This patch add PDCP security short MAC-I support for
dpaa_sec driver.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
To support short MAC-I, integrity only case is required
to be supported for PDCP.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
This patch add support to also counter err pkt counter per queue.
This also enhances few related debug prints.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch improve storage and performance by force inline
of the keys.
Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The space in descriptor buffer is scarce as it is limited to
64 words for platforms except ERA10 (which has 128).
As the descriptors are processed with QI, it adds some words
to the descriptor which is passed.
Some descriptors used for SDAP were using too much words reaching
the limit.
This patch reduces the number of words used by removing the inlining
of some keys (done for performance) in order to have working
descriptors.
Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch adds support for AES_CMAC integrity
in non-security mode.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
add DES-CBC support and enable available cipher-only
test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The rte_cryptodev_pmd.* files are for drivers only and should be
private to DPDK, and not installed for app use.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Update min tailroom to reflect IPsec additions.
PMD crypto_cn9k & crypto_cn10k would have packet
grow into tailroom post IPsec processing.
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
When given a source length 0 for CCM, the encryption and decryption
functions did not call the EVP_ENCRYPTUPDATE/EVP_DECRYPTUPDATE functions
with a src and dst, causing some FIPS validation failures for testcases
with PLen=0:
process_openssl_auth_encryption_ccm() line 1131:
Process openssl auth encryption ccm failed
Fixes: 1a4998dc4d94 ("crypto/openssl: support AES-CCM")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Submit two instructions with one LMTST operation.
Also updated dequeue path to have local var for constants.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Swap is not required for ZUC. Update IV updation
sequence to remove the redundant swap in case of ZUC.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The opcode for encryption & decryption is the
same and single routine would be able to handle
both encryption and decryption operations.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch adds support for the timestamp format settings for
the receive and send queues. If the firmware version x.30.1000
or above is installed and the NIC timestamps are configured
with the real-time format, the default zero values for newly
added fields cause the queue creation to fail.
The patch queries the timestamp formats supported by the hardware
and sets the configuration values in queue context accordingly.
Fixes: 6152534e211e ("crypto/mlx5: support queue pairs operations")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Use otx2_mbox_memcpy() instead of memcpy() to prevent unaligned access.
Fixes: a0645ed0d6ef ("crypto/octeontx2: discover capabilities")
Cc: stable@dpdk.org
Signed-off-by: Danny Patel <dannyp@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
IPsec verify functions can be made common which can
be used for both cn9k and cn10k
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Start a new release cycle with empty release notes.
The ABI version becomes 22.0.
The map files are updated to the new ABI major number (22).
The ABI exceptions are dropped and CI ABI checks are disabled because
compatibility is not preserved.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: David Marchand <david.marchand@redhat.com>
In crypto driver probing, there are two validations after context
allocation.
When one of them fails, the context structure was not freed what caused
a memory leak.
Free it.
Fixes: debb27ea3442 ("crypto/mlx5: create login object using DevX")
Fixes: e8db4413cba5 ("crypto/mlx5: add keytag configuration")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Fix return code when asymmetric crypto
or compression service is selected on GEN4 devices.
Fixes: 8f393c4ffdc1 ("common/qat: support GEN4 devices")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When the PMD is removed, rte_cryptodev_pmd_release_device
is called which frees cryptodev->data, and then tries to free
cryptodev->data->dev_private, which causes the heap use
after free issue.
A temporary pointer is set before the free of cryptodev->data,
which can then be used afterwards to free dev_private.
Fixes: bfe2ae495ee2 ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Reported-by: Zhihong Peng <zhihongx.peng@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
This patch fixes the raw data path dequeue burst fail problem.
Previously in case the queue is full and not all packets
asked to be dequeued are processed, the dequeue burst will
never happen.
Fixes: c21574edc52a ("cryptodev: add dequeue count parameter in raw API")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Fix possible access of an array by negative index in function
qat_sym_qp_setup.
Coverity issue: 372131, 372134
Fixes: 8f393c4ffdc1 ("common/qat: support GEN4 devices")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Adding changes to asymmetric ECDSA messages to align with
the new ucode for cnxk device.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Enabled build of Octeontx crypto PMD on non linux OS.
Other Octeontx PMDs are enabled already.
This is to avoid ABI test failure on an OS once we add dependency
between a driver which is built to another which is not.
Fixes: 8dc6c2f12ecf ("crypto/octeontx: add crypto adapter framework")
Reported-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch provides the support for IPsec protocol
offload to the hardware.
Following security operations are added:
- session_create
- session_destroy
- capabilities_get
Signed-off-by: Michael Shamis <michaelsh@marvell.com>
Reviewed-by: Liron Himi <lironh@marvell.com>
Tested-by: Liron Himi <lironh@marvell.com>
The crypto operations are done with the WQE set which contains
one UMR WQE and one rdma write WQE. Most segments of the WQE
set are initialized properly during queue setup, only limited
segments are initialized according to the crypto detail in the
datapath process.
This commit adds the enqueue and dequeue operations and updates
the WQE set segments accordingly.
Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Currently, HW handles the WQEs much faster than the software,
Using the constant WQE set layout can initialize most of the WQE
segments in advanced, and software only needs to configure very
limited segments in datapath. This accelerates the software WQE
organize in datapath.
This commit initializes the fixed WQE set segments.
Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The mlx5 HW crypto operations are done by attaching crypto property
to a memory region. Once done, every access to the memory via the
crypto-enabled memory region will result with in-line encryption or
decryption of the data.
As a result, the design choice is to provide two types of WQEs. One
is UMR WQE which sets the crypto property and the other is rdma write
WQE which sends DMA command to copy data from local MR to remote MR.
The size of the WQEs will be defined by a new devarg called
max_segs_num.
This devarg also defines the maximum segments in mbuf chain that will be
supported for crypto operations.
Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
