Authentication algorithms, such as AES-GMAC or the wireless
algorithms (like SNOW3G) use IV, like cipher algorithms.
So far, AES-GMAC has used the IV from the cipher structure,
and the wireless algorithms have used the AAD field,
which is not technically correct.
Therefore, authentication IV parameters have been added,
so API is more correct. Like cipher IV, auth IV is expected
to be copied after the crypto operation.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Flag dev_started should be cleared after dev_stop() function call
because the flag is checked inside the dev_stop() function.
Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")
Cc: stable@dpdk.org
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Call rte_cryptodev_pmd_release_device() if probing a
PCI crypto device, instead of accessing the variables
directly. This will be useful when rte_cryptodev_pci_probe()
gets moved to a separate file.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Move all functions handling virtual devices to a separate
header file "rte_cryptodev_vdev.h", in order to leave only
generic functions for any device in the rest of the files.
It also creates the file "rte_cryptodev_pmd.c", with the
implementations of these functions.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Do not set PCI information in the device information structure
for any crypto device, just for the ones that are PCI, so
this is set internally in the PCI crypto PMDs (only QAT now).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
rte_cryptodev_devices_get() function returns an array of devices
sharing the same driver.
Instead of having two different paths depending on the device being
virtual or physical, retrieve the driver name from rte_device structure.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
rte_cryptodev_devices_get() function was parsing a crypto
device name as an argument, but the function actually
returns device identifiers of devices that share the
same crypto driver, so the argument should be driver name, instead.
Fixes: 38227c0e3ad2 ("cryptodev: retrieve device info")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When retrieving device information for a crypto driver,
driver name was only set when it was a PCI driver.
Getting the driver name from rte_device structure
allows rte_cryptodev_get_info() function to return it
regardless they are virtual or physical devices.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Only non virtual devices were storing the pointer to
rte_device structure in rte_cryptodev, which will be needed
to retrieve the driver name for any device.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Socket id parsed from the user was checked
if it was in the range of available sockets.
This check is unnecessary, as the socket specified
might not have memory anyway, so it will fail
at memory allocation.
Therefore, the best solution is to remove this check.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
The VDEV code will move to the bus drivers directory.
Rename functions from rte_eal_vdev_ to rte_vdev_
to prepare the move of the driver out of EAL.
The prefix rte_eal_vdrv_ is also renamed to rte_vdev_.
It was used for registration of vdev drivers.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
The PCI code will move to the bus drivers directory.
Rename functions from rte_eal_pci_ to rte_pci_
to prepare the move of the driver out of EAL.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
HW based crypto drivers may only support limited number of
sessions per queue pair. This requires support for attaching
sessions to specific queue pair. New APIs are introduced to
attach/detach a session with/from a particular queue pair.
These are optional APIs.
Application can call attach API after creating a session
and can call detach API before deleting a session.
Application needs to check if max_nb_sessions_per_qp > 0,
then it should call the attach API.
max_nb_sessions_per_qp = 0 means infinite sessions per qp
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch changes the device configuration API for rte_cryptodev_ops
function prototype, and update all cryptodev PMDs for this change.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Extend the DPDK cryptodev API to enable processing of packets according
to the Baseline Privacy Interface Plus (BPI+) Specification described in
the security specification of the Cablelabs Data-over-Cable Service
Interface Specification (DOCSIS).
Brief summary of BPI+ symmetric cryptography requirements:
BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt
all the whole blocks in the packet. However the data length is not always
a block-multiple, so where there is a final block less than the full block
size this residual block requires special handling using AES-CFB/DES-CFB
mode. Similar special handling is specified where there is only one block,
smaller than the block size for the cipher. See spec for further details.
https://apps.cablelabs.com/specification/docsis-3-1-security-specification/
Two new elements are added to the enum rte_crypto_cipher_algorithm.
Note elements of this enum are actually a combination of an algorithm (AES,
3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
convey to the PMD that the mode applied should be the specific combination
of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Adds functions to get the cipher/authentication
algorithm enums, given a string. This is useful for applications
which gets the algorithm required from the user, to have a common
string-enum mapping.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
DES-CBC and AUTH NULL algorithms were missing in
the array of algorithm strings.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch fixes a segmentation fault in function
rte_cryptodev_devices_get(), due to incorrect driver name path.
It reworks the function to use correct types and clean up
for visibility.
Coverity issue: 141067
Fixes: 38227c0e3ad2 ("cryptodev: retrieve device info")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds helper functions for new performance application which
provide identifiers and number of crypto device and
provide and check capabilities available for defined device and algorithm.
The performance application can be used to measure throughput and latency
of cryptography operation performed by crypto device.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This makes struct rte_cryptodev independent of struct rte_pci_device by
replacing it with a pointer to the generic struct rte_device.
This is inline with the recent changes in ethdev
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: John Griffin <john.griffin@intel.com>
Reviewed-by: Shreyansh Jain <shreyansh.jain@nxp.com>
rte_cryptodev_pmd_get_dev, rte_cryptodev_pmd_get_named_dev,
rte_cryptodev_pmd_is_valid_dev were incorrectly marked as inline and
therefore not useable from crypto PMDs when built as shared
libraries as they accessed the global rte_cryptodev_globals device
structure.
Fixes: d11b0f30 ("cryptodev: introduce API and framework for crypto devices")
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Add two new feature flags:
* RTE_CRYPTODEV_FF_CPU_NEON
represents ARM NEON (TM) instructions
* RTE_CRYPTODEV_FF_CPU_ARM_CE
represents ARM crypto extensions
Add them to both cryptodev library, documentation and relevant
PMD driver for ARMv8.
Signed-off-by: Zbigniew Bodek <zbigniew.bodek@caviumnetworks.com>
This patch adds a user defined name initializing parameter to cryptodev
library.
Originally, for software cryptodev PMD, the vdev name parameter is
treated as the driver identifier, and will create an unique name for each
device automatically, which is not necessarily as same as the vdev
parameter.
This patch allows the user to either create a unique name for his software
cryptodev, or by default, let the system creates a unique one. This should
help the user managing the created cryptodevs easily.
Examples:
CLI command fragment 1: --vdev "crypto_aesni_gcm_pmd"
The above command will result in creating a AESNI-GCM PMD with name of
"crypto_aesni_gcm_X", where postfix X is the number assigned by the system,
starting from 0. This fragment can be placed in the same CLI command
multiple times, resulting the postfixs incremented by one for each new
device.
CLI command fragment 2: --vdev "crypto_aesni_gcm_pmd,name=gcm1"
The above command will result in creating a AESNI-GCM PMD with name of
"gcm1". This fragment can be placed in the same CLI command multiple
times, as long as each having a unique name value.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch introduces RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER feature flag
informing that selected crypto device supports segmented mbufs natively
and doesn't need to be coalesced before crypto operation.
While using segmented buffers in crypto devices may have unpredictable
results, for PMDs which doesn't support it natively, additional check is
made for debug compilation.
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
crypodev->data->name will be null when
rte_cryptodev_get_dev_id() invoked without a valid
crypto device instance.
Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Remove the 'name' member from rte_pci_driver and move to generic
rte_driver.
Most of the PMD drivers were initially using DRIVER_REGISTER_PCI(<name>..)
as well as assigning a name to eth_driver.pci_drv.name member.
In this patch, only the original DRIVER_REGISTER_PCI(<name>..) name has
been populated into the rte_driver.name member - assignments through
eth_driver has been removed.
Signed-off-by: Jan Viktorin <viktorin@rehivetech.com>
[Shreyansh: Rebase and expand changes to newly added files]
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Acked-by: David Marchand <david.marchand@6wind.com>
- Move rte_eth_dev_create_unique_device_name() from ether/rte_ethdev.c to
common/include/rte_pci.h as rte_eal_pci_device_name(). Being a common
method, can be used across crypto/net PCI PMDs.
- Remove crypto specific routine and fallback to common name function.
- Introduce a eal private Update function for PCI device naming.
Signed-off-by: David Marchand <david.marchand@6wind.com>
[Shreyansh: Merge crypto/pci helper patches]
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Simplify crypto and ethdev pci drivers init by using newly introduced
init macros and helpers.
Those drivers then don't need to register as "rte_driver"s anymore.
Exceptions:
- virtio and mlx* use RTE_INIT directly as they have custom initialization
steps.
- VDEV devices are not modified - they continue to use PMD_REGISTER_DRIVER.
Update documentation for replacing an example referring to
PMD_REGISTER_DRIVER.
Signed-off-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
crypto and ethdev drivers aligned to PCI probe/remove. These wrappers are
mapped directly to PCI resources.
Existing handlers for init/uninit can be easily reused for this.
Signed-off-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
This information is not used and just adds noise.
Signed-off-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Reviewed-by: Jan Viktorin <viktorin@rehivetech.com>
Probe and Remove are more appropriate names for PCI init and uninint
operations. This is a cosmetic change.
Only MLX* uses the PCI direct registration, bypassing PMD_* macro.
The callbacks for this too have been updated.
VDEV are left out. For them, init/uninit are more appropriate.
Suggested-by: David Marchand <david.marchand@6wind.com>
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Acked-by: David Marchand <david.marchand@6wind.com>
When parsing the parameters for virtual device initialization,
rte_kvargs structure was being freed only if there was an error,
not when parsing was successful.
Coverity issue: 124568
Fixes: f3e764fa2fb7 ("cryptodev: uninline parameter parsing")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Reshma Pattan <reshma.pattan@intel.com>
There is no need to have this parsing inlined in the header.
It brings kvargs dependency to every crypto drivers.
The functions are moved into rte_cryptodev.c.
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fix an error with computation of physical address of
content descriptor in the symmetric operations session
Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
renamed rte_cryptodev_sym_session.type -> dev_type
(as it's not a session type, but a device type)
renamed rte_crypto_sym_op.type -> sess_type
(as it's not an op type, but a session type)
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
This patch add a mechanism for discovery of crypto device features and supported
crypto operations and algorithms. It also provides a method for a crypto PMD to
publish any data range limitations it may have for the operations and algorithms
it supports.
The parameter feature_flags added to rte_cryptodev struct is used to capture
features such as operations supported (symmetric crypto, operation chaining etc)
as well parameter such as whether the device is hardware accelerated or uses
SIMD instructions.
The capabilities parameter allows a PMD to define an array of supported operations
with any limitation which that implementation may have.
Finally the rte_cryptodev_info struct has been extended to allow retrieval of
these parameter using the existing rte_cryptodev_info_get() API.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch modifies the crypto burst enqueue/dequeue APIs to operate on bursts
rte_crypto_op's rather than the current implementation which operates on
rte_mbuf bursts, this simplifies the burst processing in the crypto PMDs and the
use of crypto operations in general, including new functions for managing
rte_crypto_op pools.
These changes continues the separation of the symmetric operation parameters
from the more general operation parameters, which will simplify the integration
of asymmetric crypto operations in the future.
PMDs, unit tests and sample applications are also modified to work with the
modified and new API.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This patch splits symmetric specific definitions and
functions away from the common crypto APIs to facilitate the future extension
and expansion of the cryptodev framework, in order to allow asymmetric
crypto operations to be introduced at a later date, as well as to clean the
logical structure of the public includes. The patch also introduces the _sym
prefix to symmetric specific structure and functions to improve clarity in
the API.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Macro RTE_PROC_PRIMARY_OR_ERR_RET blocking the secondary process from
API usage. API access should be given to both secondary and primary.
Signed-off-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
fix the error reported by checkpatch:
"ERROR: return is not a function, parentheses are not required"
remove parentheses in return like:
"return (logical expressions)"
remove parentheses in return a function like:
"return (rte_mempool_lookup(...))"
Fixes: 6307b909b8e0 ("lib: remove extra parenthesis after return")
Signed-off-by: Huawei Xie <huawei.xie@intel.com>
- Fix for build error caused by flexible array member in
struct rte_ccryptodev_session:
error: flexible array member in otherwise empty struct
- Change void** casting of sess parameter in
rte_cryptodev_session_create which causes a strict-aliasing error.
Fixes: d11b0f30df88 ("cryptodev: introduce API and framework for crypto devices")
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
This patch contains the initial proposed APIs and device framework for
integrating crypto packet processing into DPDK.
features include:
- Crypto device configuration / management APIs
- Definitions of supported cipher algorithms and operations.
- Definitions of supported hash/authentication algorithms and
operations.
- Crypto session management APIs
- Crypto operation data structures and APIs allocation of crypto
operation structure used to specify the crypto operations to
be performed on a particular mbuf.
- Extension of mbuf to contain crypto operation data pointer and
extra flags.
- Burst enqueue / dequeue APIs for processing of crypto operations.
Signed-off-by: Des O Dea <des.j.o.dea@intel.com>
Signed-off-by: John Griffin <john.griffin@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
