Commit Graph

357 Commits

Author SHA1 Message Date
Henry Nadeau
9c30a6f3c9 doc: fix spelling
Spell checked and corrected documentation.
If there are any errors, or I have changed something that wasn't an error
please reach out to me so I can update the dictionary.

Cc: stable@dpdk.org

Signed-off-by: Henry Nadeau <hnadeau@iol.unh.edu>
2021-07-31 20:03:47 +02:00
Hemant Agrawal
29c875cc11 doc: remove SDK info from DPAA2 drivers guides
The prerequisite info is already present in the platform guide.
No need to repeat it in individual dev guides.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2021-07-23 20:33:12 +02:00
Michael Shamis
e0f89d5e1f crypto/mvsam: support IPsec offload
This patch provides the support for IPsec protocol
offload to the hardware.
Following security operations are added:
- session_create
- session_destroy
- capabilities_get

Signed-off-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
Tested-by: Liron Himi <lironh@marvell.com>
2021-07-21 15:08:52 +02:00
Shiri Kuzin
40e91195d5 test/crypto: support mlx5 driver
In order to test the new mlx5 crypto PMD, the driver is added to the
crypto test application.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:27:00 +02:00
Suanming Mou
8e196c08ab crypto/mlx5: support enqueue/dequeue operations
The crypto operations are done with the WQE set which contains
one UMR WQE and one rdma write WQE. Most segments of the WQE
set are initialized properly during queue setup, only limited
segments are initialized according to the crypto detail in the
datapath process.

This commit adds the enqueue and dequeue operations and updates
the WQE set segments accordingly.

Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:27:00 +02:00
Suanming Mou
a1978aa23b crypto/mlx5: add maximum segments configuration
The mlx5 HW crypto operations are done by attaching crypto property
to a memory region. Once done, every access to the memory via the
crypto-enabled memory region will result with in-line encryption or
decryption of the data.

As a result, the design choice is to provide two types of WQEs. One
is UMR WQE which sets the crypto property and the other is rdma write
WQE which sends DMA command to copy data from local MR to remote MR.

The size of the WQEs will be defined by a new devarg called
max_segs_num.

This devarg also defines the maximum segments in mbuf chain that will be
supported for crypto operations.

Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:27:00 +02:00
Suanming Mou
e8db4413cb crypto/mlx5: add keytag configuration
A keytag is a piece of data encrypted together with a DEK.

When a DEK is referenced by an MKEY.bsf through its index, the keytag is
also supplied in the BSF as plaintext. The HW will decrypt the DEK (and
the attached keytag) and will fail the operation if the keytags don't
match.

This commit adds the configuration of the keytag with devargs.

Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:27:00 +02:00
Shiri Kuzin
debb27ea34 crypto/mlx5: create login object using DevX
To work with crypto engines that are marked with wrapped_import_method,
a login session is required.
A crypto login object needs to be created using DevX.

The crypto login object contains:
	- The credential pointer.
	- The import_KEK pointer to be used for all secured information
	  communicated in crypto commands (key fields), including the
	  provided credential in this command.
	- The credential secret, wrapped by the import_KEK indicated in
	  this command. Size includes 8 bytes IV for wrapping.

Added devargs for the required login values:
	- wcs_file - path to the file containing the credential.
	- import_kek_id - the import KEK pointer.
	- credential_id - the credential pointer.

Create the login DevX object in pci_probe function and destroy it in
pci_remove.
Destroying the crypto login object means logout.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:27:00 +02:00
Shiri Kuzin
247ad1305a crypto/mlx5: add memory region management
Mellanox user space drivers don't deal with physical addresses as part
of a memory protection mechanism.
The device translates the given virtual address to a physical address
using the given memory key as an address space identifier.
That's why any mbuf virtual address is moved directly to the HW
descriptor(WQE).

The mapping between the virtual address to the physical address is saved
in MR configured by the kernel to the HW.

Each MR has a key that should also be moved to the WQE by the SW.

When the SW sees an unmapped address, it extends the address range and
creates a MR using a system call.

Add memory region cache management:
	- 2 level cache per queue-pair - no locks.
	- 1 shared cache between all the queues using a lock.

Using this way, the MR key search per data-path address is optimized.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:27:00 +02:00
Shiri Kuzin
1004be3c03 crypto/mlx5: support session operations
Sessions are used in symmetric transformations in order to prepare
objects and data for packet processing stage.

A mlx5 session includes iv_offset, pointer to mlx5_crypto_dek struct,
bsf_size, bsf_p_type, block size index, encryption_order and encryption
standard.

Implement the next session operations:
        mlx5_crypto_sym_session_get_size- returns the size of the mlx5
	session struct.
	mlx5_crypto_sym_session_configure- prepares the DEK hash-list
	and saves all the session data.
	mlx5_crypto_sym_session_clear - destroys the DEK hash-list.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 22:26:43 +02:00
Shiri Kuzin
a7c86884f1 crypto/mlx5: introduce Mellanox crypto driver
Add a new PMD for Mellanox devices- crypto PMD.

The crypto PMD will be supported starting Nvidia ConnectX6 and
BlueField2.

The crypto PMD will add the support of encryption and decryption using
the AES-XTS symmetric algorithm.

The crypto PMD requires rdma-core and uses mlx5 DevX.

This patch adds the PCI probing, basic functions, build files and
log utility.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 21:45:58 +02:00
Arek Kusztal
8f393c4ffd common/qat: support GEN4 devices
This commit adds support for fourth generation (GEN4) of
Intel QuickAssist (QAT) Technology devices.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-20 10:32:05 +02:00
Fan Zhang
a13de42b27 doc: update dependencies for SW crypto PMDs
This patch updates the dependency requirement information
for aesni-gcm, aesni-mb, snow3g, zuc, and kasumi PMDs. Previously
building these PMDs with Make will fail when the system is
installed intel-ipsec-mb library version 1.0 or newer.

Since Make build system is deprecated already, instead of fixing
the issue the documentation is updated to state it.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
2021-07-07 21:28:39 +02:00
Kiran Kumar K
c7e6ab78f4 test/crypto: add cnxk for asymmetric cases
Registered cn9k and cn10k for asymmetric crypto
autotest. Documentation and release notes are also
updated.

Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:28:13 +02:00
Anoob Joseph
ba57cbd5fe crypto/cnxk: add asymmetric capabilities
Add asymmetric crypto capabilities supported
by cn9k and cn10k PMDs. Documentation is also
updated for the same.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:28:09 +02:00
Kiran Kumar K
5a3513caeb crypto/cnxk: add asymmetric session
Add asymmetric crypto session ops for both cn9k
and cn10k PMD.

Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:27:03 +02:00
Anoob Joseph
69407e7936 crypto/cnxk: add security capabilities
Add security capabilities supported by crypto cn10k PMD.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Srujana Challa <schalla@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Tejasree Kondoj
5db3d7d061 test/crypto: enable cnxk
Enable tests for cn9k & cn10k crypto PMDs.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Ankur Dwivedi
bf6629497a crypto/cnxk: add symmetric capabilities
Add symmetric crypto capabilities for cn9k & cn10k.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Tejasree Kondoj
786963fdcf crypto/cnxk: add digest support
Add support for digest support for various algorithms.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Tejasree Kondoj
546dff20a0 crypto/cnxk: add KASUMI decryption
Add KASUMI decrypt support.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Tejasree Kondoj
0c83c9abb9 crypto/cnxk: add ZUC and SNOW3G decryption
Add PDCP opcode which handles ZUC and SNOW3G.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Archana Muniganti
b02cd7a316 crypto/cnxk: add flexi cipher decryption
Add flexi crypto cipher decrypt support in enqueue API. Flexi crypto
opcode covers a broad set of ciphers including variants of AES.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Archana Muniganti
be0fd62a68 crypto/cnxk: add chained operation in session
Add support for chained operations in session.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Anoob Joseph
a21db2f7c5 crypto/cnxk: add dequeue burst
Add dequeue_burst op in cn9k & cn10k.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Ankur Dwivedi
2457705e64 crypto/cnxk: add driver skeleton
Add driver skeleton for crypto_cn9k & crypto_cn10k
PMDs leveraging cnxk common framework.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-07-07 21:15:08 +02:00
Pablo de Lara
5a36ec7351 doc: support IPsec Multi-buffer lib v1.0
Updated AESNI MB and AESNI GCM, KASUMI, ZUC and SNOW3G PMD documentation
guides with information about the latest Intel IPSec Multi-buffer
library supported.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2021-05-20 23:10:22 +02:00
Thomas Monjalon
b7fe612ac1 doc: fix names of UIO drivers
Fix typos in the names of kernel drivers based on UIO,
and make sure the generic term for the interface is UIO in capitals.

Fixes: 3a78b2f732 ("doc: add virtio crypto PMD guide")
Fixes: 3cc4d996fa ("doc: update VFIO usage in qat crypto guide")
Fixes: 39922c470e ("doc: add known uio_pci_generic issue for i40e")
Fixes: 86fa6c57a1 ("doc: add known igb_uio issue for i40e")
Fixes: beff6d8e8e ("net/netvsc: add documentation")
Cc: stable@dpdk.org

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
2021-04-22 00:06:47 +02:00
Matan Azrad
07b0b75370 cryptodev: formalize key wrap method in API
The Key Wrap approach is used by applications in order to protect keys
located in untrusted storage or transmitted over untrusted
communications networks. The constructions are typically built from
standard primitives such as block ciphers and cryptographic hash
functions.

The Key Wrap method and its parameters are a secret between the keys
provider and the device, means that the device is preconfigured for
this method using very secured way.

The key wrap method may change the key length and layout.

Add a description for the cipher transformation key to allow wrapped key
to be forwarded by the same API.

Add a new feature flag RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY to be enabled
by PMDs support wrapped key in cipher trasformation.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Tejasree Kondoj
398b70cbbb crypto/octeontx2: support lookaside IPv4 transport mode
Adding support for IPv4 lookaside IPsec transport mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Tejasree Kondoj
0ff065d096 crypto/octeontx2: support UDP encapsulation
Adding UDP encapsulation support for IPsec in
lookaside protocol mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Matan Azrad
d014dddb2d cryptodev: support multiple cipher data-units
In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.

A block cipher consists of two paired algorithms, one for encryption
and the other for decryption. Both algorithms accept two inputs:
an input block of size n bits and a key of size k bits; and both yield
an n-bit output block. The decryption algorithm is defined to be the
inverse function of the encryption.

For AES standard the block size is 16 bytes.
For AES in XTS mode, the data to be encrypted\decrypted does not have to
be multiple of 16B size, the unit of data is called data-unit.
The data-unit size can be any size in range [16B, 2^24B], so, in this
case, a data stream is divided into N amount of equal data-units and
must be encrypted\decrypted in the same data-unit resolution.

For ABI compatibility reason, the size is limited to 64K (16-bit field).
The new field dataunit_len is inserted in a struct padding hole,
which is only 2 bytes long in 32-bit build.
It could be moved and extended later during an ABI-breakage window.

The current cryptodev API doesn't allow the user to select a specific
data-unit length supported by the devices.
In addition, there is no definition how the IV is detected per data-unit
when single operation includes more than one data-unit.

That causes applications to use single operation per data-unit even though
all the data is continuous in memory what reduces datapath performance.

Add a new feature flag to support multiple data-unit sizes, called
RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
Add a new field in cipher capability, called dataunit_set,
where the devices can report the range of the supported data-unit sizes.
Add a new cipher transformation field, called dataunit_len, where the user
can select the data-unit length for all the operations.

All the new fields do not change the size of their structures,
by filling some struct padding holes.
They are added as exceptions in the ABI check file libabigail.abignore.

Using a bitmap to report the supported data-unit sizes capability allows
the devices to report a range simply as same as the user to read it
simply. also, thus sizes are usually common and probably will be shared
among different devices.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Anoob Joseph
5c727feebb doc: update limitations of OCTEON TX crypto PMDs
Update known limitations of OCTEON TX crypto PMDs.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
2021-04-16 12:43:33 +02:00
Tejasree Kondoj
de5eb0a604 common/cpt: support encrypted digest mode
Added support for DIGEST_ENCRYPTED mode for octeontx
and octeontx2 platforms.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00
Thomas Monjalon
b164198729 drivers: align log names
The log levels are configured by using the name of the logs.
Some drivers are aligned to follow a common log name standard:
	pmd.class.driver[.sub]
Some "common" drivers skip the "class" part:
	pmd.driver.sub

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Rosen Xu <rosen.xu@intel.com>
Acked-by: Xiao Wang <xiao.w.wang@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Min Hu (Connor) <humin29@huawei.com>
2021-04-08 18:32:31 +02:00
Thomas Monjalon
de34aaa96b doc: replace hugepages commands with dedicated tool
The tool dpdk-hugepages.py, added in DPDK 20.11,
is referenced in the guides instead of more complicate commands.

The original Linux commands are kept in linux_gsg/sys_reqs.rst
and nics/build_and_test.rst.

Suggested-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2021-02-11 23:26:37 +01:00
Hemant Agrawal
83087a92e2 crypto/dpaa2_sec: support AES-CMAC integrity check
This patch adds support for AES_CMAC integrity in non-security mode.
This patch modifies the camm flib to handles the AES CMAC
without conflicting the proto ALG operations. i.e. by creating
another ALG operation routine.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2021-01-19 18:05:45 +01:00
Akhil Goyal
caf84d618d crypto/dpaa2_sec: support AES-XCBC-MAC
This patch add support for AES-XCBC-MAC for following cases
- AES-XCBC-MAC auth only
- AES-CBC/CTR + AES-XCBC-MAC (non-proto)
- AES-CBC/CTR + AES-XCBC-MAC (protocol offload)
- DES-CBC + AES-XCBC-MAC (non-proto)
- 3DES-CBC + AES-XCBC-MAC (non-proto)

Signed-off-by: Barry Cao <barry.cao@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2021-01-19 18:05:45 +01:00
Ankur Dwivedi
61baeec468 crypto/octeontx2: support AES-CBC SHA256-128-HMAC
Support for aes-cbc sha256-128-hmac is added in lookaside protocol
mode. The functionality is verified using ipsec-secgw application.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
2021-01-19 18:05:17 +01:00
Ankur Dwivedi
8f685ec2d5 crypto/octeontx2: support AES-CBC SHA1-HMAC
Support for aes-cbc sha1-hmac is added in lookaside protocol
mode. The functionality is verified using ipsec-secgw application.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
2021-01-19 18:05:17 +01:00
Tejasree Kondoj
bab97a3ffb crypto/octeontx2: support CN98xx
CN98xx SoC comes up with two CPT blocks wrt
CN96xx, CN93xx, to achieve higher performance.

Adding support to allocate all LFs of VF with even BDF from CPT0
and all LFs of VF with odd BDF from CPT1.
If LFs are not available in one block then they will be allocated
from alternate block.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2021-01-19 18:05:17 +01:00
Tejasree Kondoj
5be562bc5b crypto/octeontx2: support IPsec ESN and anti-replay
Adding ESN and anti-replay support for lookaside IPsec.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2021-01-19 18:05:17 +01:00
Stephen Hemminger
db27370b57 eal: replace blacklist/whitelist options
Replace -w / --pci-whitelist with -a / --allow options
and --pci-blacklist with --block.
The -b short option remains unchanged.

Allow the old options for now, but print a nag
warning since old options are deprecated.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
2020-11-16 00:11:22 +01:00
Pablo de Lara
39831d49d3 doc: support IPsec Multi-buffer lib v0.55
Updated AESNI MB and AESNI GCM PMD documentation guides
with information about the latest Intel IPSec Multi-buffer
library supported.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-11-12 22:10:59 +01:00
Dharmik Thakkar
40892ddb39 crypto/armv8: replace meson option with pkg-config support
With pkg-config support available within AArch64crypto library,
meson option 'armv8_crypto_dir' can be removed.
PKG_CONFIG_PATH environment variable should be set appropriately
to use the crypto library.

Suggested-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Dharmik Thakkar <dharmik.thakkar@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
2020-11-13 10:34:04 +01:00
Didier Pallard
8bd1040a70 crypto/octeontx2: fix out-of-place support
Out of place with linear buffers is supported by octeontx2
while not advertised.

Fixes: 6aa9ceaddf ("crypto/octeontx2: add symmetric capabilities")
Cc: stable@dpdk.org

Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Acked-by: Ankur Dwivedi <adwivedi@marvell.com>
2020-11-02 09:24:41 +01:00
Didier Pallard
16c011472d crypto/octeontx: fix out-of-place support
Out of place with linear buffers is supported by octeontx
while not advertised.

Fixes: 0dc1cffa4d ("crypto/octeontx: add hardware init routine")
Cc: stable@dpdk.org

Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Acked-by: Ankur Dwivedi <adwivedi@marvell.com>
2020-11-02 09:24:41 +01:00
Vikas Gupta
fbca4639a6 doc: update bcmfs guide
Update bcmfs.rst file with supported features and devices.

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Reviewed-by: JP Lee <jongpil.lee@broadcom.com>
2020-11-02 09:24:41 +01:00
John McNamara
41545d91a4 doc: recommend latest OpenSSL version
Add recommendation to update to latest OpenSSL version when
using the OpenSSL PMD and to at least version 1.1.1g to avoid
known CVEs.

Signed-off-by: John McNamara <john.mcnamara@intel.com>
2020-11-02 09:24:41 +01:00
Adam Dybkowski
3cc4d996fa doc: update VFIO usage in qat crypto guide
This patch marks the old igb-uio driver as unsecure when used
with the QAT PMD and updates all examples to recommend using
VFIO-PCI instead.
It also mentions security issues with the QAT CPM and provides
information about the new VFIO-PCI parameter 'disable_denylist'
available in Linux kernels 5.9 and later.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
2020-11-02 09:24:40 +01:00