- Clarified where should output be stored of signature
decryption with padding none.
PMD is not able to know what padding algorithm was used,
therefore decrypted signature should be returned to the user.
- Removed incorrect big-endian constraints.
Not all data in RSA can be treated as big endian integer,
therefore some of the constraints were lifted.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- move RSA padding into separate struct.
More padding members should be added into padding,
therefore having separate struct for padding parameters will
make this more readable.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Clarified usage of RSA padding hash.
It was not specified how to use hash for PKCS1_5
padding. This could lead to incorrect implementation.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Added flags to rte_crypto_asym_op struct.
It may be shared between different algorithms.
- Added Diffie-Hellman padding flags.
Diffie-Hellman padding is used in certain protocols,
in others, leading zero bytes need to be stripped.
Even same protocol may use a different approach - most
glaring example is TLS1.2 - TLS1.3.
For ease of use, and to avoid additional copy
on certain occasions, driver should be able to return both.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well,
though mathematically much easier.
This commit adds verify option to asym_op operations.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Added elliptic curve Diffie-Hellman parameters.
Point multiplication allows the user to process every phase of
ECDH, but for phase 1, user should not really care about the generator.
The user does not even need to know what the generator looks like,
therefore setting ec xform would make this work.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Moved DH operation type to DH operation struct.
Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should
be free to choose for any operation. One xform/session should
be enough to perform both DH operations, if op_type would be xform
member, session would have to be created twice for the same
group. Similar problem would be observed in sessionless case.
Additionally, it will help extend DH to support Elliptic Curves.
- Changed order of Diffie-Hellman operation phases.
Now it corresponds with the order of operations.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Clarified usage of private key in Diffie-Hellman.
CSRNG capable device should generate private key and then
use it for public key generation.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Removed comment that stated DSA can be used with Diffie
Hellman ephemeral key.
DH and DSA integration allowed to use ephemeral keys for
random integer, but not for private keys.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- Separated key exchange enum from asym op type.
Key exchange and asymmetric crypto operations like signatures,
encryption/decryption should not share same operation enum as
its use cases are unrelated and mutually exclusive.
Therefore op_type was separate into:
1) operation type
2) key exchange operation type
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
- EC enum was renamed to rte_crypto_curve_id.
Elliptic curve enum name was incorrectly associated
with a group (it comes from the current tls registry name).
- Clarified comments about TLS deprecation.
Some curves included are deprecated with TLS 1.3.
Comments to address it were added.
- Clarified FFDH groups usage.
Elliptic curves IDs in TLS are placed in the same registry
as FFDH. Cryptodev does not assign specific groups, and
if specific groups would be assigned by DPDK, it cannot be
TLS SupportedGroups registry, as it would conflict with
other protocols like IPSec.
- Added IANA reference.
Only few selected curves are included in previously
referenced rfc8422. IANA reference is added instead.
- Removed UNKNOWN ec group.
There is no default value, and there is no UNKNOWN
elliptic curve.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Allowing auth generation followed by encryption mode.
--optype auth-then-cipher can take cipher-op as encrypt
and auth-op as generate now.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Removed filler bits from HARQ calculation on the N3000 FPGA since these
are already taken out by the deratematching step.
The change is only an optimization with no functional impact, no change
required on stable branches.
Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
Add new case DESC_ERR_HARQ_INPUT_LEN to check for valid HARQ input
length.
Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
Explicit FPGA mutex added when using the register interface for HARQ
memory preloading to prevent multiple threads from using the same
interface in parallel.
This featured is implemented through MMIO exposed per VF and common to
all queues.
Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
FLR timeout register is not used in 5GNR FPGA.
Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
This patch supports raw buffer APIs testing for
PDCP test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
PMD name for DPAA raw buffer crypto driver test cases is
updated with correct name.
Fixes: cd8166c28c ("test/crypto: add raw API test for dpaax")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add notes on list of algorithms supported for ACVP FIPS validation.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added function to parse algorithm for AES_CBC test.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added function to parse algorithm for CMAC test.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Implemented JSON support for the CMAC test.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added JSON support for the HMAC algorithm.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added JSON-specific testing and writeback functions which allows
the user to test AES-GCM vector sets.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added the ability to use the JSON format as the input
and output of the example application.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added functions to parse the required information from a vector set
given in the new JSON format.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added JSON-specific functions and other information needed to
test the new FIPS test vectors.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
Added a check for RTE_HAS_JANSSON into the meson
configuration file for JSON support.
Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
This commit unifies macros for asymmetric parameters,
therefore making code easier to maintain.
It additionally changes some of PMD output logs that
right now can only be seen in debug mode.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This commit enables asymmetric crypto in generation four
devices (4xxx).
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
This patch fix the cipher & auth offset and length values when convert
mbuf to vector chain for QAT build op.
Fixes: a815a04cea ("crypto/qat: support symmetric build op request")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
The API of the OpenSSL library has changed with version 3.0. This results
in a lot of compiler warnings like
../dpdk/drivers/crypto/ccp/ccp_crypto.c:182:9:
warning: ‘SHA256_Transform’ is deprecated:
Since OpenSSL 3.0 [-Wdeprecated-declarations]
As many Linux distributions still use elder OpenSSL libraries we cannot
change the used API now. Instead define OPENSSL_API_COMPAT to indicate
that we are using the OpenSSL 1.1.0 API.
OPENSSL_API_COMPAT is introduced in *.c files and not in *.h files as some
*.c files directly include OpenSSL headers.
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Daxue Gao <daxuex.gao@intel.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Add SGL support for chacha20_poly1305 algorithm through JOB API.
Supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.
Feature flags not added, as the PMD does not support SGL for all
other algorithms.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add SGL support for GCM algorithm through JOB API.
This change supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.
Feature flags are not added, as the PMD does not yet support SGL for
all other algorithms.
If an SGL op for an unsupported algorithm is being processed,
a NULL job is submitted instead.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Patch adds unit tests for IPv6 flow label set & copy
operations.
Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Added cases to test anti replay for inline IPsec processing
with and without extended sequence number support.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Added more inline IPsec functional verification cases.
These cases do not have known vectors but are verified
using encap + decap test for all the algo combinations.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Added unit test cases for IP reassembly of inline IPsec
inbound scenarios.
In these cases, known test vectors of fragments are first
processed for inline outbound processing and then received
back on loopback interface for inbound processing along with
IP reassembly of the corresponding decrypted packets.
The resultant plain text reassembled packet is compared with
original unfragmented packet.
In this patch, cases are added for 2/4/5 fragments for both
IPv4 and IPv6 packets. A few negative test cases are also added
like incomplete fragments, out of place fragments, duplicate
fragments.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Added combined encap and decap test cases for various algorithm
combinations
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Added test cases for inline Inbound protocol offload
verification with known test vectors from Lookaside mode.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
A new test suite is added in test app to test inline IPsec protocol
offload. In this patch, predefined vectors from Lookaside IPsec test
are used to verify the IPsec functionality without the need of
external traffic generators. The sent packet is loopbacked onto the same
interface which is received and matched with the expected output.
The test suite can be updated further with other functional test cases.
In this patch encap only cases are added.
The testsuite can be run using:
RTE> inline_ipsec_autotest
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Test eventdev app is updated to add new option for asymmetric
crypto ops for event crypto adapter.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Test app is updated to add cases for asymmetric crypto
sessions for event crypto adapter.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
For getting event crypto metadata from crypto_op,
the new API rte_cryptodev_get_session_event_mdata is used
instead of getting userdata inside PMD.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
