When operation calls for auth (digest generation), followed by
encryption of both data plus digest, the digest-in-buffer
flag must be set for QAT.
Fixes: 39e0bee48e81 ("crypto/qat: rework request builder for performance")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
This patch fixes the inflexible compile issue AESNI-MB PMD.
Originally the compile of the PMD will fail if IPSec_MB is
not installed in default location.
Fixes: c68d7aa354f6 ("crypto/aesni_mb: use architecture independent macros")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used
Fixes: 828d51d8fc ("bus/fslmc: refactor scan and probe functions")
Fixes: c22fab9a6c ("raw/dpaa2_qdma: support configuration APIs")
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Fixes: b23d4e898a ("crypto/dpaa2_sec: add per dev mempool to store FLE")
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Fixes: f44bccadd8 ("crypto/caam_jr: add device basic operations")
Fixes: 7e3e2954e0 ("crypto/dpaa_sec: move mempool allocation to config")
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixes: 547a4d40e7bf ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4c2 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In dpaa_sec, each session should have a separate in-queue,
and each in-queue should be mapped to an outq.
So if multiple flows of same SA comes to different cores
due to rss distribution of NIC, enqueue from any core will
try to do re-assignment of inq - outq mapping which will fail.
In this patch, for each core a separate inq is allocated and
used from each of the core. But the number of outq will remain
the same and we save the pointer to outq in session for each
of the cores.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP session configuration for lookaside protocol offload
and data path is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DEPDIRS is no longer used in DPDK driver makefiles. Removing it.
Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512
algorithms support to AESNI-MB PMD. The cryptodev unit test and
documentation are updated accordingly.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds the AES-GMAC authentication only support to AESNI-MB
PMD, including the driver code, cryptodev unit test, and documentation
updates.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch duplicates the original rte_aesni_mb_pmd*.c files and replaces
the function calls provided by intel-ipsec-mb library into
architecture-independent macros. The build systems are updated to choose
compiling either rte_aesni_mb_pmd*.c or rte_aesni_mb_pmd*_compat.c based
on the installed intel-ipsec-mb version. For the intel-ipsec-mb older
than 0.52.0 rte_aesni_mb_pmd*_compat.c will be compiled, otherwise
rte_aesni_mb_pmd*.c will be compiled.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch renames the rte_aesni_mb_pmd*.c to
rte_aesni_mb_pmd*_compat.c to indicate those files are for
compatible with older versoin of intel-ipsec-mb library
only.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch fixes the memory leak during queue pair release.
Originally the operation ring is not freed when releasing
queue pair, causing the next queue_pair configure call fail
and memory leak.
Fixes: eec136f3c54f ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: cf7685d68f00 ("crypto/zuc: add driver for ZUC library")
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library")
Fixes: 94b0ad8e0aa5 ("null_crypto: add driver for null crypto operations")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
NULL algo algo does not to set counter flag so it should be zeroed.
Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
AES-CCM algo does not to set counter flag so it should be zeroed.
Fixes: ab56c4d9ed9a ("crypto/qat: support AES-CCM")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Error code of qat_hash_get_block_size needs to be handle properly.
Fixes: 10b49880e3c5 ("crypto/qat: make the session struct variable in size")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Remove if() condition prior to calling BN_free() as
BN_free(a) does nothing if a is NULL.
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The function otx_cpt_get_resource() would be setting the pointer
'instance'. In case of error, 'instance' would be set to NULL, and
returns rte_errno. If rte_errno when 'instance' is set to NULL, it can
lead to NULL pointer dereferencing.
Coverity Issue: 323486, 323489
Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton")
Fixes: 0961348fdf52 ("crypto/octeontx: add queue pair functions")
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
If the length of string pointed by 'name' is equal to or greater than
the sizeof cptvf->dev_name string, the resultant string will not be
null terminated. Using strlcpy would make sure the string would always
be null terminated.
Coverity Issue: 323492
Fixes: 0dc1cffa4d33 ("crypto/octeontx: add hardware init routine")
Signed-off-by: Ankur Dwivedi <ankur.dwivedi@caviumnetworks.com>
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
This patch fixes the queue pair free for AESNI-MB PMD. Originally
the queue pair ring name are different than the object name,
caused the aesni_mb_pmd_qp_release() cannot find the ring to
release. This patch uses the same name between queue pair object
name and ring name.
Fixes: a831c318c54d ("crypto/aesni_mb: free ring memory on queue release")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
File *fp, opened but not closed, this patch add fclose(fp)
Fixes: ef4b04f87fa6 ("crypto/ccp: support device init")
Cc: stable@dpdk.org
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Ravi Kumar <ravi1.kumar@amd.com>
Check should be on parameter uio_fd instead of
local variable job_ring
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
Current OpenSSL PMD RSA verify implementation overrides application passed
sign input by decrypted output which isn't expected.
This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use
tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPTO_OP_STATUS_ERROR on signature mismatch.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
build_error:
drivers/crypto/scheduler/scheduler_pmd.c: In function ‘parse_name_arg’:
drivers/crypto/scheduler/scheduler_pmd.c:372:2: error: ‘strncpy’
specified bound 64 equals destination size [-Werror=stringop-truncation]
strncpy(params->name, value, RTE_CRYPTODEV_NAME_MAX_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
strncpy may result a not null-terminated string,
replaced it with strlcpy
Fixes: 503e9c5afb38 ("crypto/scheduler: register as vdev driver")
Cc: stable@dpdk.org
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Some global variables are defined with generic names, add component name
as prefix to variables to prevent collusion with application variables.
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Acked-by: Tianfei Zhang <tianfei.zhang@intel.com>
Some global variables can indeed be static, add static keyword to them.
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
PDCP session configuration for lookaside protocol offload
and data path is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2 SEC platform can support look aside protocol
offload for PDCP protocol.
The relevant APIs for configuring the hardware for PDCP
is added for various modes and crypto algorithms.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Horia Geanta Neag <horia.geanta@nxp.com>
Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
dma_addr_t is already defined in compat.h.
so removing the local definition from caam_jr_config.h
Fixes: 64c0451f5bb9 ("crypto/caam_jr: add HW tuning options")
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
RTE_SECURITY is enabled by default. If it is disabled, dpaa2_sec,
dpaa_sec and caam_jr compilation fails.
This patch fixes compilation by disabling these drivers
when rte_security is not available.
Fixes: 1ee9569576f6 ("config: enable dpaaX drivers for generic ARMv8")
Fixes: 09e1e8d256b0 ("mk: fix dependencies of dpaaX drivers")
Fixes: af7c9b5e9ce7 ("crypto/caam_jr: introduce basic driver")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
We use _GNU_SOURCE all over the place, but often times we miss
defining it, resulting in broken builds on musl. Rather than
fixing every library's and driver's and application's makefile,
fix it by simply defining _GNU_SOURCE by default for all
builds.
Remove all usages of _GNU_SOURCE in source files and makefiles,
and also fixup a couple of instances of using __USE_GNU instead
of _GNU_SOURCE.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
This patch provides the support for protocol offload
to the hardware. following security operations are
added:
- session_create
- session_destroy
- capabilities_get
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for :
1. creating run time sec hw decriptors for a given request.
2. enqueue operation to the caam jr ring
3. dequeue operation from the caam jr ring in poll mode
4. creating a crypto protocol descriptor for session - first time.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support to create session configuration
of various types i.e. cipher, auth and aead etc.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
caam_jr need support from kernel caam driver for
job ring initialisation. So to access register space
for job ring and allow re configure and map to userspace
UIO interface is used. This also allows to handle the
caam interrupts from the user space.
This patch adds UIO specific operations
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add routines for configuring the hw
to support various features.
These routines will be used by the PMD ops.
The patch also defines structure and macros used
to access hw capabilities.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
caam_jr hardware can be tuned for multiple settings
like ring depth, coalescing, notification types, cache
size etc.
These parameter can be used for performance tuning
for various platforms.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The caam_jr poll mode crypto driver is supported for
NXP SEC 4.x+ (CAAM) hardware accelerator.
This driver is by default supported on LE platforms,
if it is used on BE platforms like LS104X,
config option CONFIG_RTE_LIBRTE_PMD_CAAM_JR_BE can be
enabled.
This patch add skeleton for caam jobring driver
with probe and uintialisation functions
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch updates the current AESNI-MB PMD with added AES-GCM
algorithm support. The patch includes the necessary changes
to the code including the capability update, control and data
patch changes for the AES-GCM algorithm support.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
This patch add AES-CMAC support. CMAC is a keyed hash function
that is based on a symmetric key block cipher. It is One-Key
CBC MAC improvement over XCBC-MAC. RFC 4493. NIST SP 800-38B.
Signed-off-by: Tomasz Cel <tomaszx.cel@intel.com>
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Queues attached to event crypto device can be
parallel, atomic and ordered.
This patch add support for atomic queues processing
for dpaa2_sec queues.
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
dpaa2_sec hw queues can be attached to a hw dpaa2 event
device and the application can configure the event
crypto adapter to access the dpaa2_sec packets using
hardware events.
This patch defines APIs which can be used by the dpaa2
event device to attach/detach dpaa2_sec queues.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Ashish Jain <ashish.jain@nxp.com>