Merge all versions in linker version script files to DPDK_20.0.
This commit was generated by running the following command:
:~/DPDK$ buildtools/update-abi.sh 20.0
Signed-off-by: Pawel Modrak <pawelx.modrak@intel.com>
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Since the library versioning for both stable and experimental ABI's is
now managed globally, the LIBABIVER and version variables no longer
serve any useful purpose, and can be removed.
The replacement in Makefiles was done using the following regex:
^(#.*\n)?LIBABIVER\s*:=\s*\d+\n(\s*\n)?
(LIBABIVER := numbers, optionally preceded by a comment and optionally
succeeded by an empty line)
The replacement for meson files was done using the following regex:
^(#.*\n)?version\s*=\s*\d+\n(\s*\n)?
(version = numbers, optionally preceded by a comment and optionally
succeeded by an empty line)
[David]: those variables are manually removed for the files:
- drivers/common/qat/Makefile
- lib/librte_eal/meson.build
[David]: the LIBABIVER is restored for the external ethtool example
library.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
As per current support, Scatter Gather is only supported
for out of place input and output buffers.
This patch add support for Scatter Gather for in-place buffers.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.
Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
This patch usages the anti replay window size to config
the anti replay checking in decap path for lookaside
IPSEC offload
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
As per RFC3686, the initial aes-ctr counter value should be '1' for use
in ipsec. The patches changes SEC descriptor for using correct counter
value. In addition, it drops a redundant parameter for passing IV while
creating the descriptor.
This patch adds changes for all NXP crypto PMDs
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for AES-128-GCM, when used in
lookaside protocol offload case.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
These are supported when using protocol offload mode or when
in chain mode.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
These are supported when using protocol offload mode or in chain mode.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
set the pdcp capa_flags to 0 by default.
Fixes: a1173d5559 ("crypto/dpaa_sec: support PDCP offload")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPSec Multi buffer library supports encryption on multiple segments.
When dealing with chained buffers (multiple segments), as long as
the operation is in-place, the destination buffer does not have to
be contiguous (unlike in the case of out-of-place operation).
Therefore, the limitation of not supporting in-place chained mbuf
can be removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
FD retrieved from SEC after crypto processing provides
an updated length of the buffer which need to be updated
in mbuf. The difference in length can be negative hence
changing diff to int32_t from uint32_t.
Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA SEC shall be able to work independent of DPAA ETH
driver.
This patch moves qbman init to bus, so that any driver
can use them even when no eth resources are present
or none of the eth devices are probed.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Building with clang 3.4.2 caused the following error:
CC dpaa2_sec_dpseci.o
In file included from /dpdk/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c:40:
In file included from /dpdk/drivers/common/dpaax/caamflib/desc/ipsec.h:11:
In file included from /dpdk/drivers/common/dpaax/caamflib/rta.h:11:
In file included from .../common/dpaax/caamflib/rta/sec_run_time_asm.h:14:
/dpdk/drivers/common/dpaax/compat.h:108:18:
error: redefinition of typedef 'dma_addr_t' is a C11 feature
[-Werror,-Wtypedef-redefinition]
typedef uint64_t dma_addr_t;
^
/dpdk/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c:37:18:
note: previous definition is here
typedef uint64_t dma_addr_t;
^
The dma_addr_t was defined in the common compat.h file, and does not
need to be redefined.
The meson build include directories list was updated to enable the
definition in the common compat.h file be used.
Fixes: 8c83f28cc8 ("common/dpaax: move OF library from DPAA bus")
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Some of the internal header files have 'rte_' prefix
and some don't.
Remove 'rte_' prefix from all internal header files.
Suggested-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Dharmik Thakkar <dharmik.thakkar@arm.com>
Reviewed-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
'virtio_hw_internal' global variable is defined in both 'crypto/virtio'
and 'net/virtio' PMDs. This means they share same storage when
application linked with static DPDK library, which is not the intention.
Fixing by adding 'crypto_' prefix to the 'crypto/virtio' driver.
Issue has been detected by '-fno-common' gcc flag.
Fixes: 25500d4b80 ("crypto/virtio: support device init")
Cc: stable@dpdk.org
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
'null_logtype_driver' global variable is defined in a header file which
was causing multiple definitions of the variable, fixed it by moving it
to the .c file.
Issue has been detected by '-fno-common' gcc flag.
Fixes: 735b783d8c ("crypto/null: add dynamic logging")
Cc: stable@dpdk.org
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
This code is being shared by more than 1 type of driver.
Common is most appropriate place for it.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
AES-CMAC is used in 3gpp specifications hence it is needed
to support 4 byte digest.
Fixes: 91c1daa4e1 ("crypto/qat: support AES-CMAC")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds option to use asymmetric crypto pmd with
session-less support.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
When running auth NULL cases while using
vfio_pci, DMAR read/write faults appear. It
happens even if digest_length is set to 0.
This is caused by auth_res_addr initialized
as 0x0.
Fixes: 4e0955bddb ("crypto/qat: fix null auth algo overwrite")
Cc: stable@dpdk.org
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The SEC HW code is being shared by multiple NXP based
drivers. It is better to place it at a common place.
Current users are:
1. DPAA2_SEC
2. DPAA_SEC
3. CAAM_JR
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add helper functions to get meta len for asymmetric operations
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The session related parameters shall be populated during
the session create only.
At the runtime on first packet, the CDB should just reference
the session data instead of re-interpreting data again.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for ZUC and SNOW 3G in
non-PDCP offload mode.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For cases like ESN where authentication data can be after cipher
data, support for authentication trailer is required.
This patch adds support of auth-only data trailing after cipher data.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The GCM descriptors needlessly skip auth_only_len bytes from output
buffer. Due to this, workarounds have to be made in dpseci driver code.
Also this leads to failing of one cryptodev test case for gcm. In this
patch, we change the descriptor construction and adjust dpaaX_sec
accordingly. The test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg
now passes.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The code shall also check aead as non auth-cipher case
Fixes: 1f14d500bc ("crypto/dpaa_sec: support IPsec protocol offload")
Cc: stable@dpdk.org
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch sets the priority of the dpcon dev, such that it is
within the supported range of dpcon
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The black list of dpaa_sec devices fails.
EAL: failed to parse device "dpaa:dpaa_sec-1"
This patch address following issues:
- bus usages dpaa-sec while the driver usage dpaa_sec
- bus usages numbers from 0 to MAX_SEC - while driver
probe usages sec number form max-fman_device +1
Fixes: 6e0752205b ("bus/dpaa: support device blacklisting")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Sachin Saxena <sachin.saxena@nxp.com>
dpaa_sec hw queues can be attached to a hw dpaa event
device and the application can configure the event
crypto adapter to access the dpaa_sec packets using
hardware events.
This patch defines APIs which can be used by the
dpaa event device to attach/detach dpaa_sec queues.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
'cpt_logtype' & 'otx_cryptodev_driver_id' global variables are defined
in a header file which was causing multiple definitions of the
variables. Fixed it by moving the required vars to the .c file and
introducing a new macro so the CPT_LOG macros in common/cpt would use
the associated PMD log var.
Issue has been detected by '-fno-common' gcc flag.
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
It's better to allocate device private data on the same NUMA node with
device, rather than with the main thread. This helps avoid cross-NUMA
access for worker thread.
Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Reviewed-by: Jay Zhou <jianjay.zhou@huawei.com>
This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to the classic 2-pass mode on older
hardware.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch allocate/clean the SEC context dynamically
based on the number of SG entries in the buffer.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for non-protocol offload mode
of snow-f8 algo
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Adding minimal support for CAAM HW era 10 (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.
For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.
As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.
Then an external script can be used for bind and unbind.
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.
The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.
With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.
Fixes: 5a7dbb934d ("dpaa: enable dpaax library")
Cc: stable@dpdk.org
Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.
Therefore, order is changed to be compatible with newer versions
of the library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
If the application enables the use of ESN in the
ipsec_xform for security session create, pdb options
are set for enabling ESN.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Virtual to physical conversions are optimized using the
DPAAX tables. This patch integrates DPAAX with caam_jr PMD.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Reducing the functional traces from data path and critical session path
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The session init shall return failure if the internal
session create fails for any reasons.
Fixes: 13273250ee ("crypto/dpaa2_sec: support AES-GCM and CTR")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
BT0 block type padding after rfc2313 has been discontinued.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Resolution for seg-faults observed:
1) in buffer re-alignment in-place sgl case
2) case where data end is exactly at end of an sgl segment.
Also renamed variable and increased comments for clearer code.
Fixes: 40002f6c2a ("crypto/qat: extend support for digest-encrypted auth-cipher")
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch changes the key pointer data types in cipher, auth,
and aead xforms from "uint8_t *" to "const uint8_t *" for a
more intuitive and safe sessionn creation.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Liron Himi <lironh@marvell.com>
This patch adds condition to be met when using
out-of-place auth-cipher operations. It checks
if the digest location overlaps with the data to
be encrypted or decrypted and if so, treats as a
digest-encrypted case.
Patch adds checking, if the digest is being
encrypted or decrypted partially and extends PMD
buffers accordingly.
It also adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
In case big number need to be freed, data it contains should
also be cleared before especially if it is critical data like
private keys.
Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch fixes the out-of-bounds coverity issue by adding
missed algorithms to the array.
Coverity issue: 337683
Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
ANSI C memcmp is not constant time function per spec so it should
be avoided in cryptography usage.
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
For each driver where we optionally disable it, add in the reason why it's
being disabled, so the user knows how to fix it.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
On CentOS/RHEL 7, we get build errors reported due to a variable being
possibly uninitialized. Setting a default init value fixes this issue.
Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
The check for the zuc library dependency did not check for the include
file needed for compilation. It's also recommended when looking for a
library to use the name without the lib prefix.
Fixes: df1740a8db ("crypto/zuc: enable meson build")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
The check for the kasumi library dependency did not check for the include
file needed for compilation. It's also recommended when looking for a
library to use the name without the lib prefix.
Fixes: 2ec2d46c62 ("crypto/kasumi: enable meson build")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Snow3G driver is missing support for building with meson. Add a new
meson.build file so it can be included in the builds.
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
The metabuf pool is shared across all queue pairs belonging to the
PMD. In order to prevent one queue pair from starving another,
use a distinct mempool for each queue pair.
Fixes: 273487f7b3 ("crypto/octeontx: add global resource init")
Cc: stable@dpdk.org
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Shally Verma <shallyv@marvell.com>
NULL cipher algo of 4-byte multiple and other sizes caused firmware hang
due to use of wrong mode. Changed from ECB mode to CTR mode to fix.
Fixes: 98f0608916 ("crypto/qat: add symmetric session file")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
The aesni_mb driver has a check in its Makefile for the correct version of
the IPsec_MB library, but this check was missed for the aesni_gcm driver.
Add this check to the makefile, removing an unnecessary assignment in the
process.
Suggested-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
The version check for the IPSec_MB library present in the aesni_gcm
library's meson.build file is a little cleaner than that given here,
so update this one so that both work identically.
While one could use the checks done in the other right now, potentially in
future they may have different version dependencies, or may be compiled in
different orders, so keep the code duplicated for safety, since it's only a
few lines.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
The aesni_mb driver and the aesni_gcm driver both require the same version
of the IPSec_MB library, but only the former has a check of the library
found by meson to see if it's the correct version. Add a similar check to
the aesni_gcm library's meson.build file, so that the auto-detection of
dependencies works correctly.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
This patch fixes the incorrect iv offset calculation.
Fixes: b063e843fa ("crypto/virtio: fix IV physical address")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Opendir() returns allocated storage which must be freed at the
end of function or in case any return on error. so freeing the
allocation using closedir in an error case.
Coverity issue: 323507
Coverity issue: 325880
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
CAAM return wrong digest value in AUTH only sg test case
because digest calculated on wrong length of data
Fixes: 71dd6b9d44 ("crypto/caam_jr: add scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
build a shared descriptor accordingly if core and
CAAM endianness is same or different
Fixes: 6ef6beca88 ("crypto/caam_jr: add enqueue/dequeue operations")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
IPSec Multi-buffer library has recently added API
that sets pointers depending on the architecture, at initiliazation,
in version 0.52.
AESNI MB PMD was updated with these changes, but not
the AESNI GCM PMD, which also uses the same library.
This makes the PMD to be only compatible with version 0.52,
but makes both PMD consistent on version compatibility,
plus adds support for AVX512.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Define variables for "is_linux", "is_freebsd" and "is_windows"
to make the code shorter for comparisons and more readable.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Luca Boccassi <bluca@debian.org>
Do a global replace of snprintf(..."%s",...) with strlcpy, adding in the
rte_string_fns.h header if needed. The function changes in this patch were
auto-generated via command:
spatch --sp-file devtools/cocci/strlcpy.cocci --dir . --in-place
and then the files edited using awk to add in the missing header:
gawk -i inplace '/include <rte_/ && ! seen { \
print "#include <rte_string_fns.h>"; seen=1} {print}'
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
openssl PMD support RSA private key operation
using both qt and exp key type.
Set rsa key type feature flag
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
- fle pool allocations should be done for each process.
- cryptodev->data is shared across muliple processes but
cryptodev itself is allocated for each process. So any
information which needs to be shared between processes,
should be kept in cryptodev->data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
session inq and qp are assigned for each core from which the
packets arrive. This was not correctly handled while supporting
multiple sessions per queue pair.
This patch fixes the attach and detach of queues for each core.
Fixes: e79416d10f ("crypto/dpaa_sec: support multiple sessions per queue pair")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
SEC HW descriptor sharing mode can now be controlled
during Session preparation by the respective drivers
shared descriptors in case of non-protocol offload does not need
any sync between the subsequent jobs. Thus, changing it to
SHR_NEVER from SHR_SERIAL for cipher_only, auth_only, and gcm.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In case of gcm, output buffer should have aad space
before the actual buffer which needs to be written.
CAAM will not write into the aad anything, it will skip
auth_only_len (aad) and write the buffer afterwards.
Fixes: 37f96eb01b ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
private data should be cleared instead of the complete session
Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
As stated in 19.02 deprecation notice, this patch updates the
aesni_mb PMD to remove the support of older Intel-ipsec-mb
library version earlier than 0.52.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Add out-of-place processing, i.e. different source and
destination m_bufs, plus related capability update, tests
and documentation.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Paul Luse <paul.e.luse@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This commit adds modular multiplicative inverse to Intel
QuickAssist Technology driver. For capabilities or limitations
please refer to qat.rst or qat_asym_capabilities.h.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This commit adds modular exponentiation to Intel QuickAssist
Technology driver. For capabilities or limitations please refer to
qat.rst or qat_asym_capabilities.h.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds Poll Mode Driver for asymmetric crypto
functions of Intel QuickAssist Technology hardware.
It contains plain driver with no functions implemented, specific
algorithms will be introduced in separate patches.
This patch depends on a QAT PF driver for device initialization. See
the file docs/guides/cryptodevs/qat.rst for configuration details.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
All drivers should have SPDX on the first line of the source
files in the format
/* SPDX-License-Identifier: ...
Several files used minor modifications which were inconsistent
with the pattern. Fix it to make scanning tools easier.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds XTS capabilities and enables
XTS cipher mode on QAT.
It also updates the documentation for newly
supported AES XTS mode on QAT.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Moving upper level enqueue/dequeue routines to driver. The h/w interface
used to submit request has enough differences to substantiate the need
for separate routines.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
This patch adds result field to modular exponentiation and modular
multiplicative inverse operations in openssl pmd functions
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Rename the macro to make things shorter and more comprehensible. For
both meson and make builds, keep the old macro around for backward
compatibility.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
The term "linuxapp" is a legacy one, but just calling the subdirectory
"linux" is just clearer for all concerned.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).
Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The virtio crypto driver was using PMD log type and it should
be using the local log type.
Fixes: 25500d4b80 ("crypto/virtio: support device init")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Whenever possible (if the library ships a pkg-config file) use meson's
dependency() function to look for it, as it will automatically add it
to the Requires.private list if needed, to allow for static builds to
succeed for reverse dependencies of DPDK. Otherwise the recursive
dependencies are not parsed, and users doing static builds have to
resolve them manually by themselves.
When using this API avoid additional checks that are superfluous and
take extra time, and avoid adding the linker flag manually which causes
it to be duplicated.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Bruce Richardson <bruce.richardson@intel.com>
When operation calls for auth (digest generation), followed by
encryption of both data plus digest, the digest-in-buffer
flag must be set for QAT.
Fixes: 39e0bee48e ("crypto/qat: rework request builder for performance")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
This patch fixes the inflexible compile issue AESNI-MB PMD.
Originally the compile of the PMD will fail if IPSec_MB is
not installed in default location.
Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used
Fixes: 828d51d8fc ("bus/fslmc: refactor scan and probe functions")
Fixes: c22fab9a6c ("raw/dpaa2_qdma: support configuration APIs")
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Fixes: b23d4e898a ("crypto/dpaa2_sec: add per dev mempool to store FLE")
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Fixes: f44bccadd8 ("crypto/caam_jr: add device basic operations")
Fixes: 7e3e2954e0 ("crypto/dpaa_sec: move mempool allocation to config")
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org
Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixes: 547a4d40e7 ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
In dpaa_sec, each session should have a separate in-queue,
and each in-queue should be mapped to an outq.
So if multiple flows of same SA comes to different cores
due to rss distribution of NIC, enqueue from any core will
try to do re-assignment of inq - outq mapping which will fail.
In this patch, for each core a separate inq is allocated and
used from each of the core. But the number of outq will remain
the same and we save the pointer to outq in session for each
of the cores.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
PDCP session configuration for lookaside protocol offload
and data path is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
DEPDIRS is no longer used in DPDK driver makefiles. Removing it.
Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512
algorithms support to AESNI-MB PMD. The cryptodev unit test and
documentation are updated accordingly.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
This patch adds the AES-GMAC authentication only support to AESNI-MB
PMD, including the driver code, cryptodev unit test, and documentation
updates.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch duplicates the original rte_aesni_mb_pmd*.c files and replaces
the function calls provided by intel-ipsec-mb library into
architecture-independent macros. The build systems are updated to choose
compiling either rte_aesni_mb_pmd*.c or rte_aesni_mb_pmd*_compat.c based
on the installed intel-ipsec-mb version. For the intel-ipsec-mb older
than 0.52.0 rte_aesni_mb_pmd*_compat.c will be compiled, otherwise
rte_aesni_mb_pmd*.c will be compiled.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch renames the rte_aesni_mb_pmd*.c to
rte_aesni_mb_pmd*_compat.c to indicate those files are for
compatible with older versoin of intel-ipsec-mb library
only.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
This patch fixes the memory leak during queue pair release.
Originally the operation ring is not freed when releasing
queue pair, causing the next queue_pair configure call fail
and memory leak.
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: cf7685d68f ("crypto/zuc: add driver for ZUC library")
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: 94b0ad8e0a ("null_crypto: add driver for null crypto operations")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
NULL algo algo does not to set counter flag so it should be zeroed.
Fixes: db0e952a5c ("crypto/qat: add NULL capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
AES-CCM algo does not to set counter flag so it should be zeroed.
Fixes: ab56c4d9ed ("crypto/qat: support AES-CCM")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Error code of qat_hash_get_block_size needs to be handle properly.
Fixes: 10b49880e3 ("crypto/qat: make the session struct variable in size")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
Remove if() condition prior to calling BN_free() as
BN_free(a) does nothing if a is NULL.
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The function otx_cpt_get_resource() would be setting the pointer
'instance'. In case of error, 'instance' would be set to NULL, and
returns rte_errno. If rte_errno when 'instance' is set to NULL, it can
lead to NULL pointer dereferencing.
Coverity Issue: 323486, 323489
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Fixes: 0961348fdf ("crypto/octeontx: add queue pair functions")
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
If the length of string pointed by 'name' is equal to or greater than
the sizeof cptvf->dev_name string, the resultant string will not be
null terminated. Using strlcpy would make sure the string would always
be null terminated.
Coverity Issue: 323492
Fixes: 0dc1cffa4d ("crypto/octeontx: add hardware init routine")
Signed-off-by: Ankur Dwivedi <ankur.dwivedi@caviumnetworks.com>
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
This patch fixes the queue pair free for AESNI-MB PMD. Originally
the queue pair ring name are different than the object name,
caused the aesni_mb_pmd_qp_release() cannot find the ring to
release. This patch uses the same name between queue pair object
name and ring name.
Fixes: a831c318c5 ("crypto/aesni_mb: free ring memory on queue release")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
File *fp, opened but not closed, this patch add fclose(fp)
Fixes: ef4b04f87f ("crypto/ccp: support device init")
Cc: stable@dpdk.org
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Ravi Kumar <ravi1.kumar@amd.com>
Check should be on parameter uio_fd instead of
local variable job_ring
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
Current OpenSSL PMD RSA verify implementation overrides application passed
sign input by decrypted output which isn't expected.
This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use
tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPTO_OP_STATUS_ERROR on signature mismatch.
Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
build_error:
drivers/crypto/scheduler/scheduler_pmd.c: In function ‘parse_name_arg’:
drivers/crypto/scheduler/scheduler_pmd.c:372:2: error: ‘strncpy’
specified bound 64 equals destination size [-Werror=stringop-truncation]
strncpy(params->name, value, RTE_CRYPTODEV_NAME_MAX_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
strncpy may result a not null-terminated string,
replaced it with strlcpy
Fixes: 503e9c5afb ("crypto/scheduler: register as vdev driver")
Cc: stable@dpdk.org
Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Some global variables are defined with generic names, add component name
as prefix to variables to prevent collusion with application variables.
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Acked-by: Tianfei Zhang <tianfei.zhang@intel.com>
Some global variables can indeed be static, add static keyword to them.
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
PDCP session configuration for lookaside protocol offload
and data path is added.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
DPAA2 SEC platform can support look aside protocol
offload for PDCP protocol.
The relevant APIs for configuring the hardware for PDCP
is added for various modes and crypto algorithms.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Horia Geanta Neag <horia.geanta@nxp.com>
Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
dma_addr_t is already defined in compat.h.
so removing the local definition from caam_jr_config.h
Fixes: 64c0451f5b ("crypto/caam_jr: add HW tuning options")
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
RTE_SECURITY is enabled by default. If it is disabled, dpaa2_sec,
dpaa_sec and caam_jr compilation fails.
This patch fixes compilation by disabling these drivers
when rte_security is not available.
Fixes: 1ee9569576 ("config: enable dpaaX drivers for generic ARMv8")
Fixes: 09e1e8d256 ("mk: fix dependencies of dpaaX drivers")
Fixes: af7c9b5e9c ("crypto/caam_jr: introduce basic driver")
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
We use _GNU_SOURCE all over the place, but often times we miss
defining it, resulting in broken builds on musl. Rather than
fixing every library's and driver's and application's makefile,
fix it by simply defining _GNU_SOURCE by default for all
builds.
Remove all usages of _GNU_SOURCE in source files and makefiles,
and also fixup a couple of instances of using __USE_GNU instead
of _GNU_SOURCE.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
This patch provides the support for protocol offload
to the hardware. following security operations are
added:
- session_create
- session_destroy
- capabilities_get
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support for :
1. creating run time sec hw decriptors for a given request.
2. enqueue operation to the caam jr ring
3. dequeue operation from the caam jr ring in poll mode
4. creating a crypto protocol descriptor for session - first time.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add support to create session configuration
of various types i.e. cipher, auth and aead etc.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
caam_jr need support from kernel caam driver for
job ring initialisation. So to access register space
for job ring and allow re configure and map to userspace
UIO interface is used. This also allows to handle the
caam interrupts from the user space.
This patch adds UIO specific operations
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch add routines for configuring the hw
to support various features.
These routines will be used by the PMD ops.
The patch also defines structure and macros used
to access hw capabilities.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>