Commit Graph

914 Commits

Author SHA1 Message Date
Pawel Modrak
85ff364f3b build: align symbols with global ABI version
Merge all versions in linker version script files to DPDK_20.0.

This commit was generated by running the following command:

:~/DPDK$ buildtools/update-abi.sh 20.0

Signed-off-by: Pawel Modrak <pawelx.modrak@intel.com>
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2019-11-20 23:05:39 +01:00
Anatoly Burakov
fbaf943887 build: remove individual library versions
Since the library versioning for both stable and experimental ABI's is
now managed globally, the LIBABIVER and version variables no longer
serve any useful purpose, and can be removed.

The replacement in Makefiles was done using the following regex:

	^(#.*\n)?LIBABIVER\s*:=\s*\d+\n(\s*\n)?

(LIBABIVER := numbers, optionally preceded by a comment and optionally
succeeded by an empty line)

The replacement for meson files was done using the following regex:

	^(#.*\n)?version\s*=\s*\d+\n(\s*\n)?

(version = numbers, optionally preceded by a comment and optionally
succeeded by an empty line)

[David]: those variables are manually removed for the files:
- drivers/common/qat/Makefile
- lib/librte_eal/meson.build
[David]: the LIBABIVER is restored for the external ethtool example
library.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Thomas Monjalon <thomas@monjalon.net>
2019-11-20 23:05:39 +01:00
Akhil Goyal
b795e127e8 crypto/openssl: support in-place scatter gather
As per current support, Scatter Gather is only supported
for out of place input and output buffers.
This patch add support for Scatter Gather for in-place buffers.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2019-11-20 12:35:51 +01:00
Thierry Herbelot
67ab783b5d crypto/openssl: use local copy for session contexts
Session contexts are used for temporary storage when processing a
packet.
If packets for the same session are to be processed simultaneously on
multiple cores, separate contexts must be used.

Note: with openssl 1.1.1 EVP_CIPHER_CTX can no longer be defined as a
variable on the stack: it must be allocated. This in turn reduces the
performance.

Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
2019-11-08 13:51:16 +01:00
Nipun Gupta
3ffce51a1f crypto/dpaa2_sec: add enqueue retry timeout
This patch adds retry in the DPAA2 SEC packet enqueue API

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
a37ce227a8 crypto/dpaax_sec: enable anti replay window config
This patch usages the anti replay window size to config
the anti replay checking  in decap path for lookaside
IPSEC offload

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Vakul Garg
1cdfbb0b83 crypto/dpaax_sec: enable IPsec AES-CTR to use nonce
The protocol aware ipsec descriptor has been modified to
use ctr_initial value of 1 and salt configured for ipsec SA.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Vakul Garg
5906b0ad0f crypto/dpaax_sec: use AES-CTR initial counter as 1
As per RFC3686, the initial aes-ctr counter value should be '1' for use
in ipsec. The patches changes SEC descriptor for using correct counter
value. In addition, it drops a redundant parameter for passing IV while
creating the descriptor.

This patch adds changes for all NXP crypto PMDs

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Gagandeep Singh
fd900d3853 crypto/dpaa_sec: use macros in queue attach and detach
Align the cleanup and allocation for the queues.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Gagandeep Singh
686bbb70cf crypto/dpaa2_sec: remove redundant checks
This patch remove redundant context type checks.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
247b69083e crypto/dpaax_sec: warn on truncated SHA-256
This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
2c318722fe crypto/dpaa_sec: support AES-GCM for lookaside protocol
This patch add support for AES-128-GCM, when used in
lookaside protocol offload case.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
c1ff974908 crypto/dpaa2_sec: support AES-GCM for lookaside protocol
AES-GCM is now supported for lookaside protocol offload also.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
f73d6928e0 crypto/dpaa_sec: support null cipher and null auth
These are supported when using protocol offload mode or when
in chain mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
a4e4a71cb1 crypto/dpaa2_sec: support null cipher and null auth
These are supported when using protocol offload mode or in chain mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
e1e52232b5 crypto/dpaa_sec: add check for session validity
Check if the session is not null during processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
447a5d4029 crypto/dpaa2_sec: add check for session validity
Check if the session is not null during processing.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
91413a88e7 crypto/dpaa_sec: fix PDCP capability flags
set the pdcp capa_flags to 0 by default.

Fixes: a1173d5559 ("crypto/dpaa_sec: support PDCP offload")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Pablo de Lara
4b70152374 crypto/aesni_gcm: support in-place chained mbufs
IPSec Multi buffer library supports encryption on multiple segments.
When dealing with chained buffers (multiple segments), as long as
the operation is in-place, the destination buffer does not have to
be contiguous (unlike in the case of out-of-place operation).
Therefore, the limitation of not supporting in-place chained mbuf
can be removed.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-11-08 13:51:16 +01:00
Akhil Goyal
4bc65cf119 crypto/dpaa2_sec: fix length retrieved from hardware
FD retrieved from SEC after crypto processing provides
an updated length of the buffer which need to be updated
in mbuf. The difference in length can be negative hence
changing diff to int32_t from uint32_t.

Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-08 13:51:16 +01:00
Hemant Agrawal
408077f283 bus/dpaa: move QBMAN global init to bus
DPAA SEC shall be able to work independent of DPAA ETH
driver.
This patch moves qbman init to bus, so that any driver
can use them even when no eth resources are present
or none of the eth devices are probed.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-11-06 01:14:41 +01:00
Ciara Power
38383890b2 crypto/dpaa2_sec: fix build with clang 3.4.2
Building with clang 3.4.2 caused the following error:

  CC dpaa2_sec_dpseci.o
In file included from /dpdk/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c:40:
In file included from /dpdk/drivers/common/dpaax/caamflib/desc/ipsec.h:11:
In file included from /dpdk/drivers/common/dpaax/caamflib/rta.h:11:
In file included from .../common/dpaax/caamflib/rta/sec_run_time_asm.h:14:
/dpdk/drivers/common/dpaax/compat.h:108:18:
error: redefinition of typedef 'dma_addr_t' is a C11 feature
[-Werror,-Wtypedef-redefinition]
typedef uint64_t        dma_addr_t;
                        ^
/dpdk/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c:37:18:
note: previous definition is here
typedef uint64_t        dma_addr_t;
                        ^

The dma_addr_t was defined in the common compat.h file, and does not
need to be redefined.

The meson build include directories list was updated to enable the
definition in the common compat.h file be used.

Fixes: 8c83f28cc8 ("common/dpaax: move OF library from DPAA bus")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-11-01 22:28:46 +01:00
Dharmik Thakkar
b28f28ae80 rename private header files
Some of the internal header files have 'rte_' prefix
and some don't.
Remove 'rte_' prefix from all internal header files.

Suggested-by: Thomas Monjalon <thomas@monjalon.net>
Signed-off-by: Dharmik Thakkar <dharmik.thakkar@arm.com>
Reviewed-by: Phil Yang <phil.yang@arm.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
2019-10-27 22:03:06 +01:00
Ferruh Yigit
2c44964461 crypto/virtio: fix global variable multiple definitions
'virtio_hw_internal' global variable is defined in both 'crypto/virtio'
and 'net/virtio' PMDs. This means they share same storage when
application linked with static DPDK library, which is not the intention.

Fixing by adding 'crypto_' prefix to the 'crypto/virtio' driver.

Issue has been detected by '-fno-common' gcc flag.

Fixes: 25500d4b80 ("crypto/virtio: support device init")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-10-25 23:16:23 +02:00
Ferruh Yigit
2ce24ee7ac crypto/null: fix global variable multiple definitions
'null_logtype_driver' global variable is defined in a header file which
was causing multiple definitions of the variable, fixed it by moving it
to the .c file.

Issue has been detected by '-fno-common' gcc flag.

Fixes: 735b783d8c ("crypto/null: add dynamic logging")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-10-25 23:16:23 +02:00
Hemant Agrawal
8c83f28cc8 common/dpaax: move OF library from DPAA bus
This code is being shared by more than 1 type of driver.
Common is most appropriate place for it.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-10-23 16:43:08 +02:00
Hemant Agrawal
314424b69e crypto/dpaax_sec: enable build without rte_security
This patch enables the dpaaX_sec compilation when
RTE_LIBRTE_SECURITY is disabled.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
a7f8087bbd crypto/qat: fix AES CMAC mininum digest size
AES-CMAC is used in 3gpp specifications hence it is needed
to support 4 byte digest.

Fixes: 91c1daa4e1 ("crypto/qat: support AES-CMAC")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
539a3216e1 crypto/qat: support RSA CRT in asym
This commit extends RSA implementation by CRT option

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
e2c5f4ea99 crypto/qat: support RSA in asym
This commit adds RSA algorithm to asymmetric pmd
using pair (n, d) private key

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Arek Kusztal
e1ed5a73cd crypto/qat: support session-less for asym ops
This patch adds option to use asymmetric crypto pmd with
session-less support.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Damian Nowak
65beb9abca crypto/qat: fix null auth when using VFIO
When running auth NULL cases while using
vfio_pci, DMAR read/write faults appear. It
happens even if digest_length is set to 0.
This is caused by auth_res_addr initialized
as 0x0.

Fixes: 4e0955bddb ("crypto/qat: fix null auth algo overwrite")
Cc: stable@dpdk.org

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-23 16:57:06 +02:00
Pablo de Lara
ec73bcf3fa crypto/aesni_gcm: allow device init if no AES-NI is present
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-10-23 16:57:06 +02:00
Pablo de Lara
fb1033a788 crypto/aesni_mb: allow device init if no AES-NI is present
The IPSec Multi buffer library does not require AES-NI
instructions to be supported by the CPU, as it can emulate these
instructions in software (adding a big performance penalty when
using AES algorithms).

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
c0ded84913 common/dpaax: move shared sec HW code from dpaa2_sec
The SEC HW code is being shared by multiple NXP based
drivers. It is better to place it at a common place.
Current users are:
1. DPAA2_SEC
2. DPAA_SEC
3. CAAM_JR

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Sunila Sahu
04227377c8 crypto/octeontx2: support asymmetric in enqueue/dequeue
This patch adds asymmetric support in enqueue/dequeue ops.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
364b9bfc81 crypto/octeontx2: add asymmetric session
This patch adds asymmetric session setup and free routines.
RSA and modexp operations are supported.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
17ac2a7219 crypto/octeontx2: add enqueue/dequeue ops
This patch adds the enqueue burst and dequeue
burst callbacks for the OCTEON TX2 crypto driver.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Ankur Dwivedi
3e72548830 crypto/octeontx2: add session related functions
This patch adds the symmetric session related callbacks.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
6aa9ceaddf crypto/octeontx2: add symmetric capabilities
This patch adds the symmetric capabilities
for OCTEON TX2 crypto PMD.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Ankur Dwivedi
556a273e78 crypto/octeontx2: add queue pair functions
This patch adds the queue pair setup and
queue pair release functions for OCTEON TX2 crypto pmd.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Ankur Dwivedi
dfacd1f9f7 crypto/octeontx2: support control ops
This patch adds the device control functions.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
818d138bcc crypto/octeontx2: add init sequence in probe
This patch adds the device init sequence for
OCTEON TX2 crypto device.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Anoob Joseph
2f8a1b963e crypto/octeontx2: add PMD skeleton
Adding OCTEON TX2 crypto PMD skeleton.
Enabling the driver by default in common_base.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Sunila Sahu
e9a356e2fc crypto/octeontx: add asymmetric enqueue/dequeue ops
Add asymmetric crypto op enqueue & dequeue routines

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
fadc1ea15c common/cpt: add helper functions for asymmetric crypto
Add helper functions to get meta len for asymmetric operations

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
33bcaae5f8 crypto/octeontx: add asymmetric session operations
Add asymmetric session setup and free functions. RSA and modexp
operations are supported.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Kanaka Durga Kotamarthy
13d711f353 crypto/octeontx: add device type mailbox routine
Add mailbox communication to query symmetric or asymmetric device type

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Kanaka Durga Kotamarthy <kkotamarthy@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
8524b44ebc crypto/dpaa_sec: reorganize session management
The session related parameters shall be populated during
the session create only.
At the runtime on first packet, the CDB should just reference
the session data instead of re-interpreting data again.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
c5788a1097 crypto/dpaa_sec: support SNOW3G and ZUC
This patch add support for ZUC and SNOW 3G in
non-PDCP offload mode.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Vakul Garg
3394ed4715 crypto/dpaax_sec: support auth trailer in cipher-auth
For cases like ESN where authentication data can be after cipher
data, support for authentication trailer is required.
This patch adds support of auth-only data trailing after cipher data.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Vakul Garg
7a4a6da470 crypto/dpaax_sec: enhance GCM descs to not skip AAD
The GCM descriptors needlessly skip auth_only_len bytes from output
buffer. Due to this, workarounds have to be made in dpseci driver code.
Also this leads to failing of one cryptodev test case for gcm. In this
patch, we change the descriptor construction and adjust dpaaX_sec
accordingly. The test_AES_GCM_auth_encrypt_SGL_out_of_place_400B_1seg
now passes.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Vakul Garg
98e8427390 crypto/dpaa_sec: fix auth-cipher check for AEAD
The code shall also check aead as non auth-cipher case

Fixes: 1f14d500bc ("crypto/dpaa_sec: support IPsec protocol offload")
Cc: stable@dpdk.org

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Hemant Agrawal
51fe563389 crypto/dpaa2_sec: fix IPv6 PDB options
HW PDB Option was being overwritten.

Fixes: 53982ba280 ("crypto/dpaa2_sec: support IPv6 tunnel for protocol offload")

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-23 16:57:06 +02:00
Nipun Gupta
3835cc228f event/dpaa2: set priority as per DPCON device
This patch sets the priority of the dpcon dev, such that it is
within the supported range of dpcon

Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-10-18 10:03:09 +02:00
Hemant Agrawal
0964a95120 bus/dpaa: fix dpaa_sec blacklist
The black list of dpaa_sec devices fails.
EAL: failed to parse device "dpaa:dpaa_sec-1"

This patch address following issues:
- bus usages dpaa-sec while the driver usage dpaa_sec
- bus usages numbers from 0 to MAX_SEC - while driver
probe usages sec number form max-fman_device +1

Fixes: 6e0752205b ("bus/dpaa: support device blacklisting")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Sachin Saxena <sachin.saxena@nxp.com>
2019-10-08 12:14:30 +02:00
Akhil Goyal
fe3688ba79 crypto/dpaa_sec: support event crypto adapter
dpaa_sec hw queues can be attached to a hw dpaa event
device and the application can configure the event
crypto adapter to access the dpaa_sec packets using
hardware events.
This patch defines APIs which can be used by the
dpaa event device to attach/detach dpaa_sec queues.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 13:14:18 +02:00
Anoob Joseph
98c7b9c97e crypto/octeontx: fix global log variable definition
'cpt_logtype' & 'otx_cryptodev_driver_id' global variables are defined
in a header file which was causing multiple definitions of the
variables. Fixed it by moving the required vars to the .c file and
introducing a new macro so the CPT_LOG macros in common/cpt would use
the associated PMD log var.

Issue has been detected by '-fno-common' gcc flag.

Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-10-09 11:50:12 +02:00
Xiao Wang
933f42eac9 crypto/virtio: allocate private data by NUMA affinity
It's better to allocate device private data on the same NUMA node with
device, rather than with the main thread. This helps avoid cross-NUMA
access for worker thread.

Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Reviewed-by: Jay Zhou <jianjay.zhou@huawei.com>
2019-10-09 11:50:12 +02:00
Adam Dybkowski
aa983f03ad crypto/qat: handle Single Pass Crypto Requests on GEN3
This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to the classic 2-pass mode on older
hardware.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-09 11:50:12 +02:00
Thierry Herbelot
310d2ea632 drivers/crypto: remove some invalid comments
A comment valid in AESNI PMD was copied and pasted in other code

Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")
Fixes: 169ca3db55 ("crypto/armv8: add PMD optimized for ARMv8 processors")
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
9282bdee5c crypto/nitrox: add cipher auth chain processing
Add cipher auth crypto chain processing functionality in symmetric
request manager. Update the release notes.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
1acffa3929 crypto/nitrox: add burst enqueue and dequeue ops
Add burst enqueue and dequeue operations along with interface for
symmetric request manager.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
cafd270356 crypto/nitrox: add session management
Add all the session management operations.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
32e4930d5a crypto/nitrox: add hardware queue management
Add hardware queue management code corresponding to
queue pair setup and release functions.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
3b1fa94a02 crypto/nitrox: add software queue management
Add software queue management code corresponding to
queue pair setup and release functions.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
9fdef0cc23 crypto/nitrox: create symmetric cryptodev
Add Nitrox symmetric cryptodev with following operations,
- dev_configure
- dev_start
- dev_stop
- dev_close
- dev_infos_get

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
0a8fc2423b crypto/nitrox: introduce Nitrox driver
Add bare minimum Nitrox PMD library which handles pci probe, remove and
hardware initialization. Add logs, documentation and update maintainers
file.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
e671f2041f crypto/dpaa2_sec: improve debug logging
unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
2ffb940e14 crypto/dpaa_sec: change per device pool to per qp
In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
f7a5752e70 crypto/dpaa_sec: allocate context dynamically for SG
This patch allocate/clean the SEC context dynamically
based on the number of SG entries in the buffer.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
62a3162239 crypto/dpaa2_sec: allocate context as per num segs
DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
b69ee13859 crypto/dpaa2_sec: support ZUC ciphering/integrity
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
680f73272a crypto/dpaa2_sec/hw: support ZUCE and ZUCA
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
4f52e0cff3 crypto/dpaa2_sec/hw: support KASUMI
Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
9ecbe824af crypto/dpaa2_sec: support SNOW3G cipher/integrity
Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
0b1e34348f crypto/dpaa2_sec/hw: support SNOW-f9
Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
8d83487fd0 crypto/dpaa2_sec/hw: support SNOW-f8
This patch add support for non-protocol offload mode
of snow-f8 algo

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
b0f4b15550 crypto/dpaa2_sec/hw: support SNOW-SNOW 18-bit PDCP
This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
890639fc54 crypto/dpaa2_sec/hw: support ZUC-ZUC 18-bit PDCP
This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
8827d94398 crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP
This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
ea1f0e5104 crypto/dpaa2_sec/hw: support 18-bit PDCP enc-auth
This patch support following algo combinations(ENC-AUTH).
- AES-SNOW
- SNOW-AES
- AES-ZUC
- ZUC-AES
- SNOW-ZUC
- ZUC-SNOW

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
2dc8b4aa31 crypto/dpaa2_sec: disable write-safe for PDCP
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
af61f07509 crypto/dpaa2_sec: support scatter gather for proto offloads
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
fb5c100a14 crypto/dpaa_sec: support scatter gather for PDCP
This patch add support for chained input or output
mbufs for PDCP operations.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
2eeedffc42 crypto/dpaa2_sec/hw: update 12-bit SN desc for NULL auth
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
cee221f670 crypto/dpaa2_sec: support CAAM HW era 10
Adding minimal support for CAAM HW era 10  (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
526cdf60f1 crypto/dpaa2_sec: update desc for PDCP 18-bit enc-auth
Support following cases
int-only (NULL-NULL, NULL-SNOW, NULL-AES, NULL-ZUC)
enc-only (SNOW-NULL, AES-NULL, ZUC-NULL)

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
6a0c9d364a crypto/dpaax_sec: support HFN override
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
2e4cbdb4b2 crypto/dpaax_sec: support PDCP U-Plane with integrity
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
eac600824e crypto/dpaax_sec: support PDCP 12-bit C-Plane
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.

For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
53982ba280 crypto/dpaa2_sec: support IPv6 tunnel for protocol offload
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
5ab35d2e3e crypto/dpaa_sec: support IPv6 tunnel for protocol offload
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Thierry Herbelot
1378ddce50 crypto/octeontx: enable unbinding
Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.

As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.

Then an external script can be used for bind and unbind.

Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2019-10-09 11:50:12 +02:00
Thierry Herbelot
12e5842945 crypto/dpaa_sec: fix IOVA table
dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.

The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.

With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.

Fixes: 5a7dbb934d ("dpaa: enable dpaax library")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-10-09 11:50:12 +02:00
Fiona Trahe
0996ed0d5a crypto/qat: fix digest length in XCBC capability
Digest length in RTE_CRYPTO_AUTH_AES_XCBC_MAC capability
was incorrectly marked 16 bytes, should be 12.

Fixes: 6a3c87bc6a ("crypto/qat: refactor capabilities infrastructure")
Cc: stable@dpdk.org

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
2019-10-09 11:50:12 +02:00
Pablo de Lara
13209e9be7 crypto/aesni_mb: update chain order for AES-CCM
Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.

Therefore, order is changed to be compatible with newer versions
of the library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
0f318781bd drivers/crypto: enable ESN in NXP drivers
If the application enables the use of ESN in the
ipsec_xform for security session create, pdb options
are set for enabling ESN.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
3d0d533277 crypto/dpaa_sec: detach queues in session destroy
crypto queues need to be detached while session destroy
so that they can be reused.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Gagandeep Singh
9e727d4a3f crypto/caam_jr: integrate DPAAX table
Virtual to physical conversions are optimized using the
DPAAX tables. This patch integrates DPAAX with caam_jr PMD.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
b48a3d859f crypto/caam_jr: reduce function traces in critical path
Reducing the functional traces from data path and critical session path

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
c0ed103a02 crypto/dpaa2_sec: fix handling of session init failure
The session init shall return failure if the internal
session create fails for any reasons.

Fixes: 13273250ee ("crypto/dpaa2_sec: support AES-GCM and CTR")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-07-19 14:43:40 +02:00
Arek Kusztal
40dd1f42e1 cryptodev: remove RSA PKCS1 BT0 padding
BT0 block type padding after rfc2313 has been discontinued.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
2019-07-19 14:17:11 +02:00
Arek Kusztal
501ed9c661 cryptodev: add cipher field to RSA op
Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
2019-07-19 14:17:11 +02:00
Fiona Trahe
1a2ff59679 crypto/qat: fix crashes
Resolution for seg-faults observed:
1) in buffer re-alignment in-place sgl case
2) case where data end is exactly at end of an sgl segment.
Also renamed variable and increased comments for clearer code.

Fixes: 40002f6c2a ("crypto/qat: extend support for digest-encrypted auth-cipher")

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
2019-07-19 14:15:21 +02:00
Fan Zhang
186b14d685 cryptodev: make xform key pointer constant
This patch changes the key pointer data types in cipher, auth,
and aead xforms from "uint8_t *" to "const uint8_t *" for a
more intuitive and safe sessionn creation.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Liron Himi <lironh@marvell.com>
2019-07-19 14:15:21 +02:00
Damian Nowak
40002f6c2a crypto/qat: extend support for digest-encrypted auth-cipher
This patch adds condition to be met when using
out-of-place auth-cipher operations. It checks
if the digest location overlaps with the data to
be encrypted or decrypted and if so, treats as a
digest-encrypted case.
Patch adds checking, if the digest is being
encrypted or decrypted partially and extends PMD
buffers accordingly.
It also adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-07-05 15:28:14 +02:00
Arek Kusztal
77411bd638 crypto/openssl: fix free of asymmetric crypto keys
In case big number need to be freed, data it contains should
also be cleared before especially if it is critical data like
private keys.

Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-07-05 15:28:14 +02:00
Anoob Joseph
44e9770209 crypto/octeontx: remove unsupported capabilities
Removing capabilities not supported with latest firmware.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-07-05 15:28:14 +02:00
Fan Zhang
11678a1471 crypto/aesni_mb: fix out-of-bounds access
This patch fixes the out-of-bounds coverity issue by adding
missed algorithms to the array.

Coverity issue: 337683
Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")
Cc: stable@dpdk.org

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
2019-07-05 15:28:14 +02:00
Chenbo Xia
691733e72b crypto/virtio: check PCI config read
Fix unchecked return value issue for rte_pci_read_config.

Coverity issue: 302861
Fixes: 25500d4b80 ("crypto/virtio: support device init")
Cc: stable@dpdk.org

Signed-off-by: Chenbo Xia <chenbo.xia@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-07-05 14:52:25 +02:00
Arek Kusztal
a3f9fededf crypto/openssl: fix usage of non constant time memcmp
ANSI C memcmp is not constant time function per spec so it should
be avoided in cryptography usage.

Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-07-05 14:52:25 +02:00
Lukasz Bartosik
c6fa0d2f6c crypto/octeontx: sync mbox changes from kernel driver
Synchronize mbox with latest changes in kernel driver

Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
2019-07-05 14:52:25 +02:00
Gosia Bakota
22606a96e9 crypto/qat: set message field to zero in sym SGL case
Fixes: e09231eaa2 ("crypto/qat: add SGL capability")
Cc: stable@dpdk.org

Signed-off-by: Gosia Bakota <gosia.bakota@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-07-05 14:52:25 +02:00
Thierry Herbelot
a1f42a9dd7 drivers: fix typo in NXP comments
Fix another copy'n'paste typo.

Fixes: 531b17a780 ("bus/fslmc: add QBMAN driver to bus")
Fixes: 6ef6beca88 ("crypto/caam_jr: add enqueue/dequeue operations")
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-07-05 14:52:25 +02:00
Thierry Herbelot
90ea7e6dd5 crypto/mvsam: fix typo in comment
Inverted letters.

Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Tomasz Duszynski <tdu@semihalf.com>
2019-07-05 14:52:25 +02:00
Bruce Richardson
530588f3cd drivers: add reasons for components being disabled
For each driver where we optionally disable it, add in the reason why it's
being disabled, so the user knows how to fix it.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-07-02 23:21:11 +02:00
Bruce Richardson
16c4ea4ed6 crypto/aesni_mb: fix build with gcc 4.8.5
On CentOS/RHEL 7, we get build errors reported due to a variable being
possibly uninitialized. Setting a default init value fixes this issue.

Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-06-05 18:37:08 +02:00
Bruce Richardson
d0246e0fdc crypto/zuc: fix dependency check
The check for the zuc library dependency did not check for the include
file needed for compilation. It's also recommended when looking for a
library to use the name without the lib prefix.

Fixes: df1740a8db ("crypto/zuc: enable meson build")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-05-02 10:34:05 +02:00
Bruce Richardson
408bb7b07b crypto/kasumi: fix dependency check
The check for the kasumi library dependency did not check for the include
file needed for compilation. It's also recommended when looking for a
library to use the name without the lib prefix.

Fixes: 2ec2d46c62 ("crypto/kasumi: enable meson build")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-05-02 10:33:58 +02:00
Bruce Richardson
1999aeb368 crypto/snow3g: add to meson build
Snow3G driver is missing support for building with meson. Add a new
meson.build file so it can be included in the builds.

Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-05-02 10:33:52 +02:00
Anoob Joseph
ec54bc9d51 crypto/octeontx: use distinct metabuf pool for each queue
The metabuf pool is shared across all queue pairs belonging to the
PMD. In order to prevent one queue pair from starving another,
use a distinct mempool for each queue pair.

Fixes: 273487f7b3 ("crypto/octeontx: add global resource init")
Cc: stable@dpdk.org

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Shally Verma <shallyv@marvell.com>
2019-05-01 15:52:55 +02:00
Fiona Trahe
20f1cb1aaf crypto/qat: fix null cipher algo for non 8-byte multiple
NULL cipher algo of 4-byte multiple and other sizes caused firmware hang
due to use of wrong mode. Changed from ECB mode to CTR mode to fix.

Fixes: 98f0608916 ("crypto/qat: add symmetric session file")
Cc: stable@dpdk.org

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2019-04-30 15:40:56 +02:00
Bruce Richardson
457b8e3729 crypto/aesni_gcm: check dependency version with make
The aesni_mb driver has a check in its Makefile for the correct version of
the IPsec_MB library, but this check was missed for the aesni_gcm driver.
Add this check to the makefile, removing an unnecessary assignment in the
process.

Suggested-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-04-30 08:37:42 +02:00
Bruce Richardson
3998db2db8 crypto/aesni_mb: cleanup version check
The version check for the IPSec_MB library present in the aesni_gcm
library's meson.build file is a little cleaner than that given here,
so update this one so that both work identically.

While one could use the checks done in the other right now, potentially in
future they may have different version dependencies, or may be compiled in
different orders, so keep the code duplicated for safety, since it's only a
few lines.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-04-30 08:37:36 +02:00
Bruce Richardson
e03547408b crypto/aesni_gcm: check dependency version with meson
The aesni_mb driver and the aesni_gcm driver both require the same version
of the IPSec_MB library, but only the former has a check of the library
found by meson to see if it's the correct version. Add a similar check to
the aesni_gcm library's meson.build file, so that the auto-detection of
dependencies works correctly.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-04-30 08:37:13 +02:00
Fan Zhang
fd4fa52cbf crypto/virtio: fix IV offset
This patch fixes the incorrect iv offset calculation.

Fixes: b063e843fa ("crypto/virtio: fix IV physical address")
Cc: stable@dpdk.org

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
2019-04-19 14:51:54 +02:00
Akhil Goyal
261fb94185 crypto/dpaa: fix session destroy
Coverity issue: 336798
Fixes: 1f14d500bc ("crypto/dpaa_sec: support IPsec protocol offload")
Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-04-18 16:01:28 +02:00
Gagandeep Singh
c761bffe0b crypto/caam_jr: fix memory leak and illegal access
Opendir() returns allocated storage which must be freed at the
end of function or in case any return on error. so freeing the
allocation using closedir in an error case.

Coverity issue: 323507
Coverity issue: 325880
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-18 16:01:28 +02:00
Gagandeep Singh
3386ca38bd crypto/caam_jr: fix total length in auth only s/g
CAAM return wrong digest value in AUTH only sg test case
because digest calculated on wrong length of data

Fixes: 71dd6b9d44 ("crypto/caam_jr: add scatter gather")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-18 16:01:28 +02:00
Gagandeep Singh
d80dc4bb7c crypto/caam_jr: fix shared descriptor endianness
build a shared descriptor accordingly if core and
CAAM endianness is same or different

Fixes: 6ef6beca88 ("crypto/caam_jr: add enqueue/dequeue operations")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-18 16:01:28 +02:00
Pablo de Lara
81fe96a0ce crypto/aesni_gcm: use architecture independent API
IPSec Multi-buffer library has recently added API
that sets pointers depending on the architecture, at initiliazation,
in version 0.52.

AESNI MB PMD was updated with these changes, but not
the AESNI GCM PMD, which also uses the same library.

This makes the PMD to be only compatible with version 0.52,
but makes both PMD consistent on version compatibility,
plus adds support for AVX512.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-04-18 16:01:28 +02:00
Bruce Richardson
adf93ca564 build: increase readability via shortcut variables
Define variables for "is_linux", "is_freebsd" and "is_windows"
to make the code shorter for comparisons and more readable.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Luca Boccassi <bluca@debian.org>
2019-04-17 18:09:52 +02:00
Bruce Richardson
6723c0fc72 replace snprintf with strlcpy
Do a global replace of snprintf(..."%s",...) with strlcpy, adding in the
rte_string_fns.h header if needed.  The function changes in this patch were
auto-generated via command:

  spatch --sp-file devtools/cocci/strlcpy.cocci --dir . --in-place

and then the files edited using awk to add in the missing header:

  gawk -i inplace '/include <rte_/ && ! seen { \
  	print "#include <rte_string_fns.h>"; seen=1} {print}'

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-04-04 22:46:05 +02:00
David Marchand
27893e4eee drivers: remove Linux EAL from include path
None of those drivers require EAL linux specific headers.

Signed-off-by: David Marchand <david.marchand@redhat.com>
2019-04-04 22:06:16 +02:00
Ayuj Verma
378e08eba8 crypto/openssl: set RSA private op feature flag
openssl PMD support RSA private key operation
using both qt and exp key type.
Set rsa key type feature flag

Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Akhil Goyal
3b4757fc74 crypto/dpaa2_sec: support multi-process
- fle pool allocations should be done for each process.
- cryptodev->data is shared across muliple processes but
cryptodev itself is allocated for each process. So any
information which needs to be shared between processes,
should be kept in cryptodev->data.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Akhil Goyal
e621d97000 crypto/dpaa_sec: fix session queue attach/detach
session inq and qp are assigned for each core from which the
packets arrive. This was not correctly handled while supporting
multiple sessions per queue pair.
This patch fixes the attach and detach of queues for each core.

Fixes: e79416d10f ("crypto/dpaa_sec: support multiple sessions per queue pair")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Akhil Goyal
07a5efda06 crypto/dpaa2_sec: remove unnecessary flc configurations
The removed fields are required in case the SEC block
allocates the buffer from bman pool.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Akhil Goyal
7449390bb8 drivers/crypto: update inline desc for sharing mode
SEC HW descriptor sharing mode can now be controlled
during Session preparation by the respective drivers

shared descriptors in case of non-protocol offload does not need
any sync between the subsequent jobs. Thus, changing it to
SHR_NEVER from SHR_SERIAL for cipher_only, auth_only, and gcm.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Akhil Goyal
a5e05ab643 crypto/dpaa2_sec: fix offset calculation for GCM
In case of gcm, output buffer should have aad space
before the actual buffer which needs to be written.
CAAM will not write into the aad anything, it will skip
auth_only_len (aad) and write the buffer afterwards.

Fixes: 37f96eb01b ("crypto/dpaa2_sec: support scatter gather")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Akhil Goyal
fd4f22fbd8 crypto/dpaa2_sec: fix session clearing
private data should be cleared instead of the complete session

Fixes: 8d1f3a5d75 ("crypto/dpaa2_sec: support crypto operation")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-04-02 16:50:24 +02:00
Fan Zhang
7b2d4706c9 crypto/aesni_mb: support newer library version only
As stated in 19.02 deprecation notice, this patch updates the
aesni_mb PMD to remove the support of older Intel-ipsec-mb
library version earlier than 0.52.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-04-02 16:50:24 +02:00
Fan Zhang
2d0c29a37a crypto/aesni_mb: enable out of place processing
Add out-of-place processing, i.e. different source and
destination m_bufs, plus related capability update, tests
and documentation.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Paul Luse <paul.e.luse@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-04-02 16:50:24 +02:00
Arek Kusztal
8245972c04 crypto/qat: add modular multiplicative inverse
This commit adds modular multiplicative inverse to Intel
QuickAssist Technology driver. For capabilities or limitations
please refer to qat.rst or qat_asym_capabilities.h.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-04-02 16:50:24 +02:00
Arek Kusztal
fb70b33b05 crypto/qat: add modular exponentiation
This commit adds modular exponentiation to Intel QuickAssist
Technology driver. For capabilities or limitations please refer to
qat.rst or qat_asym_capabilities.h.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-04-02 16:50:24 +02:00
Arek Kusztal
f81cbc208f crypto/qat: add asymmetric crypto PMD
This patch adds Poll Mode Driver for asymmetric crypto
functions of Intel QuickAssist Technology hardware.

It contains plain driver with no functions implemented, specific
algorithms will be introduced in separate patches.

This patch depends on a QAT PF driver for device initialization. See
the file docs/guides/cryptodevs/qat.rst for configuration details.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-04-02 16:50:24 +02:00
Stephen Hemminger
c6b5715746 drivers: fix SPDX license id consistency
All drivers should have SPDX on the first line of the source
files in the format
  /* SPDX-License-Identifier: ...

Several files used minor modifications which were inconsistent
with the pattern. Fix it to make scanning tools easier.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
2019-03-29 00:15:53 +01:00
Damian Nowak
7d5ef3bb32 crypto/qat: support XTS
This patch adds XTS capabilities and enables
XTS cipher mode on QAT.
It also updates the documentation for newly
supported AES XTS mode on QAT.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-03-22 15:54:24 +01:00
Anoob Joseph
f194f19821 crypto/octeontx: move device specific code to driver
Moving upper level enqueue/dequeue routines to driver. The h/w interface
used to submit request has enough differences to substantiate the need
for separate routines.

Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Archana Muniganti <marchana@marvell.com>
2019-03-22 15:54:24 +01:00
Arek Kusztal
aeded1117c crypto/openssl: add result field to mod exp and inv
This patch adds result field to modular exponentiation and modular
multiplicative inverse operations in openssl pmd functions

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
2019-03-22 14:27:46 +01:00
Bruce Richardson
742bde12f3 build/linux: rename macro from LINUXAPP to LINUX
Rename the macro to make things shorter and more comprehensible. For
both meson and make builds, keep the old macro around for backward
compatibility.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-03-12 17:31:22 +01:00
Bruce Richardson
91d7846ce6 eal/linux: rename linuxapp to linux
The term "linuxapp" is a legacy one, but just calling the subdirectory
"linux" is just clearer for all concerned.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
2019-03-12 17:31:13 +01:00
Arek Kusztal
27323f5385 crypto/openssl: fix modexp
Fixes bad reference of modinv struct in openssl pmd

Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-03-06 17:30:43 +01:00
Arek Kusztal
990b180290 crypto/openssl: fix big numbers after computations
After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).

Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-03-06 17:30:43 +01:00
Stephen Hemminger
85016c7735 crypto/virtio: use local log type
The virtio crypto driver was using PMD log type and it should
be using the local log type.

Fixes: 25500d4b80 ("crypto/virtio: support device init")
Cc: stable@dpdk.org

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-03-01 18:17:36 +01:00
Luca Boccassi
e30b4e566f build: improve dependency handling
Whenever possible (if the library ships a pkg-config file) use meson's
dependency() function to look for it, as it will automatically add it
to the Requires.private list if needed, to allow for static builds to
succeed for reverse dependencies of DPDK. Otherwise the recursive
dependencies are not parsed, and users doing static builds have to
resolve them manually by themselves.
When using this API avoid additional checks that are superfluous and
take extra time, and avoid adding the linker flag manually which causes
it to be duplicated.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Tested-by: Bruce Richardson <bruce.richardson@intel.com>
2019-02-27 12:13:54 +01:00
Fiona Trahe
89da5e006f crypto/qat: fix digest in wireless auth case
When operation calls for auth (digest generation), followed by
encryption of both data plus digest, the digest-in-buffer
flag must be set for QAT.

Fixes: 39e0bee48e ("crypto/qat: rework request builder for performance")
Cc: stable@dpdk.org

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
2019-01-27 23:48:34 +01:00
Fan Zhang
3067c8ce77 crypto/aesni_mb: fix build with custom dependency path
This patch fixes the inflexible compile issue AESNI-MB PMD.
Originally the compile of the PMD will fail if IPSec_MB is
not installed in default location.

Fixes: c68d7aa354 ("crypto/aesni_mb: use architecture independent macros")

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
2019-01-22 17:14:04 +01:00
Pallantla Poornima
a1e8241a91 drivers: fix sprintf with snprintf
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used

Fixes: 828d51d8fc ("bus/fslmc: refactor scan and probe functions")
Fixes: c22fab9a6c ("raw/dpaa2_qdma: support configuration APIs")
Fixes: e5cbdfc537 ("crypto/dpaa2_sec: add basic operations")
Fixes: b23d4e898a ("crypto/dpaa2_sec: add per dev mempool to store FLE")
Fixes: 623326dded ("crypto/dpaa2_sec: introduce poll mode driver")
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Fixes: f44bccadd8 ("crypto/caam_jr: add device basic operations")
Fixes: 7e3e2954e0 ("crypto/dpaa_sec: move mempool allocation to config")
Fixes: c3e85bdcc6 ("crypto/dpaa_sec: add crypto driver for NXP DPAA platform")
Cc: stable@dpdk.org

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-14 23:27:27 +01:00
Akhil Goyal
2932ee2ad8 crypto/dpaa2_sec: fix FLC address for physical mode
Fixes: 547a4d40e7 ("crypto/dpaa2_sec: support out of place protocol offload")
Fixes: 0a23d4b6f4 ("crypto/dpaa2_sec: support protocol offload IPsec")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Akhil Goyal
4e694fe511 crypto/dpaa_sec: support same session flows on multi-cores
In dpaa_sec, each session should have a separate in-queue,
and each in-queue should be mapped to an outq.
So if multiple flows of same SA comes to different cores
due to rss distribution of NIC, enqueue from any core will
try to do re-assignment of inq - outq mapping which will fail.

In this patch, for each core a separate inq is allocated and
used from each of the core. But the number of outq will remain
the same and we save the pointer to outq in session for each
of the cores.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Hemant Agrawal
a1173d5559 crypto/dpaa_sec: support PDCP offload
PDCP session configuration for lookaside protocol offload
and data path is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Anoob Joseph
f8b36984a6 crypto/octeontx: remove usage of DEPDIRS
DEPDIRS is no longer used in DPDK driver makefiles. Removing it.

Suggested-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
0b60386ac3 cryptodev: add sym session header size function
This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
725d2a7fbf cryptodev: change queue pair configure structure
This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
11fdbf1b78 crypto/aesni_mb: support plain SHA
This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512
algorithms support to AESNI-MB PMD. The cryptodev unit test and
documentation are updated accordingly.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
e5eecd3dc8 crypto/aesni_mb: support AES-GMAC
This patch adds the AES-GMAC authentication only support to AESNI-MB
PMD, including the driver code, cryptodev unit test, and documentation
updates.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
c68d7aa354 crypto/aesni_mb: use architecture independent macros
This patch duplicates the original rte_aesni_mb_pmd*.c files and replaces
the function calls provided by intel-ipsec-mb library into
architecture-independent macros. The build systems are updated to choose
compiling either rte_aesni_mb_pmd*.c or rte_aesni_mb_pmd*_compat.c based
on the installed intel-ipsec-mb version. For the intel-ipsec-mb older
than 0.52.0 rte_aesni_mb_pmd*_compat.c will be compiled, otherwise
rte_aesni_mb_pmd*.c will be compiled.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
e82d0df613 crypto/aesni_mb: rename files
This patch renames the rte_aesni_mb_pmd*.c to
rte_aesni_mb_pmd*_compat.c to indicate those files are for
compatible with older versoin of intel-ipsec-mb library
only.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
2019-01-10 16:57:22 +01:00
Fan Zhang
a4d69a5150 drivers/crypto: fix PMDs memory leak
This patch fixes the memory leak during queue pair release.
Originally the operation ring is not freed when releasing
queue pair, causing the next queue_pair configure call fail
and memory leak.

Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: cf7685d68f ("crypto/zuc: add driver for ZUC library")
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: 94b0ad8e0a ("null_crypto: add driver for null crypto operations")
Cc: stable@dpdk.org

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-01-10 16:57:22 +01:00
Arek Kusztal
4dc73ff704 crypto/qat: fix message for NULL algo setting unused counter
NULL algo algo does not to set counter flag so it should be zeroed.

Fixes: db0e952a5c ("crypto/qat: add NULL capability")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
2018-12-19 11:19:10 +01:00
Arek Kusztal
605eb4d596 crypto/qat: fix message for CCM when setting unused counter
AES-CCM algo does not to set counter flag so it should be zeroed.

Fixes: ab56c4d9ed ("crypto/qat: support AES-CCM")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
2018-12-19 11:19:10 +01:00
Arek Kusztal
93685b1fbf crypto/qat: fix block size error handling
Error code of qat_hash_get_block_size needs to be handle properly.

Fixes: 10b49880e3 ("crypto/qat: make the session struct variable in size")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
2018-12-19 11:19:10 +01:00
Akash Saxena
2680b69c7b crypto/openssl: remove useless check before freeing
Remove if() condition prior to calling BN_free() as
BN_free(a) does nothing if a is NULL.

Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-12-19 11:19:10 +01:00
Anoob Joseph
accf8ca7b0 crypto/octeontx: fix null pointer dereferencing
The function otx_cpt_get_resource() would be setting the pointer
'instance'. In case of error, 'instance' would be set to NULL, and
returns rte_errno. If rte_errno when 'instance' is set to NULL, it can
lead to NULL pointer dereferencing.

Coverity Issue: 323486, 323489
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Fixes: 0961348fdf ("crypto/octeontx: add queue pair functions")

Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
2018-11-14 04:32:48 +01:00
Anoob Joseph
acbaf3cedc crypto/octeontx: fix non null terminated device name
If the length of string pointed by 'name' is equal to or greater than
the sizeof cptvf->dev_name string, the resultant string will not be
null terminated. Using strlcpy would make sure the string would always
be null terminated.

Coverity Issue: 323492
Fixes: 0dc1cffa4d ("crypto/octeontx: add hardware init routine")

Signed-off-by: Ankur Dwivedi <ankur.dwivedi@caviumnetworks.com>
Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
2018-11-14 04:32:48 +01:00
Fan Zhang
1fd1aa0c91 crypto/aesni_mb: fix queue pair free
This patch fixes the queue pair free for AESNI-MB PMD. Originally
the queue pair ring name are different than the object name,
caused the aesni_mb_pmd_qp_release() cannot find the ring to
release. This patch uses the same name between queue pair object
name and ring name.

Fixes: a831c318c5 ("crypto/aesni_mb: free ring memory on queue release")
Cc: stable@dpdk.org

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
2018-11-12 13:41:58 +01:00
Ferruh Yigit
5ef2566e0d crypto/ccp: fix resource leak
File *fp, opened but not closed, this patch add fclose(fp)

Fixes: ef4b04f87f ("crypto/ccp: support device init")
Cc: stable@dpdk.org

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Ravi Kumar <ravi1.kumar@amd.com>
2018-11-12 13:41:48 +01:00
Gagandeep Singh
feb441cd22 crypto/caam_jr: fix check before job ring freeing
Check should be on parameter uio_fd instead of
local variable job_ring

Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")

Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-11-02 12:26:06 +01:00
Akash Saxena
fe1606e013 crypto/openssl: fix RSA verify operation
In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
Current OpenSSL PMD RSA verify implementation overrides application passed
sign input by decrypted output which isn't expected.

This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use
tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPTO_OP_STATUS_ERROR on signature mismatch.

Fixes: 3e9d6bd447 ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-11-02 12:25:39 +01:00
Jerin Jacob
e5e193acf0 crypto/scheduler: fix build with gcc 8.2
build_error:

drivers/crypto/scheduler/scheduler_pmd.c: In function ‘parse_name_arg’:
drivers/crypto/scheduler/scheduler_pmd.c:372:2: error: ‘strncpy’
specified bound 64 equals destination size [-Werror=stringop-truncation]
  strncpy(params->name, value, RTE_CRYPTODEV_NAME_MAX_LEN);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
strncpy may result a not null-terminated string,
replaced it with strlcpy

Fixes: 503e9c5afb ("crypto/scheduler: register as vdev driver")
Cc: stable@dpdk.org

Signed-off-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
2018-11-04 22:25:20 +01:00
Ferruh Yigit
520dd9923b drivers: prefix global variables with module name
Some global variables are defined with generic names, add component name
as prefix to variables to prevent collusion with application variables.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
Acked-by: Tianfei Zhang <tianfei.zhang@intel.com>
2018-10-29 02:34:21 +01:00
Ferruh Yigit
b74fd6b842 add missing static keyword to globals
Some global variables can indeed be static, add static keyword to them.

Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Shreyansh Jain <shreyansh.jain@nxp.com>
2018-10-29 02:01:08 +01:00
Akhil Goyal
bef594ec5c crypto/dpaa2_sec: support PDCP offload
PDCP session configuration for lookaside protocol offload
and data path is added.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-24 15:13:02 +02:00
Akhil Goyal
73a24060cd crypto/dpaa2_sec: add sample PDCP descriptor APIs
DPAA2 SEC platform can support look aside protocol
offload for PDCP protocol.

The relevant APIs for configuring the hardware for PDCP
is added for various modes and crypto algorithms.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Horia Geanta Neag <horia.geanta@nxp.com>
Signed-off-by: Alex Porosanu <alexandru.porosanu@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-24 15:12:54 +02:00
Gagandeep Singh
2402ad3ebd crypto/caam_jr: fix type redefinition
dma_addr_t is already defined in compat.h.
so removing the local definition from caam_jr_config.h

Fixes: 64c0451f5b ("crypto/caam_jr: add HW tuning options")

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
2018-10-24 22:47:01 +02:00
Akhil Goyal
e7b3b13ba9 drivers: fix build if security lib disabled
RTE_SECURITY is enabled by default. If it is disabled, dpaa2_sec,
dpaa_sec and caam_jr compilation fails.

This patch fixes compilation by disabling these drivers
when rte_security is not available.

Fixes: 1ee9569576 ("config: enable dpaaX drivers for generic ARMv8")
Fixes: 09e1e8d256 ("mk: fix dependencies of dpaaX drivers")
Fixes: af7c9b5e9c ("crypto/caam_jr: introduce basic driver")
Cc: stable@dpdk.org

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-24 22:39:25 +02:00
Anatoly Burakov
5d7b673d5f mk: build with _GNU_SOURCE defined by default
We use _GNU_SOURCE all over the place, but often times we miss
defining it, resulting in broken builds on musl. Rather than
fixing every library's and driver's and application's makefile,
fix it by simply defining _GNU_SOURCE by default for all
builds.

Remove all usages of _GNU_SOURCE in source files and makefiles,
and also fixup a couple of instances of using __USE_GNU instead
of _GNU_SOURCE.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
2018-10-22 11:28:27 +02:00
Hemant Agrawal
3e33486f80 crypto/caam_jr: add security offload
This patch provides the support for protocol offload
to the hardware. following security operations are
added:
 - session_create
 - session_destroy
 - capabilities_get

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Hemant Agrawal
3cf7f33863 crypto/caam_jr: add statistics operations
This patch adds the following statistics operations:
 - stats_get
 - stats_reset

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
71dd6b9d44 crypto/caam_jr: add scatter gather
This patch add the scatter gather feature
for auth-only, cipher-only and cipher-auth
operations

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
6ef6beca88 crypto/caam_jr: add enqueue/dequeue operations
This patch add support for :
1. creating run time sec hw decriptors for a given request.
2. enqueue operation to the caam jr ring
3. dequeue operation from the caam jr ring in poll mode
4. creating a crypto protocol descriptor for session - first time.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
42600bbc01 crypto/caam_jr: add device cababilities
add device capabilities for supported algorithms,
key length etc.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
ed776c91e2 crypto/caam_jr: add session configuration methods
This patch add support to create session configuration
of various types i.e. cipher, auth and aead etc.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Hemant Agrawal
9d520bb5ff crypto/caam_jr: add queue pair config
add following ops for configuring queues
 - queue_pair_setup
 - queue_pair_release
 - queue_pair_count

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
f44bccadd8 crypto/caam_jr: add device basic operations
This patch adds following device operations
 - dev_configure
 - dev_start
 - dev_stop
 - dev_close
 - dev_infos_get

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
1d678de329 crypto/caam_jr: add basic job ring routines
This patch adds following job ring routines
 - init_job_ring (configure hw/sw resources)
 - shutdown_job_ring (releases hw/sw resources)
 - close_job_ring (flush job ring)

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
e7a45f3cc2 crypto/caam_jr: add UIO specific operations
caam_jr need support from kernel caam driver for
job ring initialisation. So to access register space
for job ring and allow re configure and map to userspace
UIO interface is used. This also allows to handle the
caam interrupts from the user space.

This patch adds UIO specific operations

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00
Gagandeep Singh
a5e1018d5e crypto/caam_jr: add routines to configure HW
This patch add routines for configuring the hw
to support various features.
These routines will be used by the PMD ops.
The patch also defines structure and macros used
to access hw capabilities.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2018-10-17 12:23:40 +02:00