This patch deprecates the following functions in 17.05,
which will be removed in 17.08.
- rte_crpytodev_scheduler_mode_get()
- rte_crpytodev_scheduler_mode_set()
These two new functions replace them, fixing the typo in their names.
- rte_cryptodev_scheduler_mode_get()
- rte_cryptodev_scheduler_mode_set()
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch fixes the incorrection slave session free operation.
Fixes: 57523e682b ("crypto/scheduler: register operation functions")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Restructure QAT PMD instructions and add a device table to
minimise duplication for each device and make it easier to add devices.
Fix some device name typos and poor formatting.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Add note to cryptodev API that chained mbufs
are not supported in DOCSISBPI mode.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch adds ZUC EEA3/EIA3 test cases for QAT crypto test suite
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch merges ZUC test vectors into one header file
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Refactor capabilities data structures to facilitate
defining different capability sets for different devices
without duplication of data.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds an API to get the run-time slaves number and list
of a cryptodev scheduler PMD.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch fixes segementation fault that may occur in case
of wrong parameters being provided to the cryptographic
session. Unused fields which would cause null dereference
are removed.
Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
DOCSIS BPI mode is handled in the QAT PMD by sending full blocks to the
hardware device for encryption and using OpenSSL libcrypto for pre- or
post-processing of any partial blocks.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Adds support in OpenSSL PMD for algorithm following the DOCSIS
specification, which combines DES-CBC for full DES blocks (8 bytes)
and DES-CFB for last runt block (less than 8 bytes).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Tested-by: Yang Gang <gangx.yang@intel.com>
Underlying IPSec Multi buffer library implements
DOCSIS specification, so this commit adds support
for this new feature, which combines AES-CBC for full
AES blocks (16 bytes) and AES-CFB for last runt block
(less than 16 bytes).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
IPSec Multi-buffer library v0.45 has been released,
which includes, among other features, support for DOCSIS BPI
specification and include AVX512 optimizations.
This new version added const qualifiers to some of the function
prototypes, so the PMD has been updated to include these changes.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Moving the crypto processing from the enqueue burst to the dequeue burst,
to remove the requirement to continually call the
rte_cryptodev_burst_enqueue function to guarantee that all operations get
flushed from the multi-buffer managers buffers.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
There is bug when more crypto ops are enqueued than dequeued.
The return value is not checked when trying to enqueue the
processed crypto op into the internal ring, which in the case of being
full will results in crypto ops and mbufs being leaked.
The issue is more obvious with different cores doing enqueue/dequeue.
This patch moves the crypto operation to the dequeue function which
fixes the above issue without having to check for the number of free
entries in the ring.
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Fail-over mode works with 2 slaves, primary slave and secondary slave.
In this mode, the scheduler will enqueue the incoming crypto op burst
to the primary slave. When one or more crypto ops are failed to be
enqueued, they then will be enqueued to the secondary slave.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Packet-size based distribution mode is a scheduling mode works with 2
slaves, primary slave and secondary slave, and distribute the enqueued
crypto ops to them based on their data lengths. A crypto op will be
distributed to the primary slave if its data length equals or bigger
than the designated threshold, otherwise it will be handled by the
secondary slave.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Reorganize options structure, to have all the parameters
used in a single run in the first bytes of the structure,
so all fit in a single cache line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When using the verify test, test name is necessary
to be passed when digest is needed.
Also, when using an block cipher algorithm (CBC, ECB),
the buffer size has to be aligned to the block size.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
So far, the crypto performance application was only able to
test one buffer size and one burst size.
With this commit, multiple sizes can be passed, either as a range
of values or as a list of values.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Instead of printing the test results in the destructor
function, print them just after each run.
This will be useful for after the commit that allows
a range of buffer and burst sizes.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When testing cipher only operations, there is no need to append digest
at the end of the buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
In order to simplify throughput and latency tests,
verify option has been removed from these and moved
as a separate test.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Ciphertext and digests for different buffer sizes
were incorrect.
Fixes: 5f1d85c5a8 ("app/crypto-perf: add test vectors files")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Cyclecount test was not implemented, so it is removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
adding support for attaching session to queue pairs.
This is required as underlying crypto driver may only
support limited number of sessions per queue pair
if max_nb_sessions_per_qp > 0, session should be
attached to a particular qp.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
HW based crypto drivers may only support limited number of
sessions per queue pair. This requires support for attaching
sessions to specific queue pair. New APIs are introduced to
attach/detach a session with/from a particular queue pair.
These are optional APIs.
Application can call attach API after creating a session
and can call detach API before deleting a session.
Application needs to check if max_nb_sessions_per_qp > 0,
then it should call the attach API.
max_nb_sessions_per_qp = 0 means infinite sessions per qp
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Remove DPDK QAT sample app, in favour of the newer applications
that use the cryptodev library: ipsec-gw and l2fwd-crypto,
which has support for Intel QuickAssist devices.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Since the new device configuration API is updated, we can make use of
this feature to the crypto scheduler PMD to configure its slaves
automatically with the same configurations it got. As originally the
slaves have to be manually configured one by one, this patch should
help reducing the coding complexity.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch changes the device configuration API for rte_cryptodev_ops
function prototype, and update all cryptodev PMDs for this change.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Follow the approach in the network devices overview,
for the feature matrix, so it improves readibility
and maintainability.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
This patch optimizes the crypto op ordering by replacing the
ordering method from using rte_reorder library to using rte_ring
to avoid unnecessary crypto op storing and recovering cost.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This patch changes the enqueue and dequeue methods to cryptodev
scheduler PMD. Originally a 2-layer function call is carried out
upon enqueuing or dequeuing a burst of crypto ops. This patch
removes one layer to improve the performance.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Some values are uninitialized for "cipher null" and "auth null"
operations. It may cause unpredictable results for some crypto pmd
drivers, or even segmentation fault.
This patch sets values for null operations to zero.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
When somebody use bad --optype with aead algorithms
segmentation fault could happen.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fixes invalid latency result when using the performance application and
hardware QAT PMD. It occurred when the number of processed packets was
higher then the size of the internal QAT PMD ring buffer and the buffer
was overflowed.
Fixed by correcting the registration of the enqueued packets and freeing
memory space for not enqueued packets.
Fixes: f8be1786b1 ("app/crypto-perf: introduce performance test application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Extend the DPDK cryptodev API to enable processing of packets according
to the Baseline Privacy Interface Plus (BPI+) Specification described in
the security specification of the Cablelabs Data-over-Cable Service
Interface Specification (DOCSIS).
Brief summary of BPI+ symmetric cryptography requirements:
BPI+ cryptography uses a block cipher (AES-CBC/DES-CBC) to encrypt/decrypt
all the whole blocks in the packet. However the data length is not always
a block-multiple, so where there is a final block less than the full block
size this residual block requires special handling using AES-CFB/DES-CFB
mode. Similar special handling is specified where there is only one block,
smaller than the block size for the cipher. See spec for further details.
https://apps.cablelabs.com/specification/docsis-3-1-security-specification/
Two new elements are added to the enum rte_crypto_cipher_algorithm.
Note elements of this enum are actually a combination of an algorithm (AES,
3DES, etc) and mode (CBC, CTR, etc). The new DOCSISBPI mode is used to
convey to the PMD that the mode applied should be the specific combination
of CBC and CFB required by the DOCSIS Baseline Privacy Plus Spec.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
L2fwd-crypto app was creating an array of strings for the
supported algorithms, which was different from the strings
that are now in cryptodev.
Use the new API in cryptodev to parse the string from the user,
to get the algorithm enum, instead, so it is not necessary to add
a new supported algorithm in the cryptodev library and this app.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Instead of going through the array of supported algorithms
in the app, to get the algorithm enum, use the new API in
cryptodev to parse this string, so it is not necessary to add
a new supported algorithm in the cryptodev library and this app.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Adds functions to get the cipher/authentication
algorithm enums, given a string. This is useful for applications
which gets the algorithm required from the user, to have a common
string-enum mapping.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
DES-CBC and AUTH NULL algorithms were missing in
the array of algorithm strings.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
There is a compilation error in the following case:
make config T=x86_64-native-linuxapp-gcc
sed -i 's,CONFIG_RTE_LIBRTE_CRYPTODEV=y,CONFIG_RTE_LIBRTE_CRYPTODEV=n,' \
build/.config
sed -i 's,CONFIG_RTE_APP_CRYPTO_PERF=y,CONFIG_RTE_APP_CRYPTO_PERF=n,' \
build/.config
make -j4
make -j4 test-build
test_eventdev.c:39:27: fatal error:
rte_cryptodev.h: No such file or directory
#include <rte_cryptodev.h>
^
Removing the include induces a new error, (missing declaration of
rte_eal_vdev_init()), which is fixed by including rte_dev.h.
Fixes: f8f9d233ea ("test/eventdev: add unit tests")
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
build error:
include/rte_ring.h:459:22: error: invalid conversion from ‘void*’
to ‘void**’ [-fpermissive]
ENQUEUE_PTRS(r, &r[1], prod_head, obj_table, n, void *);
Implicit casts of void* to void** are considered warnings in some
compilers. E.g. g++ version 5.8. Cast directly to object types
Fixes: a6619414 ("ring: make struct and macros type agnostic")
Signed-off-by: Ed Czeck <ed.czeck@atomicrules.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
I get the following error when linking the test application:
build/lib/librte_pmd_thunderx_nicvf.a(nicvf_hw.o):
In function `nicvf_qsize_regbit':
drivers/net/thunderx/base/nicvf_hw.c:451: undefined reference to `log2'
build/lib/librte_pmd_thunderx_nicvf.a(nicvf_hw.o):
In function `nicvf_rss_reta_update':
drivers/net/thunderx/base/nicvf_hw.c:804: undefined reference to `log2'
build/lib/librte_pmd_thunderx_nicvf.a(nicvf_hw.o):
In function `nicvf_rss_reta_query':
drivers/net/thunderx/base/nicvf_hw.c:825: undefined reference to `log2'
While I don't know why it does not happen for a default build, the error
can be explained. The link command line is:
gcc -o test ... *.o ... -Wl,-lm ... -Wl,-lrte_pmd_thunderx_nicvf ...
rte_pmd_thunderx_nicvf needs the math library, and it should be
added after. This is not the case because the test application also
adds the math library.
The makefile already filters the libraries, but it keeps the first
occurrence of the lib. Instead, the last one should be kept.
Fixes: edf4d331dc ("mk: eliminate duplicates from libraries list")
Cc: stable@dpdk.org
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Acked-by: Thomas Monjalon <thomas.monjalon@6wind.com>