A DEK (Data encryption Key) is an mlx5 HW object which represents
the cipher algorithm key.
The DEKs are used during data encryption/decryption operations.
In symmetric algorithms like AES-XTS, we use the same DEK for both
encryption and decryption.
Use the mlx5 hash-list tool to manage the DEK objects in the PMD.
Provide the compare, create and destroy functions to manage DEKs in
hash-list and introduce an internal API to setup and unset the DEK
management and to prepare and destroy specific DEK object.
The DEK hash-list will be created in dev_configure routine and
destroyed in dev_close routine.
Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add a new PMD for Mellanox devices- crypto PMD.
The crypto PMD will be supported starting Nvidia ConnectX6 and
BlueField2.
The crypto PMD will add the support of encryption and decryption using
the AES-XTS symmetric algorithm.
The crypto PMD requires rdma-core and uses mlx5 DevX.
This patch adds the PCI probing, basic functions, build files and
log utility.
Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Feature flag in dev would be updated during config.
On reconfigure, the field need to be set again to
original value.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Reduce session private data size by allocating
auth_key dynamically as required. Added auth_key_iova
to eliminate any impact on fastpath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Reduce session private data size by allocating
auth_key dynamically as required.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
In case of AES-GCM/CCM, nonce/salt comes along
with IV, hence can be copied in a single memcpy.
This patch fixes the IV copy in lookaside IPsec
outbound instruction.
Fixes: fab634eb87ca ("crypto/octeontx2: support security session data path")
Cc: stable@dpdk.org
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
SA table entry would be reserved for inline inbound operations. Clear
valid bit of the SA so that CPT would treat SA entry as invalid. Also,
move setting of valid bit to the end in case of session_create() to
eliminate possibility of hardware seeing partial data.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The member 'dir' should not overlap with 'ip'. Usage of union for all
members would mean dir would get corrupt.
Fixes: e91b4f45ff54 ("net/octeontx2: support anti-replay for security session")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The instruction queue is enabled in dev start and
is disabled in dev stop.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This commit updates the QAT raw data-path API to support the
changes made to device and sessions. The QAT RAW data-path API
now works on Generation 1-3 devices and is disabled on GEN4.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Rework init common header function for request
descriptor so it can be called only once.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Content descriptor functions are incorrectly named,
having them with proper name will improve readability and
facilitate further work.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Different generations of Intel QuickAssist Technology devices may
differ in approach to allocate queues. Queue pair number function
therefore needs to be more generic.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
In the inline inound path, a custom header would be present at L3 which
has sequence number & SPI. L2 need to be adjusted such that the eventual
packet would have L3 after L2. Remove assumption of L2 type in this
handling.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
Add PCI ID for crypo_cn9k PMD.
To avoid conflicting PCI ID in crypto_octeontx2 and crypto_cn9k PMDs,
disable crypto_cn9k PMD when built with octeontx2 config.
The lack of PCI ID is causing debug build to fail on Ubuntu 18.04
for crypto_cn9k PMD.
Reported-by: Ali Alnubani <alialnu@nvidia.com>
Suggested-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Feature flags in dev would be updated during config. On reconfigure, the
field need to be set again to original value.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
This patch fix the input arguments assignment to the correct
parameters in mrvl_pmd_init_params struct.
Fixes: 25b05a1c806 ("crypto/mvsam: parse max number of sessions")
Cc: stable@dpdk.org
Signed-off-by: Dana Vardi <danat@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
Till now comments explain queue mapping per
one and two crypto devices.
Now added comments for queue mapping for three
crypto devices supported in CN9132.
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
This patch fix wrong clear memory session pointer.
When call mrvl_crypto_pmd_sym_session_clear function,
it might cause the following error:
CRYPTODEV: set_sym_session_private_data() line 497:
Set private data for driver 1 not allowed
This fix set zeroes to mrvl_crypto_session pointer instead to
rte_cryptodev_sym_session pointer, and will verify that
rte_cryptodev_sym_session pointer will not lose data such as
nb_drivers.
Bugzilla ID: 646
Fixes: 8a61c83af2fa ("crypto/mrvl: add mrvl crypto driver")
Cc: stable@dpdk.org
Signed-off-by: Dana Vardi <danat@marvell.com>
Reviewed-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
Increased AAD max size up to 64B and allowed AAD increment step
1B according to EIP197 token HW limitation.
In addition, some capabilities were found incorrect due to
running FIPS tests. The patch fix the capabilities.
Fixes: 8a61c83af2f ("crypto/mrvl: add mrvl crypto driver")
Fixes: 2c22aa4f8f6 ("crypto/mvsam: update hash digest sizes")
Fixes: a84226fc055 ("crypto/mvsam: support HMAC SHA224")
Cc: stable@dpdk.org
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
Tested-by: Liron Himi <lironh@marvell.com>
For AEAD session and AES-GCM mode, IV offset will
set to include the Nonce.
In addition, the following operations order will define:
first encryption and then authentication.
Fixes: 8a61c83af2fa ("crypto/mrvl: add mrvl crypto driver")
Cc: stable@dpdk.org
Signed-off-by: Dana Vardi <danat@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
Tested-by: Liron Himi <lironh@marvell.com>
This patch fixes the aesni_gcm performance issue on systems with AVX512
CPU flag presented but with VAES CPU flag missing, such as Skylake.
Fixes: 81fe96a0cece ("crypto/aesni_gcm: use architecture independent API")
Cc: stable@dpdk.org
Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Added support for crypto adapter OP_FORWARD mode.
As OcteonTx CPT crypto completions could be out of order, each crypto op
is enqueued to CPT, dequeued from CPT and enqueued to SSO one-by-one.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
In Arm platform, when "RTE_ARCH_ARM64_MEMCPY" is set as true, gcc will
report variable uninitialized warning:
../drivers/crypto/qat/qat_sym_session.c: In function ‘partial_hash_compute’:
../lib/eal/include/generic/rte_byteorder.h:241:24: warning:
‘<U35a0>’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
241 | #define rte_bswap32(x) __builtin_bswap32(x)
...
This is because "digest" will be initialized by "rte_memcpy" function
rather than "memcpy" if "RTE_ARCH_ARM64_MEMCPY" is set as true.
Furthermore, 'rte_memcpy' will initialize 'digest' with two steps
by invoking rte_mov_x functions. For example:
partial_hash_sha1 -> rte_memcpy -> rte_memcpy_ge16_lt_128 ->
step 1: rte_mov16(dst,src )
step 2: rte_mov16(dst - 16 + n, src - 16 + n)
However, gcc compiler cannot identify this multi-step initialization,
then it will report warning.
To fix this, use "memset" to initialize "digest".
Fixes: cd7fc8a84b48 ("eal/arm64: optimize memcpy")
Cc: stable@dpdk.org
Signed-off-by: Feifei Wang <feifei.wang2@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
When used with crypto adapter, metabuf pool would be shared across
cores. Account for the same in pool size.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
When used with crypto adapter, metabuf pool would be shared across
cores. Account for the same in pool size.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add asymmetric crypto capabilities supported
by cn9k and cn10k PMDs. Documentation is also
updated for the same.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add asymmetric crypto session ops for both cn9k
and cn10k PMD.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add support for digest support for various algorithms.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
