AES-GCM support is added as per the AEAD type of crypto
operations. Support for AES-CTR is also added.
test/crypto and documentation is also updated for
dpaa2_sec to add supported algorithms.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
rte_malloc uses common memory area for all cores.
Now rte_malloc are replaced by per device mempool to allocate
space for FLE. This removes contention and improves performance.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Now that AAD is only used in AEAD algorithms,
there is no need to keep AAD in the authentication
structure.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Now that all the structures/functions for AEAD algorithms
are in place, migrate the two supported algorithms
AES-GCM and AES-CCM to these, instead of using
cipher and authentication parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
AES-GMAC is an authentication algorithm, based on AES-GCM
without encryption. To simplify its usage, now it can be used
setting the authentication parameters, without requiring
to concatenate a ciphering transform.
Therefore, it is not required to set AAD, but authentication
data length and offset, giving the user the option
to have Scatter-Gather List in the input buffer,
as long as the driver supports it.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Digest length was duplicated in the authentication transform
and the crypto operation structures.
Since digest length is not expected to change in a same
session, it is removed from the crypto operation.
Also, the length has been shrunk to 16 bits,
which should be sufficient for any digest.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.
Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
For wireless algorithms (SNOW3G, KASUMI, ZUC),
the IV for the authentication algorithms (F9, UIA2 and EIA3)
was taken from the AAD parameter, as there was no IV parameter
in the authentication structure.
Now that IV is available for all algorithms, there is need
to keep doing this, so AAD is not used for these algorithms
anymore.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Authentication algorithms, such as AES-GMAC or the wireless
algorithms (like SNOW3G) use IV, like cipher algorithms.
So far, AES-GMAC has used the IV from the cipher structure,
and the wireless algorithms have used the AAD field,
which is not technically correct.
Therefore, authentication IV parameters have been added,
so API is more correct. Like cipher IV, auth IV is expected
to be copied after the crypto operation.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Session type (operation with or without session) is not
something specific to symmetric operations.
Therefore, the variable is moved to the generic crypto operation
structure.
Since this is an ABI change, the cryptodev library version
gets bumped.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Fixed a comment in QAT, referring to the IV size
for AES-GCM, that should be in bytes, and not bits.
Fixes: 53d8971cbe81 ("qat: fix AES-GCM decryption")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Since SSE4 is now part of the minimum requirements for DPDK, we don't need
to check for its presence any more.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Since SSE4 is now part of the minimum requirements for DPDK, we don't need
to check for its presence any more.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Since SSE4 is now part of the minimum requirements for DPDK, we don't need
to check for its presence any more.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Since SSE4 is now part of the minimum requirements for DPDK, we don't need
to check for its presence any more.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
This patch remove the deprecated functions as well as notice for
scheduler mode set/get API changes.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Some assert checks in the driver were
incorrect, but they are not necessary anyway,
as application will panic in any case.
Fixes: 0f548b50a160 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Move all functions handling virtual devices to a separate
header file "rte_cryptodev_vdev.h", in order to leave only
generic functions for any device in the rest of the files.
It also creates the file "rte_cryptodev_pmd.c", with the
implementations of these functions.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Do not set PCI information in the device information structure
for any crypto device, just for the ones that are PCI, so
this is set internally in the PCI crypto PMDs (only QAT now).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Only non virtual devices were storing the pointer to
rte_device structure in rte_cryptodev, which will be needed
to retrieve the driver name for any device.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Socket id parsed from the user was checked
if it was in the range of available sockets.
This check is unnecessary, as the socket specified
might not have memory anyway, so it will fail
at memory allocation.
Therefore, the best solution is to remove this check.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Fixing typos across dpdk source code using codespell utility.
Skipped the ethdev driver's base code fixes to keep the base
code intact.
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Different drivers use internal macros like force_inline for compiler
always inline feature.
Standardizing it through __rte_always_inline macro.
Verified the change by comparing the output binary file.
No difference found in the output binary file with this change.
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Fix aad capabilities for AES-GCM authtentication, aad is changed from
range 8-12 to 0-65535
Fixes: 8a9867a635c0 ("crypto/openssl: rename libcrypto to openssl")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This commit addresses the following compilation errors:
In file included from build/include/rte_cryptodev_scheduler.h:37:0,
from /tmp/check-includes.sh.5355.c:1:
build/include/rte_cryptodev_scheduler_operations.h:43:30: error: unknown
type name 'uint8_t' struct rte_cryptodev *dev, uint8_t slave_id);
[...]
Fixes: 097ab0bac017 ("crypto/scheduler: add API")
Signed-off-by: Adrien Mazarguil <adrien.mazarguil@6wind.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
license and copyright for hw and mc files are made consistent
as per the other dpaa2 dual licensed files.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
algo.h provides APIs for constructing non-protocol offload SEC
descriptors like hmac, blkciphers etc.
ipsec.h provides APIs for IPSEC offload descriptors.
common.h is a common helper file which for all descriptors
In future, additional algorithms' descriptors(PDCP etc.) will be
added in the desc/
Signed-off-by: Horia Geanta Neag <horia.geanta@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
A set of header files(hw) which helps in making the descriptors
that are understood by NXP's SEC hardware.
This patch provides header files for command words which can be
used for descriptor formation.
Signed-off-by: Horia Geanta Neag <horia.geanta@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
add support for dpseci object in MC driver.
DPSECI represent a crypto object in DPAA2.
Signed-off-by: Cristian Sovaiala <cristian.sovaiala@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Capability information is updated as slaves are attached,
but if this information is requested via rte_cryptodev_info_get()
when no slaves have been attached, the structure would not be
initialized, leading to a potential segmentation fault.
Therefore, the structure should be initialized with no
capabilities at device creation.
Fixes: 31439ee72b2c ("crypto/scheduler: add API implementations")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Commit <ecaed092b677> ("ring: return remaining entry count when
dequeuing") changed the return of rte_ring_sc_dequeue_bulk.
This patch updates the scheduler to comply with this change.
Fixes: 8a48e039432b ("crypto/scheduler: optimize crypto op ordering")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Crypto devices of the same type could be initialized
with the same name, since internally this name was suffixed
with an index.
Since commit <dda987315ca2> ("vdev: make virtual bus use its
device struct"), this is not allowed anymore.
Therefore, there is no need to create an unique name
at device initialization.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Check if virtual device name is NULL,
to avoid possible segmentation faults.
Fixes: 5d2aa461cbca ("vdev: use generic vdev struct for probe and remove")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This commit fixes zero physical address when IV not set
Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
This patch improves the cryptodev scheduler PMD's commandline
parsing capability. Originally, the scheduler's slave option
requires the slave vdev(s) being declared prior to it. This
patch removes this limitation by storing the slave names
temporarily and attaching them later.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
