This patch fixes the incorrect iv offset calculation.
Fixes: b063e843fa ("crypto/virtio: fix IV physical address")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Opendir() returns allocated storage which must be freed at the
end of function or in case any return on error. so freeing the
allocation using closedir in an error case.
Coverity issue: 323507
Coverity issue: 325880
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
CAAM return wrong digest value in AUTH only sg test case
because digest calculated on wrong length of data
Fixes: 71dd6b9d44 ("crypto/caam_jr: add scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
build a shared descriptor accordingly if core and
CAAM endianness is same or different
Fixes: 6ef6beca88 ("crypto/caam_jr: add enqueue/dequeue operations")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPSec Multi-buffer library has recently added API
that sets pointers depending on the architecture, at initiliazation,
in version 0.52.
AESNI MB PMD was updated with these changes, but not
the AESNI GCM PMD, which also uses the same library.
This makes the PMD to be only compatible with version 0.52,
but makes both PMD consistent on version compatibility,
plus adds support for AVX512.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Define variables for "is_linux", "is_freebsd" and "is_windows"
to make the code shorter for comparisons and more readable.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Do a global replace of snprintf(..."%s",...) with strlcpy, adding in the
rte_string_fns.h header if needed. The function changes in this patch were
auto-generated via command:
spatch --sp-file devtools/cocci/strlcpy.cocci --dir . --in-place
and then the files edited using awk to add in the missing header:
gawk -i inplace '/include <rte_/ && ! seen { \
print "#include <rte_string_fns.h>"; seen=1} {print}'
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
openssl PMD support RSA private key operation
using both qt and exp key type.
Set rsa key type feature flag
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
- fle pool allocations should be done for each process.
- cryptodev->data is shared across muliple processes but
cryptodev itself is allocated for each process. So any
information which needs to be shared between processes,
should be kept in cryptodev->data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
session inq and qp are assigned for each core from which the
packets arrive. This was not correctly handled while supporting
multiple sessions per queue pair.
This patch fixes the attach and detach of queues for each core.
Fixes: e79416d10f ("crypto/dpaa_sec: support multiple sessions per queue pair")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
SEC HW descriptor sharing mode can now be controlled
during Session preparation by the respective drivers
shared descriptors in case of non-protocol offload does not need
any sync between the subsequent jobs. Thus, changing it to
SHR_NEVER from SHR_SERIAL for cipher_only, auth_only, and gcm.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In case of gcm, output buffer should have aad space
before the actual buffer which needs to be written.
CAAM will not write into the aad anything, it will skip
auth_only_len (aad) and write the buffer afterwards.
Fixes: 37f96eb01b ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
private data should be cleared instead of the complete session
Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
As stated in 19.02 deprecation notice, this patch updates the
aesni_mb PMD to remove the support of older Intel-ipsec-mb
library version earlier than 0.52.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add out-of-place processing, i.e. different source and
destination m_bufs, plus related capability update, tests
and documentation.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Paul Luse <paul.e.luse@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This commit adds modular multiplicative inverse to Intel
QuickAssist Technology driver. For capabilities or limitations
please refer to qat.rst or qat_asym_capabilities.h.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This commit adds modular exponentiation to Intel QuickAssist
Technology driver. For capabilities or limitations please refer to
qat.rst or qat_asym_capabilities.h.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds Poll Mode Driver for asymmetric crypto
functions of Intel QuickAssist Technology hardware.
It contains plain driver with no functions implemented, specific
algorithms will be introduced in separate patches.
This patch depends on a QAT PF driver for device initialization. See
the file docs/guides/cryptodevs/qat.rst for configuration details.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
All drivers should have SPDX on the first line of the source
files in the format
/* SPDX-License-Identifier: ...
Several files used minor modifications which were inconsistent
with the pattern. Fix it to make scanning tools easier.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds XTS capabilities and enables
XTS cipher mode on QAT.
It also updates the documentation for newly
supported AES XTS mode on QAT.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Moving upper level enqueue/dequeue routines to driver. The h/w interface
used to submit request has enough differences to substantiate the need
for separate routines.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
This patch adds result field to modular exponentiation and modular
multiplicative inverse operations in openssl pmd functions
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Rename the macro to make things shorter and more comprehensible. For
both meson and make builds, keep the old macro around for backward
compatibility.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
The term "linuxapp" is a legacy one, but just calling the subdirectory
"linux" is just clearer for all concerned.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).
Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The virtio crypto driver was using PMD log type and it should
be using the local log type.
Fixes: 25500d4b80 ("crypto/virtio: support device init")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Whenever possible (if the library ships a pkg-config file) use meson's
dependency() function to look for it, as it will automatically add it
to the Requires.private list if needed, to allow for static builds to
succeed for reverse dependencies of DPDK. Otherwise the recursive
dependencies are not parsed, and users doing static builds have to
resolve them manually by themselves.
When using this API avoid additional checks that are superfluous and
take extra time, and avoid adding the linker flag manually which causes
it to be duplicated.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Bruce Richardson <bruce.richardson@intel.com>
When operation calls for auth (digest generation), followed by
encryption of both data plus digest, the digest-in-buffer
flag must be set for QAT.
Fixes: 39e0bee48e ("crypto/qat: rework request builder for performance")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
This patch fixes the inflexible compile issue AESNI-MB PMD.
Originally the compile of the PMD will fail if IPSec_MB is
not installed in default location.
Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used
Fixes: 828d51d8fc ("bus/fslmc: refactor scan and probe functions")
Fixes: c22fab9a6c ("raw/dpaa2_qdma: support configuration APIs")
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Fixes: b23d4e898a ("crypto/dpaa2_sec: add per dev mempool to store FLE")
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Fixes: f44bccadd8 ("crypto/caam_jr: add device basic operations")
Fixes: 7e3e2954e0 ("crypto/dpaa_sec: move mempool allocation to config")
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixes: 547a4d40e7 ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In dpaa_sec, each session should have a separate in-queue,
and each in-queue should be mapped to an outq.
So if multiple flows of same SA comes to different cores
due to rss distribution of NIC, enqueue from any core will
try to do re-assignment of inq - outq mapping which will fail.
In this patch, for each core a separate inq is allocated and
used from each of the core. But the number of outq will remain
the same and we save the pointer to outq in session for each
of the cores.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP session configuration for lookaside protocol offload
and data path is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DEPDIRS is no longer used in DPDK driver makefiles. Removing it.
Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512
algorithms support to AESNI-MB PMD. The cryptodev unit test and
documentation are updated accordingly.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds the AES-GMAC authentication only support to AESNI-MB
PMD, including the driver code, cryptodev unit test, and documentation
updates.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch duplicates the original rte_aesni_mb_pmd*.c files and replaces
the function calls provided by intel-ipsec-mb library into
architecture-independent macros. The build systems are updated to choose
compiling either rte_aesni_mb_pmd*.c or rte_aesni_mb_pmd*_compat.c based
on the installed intel-ipsec-mb version. For the intel-ipsec-mb older
than 0.52.0 rte_aesni_mb_pmd*_compat.c will be compiled, otherwise
rte_aesni_mb_pmd*.c will be compiled.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch renames the rte_aesni_mb_pmd*.c to
rte_aesni_mb_pmd*_compat.c to indicate those files are for
compatible with older versoin of intel-ipsec-mb library
only.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch fixes the memory leak during queue pair release.
Originally the operation ring is not freed when releasing
queue pair, causing the next queue_pair configure call fail
and memory leak.
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: cf7685d68f ("crypto/zuc: add driver for ZUC library")
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: 94b0ad8e0a ("null_crypto: add driver for null crypto operations")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
NULL algo algo does not to set counter flag so it should be zeroed.
Fixes: db0e952a5c ("crypto/qat: add NULL capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
AES-CCM algo does not to set counter flag so it should be zeroed.
Fixes: ab56c4d9ed ("crypto/qat: support AES-CCM")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Error code of qat_hash_get_block_size needs to be handle properly.
Fixes: 10b49880e3 ("crypto/qat: make the session struct variable in size")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Remove if() condition prior to calling BN_free() as
BN_free(a) does nothing if a is NULL.
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The function otx_cpt_get_resource() would be setting the pointer
'instance'. In case of error, 'instance' would be set to NULL, and
returns rte_errno. If rte_errno when 'instance' is set to NULL, it can
lead to NULL pointer dereferencing.
Coverity Issue: 323486, 323489
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Fixes: 0961348fdf ("crypto/octeontx: add queue pair functions")
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
