Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/112967/?format=api
{ "id": 112967, "url": "http://patchwork.dpdk.org/api/patches/112967/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20220617073604.889403-3-ktejasree@marvell.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20220617073604.889403-3-ktejasree@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20220617073604.889403-3-ktejasree@marvell.com", "date": "2022-06-17T07:36:02", "name": "[2/4] crypto/cnxk: support stream cipher chained operations", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "eb4a72ebc8d55144ee274c165032341f62a66954", "submitter": { "id": 1789, "url": "http://patchwork.dpdk.org/api/people/1789/?format=api", "name": "Tejasree Kondoj", "email": "ktejasree@marvell.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20220617073604.889403-3-ktejasree@marvell.com/mbox/", "series": [ { "id": 23602, "url": "http://patchwork.dpdk.org/api/series/23602/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=23602", "date": "2022-06-17T07:36:00", "name": "support stream cipher chained operations", "version": 1, "mbox": "http://patchwork.dpdk.org/series/23602/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/112967/comments/", "check": "success", "checks": "http://patchwork.dpdk.org/api/patches/112967/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 97D0AA0093;\n\tFri, 17 Jun 2022 09:36:27 +0200 (CEST)", "from [217.70.189.124] (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 6A6E84282A;\n\tFri, 17 Jun 2022 09:36:15 +0200 (CEST)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id C97204281B\n for <dev@dpdk.org>; Fri, 17 Jun 2022 09:36:14 +0200 (CEST)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id\n 25H3kLLM021621\n for <dev@dpdk.org>; Fri, 17 Jun 2022 00:36:14 -0700", "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3grj05rrr0-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Fri, 17 Jun 2022 00:36:14 -0700", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;\n Fri, 17 Jun 2022 00:36:11 -0700", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend\n Transport; Fri, 17 Jun 2022 00:36:11 -0700", "from hyd1554.marvell.com (unknown [10.29.57.11])\n by maili.marvell.com (Postfix) with ESMTP id 4C5E03F7086;\n Fri, 17 Jun 2022 00:36:10 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=c+l6q2t2tSkADnQTjQs+L7NFbHTJdc8oK3oRpe41n3Q=;\n b=fhyIWXFGAnJWU/5t7YmmjsH/ZJUQ/efbsswb7zonm/oDmqiqg+s3q0clF7vmutUUSiiQ\n EJYwLxRNZUBMEQukTdUirMFLFfQ0SMUuX+iot+CuSG1aiYl3ui4/K46SPgQHmrkTwtUa\n ytsl9rYvIO0jpywwhIUNFfa9nGzriMjShl+qgTw+suM3LOEetl5XpmT7I+DTo5deQwGN\n o/eHbKogkVMuV3BcjPjTX4/TgGug0hEiGrFy84jbGSSq83rXToaii9LNpcLWcVkMhC0W\n 8BZ5x+x9LYIoFxj0PWQjwYIJXULitrKHGLT5iaNJ1hmYdmMlHj/VCrmloDOpmSsoZfK9 jQ==", "From": "Tejasree Kondoj <ktejasree@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>", "CC": "Anoob Joseph <anoobj@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>,\n <dev@dpdk.org>", "Subject": "[PATCH 2/4] crypto/cnxk: support stream cipher chained operations", "Date": "Fri, 17 Jun 2022 13:06:02 +0530", "Message-ID": "<20220617073604.889403-3-ktejasree@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20220617073604.889403-1-ktejasree@marvell.com>", "References": "<20220617073604.889403-1-ktejasree@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "177tap0pdm8Dss-rVlZjWTjgMabC7siJ", "X-Proofpoint-ORIG-GUID": "177tap0pdm8Dss-rVlZjWTjgMabC7siJ", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.64.514\n definitions=2022-06-17_06,2022-06-16_01,2022-02-23_01", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Adding support for zuc, snow3g and aes-ctr-cmac\nchained operations on cn9k using key and IV scheme\nin microcode.\n\nSigned-off-by: Tejasree Kondoj <ktejasree@marvell.com>\n---\n drivers/common/cnxk/roc_se.c | 271 +++++++++++++++++------\n drivers/common/cnxk/roc_se.h | 74 +++++--\n drivers/crypto/cnxk/cnxk_cryptodev_ops.c | 69 +++++-\n drivers/crypto/cnxk/cnxk_se.h | 235 +++++++++++++++++---\n 4 files changed, 536 insertions(+), 113 deletions(-)", "diff": "diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c\nindex 3f0821e400..8d6446c3a0 100644\n--- a/drivers/common/cnxk/roc_se.c\n+++ b/drivers/common/cnxk/roc_se.c\n@@ -88,21 +88,24 @@ cpt_ciph_type_set(roc_se_cipher_type type, struct roc_se_ctx *ctx,\n \t\tfc_type = ROC_SE_FC_GEN;\n \t\tbreak;\n \tcase ROC_SE_ZUC_EEA3:\n-\t\t/* No support for chained operations */\n-\t\tif (unlikely(ctx->hash_type))\n-\t\t\treturn -1;\n-\t\tfc_type = ROC_SE_PDCP;\n+\t\tif (ctx->hash_type)\n+\t\t\tfc_type = ROC_SE_PDCP_CHAIN;\n+\t\telse\n+\t\t\tfc_type = ROC_SE_PDCP;\n \t\tbreak;\n \tcase ROC_SE_SNOW3G_UEA2:\n \t\tif (unlikely(key_len != 16))\n \t\t\treturn -1;\n-\t\t/* No support for AEAD yet */\n-\t\tif (unlikely(ctx->hash_type))\n-\t\t\treturn -1;\n-\t\tfc_type = ROC_SE_PDCP;\n+\t\tif (ctx->hash_type)\n+\t\t\tfc_type = ROC_SE_PDCP_CHAIN;\n+\t\telse\n+\t\t\tfc_type = ROC_SE_PDCP;\n \t\tbreak;\n \tcase ROC_SE_AES_CTR_EEA2:\n-\t\tfc_type = ROC_SE_PDCP;\n+\t\tif (ctx->hash_type)\n+\t\t\tfc_type = ROC_SE_PDCP_CHAIN;\n+\t\telse\n+\t\t\tfc_type = ROC_SE_PDCP;\n \t\tbreak;\n \tcase ROC_SE_KASUMI_F8_CBC:\n \tcase ROC_SE_KASUMI_F8_ECB:\n@@ -171,6 +174,29 @@ cpt_pdcp_key_type_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t key_len)\n \treturn 0;\n }\n \n+static int\n+cpt_pdcp_chain_key_type_get(uint16_t key_len)\n+{\n+\troc_se_aes_type key_type;\n+\n+\tswitch (key_len) {\n+\tcase 16:\n+\t\tkey_type = ROC_SE_AES_128_BIT;\n+\t\tbreak;\n+\tcase 24:\n+\t\tkey_type = ROC_SE_AES_192_BIT;\n+\t\tbreak;\n+\tcase 32:\n+\t\tkey_type = ROC_SE_AES_256_BIT;\n+\t\tbreak;\n+\tdefault:\n+\t\tplt_err(\"Invalid key len\");\n+\t\treturn -ENOTSUP;\n+\t}\n+\n+\treturn key_type;\n+}\n+\n static int\n cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t mac_len)\n {\n@@ -202,7 +228,7 @@ cpt_pdcp_mac_len_set(struct roc_se_zuc_snow3g_ctx *zs_ctx, uint16_t mac_len)\n }\n \n static void\n-cpt_pdcp_update_zuc_const(uint8_t *zuc_const, int key_len, int mac_len)\n+cpt_zuc_const_update(uint8_t *zuc_const, int key_len, int mac_len)\n {\n \tif (key_len == 16) {\n \t\tmemcpy(zuc_const, zuc_key128, 32);\n@@ -227,15 +253,19 @@ int\n roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,\n \t\t const uint8_t *key, uint16_t key_len, uint16_t mac_len)\n {\n+\tstruct roc_se_zuc_snow3g_chain_ctx *zs_ch_ctx;\n \tstruct roc_se_zuc_snow3g_ctx *zs_ctx;\n \tstruct roc_se_kasumi_ctx *k_ctx;\n \tstruct roc_se_context *fctx;\n+\tuint8_t opcode_minor;\n+\tuint8_t pdcp_alg;\n \tint ret;\n \n \tif (se_ctx == NULL)\n \t\treturn -1;\n \n \tzs_ctx = &se_ctx->se_ctx.zs_ctx;\n+\tzs_ch_ctx = &se_ctx->se_ctx.zs_ch_ctx;\n \tk_ctx = &se_ctx->se_ctx.k_ctx;\n \tfctx = &se_ctx->se_ctx.fctx;\n \n@@ -243,14 +273,12 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,\n \t\tuint8_t *zuc_const;\n \t\tuint32_t keyx[4];\n \t\tuint8_t *ci_key;\n+\t\tbool chained_op =\n+\t\t\tse_ctx->ciph_then_auth || se_ctx->auth_then_ciph;\n \n \t\tif (!key_len)\n \t\t\treturn -1;\n \n-\t\t/* No support for chained operations yet */\n-\t\tif (se_ctx->enc_cipher)\n-\t\t\treturn -1;\n-\n \t\tif (roc_model_is_cn9k()) {\n \t\t\tci_key = zs_ctx->zuc.onk_ctx.ci_key;\n \t\t\tzuc_const = zs_ctx->zuc.onk_ctx.zuc_const;\n@@ -262,41 +290,88 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,\n \t\t/* For ZUC/SNOW3G/Kasumi */\n \t\tswitch (type) {\n \t\tcase ROC_SE_SNOW3G_UIA2:\n-\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n-\t\t\t\tROC_SE_PDCP_ALG_TYPE_SNOW3G;\n-\t\t\tzs_ctx->zuc.otk_ctx.w0.s.mac_len =\n-\t\t\t\tROC_SE_PDCP_MAC_LEN_32_BIT;\n-\t\t\tse_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;\n-\t\t\tcpt_snow3g_key_gen(key, keyx);\n-\t\t\tmemcpy(ci_key, keyx, key_len);\n-\t\t\tse_ctx->fc_type = ROC_SE_PDCP;\n+\t\t\tif (chained_op) {\n+\t\t\t\tstruct roc_se_onk_zuc_chain_ctx *ctx =\n+\t\t\t\t\t&zs_ch_ctx->zuc.onk_ctx;\n+\t\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.state_conf =\n+\t\t\t\t\tROC_SE_PDCP_CHAIN_CTX_KEY_IV;\n+\t\t\t\tctx->w0.s.auth_type =\n+\t\t\t\t\tROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G;\n+\t\t\t\tctx->w0.s.mac_len = mac_len;\n+\t\t\t\tctx->w0.s.auth_key_len = key_len;\n+\t\t\t\tse_ctx->fc_type = ROC_SE_PDCP_CHAIN;\n+\t\t\t\tcpt_snow3g_key_gen(key, keyx);\n+\t\t\t\tmemcpy(ctx->st.auth_key, keyx, key_len);\n+\t\t\t} else {\n+\t\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n+\t\t\t\t\tROC_SE_PDCP_ALG_TYPE_SNOW3G;\n+\t\t\t\tzs_ctx->zuc.otk_ctx.w0.s.mac_len =\n+\t\t\t\t\tROC_SE_PDCP_MAC_LEN_32_BIT;\n+\t\t\t\tcpt_snow3g_key_gen(key, keyx);\n+\t\t\t\tmemcpy(ci_key, keyx, key_len);\n+\t\t\t\tse_ctx->fc_type = ROC_SE_PDCP;\n+\t\t\t}\n+\t\t\tse_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_SNOW3G;\n \t\t\tse_ctx->zsk_flags = 0x1;\n \t\t\tbreak;\n \t\tcase ROC_SE_ZUC_EIA3:\n-\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n-\t\t\t\tROC_SE_PDCP_ALG_TYPE_ZUC;\n-\t\t\tret = cpt_pdcp_key_type_set(zs_ctx, key_len);\n-\t\t\tif (ret)\n-\t\t\t\treturn ret;\n-\t\t\tret = cpt_pdcp_mac_len_set(zs_ctx, mac_len);\n-\t\t\tif (ret)\n-\t\t\t\treturn ret;\n-\t\t\tse_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;\n-\t\t\tmemcpy(ci_key, key, key_len);\n-\t\t\tif (key_len == 32)\n-\t\t\t\troc_se_zuc_bytes_swap(ci_key, key_len);\n-\t\t\tcpt_pdcp_update_zuc_const(zuc_const, key_len, mac_len);\n-\t\t\tse_ctx->fc_type = ROC_SE_PDCP;\n+\t\t\tif (chained_op) {\n+\t\t\t\tstruct roc_se_onk_zuc_chain_ctx *ctx =\n+\t\t\t\t\t&zs_ch_ctx->zuc.onk_ctx;\n+\t\t\t\tctx->w0.s.state_conf =\n+\t\t\t\t\tROC_SE_PDCP_CHAIN_CTX_KEY_IV;\n+\t\t\t\tctx->w0.s.auth_type =\n+\t\t\t\t\tROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC;\n+\t\t\t\tctx->w0.s.mac_len = mac_len;\n+\t\t\t\tctx->w0.s.auth_key_len = key_len;\n+\t\t\t\tmemcpy(ctx->st.auth_key, key, key_len);\n+\t\t\t\tcpt_zuc_const_update(ctx->st.auth_zuc_const,\n+\t\t\t\t\t\t key_len, mac_len);\n+\t\t\t\tse_ctx->fc_type = ROC_SE_PDCP_CHAIN;\n+\t\t\t} else {\n+\t\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n+\t\t\t\t\tROC_SE_PDCP_ALG_TYPE_ZUC;\n+\t\t\t\tret = cpt_pdcp_key_type_set(zs_ctx, key_len);\n+\t\t\t\tif (ret)\n+\t\t\t\t\treturn ret;\n+\t\t\t\tret = cpt_pdcp_mac_len_set(zs_ctx, mac_len);\n+\t\t\t\tif (ret)\n+\t\t\t\t\treturn ret;\n+\t\t\t\tmemcpy(ci_key, key, key_len);\n+\t\t\t\tif (key_len == 32)\n+\t\t\t\t\troc_se_zuc_bytes_swap(ci_key, key_len);\n+\t\t\t\tcpt_zuc_const_update(zuc_const, key_len,\n+\t\t\t\t\t\t mac_len);\n+\t\t\t\tse_ctx->fc_type = ROC_SE_PDCP;\n+\t\t\t}\n+\t\t\tse_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_ZUC;\n \t\t\tse_ctx->zsk_flags = 0x1;\n \t\t\tbreak;\n \t\tcase ROC_SE_AES_CMAC_EIA2:\n-\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n-\t\t\t\tROC_SE_PDCP_ALG_TYPE_AES_CTR;\n-\t\t\tzs_ctx->zuc.otk_ctx.w0.s.mac_len =\n-\t\t\t\tROC_SE_PDCP_MAC_LEN_32_BIT;\n-\t\t\tse_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;\n-\t\t\tmemcpy(ci_key, key, key_len);\n-\t\t\tse_ctx->fc_type = ROC_SE_PDCP;\n+\t\t\tif (chained_op) {\n+\t\t\t\tstruct roc_se_onk_zuc_chain_ctx *ctx =\n+\t\t\t\t\t&zs_ch_ctx->zuc.onk_ctx;\n+\t\t\t\tint key_type;\n+\t\t\t\tkey_type = cpt_pdcp_chain_key_type_get(key_len);\n+\t\t\t\tif (key_type < 0)\n+\t\t\t\t\treturn key_type;\n+\t\t\t\tctx->w0.s.auth_key_len = key_type;\n+\t\t\t\tctx->w0.s.state_conf =\n+\t\t\t\t\tROC_SE_PDCP_CHAIN_CTX_KEY_IV;\n+\t\t\t\tctx->w0.s.auth_type =\n+\t\t\t\t\tROC_SE_PDCP_ALG_TYPE_AES_CTR;\n+\t\t\t\tctx->w0.s.mac_len = mac_len;\n+\t\t\t\tmemcpy(ctx->st.auth_key, key, key_len);\n+\t\t\t\tse_ctx->fc_type = ROC_SE_PDCP_CHAIN;\n+\t\t\t} else {\n+\t\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n+\t\t\t\t\tROC_SE_PDCP_ALG_TYPE_AES_CTR;\n+\t\t\t\tzs_ctx->zuc.otk_ctx.w0.s.mac_len =\n+\t\t\t\t\tROC_SE_PDCP_MAC_LEN_32_BIT;\n+\t\t\t\tmemcpy(ci_key, key, key_len);\n+\t\t\t\tse_ctx->fc_type = ROC_SE_PDCP;\n+\t\t\t}\n+\t\t\tse_ctx->pdcp_auth_alg = ROC_SE_PDCP_ALG_TYPE_AES_CMAC;\n \t\t\tse_ctx->zsk_flags = 0x1;\n \t\t\tbreak;\n \t\tcase ROC_SE_KASUMI_F9_ECB:\n@@ -316,11 +391,16 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,\n \t\t}\n \t\tse_ctx->mac_len = mac_len;\n \t\tse_ctx->hash_type = type;\n+\t\tpdcp_alg = zs_ctx->zuc.otk_ctx.w0.s.alg_type;\n \t\tif (roc_model_is_cn9k())\n-\t\t\tse_ctx->template_w4.s.opcode_minor =\n-\t\t\t\t((1 << 7) | (se_ctx->pdcp_alg_type << 5) | 1);\n+\t\t\tif (chained_op == true)\n+\t\t\t\topcode_minor = se_ctx->ciph_then_auth ? 2 : 3;\n+\t\t\telse\n+\t\t\t\topcode_minor = ((1 << 7) | (pdcp_alg << 5) | 1);\n \t\telse\n-\t\t\tse_ctx->template_w4.s.opcode_minor = ((1 << 4) | 1);\n+\t\t\topcode_minor = ((1 << 4) | 1);\n+\n+\t\tse_ctx->template_w4.s.opcode_minor = opcode_minor;\n \t\treturn 0;\n \t}\n \n@@ -363,13 +443,18 @@ int\n roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,\n \t\t const uint8_t *key, uint16_t key_len, uint8_t *salt)\n {\n+\tbool chained_op = se_ctx->ciph_then_auth || se_ctx->auth_then_ciph;\n \tstruct roc_se_zuc_snow3g_ctx *zs_ctx = &se_ctx->se_ctx.zs_ctx;\n \tstruct roc_se_context *fctx = &se_ctx->se_ctx.fctx;\n+\tstruct roc_se_zuc_snow3g_chain_ctx *zs_ch_ctx;\n+\tuint8_t opcode_minor;\n \tuint8_t *zuc_const;\n \tuint32_t keyx[4];\n \tuint8_t *ci_key;\n \tint ret;\n \n+\tzs_ch_ctx = &se_ctx->se_ctx.zs_ch_ctx;\n+\n \tif (roc_model_is_cn9k()) {\n \t\tci_key = zs_ctx->zuc.onk_ctx.ci_key;\n \t\tzuc_const = zs_ctx->zuc.onk_ctx.zuc_const;\n@@ -447,34 +532,73 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,\n \t\tmemcpy(fctx->hmac.ipad, &key[key_len], key_len);\n \t\tbreak;\n \tcase ROC_SE_SNOW3G_UEA2:\n-\t\tzs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;\n-\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;\n-\t\tse_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_SNOW3G;\n-\t\tcpt_snow3g_key_gen(key, keyx);\n-\t\tmemcpy(ci_key, keyx, key_len);\n+\t\tif (chained_op == true) {\n+\t\t\tstruct roc_se_onk_zuc_chain_ctx *ctx =\n+\t\t\t\t&zs_ch_ctx->zuc.onk_ctx;\n+\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.state_conf =\n+\t\t\t\tROC_SE_PDCP_CHAIN_CTX_KEY_IV;\n+\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.cipher_type =\n+\t\t\t\tROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G;\n+\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.ci_key_len = key_len;\n+\t\t\tcpt_snow3g_key_gen(key, keyx);\n+\t\t\tmemcpy(ctx->st.ci_key, keyx, key_len);\n+\t\t} else {\n+\t\t\tzs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;\n+\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n+\t\t\t\tROC_SE_PDCP_ALG_TYPE_SNOW3G;\n+\t\t\tcpt_snow3g_key_gen(key, keyx);\n+\t\t\tmemcpy(ci_key, keyx, key_len);\n+\t\t}\n+\t\tse_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_SNOW3G;\n \t\tse_ctx->zsk_flags = 0;\n \t\tgoto success;\n \tcase ROC_SE_ZUC_EEA3:\n-\t\tret = cpt_pdcp_key_type_set(zs_ctx, key_len);\n-\t\tif (ret)\n-\t\t\treturn ret;\n-\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;\n-\t\tse_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;\n-\t\tmemcpy(ci_key, key, key_len);\n-\t\tif (key_len == 32) {\n-\t\t\troc_se_zuc_bytes_swap(ci_key, key_len);\n-\t\t\tmemcpy(zuc_const, zuc_key256, 16);\n-\t\t} else\n-\t\t\tmemcpy(zuc_const, zuc_key128, 32);\n+\t\tif (chained_op == true) {\n+\t\t\tstruct roc_se_onk_zuc_chain_ctx *ctx =\n+\t\t\t\t&zs_ch_ctx->zuc.onk_ctx;\n+\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.state_conf =\n+\t\t\t\tROC_SE_PDCP_CHAIN_CTX_KEY_IV;\n+\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.cipher_type =\n+\t\t\t\tROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC;\n+\t\t\tmemcpy(ctx->st.ci_key, key, key_len);\n+\t\t\tmemcpy(ctx->st.ci_zuc_const, zuc_key128, 32);\n+\t\t\tzs_ch_ctx->zuc.onk_ctx.w0.s.ci_key_len = key_len;\n+\t\t} else {\n+\t\t\tret = cpt_pdcp_key_type_set(zs_ctx, key_len);\n+\t\t\tif (ret)\n+\t\t\t\treturn ret;\n+\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n+\t\t\t\tROC_SE_PDCP_ALG_TYPE_ZUC;\n+\t\t\tmemcpy(ci_key, key, key_len);\n+\t\t\tif (key_len == 32) {\n+\t\t\t\troc_se_zuc_bytes_swap(ci_key, key_len);\n+\t\t\t\tmemcpy(zuc_const, zuc_key256, 16);\n+\t\t\t} else\n+\t\t\t\tmemcpy(zuc_const, zuc_key128, 32);\n+\t\t}\n \n+\t\tse_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_ZUC;\n \t\tse_ctx->zsk_flags = 0;\n \t\tgoto success;\n \tcase ROC_SE_AES_CTR_EEA2:\n-\t\tzs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;\n-\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n-\t\t\tROC_SE_PDCP_ALG_TYPE_AES_CTR;\n-\t\tse_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;\n-\t\tmemcpy(ci_key, key, key_len);\n+\t\tif (chained_op == true) {\n+\t\t\tstruct roc_se_onk_zuc_chain_ctx *ctx =\n+\t\t\t\t&zs_ch_ctx->zuc.onk_ctx;\n+\t\t\tint key_type;\n+\t\t\tkey_type = cpt_pdcp_chain_key_type_get(key_len);\n+\t\t\tif (key_type < 0)\n+\t\t\t\treturn key_type;\n+\t\t\tctx->w0.s.ci_key_len = key_type;\n+\t\t\tctx->w0.s.state_conf = ROC_SE_PDCP_CHAIN_CTX_KEY_IV;\n+\t\t\tctx->w0.s.cipher_type = ROC_SE_PDCP_ALG_TYPE_AES_CTR;\n+\t\t\tmemcpy(ctx->st.ci_key, key, key_len);\n+\t\t} else {\n+\t\t\tzs_ctx->zuc.otk_ctx.w0.s.key_len = ROC_SE_AES_128_BIT;\n+\t\t\tzs_ctx->zuc.otk_ctx.w0.s.alg_type =\n+\t\t\t\tROC_SE_PDCP_ALG_TYPE_AES_CTR;\n+\t\t\tmemcpy(ci_key, key, key_len);\n+\t\t}\n+\t\tse_ctx->pdcp_ci_alg = ROC_SE_PDCP_ALG_TYPE_AES_CTR;\n \t\tse_ctx->zsk_flags = 0;\n \t\tgoto success;\n \tcase ROC_SE_KASUMI_F8_ECB:\n@@ -502,11 +626,16 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,\n \tse_ctx->enc_cipher = type;\n \tif (se_ctx->fc_type == ROC_SE_PDCP) {\n \t\tif (roc_model_is_cn9k())\n-\t\t\tse_ctx->template_w4.s.opcode_minor =\n-\t\t\t\t((1 << 7) | (se_ctx->pdcp_alg_type << 5) |\n-\t\t\t\t (se_ctx->zsk_flags & 0x7));\n+\t\t\tif (chained_op == true)\n+\t\t\t\topcode_minor = se_ctx->ciph_then_auth ? 2 : 3;\n+\t\t\telse\n+\t\t\t\topcode_minor =\n+\t\t\t\t\t((1 << 7) | (se_ctx->pdcp_ci_alg << 5) |\n+\t\t\t\t\t (se_ctx->zsk_flags & 0x7));\n \t\telse\n-\t\t\tse_ctx->template_w4.s.opcode_minor = ((1 << 4));\n+\t\t\topcode_minor = ((1 << 4));\n+\n+\t\tse_ctx->template_w4.s.opcode_minor = opcode_minor;\n \t}\n \treturn 0;\n }\ndiff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h\nindex c565ec1b74..86bb3aa79d 100644\n--- a/drivers/common/cnxk/roc_se.h\n+++ b/drivers/common/cnxk/roc_se.h\n@@ -11,10 +11,11 @@\n #define ROC_SE_FC_MINOR_OP_DECRYPT 0x1\n #define ROC_SE_FC_MINOR_OP_HMAC_FIRST 0x10\n \n-#define ROC_SE_MAJOR_OP_HASH 0x34\n-#define ROC_SE_MAJOR_OP_HMAC 0x35\n-#define ROC_SE_MAJOR_OP_PDCP 0x37\n-#define ROC_SE_MAJOR_OP_KASUMI 0x38\n+#define ROC_SE_MAJOR_OP_HASH\t 0x34\n+#define ROC_SE_MAJOR_OP_HMAC\t 0x35\n+#define ROC_SE_MAJOR_OP_PDCP\t 0x37\n+#define ROC_SE_MAJOR_OP_KASUMI\t 0x38\n+#define ROC_SE_MAJOR_OP_PDCP_CHAIN 0x3C\n \n #define ROC_SE_MAJOR_OP_MISC\t\t 0x01\n #define ROC_SE_MISC_MINOR_OP_PASSTHROUGH 0x03\n@@ -38,10 +39,11 @@\n #define ROC_SE_K_F8 0x4\n #define ROC_SE_K_F9 0x8\n \n-#define ROC_SE_FC_GEN\t 0x1\n-#define ROC_SE_PDCP\t 0x2\n-#define ROC_SE_KASUMI\t 0x3\n-#define ROC_SE_HASH_HMAC 0x4\n+#define ROC_SE_FC_GEN\t 0x1\n+#define ROC_SE_PDCP\t 0x2\n+#define ROC_SE_KASUMI\t 0x3\n+#define ROC_SE_HASH_HMAC 0x4\n+#define ROC_SE_PDCP_CHAIN 0x5\n \n #define ROC_SE_OP_CIPHER_ENCRYPT 0x1\n #define ROC_SE_OP_CIPHER_DECRYPT 0x2\n@@ -224,6 +226,42 @@ struct roc_se_onk_zuc_ctx {\n \tuint8_t zuc_const[32];\n };\n \n+struct roc_se_onk_zuc_chain_ctx {\n+\tunion {\n+\t\tuint64_t u64;\n+\t\tstruct {\n+\t\t\tuint64_t cipher_type : 2;\n+\t\t\tuint64_t rsvd58_59 : 2;\n+\t\t\tuint64_t auth_type : 2;\n+\t\t\tuint64_t rsvd62_63 : 2;\n+\t\t\tuint64_t mac_len : 4;\n+\t\t\tuint64_t ci_key_len : 2;\n+\t\t\tuint64_t auth_key_len : 2;\n+\t\t\tuint64_t rsvd42_47 : 6;\n+\t\t\tuint64_t state_conf : 2;\n+\t\t\tuint64_t rsvd0_39 : 40;\n+\t\t} s;\n+\t} w0;\n+\tunion {\n+\t\tstruct {\n+\t\t\tuint8_t encr_lfsr_state[64];\n+\t\t\tuint8_t auth_lfsr_state[64];\n+\t\t};\n+\t\tstruct {\n+\t\t\tuint8_t ci_key[32];\n+\t\t\tuint8_t ci_zuc_const[32];\n+\t\t\tuint8_t auth_key[32];\n+\t\t\tuint8_t auth_zuc_const[32];\n+\t\t};\n+\t} st;\n+};\n+\n+struct roc_se_zuc_snow3g_chain_ctx {\n+\tunion {\n+\t\tstruct roc_se_onk_zuc_chain_ctx onk_ctx;\n+\t} zuc;\n+};\n+\n struct roc_se_zuc_snow3g_ctx {\n \tunion {\n \t\tstruct roc_se_onk_zuc_ctx onk_ctx;\n@@ -275,9 +313,15 @@ struct roc_se_fc_params {\n \n PLT_STATIC_ASSERT((offsetof(struct roc_se_fc_params, aad_buf) % 128) == 0);\n \n-#define ROC_SE_PDCP_ALG_TYPE_ZUC 0\n-#define ROC_SE_PDCP_ALG_TYPE_SNOW3G 1\n-#define ROC_SE_PDCP_ALG_TYPE_AES_CTR 2\n+#define ROC_SE_PDCP_ALG_TYPE_ZUC\t 0\n+#define ROC_SE_PDCP_ALG_TYPE_SNOW3G\t 1\n+#define ROC_SE_PDCP_ALG_TYPE_AES_CTR\t 2\n+#define ROC_SE_PDCP_ALG_TYPE_AES_CMAC\t 3\n+#define ROC_SE_PDCP_CHAIN_ALG_TYPE_SNOW3G 1\n+#define ROC_SE_PDCP_CHAIN_ALG_TYPE_ZUC\t 3\n+\n+#define ROC_SE_PDCP_CHAIN_CTX_LFSR 0\n+#define ROC_SE_PDCP_CHAIN_CTX_KEY_IV 1\n \n struct roc_se_ctx {\n \t/* Below fields are accessed by sw */\n@@ -289,13 +333,17 @@ struct roc_se_ctx {\n \tuint64_t hmac : 1;\n \tuint64_t zsk_flags : 3;\n \tuint64_t k_ecb : 1;\n-\tuint64_t pdcp_alg_type : 2;\n-\tuint64_t rsvd : 21;\n+\tuint64_t pdcp_ci_alg : 2;\n+\tuint64_t pdcp_auth_alg : 2;\n+\tuint16_t ciph_then_auth : 1;\n+\tuint16_t auth_then_ciph : 1;\n+\tuint64_t rsvd : 17;\n \tunion cpt_inst_w4 template_w4;\n \t/* Below fields are accessed by hardware */\n \tunion {\n \t\tstruct roc_se_context fctx;\n \t\tstruct roc_se_zuc_snow3g_ctx zs_ctx;\n+\t\tstruct roc_se_zuc_snow3g_chain_ctx zs_ch_ctx;\n \t\tstruct roc_se_kasumi_ctx k_ctx;\n \t} se_ctx;\n \tuint8_t *auth_key;\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c\nindex 7237dacb48..80071872f1 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_ops.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_ops.c\n@@ -421,14 +421,39 @@ cnxk_cpt_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)\n \treturn sizeof(struct cnxk_se_sess);\n }\n \n+static bool\n+is_valid_pdcp_cipher_alg(struct rte_crypto_sym_xform *c_xfrm,\n+\t\t\t struct cnxk_se_sess *sess)\n+{\n+\tswitch (c_xfrm->cipher.algo) {\n+\tcase RTE_CRYPTO_CIPHER_SNOW3G_UEA2:\n+\tcase RTE_CRYPTO_CIPHER_ZUC_EEA3:\n+\t\tbreak;\n+\tcase RTE_CRYPTO_CIPHER_AES_CTR:\n+\t\tsess->aes_ctr_eea2 = 1;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn false;\n+\t}\n+\n+\treturn true;\n+}\n+\n static int\n-cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n+cnxk_sess_fill(struct roc_cpt *roc_cpt, struct rte_crypto_sym_xform *xform,\n+\t struct cnxk_se_sess *sess)\n {\n \tstruct rte_crypto_sym_xform *aead_xfrm = NULL;\n \tstruct rte_crypto_sym_xform *c_xfrm = NULL;\n \tstruct rte_crypto_sym_xform *a_xfrm = NULL;\n+\tbool pdcp_chain_supported = false;\n \tbool ciph_then_auth = false;\n \n+\tif (roc_cpt->cpt_revision == ROC_CPT_REVISION_ID_96XX_B0 ||\n+\t roc_cpt->cpt_revision == ROC_CPT_REVISION_ID_96XX_C0 ||\n+\t roc_cpt->cpt_revision == ROC_CPT_REVISION_ID_98XX)\n+\t\tpdcp_chain_supported = true;\n+\n \tif (xform == NULL)\n \t\treturn -EINVAL;\n \n@@ -506,6 +531,32 @@ cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \n \t/* Cipher then auth */\n \tif (ciph_then_auth) {\n+\t\tif (c_xfrm->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {\n+\t\t\tif (a_xfrm->auth.op != RTE_CRYPTO_AUTH_OP_VERIFY)\n+\t\t\t\treturn -EINVAL;\n+\t\t\tsess->auth_first = 1;\n+\t\t\tswitch (a_xfrm->auth.algo) {\n+\t\t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n+\t\t\t\tswitch (c_xfrm->cipher.algo) {\n+\t\t\t\tcase RTE_CRYPTO_CIPHER_AES_CBC:\n+\t\t\t\t\tbreak;\n+\t\t\t\tdefault:\n+\t\t\t\t\treturn -ENOTSUP;\n+\t\t\t\t}\n+\t\t\t\tbreak;\n+\t\t\tcase RTE_CRYPTO_AUTH_SNOW3G_UIA2:\n+\t\t\tcase RTE_CRYPTO_AUTH_ZUC_EIA3:\n+\t\t\tcase RTE_CRYPTO_AUTH_AES_CMAC:\n+\t\t\t\tif (!pdcp_chain_supported ||\n+\t\t\t\t !is_valid_pdcp_cipher_alg(c_xfrm, sess))\n+\t\t\t\t\treturn -ENOTSUP;\n+\t\t\t\tbreak;\n+\t\t\tdefault:\n+\t\t\t\treturn -ENOTSUP;\n+\t\t\t}\n+\t\t}\n+\t\tsess->roc_se_ctx.ciph_then_auth = 1;\n+\t\tsess->chained_op = 1;\n \t\tif (fill_sess_cipher(c_xfrm, sess))\n \t\t\treturn -ENOTSUP;\n \t\tif (fill_sess_auth(a_xfrm, sess))\n@@ -517,6 +568,9 @@ cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \t/* else */\n \n \tif (c_xfrm->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n+\t\tif (a_xfrm->auth.op != RTE_CRYPTO_AUTH_OP_GENERATE)\n+\t\t\treturn -EINVAL;\n+\t\tsess->auth_first = 1;\n \t\tswitch (a_xfrm->auth.algo) {\n \t\tcase RTE_CRYPTO_AUTH_SHA1_HMAC:\n \t\t\tswitch (c_xfrm->cipher.algo) {\n@@ -526,11 +580,20 @@ cnxk_sess_fill(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \t\t\t\treturn -ENOTSUP;\n \t\t\t}\n \t\t\tbreak;\n+\t\tcase RTE_CRYPTO_AUTH_SNOW3G_UIA2:\n+\t\tcase RTE_CRYPTO_AUTH_ZUC_EIA3:\n+\t\tcase RTE_CRYPTO_AUTH_AES_CMAC:\n+\t\t\tif (!pdcp_chain_supported ||\n+\t\t\t !is_valid_pdcp_cipher_alg(c_xfrm, sess))\n+\t\t\t\treturn -ENOTSUP;\n+\t\t\tbreak;\n \t\tdefault:\n \t\t\treturn -ENOTSUP;\n \t\t}\n \t}\n \n+\tsess->roc_se_ctx.auth_then_ciph = 1;\n+\tsess->chained_op = 1;\n \tif (fill_sess_auth(a_xfrm, sess))\n \t\treturn -ENOTSUP;\n \tif (fill_sess_cipher(c_xfrm, sess))\n@@ -547,7 +610,7 @@ cnxk_cpt_inst_w7_get(struct cnxk_se_sess *sess, struct roc_cpt *roc_cpt)\n \tinst_w7.s.cptr = (uint64_t)&sess->roc_se_ctx.se_ctx;\n \n \t/* Set the engine group */\n-\tif (sess->zsk_flag || sess->chacha_poly)\n+\tif (sess->zsk_flag || sess->chacha_poly || sess->aes_ctr_eea2)\n \t\tinst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_SE];\n \telse\n \t\tinst_w7.s.egrp = roc_cpt->eng_grp[CPT_ENG_TYPE_IE];\n@@ -574,7 +637,7 @@ sym_session_configure(struct roc_cpt *roc_cpt, int driver_id,\n \n \tsess_priv = priv;\n \n-\tret = cnxk_sess_fill(xform, sess_priv);\n+\tret = cnxk_sess_fill(roc_cpt, xform, sess_priv);\n \tif (ret)\n \t\tgoto priv_put;\n \ndiff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h\nindex cca44f1d3e..7429d66314 100644\n--- a/drivers/crypto/cnxk/cnxk_se.h\n+++ b/drivers/crypto/cnxk/cnxk_se.h\n@@ -24,7 +24,12 @@ struct cnxk_se_sess {\n \tuint16_t chacha_poly : 1;\n \tuint16_t is_null : 1;\n \tuint16_t is_gmac : 1;\n-\tuint16_t rsvd1 : 3;\n+\tuint16_t chained_op : 1;\n+\tuint16_t auth_first : 1;\n+\tuint16_t aes_ctr_eea2 : 1;\n+\tuint16_t zs_cipher : 4;\n+\tuint16_t zs_auth : 4;\n+\tuint16_t rsvd2 : 8;\n \tuint16_t aad_length;\n \tuint8_t mac_len;\n \tuint8_t iv_length;\n@@ -63,6 +68,11 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,\n \tuint32_t *iv_s_temp, iv_temp[4];\n \tint j;\n \n+\tif (unlikely(iv_s == NULL)) {\n+\t\tmemset(iv_d, 0, 16);\n+\t\treturn;\n+\t}\n+\n \tif (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_SNOW3G) {\n \t\t/*\n \t\t * DPDK seems to provide it in form of IV3 IV2 IV1 IV0\n@@ -74,7 +84,8 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,\n \t\tfor (j = 0; j < 4; j++)\n \t\t\tiv_temp[j] = iv_s_temp[3 - j];\n \t\tmemcpy(iv_d, iv_temp, 16);\n-\t} else if (pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) {\n+\t} else if ((pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_ZUC) ||\n+\t\t pdcp_alg_type == ROC_SE_PDCP_ALG_TYPE_AES_CTR) {\n \t\tif (pack_iv) {\n \t\t\tcpt_pack_iv(iv_s, iv_d);\n \t\t\tmemcpy(iv_d + 6, iv_s + 8, 17);\n@@ -997,6 +1008,110 @@ cpt_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,\n \treturn 0;\n }\n \n+static __rte_always_inline int\n+cpt_pdcp_chain_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,\n+\t\t\tstruct roc_se_fc_params *params,\n+\t\t\tstruct cpt_inst_s *inst)\n+{\n+\tuint32_t encr_offset, auth_offset, iv_offset = 0;\n+\tuint8_t *auth_iv = NULL, *cipher_iv = NULL;\n+\tuint32_t encr_data_len, auth_data_len;\n+\tuint8_t pdcp_ci_alg, pdcp_auth_alg;\n+\tunion cpt_inst_w4 cpt_inst_w4;\n+\tstruct roc_se_ctx *se_ctx;\n+\tconst int iv_len = 32;\n+\tuint32_t mac_len = 0;\n+\tuint8_t pack_iv = 0;\n+\tvoid *offset_vaddr;\n+\tint32_t inputlen;\n+\tvoid *dm_vaddr;\n+\tuint8_t *iv_d;\n+\n+\tif (unlikely((!(req_flags & ROC_SE_SINGLE_BUF_INPLACE)) ||\n+\t\t (!(req_flags & ROC_SE_SINGLE_BUF_HEADROOM)))) {\n+\t\tplt_dp_err(\"Scatter gather mode is not supported\");\n+\t\treturn -1;\n+\t}\n+\n+\tencr_offset = ROC_SE_ENCR_OFFSET(d_offs);\n+\tauth_offset = ROC_SE_AUTH_OFFSET(d_offs);\n+\n+\tif (auth_offset != encr_offset) {\n+\t\tplt_dp_err(\"encr_offset and auth_offset are not same\");\n+\t\tplt_dp_err(\"enc_offset: %d\", encr_offset);\n+\t\tplt_dp_err(\"auth_offset: %d\", auth_offset);\n+\t\treturn -1;\n+\t}\n+\n+\tif (unlikely(encr_offset >> 16)) {\n+\t\tplt_dp_err(\"Offset not supported\");\n+\t\tplt_dp_err(\"enc_offset: %d\", encr_offset);\n+\t\treturn -1;\n+\t}\n+\n+\tse_ctx = params->ctx_buf.vaddr;\n+\tmac_len = se_ctx->mac_len;\n+\tpdcp_ci_alg = se_ctx->pdcp_ci_alg;\n+\tpdcp_auth_alg = se_ctx->pdcp_auth_alg;\n+\n+\tencr_data_len = ROC_SE_ENCR_DLEN(d_lens);\n+\tauth_data_len = ROC_SE_AUTH_DLEN(d_lens);\n+\n+\tif ((auth_data_len + mac_len) != encr_data_len) {\n+\t\tplt_dp_err(\"(auth_data_len + mac_len) != encr_data_len\");\n+\t\tplt_dp_err(\"auth_data_len: %d\", auth_data_len);\n+\t\tplt_dp_err(\"encr_data_len: %d\", encr_data_len);\n+\t\tplt_dp_err(\"mac_len: %d\", mac_len);\n+\t\treturn -1;\n+\t}\n+\n+\tcpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP_CHAIN;\n+\tcpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;\n+\n+\tcpt_inst_w4.s.param1 = auth_data_len;\n+\tcpt_inst_w4.s.param2 = 0;\n+\n+\tif (likely(params->auth_iv_len))\n+\t\tauth_iv = params->auth_iv_buf;\n+\n+\tif (likely(params->cipher_iv_len))\n+\t\tcipher_iv = params->iv_buf;\n+\n+\tencr_offset += iv_len;\n+\n+\tif (se_ctx->auth_then_ciph)\n+\t\tinputlen = encr_offset + auth_data_len;\n+\telse\n+\t\tinputlen = encr_offset + encr_data_len;\n+\n+\tdm_vaddr = params->bufs[0].vaddr;\n+\n+\t/* Use Direct mode */\n+\n+\toffset_vaddr = (uint64_t *)((uint8_t *)dm_vaddr - ROC_SE_OFF_CTRL_LEN -\n+\t\t\t\t iv_len);\n+\n+\t/* DPTR */\n+\tinst->dptr = (uint64_t)offset_vaddr;\n+\t/* RPTR should just exclude offset control word */\n+\tinst->rptr = (uint64_t)dm_vaddr - iv_len;\n+\n+\tcpt_inst_w4.s.dlen = inputlen + ROC_SE_OFF_CTRL_LEN;\n+\n+\t*(uint64_t *)offset_vaddr = rte_cpu_to_be_64(\n+\t\t((uint64_t)(iv_offset) << 16) | ((uint64_t)(encr_offset)));\n+\n+\tiv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN);\n+\tpdcp_iv_copy(iv_d, cipher_iv, pdcp_ci_alg, pack_iv);\n+\n+\tiv_d = ((uint8_t *)offset_vaddr + ROC_SE_OFF_CTRL_LEN + 16);\n+\tpdcp_iv_copy(iv_d, auth_iv, pdcp_auth_alg, pack_iv);\n+\n+\tinst->w4.u64 = cpt_inst_w4.u64;\n+\n+\treturn 0;\n+}\n+\n static __rte_always_inline int\n cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,\n \t\t struct roc_se_fc_params *params, struct cpt_inst_s *inst)\n@@ -1018,7 +1133,6 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,\n \tse_ctx = params->ctx_buf.vaddr;\n \tflags = se_ctx->zsk_flags;\n \tmac_len = se_ctx->mac_len;\n-\tpdcp_alg_type = se_ctx->pdcp_alg_type;\n \n \tcpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_PDCP;\n \tcpt_inst_w4.s.opcode_minor = se_ctx->template_w4.s.opcode_minor;\n@@ -1032,8 +1146,9 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,\n \t\t */\n \t\tauth_data_len = ROC_SE_AUTH_DLEN(d_lens);\n \t\tauth_offset = ROC_SE_AUTH_OFFSET(d_offs);\n+\t\tpdcp_alg_type = se_ctx->pdcp_auth_alg;\n \n-\t\tif (se_ctx->pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CTR) {\n+\t\tif (pdcp_alg_type != ROC_SE_PDCP_ALG_TYPE_AES_CMAC) {\n \t\t\tiv_len = params->auth_iv_len;\n \n \t\t\tif (iv_len == 25) {\n@@ -1067,6 +1182,7 @@ cpt_pdcp_alg_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,\n \t} else {\n \t\tiv_s = params->iv_buf;\n \t\tiv_len = params->cipher_iv_len;\n+\t\tpdcp_alg_type = se_ctx->pdcp_ci_alg;\n \n \t\tif (iv_len == 25) {\n \t\t\troc_se_zuc_bytes_swap(iv_s, iv_len);\n@@ -1609,6 +1725,9 @@ cpt_fc_dec_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,\n \t\tret = cpt_pdcp_alg_prep(flags, d_offs, d_lens, fc_params, inst);\n \t} else if (fc_type == ROC_SE_KASUMI) {\n \t\tret = cpt_kasumi_dec_prep(d_offs, d_lens, fc_params, inst);\n+\t} else if (fc_type == ROC_SE_PDCP_CHAIN) {\n+\t\tret = cpt_pdcp_chain_alg_prep(flags, d_offs, d_lens, fc_params,\n+\t\t\t\t\t inst);\n \t}\n \n \t/*\n@@ -1640,6 +1759,9 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,\n \t\t\t\t\t inst);\n \t} else if (fc_type == ROC_SE_HASH_HMAC) {\n \t\tret = cpt_digest_gen_prep(flags, d_lens, fc_params, inst);\n+\t} else if (fc_type == ROC_SE_PDCP_CHAIN) {\n+\t\tret = cpt_pdcp_chain_alg_prep(flags, d_offs, d_lens, fc_params,\n+\t\t\t\t\t inst);\n \t}\n \n \treturn ret;\n@@ -1713,10 +1835,10 @@ fill_sess_aead(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n static __rte_always_inline int\n fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n {\n+\tuint8_t zsk_flag = 0, zs_cipher = 0, aes_ctr = 0, is_null = 0;\n \tstruct rte_crypto_cipher_xform *c_form;\n \troc_se_cipher_type enc_type = 0; /* NULL Cipher type */\n \tuint32_t cipher_key_len = 0;\n-\tuint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;\n \n \tc_form = &xform->cipher;\n \n@@ -1750,28 +1872,37 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \t\tcipher_key_len = 8;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_CTR:\n-\t\tenc_type = ROC_SE_AES_CTR;\n+\t\tif (sess->aes_ctr_eea2) {\n+\t\t\tenc_type = ROC_SE_AES_CTR_EEA2;\n+\t\t} else {\n+\t\t\tenc_type = ROC_SE_AES_CTR;\n+\t\t\taes_ctr = 1;\n+\t\t}\n \t\tcipher_key_len = 16;\n-\t\taes_ctr = 1;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_NULL:\n \t\tenc_type = 0;\n \t\tis_null = 1;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_KASUMI_F8:\n+\t\tif (sess->chained_op)\n+\t\t\treturn -ENOTSUP;\n \t\tenc_type = ROC_SE_KASUMI_F8_ECB;\n \t\tcipher_key_len = 16;\n \t\tzsk_flag = ROC_SE_K_F8;\n+\t\tzs_cipher = ROC_SE_K_F8;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_SNOW3G_UEA2:\n \t\tenc_type = ROC_SE_SNOW3G_UEA2;\n \t\tcipher_key_len = 16;\n \t\tzsk_flag = ROC_SE_ZS_EA;\n+\t\tzs_cipher = ROC_SE_ZS_EA;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_ZUC_EEA3:\n \t\tenc_type = ROC_SE_ZUC_EEA3;\n \t\tcipher_key_len = c_form->key.length;\n \t\tzsk_flag = ROC_SE_ZS_EA;\n+\t\tzs_cipher = ROC_SE_ZS_EA;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_XTS:\n \t\tenc_type = ROC_SE_AES_XTS;\n@@ -1802,7 +1933,19 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \t\treturn -1;\n \t}\n \n+\tif (zsk_flag && sess->roc_se_ctx.ciph_then_auth) {\n+\t\tstruct rte_crypto_auth_xform *a_form;\n+\t\ta_form = &xform->next->auth;\n+\t\tif (c_form->op != RTE_CRYPTO_CIPHER_OP_DECRYPT &&\n+\t\t a_form->op != RTE_CRYPTO_AUTH_OP_VERIFY) {\n+\t\t\tplt_dp_err(\"Crypto: PDCP cipher then auth must use\"\n+\t\t\t\t \" options: decrypt and verify\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t}\n+\n \tsess->zsk_flag = zsk_flag;\n+\tsess->zs_cipher = zs_cipher;\n \tsess->aes_gcm = 0;\n \tsess->aes_ctr = aes_ctr;\n \tsess->iv_offset = c_form->iv.offset;\n@@ -1822,9 +1965,9 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n static __rte_always_inline int\n fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n {\n+\tuint8_t zsk_flag = 0, zs_auth = 0, aes_gcm = 0, is_null = 0;\n \tstruct rte_crypto_auth_xform *a_form;\n \troc_se_auth_type auth_type = 0; /* NULL Auth type */\n-\tuint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;\n \n \tif (xform->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC)\n \t\treturn fill_sess_gmac(xform, sess);\n@@ -1879,20 +2022,25 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \t\tauth_type = ROC_SE_MD5_TYPE;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_KASUMI_F9:\n+\t\tif (sess->chained_op)\n+\t\t\treturn -ENOTSUP;\n \t\tauth_type = ROC_SE_KASUMI_F9_ECB;\n \t\t/*\n \t\t * Indicate that direction needs to be taken out\n \t\t * from end of src\n \t\t */\n \t\tzsk_flag = ROC_SE_K_F9;\n+\t\tzs_auth = ROC_SE_K_F9;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_SNOW3G_UIA2:\n \t\tauth_type = ROC_SE_SNOW3G_UIA2;\n \t\tzsk_flag = ROC_SE_ZS_IA;\n+\t\tzs_auth = ROC_SE_ZS_IA;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_ZUC_EIA3:\n \t\tauth_type = ROC_SE_ZUC_EIA3;\n \t\tzsk_flag = ROC_SE_ZS_IA;\n+\t\tzs_auth = ROC_SE_ZS_IA;\n \t\tbreak;\n \tcase RTE_CRYPTO_AUTH_NULL:\n \t\tauth_type = 0;\n@@ -1912,7 +2060,19 @@ fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)\n \t\treturn -1;\n \t}\n \n+\tif (zsk_flag && sess->roc_se_ctx.auth_then_ciph) {\n+\t\tstruct rte_crypto_cipher_xform *c_form;\n+\t\tc_form = &xform->next->cipher;\n+\t\tif (c_form->op != RTE_CRYPTO_CIPHER_OP_ENCRYPT &&\n+\t\t a_form->op != RTE_CRYPTO_AUTH_OP_GENERATE) {\n+\t\t\tplt_dp_err(\"Crypto: PDCP auth then cipher must use\"\n+\t\t\t\t \" options: encrypt and generate\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\t}\n+\n \tsess->zsk_flag = zsk_flag;\n+\tsess->zs_auth = zs_auth;\n \tsess->aes_gcm = aes_gcm;\n \tsess->mac_len = a_form->digest_length;\n \tsess->is_null = is_null;\n@@ -2121,11 +2281,15 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,\n \tuint8_t inplace = 1;\n #endif\n \tstruct roc_se_fc_params fc_params;\n+\tbool chain = sess->chained_op;\n \tchar src[SRC_IOV_SIZE];\n \tchar dst[SRC_IOV_SIZE];\n \tuint32_t iv_buf[4];\n+\tbool pdcp_chain;\n \tint ret;\n \n+\tpdcp_chain = chain && (sess->zs_auth || sess->zs_cipher);\n+\n \tfc_params.cipher_iv_len = sess->iv_length;\n \tfc_params.auth_iv_len = sess->auth_iv_length;\n \n@@ -2143,10 +2307,11 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,\n \t\t}\n \t}\n \n-\tif (sess->zsk_flag) {\n-\t\tfc_params.auth_iv_buf = rte_crypto_op_ctod_offset(\n-\t\t\tcop, uint8_t *, sess->auth_iv_offset);\n-\t\tif (sess->zsk_flag != ROC_SE_ZS_EA)\n+\tif (sess->zsk_flag || sess->zs_auth) {\n+\t\tif (sess->auth_iv_length)\n+\t\t\tfc_params.auth_iv_buf = rte_crypto_op_ctod_offset(\n+\t\t\t\tcop, uint8_t *, sess->auth_iv_offset);\n+\t\tif ((!chain) && (sess->zsk_flag != ROC_SE_ZS_EA))\n \t\t\tinplace = 0;\n \t}\n \tm_src = sym_op->m_src;\n@@ -2203,17 +2368,35 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,\n \t\t\t}\n \t\t}\n \t} else {\n-\t\td_offs = sym_op->cipher.data.offset;\n-\t\td_lens = sym_op->cipher.data.length;\n-\t\tmc_hash_off =\n-\t\t\tsym_op->cipher.data.offset + sym_op->cipher.data.length;\n-\t\td_offs = (d_offs << 16) | sym_op->auth.data.offset;\n-\t\td_lens = (d_lens << 32) | sym_op->auth.data.length;\n-\n-\t\tif (mc_hash_off <\n-\t\t (sym_op->auth.data.offset + sym_op->auth.data.length)) {\n-\t\t\tmc_hash_off = (sym_op->auth.data.offset +\n-\t\t\t\t sym_op->auth.data.length);\n+\t\tuint32_t ci_data_length = sym_op->cipher.data.length;\n+\t\tuint32_t ci_data_offset = sym_op->cipher.data.offset;\n+\t\tuint32_t a_data_length = sym_op->auth.data.length;\n+\t\tuint32_t a_data_offset = sym_op->auth.data.offset;\n+\n+\t\tif (pdcp_chain) {\n+\t\t\tif (sess->zs_cipher) {\n+\t\t\t\tci_data_length /= 8;\n+\t\t\t\tci_data_offset /= 8;\n+\t\t\t}\n+\t\t\tif (sess->zs_auth) {\n+\t\t\t\ta_data_length /= 8;\n+\t\t\t\ta_data_offset /= 8;\n+\t\t\t}\n+\t\t}\n+\n+\t\td_offs = ci_data_offset;\n+\t\td_offs = (d_offs << 16) | a_data_offset;\n+\n+\t\td_lens = ci_data_length;\n+\t\td_lens = (d_lens << 32) | a_data_length;\n+\n+\t\tif (sess->auth_first)\n+\t\t\tmc_hash_off = a_data_offset + a_data_length;\n+\t\telse\n+\t\t\tmc_hash_off = ci_data_offset + ci_data_length;\n+\n+\t\tif (mc_hash_off < (a_data_offset + a_data_length)) {\n+\t\t\tmc_hash_off = (a_data_offset + a_data_length);\n \t\t}\n \t\t/* for gmac, salt should be updated like in gcm */\n \t\tif (unlikely(sess->is_gmac)) {\n@@ -2247,7 +2430,7 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,\n \t}\n \tfc_params.ctx_buf.vaddr = &sess->roc_se_ctx;\n \n-\tif (!(op_minor & ROC_SE_FC_MINOR_OP_HMAC_FIRST) &&\n+\tif (!(sess->auth_first) && (!pdcp_chain) &&\n \t unlikely(sess->is_null || sess->cpt_op == ROC_SE_OP_DECODE))\n \t\tinplace = 0;\n \n@@ -2304,8 +2487,8 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,\n \n \tif (unlikely(!((flags & ROC_SE_SINGLE_BUF_INPLACE) &&\n \t\t (flags & ROC_SE_SINGLE_BUF_HEADROOM) &&\n-\t\t ((ctx->fc_type == ROC_SE_FC_GEN) ||\n-\t\t\t(ctx->fc_type == ROC_SE_PDCP))))) {\n+\t\t ((ctx->fc_type != ROC_SE_KASUMI) &&\n+\t\t\t(ctx->fc_type != ROC_SE_HASH_HMAC))))) {\n \t\tmdata = alloc_op_meta(&fc_params.meta_buf, m_info->mlen,\n \t\t\t\t m_info->pool, infl_req);\n \t\tif (mdata == NULL) {\n", "prefixes": [ "2/4" ] }