NIST SP800-38A recommends two methods to generate unpredictable IVs
(Initilisation Vector) for CBC mode:
1) Apply the forward function to a nonce (ie. counter)
2) Use a FIPS-approved random number generator
This patch implements the first recommended method by using the forward
function to generate the IV.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch contains unit tests for libcrypto PMD. User can
use app/test application to check how to use this pmd and to
verify crypto processing.
Test name is cryptodev_libcrypto_autotest.
For performance test cryptodev_libcrypto_perftest can be used.
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Marcin Kerlin <marcinx.kerlin@intel.com>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch rework AES tests .
In general - rename AES-named functions to blockcipher functions pattern.
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This code provides the initial implementation of the libcrypto
poll mode driver. All cryptography operations are using Openssl
library crypto API. Each algorithm uses EVP_ interface from
openssl API - which is recommended by Openssl maintainers.
This patch adds libcrypto poll mode driver support to librte_cryptodev
library.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Michal Kobylinski <michalx.kobylinski@intel.com>
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch enables ZUC EEA3 cipher algorithm and
ZUC EIA3 authentication algorithm support to
l2fwd-crypto sample application.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Before adding the new ZUC tests, since they will use
the existing common functions for SNOW3G and KASUMI,
these functions are renamed to *_wireless_algo_*,
instead of *_snow3g_kasumi_*, as they are common
functions for all the three wireless algorithms.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Added new SW PMD which makes use of the libsso SW library,
which provides wireless algorithms ZUC EEA3 and EIA3
in software.
This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_ZUC_EEA3
- RTE_CRYPTO_SYM_AUTH_ZUC_EIA3
The ZUC hash and cipher algorithms, which are enabled
by this crypto PMD are implemented by Intel's libsso software
library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Improve error message if crypto PMD build is not enabled in config file
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds AES Galois Counter Mode performance test case
for cryptodev QAT and AESNI GCM. Test is performed with different
buffer sizes, burst size of 32 and 128b key. Test vectors
are placed in app/test/test_cryptodev_perf_vectors.h file.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This commit fixes a compilation error on icc,
due to unallowed conversion from int to enum:
drivers/crypto/snow3g/rte_snow3g_pmd.c(155):
error #188: enumerated type mixed with another type
sess->op = mode;
^
drivers/crypto/kasumi/rte_kasumi_pmd.c(155):
error #188: enumerated type mixed with another type
sess->op = mode;
^
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: 2773c86d06 ("crypto/kasumi: add driver for KASUMI library")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Regardless the result of the conditional, the true and false
statements were the same, so the conditional can be removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds two sample configuration files to ipsec-secgw sample
application. The sample configuration files show how to setup
back-to-back systems that would forward traffic through an IPsec
tunnel.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This patch adds the configuration file support to ipsec_secgw
sample application. Instead of hard-coded rules, the users can
specify their own SP, SA, and routing rules in the configuration
file. A command line option "-f" is added to pass the
configuration file location to the application.
Configuration item formats:
SP rule format:
sp <ip_ver> <dir> esp <action> <priority> <src_ip> <dst_ip> \
<proto> <sport> <dport>
SA rule format:
sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key> \
<mode> <src_ip> <dst_ip>
Routing rule format:
rt <ip_ver> <src_ip> <dst_ip> <port>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
This patch moves computing of pre-counter block into the AESNI-GCM
driver so it can be moved from test files.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
3DES support added to QuickAssist PMD with CTR and CBC mode.
Both cipher-only and chained with HMAC_SHAx.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Cleanup of unused code.
Rename and simplify a badly named struct element, was aes, but
used for all types of ciphers.
Print correct error msg (Unsupported rather than Undefined)
for all ciphers not supported by QAT PMD.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Adding the support to bind/unbind crypto devices with
dpdk-devbind.py script, as now it is not restricted
to network devices anymore.
Signed-off-by: Eoin Breen <eoin.breen@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
KASUMI algorithm has all uppercase letters,
but some references of it had some lowercase letters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
SNOW 3G algorithm has all uppercase letters in its name
and a space between SNOW and 3G, but some references of it
had some lowercase letters or no space.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Using sys/types.h instead of linux/types.h
so as to compile QAT_PMD on FreeBSD.
Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
In file rte_crypto_sym.h, GMAC API comments need to be changed
to comply with the GMAC specification. Main areas of change are
aad pointer and aad len, which now will be used to
provide plaintext.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This patch adds KASUMI tests in the QAT testsuite.
Alg-Chaining tests have also been added in the KASUMI
SW PMD.
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
using rte_mov128 instead of structure assignment to copy
template request from session context into request
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
This patch changes the qat firmware session data structure from a fixed
size to a variable size which is dependent on the size of the chosen
algorithm.
This reduces the amount of bytes which are transferred across
PCIe and thus helps to increase qat performance when the
accelerator is bound by PCIe.
Signed-off-by: John Griffin <john.griffin@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Inline with PCI probe and remove, VDEV probe and remove hooks provide
a uniform naming.
PCI probe represents scan and driver initialization. For VDEV, it will
represent argument parsing and initialization.
Signed-off-by: Shreyansh Jain <shreyansh.jain@nxp.com>
When compiled with EXTRA_CFLAGS="-O1", the compiler is not
able to detect that size is always initialized when used, and
issues a wrong warning:
eal_memory.c: In function ‘rte_eal_hugepage_attach’:
eal_memory.c:1684:3: error: ‘size’ may be used uninitialized in this
function [-Werror=maybe-uninitialized]
munmap(hp, size);
^
Workaround this issue by initializing size to 0.
Seen on gcc (Debian 5.4.1-1) 5.4.1 20160803.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Update the PMD to use the 1.5.1 HWRM API.
Most of the changes in the patch are white spaces and rearrangement of the
lines - a onetime change owing to the usage of a different auto generated
file.
Structures updated:
hwrm_stat_ctx_alloc_input, hwrm_stat_ctx_alloc_output,
hwrm_stat_ctx_free_input, hwrm_stat_ctx_free_output,
hwrm_stat_ctx_clr_stats_input, hwrm_stat_ctx_clr_stats_output,
hwrm_exec_fwd_resp_input, hwrm_exec_fwd_resp_output
Signed-off-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Update the PMD to use packet filtering related structures as per the
1.5.1 version of the HWRM API. Most of the changes in the patch are
white spaces and rearrangement of the lines - a onetime change owing to
the usage of a different auto generated file.
Structures being updated:
hwrm_cfa_l2_filter_cfg_input, hwrm_cfa_l2_filter_cfg_output,
hwrm_cfa_l2_set_rx_mask_input, hwrm_cfa_l2_set_rx_mask_output,
hwrm_cfa_l2_filter_alloc_input, hwrm_cfa_l2_filter_alloc_output,
hwrm_cfa_l2_filter_free_input, hwrm_cfa_l2_filter_free_output
Signed-off-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Update the PMD to use HWRM ring related structures as per the 1.5.1
version of the HWRM API. Most of the changes in the patch are white
spaces and rearrangement of the lines - a onetime change owing to the
usage of a different auto generated file.
Structures being updated:
hwrm_ring_alloc_input, hwrm_ring_alloc_output, hwrm_ring_free_input,
hwrm_ring_free_output, hwrm_ring_grp_alloc_input,
hwrm_ring_grp_alloc_output, hwrm_ring_grp_free_input,
hwrm_ring_grp_free_output
Signed-off-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
