Commit Graph

32631 Commits

Author SHA1 Message Date
Arek Kusztal
5fa1fb299f cryptodev: separate key exchange operation enum
- Separated key exchange enum from asym op type.
Key exchange and asymmetric crypto operations like signatures,
encryption/decryption should not share same operation enum as
its use cases are unrelated and mutually exclusive.
Therefore op_type was separate into:
1) operation type
2) key exchange operation type

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 18:56:23 +02:00
Arek Kusztal
6b742fb856 cryptodev: redefine elliptic curve group enum
- EC enum was renamed to rte_crypto_curve_id.
Elliptic curve enum name was incorrectly associated
with a group (it comes from the current tls registry name).
- Clarified comments about TLS deprecation.
Some curves included are deprecated with TLS 1.3.
Comments to address it were added.
- Clarified FFDH groups usage.
Elliptic curves IDs in TLS are placed in the same registry
as FFDH. Cryptodev does not assign specific groups, and
if specific groups would be assigned by DPDK, it cannot be
TLS SupportedGroups registry, as it would conflict with
other protocols like IPSec.
- Added IANA reference.
Only few selected curves are included in previously
referenced rfc8422. IANA reference is added instead.
- Removed UNKNOWN ec group.
There is no default value, and there is no UNKNOWN
elliptic curve.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 18:53:31 +02:00
Tejasree Kondoj
9f3677d6ab app/crypto-perf: allow auth generate followed by encryption
Allowing auth generation followed by encryption mode.
--optype auth-then-cipher can take cipher-op as encrypt
and auth-op as generate now.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:36 +02:00
Hernan Vargas
ead7d1911d baseband/fpga_5gnr_fec: remove filler from HARQ
Removed filler bits from HARQ calculation on the N3000 FPGA since these
are already taken out by the deratematching step.
The change is only an optimization with no functional impact, no change
required on stable branches.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
2022-06-01 16:26:36 +02:00
Hernan Vargas
984b7306fe baseband/fpga_5gnr_fec: validate LDPC enc/dec
Enable functions to validate LDPC encoder and decoder parameters

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
2022-06-01 16:26:36 +02:00
Hernan Vargas
220c470843 baseband/fpga_5gnr_fec: check HARQ input length
Add new case DESC_ERR_HARQ_INPUT_LEN to check for valid HARQ input
length.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
2022-06-01 16:26:36 +02:00
Hernan Vargas
b3d326e438 baseband/fpga_5gnr_fec: add FPGA mutex
Explicit FPGA mutex added when using the register interface for HARQ
memory preloading to prevent multiple threads from using the same
interface in parallel.
This featured is implemented through MMIO exposed per VF and common to
all queues.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
2022-06-01 16:26:35 +02:00
Hernan Vargas
98c90628c8 baseband/fpga_5gnr_fec: remove FLR timeout
FLR timeout register is not used in 5GNR FPGA.

Signed-off-by: Hernan Vargas <hernan.vargas@intel.com>
Reviewed-by: Nicolas Chautru <nicolas.chautru@intel.com>
2022-06-01 16:26:35 +02:00
Gagandeep Singh
d05828ac58 doc: add missing auth algo for IPsec example
Adding the missing SHA256-HMAC authentication algorithm
in ipsec-secgw guide.

Fixes: b5350285ce ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:35 +02:00
Gagandeep Singh
0b61dae807 test/crypto: add short MAC-I test vector for ZUC
Add a ZUC based short MAC-I test vector.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:35 +02:00
Gagandeep Singh
6789605949 test/crypto: support raw buffer API for PDCP
This patch supports raw buffer APIs testing for
PDCP test cases.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:35 +02:00
Gagandeep Singh
97ed177930 test/crypto: fix driver name for DPAA raw API test
PMD name for DPAA raw buffer crypto driver test cases is
updated with correct name.

Fixes: cd8166c28c ("test/crypto: add raw API test for dpaax")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:35 +02:00
Gagandeep Singh
76fbba2856 examples/l2fwd-crypto: add signal handler for exit
Handle SIGINT and SIGTERM signals.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:35 +02:00
Gagandeep Singh
923b5f2765 examples/ipsec-secgw: support XCBC-MAC/DES-CBC
ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:35 +02:00
Gowrishankar Muthukrishnan
0a2a3c01bc doc: add notes for ACVP FIPS validation support
Add notes on list of algorithms supported for ACVP FIPS validation.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Gowrishankar Muthukrishnan
8b8546aaed examples/fips_validation: add parsing for AES-CBC
Added function to parse algorithm for AES_CBC test.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
07da56a68d examples/fips_validation: add parsing for CMAC
Added function to parse algorithm for CMAC test.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
d3b50557f9 examples/fips_validation: implement JSON CMAC test
Implemented JSON support for the CMAC test.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
443c93d804 examples/fips_validation: add JSON for HMAC
Added JSON support for the HMAC algorithm.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
b09aac2d6e examples/fips_validation: add JSON to GCM test
Added JSON-specific testing and writeback functions which allows
the user to test AES-GCM vector sets.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
89be27e3ff examples/fips_validation: allow JSON file as input
Added the ability to use the JSON format as the input
and output of the example application.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
58cc98801e examples/fips_validation: add JSON parsing
Added functions to parse the required information from a vector set
given in the new JSON format.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
f556293fd5 examples/fips_validation: add JSON info to header
Added JSON-specific functions and other information needed to
test the new FIPS test vectors.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Brandon Lo
1230526d13 examples/fips_validation: add jansson dependency
Added a check for RTE_HAS_JANSSON into the meson
configuration file for JSON support.

Signed-off-by: Brandon Lo <blo@iol.unh.edu>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Tested-by: Jakub Poczatek <jakub.poczatek@intel.com>
2022-06-01 16:26:35 +02:00
Arek Kusztal
b558a67c32 crypto/qat: add secp384r1 curve
This commit adds secp384r1 (P-384) elliptic
curve to Intel QuickAssist Technology crypto PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-06-01 16:26:35 +02:00
Arek Kusztal
fde2e2f1b9 crypto/qat: refactor asym algorithm macros and logs
This commit unifies macros for asymmetric parameters,
therefore making code easier to maintain.
It additionally changes some of PMD output logs that
right now can only be seen in debug mode.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-06-01 16:26:35 +02:00
Arek Kusztal
efb1a06bb3 crypto/qat: enable asymmetric crypto on GEN4 device
This commit enables asymmetric crypto in generation four
devices (4xxx).

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
2022-06-01 16:26:35 +02:00
Kai Ji
8ea8e9eeb7 crypto/qat: fix offset and length assignment
This patch fix the cipher & auth offset and length values when convert
mbuf to vector chain for QAT build op.

Fixes: a815a04cea ("crypto/qat: support symmetric build op request")
Cc: stable@dpdk.org

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
2022-06-01 16:26:35 +02:00
Heinrich Schuchardt
7360749f16 drivers/crypto: fix warnings for OpenSSL version
The API of the OpenSSL library has changed with version 3.0. This results
in a lot of compiler warnings like

    ../dpdk/drivers/crypto/ccp/ccp_crypto.c:182:9:
    warning: ‘SHA256_Transform’ is deprecated:
    Since OpenSSL 3.0 [-Wdeprecated-declarations]

As many Linux distributions still use elder OpenSSL libraries we cannot
change the used API now. Instead define OPENSSL_API_COMPAT to indicate
that we are using the OpenSSL 1.1.0 API.

OPENSSL_API_COMPAT is introduced in *.c files and not in *.h files as some
*.c files directly include OpenSSL headers.

Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Tested-by: Daxue Gao <daxuex.gao@intel.com>
Tested-by: David Marchand <david.marchand@redhat.com>
Acked-by: Kai Ji <kai.ji@intel.com>
2022-06-01 16:26:35 +02:00
Ciara Power
4b45567f35 crypto/ipsec_mb: support ChaChaPoly SGL to aesni_mb
Add SGL support for chacha20_poly1305 algorithm through JOB API.

Supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.

Feature flags not added, as the PMD does not support SGL for all
other algorithms.

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2022-06-01 16:26:35 +02:00
Ciara Power
1c68744454 crypto/ipsec_mb: support GCM SGL to aesni_mb
Add SGL support for GCM algorithm through JOB API.

This change supports IN-PLACE SGL, OOP SGL IN and LB OUT,
and OOP SGL IN and SGL OUT.

Feature flags are not added, as the PMD does not yet support SGL for
all other algorithms.
If an SGL op for an unsupported algorithm is being processed,
a NULL job is submitted instead.

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2022-06-01 16:26:35 +02:00
Vamsi Attunuru
91d1d05235 test/security: add inline IPsec IPv6 flow label cases
Patch adds unit tests for IPv6 flow label set & copy
operations.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
fd33d9ee72 test/security: add ESN and anti-replay for inline IPsec
Added cases to test anti replay for inline IPsec processing
with and without extended sequence number support.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
eb3e17ecf0 test/security: add more inline IPsec functional cases
Added more inline IPsec functional verification cases.
These cases do not have known vectors but are verified
using encap + decap test for all the algo combinations.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
a310577766 test/security: add inline IPsec reassembly cases
Added unit test cases for IP reassembly of inline IPsec
inbound scenarios.
In these cases, known test vectors of fragments are first
processed for inline outbound processing and then received
back on loopback interface for inbound processing along with
IP reassembly of the corresponding decrypted packets.
The resultant plain text reassembled packet is compared with
original unfragmented packet.

In this patch, cases are added for 2/4/5 fragments for both
IPv4 and IPv6 packets. A few negative test cases are also added
like incomplete fragments, out of place fragments, duplicate
fragments.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
78dc764e54 test/security: add combined mode inline IPsec cases
Added combined encap and decap test cases for various algorithm
combinations

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
1c015dde95 test/security: add inline inbound IPsec cases
Added test cases for inline Inbound protocol offload
verification with known test vectors from Lookaside mode.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
86e2487c5f test/security: add cases for inline IPsec offload
A new test suite is added in test app to test inline IPsec protocol
offload. In this patch, predefined vectors from Lookaside IPsec test
are used to verify the IPsec functionality without the need of
external traffic generators. The sent packet is loopbacked onto the same
interface which is received and matched with the expected output.
The test suite can be updated further with other functional test cases.
In this patch encap only cases are added.
The testsuite can be run using:
RTE> inline_ipsec_autotest

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
8f5b549502 app/eventdev: support asym ops for crypto adapter
Test eventdev app is updated to add new option for asymmetric
crypto ops for event crypto adapter.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
647a788dbf test/event: add asymmetric cases for crypto adapter
Test app is updated to add cases for asymmetric crypto
sessions for event crypto adapter.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
b8c8a6ddc6 eventdev: use new API to get event crypto metadata
For getting event crypto metadata from crypto_op,
the new API rte_cryptodev_get_session_event_mdata is used
instead of getting userdata inside PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
4c43055c0f test/event: use new API to set event crypto metadata
Used the new API rte_cryptodev_set_session_event_mdata to set
event crypto metadata from the applications (app/test and
app/test-eventdev) instead of using session userdata.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Akhil Goyal
a974f7cb6b crypto/octeontx: use new API for event metadata
For getting event crypto metadata from crypto_op,
the new API rte_cryptodev_get_session_event_mdata can be used
directly instead of getting userdata inside PMD.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Volodymyr Fialko
97ebfda829 crypto/cnxk: add event metadata set operation
Added cryptodev operation for setting event crypto
metadata for all supported sessions - sym/asym/security.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Volodymyr Fialko
a7ddfa9c27 cryptodev: add API to get/set event metadata
Currently, crypto session userdata is used to set event crypto
metadata from the application and the driver is dereferencing it
in driver which is not correct. User data is meant to be opaque
to the driver.
To support this, new API is added to get and set event crypto
metadata. The new API, rte_cryptodev_set_session_event_mdata,
allows setting event metadata in session private data which is
filled inside PMD using a new cryptodev op. This operation
can be performed on any of the PMD supported sessions
(sym/asym/security).
For SW abstraction of event crypto adapter to be used by
eventdev library, a new field is added in asymmetric crypto
session for now and for symmetric case, current implementation
of using userdata is used. Symmetric cases cannot be fixed now,
as it will be ABI breakage which will be resolved in DPDK 22.11.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Abhinandan Gujjar <abhinandan.gujjar@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Ciara Power
e6d37ffa69 test/crypto: fix null check for ZUC authentication
Check if the returned op is NULL because of failure,
before using it and causing a segmentation fault.

Fixes: 4c99481f49 ("app/test: add ZUC")
Cc: stable@dpdk.org

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2022-06-01 16:26:34 +02:00
Vamsi Attunuru
4ec5008860 crypto/cnxk: enable 3DES-CBC secure capability
Patch enables 3DES-CBC secure capability of crypto device.

Signed-off-by: Vamsi Attunuru <vattunuru@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2022-06-01 16:26:34 +02:00
Raja Zidane
f12c41bf40 crypto/mlx5: support plain text keys
Using crypto devs requires the user to log in and the supplied DEK to be
encrypted with a KEK (keys encryption key).
KEK is burned once on the nic, along with credentials for users,
and for a user to log in, he is needed to supply his creds wrapped with
the KEK.
A device comes out of the Mellanox factory with a pre-defined import
method for each algorithm. The defined method could be wrapped
mode, so the device can be used as described above, or
plaintext mode, without the need to log in and wrap supplied DEKs.

Support crypto operations with the plaintext import method.

Signed-off-by: Raja Zidane <rzidane@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
2022-06-01 16:26:34 +02:00
Nithin Dabilpuram
23d3a468c4 examples/ipsec-secgw: fix promiscuous mode option
Currently default value of promiscuous mode flag is true and
even there is command line argument to set it to true.
So it never is in non-promiscuous mode. Fix it by
changing default value to false.

Fixes: d299106e8e ("examples/ipsec-secgw: add IPsec sample application")
Cc: stable@dpdk.org

Signed-off-by: Nithin Dabilpuram <ndabilpuram@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:34 +02:00
Volodymyr Fialko
a8ade12123 examples/ipsec-secgw: create lookaside sessions at init
In event lookaside mode same session could be handled with multiple
cores, and session creation in datapath will cause situation where
multiple cores will try to create same session simultaneously.
To avoid such case and enable event lookaside mode in future, lookaside
sessions are now created at initialization in sa_add_rules().

All sessions(inline and lookaside) now created during init process, so
session pool information was removed from ipsec context. Core id was
added to obtain correct crypto device queue pair for the current core.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2022-06-01 16:26:34 +02:00