The usual device sequence is configure, queue setup and start.
Crypto device should be started before use.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.
CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break
Coverity issue: 120136
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
crypto_statistics array was not big enough for storing
all the possible crypto device statistics, as its size was
RTE_MAX_ETHPORTS, but should be RTE_CRYPTO_MAX_DEVS, leading
this to a potential out-of-bounds issue.
Coverity issue: 120145
Fixes: 387259bd6c ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Crypto operations are enqueued in the crypto devices
when the crypto device buffers are full (MAX_PKT_BURST),
in order to be more efficient.
The problem is that operations might be stuck in those buffers,
if they never get full, and therefore, those operations
will never be performed.
Therefore, it is necessary to have a buffer flush mechanism,
similar to the one used for flush the TX buffers, so eventually,
all packets received are ciphered and sent out.
Fixes: 387259bd6c ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Added new SW PMD which makes use of the libsso_kasumi SW library,
which provides wireless algorithms KASUMI F8 and F9
in software.
This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_KASUMI_F8
- RTE_CRYPTO_SYM_AUTH_KASUMI_F9
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
When initializing crypto devices within the app,
the provided key sizes are checked against the supported
sizes from the crypto device capabilities.
When the supported sizes are not a range, but a single value,
the check may become an infinite loop (when size is not supported).
Fixes: a061e50a0d ("examples/l2fwd-crypto: fix ambiguous input key size")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
This patch enables AES-XCBC-MAC authentication algorithm support to
l2fwd-crypto sample application.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch enables AES counter mode algorithm support to l2fwd-crypto
sample application.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The rte_eth_dev_count() function will never return a value greater
than RTE_MAX_ETHPORTS, so that checking is useless.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
When parsing crypto device type, the string was being copied
with strcpy(), which could overflow the destination buffer
(which is 32 byte long), so snprintf() should be used instead.
This fixes coverity issue 124575:
/examples/l2fwd-crypto/main.c: 1005 in l2fwd_crypto_parse_args_long_options()
>>> CID 124575: (STRING_OVERFLOW)
>>> You might overrun the 32 byte fixed-size string
"options->string_auth_algo" by copying "optarg" without checking the length.
1005 strcpy(options->string_auth_algo, optarg);
Fixes: 49f79e8648 ("examples/l2fwd-crypto: add missing string initialization")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Fix for compilation errors for icc:
error #188: enumerated type mixed with another type
Fixes: 00c58901f1 ("examples/l2fwd-crypto: use key-value list of supported algorithms")
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Define and use ETH_LINK_UP and ETH_LINK_DOWN where appropriate.
Signed-off-by: Marc Sune <marcdevel@gmail.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Display extra crypto information (algorithms, keys/IV/AAD used, chain...),
so user can know exactly what operations are being carried out.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
In order to ease the parsing and display of supported algorithms
in the application, two new arrays are created, which contains
the strings of the different cipher and authentication algorithms,
These lists are used to parse the algorithms from the command line,
and will be used to display crypto information to the user.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Cipher/Auth keys, AAD and IV must be passed from command line
with ":" between bytes, but help was not clarifying that.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Some crypto algorithms support more than one key size
(including cipher key, authentication key, IV and AAD),
but the app was using always the minimum size.
These changes allows the user to use an specific size,
either from the string provided with cipher_key, auth_key, iv and ADD
parameters, or from the values provided with cipher_key_random_size,
auth_key_random_size, iv_random_size and aad_random_size.
This also allows the user to specify the digest size.
Fixes: 1df9c0109f ("examples/l2fwd-crypto: parse key parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
App was generating a random IV/AAD of only 4 bytes,
instead of the actual length, since it was using sizeof(length).
Fixes: 27cf2d1b18 ("examples/l2fwd-crypto: discover capabilities")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When passing the preferred crypto device type in the command line
parameters, the string (HW/SW/ANY) was not being saved, which is used
for error information to the user.
Fixes: 27cf2d1b18 ("examples/l2fwd-crypto: discover capabilities")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
L2fwd-crypto app is based on L2fwd app and it inherits
some of its parameters (such as portmask, queues per core...).
The parameter period (period of time between statistic updates)
is -T in L2fwd, but was -t in L2fwd-crypto, so for consistency,
it is changed back to -T
Fixes: 387259bd6c ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
NULL crypto operation is now supported, but l2fwd-crypto
was missing an update on the list of supported algorithms
that can be passed from command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
AES GCM is an algorithm for both ciphering and authentication,
but the authentication algorithm was missing in the
list of supported algorithms that can be passed from command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Since SNOW3G UEA2/UIA2 are supported now by both HW and SW,
l2fwd-crypto may use them, extending the list of algorithms
parsed from command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Previous cdev parameter was changed to cdev_type,
to select a crypto device type preference (HW/SW/ANY),
instead of the device itself (QAT/AESNI...).
Also deleted cdev duplicated parameter from the help.
Fixes: 27cf2d1b18 ("examples/l2fwd-crypto: discover capabilities")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Crypto devices now have information about
which crypto operations they are capable of provide.
This patch makes the app use this information,
removing all hardcoded values.
User now needs to create the virtual crypto devices
or bind the HW crypto devices, and the app will use
the ones capable of performing the crypto op specified
(user can select between HW/SW through command line)
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Added cipher-only, hash-only operation cases,
which will be supported in the future.
Also, only sets authentication and ciphering parameters
when needed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
So far, L2fwd crypto app could parse cipher, auth keys
and IV, but not AAD (additional authentication data).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Implement key parsing functionality, so user can provide
auth and cipher keys, plus IV, from the command line.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Min Cao <min.cao@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
As cryptodev library does not depend on mbuf_offload library
any longer, this patch removes it.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This patch modifies the crypto burst enqueue/dequeue APIs to operate on bursts
rte_crypto_op's rather than the current implementation which operates on
rte_mbuf bursts, this simplifies the burst processing in the crypto PMDs and the
use of crypto operations in general, including new functions for managing
rte_crypto_op pools.
These changes continues the separation of the symmetric operation parameters
from the more general operation parameters, which will simplify the integration
of asymmetric crypto operations in the future.
PMDs, unit tests and sample applications are also modified to work with the
modified and new API.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Remove unused phys_addr field from key in crypto_xform,
simplify struct and fix knock-on impacts in l2fwd-crypto app
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This patch splits symmetric specific definitions and
functions away from the common crypto APIs to facilitate the future extension
and expansion of the cryptodev framework, in order to allow asymmetric
crypto operations to be introduced at a later date, as well as to clean the
logical structure of the public includes. The patch also introduces the _sym
prefix to symmetric specific structure and functions to improve clarity in
the API.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
cryptodev_aesni_mb_init was returning the device id of
the device just created, but rte_eal_vdev_init
(the function that calls the first one), was expecting 0 or
negative value.
This made impossible to create more than one aesni_mb device
from command line.
Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Reset total statistics (sum of all port statistics) before
adding up the new accumulated statistics per port.
Fixes: 387259bd6c ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
passing -t 0 as a command line argument causes the application
to exit with an "invalid refresh period specified" error which is
contrary to applications help text.
This patch removes the unnecessary option "--no-stats" and fixes the
behaviour of the -t parameter.
Fixes: 387259bd6c ("examples/l2fwd-crypto: add sample application")
Reported-by: Min Cao <min.cao@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
This patch creates a new sample applicaiton based off the l2fwd
application which performs specified crypto operations on IP packet
payloads which are forwarding.
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
