Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/60979/?format=api
{ "id": 60979, "url": "http://patchwork.dpdk.org/api/patches/60979/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/patch/20191011163233.31017-6-hemant.agrawal@nxp.com/", "project": { "id": 1, "url": "http://patchwork.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20191011163233.31017-6-hemant.agrawal@nxp.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20191011163233.31017-6-hemant.agrawal@nxp.com", "date": "2019-10-11T16:32:28", "name": "[05/10] crypto/dpaa2_sec: add support of auth trailer in cipher-auth", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "a11fe3141303ad3141f940ac3c2cd3b2e9f78234", "submitter": { "id": 477, "url": "http://patchwork.dpdk.org/api/people/477/?format=api", "name": "Hemant Agrawal", "email": "hemant.agrawal@nxp.com" }, "delegate": { "id": 6690, "url": "http://patchwork.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patchwork.dpdk.org/project/dpdk/patch/20191011163233.31017-6-hemant.agrawal@nxp.com/mbox/", "series": [ { "id": 6807, "url": "http://patchwork.dpdk.org/api/series/6807/?format=api", "web_url": "http://patchwork.dpdk.org/project/dpdk/list/?series=6807", "date": "2019-10-11T16:32:23", "name": "NXP DPAAx crypto fixes", "version": 1, "mbox": "http://patchwork.dpdk.org/series/6807/mbox/" } ], "comments": "http://patchwork.dpdk.org/api/patches/60979/comments/", "check": "fail", "checks": "http://patchwork.dpdk.org/api/patches/60979/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id C63CD1EB61;\n\tFri, 11 Oct 2019 18:35:24 +0200 (CEST)", "from inva020.nxp.com (inva020.nxp.com [92.121.34.13])\n\tby dpdk.org (Postfix) with ESMTP id 4F1B91EB45\n\tfor <dev@dpdk.org>; Fri, 11 Oct 2019 18:35:16 +0200 (CEST)", "from inva020.nxp.com (localhost [127.0.0.1])\n\tby inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 2E4141A056F;\n\tFri, 11 Oct 2019 18:35:16 +0200 (CEST)", "from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com\n\t[165.114.16.14])\n\tby inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id D82FE1A0586;\n\tFri, 11 Oct 2019 18:35:13 +0200 (CEST)", "from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net\n\t[10.232.133.63])\n\tby invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id C00EC402DA;\n\tSat, 12 Oct 2019 00:35:10 +0800 (SGT)" ], "From": "Hemant Agrawal <hemant.agrawal@nxp.com>", "To": "dev@dpdk.org", "Cc": "akhil.goyal@nxp.com,\n\tVakul Garg <vakul.garg@nxp.com>", "Date": "Fri, 11 Oct 2019 22:02:28 +0530", "Message-Id": "<20191011163233.31017-6-hemant.agrawal@nxp.com>", "X-Mailer": "git-send-email 2.17.1", "In-Reply-To": "<20191011163233.31017-1-hemant.agrawal@nxp.com>", "References": "<20191011163233.31017-1-hemant.agrawal@nxp.com>", "X-Virus-Scanned": "ClamAV using ClamSMTP", "Subject": "[dpdk-dev] [PATCH 05/10] crypto/dpaa2_sec: add support of auth\n\ttrailer in cipher-auth", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: Vakul Garg <vakul.garg@nxp.com>\n\nThis patch adds support of auth-only data trailing after cipher data.\n\nSigned-off-by: Vakul Garg <vakul.garg@nxp.com>\n---\n drivers/crypto/caam_jr/caam_jr.c | 24 +--\n drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 17 +-\n drivers/crypto/dpaa2_sec/hw/desc/ipsec.h | 167 ++++++++------------\n drivers/crypto/dpaa_sec/dpaa_sec.c | 35 +++-\n 4 files changed, 121 insertions(+), 122 deletions(-)", "diff": "diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c\nindex 57101d9a6..6ceba18f1 100644\n--- a/drivers/crypto/caam_jr/caam_jr.c\n+++ b/drivers/crypto/caam_jr/caam_jr.c\n@@ -450,13 +450,11 @@ caam_jr_prep_cdb(struct caam_jr_session *ses)\n \t\t\t\t\t\t&alginfo_c, &alginfo_a);\n \t\t\t}\n \t\t} else {\n-\t\t\t/* Auth_only_len is set as 0 here and it will be\n-\t\t\t * overwritten in fd for each packet.\n-\t\t\t */\n+\t\t\t/* Auth_only_len is overwritten in fd for each job */\n \t\t\tshared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,\n \t\t\t\t\ttrue, swap, SHR_SERIAL,\n \t\t\t\t\t&alginfo_c, &alginfo_a,\n-\t\t\t\t\tses->iv.length, 0,\n+\t\t\t\t\tses->iv.length,\n \t\t\t\t\tses->digest_length, ses->dir);\n \t\t}\n \t}\n@@ -1066,10 +1064,11 @@ build_cipher_auth_sg(struct rte_crypto_op *op, struct caam_jr_session *ses)\n \tuint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,\n \t\t\tses->iv.offset);\n \tstruct sec_job_descriptor_t *jobdescr;\n-\tuint32_t auth_only_len;\n-\n-\tauth_only_len = op->sym->auth.data.length -\n-\t\t\t\top->sym->cipher.data.length;\n+\tuint16_t auth_hdr_len = sym->cipher.data.offset -\n+\t\t\tsym->auth.data.offset;\n+\tuint16_t auth_tail_len = sym->auth.data.length -\n+\t\t\tsym->cipher.data.length - auth_hdr_len;\n+\tuint32_t auth_only_len = (auth_tail_len << 16) | auth_hdr_len;\n \n \tif (sym->m_dst) {\n \t\tmbuf = sym->m_dst;\n@@ -1208,10 +1207,11 @@ build_cipher_auth(struct rte_crypto_op *op, struct caam_jr_session *ses)\n \tuint8_t *IV_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,\n \t\t\tses->iv.offset);\n \tstruct sec_job_descriptor_t *jobdescr;\n-\tuint32_t auth_only_len;\n-\n-\tauth_only_len = op->sym->auth.data.length -\n-\t\t\t\top->sym->cipher.data.length;\n+\tuint16_t auth_hdr_len = sym->cipher.data.offset -\n+\t\t\tsym->auth.data.offset;\n+\tuint16_t auth_tail_len = sym->auth.data.length -\n+\t\t\tsym->cipher.data.length - auth_hdr_len;\n+\tuint32_t auth_only_len = (auth_tail_len << 16) | auth_hdr_len;\n \n \tsrc_start_addr = rte_pktmbuf_iova(sym->m_src);\n \tif (sym->m_dst)\ndiff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c\nindex 8803e8d3c..23a3fa929 100644\n--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c\n+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c\n@@ -583,8 +583,11 @@ build_authenc_sg_fd(dpaa2_sec_session *sess,\n \tstruct ctxt_priv *priv = sess->ctxt;\n \tstruct qbman_fle *fle, *sge, *ip_fle, *op_fle;\n \tstruct sec_flow_context *flc;\n-\tuint32_t auth_only_len = sym_op->auth.data.length -\n-\t\t\t\tsym_op->cipher.data.length;\n+\tuint16_t auth_hdr_len = sym_op->cipher.data.offset -\n+\t\t\t\tsym_op->auth.data.offset;\n+\tuint16_t auth_tail_len = sym_op->auth.data.length -\n+\t\t\t\tsym_op->cipher.data.length - auth_hdr_len;\n+\tuint32_t auth_only_len = (auth_tail_len << 16) | auth_hdr_len;\n \tint icv_len = sess->digest_length;\n \tuint8_t *old_icv;\n \tstruct rte_mbuf *mbuf;\n@@ -727,8 +730,12 @@ build_authenc_fd(dpaa2_sec_session *sess,\n \tstruct ctxt_priv *priv = sess->ctxt;\n \tstruct qbman_fle *fle, *sge;\n \tstruct sec_flow_context *flc;\n-\tuint32_t auth_only_len = sym_op->auth.data.length -\n-\t\t\t\tsym_op->cipher.data.length;\n+\tuint16_t auth_hdr_len = sym_op->cipher.data.offset -\n+\t\t\t\tsym_op->auth.data.offset;\n+\tuint16_t auth_tail_len = sym_op->auth.data.length -\n+\t\t\t\tsym_op->cipher.data.length - auth_hdr_len;\n+\tuint32_t auth_only_len = (auth_tail_len << 16) | auth_hdr_len;\n+\n \tint icv_len = sess->digest_length, retval;\n \tuint8_t *old_icv;\n \tuint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,\n@@ -2217,7 +2224,6 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,\n \t\t struct rte_crypto_sym_xform *xform,\n \t\t dpaa2_sec_session *session)\n {\n-\tstruct dpaa2_sec_aead_ctxt *ctxt = &session->ext_params.aead_ctxt;\n \tstruct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;\n \tstruct alginfo authdata, cipherdata;\n \tint bufsize;\n@@ -2411,7 +2417,6 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,\n \t\t\t\t\t 0, SHR_SERIAL,\n \t\t\t\t\t &cipherdata, &authdata,\n \t\t\t\t\t session->iv.length,\n-\t\t\t\t\t ctxt->auth_only_len,\n \t\t\t\t\t session->digest_length,\n \t\t\t\t\t session->dir);\n \t\tif (bufsize < 0) {\ndiff --git a/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h b/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h\nindex d071f46fd..d1ffd7fd2 100644\n--- a/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h\n+++ b/drivers/crypto/dpaa2_sec/hw/desc/ipsec.h\n@@ -1412,9 +1412,6 @@ cnstr_shdsc_ipsec_new_decap(uint32_t *descbuf, bool ps,\n *\n * @ivlen: length of the IV to be read from the input frame, before any data\n * to be processed\n- * @auth_only_len: length of the data to be authenticated-only (commonly IP\n- * header, IV, Sequence number and SPI)\n- * Note: Extended Sequence Number processing is NOT supported\n *\n * @trunc_len: the length of the ICV to be written to the output frame. If 0,\n * then the corresponding length of the digest, according to the\n@@ -1425,30 +1422,30 @@ cnstr_shdsc_ipsec_new_decap(uint32_t *descbuf, bool ps,\n * will be done correctly:\n * For encapsulation:\n * Input:\n- * +----+----------------+---------------------------------------------+\n- * | IV | Auth-only data | Padded data to be authenticated & Encrypted |\n- * +----+----------------+---------------------------------------------+\n+ * +----+----------------+-----------------------------------------------+\n+ * | IV | Auth-only head | Padded data to be auth & Enc | Auth-only tail |\n+ * +----+----------------+-----------------------------------------------+\n * Output:\n * +--------------------------------------+\n * | Authenticated & Encrypted data | ICV |\n * +--------------------------------+-----+\n-\n+ *\n * For decapsulation:\n * Input:\n- * +----+----------------+--------------------------------+-----+\n- * | IV | Auth-only data | Authenticated & Encrypted data | ICV |\n- * +----+----------------+--------------------------------+-----+\n+ * +----+----------------+-----------------+----------------------+\n+ * | IV | Auth-only head | Auth & Enc data | Auth-only tail | ICV |\n+ * +----+----------------+-----------------+----------------------+\n * Output:\n- * +----+--------------------------+\n+ * +----+---------------------------+\n * | Decrypted & authenticated data |\n- * +----+--------------------------+\n+ * +----+---------------------------+\n *\n * Note: This descriptor can use per-packet commands, encoded as below in the\n * DPOVRD register:\n- * 32 24 16 0\n- * +------+---------------------+\n- * | 0x80 | 0x00| auth_only_len |\n- * +------+---------------------+\n+ * 32 28 16\t 1\n+ * +------+------------------------------+\n+ * | 0x8 | auth_tail_len | auth_hdr_len |\n+ * +------+------------------------------+\n *\n * This mechanism is available only for SoCs having SEC ERA >= 3. In other\n * words, this will not work for P4080TO2\n@@ -1465,7 +1462,7 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,\n \t\t enum rta_share_type share,\n \t\t struct alginfo *cipherdata,\n \t\t struct alginfo *authdata,\n-\t\t uint16_t ivlen, uint16_t auth_only_len,\n+\t\t uint16_t ivlen,\n \t\t uint8_t trunc_len, uint8_t dir)\n {\n \tstruct program prg;\n@@ -1473,16 +1470,16 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,\n \tconst bool need_dk = (dir == DIR_DEC) &&\n \t\t\t (cipherdata->algtype == OP_ALG_ALGSEL_AES) &&\n \t\t\t (cipherdata->algmode == OP_ALG_AAI_CBC);\n+\tint data_type;\n \n-\tLABEL(skip_patch_len);\n \tLABEL(keyjmp);\n \tLABEL(skipkeys);\n-\tLABEL(aonly_len_offset);\n-\tREFERENCE(pskip_patch_len);\n+\tLABEL(proc_icv);\n+\tLABEL(no_auth_tail);\n \tREFERENCE(pkeyjmp);\n \tREFERENCE(pskipkeys);\n-\tREFERENCE(read_len);\n-\tREFERENCE(write_len);\n+\tREFERENCE(p_proc_icv);\n+\tREFERENCE(p_no_auth_tail);\n \n \tPROGRAM_CNTXT_INIT(p, descbuf, 0);\n \n@@ -1500,48 +1497,15 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,\n \n \tSHR_HDR(p, share, 1, SC);\n \n-\t/*\n-\t * M0 will contain the value provided by the user when creating\n-\t * the shared descriptor. If the user provided an override in\n-\t * DPOVRD, then M0 will contain that value\n-\t */\n-\tMATHB(p, MATH0, ADD, auth_only_len, MATH0, 4, IMMED2);\n-\n-\tif (rta_sec_era >= RTA_SEC_ERA_3) {\n-\t\t/*\n-\t\t * Check if the user wants to override the auth-only len\n-\t\t */\n-\t\tMATHB(p, DPOVRD, ADD, 0x80000000, MATH2, 4, IMMED2);\n-\n-\t\t/*\n-\t\t * No need to patch the length of the auth-only data read if\n-\t\t * the user did not override it\n-\t\t */\n-\t\tpskip_patch_len = JUMP(p, skip_patch_len, LOCAL_JUMP, ALL_TRUE,\n-\t\t\t\t MATH_N);\n-\n-\t\t/* Get auth-only len in M0 */\n-\t\tMATHB(p, MATH2, AND, 0xFFFF, MATH0, 4, IMMED2);\n-\n-\t\t/*\n-\t\t * Since M0 is used in calculations, don't mangle it, copy\n-\t\t * its content to M1 and use this for patching.\n-\t\t */\n-\t\tMATHB(p, MATH0, ADD, MATH1, MATH1, 4, 0);\n-\n-\t\tread_len = MOVE(p, DESCBUF, 0, MATH1, 0, 6, WAITCOMP | IMMED);\n-\t\twrite_len = MOVE(p, MATH1, 0, DESCBUF, 0, 8, WAITCOMP | IMMED);\n-\n-\t\tSET_LABEL(p, skip_patch_len);\n-\t}\n-\t/*\n-\t * MATH0 contains the value in DPOVRD w/o the MSB, or the initial\n-\t * value, as provided by the user at descriptor creation time\n-\t */\n-\tif (dir == DIR_ENC)\n-\t\tMATHB(p, MATH0, ADD, ivlen, MATH0, 4, IMMED2);\n-\telse\n-\t\tMATHB(p, MATH0, ADD, ivlen + trunc_len, MATH0, 4, IMMED2);\n+\t/* Collect the (auth_tail || auth_hdr) len from DPOVRD */\n+\tMATHB(p, DPOVRD, ADD, 0x80000000, MATH2, 4, IMMED2);\n+\n+\t/* Get auth_hdr len in MATH0 */\n+\tMATHB(p, MATH2, AND, 0xFFFF, MATH0, 4, IMMED2);\n+\n+\t/* Get auth_tail len in MATH2 */\n+\tMATHB(p, MATH2, AND, 0xFFF0000, MATH2, 4, IMMED2);\n+\tMATHI(p, MATH2, RSHIFT, 16, MATH2, 4, IMMED2);\n \n \tpkeyjmp = JUMP(p, keyjmp, LOCAL_JUMP, ALL_TRUE, SHRD);\n \n@@ -1581,61 +1545,70 @@ cnstr_shdsc_authenc(uint32_t *descbuf, bool ps, bool swap,\n \t\t\t OP_ALG_AS_INITFINAL, ICV_CHECK_DISABLE, dir);\n \t}\n \n+\t/* Read IV */\n+\tif (cipherdata->algmode == OP_ALG_AAI_CTR)\n+\t\tSEQLOAD(p, CONTEXT1, 16, ivlen, 0);\n+\telse\n+\t\tSEQLOAD(p, CONTEXT1, 0, ivlen, 0);\n+\n+\t/*\n+\t * authenticate auth_hdr data\n+\t */\n+\tMATHB(p, MATH0, ADD, ZERO, VSEQINSZ, 4, 0);\n+\tSEQFIFOLOAD(p, MSG2, 0, VLF);\n+\n \t/*\n \t * Prepare the length of the data to be both encrypted/decrypted\n \t * and authenticated/checked\n \t */\n-\tMATHB(p, SEQINSZ, SUB, MATH0, VSEQINSZ, 4, 0);\n+\tMATHB(p, SEQINSZ, SUB, MATH2, VSEQINSZ, 4, 0);\n+\tif (dir == DIR_DEC) {\n+\t\tMATHB(p, VSEQINSZ, SUB, trunc_len, VSEQINSZ, 4, IMMED2);\n+\t\tdata_type = MSGINSNOOP;\n+\t} else {\n+\t\tdata_type = MSGOUTSNOOP;\n+\t}\n \n-\tMATHB(p, VSEQINSZ, SUB, MATH3, VSEQOUTSZ, 4, 0);\n+\tMATHB(p, VSEQINSZ, ADD, ZERO, VSEQOUTSZ, 4, 0);\n \n \t/* Prepare for writing the output frame */\n \tSEQFIFOSTORE(p, MSG, 0, 0, VLF);\n \n-\tSET_LABEL(p, aonly_len_offset);\n \n-\t/* Read IV */\n-\tif (cipherdata->algmode == OP_ALG_AAI_CTR)\n-\t\tSEQLOAD(p, CONTEXT1, 16, ivlen, 0);\n-\telse\n-\t\tSEQLOAD(p, CONTEXT1, 0, ivlen, 0);\n+\t/* Check if there is no auth-tail */\n+\tMATHB(p, MATH2, ADD, ZERO, MATH2, 4, 0);\n+\tp_no_auth_tail = JUMP(p, no_auth_tail, LOCAL_JUMP, ALL_TRUE, MATH_Z);\n \n \t/*\n-\t * Read data needed only for authentication. This is overwritten above\n-\t * if the user requested it.\n+\t * Read input plain/cipher text, encrypt/decrypt & auth & write\n+\t * to output\n \t */\n-\tSEQFIFOLOAD(p, MSG2, auth_only_len, 0);\n+\tSEQFIFOLOAD(p, data_type, 0, VLF | LAST1 | FLUSH1);\n+\n+\t/* Authenticate auth tail */\n+\tMATHB(p, MATH2, ADD, ZERO, VSEQINSZ, 4, 0);\n+\tSEQFIFOLOAD(p, MSG2, 0, VLF | LAST2);\n+\n+\t/* Jump to process icv */\n+\tp_proc_icv = JUMP(p, proc_icv, LOCAL_JUMP, ALL_FALSE, MATH_Z);\n+\n+\tSET_LABEL(p, no_auth_tail);\n \n-\tif (dir == DIR_ENC) {\n-\t\t/*\n-\t\t * Read input plaintext, encrypt and authenticate & write to\n-\t\t * output\n-\t\t */\n-\t\tSEQFIFOLOAD(p, MSGOUTSNOOP, 0, VLF | LAST1 | LAST2 | FLUSH1);\n+\tSEQFIFOLOAD(p, data_type, 0, VLF | LAST1 | LAST2 | FLUSH1);\n \n+\tSET_LABEL(p, proc_icv);\n+\n+\tif (dir == DIR_ENC)\n \t\t/* Finally, write the ICV */\n \t\tSEQSTORE(p, CONTEXT2, 0, trunc_len, 0);\n-\t} else {\n-\t\t/*\n-\t\t * Read input ciphertext, decrypt and authenticate & write to\n-\t\t * output\n-\t\t */\n-\t\tSEQFIFOLOAD(p, MSGINSNOOP, 0, VLF | LAST1 | LAST2 | FLUSH1);\n-\n+\telse\n \t\t/* Read the ICV to check */\n \t\tSEQFIFOLOAD(p, ICV2, trunc_len, LAST2);\n-\t}\n \n \tPATCH_JUMP(p, pkeyjmp, keyjmp);\n \tPATCH_JUMP(p, pskipkeys, skipkeys);\n-\tPATCH_JUMP(p, pskipkeys, skipkeys);\n-\n-\tif (rta_sec_era >= RTA_SEC_ERA_3) {\n-\t\tPATCH_JUMP(p, pskip_patch_len, skip_patch_len);\n-\t\tPATCH_MOVE(p, read_len, aonly_len_offset);\n-\t\tPATCH_MOVE(p, write_len, aonly_len_offset);\n-\t}\n-\n+\tPATCH_JUMP(p, p_no_auth_tail, no_auth_tail);\n+\tPATCH_JUMP(p, p_proc_icv, proc_icv);\n \treturn PROGRAM_FINALIZE(p);\n }\n \ndiff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c\nindex c1c6c054a..019a7119f 100644\n--- a/drivers/crypto/dpaa_sec/dpaa_sec.c\n+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c\n@@ -742,7 +742,7 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)\n \t\t */\n \t\tshared_desc_len = cnstr_shdsc_authenc(cdb->sh_desc,\n \t\t\t\ttrue, swap, SHR_SERIAL, &alginfo_c, &alginfo_a,\n-\t\t\t\tses->iv.length, 0,\n+\t\t\t\tses->iv.length,\n \t\t\t\tses->digest_length, ses->dir);\n \t}\n \n@@ -1753,7 +1753,8 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,\n \tstruct rte_crypto_op *op;\n \tstruct dpaa_sec_job *cf;\n \tdpaa_sec_session *ses;\n-\tuint32_t auth_only_len, index, flags[DPAA_SEC_BURST] = {0};\n+\tuint16_t auth_hdr_len, auth_tail_len;\n+\tuint32_t index, flags[DPAA_SEC_BURST] = {0};\n \tstruct qman_fq *inq[DPAA_SEC_BURST];\n \n \twhile (nb_ops) {\n@@ -1809,8 +1810,10 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,\n \t\t\t\tgoto send_pkts;\n \t\t\t}\n \n-\t\t\tauth_only_len = op->sym->auth.data.length -\n+\t\t\tauth_hdr_len = op->sym->auth.data.length -\n \t\t\t\t\t\top->sym->cipher.data.length;\n+\t\t\tauth_tail_len = 0;\n+\n \t\t\tif (rte_pktmbuf_is_contiguous(op->sym->m_src) &&\n \t\t\t\t ((op->sym->m_dst == NULL) ||\n \t\t\t\t rte_pktmbuf_is_contiguous(op->sym->m_dst))) {\n@@ -1824,8 +1827,15 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,\n \t\t\t\t\tcf = build_cipher_only(op, ses);\n \t\t\t\t} else if (is_aead(ses)) {\n \t\t\t\t\tcf = build_cipher_auth_gcm(op, ses);\n-\t\t\t\t\tauth_only_len = ses->auth_only_len;\n+\t\t\t\t\tauth_hdr_len = ses->auth_only_len;\n \t\t\t\t} else if (is_auth_cipher(ses)) {\n+\t\t\t\t\tauth_hdr_len =\n+\t\t\t\t\t\top->sym->cipher.data.offset\n+\t\t\t\t\t\t- op->sym->auth.data.offset;\n+\t\t\t\t\tauth_tail_len =\n+\t\t\t\t\t\top->sym->auth.data.length\n+\t\t\t\t\t\t- op->sym->cipher.data.length\n+\t\t\t\t\t\t- auth_hdr_len;\n \t\t\t\t\tcf = build_cipher_auth(op, ses);\n \t\t\t\t} else {\n \t\t\t\t\tDPAA_SEC_DP_ERR(\"not supported ops\");\n@@ -1842,8 +1852,15 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,\n \t\t\t\t\tcf = build_cipher_only_sg(op, ses);\n \t\t\t\t} else if (is_aead(ses)) {\n \t\t\t\t\tcf = build_cipher_auth_gcm_sg(op, ses);\n-\t\t\t\t\tauth_only_len = ses->auth_only_len;\n+\t\t\t\t\tauth_hdr_len = ses->auth_only_len;\n \t\t\t\t} else if (is_auth_cipher(ses)) {\n+\t\t\t\t\tauth_hdr_len =\n+\t\t\t\t\t\top->sym->cipher.data.offset\n+\t\t\t\t\t\t- op->sym->auth.data.offset;\n+\t\t\t\t\tauth_tail_len =\n+\t\t\t\t\t\top->sym->auth.data.length\n+\t\t\t\t\t\t- op->sym->cipher.data.length\n+\t\t\t\t\t\t- auth_hdr_len;\n \t\t\t\t\tcf = build_cipher_auth_sg(op, ses);\n \t\t\t\t} else {\n \t\t\t\t\tDPAA_SEC_DP_ERR(\"not supported ops\");\n@@ -1865,12 +1882,16 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,\n \t\t\tqm_fd_addr_set64(fd, dpaa_mem_vtop(cf->sg));\n \t\t\tfd->_format1 = qm_fd_compound;\n \t\t\tfd->length29 = 2 * sizeof(struct qm_sg_entry);\n+\n \t\t\t/* Auth_only_len is set as 0 in descriptor and it is\n \t\t\t * overwritten here in the fd.cmd which will update\n \t\t\t * the DPOVRD reg.\n \t\t\t */\n-\t\t\tif (auth_only_len)\n-\t\t\t\tfd->cmd = 0x80000000 | auth_only_len;\n+\t\t\tif (auth_hdr_len || auth_tail_len) {\n+\t\t\t\tfd->cmd = 0x80000000;\n+\t\t\t\tfd->cmd |=\n+\t\t\t\t\t((auth_tail_len << 16) | auth_hdr_len);\n+\t\t\t}\n \n \t\t\t/* In case of PDCP, per packet HFN is stored in\n \t\t\t * mbuf priv after sym_op.\n", "prefixes": [ "05/10" ] }