761 Commits

Author SHA1 Message Date
Thierry Herbelot
67ab783b5d crypto/openssl: use local copy for session contexts
Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.

Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
2019-11-08 13:51:16 +01:00
Nipun Gupta
3ffce51a1f crypto/dpaa2_sec: add enqueue retry timeout
This patch adds retry in the DPAA2 SEC packet enqueue API

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
a37ce227a8 crypto/dpaax_sec: enable anti replay window config
This patch usages the anti replay window size to config
the anti replay checking  in decap path for lookaside
IPSEC offload

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Vakul Garg
1cdfbb0b83 crypto/dpaax_sec: enable IPsec AES-CTR to use nonce
The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Vakul Garg
5906b0ad0f crypto/dpaax_sec: use AES-CTR initial counter as 1
As per RFC3686, the initial aes-ctr counter value should be '1' for use
in ipsec. The patches changes SEC descriptor for using correct counter
value. In addition, it drops a redundant parameter for passing IV while
creating the descriptor.

This patch adds changes for all NXP crypto PMDs

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Gagandeep Singh
fd900d3853 crypto/dpaa_sec: use macros in queue attach and detach
Align the cleanup and allocation for the queues.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Gagandeep Singh
686bbb70cf crypto/dpaa2_sec: remove redundant checks
This patch remove redundant context type checks.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
247b69083e crypto/dpaax_sec: warn on truncated SHA-256
This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
2c318722fe crypto/dpaa_sec: support AES-GCM for lookaside protocol
This patch add support for AES-128-GCM, when used in
lookaside protocol offload case.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
c1ff974908 crypto/dpaa2_sec: support AES-GCM for lookaside protocol
AES-GCM is now supported for lookaside protocol offload also.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
f73d6928e0 crypto/dpaa_sec: support null cipher and null auth
These are supported when using protocol offload mode or when
in chain mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
a4e4a71cb1 crypto/dpaa2_sec: support null cipher and null auth
These are supported when using protocol offload mode or in chain mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
e1e52232b5 crypto/dpaa_sec: add check for session validity
Check if the session is not null during processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
447a5d4029 crypto/dpaa2_sec: add check for session validity
Check if the session is not null during processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
91413a88e7 crypto/dpaa_sec: fix PDCP capability flags
set the pdcp capa_flags to 0 by default.

Fixes: a1173d55598c ("crypto/dpaa_sec: support PDCP offload")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Pablo de Lara
4b70152374 crypto/aesni_gcm: support in-place chained mbufs
IPSec Multi buffer library supports encryption on multiple segments.
When dealing with chained buffers (multiple segments), as long as
the operation is in-place, the destination buffer does not have to
be contiguous (unlike in the case of out-of-place operation).
Therefore, the limitation of not supporting in-place chained mbuf
can be removed.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-11-08 13:51:16 +01:00
Akhil Goyal
4bc65cf119 crypto/dpaa2_sec: fix length retrieved from hardware
FD retrieved from SEC after crypto processing provides
an updated length of the buffer which need to be updated
in mbuf. The difference in length can be negative hence
changing diff to int32_t from uint32_t.

Fixes: 0a23d4b6f4c2 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
408077f283 bus/dpaa: move QBMAN global init to bus
DPAA SEC shall be able to work independent of DPAA ETH
driver.
This patch moves qbman init to bus, so that any driver
can use them even when no eth resources are present
or none of the eth devices are probed.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-06 01:14:41 +01:00
Ciara Power
38383890b2 crypto/dpaa2_sec: fix build with clang 3.4.2
Building with clang 3.4.2 caused the following error:

  CC dpaa2_sec_dpseci.o
In file included from /dpdk/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c:40:
In file included from /dpdk/drivers/common/dpaax/caamflib/desc/ipsec.h:11:
In file included from /dpdk/drivers/common/dpaax/caamflib/rta.h:11:
In file included from .../common/dpaax/caamflib/rta/sec_run_time_asm.h:14:
/dpdk/drivers/common/dpaax/compat.h:108:18:
error: redefinition of typedef 'dma_addr_t' is a C11 feature
[-Werror,-Wtypedef-redefinition]
typedef uint64_t        dma_addr_t;
                        ^
/dpdk/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c:37:18:
note: previous definition is here
typedef uint64_t        dma_addr_t;
                        ^

The dma_addr_t was defined in the common compat.h file, and does not
need to be redefined.

The meson build include directories list was updated to enable the
definition in the common compat.h file be used.

Fixes: 8c83f28cc8a4 ("common/dpaax: move OF library from DPAA bus")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-11-01 22:28:46 +01:00
Dharmik Thakkar
b28f28ae80 rename private header files
Some of the internal header files have 'rte_' prefix
and some don't.
Remove 'rte_' prefix from all internal header files.

Suggested-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Dharmik Thakkar <dharmik.thakkar@arm.com>
Reviewed-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
2019-10-27 22:03:06 +01:00
Ferruh Yigit
2c44964461 crypto/virtio: fix global variable multiple definitions
'virtio_hw_internal' global variable is defined in both 'crypto/virtio'
and 'net/virtio' PMDs. This means they share same storage when
application linked with static DPDK library, which is not the intention.

Fixing by adding 'crypto_' prefix to the 'crypto/virtio' driver.

Issue has been detected by '-fno-common' gcc flag.

Fixes: 25500d4b8076 ("crypto/virtio: support device init")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-10-25 23:16:23 +02:00
Ferruh Yigit
2ce24ee7ac crypto/null: fix global variable multiple definitions
'null_logtype_driver' global variable is defined in a header file which
was causing multiple definitions of the variable, fixed it by moving it
to the .c file.

Issue has been detected by '-fno-common' gcc flag.

Fixes: 735b783d8c2b ("crypto/null: add dynamic logging")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-10-25 23:16:23 +02:00
Hemant Agrawal
8c83f28cc8 common/dpaax: move OF library from DPAA bus
This code is being shared by more than 1 type of driver.
Common is most appropriate place for it.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-10-23 16:43:08 +02:00
Hemant Agrawal
314424b69e crypto/dpaax_sec: enable build without rte_security
This patch enables the dpaaX_sec compilation when
RTE_LIBRTE_SECURITY is disabled.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
a7f8087bbd crypto/qat: fix AES CMAC mininum digest size
AES-CMAC is used in 3gpp specifications hence it is needed
to support 4 byte digest.

Fixes: 91c1daa4e1f0 ("crypto/qat: support AES-CMAC")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
539a3216e1 crypto/qat: support RSA CRT in asym
This commit extends RSA implementation by CRT option

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
e2c5f4ea99 crypto/qat: support RSA in asym
This commit adds RSA algorithm to asymmetric pmd
using pair (n, d) private key

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
e1ed5a73cd crypto/qat: support session-less for asym ops
This patch adds option to use asymmetric crypto pmd with
session-less support.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Damian Nowak
65beb9abca crypto/qat: fix null auth when using VFIO
When running auth NULL cases while using
vfio_pci, DMAR read/write faults appear. It
happens even if digest_length is set to 0.
This is caused by auth_res_addr initialized
as 0x0.

Fixes: 4e0955bddb08 ("crypto/qat: fix null auth algo overwrite")
Cc: stable@dpdk.org

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Pablo de Lara
ec73bcf3fa crypto/aesni_gcm: allow device init if no AES-NI is present
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-10-23 16:57:06 +02:00
Pablo de Lara
fb1033a788 crypto/aesni_mb: allow device init if no AES-NI is present
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
c0ded84913 common/dpaax: move shared sec HW code from dpaa2_sec
The SEC HW code is being shared by multiple NXP based
drivers. It is better to place it at a common place.
Current users are:
1. DPAA2_SEC
2. DPAA_SEC
3. CAAM_JR

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Sunila Sahu
04227377c8 crypto/octeontx2: support asymmetric in enqueue/dequeue
This patch adds asymmetric support in enqueue/dequeue ops.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
364b9bfc81 crypto/octeontx2: add asymmetric session
This patch adds asymmetric session setup and free routines.
RSA and modexp operations are supported.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
17ac2a7219 crypto/octeontx2: add enqueue/dequeue ops
This patch adds the enqueue burst and dequeue
burst callbacks for the OCTEON TX2 crypto driver.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Ankur Dwivedi
3e72548830 crypto/octeontx2: add session related functions
This patch adds the symmetric session related callbacks.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
6aa9ceaddf crypto/octeontx2: add symmetric capabilities
This patch adds the symmetric capabilities
for OCTEON TX2 crypto PMD.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Ankur Dwivedi
556a273e78 crypto/octeontx2: add queue pair functions
This patch adds the queue pair setup and
queue pair release functions for OCTEON TX2 crypto pmd.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Ankur Dwivedi
dfacd1f9f7 crypto/octeontx2: support control ops
This patch adds the device control functions.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
818d138bcc crypto/octeontx2: add init sequence in probe
This patch adds the device init sequence for
OCTEON TX2 crypto device.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
2f8a1b963e crypto/octeontx2: add PMD skeleton
Adding OCTEON TX2 crypto PMD skeleton.
Enabling the driver by default in common_base.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Sunila Sahu
e9a356e2fc crypto/octeontx: add asymmetric enqueue/dequeue ops
Add asymmetric crypto op enqueue & dequeue routines

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
fadc1ea15c common/cpt: add helper functions for asymmetric crypto
Add helper functions to get meta len for asymmetric operations

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
33bcaae5f8 crypto/octeontx: add asymmetric session operations
Add asymmetric session setup and free functions. RSA and modexp
operations are supported.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
13d711f353 crypto/octeontx: add device type mailbox routine
Add mailbox communication to query symmetric or asymmetric device type

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
8524b44ebc crypto/dpaa_sec: reorganize session management
The session related parameters shall be populated during
the session create only.
At the runtime on first packet, the CDB should just reference
the session data instead of re-interpreting data again.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
c5788a1097 crypto/dpaa_sec: support SNOW3G and ZUC
This patch add support for ZUC and SNOW 3G in
non-PDCP offload mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Vakul Garg
3394ed4715 crypto/dpaax_sec: support auth trailer in cipher-auth
For cases like ESN where authentication data can be after cipher
data, support for authentication trailer is required.
This patch adds support of auth-only data trailing after cipher data.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Vakul Garg
7a4a6da470 crypto/dpaax_sec: enhance GCM descs to not skip AAD
The GCM descriptors needlessly skip auth_only_len bytes from output
buffer. Due to this, workarounds have to be made in dpseci driver code.
Also this leads to failing of one cryptodev test case for gcm. In this
patch, we change the descriptor construction and adjust dpaaX_sec
accordingly. The test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg
now passes.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Vakul Garg
98e8427390 crypto/dpaa_sec: fix auth-cipher check for AEAD
The code shall also check aead as non auth-cipher case

Fixes: 1f14d500bce1 ("crypto/dpaa_sec: support IPsec protocol offload")
Cc: stable@dpdk.org

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00