The QAT crypto driver does not need to depend on the ether library, so
remove the unnecessary header inclusion.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
For HMAC algorithms (SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 169ca3db55 ("crypto/armv8: add PMD optimized for ARMv8 processors")
Cc: stable@dpdk.org
Signed-off-by: Srisivasubramanian S <ssrinivasan@caviumnetworks.com>
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
For key sizes greater than digest length, pad with zero rather than
computing hash of the key itself.
Fixes: 169ca3db55 ("crypto/armv8: add PMD optimized for ARMv8 processors")
Cc: stable@dpdk.org
Signed-off-by: Srisivasubramanian S <ssrinivasan@caviumnetworks.com>
When calling rte_cryptodev_sym_session_init(),
if there was an error, it returned -1, instead
of returning the specific error code, which can
be valuable for the application for error handling.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Block size of SHA384-HMAC algorithm is 128 bytes,
and not 64 bytes.
Fixes: d905ee32d0 ("crypto/qat: add aes-sha384-hmac capability")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For HMAC algorithms (MD5-HMAC, SHAx-HMAC), the supported
key sizes are not a fixed value, but a range between
1 and the block size.
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Operations can be dequeued from the reordering ring only after they
were dequeued from the crypto pmd with rte_cryptodev_dequeue_burst()
function. It is not correct to dequeue them when status just changed
from RTE_CRYPTO_OP_STATUS_NOT_PROCESSED to any other value, as the
operations still can be processed by crypto pmd internally.
Now multicore scheduler workers mark status of all dequeued from
crypto pmd operations with CRYPTO_OP_STATUS_BIT_COMPLETE bit set.
Scheduler will dequeue crypto operations from reordering ring only
when this status bit is set. Prior to put this operation to output
buffer, scheduler clears this bit, so the application gets
unmodified status from crypto pmd.
Fixes: 4c07e0552f ("crypto/scheduler: add multicore scheduling mode")
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Crypto operation status RTE_CRYPTO_OP_STATUS_ENQUEUED is removed
from rte_crypto.h as it is not needed for crypto operation processing.
This status value is redundant to RTE_CRYPTO_OP_STATUS_NOT_PROCESSED value
and it was not intended to be part of public API.
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When creating a session, if there is a failure when
setting some of the parameters, QAT was not propagating
the error to the session initialization function.
Therefore, it was reporting a success, when it should
be report a failure.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional Authenticated Data (AAD) is called "aad" in most
places of cryptodev, but it was called "add_auth_data"
in the AEAD transform transform (aead_xform).
This field is renamed to "aad_length" in order to keep
consistency.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Older generations of QuickAssist hardware
may not support all algorithms supported by newer
generations. When sessions were specific to the device
this only needed to be handled on session creation.
With device-agnostic sessions, a session created
for a newer device may get routed to an older device which
can't support it.
This patch adds an enum to define QAT device generations
and uses this to detect and handle the above case on the
data path.
It also renames the capabilities structures and #defines
to match the generation names and adds the generation
to the device table in the documentation.
Fixes: b3bbd9e5f2 ("cryptodev: support device independent sessions")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
In the unlikely scenario that an application
calls rte_cryptodev_dequeue_burst with nb_ops = 0,
there was a job leak, as a job would be created
but would not be populated, as no operation is passed.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
For KASUMI F9 algorithm, COUNT, FRESH and DIRECTION
input values need to be contiguous with
the message, as described in the KASUMI and QAT PMD
documentation.
Before, the COUNT and FRESH values were set
as part of the AAD (now IV), but always set before
the beginning of the message.
Since now the IV is set after the crypto operation,
it is not possible to have these values in the
expected location.
Therefore, as these are required to be contiguous,
cryptodev API will expect these them to be passed
as a single buffer, already constructed, so
authentication IV parameters not needed anymore.
Fixes: 681f540da5 ("cryptodev: do not use AAD in wireless algorithms")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Authentication length and offset need to be set like for any other
authentication algorithms as it no longer uses aad pointer
Fixes: b79e4c00af ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional Authenticated Data (AAD) was removed from the
authentication parameters, but still the supported size
was part of the authentication capabilities of a PMD.
Fixes: 4428eda8bb ("cryptodev: remove AAD from authentication structure")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
When dequeueing operations from an AESNI-MB device,
crypto jobs are dequeued from the internal scheduler
in the Multi-buffer library.
If the number of jobs available to retrieve
are higher than the number of crypto operations
that are required, then an extra job is retrieved
(due to an incorrect conditional), but not used.
This leads to a job leak and the operation associated
to that job will not be ever dequeued.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Comment for device name is corrected.
Also the name string is made similar to other pmds.
Fixes: a3277ad47f ("cryptodev: remove crypto device driver name")
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
dpseci is allocated using rte_calloc() but it is freed
using free(). Fixing it to use rte_free()
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
To avoid a possible HW problem when dealing with
NULL authentication case, the state sizes
in the request descriptor are set.
Fixes: db0e952a5c ("crypto/qat: add NULL capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch fixes the incorrect index checking in parse_slave
function.
Fixes: 503e9c5afb ("crypto/scheduler: register as vdev driver")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
NXP Copyright has been wrongly worded with '(c)' at various places.
This patch removes these extra characters. It also removes
"All rights reserved".
Only NXP copyright syntax is changed. Freescale copyright is not
modified.
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Seen with gcc 4.9.2:
drivers/crypto/scheduler/scheduler_multicore.c:286:2: error:
'for' loop initial declarations are only allowed in C99 or C11 mode
for (uint16_t i = 0; i < sched_ctx->nb_wc; i++)
^
Fixes: 4c07e0552f ("crypto/scheduler: add multicore scheduling mode")
Signed-off-by: Jan Blunck <jblunck@infradead.org>
Replace the incorrect reference to "Cavium Networks", "Cavium Ltd"
company name with correct the "Cavium, Inc" company name in
copyright headers.
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Out-of-bounds access possible if ctx.qat_cipher_alg has invalid value.
This should never happen at this point on data path, but fix for safety.
Coverity issue: 143458, 143465
Fixes: d18ab45f76 ("crypto/qat: support DOCSIS BPI mode")
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Since now the private session data is initialized after
the session pool is created, there is no need to keep
this PMD function.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The session mempool pointer is needed in each queue pair,
if session-less operations are being handled.
Therefore, the API is changed to accept this parameter,
as the session mempool is created outside the
device configuration function, similar to what ethdev
does with the rx queues.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Change crypto device's session management to make it
device independent and simplify architecture when session
is intended to be used on more than one device.
Sessions private data is agnostic to underlying device
by adding an indirection in the sessions private data
using the crypto driver identifier.
A single session can contain indirections to multiple device types.
New function rte_cryptodev_sym_session_init has been created,
to initialize the driver private session data per driver to be
used on a same session, and rte_cryptodev_sym_session_clear
to clear this data before calling rte_cryptodev_sym_session_free.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Since crypto session will not be attached to a specific
device or driver, the field driver_id is not required
anymore (only used to check that a session was being
handled by the right device).
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Instead of creating the session mempool while configuring
the crypto device, apps will create the mempool themselves.
This way, it gives flexibility to the user to have a single
mempool for all devices (as long as the objects are big
enough to contain the biggest private session size) or
separate mempools for different drivers.
Also, since the mempool is now created outside the
device configuration function, now it needs to be passed
through this function, which will be eventually passed
when setting up the queue pairs, as ethernet devices do.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Cryptodev session structure was a duplication of the
cryptodev symmetric structure.
It was used by some PMDs that should use the symmetric
structure instead.
Since this structure was internal, there is no deprecation
notice required.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Multi-core scheduling mode is a mode where scheduler distributes
crypto operations in a round-robin base, between several core
assigned as workers.
Signed-off-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Remove crypto device driver name string definitions from librte_cryptodev,
which avoid to library changes every time a new crypto driver was added.
The driver name is predefined internaly in the each PMD.
The applications could use the crypto device driver names based on
options with the driver name string provided in command line.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Changes device type identification to be based on a unique
driver id replacing the current device type enumeration, which needed
library changes every time a new crypto driver was added.
The driver id is assigned dynamically during driver registration using
the new macro RTE_PMD_REGISTER_CRYPTO_DRIVER which returns a unique
uint8_t identifier for that driver. New APIs are also introduced
to allow retrieval of the driver id using the driver name.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
while registering driver to dpaa2, hard coded string is used.
It is now updated as per the latest changes in string name.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Since Intel Multi Buffer library for IPSec has been updated to
support Scatter Gather List, the AESNI GCM PMD can link
to this library, instead of the ISA-L library.
This move eases the maintenance of the driver, as it will
use the same library as the AESNI MB PMD.
It also adds support for 192-bit keys.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
IPSec Multi-buffer library v0.46 has been released,
which includes, among othe features, support for 12-byte IV,
for AES-CTR, keeping also the previous 16-byte IV,
for backward compatibility reasons.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
AES-GCM support is added as per the AEAD type of crypto
operations. Support for AES-CTR is also added.
test/crypto and documentation is also updated for
dpaa2_sec to add supported algorithms.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
