Primary process is responsible to initialize the data struct of each
crypto devices.
Secondary process should not override this data during the
initialization.
Fixes: d11b0f30df ("cryptodev: introduce API and framework for crypto devices")
Cc: stable@dpdk.org
Signed-off-by: Julien Meunier <julien.meunier@nokia.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Negative cases with wrong cipher/auth text added
to dpaa_sec and dpaa2_sec PMD test suites.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In some of the cases, the test is looking for a specific
failure returned from the CryptoDev. Not all cryptodev
support returning specific errors.
This patch changes such checks to NOT-SUCCESS
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Update Scapy version requirement from 2.4.3rc1 to 2.4.3, which has been
used because 2.4.2 had a bug which made this version unable to install.
Accept future versions of Scapy too.
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
SNOW and ZUC plain crypto operations for cipher only
and auth only are now supported in dpaa2_sec.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
Test cases for PDCP with scattered input and output
buffers are added for both inplace and out of place scenarios.
1. input SG - output non SG
2. input and output both SG and inplace buffers
3. input and output both SG with different segment sizes
4. input SG and output non-SG
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
This patch add test cases for user plane PDCP
5/7/12/15/18 bit SN test cases for decapsulation of
cipher only and 12/18 bit for cipher + integrity
for all algo combinations.
Test vectors are reused from the encap cases
by swapping the input and output data.
The case are added to DPAA_SEC and DPAA2_SEC
testsuite.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
PDCP User/Data plane can optionally support integrity
along with confidentiality.
This patch add test cases and test vectors for all
supported algos combos for cipher+integrity for 12
and 18bit SN.
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
PDCP User/Data plane can support 5/7/12/15/18 bit
sequence number. This patch add test cases and test
vectors for all supported algos for cipher only.
(NULL, AES, SNOW, ZUC ciphers)
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
This patch add test cases for control plane PDCP
5 and 12 bit SN test cases for decapsulation of
cipher+integrity for all algo combinations
Test vectors are reused from the encap cases
by swapping the input and output data.
The case are added to DPAA_SEC and DPAA2_SEC testsuite.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
PDCP control plane can support 5 bit and 12 bit
sequence number. This patch add test cases and test
vectors for all supported algo combinations of cipher+integrity
(NULL+NULL, NULL+AES, NULL+SNOW, NULL+ZUC,
AES+NULL, AES+SNOW, AES+AES, AES+ZUC,
SNOW+NULL, SNOW+AES, SNOW+SNOW, SNOW+ZUC,
ZUC+NULL, ZUC+AES, ZUC+SNOW, ZUC+ZUC).
The test cases are added in DPAA_SEC and DPAA2_SEC
test suite as a reference.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Nipun Gupta <nipun.gupta@nxp.com>
One issue caught by Coverity 343408
*deref_parm: Directly dereferencing parameter val->val.
In writeback_tdes_hex_str(), tmp_val is initialised to null.
tmp_val.val is updated only if keys are found.
If keys are not found,it doesn't fails but continues
to invoke writeback_hex_str(),where val->val is accessed
without null check.
The fix is to return the error,
if keys are not found in writeback_tdes_hex_str().
Coverity issue: 343408
Fixes: 527cbf3d5e ("examples/fips_validation: support TDES parsing")
Cc: stable@dpdk.org
Signed-off-by: Chaitanya Babu Talluri <tallurix.chaitanya.babu@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch allocate/clean the SEC context dynamically
based on the number of SG entries in the buffer.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for non-protocol offload mode
of snow-f8 algo
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Adding minimal support for CAAM HW era 10 (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
HFN can be given as a per packet value also.
As we do not have IV in case of PDCP, and HFN is
used to generate IV. IV field can be used to get the
per packet HFN while enq/deq
If hfn_ovrd field in pdcp_xform is set,
application is expected to set the per packet HFN
in place of IV. Driver will extract the HFN and perform
operations accordingly.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.
For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds new performance measurement option --external-mbufs
that allocates and uses memzones as external buffers instead of
putting the data directly inside mbufs.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Adds a new test to verify external buffer in mbuf APIs.
Initialize fields in test_data_params structures by name
for better readability.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds two new tests that cover the stateful
decompression feature.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds the stateful decompression feature
to the DPDK QAT PMD.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds QAT RAM bank definitions and related macros.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
When sending an encrypted packet which size after encapsulation exceeds
MTU, ipsec-secgw application tries to fragment it. If --reassemble
option has not been set it results with a segmantation fault, because
fragmentation buckets have not been initialized.
Fix crashing by adding extra check if --ressemble option has not been
set and packet exceeds MTU after encapsulation - drop it.
Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes the aesni-gcm cryptodev documentation by
filling the lacked unsupported chained mbuf description.
Fixes: 6f16aab09a ("crypto/aesni_gcm: migrate to Multi-buffer library")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
One issue caught by Coverity 344984
*overrun-local: Overrunning array cperf_test_type_strs of 2 8-byte elements
The array cperf_test_type_strs defined in app/test-compress-perf conflicts
with the same name being defined in app/test-crypto-perf. Due to which
coverity reports error.
The fix is to rename "cperf_test_type_strs" into "comp_perf_test_type_strs"
in app/test-compress-perf to avoid name confusion.
Coverity issue: 344984
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Fixes: 1a9b0f3504 ("app/compress-perf: add --ptest option")
Fixes: 424dd6c8c1 ("app/compress-perf: add weak functions for multicore test")
Cc: stable@dpdk.org
Signed-off-by: Lavanya Govindarajan <lavanyax.govindarajan@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPv6 tunnels are already supported in case of inline and
lookaside none cases. In case of protocol offload, the details
for IPv6 header need to be added in session configuration
for security session create.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.
As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.
Then an external script can be used for bind and unbind.
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.
The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.
With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.
Fixes: 5a7dbb934d ("dpaa: enable dpaax library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
