Commit Graph

42 Commits

Author SHA1 Message Date
Pablo de Lara
dedade6713 crypto/snow3g: define IV and digest length constants
In order to avoid using magic numbers, macros for
the IV and digest lengths for Snow3G have been added.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-20 22:38:46 +02:00
Pablo de Lara
ba4d6c891c crypto/snow3g: rename libsso reference due to library update
The underlying libsso library that SNOW3G PMD uses has been updated,
so now it is called libsso_snow3g. Also, the path to the library
has been renamed to reflect this changes (now called LIBSSO_SNOW3G_PATH).

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-20 22:38:44 +02:00
Pablo de Lara
2773c86d06 crypto/kasumi: add driver for KASUMI library
Added new SW PMD which makes use of the libsso_kasumi SW library,
which provides wireless algorithms KASUMI F8 and F9
in software.

This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_KASUMI_F8
- RTE_CRYPTO_SYM_AUTH_KASUMI_F9

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-20 22:25:32 +02:00
Thomas Monjalon
1eec9aa301 mk: fix build clean
The variables AESNI_MULTI_BUFFER_LIB_PATH and LIBSSO_PATH
are not required for "make clean".
It is the same fix as in the commit e277b2397.

Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")

Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
2016-06-17 15:29:11 +02:00
Christian Ehrhardt
6cbf4f75e0 mk: fix missing internal dependencies
This patch adds missing DEPDIRS to avoid any library referring to
symbols they are not linked against.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2016-06-13 16:17:56 +02:00
Fan Zhang
ac61e23393 aesni_mb: add AES-CTR
This patch provides counter mode support to AES-NI multi-buffer library.

The following cipher algorithm is enabled:
- RTE_CRYPTO_CIPHER_AES_CTR

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-06-07 21:46:55 +02:00
Arek Kusztal
4ee18e573e qat: add AES-CTR capability
Added possibility for AES to work in counter mode

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-07 21:36:08 +02:00
Arek Kusztal
beaa065fe9 qat: set default optimization level
Changed to -O3 optimization flag in Intel QuickAssist Technology Makefile.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-07 21:36:08 +02:00
Arek Kusztal
acc32dc9c0 qat: avoid strict-aliasing break
To avoid GCC warning about "dereferencing type-punned pointer will break
strict-aliasing rules" aad_len pointer is dereferenced instead of direct
dereferencing of uint32_t* cast of the middle of an array.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-07 21:36:04 +02:00
Arek Kusztal
577ac94c12 qat: fix physical address of content descriptor
Fix an error with computation of physical address of
content descriptor in the symmetric operations session

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-07 18:59:56 +02:00
Deepak Kumar Jain
61d124fd46 qat: fix null pointer dereferencing
Fix null pointer dereferencing while clearing session

Coverity issue: 126586
Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-06-07 16:40:26 +02:00
Deepak Kumar Jain
edddb7f382 aesni_mb: fix null pointer dereferencing
Fix null pointer dereferencing by reporting if null and
exiting the function.

Coverity issue: 126584
Fixes: c0f87eb525 ("cryptodev: change burst API to be crypto op oriented")

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-06-07 16:36:20 +02:00
Deepak Kumar Jain
2d1fc2b16c aesni_mb: fix an indent
Fix wrong indentation for return value

Coverity issue: 126585
Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-06-07 16:33:13 +02:00
Fiona Trahe
f0e7e2538d cryptodev: rename elements for clarity
renamed rte_cryptodev_sym_session.type -> dev_type
(as it's not a session type, but a device type)

renamed rte_crypto_sym_op.type -> sess_type
(as it's not an op type, but a session type)

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2016-04-06 19:00:57 +02:00
Pablo de Lara
6acc17bc0a aesni_gcm: fix supported key sizes
AES-GCM PMD only supports 128-bit keys, but not 192 and 256,
which the capabilities structure was reporting.

Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-06 18:48:04 +02:00
Arek Kusztal
ceb1ccd5d5 qat: add out-of-place symmetric operations
This patch adds out-of-place operations to qat symmetric crypto PMD,
i.e. the result of the operation can be written to the destination buffer
instead of overwriting the source buffer as done in "in-place" operation.
Both buffers can be of different sizes.
Previously the qat PMD assumed that m_src and m_dst in rte_crypto_sym_op
were identical.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
2016-03-31 21:49:26 +02:00
Fiona Trahe
2f481bda80 qat: fix crash when nothing to enqueue
Crash seen in qat pmd when nb_ops=0 on rte_cryptodev_enqueue_burst() API

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2016-03-31 21:49:26 +02:00
Fiona Trahe
ff150afd7e drivers: fix build of crypto anonymous union initialization
In SUSE11-SP3 i686 platform, with gcc 4.5.1, there are compile issues, e.g:
  null_crypto_pmd_ops.c:44:3: error:
  unknown field 'sym' specified in initializer
  cc1: warnings being treated as errors

The member in anonymous union initialization should be inside '{}',
otherwise it will report an error.

Fixes: 26c2e4ad5a ("cryptodev: add capabilities discovery")

Signed-off-by: Michael Qiu <michael.qiu@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
2016-03-31 21:32:19 +02:00
Pablo de Lara
ab8536d538 aesni_mb: remove parameters from config file
Parse the device parameters from rte_eal_vdev_init,
instead of the config file, so user can change the parameters
at runtime.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-03-11 10:47:33 +01:00
Declan Doherty
26c2e4ad5a cryptodev: add capabilities discovery
This patch add a mechanism for discovery of crypto device features and supported
crypto operations and algorithms. It also provides a method for a crypto PMD to
publish any data range limitations it may have for the operations and algorithms
it supports.

The parameter feature_flags added to rte_cryptodev struct is used to capture
features such as operations supported (symmetric crypto, operation chaining etc)
as well parameter such as whether the device is hardware accelerated or uses
SIMD instructions.

The capabilities parameter allows a PMD to define an array of supported operations
with any limitation which that implementation may have.

Finally the rte_cryptodev_info struct has been extended to allow retrieval of
these parameter using the existing rte_cryptodev_info_get() API.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-03-11 10:43:09 +01:00
Declan Doherty
94b0ad8e0a null_crypto: add driver for null crypto operations
This patch provides the implementation of a NULL crypto PMD, which supports
NULL cipher and NULL authentication operations, which can be chained together
as follows:

- Authentication Only
- Cipher Only
- Authentication then Cipher
- Cipher then Authentication

As this is a NULL operation device the crypto operations which are submitted for
processing are not actually modified and are stored in a queue pairs processed
packets ring ready for collection when rte_cryptodev_burst_dequeue() is called.

The patch also contains the related unit tests function to test the PMDs
supported operations.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-03-11 02:16:18 +01:00
John Griffin
53d8971cbe qat: fix AES-GCM decryption
AES GCM on the cryptodev API was giving invalid results
in some cases, due to an incorrect IV setting.

Added AES GCM in the QAT supported algorithms,
as encryption/decryption is fully functional.

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")

Signed-off-by: John Griffin <john.griffin@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-03-11 01:31:55 +01:00
John Griffin
0221b55b51 qat: remove AES-GMAC
Remove support for AES GMAC support for which was added to
the code in error.  AES GMAC will be added in a subsequent release
when testing completes.

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")

Signed-off-by: John Griffin <john.griffin@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-03-11 01:31:45 +01:00
Declan Doherty
eec136f3c5 aesni_gcm: add driver for AES-GCM crypto operations
This patch provides the implementation of an AES-NI accelerated crypto PMD
which is dependent on Intel's multi-buffer library, see the white paper
"Fast Multi-buffer IPsec Implementations on Intel®  Architecture  Processors"

This PMD supports AES_GCM authenticated encryption and authenticated
decryption using 128-bit AES keys

The patch also contains the related unit tests functions

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John Griffin <john.griffin@intel.com>
2016-03-11 01:01:42 +01:00
Deepak Kumar Jain
a59ffe7eb9 cryptodev: add bit-wise handling for SNOW 3G
Wireless algorithms like Snow3G needs input in bits.
In this patch, changes have been made to incorporate this requirement
in both QAT and SW PMD.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-03-11 00:18:01 +01:00
Pablo de Lara
3aafc423cf snow3g: add driver for SNOW 3G library
Added new SW PMD which makes use of the libsso SW library,
which provides wireless algorithms SNOW 3G UEA2 and UIA2
in software.

This PMD supports cipher-only, hash-only and chained operations
("cipher then hash" and "hash then cipher") of the following
algorithms:
- RTE_CRYPTO_SYM_CIPHER_SNOW3G_UEA2
- RTE_CRYPTO_SYM_AUTH_SNOW3G_UIA2

The SNOW 3G hash and cipher algorithms, which are enabled
by this crypto PMD are implemented by Intel's libsso software
library. For library download and build instructions,
see the documentation included (doc/guides/cryptodevs/snow3g.rst)

The patch also contains the related unit tests function to test the PMD
supported operations.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-03-11 00:14:47 +01:00
Deepak Kumar Jain
a38dfe974b qat: add SNOW 3G
Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-03-10 23:04:56 +01:00
Deepak Kumar Jain
e25200fbb4 qat: add cipher/auth only
Refactored the existing functionality into
modular form to support the cipher/auth only
functionalities.

Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-03-10 22:50:48 +01:00
Declan Doherty
67f64f2e12 mbuf_offload: remove library
As cryptodev library does not depend on mbuf_offload library
any longer, this patch removes it.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-03-10 21:08:28 +01:00
Declan Doherty
c0f87eb525 cryptodev: change burst API to be crypto op oriented
This patch modifies the crypto burst enqueue/dequeue APIs to operate on bursts
rte_crypto_op's rather than the current implementation which operates on
rte_mbuf bursts, this simplifies the burst processing in the crypto PMDs and the
use of crypto operations in general, including new functions for managing
rte_crypto_op pools.

These changes continues the separation of the symmetric operation parameters
from the more general operation parameters, which will simplify the integration
of asymmetric crypto operations in the future.

PMDs, unit tests and sample applications are also modified to work with the
modified and new API.

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-03-10 17:12:45 +01:00
Fiona Trahe
1bd407fac8 cryptodev: extract symmetric operations
This patch splits symmetric specific definitions and
functions away from the common crypto APIs to facilitate the future extension
and expansion of the cryptodev framework, in order to allow asymmetric
crypto operations to be introduced at a later date, as well as to clean the
logical structure of the public includes. The patch also introduces the _sym
prefix to symmetric specific structure and functions to improve clarity in
the API.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-03-10 17:12:41 +01:00
Fiona Trahe
a0b4c5b8d4 cryptodev: clean up
- Fixed >80char lines in test file
- Removed unused elements from stats struct
- Removed unused objects in rte_cryptodev_pmd.h
- Renamed variables
- Replaced leading spaces with tabs
- Improved performance results display in test

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2016-03-10 17:12:40 +01:00
Panu Matilainen
948fd64bef mk: replace the combined library with a linker script
The physically linked-together combined library has been an increasing
source of problems, as was predicted when library and symbol versioning
was introduced. Replace the complex and fragile construction with a
simple linker script which achieves the same without all the problems,
remove the related kludges from eg mlx drivers.

Since creating the linker script is practically zero cost, remove the
config option and just create it always.

Based on a patch by Sergio Gonzales Monroy, linker script approach
initially suggested by Neil Horman.

Suggested-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Suggested-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
2016-03-01 14:37:27 +01:00
John Griffin
d5176d630d qat: fix build on 32-bit systems
Fixing build on 32-bit systems on quick assist driver - for example:
drivers/crypto/qat/qat_crypto.c: In function ‘qat_alg_write_mbuf_entry’:
drivers/crypto/qat/qat_crypto.c:408:34: error:
cast from pointer to integer of different size [-Werror=pointer-to-int-cast]

Fixes: 1703e94ac5 ("qat: add driver for QuickAssist devices")

Signed-off-by: John Griffin <john.griffin@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-02-24 15:31:02 +01:00
Declan Doherty
591f0e8bb0 aesni_mb: fix strict-aliasing compilation rule
When compiling the AESNI_MB PMD with GCC 4.4.7 on Centos 6.7 a "dereferencing
pointer ‘obj_p’ does break strict-aliasing rules" warning occurs in the
get_session() function.

Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-02-24 15:08:39 +01:00
Pablo de Lara
a324c45a6f aesni_mb: fix wrong return value
cryptodev_aesni_mb_init was returning the device id of
the device just created, but rte_eal_vdev_init
(the function that calls the first one), was expecting 0 or
negative value.
This made impossible to create more than one aesni_mb device
from command line.

Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
2016-02-24 15:02:52 +01:00
Thomas Monjalon
e277b23970 aesni_mb: fix build clean
The variable AESNI_MULTI_BUFFER_LIB_PATH is not required for
	make clean

Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
2016-02-21 11:52:04 +01:00
Thomas Monjalon
50810f095a config: remove useless explicit includes of generated header
The file rte_config.h is automatically generated and included.
No need to #include it.

The example performance-thread needs a makefile fix to avoid
overwriting the default cflags.

Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
2016-02-10 22:43:38 +01:00
Huawei Xie
693f715da4 remove extra parentheses in return statement
fix the error reported by checkpatch:
  "ERROR: return is not a function, parentheses are not required"

remove parentheses in return like:
  "return (logical expressions)"

remove parentheses in return a function like:
  "return (rte_mempool_lookup(...))"

Fixes: 6307b909b8 ("lib: remove extra parenthesis after return")

Signed-off-by: Huawei Xie <huawei.xie@intel.com>
2016-02-10 15:47:50 +01:00
Panu Matilainen
3e718b8169 mk: fix external shared library dependencies of drivers
Similar to commit 5f9115e58c, but
for qat and mpipe drivers. The former did not exist when the
previous patch was sent and latter I just missed.

Fixes: 5f9115e58c ("mk: fix shared library dependencies of drivers")

Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
2015-12-08 00:09:43 +01:00
Declan Doherty
924e84f873 aesni_mb: add driver for multi buffer based crypto
This patch provides the initial implementation of the AES-NI multi-buffer
based crypto poll mode driver using DPDK's new cryptodev framework.

This PMD is dependent on Intel's multibuffer library, see the whitepaper
"Fast Multi-buffer IPsec Implementations on Intel® Architecture
Processors", see ref 1 for details on the library's design and ref 2 to
download the library itself. This initial implementation is limited to
supporting the chained operations of "hash then cipher" or "cipher then
hash" for the following cipher and hash algorithms:

Cipher algorithms:
  - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported)

Authentication algorithms:
  - RTE_CRYPTO_AUTH_SHA1_HMAC
  - RTE_CRYPTO_AUTH_SHA256_HMAC
  - RTE_CRYPTO_AUTH_SHA512_HMAC
  - RTE_CRYPTO_AUTH_AES_XCBC_MAC

Important Note:
Due to the fact that the multi-buffer library is designed for
accelerating IPsec crypto operation, the digest's generated for the HMAC
functions are truncated to lengths specified by IPsec RFC's, ie RFC2404
for using HMAC-SHA-1 with IPsec specifies that the digest is truncate
from 20 to 12 bytes.

Build instructions:
To build DPDK with the AESNI_MB_PMD the user is required to download
(ref 2) and compile the multi-buffer library on there system before
building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH
must be exported with the path where you extracted and built the multi
buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in
config/common_linuxapp.

Current status: It's doesn't support crypto operation
across chained mbufs, or cipher only or hash only operations.

ref 1:
https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p

ref 2: https://downloadcenter.intel.com/download/22972

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 19:18:04 +01:00
Declan Doherty
1703e94ac5 qat: add driver for QuickAssist devices
This patch adds a PMD for the Intel Quick Assist Technology DH895xxC
hardware accelerator.

This patch depends on a QAT PF driver for device initialization. See
the file docs/guides/cryptodevs/qat.rst for configuration details

This patch supports a limited subset of QAT device functionality,
currently supporting chaining of cipher and hash operations for the
following algorithmsd:

Cipher algorithms:
  - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported)

Hash algorithms:
  - RTE_CRYPTO_AUTH_SHA1_HMAC
  - RTE_CRYPTO_AUTH_SHA256_HMAC
  - RTE_CRYPTO_AUTH_SHA512_HMAC
  - RTE_CRYPTO_AUTH_AES_XCBC_MAC

Some limitation on this patchset which shall be contributed in a
subsequent release:
 - Chained mbufs are not supported.
 - Hash only is not supported.
 - Cipher only is not supported.
 - Only in-place is currently supported (destination address is
   the same as source address).
 - Only supports session-oriented API implementation (session-less
   APIs are not supported).

Signed-off-by: Declan Doherty <declan.doherty@intel.com>
Signed-off-by: John Griffin <john.griffin@intel.com>
Signed-off-by: Des O Dea <des.j.o.dea@intel.com>
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 19:18:04 +01:00