Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.
To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.
User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.
To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.
In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.
Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Add support for vector aggregation of crypto operations for cn10k.
Crypto operations will be grouped by sub event type, flow id, scheduler
type and queue id fields from rte_event_crypto_metadata::response_info.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
The API rte_security_get_userdata() was being unused by most of
the drivers and it was retrieving userdata from mbuf dynamic field.
Hence, the API was removed and the application can directly get the
userdata from dynamic field. This helps in removing extra checks
in datapath.
Signed-off-by: Srujana Challa <schalla@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add support for offloading RTE_CRYPTO_CIPHER_AES_DOCSISBPI and
RTE_CRYPTO_CIPHER_DES_DOCSISBPI algorithms to symmetric crypto session.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Errors in crypto adapter datapath can be handled gracefully. So the
error print can be moved under debug.
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
'struct roc_se_buf_ptr ctx_buf' has fields for a pointer and len.
The field for len was unused.
It is removed and the required pointer is added in the parent struct.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Identify the datapath thread to be used during session create. This can
be used to call right function early on to avoid multiple session
specific checks in datapath functions.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Change engine group of Chacha20-Poly1305 as it is
supported on IE engines also.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Auth IV is not applicable for kasumi cipher operation.
Removed the same.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Field op_minor is required only for digest encrypted cases
with chained ops, hence removed from AES-GCM path.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
When the flag ROC_SE_VALID_MAC_BUF is set, digest length will be
non-zero. Remove extra check in datapath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Fill FC params routine now caters to only KASUMI & FC_GEN.
Call appropriate functions directly.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
For both AES-GCM and ChaChaPoly, digest size must be non-zero.
So remove the conditional handling in the datapath.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Limit meta buf pool cache size as 128. Having 512 as
the cache size would cause more time for refill.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Zeroising AES-CMAC IV would be done in microcode.
Clearing in DPDK is not redundant.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Added support for burst enqueue for cn10k event crypto adapter.
Instructions will be grouped based on the queue pair and sent in a burst.
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Use the Full context SA structures and command in IPsec fast path.
For inline outbound, populate CPT instruction as per full context.
Added new macros and functions with respect to full context.
Populate WQE ptr in CPT instruction with proper offset from mbuf.
Also add option to override outbound inline SA IV for debug
Update mbuf length based on IP version in Rx post process purposes
via environment variable.
User can set env variable as:
export ETH_SEC_IV_OVR="0x0, 0x0,..."
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Make rte_driver opaque for non internal users.
This will make extending this object possible without breaking the ABI.
Introduce a new driver header and move rte_driver definition.
Update drivers and library to use the internal header.
Some applications may have been dereferencing rte_driver objects, mark
this object's accessors as stable.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Jay Jayatheerthan <jay.jayatheerthan@intel.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
The pci bus interface is for drivers only.
Mark as internal and move the header in the driver headers list.
While at it, cleanup the code:
- fix indentation,
- remove unneeded reference to bus specific singleton object,
- remove unneeded list head structure type,
- reorder the definitions and macro manipulating the bus singleton object,
- remove inclusion of rte_bus.h and fix the code that relied on implicit
inclusion,
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Acked-by: Rosen Xu <rosen.xu@intel.com>
ESN provided in the session would be the next sequence number to be
used. Hence predecrement the value, so that in datapath, incremented
value will be as expected.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Add hardware supported flow control checks before enqueueing to CPT.
Since both poll mode and event mode can be used at the same time, add
hardware flow control checks to make sure s/w doesn't over submit to
hardware queues. For cn9k, queue depth usage is not high and so FC check
is omitted for poll mode.
To allow for more accurate updates, flow control hardware setting is
updated to give an update per 32 packets. In case of crypto adapter,
multiple cores can enqueue to the same CPT LF at the same time. To
allow such a case, flow control threshold is updated when the adapter
is configured.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Adding support for zuc, snow3g and aes-ctr-cmac
chained operations on cn9k using key and IV scheme
in microcode.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Remove SA & packet accesses in dequeue path by adjusting the headers in
the enqueue path for outbound packets. For inbound packets, add extra
esn_en flag in the SA to minimize cache line accesses in the datapath.
Also, use seq_lo for IPID. IPID just need to be unique. Instead of
incrementing per packet, use ESN low bits.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Move the IPsec SA creation to common.
The code can be used by fastpath also to create the SAs
Add changes to support new full context microcode
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The following warning is observed with GCC 12 compilation:
In file included from ../drivers/crypto/cnxk/cn10k_cryptodev_ops.c:17:
In function ‘fill_sg_comp_from_iov’,
inlined from ‘cpt_pdcp_chain_alg_prep’ at
../drivers/crypto/cnxk/cnxk_se.h:1194:8,
inlined from ‘cpt_fc_enc_hmac_prep’ at
../drivers/crypto/cnxk/cnxk_se.h:1871:9,
inlined from ‘fill_digest_params’ at
../drivers/crypto/cnxk/cnxk_se.h:2829:8,
inlined from ‘cpt_sym_inst_fill’ at
../drivers/crypto/cnxk/cn10k_cryptodev_ops.c:92:9,
inlined from ‘cn10k_cpt_fill_inst.constprop’ at
../drivers/crypto/cnxk/cn10k_cryptodev_ops.c:146:10:
../drivers/crypto/cnxk/cnxk_se.h:222:52: warning: array subscript 0 is
outside array bounds of ‘struct roc_se_buf_ptr[0]’ [-Warray-bounds]
222 | e_vaddr = (uint64_t)bufs[j].vaddr;
| ~~~~~~~^~~~~~
../drivers/crypto/cnxk/cnxk_se.h:223:48: warning: array subscript 0 is
outside array bounds of ‘struct roc_se_buf_ptr[0]’ [-Warray-bounds]
223 | e_len = (size > bufs[j].size) ? bufs[j].size : size;
| ~~~~~~~^~~~~
This patch resolves the warning.
Fixes: 3de331795f ("crypto/cnxk: add flexi cipher encryption")
Cc: stable@dpdk.org
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Response info may have valid sub_event_type. Pass this to the event
generated by CPT.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Shijith Thotton <sthotton@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
The value of ec_mdata cannot be NULL, instead check that value of
private_data_offset was set.
Coverity issue: 378861, 378865
Fixes: 97ebfda829 ("crypto/cnxk: add event metadata set operation")
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
The microcode expects the IV to be in reverse of what is provided
by dpdk test app. Also the first 8 bytes of reversed IV is
compressed to 6 bytes.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
- move RSA padding into separate struct.
More padding members should be added into padding,
therefore having separate struct for padding parameters will
make this more readable.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Function roc_sso_hws_head_wait() expects a base as input pointer, and it
will itself get tag_op from the base. By passing tag_op instead of base
pointer to this function will add SSOW_LF_GWS_TAG register offset twice,
which will lead to accessing wrong register.
Fixes: 1f5b3d55c0 ("event/cnxk: store and reuse workslot status")
Cc: stable@dpdk.org
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Jerin Jacob <jerinj@marvell.com>
In a situation where crypto_caps elements are checked only for
RTE_CRYPTO_OP_TYPE_UNDEFINED until valid op defined, there is
possibility for an out of bound access. Add this array by one
element for current capabilities.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Usage of flush and invalidate would involve delays to account
for flush delay. Use set_ctx operation instead. When set_ctx fails,
fall back to flush + invalidate scheme.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
