For baseband drivers, the macros used to indicate the presence of a
particular driver were subtly different from that used in make. The make
values hand "PMD" before the individual driver name, while in meson it came
afterwards. Update meson to put the "PMD" part first.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to the classic 2-pass mode on older
hardware.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds few definitions specific to GEN3 QAT.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Segmented frames not supported for out-of-place case.
This patch returns err if such config is requested.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
With the latest firmware, there are few changes for zuc and snow3g.
1. The iv_source is present in bitfield 7 of minor opcode. In the
old firmware this was present in bitfield 6.
2. Algorithm type is a 2 bit field in new firmware. In the old
firmware it was named as cipher type and it was a 1 bit field.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Primary process is responsible to initialize the data struct of each
crypto devices.
Secondary process should not override this data during the
initialization.
Fixes: d11b0f30df ("cryptodev: introduce API and framework for crypto devices")
Cc: stable@dpdk.org
Signed-off-by: Julien Meunier <julien.meunier@nokia.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Negative cases with wrong cipher/auth text added
to dpaa_sec and dpaa2_sec PMD test suites.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In some of the cases, the test is looking for a specific
failure returned from the CryptoDev. Not all cryptodev
support returning specific errors.
This patch changes such checks to NOT-SUCCESS
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Update Scapy version requirement from 2.4.3rc1 to 2.4.3, which has been
used because 2.4.2 had a bug which made this version unable to install.
Accept future versions of Scapy too.
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
SNOW and ZUC plain crypto operations for cipher only
and auth only are now supported in dpaa2_sec.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
Test cases for PDCP with scattered input and output
buffers are added for both inplace and out of place scenarios.
1. input SG - output non SG
2. input and output both SG and inplace buffers
3. input and output both SG with different segment sizes
4. input SG and output non-SG
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
This patch add test cases for user plane PDCP
5/7/12/15/18 bit SN test cases for decapsulation of
cipher only and 12/18 bit for cipher + integrity
for all algo combinations.
Test vectors are reused from the encap cases
by swapping the input and output data.
The case are added to DPAA_SEC and DPAA2_SEC
testsuite.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
PDCP User/Data plane can optionally support integrity
along with confidentiality.
This patch add test cases and test vectors for all
supported algos combos for cipher+integrity for 12
and 18bit SN.
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
PDCP User/Data plane can support 5/7/12/15/18 bit
sequence number. This patch add test cases and test
vectors for all supported algos for cipher only.
(NULL, AES, SNOW, ZUC ciphers)
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
This patch add test cases for control plane PDCP
5 and 12 bit SN test cases for decapsulation of
cipher+integrity for all algo combinations
Test vectors are reused from the encap cases
by swapping the input and output data.
The case are added to DPAA_SEC and DPAA2_SEC testsuite.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
PDCP control plane can support 5 bit and 12 bit
sequence number. This patch add test cases and test
vectors for all supported algo combinations of cipher+integrity
(NULL+NULL, NULL+AES, NULL+SNOW, NULL+ZUC,
AES+NULL, AES+SNOW, AES+AES, AES+ZUC,
SNOW+NULL, SNOW+AES, SNOW+SNOW, SNOW+ZUC,
ZUC+NULL, ZUC+AES, ZUC+SNOW, ZUC+ZUC).
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
One issue caught by Coverity 343408
*deref_parm: Directly dereferencing parameter val->val.
In writeback_tdes_hex_str(), tmp_val is initialised to null.
tmp_val.val is updated only if keys are found.
If keys are not found,it doesn't fails but continues
to invoke writeback_hex_str(),where val->val is accessed
without null check.
The fix is to return the error,
if keys are not found in writeback_tdes_hex_str().
Coverity issue: 343408
Fixes: 527cbf3d5e ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch allocate/clean the SEC context dynamically
based on the number of SG entries in the buffer.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for non-protocol offload mode
of snow-f8 algo
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Adding minimal support for CAAM HW era 10 (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
HFN can be given as a per packet value also.
As we do not have IV in case of PDCP, and HFN is
used to generate IV. IV field can be used to get the
per packet HFN while enq/deq
If hfn_ovrd field in pdcp_xform is set,
application is expected to set the per packet HFN
in place of IV. Driver will extract the HFN and perform
operations accordingly.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
