Commit Graph

5732 Commits

Author SHA1 Message Date
Fiona Trahe
8cad932e25 app/test: cleanup unnecessary crypto ring size setup
Removed obsolete comments re inability to free and re-allocate
queue memory and obsolete workaround for it
which used to create maximum size queues first, then later
create smaller queues.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-08 17:54:38 +02:00
Fiona Trahe
5cba7cbd9f app/test: remove useless loop for crypto
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-08 17:54:38 +02:00
Fiona Trahe
a831c318c5 crypto/aesni_mb: free ring memory on queue release
Free ring memory on queue_pair release, else
releasing and setting up queue-pair of a different size fails.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-08 17:54:38 +02:00
Pablo de Lara
5861531853 doc: fix typo in SNOW 3G guide
Fixes: 1d0c90e6cf ("doc: update build instructions for libsso_snow3g")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
2016-10-08 17:54:38 +02:00
Pablo de Lara
afc5dffaa0 cryptodev: fix build on Suse 11 SP2
This commit fixes following build error, which happens in SUSE 11 SP2,
with gcc 4.5.1:

In file included from lib/librte_cryptodev/rte_cryptodev.c:70:0:
lib/librte_cryptodev/rte_cryptodev.h:772:7:
error: flexible array member in otherwise empty struct

Fixes: 347a1e037f ("lib: use C99 syntax for zero-size arrays")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
50d75cae2a examples/ipsec-secgw: initialize SA salt
This patch initializes the salt value used by the following cipher
algorithms:
- CBC: random salt
- GCM/CTR: the key required is 20B, and the last 4B are used as salt.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
e715ca2892 examples/ipsec-secgw: add cryptodev queue size constant
Introduce a specific cryptodev queue size macro.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
6e1892a698 examples/ipsec-secgw: check SP only when setup
Application will segfault if there is IPv4 or IPv6 and no SP/ACL rules
for IPv4 or IPv6 respectively.

Avoid checking the ACL/SP in such cases.

Fixes: 906257e965 ("examples/ipsec-secgw: support IPv6")

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
4470c22de2 examples/ipsec-secgw: add AES-CTR
RFC3686: Using AES Counter (CTR) Mode With IPsec ESP.`

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
a9121c4001 examples/ipsec-secgw: add AES-GCM
Add support for AES-GCM (Galois-Counter Mode).

RFC4106: The Use of Galois-Counter Mode (GCM) in IPSec ESP.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
a60c05b540 examples/ipsec-secgw: reset crypto operation status
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Sergio Gonzalez Monroy
cef50fc6f1 examples/ipsec-secgw: change CBC IV generation
NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator

This patch implements the first recommended method by using the forward
function to generate the IV.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Slawomir Mrozowicz
4ab82fec13 examples/l2fwd-crypto: update for libcrypto
Libcrypto PMD has support for:

Supported cipher algorithms:
RTE_CRYPTO_CIPHER_3DES_CBC
RTE_CRYPTO_CIPHER_AES_CBC
RTE_CRYPTO_CIPHER_AES_CTR
RTE_CRYPTO_CIPHER_3DES_CTR
RTE_CRYPTO_CIPHER_AES_GCM

Supported authentication algorithms:
RTE_CRYPTO_AUTH_AES_GMAC
RTE_CRYPTO_AUTH_MD5
RTE_CRYPTO_AUTH_SHA1
RTE_CRYPTO_AUTH_SHA224
RTE_CRYPTO_AUTH_SHA256
RTE_CRYPTO_AUTH_SHA384
RTE_CRYPTO_AUTH_SHA512
RTE_CRYPTO_AUTH_MD5_HMAC
RTE_CRYPTO_AUTH_SHA1_HMAC
RTE_CRYPTO_AUTH_SHA224_HMAC
RTE_CRYPTO_AUTH_SHA256_HMAC
RTE_CRYPTO_AUTH_SHA384_HMAC
RTE_CRYPTO_AUTH_SHA512_HMAC

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Slawomir Mrozowicz
ffbe3be0d4 app/test: add libcrypto
This patch contains unit tests for libcrypto PMD. User can
use app/test application to check how to use this pmd and to
verify crypto processing.

Test name is cryptodev_libcrypto_autotest.
For performance test cryptodev_libcrypto_perftest can be used.

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:38 +02:00
Slawomir Mrozowicz
e1809db624 app/test: rework AES
This patch rework AES tests .
In general - rename AES-named functions to blockcipher functions pattern.

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:37 +02:00
Slawomir Mrozowicz
d61f70b4c9 crypto/libcrypto: add driver for OpenSSL library
This code provides the initial implementation of the libcrypto
poll mode driver. All cryptography operations are using Openssl
library crypto API. Each algorithm uses EVP_ interface from
openssl API - which is recommended by Openssl maintainers.

This patch adds libcrypto poll mode driver support to librte_cryptodev
library.

Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-08 17:54:37 +02:00
Pablo de Lara
1f393d822d examples/l2fwd-crypto: enable ZUC EEA3 and EIA3
This patch enables ZUC EEA3 cipher algorithm and
ZUC EIA3 authentication algorithm support to
l2fwd-crypto sample application.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-08 17:53:10 +02:00
Pablo de Lara
4c99481f49 app/test: add ZUC
Add cipher and authentication ZUC algorithm tests.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-08 17:53:10 +02:00
Pablo de Lara
24cc6c78fc app/test: rename some SNOW 3G functions
Before adding the new ZUC tests, since they will use
the existing common functions for SNOW3G and KASUMI,
these functions are renamed to *_wireless_algo_*,
instead of *_snow3g_kasumi_*, as they are common
functions for all the three wireless algorithms.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-08 17:53:10 +02:00
Pablo de Lara
cf7685d68f crypto/zuc: add driver for ZUC library
Added new SW PMD which makes use of the libsso SW library,
which provides wireless algorithms ZUC EEA3 and EIA3
in software.

This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_ZUC_EEA3
- RTE_CRYPTO_SYM_AUTH_ZUC_EIA3

The ZUC hash and cipher algorithms, which are enabled
by this crypto PMD are implemented by Intel's libsso software
library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-08 17:53:10 +02:00
Fiona Trahe
afd6aa6fd9 app/test: improve error message for disabled crypto
Improve error message if crypto PMD build is not enabled in config file

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-04 20:41:09 +02:00
Arek Kusztal
79521c4383 app/test: add AES GCM performance test
This patch adds AES Galois Counter Mode performance test case
for cryptodev QAT and AESNI GCM. Test is performed with different
buffer sizes, burst size of 32 and 128b key. Test vectors
are placed in app/test/test_cryptodev_perf_vectors.h file.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Pablo de Lara
94831f8f1d crypto: fix build with icc
This commit fixes a compilation error on icc,
due to unallowed conversion from int to enum:

drivers/crypto/snow3g/rte_snow3g_pmd.c(155):
    error #188: enumerated type mixed with another type
        sess->op = mode;
                 ^
drivers/crypto/kasumi/rte_kasumi_pmd.c(155):
    error #188: enumerated type mixed with another type
        sess->op = mode;
                 ^

Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: 2773c86d06 ("crypto/kasumi: add driver for KASUMI library")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
2016-10-04 20:41:09 +02:00
Pablo de Lara
1b529b0141 app/test: remove unnecessary conditional for crypto
Regardless the result of the conditional, the true and false
statements were the same, so the conditional can be removed.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Fan Zhang
60a94afefc examples/ipsec-secgw: add sample configuration files
This patch adds two sample configuration files to ipsec-secgw sample
application. The sample configuration files show how to setup
back-to-back systems that would forward traffic through an IPsec
tunnel.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-10-04 20:41:09 +02:00
Fan Zhang
0d547ed037 examples/ipsec-secgw: support configuration file
This patch adds the configuration file support to ipsec_secgw
sample application. Instead of hard-coded rules, the users can
specify their own SP, SA, and routing rules in the configuration
file. A command line option "-f" is added to pass the
configuration file location to the application.

Configuration item formats:

SP rule format:
sp <ip_ver> <dir> esp <action> <priority> <src_ip> <dst_ip> \
<proto> <sport> <dport>

SA rule format:
sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key> \
<mode> <src_ip> <dst_ip>

Routing rule format:
rt <ip_ver> <src_ip> <dst_ip> <port>

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-10-04 20:41:09 +02:00
Arek Kusztal
77debbbfdf app/test: fix verification of digest for GCM
This patch fixes verification of digest in test_cryptodev.c file
for AES GCM test cases.

Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Arek Kusztal
b2bb359747 crypto/aesni_gcm: move pre-counter block to driver
This patch moves computing of pre-counter block into the AESNI-GCM
driver so it can be moved from test files.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Fiona Trahe
e1b7f509e6 crypto/qat: add 3DES cipher algorithm
3DES support added to QuickAssist PMD with CTR and CBC mode.
Both cipher-only and chained with HMAC_SHAx.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Fiona Trahe
0fad384df0 crypto/qat: cleanup code
Cleanup of unused code.
Rename and simplify a badly named struct element, was aes, but
used for all types of ciphers.
Print correct error msg (Unsupported rather than Undefined)
for all ciphers not supported by QAT PMD.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Eoin Breen
cb4a1d14bf tools: bind crypto devices
Adding the support to bind/unbind crypto devices with
dpdk-devbind.py script, as now it is not restricted
to network devices anymore.

Signed-off-by: Eoin Breen <eoin.breen@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Pablo de Lara
af9f6afb14 crypto: rename all KASUMI references
KASUMI algorithm has all uppercase letters,
but some references of it had some lowercase letters.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Pablo de Lara
6aef763816 crypto: rename some SNOW 3G references
SNOW 3G algorithm has all uppercase letters in its name
and a space between SNOW and 3G, but some references of it
had some lowercase letters or no space.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
05175ec459 crypto/qat: fix FreeBSD build
Using sys/types.h instead of linux/types.h
so as to compile QAT_PMD on FreeBSD.

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-10-04 20:41:09 +02:00
Arek Kusztal
2508c30912 cryptodev: update GMAC API comments
In file rte_crypto_sym.h, GMAC API comments need to be changed
to comply with the GMAC specification. Main areas of change are
aad pointer and aad len, which now will be used to
provide plaintext.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Arek Kusztal
84baeeb267 app/test: add GMAC for qat
Added Galois Message Authentication Code (GMAC) tests to cryptodev tests.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Arek Kusztal
2fa64f840d crypto/qat: add GMAC capability
Added Galois Message Authentication Code (GMAC) capability to
QuickAssist Technology symmetric cryptographic driver.
GMAC is authentication only variant of Galois Counter Mode (GCM)
where all plaintext is provided with AAD pointer only.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
f2f639c6e0 crypto/qat: add C3xxx device
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
ae20c0735c crypto/qat: add C62x device
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
73d648b888 app/test: add KASUMI for qat
This patch adds KASUMI tests in the QAT testsuite.
Alg-Chaining tests have also been added in the KASUMI
SW PMD.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
d4f2745300 crypto/qat: add KASUMI
This patch add kasumi support in Intel(R)
QuickAssist driver.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
e66917150e app/test: rename some SNOW 3G functions
Renamed authenticated encryption and encrypted authentication
tests with easily recognized names.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
dac3985e7c app/test: cleanup crypto code
Cleanup the code for code design consistency.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
fddf380404 doc: fix names of supported crypto algorithms
Update documentation with correct names of supported algorithms.

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")
Fixes: 2773c86d06 ("crypto/kasumi: add driver for KASUMI library")

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Eoin Breen
d6740135f0 doc: add instructions to enable qat
Signed-off-by: Eoin Breen <eoin.breen@intel.com>
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
6bc4300318 crypto/null: fix key size increment value
This patch fixes the values of increment in key size.

Fixes: 94b0ad8e0a ("null_crypto: add driver for null crypto operations")

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
50914e6c18 app/test: add NULL operation for qat
Added NULL algorithm to test file for Intel(R) QuickAssist
Technology Driver.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
db0e952a5c crypto/qat: add NULL capability
Enabled NULL crypto for Intel(R) QuickAssist Technology.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
0cde3f55c9 app/test: add aes-sha384-hmac for qat
Added aes-sha384-hmac algorithm to test file for Intel(R) QuickAssist
Technology Driver.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00
Deepak Kumar Jain
d905ee32d0 crypto/qat: add aes-sha384-hmac capability
Enable support of aes-sha384-hmac in Intel(R) QuickAssist driver.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-10-04 20:41:09 +02:00