This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
driver.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
The intel-ipsec-mb library supports SGL for GCM and ChaChaPoly
algorithms using the JOB API.
This support was added to AESNI_MB PMD previously, but the SGL feature
flags could not be added due to no SGL support for other algorithms.
This patch adds a workaround SGL approach for other algorithms
using the JOB API. The segmented input buffers are copied into a
linear buffer, which is passed as a single job to intel-ipsec-mb.
The job is processed, and on return, the linear buffer is split into the
original destination segments.
Existing AESNI_MB testcases are passing with these feature flags added.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch reallocates the OpenSSL version check from
qat_session_configure() to a proper qat_security_session_create()
routine.
Fixes: 3227bc7138 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Cc: stable@dpdk.org
Signed-off-by: Brian Dooley <brian.dooley@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
If the dependency common/mlx5 is explicitly disabled,
but net/mlx5 is not explicitly disabled,
Meson will read the full recipe of net/mlx5
and will fail when accessing a variable from common/mlx5:
drivers/net/mlx5/meson.build:76:4: ERROR: Unknown variable "mlx5_config".
The solution is to stop parsing net/mlx5 if common/mlx5 is disabled.
The deps array must be defined before stopping, in order to automatically
disable the build of net/mlx5 and print the reason.
The same protection is applied to other mlx5 drivers,
so it will allow using the variable mlx5_config in future.
Fixes: 22681deead ("net/mlx5/hws: enable hardware steering")
Reported-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Tested-by: Andrew Rybchenko <andrew.rybchenko@oktetlabs.ru>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Alex Vesker <valex@nvidia.com>
Add fixed point multiplication for EC curve in CNXK.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Enabled software PMDs in IOVA as PA disabled build
as they work with IOVA as VA.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Enabled the flag pmd_supports_disable_iova_as_pa in cnxk driver build
files as they work with IOVA as VA. Updated cn9k and cn10k soc build
configurations to disable the IOVA as PA build by default.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
mvsam build was broken due to the recent session rework,
as it was not enabled in default build.
This patch fixes the build.
Fixes: 3f3fc3308b ("security: remove private mempool usage")
Fixes: bdce2564db ("cryptodev: rework session framework")
Fixes: 66837861d3 ("drivers/crypto: support security session size query")
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Added the support for rte_security_op.session_get_size()
in all the PMDs which support rte_security sessions and the
op was not supported.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.
To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.
User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
This patch updates the scheduler PMD to use unified session
data structure. Previously thanks to the private session
array in cryptodev sym session there are no necessary
change needed for scheduler PMD other than the way ops
are enqueued/dequeued. The patch inherits the same design
in the original session data structure to the scheduler PMD
so the cryptodev sym session can be as a linear buffer for
both session header and driver private data.
With the change there are inevitable extra cost on both memory
(64 bytes per session per driver type) and cycle count (set
the correct session for each cop based on the worker before
enqueue, and retrieve the original session after dequeue).
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.
To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.
In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.
Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Add support for vector aggregation of crypto operations for cn10k.
Crypto operations will be grouped by sub event type, flow id, scheduler
type and queue id fields from rte_event_crypto_metadata::response_info.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
The API rte_security_get_userdata() was being unused by most of
the drivers and it was retrieving userdata from mbuf dynamic field.
Hence, the API was removed and the application can directly get the
userdata from dynamic field. This helps in removing extra checks
in datapath.
Signed-off-by: Srujana Challa <schalla@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch sets the max length of dst in OpenSSL 3.0 lib EVP MAC final
routine to ensure enough space for the result.
Fixes: 75adf1eae4 ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Add support for offloading RTE_CRYPTO_CIPHER_AES_DOCSISBPI and
RTE_CRYPTO_CIPHER_DES_DOCSISBPI algorithms to symmetric crypto session.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Errors in crypto adapter datapath can be handled gracefully. So the
error print can be moved under debug.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
'struct roc_se_buf_ptr ctx_buf' has fields for a pointer and len.
The field for len was unused.
It is removed and the required pointer is added in the parent struct.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Identify the datapath thread to be used during session create. This can
be used to call right function early on to avoid multiple session
specific checks in datapath functions.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Change engine group of Chacha20-Poly1305 as it is
supported on IE engines also.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Auth IV is not applicable for kasumi cipher operation.
Removed the same.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Field op_minor is required only for digest encrypted cases
with chained ops, hence removed from AES-GCM path.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
When the flag ROC_SE_VALID_MAC_BUF is set, digest length will be
non-zero. Remove extra check in datapath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Fill FC params routine now caters to only KASUMI & FC_GEN.
Call appropriate functions directly.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
For both AES-GCM and ChaChaPoly, digest size must be non-zero.
So remove the conditional handling in the datapath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Limit meta buf pool cache size as 128. Having 512 as
the cache size would cause more time for refill.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Zeroising AES-CMAC IV would be done in microcode.
Clearing in DPDK is not redundant.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Added support for burst enqueue for cn10k event crypto adapter.
Instructions will be grouped based on the queue pair and sent in a burst.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
GCC 12 raises the following warning:
In function '_mm_storeu_si128',
inlined from 'rte_mov16' at
../lib/eal/x86/include/rte_memcpy.h:508:2,
inlined from 'rte_mov128' at
../lib/eal/x86/include/rte_memcpy.h:542:2,
inlined from 'rte_memcpy_generic' at
../lib/eal/x86/include/rte_memcpy.h:732:4,
inlined from 'rte_memcpy' at
../lib/eal/x86/include/rte_memcpy.h:882:10,
inlined from 'qat_sym_do_precomputes.constprop' at
../drivers/crypto/qat/qat_sym_session.c:1434:2:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:739:8: error:
array subscript 8 is outside array bounds of 'unsigned char[128]'
[-Werror=array-bounds]
739 | *__P = __B;
| ~~~~~^~~~~
../drivers/crypto/qat/qat_sym_session.c:
In function 'qat_sym_do_precomputes.constprop':
../drivers/crypto/qat/qat_sym_session.c:1305:17: note:
at offset 192 into object 'opad.750' of size 128
1305 | uint8_t
opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
| ^~~~
../drivers/crypto/qat/qat_sym_session.c:
In function 'qat_sym_do_precomputes.constprop':
../drivers/crypto/qat/qat_sym_session.c:1304:17: note:
at offset 128 into object 'ipad.749' of size 128
1304 | uint8_t
ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
| ^~~~
Added a check to prevent compiler warnings.
Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
Cc: stable@dpdk.org
Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Some cryptographic algorithms such as MD5 and DES are now considered legacy
and not enabled by default in OpenSSL 3.0. Load up legacy provider as MD5
DES are needed in QAT session pre-computes and secure session creation.
Fixes: 3227bc7138 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Arm port of ipsec_mb library [1] has different header file name than
the Intel ipsec_mb library. Proper header name is picked according to
the architecture to get the code compile when ipsec_mb is installed on
Arm platform.
And the Arm port currently supports ZUC and SNOW3g. Call to other
algorithms will be blocked.
[1] https://gitlab.arm.com/arm-reference-solutions/ipsec-mb/-/tree/main
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Ashwin Sekhar T K <asekhar@marvell.com>
The intel-ipsec-mb header is included by ipsec_mb_private header file.
Hence removed intel-ipsec-mb from files that have ipsec_mb_private
included.
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Enable support for arm64 architecture in ipsec_mb. x86
specific code is conditionally compiled only for x86
architecture builds. Other architectures will be unsupported.
Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Use the Full context SA structures and command in IPsec fast path.
For inline outbound, populate CPT instruction as per full context.
Added new macros and functions with respect to full context.
Populate WQE ptr in CPT instruction with proper offset from mbuf.
Also add option to override outbound inline SA IV for debug
Update mbuf length based on IP version in Rx post process purposes
via environment variable.
User can set env variable as:
export ETH_SEC_IV_OVR="0x0, 0x0,..."
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Make rte_driver opaque for non internal users.
This will make extending this object possible without breaking the ABI.
Introduce a new driver header and move rte_driver definition.
Update drivers and library to use the internal header.
Some applications may have been dereferencing rte_driver objects, mark
this object's accessors as stable.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
The vdev bus interface is for drivers only.
Mark as internal and move the header in the driver headers list.
While at it, cleanup the code:
- fix indentation,
- remove unneeded reference to bus specific singleton object,
- remove unneeded list head structure type,
- reorder the definitions and macro manipulating the bus singleton object,
- remove inclusion of rte_bus.h and fix the code that relied on implicit
inclusion,
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Rosen Xu <rosen.xu@intel.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
The pci bus interface is for drivers only.
Mark as internal and move the header in the driver headers list.
While at it, cleanup the code:
- fix indentation,
- remove unneeded reference to bus specific singleton object,
- remove unneeded list head structure type,
- reorder the definitions and macro manipulating the bus singleton object,
- remove inclusion of rte_bus.h and fix the code that relied on implicit
inclusion,
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Rosen Xu <rosen.xu@intel.com>
