Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.
This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Chain parameter can be CIPHER_HASH, HASH_CIPHER,
CIPHER_ONLY or HASH_ONLY, but only the first two
were shown in the application help.
Fixes: 1a75e9f3fadb ("examples/l2fwd-crypto: add cipher/hash only cases")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Statistics period time option is parsed with -T argument,
but -t was accepted by mistake, instead.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fixes: c0f87eb5252b ("cryptodev: change burst API to be crypto op oriented")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
For padding calculation, it is necessary to know if algorithm
is a block cipher or stream cipher algorithm, and know the
block size for the algorithm.
In the application, this block size should be only the
cipher block size, but if authentication was used too,
it was being overwritten by the authentication block size,
which is not needed.
Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Previously, l2fwd-crypto application did not give user the
flexibility to decide which crypto device(s) will be used.
In this patch, a new cryptodev_mask option is added to the
application. Same as portmask, the cryptodev_mask avails the
user to mask out the unwanted crypto devices in the system.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
For AEAD algorithms, additional authenticated data (AAD)
can be passed, but it is optional, so its size can be zero.
However, it is required to set this length to zero in the crypto
operation to avoid undefined behaviour.
Fixes: 617a7949c98a ("examples/l2fwd-crypto: parse AAD parameter")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Since VF can not disable/enable HW CRC strip for non-DPDK PF drivers,
and kernel driver almost default enable that feature, if disable it in
example app's rxmode, VF driver will report the VF launch failure. So
this patch default to enable HW CRC strip to let VF launch successful.
Cc: stable@dpdk.org
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Jingjing Wu <jingjing.wu@intel.com>
L2fwd-crypto app was creating an array of strings for the
supported algorithms, which was different from the strings
that are now in cryptodev.
Use the new API in cryptodev to parse the string from the user,
to get the algorithm enum, instead, so it is not necessary to add
a new supported algorithm in the cryptodev library and this app.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The variable optind should be reset to one not zero.
From the man page:
"The variable optind is the index of the next element to be processed in
argv. The system initializes this value to 1.
The caller can reset it to 1 to restart scanning of the same argv, or when
scanning a new argument vector.”
The problem I saw with my application was trying to parse the wrong
option, which can happen as DPDK parses the first part of the command line
and the application parses the second part. If you call getopt() multiple
times in the same execution, the behavior is not maintained when using
zero for optind.
Signed-off-by: Keith Wiles <keith.wiles@intel.com>
L2fwd-crypto app was padding an incoming buffer,
to be aligned with the algorithm block size, in all cases.
This was not the right approach, as padding is only necessary
when using block cipher algorithms, such as AES-CBC.
In case of using a stream cipher algorithm, such as SNOW3G UEA2,
there is no need to include padding and increase the buffer size.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This commit fixes an array overflow when number of crypto devices
is higher than 32.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch enables ZUC EEA3 cipher algorithm and
ZUC EIA3 authentication algorithm support to
l2fwd-crypto sample application.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
SNOW 3G algorithm has all uppercase letters in its name
and a space between SNOW and 3G, but some references of it
had some lowercase letters or no space.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
The usual device sequence is configure, queue setup and start.
Crypto device should be started before use.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.
CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break
Coverity issue: 120136
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
crypto_statistics array was not big enough for storing
all the possible crypto device statistics, as its size was
RTE_MAX_ETHPORTS, but should be RTE_CRYPTO_MAX_DEVS, leading
this to a potential out-of-bounds issue.
Coverity issue: 120145
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Crypto operations are enqueued in the crypto devices
when the crypto device buffers are full (MAX_PKT_BURST),
in order to be more efficient.
The problem is that operations might be stuck in those buffers,
if they never get full, and therefore, those operations
will never be performed.
Therefore, it is necessary to have a buffer flush mechanism,
similar to the one used for flush the TX buffers, so eventually,
all packets received are ciphered and sent out.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Added new SW PMD which makes use of the libsso_kasumi SW library,
which provides wireless algorithms KASUMI F8 and F9
in software.
This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_KASUMI_F8
- RTE_CRYPTO_SYM_AUTH_KASUMI_F9
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
When initializing crypto devices within the app,
the provided key sizes are checked against the supported
sizes from the crypto device capabilities.
When the supported sizes are not a range, but a single value,
the check may become an infinite loop (when size is not supported).
Fixes: a061e50a0d97 ("examples/l2fwd-crypto: fix ambiguous input key size")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
This patch enables AES-XCBC-MAC authentication algorithm support to
l2fwd-crypto sample application.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch enables AES counter mode algorithm support to l2fwd-crypto
sample application.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The rte_eth_dev_count() function will never return a value greater
than RTE_MAX_ETHPORTS, so that checking is useless.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
When parsing crypto device type, the string was being copied
with strcpy(), which could overflow the destination buffer
(which is 32 byte long), so snprintf() should be used instead.
This fixes coverity issue 124575:
/examples/l2fwd-crypto/main.c: 1005 in l2fwd_crypto_parse_args_long_options()
>>> CID 124575: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string
"options->string_auth_algo" by copying "optarg" without checking the length.
1005 strcpy(options->string_auth_algo, optarg);
Fixes: 49f79e86480d ("examples/l2fwd-crypto: add missing string initialization")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Fix for compilation errors for icc:
error #188: enumerated type mixed with another type
Fixes: 00c58901f1b3 ("examples/l2fwd-crypto: use key-value list of supported algorithms")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Define and use ETH_LINK_UP and ETH_LINK_DOWN where appropriate.
Signed-off-by: Marc Sune <marcdevel@gmail.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Display extra crypto information (algorithms, keys/IV/AAD used, chain...),
so user can know exactly what operations are being carried out.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
In order to ease the parsing and display of supported algorithms
in the application, two new arrays are created, which contains
the strings of the different cipher and authentication algorithms,
These lists are used to parse the algorithms from the command line,
and will be used to display crypto information to the user.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Cipher/Auth keys, AAD and IV must be passed from command line
with ":" between bytes, but help was not clarifying that.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Some crypto algorithms support more than one key size
(including cipher key, authentication key, IV and AAD),
but the app was using always the minimum size.
These changes allows the user to use an specific size,
either from the string provided with cipher_key, auth_key, iv and ADD
parameters, or from the values provided with cipher_key_random_size,
auth_key_random_size, iv_random_size and aad_random_size.
This also allows the user to specify the digest size.
Fixes: 1df9c0109f4c ("examples/l2fwd-crypto: parse key parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
App was generating a random IV/AAD of only 4 bytes,
instead of the actual length, since it was using sizeof(length).
Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When passing the preferred crypto device type in the command line
parameters, the string (HW/SW/ANY) was not being saved, which is used
for error information to the user.
Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
L2fwd-crypto app is based on L2fwd app and it inherits
some of its parameters (such as portmask, queues per core...).
The parameter period (period of time between statistic updates)
is -T in L2fwd, but was -t in L2fwd-crypto, so for consistency,
it is changed back to -T
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
NULL crypto operation is now supported, but l2fwd-crypto
was missing an update on the list of supported algorithms
that can be passed from command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
AES GCM is an algorithm for both ciphering and authentication,
but the authentication algorithm was missing in the
list of supported algorithms that can be passed from command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Since SNOW3G UEA2/UIA2 are supported now by both HW and SW,
l2fwd-crypto may use them, extending the list of algorithms
parsed from command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Previous cdev parameter was changed to cdev_type,
to select a crypto device type preference (HW/SW/ANY),
instead of the device itself (QAT/AESNI...).
Also deleted cdev duplicated parameter from the help.
Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Crypto devices now have information about
which crypto operations they are capable of provide.
This patch makes the app use this information,
removing all hardcoded values.
User now needs to create the virtual crypto devices
or bind the HW crypto devices, and the app will use
the ones capable of performing the crypto op specified
(user can select between HW/SW through command line)
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Added cipher-only, hash-only operation cases,
which will be supported in the future.
Also, only sets authentication and ciphering parameters
when needed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
So far, L2fwd crypto app could parse cipher, auth keys
and IV, but not AAD (additional authentication data).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Implement key parsing functionality, so user can provide
auth and cipher keys, plus IV, from the command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
