Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Added the support for rte_security_op.session_get_size()
in all the PMDs which support rte_security sessions and the
op was not supported.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
As per current design, rte_security_session_create()
unnecessarily use 2 mempool objects for a single session.
To address this, the API will now take only 1 mempool
object instead of 2. With this change, the library layer
will get the object from mempool and session priv data is
stored contiguously in the same mempool object.
User need to ensure that the mempool created in application
is big enough for session private data as well. This can be
ensured if the pool is created after getting size of session
priv data using API rte_security_session_get_size().
Since set and get pkt metadata for security sessions are now
made inline for Inline crypto/proto mode, a new member fast_mdata
is added to the rte_security_session.
To access opaque data and fast_mdata will be accessed via inline
APIs which can do pointer manipulations inside library from
session_private_data pointer coming from application.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.
To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.
rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.
In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.
Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>
Arm port of ipsec_mb library [1] has different header file name than
the Intel ipsec_mb library. Proper header name is picked according to
the architecture to get the code compile when ipsec_mb is installed on
Arm platform.
And the Arm port currently supports ZUC and SNOW3g. Call to other
algorithms will be blocked.
[1] https://gitlab.arm.com/arm-reference-solutions/ipsec-mb/-/tree/main
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Ashwin Sekhar T K <asekhar@marvell.com>
The intel-ipsec-mb header is included by ipsec_mb_private header file.
Hence removed intel-ipsec-mb from files that have ipsec_mb_private
included.
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Enable support for arm64 architecture in ipsec_mb. x86
specific code is conditionally compiled only for x86
architecture builds. Other architectures will be unsupported.
Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
The vdev bus interface is for drivers only.
Mark as internal and move the header in the driver headers list.
While at it, cleanup the code:
- fix indentation,
- remove unneeded reference to bus specific singleton object,
- remove unneeded list head structure type,
- reorder the definitions and macro manipulating the bus singleton object,
- remove inclusion of rte_bus.h and fix the code that relied on implicit
inclusion,
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Rosen Xu <rosen.xu@intel.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Start a new release cycle with empty release notes.
The ABI version becomes 23.0.
The map files are updated to the new ABI major number (23).
The ABI exceptions are dropped and CI ABI checks are disabled because
compatibility is not preserved.
Special handling of removed drivers is also dropped in check-abi.sh and
a note has been added in libabigail.abignore as a reminder.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
GCC 12 raises the following warning:
In function ‘__rte_ring_enqueue_elems_64’,
inlined from ‘__rte_ring_enqueue_elems’ at
../lib/ring/rte_ring_elem_pvt.h:130:3,
inlined from ‘__rte_ring_do_hts_enqueue_elem’ at
../lib/ring/rte_ring_hts_elem_pvt.h:196:3,
inlined from ‘rte_ring_mp_hts_enqueue_burst_elem’ at
../lib/ring/rte_ring_hts.h:110:9,
inlined from ‘rte_ring_enqueue_burst_elem’ at
../lib/ring/rte_ring_elem.h:577:10,
inlined from ‘rte_ring_enqueue_burst’ at
../lib/ring/rte_ring.h:738:9,
inlined from ‘process_op_bit’ at
../drivers/crypto/ipsec_mb/pmd_snow3g.c:425:16,
inlined from ‘snow3g_pmd_dequeue_burst’ at
../drivers/crypto/ipsec_mb/pmd_snow3g.c:484:20:
../lib/ring/rte_ring_elem_pvt.h:68:44: error: array subscript 1 is
outside array bounds of ‘struct rte_crypto_op[0]’
[-Werror=array-bounds]
68 | ring[idx + 1] = obj[i + 1];
| ~~~^~~~~~~
../drivers/crypto/ipsec_mb/pmd_snow3g.c: In function
‘snow3g_pmd_dequeue_burst’:
../drivers/crypto/ipsec_mb/pmd_snow3g.c:434:1: note:
at offset 8 into object ‘op’ of size 8
434 | snow3g_pmd_dequeue_burst(void *queue_pair,
| ^~~~~~~~~~~~~~~~~~~~~~~~
Validate that one (exactly) op has been processed or return early.
Fixes: b537abdbee ("crypto/snow3g: support bit-level operations")
Cc: stable@dpdk.org
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
This patch replaces instances of zero-sized arrays i.e. those at the end
of structures with "[0]" with the more standard syntax of "[]".
Replacement was done using coccinelle script, with some revert and
cleanup of whitespace afterwards.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Morten Brørup <mb@smartsharesystems.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Add SGL support for chacha20_poly1305 algorithm through JOB API.
Supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.
Feature flags not added, as the PMD does not support SGL for all
other algorithms.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add SGL support for GCM algorithm through JOB API.
This change supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.
Feature flags are not added, as the PMD does not yet support SGL for
all other algorithms.
If an SGL op for an unsupported algorithm is being processed,
a NULL job is submitted instead.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch removes coverity defect CID 375828:
Untrusted value as argument (TAINTED_SCALAR)
Coverity issue: 375828
Fixes: ceb8639387 ("crypto/aesni_gcm: support all truncated digest sizes")
Cc: stable@dpdk.org
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
AES-GMAC requires plaintext length to be 0 when using AES-GCM,
so only AAD data is used.
Fixes: a501609ea6 ("crypto/ipsec_mb: fix length and offset settings")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Tested-by: Radu Nicolau <radu.nicolau@intel.com>
KASUMI, SNOW3G and ZUC require lengths and offsets to
be set in bits or bytes depending on the algorithm.
There were some algorithms that were mixing these two,
so this commit is fixing this issue.
Fixes: ae8e085c60 ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Fixes: 8c835018de ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
ZUC PMD batches crypto operations depending on their type
(encryption + tag generation, tag verification + decryption, etc),
to allow parallelization.
The array used to store the pointers to these operations was
always the same array provided by dequeue_burst() function,
and it was looping around the same positions (from 0 to ZUC_MAX_BURST - 1).
A new internal array is used to avoid overwriting the pointers
of the array provided by dequeue_burst() function.
Fixes: cf7685d68f ("crypto/zuc: add driver for ZUC library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
ZUC authentication is done over multiple buffers at a time.
When authentication verification is done, multiple scratch buffers
are using to generate the tags that will be compared afterwards.
However, the same scratch buffer was used always, instead of having
different ones for each crypto operation.
Fixes: 0b133c36ad ("crypto/zuc: support IPsec Multi-buffer lib v0.54")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
When processing crypto operations in ZUC PMD,
there were two operation types that were set at session level,
but not checked when the operations are enqueued and processed,
leaving the buffers untouched silently.
Fixes: cde8df1bda ("crypto/ipsec_mb: move zuc PMD")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add NULL cipher and auth support to AESNI-MB PMD type.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
The qp is never NULL when it reaches the qp_setup_cleanup error handling
code. This is due to checks earlier in the function that return an error
if qp is NULL.
Coverity issue: 375013
Fixes: 581c39b1cb ("crypto/ipsec_mb: fix queue cleanup null pointer dereference")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Memory for ZUC cipher/auth key in session had to be expanded to 32 bytes,
instead of 16 bytes, when adding ZUC-256 support.
However, impact is low as this memory is part of a union
with bigger size than 32 bytes.
Coverity issue: 374374
Coverity issue: 374379
Fixes: 8c835018de ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Functions like free, rte_free, and rte_mempool_free
already handle NULL pointer so the checks here are not necessary.
Remove redundant NULL pointer checks before free functions
found by nullfree.cocci
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Downcasting a void * to struct aesni_gcm_session * caused the session
data to be treated as tainted.
Removing the void * temporary variable and adding a cast avoids this
issue.
Coverity issue: 374377
Fixes: 746825e5c0 ("crypto/ipsec_mb: move aesni_gcm PMD")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
The qp was being used in the cleanup without checking if it was non NULL.
A check is now added to verify qp is non NULL before use.
Coverity issue: 374375
Fixes: c75542ae42 ("crypto/ipsec_mb: introduce IPsec_mb framework")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When setting up a qp in a secondary process, the local qp pointer is set
to the stored device qp, configured by the primary process for that
device, but only if that device qp is not NULL.
If the device qp was not set up correctly by the primary process and has
a NULL value, the local qp variable stays at the default initialised
value, NULL. This causes a NULL pointer dereference later in the
function when using the qp value.
This is fixed by always setting the local qp to the value of the device
qp stored, and then checking if qp is NULL, returning an error if it is.
Coverity issue: 374382
Fixes: 72a169278a ("crypto/ipsec_mb: support multi-process")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When authenticating with SNOW3G, KASUMI and ZUC,
the pointers for encryption/decryption keys is not set.
If a cipher algorithm such as AES-CBC is also used,
the application would seg fault.
Hence, these pointers should be set to some value by default.
Command line to replicate the issue:
./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \
--devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo \
snow3g-uia2 --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent \
--total-ops 1000000 --auth-op generate --burst-sz 32 \
--cipher-algo aes-ctr --cipher-key-sz 16 --cipher-iv-sz 16
Fixes: ae8e085c60 ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Remove the check and build failure from crypto/meson.build
in case building for Windows OS.
Add this check/failure in the meson.build file of each crypto PMD
that is not enforcing it to allow PMD support for Windows
per driver when applicable.
Signed-off-by: Tal Shnaiderman <talshn@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Invoke event_dev_probing_finish() function at the end of probing,
this function sets the function pointers in the fp_ops flat array
in case of secondary process.
For primary process, fp_ops is updated in rte_cryptodev_start().
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Add in new chacha20_poly1305 PMD to the ipsec_mb framework.
Signed-off-by: Kai Ji <kai.ji@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch removes the crypto/zuc folder and gathers all zuc PMD
implementation specific details into two files,
pmd_zuc.c and pmd_zuc_priv.h in the crypto/ipsec_mb folder.
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch enables out-of-place auth-cipher operations where
digest should be encrypted along with the rest of raw data.
It also adds support for partially encrypted digest when using
auth-cipher operations.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch removes the crypto/snow3g folder and gathers all snow3g PMD
implementation specific details into a single file,
pmd_snow3g.c in the crypto/ipsec_mb folder.
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch removes the crypto/kasumi folder and gathers all kasumi PMD
implementation specific details into a single file,
pmd_kasumi.c in the crypto/ipsec_mb folder.
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch removes the crypto/aesni_gcm folder and gathers all
aesni-gcm PMD implementation specific details into a single file,
pmd_aesni_gcm.c in the crypto/ipsec_mb folder.
A redundant check for iv length is removed.
GCM ops are stored in the queue pair for multi process support, they
are updated during queue pair setup for both primary and secondary
processes.
GCM ops are also set per lcore for the CPU crypto mode.
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add support for ZUC-EEA3-256 and ZUC-EIA3-256.
Only 4-byte tags supported for now.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch removes the crypto/aesni_mb folder and gathers all
aesni-mb PMD implementation specific details into a single file,
pmd_aesni_mb.c in crypto/ipsec_mb.
Now that intel-ipsec-mb v1.0 is the minimum supported version, old
macros can be replaced with the newer macros supported by this version.
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The ipsec_mb SW PMD now has multiprocess support.
The queue-pair IMB_MGR is stored in a memzone instead of being allocated
externally by the Intel IPSec MB library, when v1.1 is used.
If v1.0 is used, multi process is not supported, and allocation is
done as before.
The secondary process needs to reconfigure the queue-pair to allow for
IMB_MGR function pointers be updated.
Intel IPsec MB library version 1.1 is required for this support.
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch introduces the new framework to share common code between
the SW crypto PMDs that depend on the intel-ipsec-mb library.
This change helps to reduce future effort on the code maintenance and
feature updates.
The PMDs that will be added to this framework in subsequent patches are:
- AESNI MB
- AESNI GCM
- CHACHA20_POLY1305
- KASUMI
- SNOW3G
- ZUC
The use of these PMDs will not change, they will still be supported for
x86, and will use the same EAL args as before.
The minimum required version for the intel-ipsec-mb library is now v1.0.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Akhil Goyal <gakhil@marvell.com>
