Replace the BSD license header with the SPDX tag for files
with only an Intel copyright on them.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
All PCI functionality should be hidden from apps via the PCI bus driver,
the EAL and individual device drivers. Therefore remove the inclusion of
rte_pci.h from sample apps.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Renamed data type from phys_addr_t to rte_iova_t.
Signed-off-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
The following inline functions and macros have been renamed to be
consistent with the IOVA wording:
rte_mbuf_data_dma_addr -> rte_mbuf_data_iova
rte_mbuf_data_dma_addr_default -> rte_mbuf_data_iova_default
rte_pktmbuf_mtophys -> rte_pktmbuf_iova
rte_pktmbuf_mtophys_offset -> rte_pktmbuf_iova_offset
The deprecated functions and macros are kept to avoid breaking the API.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
The function rte_malloc_virt2phy() is renamed to rte_malloc_virt2iova().
The deprecated name is kept as an alias to avoid breaking the API.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Santosh Shukla <santosh.shukla@caviumnetworks.com>
The memzone header is often included without good reason.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
For AEAD algorithms, the physical address for the digest
was being set incorrectly.
Fixes: 2661f4fbe93d ("examples/l2fwd-crypto: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fix port id issues and keep variables related to port ids in
consistent data type definition "uint16_t".
Remove unnecessary cast in the meanwhile.
Fixes: f8244c6399d9 ("ethdev: increase port id range")
Signed-off-by: Zhiyong Yang <zhiyong.yang@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
According to the API, AES-CCM has special requirements
when setting IV and AAD fields.
The L2fwd-crypto app is updated to set the nonce (IV)
and AAD in the right positions in these two fields
(1 byte after start of IV field and 18 bytes after start
of AAD).
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
errno should be initialized to 0 before calling strtol
Fixes: 1df9c0109f4c ("examples/l2fwd-crypto: parse key parameters")
Cc: stable@dpdk.org
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Reviewed-by: Kirill Rybalchenko <kirill.rybalchenko@intel.com>
rte_cryptodev_socket_id() returns the socket id of
a crypto device, unless the device id is not valid,
in which case, it returns -1.
This should not happen, as the device id is controlled
by the application, but just for safety, a check is added.
Coverity issue: 158628, 158638, 158656, 158662
Fixes: b3bbd9e5f265 ("cryptodev: support device independent sessions")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds a new option to enable/disable the
MAC addresses updating done at forwarding time: --[no-]mac-updating
By default, MAC address updating remains enabled, to keep consistency
with previous usage.
Signed-off-by: Kuba Kozak <kubax.kozak@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
AEAD key was being set using the cipher key parameters,
instead of the AEAD key parameters.
Fixes: 2661f4fbe93d ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
IV was not being set for AEAD algorithms.
Fixes: 2661f4fbe93d ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Digest length was not being set when using authentication
algorithms.
Fixes: 2661f4fbe93d ("examples/l2fwd-crypto: add AEAD parameters")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Additional Authenticated Data (AAD) is called "aad" in most
places of cryptodev, but it was called "add_auth_data"
in the AEAD transform transform (aead_xform).
This field is renamed to "aad_length" in order to keep
consistency.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
The session mempool pointer is needed in each queue pair,
if session-less operations are being handled.
Therefore, the API is changed to accept this parameter,
as the session mempool is created outside the
device configuration function, similar to what ethdev
does with the rx queues.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Change crypto device's session management to make it
device independent and simplify architecture when session
is intended to be used on more than one device.
Sessions private data is agnostic to underlying device
by adding an indirection in the sessions private data
using the crypto driver identifier.
A single session can contain indirections to multiple device types.
New function rte_cryptodev_sym_session_init has been created,
to initialize the driver private session data per driver to be
used on a same session, and rte_cryptodev_sym_session_clear
to clear this data before calling rte_cryptodev_sym_session_free.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Instead of creating the session mempool while configuring
the crypto device, apps will create the mempool themselves.
This way, it gives flexibility to the user to have a single
mempool for all devices (as long as the objects are big
enough to contain the biggest private session size) or
separate mempools for different drivers.
Also, since the mempool is now created outside the
device configuration function, now it needs to be passed
through this function, which will be eventually passed
when setting up the queue pairs, as ethernet devices do.
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Now that all the structures/functions for AEAD algorithms
are in place, migrate the two supported algorithms
AES-GCM and AES-CCM to these, instead of using
cipher and authentication parameters.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Since there is a new operation type (AEAD), add parameters
for this in the application.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Some extra functions have been created to avoid
too many nested conditionals.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Digest length was duplicated in the authentication transform
and the crypto operation structures.
Since digest length is not expected to change in a same
session, it is removed from the crypto operation.
Also, the length has been shrunk to 16 bits,
which should be sufficient for any digest.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Additional authenticated data (AAD) information was duplicated
in the authentication transform and in the crypto
operation structures.
Since AAD length is not meant to be changed in a same session,
it is removed from the crypto operation structure.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Authentication algorithms, such as AES-GMAC or the wireless
algorithms (like SNOW3G) use IV, like cipher algorithms.
So far, AES-GMAC has used the IV from the cipher structure,
and the wireless algorithms have used the AAD field,
which is not technically correct.
Therefore, authentication IV parameters have been added,
so API is more correct. Like cipher IV, auth IV is expected
to be copied after the crypto operation.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Since IV now is copied after the crypto operation, in
its private size, IV can be passed only with offset
and length.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Usually, IV will change for each crypto operation.
Therefore, instead of pointing at the same location,
IV is copied after each crypto operation.
This will let the IV to be passed as an offset from
the beginning of the crypto operation, instead of
a pointer.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Chain parameter can be CIPHER_HASH, HASH_CIPHER,
CIPHER_ONLY or HASH_ONLY, but only the first two
were shown in the application help.
Fixes: 1a75e9f3fadb ("examples/l2fwd-crypto: add cipher/hash only cases")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Statistics period time option is parsed with -T argument,
but -t was accepted by mistake, instead.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Fixes: c0f87eb5252b ("cryptodev: change burst API to be crypto op oriented")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
For padding calculation, it is necessary to know if algorithm
is a block cipher or stream cipher algorithm, and know the
block size for the algorithm.
In the application, this block size should be only the
cipher block size, but if authentication was used too,
it was being overwritten by the authentication block size,
which is not needed.
Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Previously, l2fwd-crypto application did not give user the
flexibility to decide which crypto device(s) will be used.
In this patch, a new cryptodev_mask option is added to the
application. Same as portmask, the cryptodev_mask avails the
user to mask out the unwanted crypto devices in the system.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
For AEAD algorithms, additional authenticated data (AAD)
can be passed, but it is optional, so its size can be zero.
However, it is required to set this length to zero in the crypto
operation to avoid undefined behaviour.
Fixes: 617a7949c98a ("examples/l2fwd-crypto: parse AAD parameter")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Since VF can not disable/enable HW CRC strip for non-DPDK PF drivers,
and kernel driver almost default enable that feature, if disable it in
example app's rxmode, VF driver will report the VF launch failure. So
this patch default to enable HW CRC strip to let VF launch successful.
Cc: stable@dpdk.org
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Jingjing Wu <jingjing.wu@intel.com>
L2fwd-crypto app was creating an array of strings for the
supported algorithms, which was different from the strings
that are now in cryptodev.
Use the new API in cryptodev to parse the string from the user,
to get the algorithm enum, instead, so it is not necessary to add
a new supported algorithm in the cryptodev library and this app.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The variable optind should be reset to one not zero.
From the man page:
"The variable optind is the index of the next element to be processed in
argv. The system initializes this value to 1.
The caller can reset it to 1 to restart scanning of the same argv, or when
scanning a new argument vector.”
The problem I saw with my application was trying to parse the wrong
option, which can happen as DPDK parses the first part of the command line
and the application parses the second part. If you call getopt() multiple
times in the same execution, the behavior is not maintained when using
zero for optind.
Signed-off-by: Keith Wiles <keith.wiles@intel.com>
L2fwd-crypto app was padding an incoming buffer,
to be aligned with the algorithm block size, in all cases.
This was not the right approach, as padding is only necessary
when using block cipher algorithms, such as AES-CBC.
In case of using a stream cipher algorithm, such as SNOW3G UEA2,
there is no need to include padding and increase the buffer size.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This commit fixes an array overflow when number of crypto devices
is higher than 32.
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
This patch enables ZUC EEA3 cipher algorithm and
ZUC EIA3 authentication algorithm support to
l2fwd-crypto sample application.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
SNOW 3G algorithm has all uppercase letters in its name
and a space between SNOW and 3G, but some references of it
had some lowercase letters or no space.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
The usual device sequence is configure, queue setup and start.
Crypto device should be started before use.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Thomas Monjalon <thomas.monjalon@6wind.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch improve generate_random_key() function by replacing rand()
function with reading from /dev/urandom.
CID 120136 : Calling risky function (DC.WEAK_CRYPTO)
dont_call: rand should not be used for security related applications, as
linear congruential algorithms are too easy to break
Coverity issue: 120136
Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
crypto_statistics array was not big enough for storing
all the possible crypto device statistics, as its size was
RTE_MAX_ETHPORTS, but should be RTE_CRYPTO_MAX_DEVS, leading
this to a potential out-of-bounds issue.
Coverity issue: 120145
Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")
Signed-off-by: Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>