;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=A2cRHpH6pTK1RTi3Tywk9z+EnjuD1SLqsMrznlB6+n4=;
	b=LHGjOf7A8sS6KyhGlUlqycMqpbBj1LrtQj+iB+tGK0XvPJzkLu+TLqPz8Wp3PIEYNqOcHACv5F7tp+lTGw1ijQ9pr5QmxQcnsJVqEanVXXugdlBoEYd6Y/71tWQFpZ7pAqtIlZwOWDiSm4DvZRf4egO5FmtsWT5QAB9+FHDkfj4PQaW4Os58Yj8sEqrBRr6qoqPnmLH3mOGpBfcqfM9tYPG9nFAsfdyTCTxzAKUG+LW4i1QjTT2HV6i69cNPxrTfvlSt2quKxIHXB/HOYniWM7Rlm5eCCpy0aJJERxnGnQgmDKi0oLLCSbVbkZRx8d0EHyaBsypoR+bKPEohEEcqhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass
	smtp.mailfrom=marvell.com;dmarc=pass action=none
	header.from=marvell.com;dkim=pass header.d=marvell.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=marvell.onmicrosoft.com; s=selector2-marvell-onmicrosoft-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
	bh=A2cRHpH6pTK1RTi3Tywk9z+EnjuD1SLqsMrznlB6+n4=;
	b=wzbapry9jPfHWGk/Z3WifnrBrqN25jqQhMFgG+3WZzy5e+25Q1LeAco5b9eQ01vMkH92bx8pvkOQsGSn1P+SDVliBb25zzIXCoByCcMtZtR6gOWj4rJ/bJ4ksPhBi+nvt9e7d5JXjGsMhsEWqyZGKJZmRaE2hMHxq7zeJ4rjpz4=
Received: from MN2PR18MB2797.namprd18.prod.outlook.com (20.179.22.16) by
	MN2PR18MB2767.namprd18.prod.outlook.com (20.179.20.95) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	15.20.2073.11; Wed, 17 Jul 2019 05:29:11 +0000
Received: from MN2PR18MB2797.namprd18.prod.outlook.com
	([fe80::5d53:ac2e:80ec:cd8f]) by
	MN2PR18MB2797.namprd18.prod.outlook.com
	([fe80::5d53:ac2e:80ec:cd8f%6]) with mapi id 15.20.2073.012;
	Wed, 17 Jul 2019 05:29:11 +0000
From: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
To: "dev@dpdk.org" <dev@dpdk.org>
CC: Srikanth Jampala <jsrikanth@marvell.com>, Nagadheeraj Rottela
	<rnagadheeraj@marvell.com>
Thread-Topic: [PATCH 07/10] crypto/nitrox: add session management operations
Thread-Index: AQHVPGCQJUEH7JsoPUOlSK5mfvutPA==
Date: Wed, 17 Jul 2019 05:29:10 +0000
Message-ID: <20190717052837.647-8-rnagadheeraj@marvell.com>
References: <20190717052837.647-1-rnagadheeraj@marvell.com>
In-Reply-To: <20190717052837.647-1-rnagadheeraj@marvell.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-clientproxiedby: BMXPR01CA0001.INDPRD01.PROD.OUTLOOK.COM
	(2603:1096:b00:d::11) To MN2PR18MB2797.namprd18.prod.outlook.com
	(2603:10b6:208:a0::16)
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: git-send-email 2.13.6
x-originating-ip: [115.113.156.2]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9c91fa0d-275f-4988-9426-08d70a77b27b
x-microsoft-antispam: BCL:0; PCL:0;
	RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
	SRVR:MN2PR18MB2767;
x-ms-traffictypediagnostic: MN2PR18MB2767:
x-microsoft-antispam-prvs: 
 <MN2PR18MB2767A1C2E5CA0B03FB78DD19D6C90@MN2PR18MB2767.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:785;
x-forefront-prvs: 01018CB5B3
x-forefront-antispam-report: SFV:NSPM;
	SFS:(10009020)(4636009)(376002)(346002)(366004)(396003)(39860400002)(136003)(199004)(189003)(55236004)(6512007)(66066001)(66946007)(66476007)(66446008)(86362001)(64756008)(66556008)(107886003)(14444005)(71190400001)(99286004)(256004)(71200400001)(7736002)(305945005)(54906003)(5660300002)(1730700003)(486006)(53936002)(26005)(81166006)(316002)(50226002)(6486002)(81156014)(8676002)(1076003)(6506007)(4326008)(25786009)(386003)(30864003)(6116002)(11346002)(2616005)(3846002)(2351001)(6916009)(478600001)(14454004)(476003)(446003)(8936002)(68736007)(76176011)(102836004)(36756003)(186003)(52116002)(5640700003)(2906002)(6436002)(2501003);
	DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB2767;
	H:MN2PR18MB2797.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en;
	PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: marvell.com does not designate
	permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 
 tZYiF4cuX33wlpbV2aLYQljLbqB5UtesMb9fF0m9d6/LFEIQFP/7UCDBhZNT34jGWlkI4x6emnYEZc4qy7fQBq29Xg3hyDaYPJa663tUMiIsqtgRa5TDQ8XjwNy1juS3Z3qj7b8B67f9ZXk9ufzzmutzCLdaxo/tuPag9wbEwVvxUNDVHeL6r4ldfDn/N5laVNJJ28ZUVmZkKsw9DjVzLZmN9+36pK9hP8diD1iLDEsekWkQr2ANJKh0Gx2C/rNP3CmZnQJNjq5El0YJerje9K0dFEjUERx0PfXYXvpH5nO4fmo+kgQe8p+Z1pn1xlVXPmFTNfsqJeOEfae9OffmhXQO33v/n0NLrwCdxGoNcq955lwZNyVRzddXmd9LWXkf4DtTeH6Jmc659JgngCwTnESbFd0Tt0RoWy9EPsrMXbc=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9c91fa0d-275f-4988-9426-08d70a77b27b
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jul 2019 05:29:10.9842
	(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rnagadheeraj@marvell.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2767
X-OriginatorOrg: marvell.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8
	definitions=2019-07-17_02:2019-07-16,2019-07-17 signatures=0
Subject: [dpdk-dev] [PATCH 07/10] crypto/nitrox: add session management
	operations
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add all the session management operations.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
---
 drivers/crypto/nitrox/nitrox_sym.c     | 323 ++++++++++++++++++++++++++++++++-
 drivers/crypto/nitrox/nitrox_sym_ctx.h |  85 +++++++++
 2 files changed, 405 insertions(+), 3 deletions(-)
 create mode 100644 drivers/crypto/nitrox/nitrox_sym_ctx.h

diff --git a/drivers/crypto/nitrox/nitrox_sym.c b/drivers/crypto/nitrox/nitrox_sym.c
index 05f089cae..34c62b02e 100644
--- a/drivers/crypto/nitrox/nitrox_sym.c
+++ b/drivers/crypto/nitrox/nitrox_sym.c
@@ -12,16 +12,54 @@
 #include "nitrox_sym_capabilities.h"
 #include "nitrox_qp.h"
 #include "nitrox_sym_reqmgr.h"
+#include "nitrox_sym_ctx.h"
 #include "nitrox_logs.h"
 
 #define CRYPTODEV_NAME_NITROX_PMD crypto_nitrox
+#define MC_MAC_MISMATCH_ERR_CODE 0x4c
 #define NPS_PKT_IN_INSTR_SIZE 64
+#define IV_FROM_DPTR 1
+#define FLEXI_CRYPTO_ENCRYPT_HMAC 0x33
+#define AES_KEYSIZE_128 16
+#define AES_KEYSIZE_192 24
+#define AES_KEYSIZE_256 32
+#define MAX_IV_LEN 16
 
 struct nitrox_sym_device {
 	struct rte_cryptodev *cdev;
 	struct nitrox_device *ndev;
 };
 
+/* Cipher opcodes */
+enum flexi_cipher {
+	CIPHER_NULL = 0,
+	CIPHER_3DES_CBC,
+	CIPHER_3DES_ECB,
+	CIPHER_AES_CBC,
+	CIPHER_AES_ECB,
+	CIPHER_AES_CFB,
+	CIPHER_AES_CTR,
+	CIPHER_AES_GCM,
+	CIPHER_AES_XTS,
+	CIPHER_AES_CCM,
+	CIPHER_AES_CBC_CTS,
+	CIPHER_AES_ECB_CTS,
+	CIPHER_INVALID
+};
+
+/* Auth opcodes */
+enum flexi_auth {
+	AUTH_NULL = 0,
+	AUTH_MD5,
+	AUTH_SHA1,
+	AUTH_SHA2_SHA224,
+	AUTH_SHA2_SHA256,
+	AUTH_SHA2_SHA384,
+	AUTH_SHA2_SHA512,
+	AUTH_GMAC,
+	AUTH_INVALID
+};
+
 uint8_t nitrox_sym_drv_id;
 static const char nitrox_sym_drv_name[] = RTE_STR(CRYPTODEV_NAME_NITROX_PMD);
 static const struct rte_driver nitrox_rte_sym_drv = {
@@ -204,6 +242,285 @@ nitrox_sym_dev_qp_release(struct rte_cryptodev *cdev, uint16_t qp_id)
 	return err;
 }
 
+static unsigned int
+nitrox_sym_dev_sess_get_size(__rte_unused struct rte_cryptodev *cdev)
+{
+	return sizeof(struct nitrox_crypto_ctx);
+}
+
+static enum nitrox_chain
+get_crypto_chain_order(const struct rte_crypto_sym_xform *xform)
+{
+	enum nitrox_chain res = NITROX_CHAIN_NOT_SUPPORTED;
+
+	if (unlikely(xform == NULL))
+		return res;
+
+	switch (xform->type) {
+	case RTE_CRYPTO_SYM_XFORM_AUTH:
+		if (xform->next == NULL) {
+			res = NITROX_CHAIN_NOT_SUPPORTED;
+		} else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+			if (xform->auth.op == RTE_CRYPTO_AUTH_OP_VERIFY &&
+			    xform->next->cipher.op ==
+			    RTE_CRYPTO_CIPHER_OP_DECRYPT) {
+				res = NITROX_CHAIN_AUTH_CIPHER;
+			} else {
+				NITROX_LOG(ERR, "auth op %d, cipher op %d\n",
+				    xform->auth.op, xform->next->cipher.op);
+			}
+		}
+		break;
+	case RTE_CRYPTO_SYM_XFORM_CIPHER:
+		if (xform->next == NULL) {
+			res = NITROX_CHAIN_CIPHER_ONLY;
+		} else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
+			if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+			    xform->next->auth.op ==
+			    RTE_CRYPTO_AUTH_OP_GENERATE) {
+				res = NITROX_CHAIN_CIPHER_AUTH;
+			} else {
+				NITROX_LOG(ERR, "cipher op %d, auth op %d\n",
+				    xform->cipher.op, xform->next->auth.op);
+			}
+		}
+		break;
+	default:
+		break;
+	}
+
+	return res;
+}
+
+static enum flexi_cipher
+get_flexi_cipher_type(enum rte_crypto_cipher_algorithm algo, bool *is_aes)
+{
+	enum flexi_cipher type;
+
+	switch (algo) {
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		type = CIPHER_AES_CBC;
+		*is_aes = true;
+		break;
+	default:
+		type = CIPHER_INVALID;
+		NITROX_LOG(ERR, "Algorithm not supported %d\n", algo);
+		break;
+	}
+
+	return type;
+}
+
+static int
+flexi_aes_keylen(size_t keylen, bool is_aes)
+{
+	int aes_keylen;
+
+	if (!is_aes)
+		return 0;
+
+	switch (keylen) {
+	case AES_KEYSIZE_128:
+		aes_keylen = 1;
+		break;
+	case AES_KEYSIZE_192:
+		aes_keylen = 2;
+		break;
+	case AES_KEYSIZE_256:
+		aes_keylen = 3;
+		break;
+	default:
+		NITROX_LOG(ERR, "Invalid keylen %zu\n", keylen);
+		aes_keylen = -EINVAL;
+		break;
+	}
+
+	return aes_keylen;
+}
+
+static bool
+crypto_key_is_valid(struct rte_crypto_cipher_xform *xform,
+		    struct flexi_crypto_context *fctx)
+{
+	if (unlikely(xform->key.length > sizeof(fctx->crypto.key))) {
+		NITROX_LOG(ERR, "Invalid crypto key length %d\n",
+			   xform->key.length);
+		return false;
+	}
+
+	return true;
+}
+
+static int
+configure_cipher_ctx(struct rte_crypto_cipher_xform *xform,
+		     struct nitrox_crypto_ctx *ctx)
+{
+	enum flexi_cipher type;
+	bool cipher_is_aes = false;
+	int aes_keylen;
+	struct flexi_crypto_context *fctx = &ctx->fctx;
+
+	type = get_flexi_cipher_type(xform->algo, &cipher_is_aes);
+	if (unlikely(type == CIPHER_INVALID))
+		return -ENOTSUP;
+
+	aes_keylen = flexi_aes_keylen(xform->key.length, cipher_is_aes);
+	if (unlikely(aes_keylen < 0))
+		return -EINVAL;
+
+	if (unlikely(!cipher_is_aes && !crypto_key_is_valid(xform, fctx)))
+		return -EINVAL;
+
+	if (unlikely(xform->iv.length > MAX_IV_LEN))
+		return -EINVAL;
+
+	fctx->flags = rte_be_to_cpu_64(fctx->flags);
+	fctx->w0.cipher_type = type;
+	fctx->w0.aes_keylen = aes_keylen;
+	fctx->w0.iv_source = IV_FROM_DPTR;
+	fctx->flags = rte_cpu_to_be_64(fctx->flags);
+	memset(fctx->crypto.key, 0, sizeof(fctx->crypto.key));
+	memcpy(fctx->crypto.key, xform->key.data, xform->key.length);
+
+	ctx->opcode = FLEXI_CRYPTO_ENCRYPT_HMAC;
+	ctx->req_op = (xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
+			NITROX_OP_ENCRYPT : NITROX_OP_DECRYPT;
+	ctx->iv.offset = xform->iv.offset;
+	ctx->iv.length = xform->iv.length;
+	return 0;
+}
+
+static enum flexi_auth
+get_flexi_auth_type(enum rte_crypto_auth_algorithm algo)
+{
+	enum flexi_auth type;
+
+	switch (algo) {
+	case RTE_CRYPTO_AUTH_SHA1_HMAC:
+		type = AUTH_SHA1;
+		break;
+	default:
+		NITROX_LOG(ERR, "Algorithm not supported %d\n", algo);
+		type = AUTH_INVALID;
+		break;
+	}
+
+	return type;
+}
+
+static bool
+auth_key_digest_is_valid(struct rte_crypto_auth_xform *xform,
+			 struct flexi_crypto_context *fctx)
+{
+	if (unlikely(!xform->key.data && xform->key.length)) {
+		NITROX_LOG(ERR, "Invalid auth key\n");
+		return false;
+	}
+
+	if (unlikely(xform->key.length > sizeof(fctx->auth.opad))) {
+		NITROX_LOG(ERR, "Invalid auth key length %d\n",
+			   xform->key.length);
+		return false;
+	}
+
+	return true;
+}
+
+static int
+configure_auth_ctx(struct rte_crypto_auth_xform *xform,
+		   struct nitrox_crypto_ctx *ctx)
+{
+	enum flexi_auth type;
+	struct flexi_crypto_context *fctx = &ctx->fctx;
+
+	type = get_flexi_auth_type(xform->algo);
+	if (unlikely(type == AUTH_INVALID))
+		return -ENOTSUP;
+
+	if (unlikely(!auth_key_digest_is_valid(xform, fctx)))
+		return -EINVAL;
+
+	ctx->auth_op = xform->op;
+	ctx->auth_algo = xform->algo;
+	ctx->digest_length = xform->digest_length;
+
+	fctx->flags = rte_be_to_cpu_64(fctx->flags);
+	fctx->w0.hash_type = type;
+	fctx->w0.auth_input_type = 1;
+	fctx->w0.mac_len = xform->digest_length;
+	fctx->flags = rte_cpu_to_be_64(fctx->flags);
+	memset(&fctx->auth, 0, sizeof(fctx->auth));
+	memcpy(fctx->auth.opad, xform->key.data, xform->key.length);
+	return 0;
+}
+
+static int
+nitrox_sym_dev_sess_configure(struct rte_cryptodev *cdev,
+			      struct rte_crypto_sym_xform *xform,
+			      struct rte_cryptodev_sym_session *sess,
+			      struct rte_mempool *mempool)
+{
+	void *mp_obj;
+	struct nitrox_crypto_ctx *ctx;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
+	struct rte_crypto_auth_xform *auth_xform = NULL;
+
+	if (rte_mempool_get(mempool, &mp_obj)) {
+		NITROX_LOG(ERR, "Couldn't allocate context\n");
+		return -ENOMEM;
+	}
+
+	ctx = mp_obj;
+	ctx->nitrox_chain = get_crypto_chain_order(xform);
+	switch (ctx->nitrox_chain) {
+	case NITROX_CHAIN_CIPHER_AUTH:
+		cipher_xform = &xform->cipher;
+		auth_xform = &xform->next->auth;
+		break;
+	case NITROX_CHAIN_AUTH_CIPHER:
+		auth_xform = &xform->auth;
+		cipher_xform = &xform->next->cipher;
+		break;
+	default:
+		NITROX_LOG(ERR, "Crypto chain not supported\n");
+		goto err;
+	}
+
+	if (cipher_xform && unlikely(configure_cipher_ctx(cipher_xform, ctx))) {
+		NITROX_LOG(ERR, "Failed to configure cipher ctx\n");
+		goto err;
+	}
+
+	if (auth_xform && unlikely(configure_auth_ctx(auth_xform, ctx))) {
+		NITROX_LOG(ERR, "Failed to configure auth ctx\n");
+		goto err;
+	}
+
+	ctx->iova = rte_mempool_virt2iova(ctx);
+	set_sym_session_private_data(sess, cdev->driver_id, ctx);
+	return 0;
+err:
+	rte_mempool_put(mempool, mp_obj);
+	return -EINVAL;
+}
+
+static void
+nitrox_sym_dev_sess_clear(struct rte_cryptodev *cdev,
+			  struct rte_cryptodev_sym_session *sess)
+{
+	struct nitrox_crypto_ctx *ctx = get_sym_session_private_data(sess,
+							cdev->driver_id);
+	struct rte_mempool *sess_mp;
+
+	if (!ctx)
+		return;
+
+	memset(ctx, 0, sizeof(*ctx));
+	sess_mp = rte_mempool_from_obj(ctx);
+	set_sym_session_private_data(sess, cdev->driver_id, NULL);
+	rte_mempool_put(sess_mp, ctx);
+}
+
 static struct rte_cryptodev_ops nitrox_cryptodev_ops = {
 	.dev_configure		= nitrox_sym_dev_config,
 	.dev_start		= nitrox_sym_dev_start,
@@ -217,9 +534,9 @@ static struct rte_cryptodev_ops nitrox_cryptodev_ops = {
 	.queue_pair_setup	= nitrox_sym_dev_qp_setup,
 	.queue_pair_release     = nitrox_sym_dev_qp_release,
 
-	.sym_session_get_size   = NULL,
-	.sym_session_configure  = NULL,
-	.sym_session_clear      = NULL
+	.sym_session_get_size   = nitrox_sym_dev_sess_get_size,
+	.sym_session_configure  = nitrox_sym_dev_sess_configure,
+	.sym_session_clear      = nitrox_sym_dev_sess_clear
 };
 
 int
diff --git a/drivers/crypto/nitrox/nitrox_sym_ctx.h b/drivers/crypto/nitrox/nitrox_sym_ctx.h
new file mode 100644
index 000000000..d63c71455
--- /dev/null
+++ b/drivers/crypto/nitrox/nitrox_sym_ctx.h
@@ -0,0 +1,85 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2019 Marvell International Ltd.
+ */
+
+#ifndef _NITROX_SYM_CTX_H_
+#define _NITROX_SYM_CTX_H_
+
+#include <stdbool.h>
+
+#include <rte_crypto.h>
+
+#define AES_MAX_KEY_SIZE 32
+#define AES_BLOCK_SIZE 16
+
+enum nitrox_chain {
+	NITROX_CHAIN_CIPHER_ONLY,
+	NITROX_CHAIN_CIPHER_AUTH,
+	NITROX_CHAIN_AUTH_CIPHER,
+	NITROX_CHAIN_COMBINED,
+	NITROX_CHAIN_NOT_SUPPORTED
+};
+
+enum nitrox_op {
+	NITROX_OP_ENCRYPT,
+	NITROX_OP_DECRYPT,
+};
+
+struct crypto_keys {
+	uint8_t key[AES_MAX_KEY_SIZE];
+	uint8_t iv[AES_BLOCK_SIZE];
+};
+
+struct auth_keys {
+	uint8_t ipad[64];
+	uint8_t opad[64];
+};
+
+struct flexi_crypto_context {
+	union {
+		uint64_t flags;
+		struct {
+#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+			uint64_t cipher_type : 4;
+			uint64_t reserved_59 : 1;
+			uint64_t aes_keylen : 2;
+			uint64_t iv_source : 1;
+			uint64_t hash_type : 4;
+			uint64_t reserved_49_51 : 3;
+			uint64_t auth_input_type : 1;
+			uint64_t mac_len : 8;
+			uint64_t reserved_0_39 : 40;
+#else
+			uint64_t reserved_0_39 : 40;
+			uint64_t mac_len : 8;
+			uint64_t auth_input_type : 1;
+			uint64_t reserved_49_51 : 3;
+			uint64_t hash_type : 4;
+			uint64_t iv_source : 1;
+			uint64_t aes_keylen : 2;
+			uint64_t reserved_59 : 1;
+			uint64_t cipher_type : 4;
+#endif
+		} w0;
+	};
+
+	struct crypto_keys crypto;
+	struct auth_keys auth;
+};
+
+struct nitrox_crypto_ctx {
+	struct flexi_crypto_context fctx;
+	enum nitrox_chain nitrox_chain;
+	enum rte_crypto_auth_operation auth_op;
+	enum rte_crypto_auth_algorithm auth_algo;
+	struct {
+		uint16_t offset;
+		uint16_t length;
+	} iv;
+	rte_iova_t iova;
+	uint16_t digest_length;
+	uint8_t opcode;
+	uint8_t req_op;
+};
+
+#endif /* _NITROX_SYM_CTX_H_ */