The SEC HW code is being shared by multiple NXP based
drivers. It is better to place it at a common place.
Current users are:
1. DPAA2_SEC
2. DPAA_SEC
3. CAAM_JR
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For cases like ESN where authentication data can be after cipher
data, support for authentication trailer is required.
This patch adds support of auth-only data trailing after cipher data.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The GCM descriptors needlessly skip auth_only_len bytes from output
buffer. Due to this, workarounds have to be made in dpseci driver code.
Also this leads to failing of one cryptodev test case for gcm. In this
patch, we change the descriptor construction and adjust dpaaX_sec
accordingly. The test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg
now passes.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch sets the priority of the dpcon dev, such that it is
within the supported range of dpcon
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for non-protocol offload mode
of snow-f8 algo
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Adding minimal support for CAAM HW era 10 (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.
For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
If the application enables the use of ESN in the
ipsec_xform for security session create, pdb options
are set for enabling ESN.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
The session init shall return failure if the internal
session create fails for any reasons.
Fixes: 13273250eec5 ("crypto/dpaa2_sec: support AES-GCM and CTR")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For each driver where we optionally disable it, add in the reason why it's
being disabled, so the user knows how to fix it.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Define variables for "is_linux", "is_freebsd" and "is_windows"
to make the code shorter for comparisons and more readable.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Luca Boccassi <bluca@debian.org>
- fle pool allocations should be done for each process.
- cryptodev->data is shared across muliple processes but
cryptodev itself is allocated for each process. So any
information which needs to be shared between processes,
should be kept in cryptodev->data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
SEC HW descriptor sharing mode can now be controlled
during Session preparation by the respective drivers
shared descriptors in case of non-protocol offload does not need
any sync between the subsequent jobs. Thus, changing it to
SHR_NEVER from SHR_SERIAL for cipher_only, auth_only, and gcm.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In case of gcm, output buffer should have aad space
before the actual buffer which needs to be written.
CAAM will not write into the aad anything, it will skip
auth_only_len (aad) and write the buffer afterwards.
Fixes: 37f96eb01bce ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
private data should be cleared instead of the complete session
Fixes: 8d1f3a5d751b ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
All drivers should have SPDX on the first line of the source
files in the format
/* SPDX-License-Identifier: ...
Several files used minor modifications which were inconsistent
with the pattern. Fix it to make scanning tools easier.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The term "linuxapp" is a legacy one, but just calling the subdirectory
"linux" is just clearer for all concerned.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used
Fixes: 828d51d8fc ("bus/fslmc: refactor scan and probe functions")
Fixes: c22fab9a6c ("raw/dpaa2_qdma: support configuration APIs")
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Fixes: b23d4e898a ("crypto/dpaa2_sec: add per dev mempool to store FLE")
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Fixes: f44bccadd8 ("crypto/caam_jr: add device basic operations")
Fixes: 7e3e2954e0 ("crypto/dpaa_sec: move mempool allocation to config")
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixes: 547a4d40e7bf ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4c2 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Some global variables can indeed be static, add static keyword to them.
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
PDCP session configuration for lookaside protocol offload
and data path is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2 SEC platform can support look aside protocol
offload for PDCP protocol.
The relevant APIs for configuring the hardware for PDCP
is added for various modes and crypto algorithms.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Horia Geanta Neag <horia.geanta@nxp.com>
Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
RTE_SECURITY is enabled by default. If it is disabled, dpaa2_sec,
dpaa_sec and caam_jr compilation fails.
This patch fixes compilation by disabling these drivers
when rte_security is not available.
Fixes: 1ee9569576f6 ("config: enable dpaaX drivers for generic ARMv8")
Fixes: 09e1e8d256b0 ("mk: fix dependencies of dpaaX drivers")
Fixes: af7c9b5e9ce7 ("crypto/caam_jr: introduce basic driver")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
We use _GNU_SOURCE all over the place, but often times we miss
defining it, resulting in broken builds on musl. Rather than
fixing every library's and driver's and application's makefile,
fix it by simply defining _GNU_SOURCE by default for all
builds.
Remove all usages of _GNU_SOURCE in source files and makefiles,
and also fixup a couple of instances of using __USE_GNU instead
of _GNU_SOURCE.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Queues attached to event crypto device can be
parallel, atomic and ordered.
This patch add support for atomic queues processing
for dpaa2_sec queues.
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
dpaa2_sec hw queues can be attached to a hw dpaa2 event
device and the application can configure the event
crypto adapter to access the dpaa2_sec packets using
hardware events.
This patch defines APIs which can be used by the dpaa2
event device to attach/detach dpaa2_sec queues.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
