Commit Graph

33384 Commits

Author SHA1 Message Date
Fan Zhang
9f5f141627 maintainers: update for crypto and compressdev
Update maintainer and email address.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
2022-09-28 14:19:54 +02:00
Stephen Hemminger
f3cd6803ac maintainers: update for Arm v7
Going over list of active DPDK developers and MAINTAINERS
and noticed that Jan's email was not active.

His response was:
"
The viktorin@rehivetech.com is no longer under my control.
As there is already another maintainer (Ruifeng Wang),
I would prefer and suggest to remove my address
from the maintainers entirely.
"

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2022-09-28 13:24:41 +02:00
Andrew Boyer
19d5f52240 eal/linux: restore some header includes for HPET
These are necessary to build when HPET is enabled.

Fixes: 2ff3976e67 ("eal: remove unneeded header includes")
Cc: stable@dpdk.org

Signed-off-by: Andrew Boyer <andrew.boyer@amd.com>
Acked-by: Ferruh Yigit <ferruh.yigit@amd.com>
2022-09-28 13:18:29 +02:00
Vamsi Attunuru
ff8ef86c7e test/security: add inline IPsec SA hard expiry cases
Patch adds hard expiry unit tests for both packet
and byte limits.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 20:31:16 +02:00
Vamsi Attunuru
34e8a9d9b4 test/security: add inline IPsec SA soft expiry cases
Patch adds unit tests for packet & byte soft expiry events.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 20:31:16 +02:00
Vamsi Attunuru
d1ce79d14b ethdev: add IPsec SA expiry event subtypes
Patch adds new event subtypes for notifying expiry
events upon reaching IPsec SA soft packet expiry and
hard packet/byte expiry limits.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2022-09-27 20:31:16 +02:00
Anoob Joseph
d34a0ad3fa test/crypto: ensure structs are updated in unison
The structs are directly indexed for generating standard vectors. Add
asserts to make sure structs are not updated in isolation.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 18:20:35 +02:00
Kai Ji
0100b0f3f1 crypto/openssl: fix HMAC output length
This patch sets the max length of dst in OpenSSL 3.0 lib EVP MAC final
routine to ensure enough space for the result.

Fixes: 75adf1eae4 ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Cc: stable@dpdk.org

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-09-27 18:20:35 +02:00
Volodymyr Fialko
6c55e2c3e6 cryptodev: fix missing SHA3 algorithm strings
SHA3 family algorithms were missing in the array of algorithm strings.

Fixes: 1df800f895 ("crypto/ccp: support SHA3 family")
Cc: stable@dpdk.org

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 18:20:35 +02:00
Nithin Dabilpuram
58e2cf4cf7 examples/ipsec-secgw: update ether type using tunnel info
Update ether type for outbound SA processing based on tunnel header
information in both NEON functions for poll mode and event mode worker
functions.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 18:20:35 +02:00
Nithin Dabilpuram
c215f6cdf9 test/security: update L2 header based on tunnel IP version
Update L2 header based on tunnel IP version in the application
as driver/HW is not expected to update L2 ether type post
Outbound Inline protocol offload processing.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 18:20:35 +02:00
Nithin Dabilpuram
be7e9c5fb0 net/cnxk: remove L2 header update for outbound inline
Remove L2 header update for outbound inline packets as
application is already taking care of the same.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
2022-09-27 18:20:35 +02:00
Nithin Dabilpuram
dcee1520f3 security: clarify L2 header requirement for inline IPsec
Clarify that for Outbound Inline IPsec processing, L2 header
needs to be up to date with ether type which will be applicable
post IPsec processing as the IPsec offload only touches L3 and above.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:46 +02:00
Nithin Dabilpuram
338eb15178 mbuf: clarify meta data needed for inline IPsec
Clarify mbuf meta data needed for Outbound Inline IPsec processing.
Application needs to provide mbuf.l3_len and L3 type in
mbuf.ol_flags so that like tunnel mode using mbuf.l2_len, transport mode
can make use of l3_len and l3_type to determine perform
proper transport mode IPsec processing.

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Volodymyr Fialko
87d396163c crypto/cnxk: support DOCSIS
Add support for offloading RTE_CRYPTO_CIPHER_AES_DOCSISBPI and
RTE_CRYPTO_CIPHER_DES_DOCSISBPI algorithms to symmetric crypto session.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Vamsi Attunuru
f57e36acb2 crypto/cnxk: update flow label copy capability
Update flow label copy capability in IPsec options.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Shijith Thotton
bfce22f1f9 crypto/cnxk: change adapter datapath error log to debug
Errors in crypto adapter datapath can be handled gracefully. So the
error print can be moved under debug.

Signed-off-by: Shijith Thotton <sthotton@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
1ceb66a1e4 crypto/cnxk: remove unused context buffer length
'struct roc_se_buf_ptr ctx_buf' has fields for a pointer and len.
The field for len was unused.
It is removed and the required pointer is added in the parent struct.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
82ab591504 crypto/cnxk: use dedicated functions based on operation
Identify the datapath thread to be used during session create. This can
be used to call right function early on to avoid multiple session
specific checks in datapath functions.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Tejasree Kondoj
2c049fb12d crypto/cnxk: enable IE engine for Chacha-Poly
Change engine group of Chacha20-Poly1305 as it is
supported on IE engines also.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
256d24011e crypto/cnxk: remove auth IV from Kasumi cipher
Auth IV is not applicable for kasumi cipher operation.
Removed the same.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
5cbc879b81 crypto/cnxk: avoid accessing SE context in GCM path
Field op_minor is required only for digest encrypted cases
with chained ops, hence removed from AES-GCM path.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
741e81c29e crypto/cnxk: remove extra digest length check
When the flag ROC_SE_VALID_MAC_BUF is set, digest length will be
non-zero. Remove extra check in datapath.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
7a59ccc1b5 crypto/cnxk: remove extra indirection for FC and Kasumi
Fill FC params routine now caters to only KASUMI & FC_GEN.
Call appropriate functions directly.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Tejasree Kondoj
ccf84704fd crypto/cnxk: fix endianness in anti-replay
Fixed anti-replay endianness issue in lookaside IPsec.

Fixes: c1eac1b966 ("crypto/cnxk: add anti-replay as per new firmware")
Cc: stable@dpdk.org

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
464fe5121b crypto/cnxk: remove MAC length check for AEAD
For both AES-GCM and ChaChaPoly, digest size must be non-zero.
So remove the conditional handling in the datapath.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
d94414d162 crypto/cnxk: separate out PDCP cipher datapath
Add separate datapath for PDCP opcode performing cipher operation.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
d3bff77cc3 crypto/cnxk: separate out PDCP chain datapath
Add separate datapath for PDCP chain opcode.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
7674b967dd crypto/cnxk: limit meta buf cache to 128
Limit meta buf pool cache size as 128. Having 512 as
the cache size would cause more time for refill.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Anoob Joseph
effdcd4853 crypto/cnxk: remove IV clearing
Zeroising AES-CMAC IV would be done in microcode.
Clearing in DPDK is not redundant.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Volodymyr Fialko
661aeb251c crypto/cnxk: add burst enqueue for event mode
Added support for burst enqueue for cn10k event crypto adapter.
Instructions will be grouped based on the queue pair and sent in a burst.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Archana Muniganti
246dea7e6e crypto/cnxk: support AES-CCM
Added lookaside IPsec AES-CCM support in CN9K & CN10K PMDs.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:18:45 +02:00
Amit Prakash Shukla
dae3a7affc examples/ipsec-secgw: fix build with GCC 12
Typecasting uint32_t array to uint16_t and accessing it as max array
size(at time of declaration of uint32_t array) causes gcc-12 to
throw an error.

GCC 12 raises the following warning:

In function 'send_multi_pkts',
    inlined from 'route6_pkts_neon' at
../examples/ipsec-secgw/ipsec_lpm_neon.h:170:2,
    inlined from 'ipsec_poll_mode_wrkr_inl_pr' at
../examples/ipsec-secgw/ipsec_worker.c:1257:4:
../examples/ipsec-secgw/ipsec_neon.h:261:21: error: 'dst_port' may be used
uninitialized [-Werror=maybe-uninitialized]
  261 |                 dlp = dst_port[i - 1];
      |                 ~~~~^~~~~~~~~~~~~~~~~
In file included from ../examples/ipsec-secgw/ipsec_worker.c:16:
../examples/ipsec-secgw/ipsec_worker.c: In function
'ipsec_poll_mode_wrkr_inl_pr':
../examples/ipsec-secgw/ipsec_lpm_neon.h:118:17:
	note: 'dst_port' declared here
  118 |         int32_t dst_port[MAX_PKT_BURST];
      |                 ^~~~~~~~

Fixes: 6eb3ba0399 ("examples/ipsec-secgw: support poll mode NEON LPM lookup")
Fixes: dcbf9ad5fd ("examples/ipsec-secgw: move fast path helper functions")
Cc: stable@dpdk.org

Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Amit Prakash Shukla
04361fe2ac crypto/qat: fix build with GCC 12
GCC 12 raises the following warning:

In function '_mm_storeu_si128',
    inlined from 'rte_mov16' at
	../lib/eal/x86/include/rte_memcpy.h:508:2,
    inlined from 'rte_mov128' at
	../lib/eal/x86/include/rte_memcpy.h:542:2,
    inlined from 'rte_memcpy_generic' at
	../lib/eal/x86/include/rte_memcpy.h:732:4,
    inlined from 'rte_memcpy' at
	../lib/eal/x86/include/rte_memcpy.h:882:10,
    inlined from 'qat_sym_do_precomputes.constprop' at
	../drivers/crypto/qat/qat_sym_session.c:1434:2:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:739:8: error:
	array subscript 8 is outside array bounds of 'unsigned char[128]'
	[-Werror=array-bounds]
  739 |   *__P = __B;
      |   ~~~~~^~~~~

../drivers/crypto/qat/qat_sym_session.c:
	In function 'qat_sym_do_precomputes.constprop':
../drivers/crypto/qat/qat_sym_session.c:1305:17: note:
	at offset 192 into object 'opad.750' of size 128
 1305 | uint8_t
	  opad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
      |           ^~~~

../drivers/crypto/qat/qat_sym_session.c:
	In function 'qat_sym_do_precomputes.constprop':
../drivers/crypto/qat/qat_sym_session.c:1304:17: note:
	at offset 128 into object 'ipad.749' of size 128
 1304 | uint8_t
	  ipad[qat_hash_get_block_size(ICP_QAT_HW_AUTH_ALGO_DELIMITER)];
      |           ^~~~

Added a check to prevent compiler warnings.

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
Cc: stable@dpdk.org

Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-09-27 17:16:52 +02:00
Amit Prakash Shukla
2be383423e ipsec: fix build with GCC 12
GCC 12 raises the following warning:

In function '_mm_loadu_si128',
    inlined from 'rte_mov16' at
	../lib/eal/x86/include/rte_memcpy.h:507:9,
    inlined from 'rte_mov128' at
	../lib/eal/x86/include/rte_memcpy.h:549:2,
    inlined from 'rte_memcpy_generic' at
	../lib/eal/x86/include/rte_memcpy.h:732:4,
    inlined from 'rte_memcpy' at
	../lib/eal/x86/include/rte_memcpy.h:882:10,
    inlined from 'outb_tun_pkt_prepare' at
	../lib/ipsec/esp_outb.c:224:2:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:703:10: error:
	array subscript '__m128i_u[15]' is partly outside array bounds of
	'const uint8_t[255]' {aka 'const unsigned char[255]'}
	[-Werror=array-bounds]
  703 |   return *__P;
      |          ^~~~
In file included from ../lib/ipsec/esp_outb.c:17:
../lib/ipsec/pad.h: In function 'outb_tun_pkt_prepare':
../lib/ipsec/pad.h:10:22: note: at offset 240 into object 'esp_pad_bytes'
	of size 255
   10 | static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {
      |                      ^~~~~~~~~~~~~

This patch restrict copy to minimum size.

Bugzilla ID: 1060
Fixes: 6015e6a133 ("ipsec: move inbound and outbound code")
Cc: stable@dpdk.org

Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>
2022-09-27 17:16:52 +02:00
Amit Prakash Shukla
250cbb8d5d test/ipsec: fix build with GCC 12
GCC-12 raises following warning:

In function '_mm_loadu_si128',
    inlined from 'rte_mov16' at
	../lib/eal/x86/include/rte_memcpy.h:507:9,
    inlined from 'rte_mov128' at
	../lib/eal/x86/include/rte_memcpy.h:549:2,
    inlined from 'rte_memcpy_generic' at
	../lib/eal/x86/include/rte_memcpy.h:732:4,
    inlined from 'rte_memcpy' at
	../lib/eal/x86/include/rte_memcpy.h:882:10,
    inlined from 'setup_test_string_tunneled' at
	../app/test/test_ipsec.c:617:3:
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/include/emmintrin.h:703:10: error:
    array subscript '__m128i_u[15]' is partly outside array bounds of
    'const uint8_t[255]' {aka 'const unsigned char[255]'}
    [-Werror=array-bounds]
  703 |   return *__P;
      |          ^~~~
../app/test/test_ipsec.c: In function 'setup_test_string_tunneled':
../app/test/test_ipsec.c:491:22: note: at offset 240 into object
     'esp_pad_bytes' of size 255
  491 | static const uint8_t esp_pad_bytes[IPSEC_MAX_PAD_SIZE] = {

This patch restrict the copy to minimum size.

Fixes: 05fe65eb66 ("test/ipsec: introduce functional test")
Cc: stable@dpdk.org

Signed-off-by: Amit Prakash Shukla <amitprakashs@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Arek Kusztal
66c0ad1f3d common/qat: fix VF to PF answer
This commit fixes answer sent to physical device in
vf2pf communication.

Fixes: b17d16fb47 ("common/qat: add PF to VF communication")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-09-27 17:16:52 +02:00
Archana Muniganti
d314299950 test/crypto: add AES-CCM vectors
Added ESP tunnel mode known vectors for AES-CCM along with
combined mode support.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Sunyang Wu
1c6b77de0a test/crypto: fix debug messages
When the queue_ops_rsa_enc_dec function is called, the plaintext will
be printed twice instead of both plaintext and ciphertext. When the
create_aead_operation function is called, the contents of iv and aad
will be printed incorrectly. This patch fixes the issues above.

Fixes: 77a217a19b ("test/crypto: add AES-CCM tests")
Fixes: 5ae36995f1 ("test/crypto: move RSA enqueue/dequeue into functions")
Cc: stable@dpdk.org

Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
Reviewed-by: Joey Xing <joey.xing@jaguarmicro.com>
Reviewed-by: Qingmin Liu <qingmin.liu@jaguarmicro.com>
Reviewed-by: Lei Cai <lei.cai@jaguarmicro.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Nithin Dabilpuram
79c322caa1 examples/ipsec-secgw: fix IP header manipulation
Fix issue with IP header pointer computation to pick the right offset.

Fixes: 6eb3ba0399 ("examples/ipsec-secgw: support poll mode NEON LPM lookup")
Cc: stable@dpdk.org

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Nithin Dabilpuram
4edcee19fc examples/ipsec-secgw: use Tx checksum offload conditionally
Use Tx checksum offload only when all the ports have it enabled as
the qconf for a particular lcore stores ipv4_offloads for all the
Tx ports and each lcore can Tx to any port.

Fixes: 03128be4cd ("examples/ipsec-secgw: allow disabling some Rx/Tx offloads")
Cc: stable@dpdk.org

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Satheesh Paul
e3b8852693 examples/ipsec-secgw: fix flow pattern buffer overrun
This patch fixes the patterns buffer overrun issue reported
by Coverity.

Coverity issue: 379236
Fixes: b3a4baf87f ("examples/ipsec-secgw: support more flow patterns and actions")
Cc: stable@dpdk.org

Signed-off-by: Satheesh Paul <psatheesh@marvell.com>
Reviewed-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00
Anoob Joseph
e7bd697718 app/crypto-perf: remove unchecked function return
Remove redundant function return value. The function is used in datapath
and the return value is not checked in any of the existing callers.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-09-27 17:16:52 +02:00
Jeremy Spewock
37edccf8f7 test/ipsec: skip if no compatible device
ipsec_autotest is now skipped if no compatible crypto devices are found.

Fixes issue where if at least one crypto device was found but no
compatible crypto devices for the ipsec_autotest test case are present,
the case would fail with no error message. Now, when this situation is
encountered, the test case will be skipped with an explanation.

Fixes: 59d7353b0d ("test/ipsec: fix test suite setup")
Cc: stable@dpdk.org

Signed-off-by: Jeremy Spewock <jspewock@iol.unh.edu>
Signed-off-by: Owen Hilyard <ohilyard@iol.unh.edu>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
2022-09-27 17:16:52 +02:00
Kai Ji
52d59b92b0 crypto/qat: enable OpenSSL legacy provider in session
Some cryptographic algorithms such as MD5 and DES are now considered legacy
and not enabled by default in OpenSSL 3.0. Load up legacy provider as MD5
DES are needed in QAT session pre-computes and secure session creation.

Fixes: 3227bc7138 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Cc: stable@dpdk.org

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-09-27 17:16:52 +02:00
Ashwin Sekhar T K
2b9c693f6e crypto/openssl: support AES-CMAC operations
Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>
2022-09-27 17:16:52 +02:00
Ruifeng Wang
0899a87ce7 crypto/ipsec_mb: enable IPsec on Arm platform
Arm port of ipsec_mb library [1] has different header file name than
the Intel ipsec_mb library. Proper header name is picked according to
the architecture to get the code compile when ipsec_mb is installed on
Arm platform.

And the Arm port currently supports ZUC and SNOW3g. Call to other
algorithms will be blocked.

[1] https://gitlab.arm.com/arm-reference-solutions/ipsec-mb/-/tree/main

Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Ashwin Sekhar T K <asekhar@marvell.com>
2022-09-27 17:16:52 +02:00
Ruifeng Wang
4232326bd6 crypto/ipsec_mb: remove redundant includes
The intel-ipsec-mb header is included by ipsec_mb_private header file.
Hence removed intel-ipsec-mb from files that have ipsec_mb_private
included.

Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
2022-09-27 17:16:52 +02:00
Ashwin Sekhar T K
7ecd638528 crypto/ipsec_mb: enable support for arm64
Enable support for arm64 architecture in ipsec_mb. x86
specific code is conditionally compiled only for x86
architecture builds. Other architectures will be unsupported.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-09-27 17:16:52 +02:00
Kai Ji
6705190edf common/qat: fix build with OpenSSL 1.1
This patch add in libcrypto version check before enable libipsec-mb for
QAT. The intel-ipsec-mb lib for partial hash and AES calculation should
only be enabled when both OpensSSL 3.0 and IPSec_MB 1.2.0 are installed
on the system.

Fixes: 3227bc7138 ("crypto/qat: use intel-ipsec-mb for partial hash and AES")
Cc: stable@dpdk.org

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-09-27 17:16:52 +02:00