If we want to enable IOVA mode, introduced by
commit 93878cf025 ("eal: introduce helper API for IOVA mode"),
we need PMDs (for PCI devices) to expose this flag.
Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Reviewed-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
With the introduction of IOVA mode, the only blocker to run
with 4KB pages for NICs binding to vfio-pci, is that
RTE_BAD_PHYS_ADDR is not a valid IOVA address.
We can refine this by using VA as IOVA if it's IOVA mode.
Signed-off-by: Jianfeng Tan <jianfeng.tan@intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
snprintf return value is the length of was encoded into destination
array excluding '\0'. Thus return value equal to the length of the
destination array or more means truncation.
This commit fixes improper use of the return value.
Fixes: eec136f3c5 ("aesni_gcm: add driver for AES-GCM crypto operations")
Fixes: 924e84f873 ("aesni_mb: add driver for multi buffer based crypto")
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Fixes: 169ca3db55 ("crypto/armv8: add PMD optimized for ARMv8 processors")
Fixes: 2773c86d06 ("crypto/kasumi: add driver for KASUMI library")
Fixes: 94b0ad8e0a ("null_crypto: add driver for null crypto operations")
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Fixes: 3aafc423cf ("snow3g: add driver for SNOW 3G library")
Fixes: cf7685d68f ("crypto/zuc: add driver for ZUC library")
Cc: stable@dpdk.org
Signed-off-by: Tomasz Duszynski <tdu@semihalf.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Added AES-CCM tests for Intel QAT PMD and OpenSSL PMD.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Before adding AES-CCM tests, some test code used
for AES-GCM can be renamed, so it can be reused
for AES-CCM, as both need similar parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Add support to AES-CCM, for 128, 192 and 256-bit keys.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When creating a session for AES-GCM, since the key is going
to be constant, the OpenSSL context can initialize the key
at that moment, leaving the setting of the IV for the
operation handling.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When using AES-GCM with OpenSSL, cipher direction
and authentication operation were being set incorrectly,
as the PMD was looking at the cipher and authentication
transform, instead of the new AEAD.
Fixes: b79e4c00af ("cryptodev: use AES-GCM/CCM as AEAD algorithms")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
AES-CCM algorithm has some restrictions when
handling nonce (IV) and AAD information.
As the API stated, the nonce needs to be place 1 byte
after the start of the IV field. This field needs
to be 16 bytes long, regardless the length of the nonce,
but it is important to clarify that the first byte
and the padding added after the nonce may be modified
by the PMDs using this algorithm.
Same happens with the AAD. It needs to be placed 18 bytes
after the start of the AAD field. The field also needs
to be multiple of 16 bytes long and all memory reserved
(the first bytes and the padding (may be modified by the PMDs).
Lastly, nonce is not needed to be placed in the first 16 bytes
of the AAD, as the API stated, as that depends on the PMD
used, so the comment has been removed.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
In order to improve memory utilization, a single mempool
is created, containing the crypto operation and mbufs
(one if operation is in-place, two if out-of-place).
This way, a single object is allocated and freed
per operation, reducing the amount of memory in cache,
which improves scalability.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for multiple queue pairs, when there are
more logical cores available than crypto devices enabled.
For instance, if there are 4 cores available and
2 crypto devices, each device will have two queue pairs.
This is useful to have multiple logical cores using
a single crypto device, without needing to initialize
a crypto device per core.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
For throughput and latency tests, it is not required
to populate the mbufs with any test vector.
For verify test, there is already a function that rewrites
the mbufs every time they are going to be used with
crypto operations.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
When running the verify test, mbufs in the pool were
populated with the test vector loaded from a file.
To avoid limiting the number of operations to the pool size,
mbufs will be rewritten with the test vector, before
linking them to the crypto operations.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Instead of parsing number of segments, from the command line,
parse segment size, as it is a more usual case to have
the segment size fixed and then different packet sizes
will require different number of segments.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Since DPDK 17.08, there is specific parameters
for AEAD algorithm, like AES-GCM. When verifying
crypto operations with test vectors, the parser
was not reading AEAD data (such as IV or key).
Fixes: 8a5b494a7f ("app/test-crypto-perf: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Instead of prepending the AAD (Additional Authenticated Data)
in the mbuf, it is easier to set after the crypto operation,
as it is a read-only value, like the IV, and then it is not
restricted to the size of the mbuf headroom.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently, there is some duplication in all the test types,
in the crypto performance application.
In order to improve maintainability of this code,
and ease future work on it, common functions have been separated
in a different file that gets included in all the tests.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently, in order to get the name of a crypto device,
a user needs to access to it using the crypto device structure.
It is a better practise to have a function to retrieve this
name, given a device id.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
When using DES-CBC, packet size has to be multiple
of 8 bytes, but if a list of packets is provided.
the check was not correct.
Fixes: fc4600fb25 ("app/crypto-perf: add extra option checks")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
The Multi-buffer library now supports DES-CBC
and DES-DOCSISBPI algorithms, so this commit
extends adds support for them in the PMD.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
IPSec Multi-buffer library v0.47 has been released,
which includes, among other features, support for DES-CBC
and DES-DOCSIS.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
Since the crypto perf application is flexible enough
to cover all the crypto performance tests, these are not needed
anymore, so they will be removed to avoid duplications.
Besides, the crypto perf application gives the user more options
to get performance, for every single supported algorithm,
such as varying the buffer size as the user wants.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Naming convention for crypto drivers is "rte_pmd_<name>_version.map"
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Naming convention for crypto drivers is "rte_pmd_<name>_version.map"
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch adds a new benchmarking mode, which is intended for
microbenchmarking individual parts of the cryptodev framework,
specifically crypto ops alloc-build-free, cryptodev PMD enqueue
and cryptodev PMD dequeue.
It works by first benchmarking crypto operation alloc-build-free
loop (no enqueues/dequeues happening), and then benchmarking
enqueue and dequeue separately, by first completely filling up the
TX queue, and then completely draining the RX queue.
Results are shown as cycle counts per alloc/build/free, PMD enqueue
and PMD dequeue.
One new test mode is added: "pmd-cyclecount"
(called with --ptest=pmd-cyclecount)
New command-line argument is also added:
--pmd-cyclecount-delay-ms: this is a pmd-cyclecount-specific parameter
that controls the delay between enqueue and dequeue. This is
useful for benchmarking hardware acceleration, as hardware may
not be able to keep up with enqueued packets. This parameter
can be increased if there are large amounts of dequeue
retries.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This parameter makes number of cryptodev descriptors adjustable
and defaults to earlier hardcoded default of 2048.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Don't write CSR tail until we processed enough TX descriptors.
To avoid crypto operations sitting in the TX ring indefinitely,
the "force write" threshold is used:
- on TX, no tail write coalescing will occur if number of inflights
is below force write threshold
- on RX, check if we have a number of crypto ops enqueued that is
below force write threshold that are not yet submitted to
processing.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Don't write CSR head until we processed enough RX descriptors.
Also delay marking them as free until we are writing CSR head.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Replacing atomics in the QAT driver with simple 16-bit integers for
number of inflight packets.
This adds a new limitation to the QAT driver: each queue pair is
now explicitly single-threaded.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Setting an invalid session in the crypto op results in SEGFAULT because
the JOB user_data was never set to the crypto op.
Fixes: 0f548b50a1 ("crypto/aesni_mb: process crypto op on dequeue")
Cc: stable@dpdk.org
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Now that PMDs do not need extra space in the mbuf
to store temporarily the digest when verifying
an authentication tag, it is not required to allocate
more memory in the mbufs passed to cryptodev.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Jerin Jacob <jerin.jacob@caviumnetworks.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When performing an authentication verification,
the PMD was using memory at the end of the input buffer,
to store temporarily the digest.
This operation requires the buffer to have enough
tailroom unnecessarily.
Instead, memory is allocated for each queue pair, to store
temporarily the digest generated by the driver, so it can
be compared with the one provided in the crypto operation,
without needing to touch the input buffer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
