Lifetime tracking is not supported by hardware and is not implemented in
software either. Return failure when lifetime is configured.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Add support for SA lifetime configuration. Expiry can
be either in units of octets or packets.
Also, updated cryptodev dequeue path to update crypto op result to
indicate soft expiry.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Adding IV in SA in lookaside IPsec debug mode. It helps
to verify lookaside PMD using known outbound vectors in
lookaside autotest.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The driver creates an indirect mkey per entry in the queue to manage the
crypto operation using the BSF fields.
The indirect mkeys were never released neither while error occurs in the
creation phase nor when the queue is released.
Clean the indirect mkeys in the above cases.
Fixes: c2a42d19d9 ("crypto/mlx5: add WQE set initialization")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
The crypto QP consumer (ci) and producer (pi) indexes are increased
with each successful enqueue/dequeue operations.
However the QP pi index is calculated with a wraparound the number
of elements while the QP ci does not.
This is causing incorrect engine calculation for encqueued WQ values
(wq->pi - wq->ci) and eventually the device stops accepting new enqueue
operations.
Fixed by removing the wraparound on QP pi and using a temp calculation
where wraparound values are needed.
Fixes: 8e196c08ab ("crypto/mlx5: support enqueue/dequeue operations")
Cc: stable@dpdk.org
Signed-off-by: Tal Shnaiderman <talshn@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Replace pending queue with one that allows concurrent single producer and
single consumer. This relaxes the restriction of only allowing a single
lcore to operate on a given queue pair.
Signed-off-by: David George <david.george@sophos.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
This patch add PDCP security short MAC-I support for
dpaa_sec driver.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
To support short MAC-I, integrity only case is required
to be supported for PDCP.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
This patch add support to also counter err pkt counter per queue.
This also enhances few related debug prints.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch improve storage and performance by force inline
of the keys.
Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The space in descriptor buffer is scarce as it is limited to
64 words for platforms except ERA10 (which has 128).
As the descriptors are processed with QI, it adds some words
to the descriptor which is passed.
Some descriptors used for SDAP were using too much words reaching
the limit.
This patch reduces the number of words used by removing the inlining
of some keys (done for performance) in order to have working
descriptors.
Signed-off-by: Franck Lenormand <franck.lenormand@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch adds support for AES_CMAC integrity
in non-security mode.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
add DES-CBC support and enable available cipher-only
test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The rte_cryptodev_pmd.* files are for drivers only and should be
private to DPDK, and not installed for app use.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Update min tailroom to reflect IPsec additions.
PMD crypto_cn9k & crypto_cn10k would have packet
grow into tailroom post IPsec processing.
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
When given a source length 0 for CCM, the encryption and decryption
functions did not call the EVP_ENCRYPTUPDATE/EVP_DECRYPTUPDATE functions
with a src and dst, causing some FIPS validation failures for testcases
with PLen=0:
process_openssl_auth_encryption_ccm() line 1131:
Process openssl auth encryption ccm failed
Fixes: 1a4998dc4d ("crypto/openssl: support AES-CCM")
Cc: stable@dpdk.org
Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Submit two instructions with one LMTST operation.
Also updated dequeue path to have local var for constants.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Swap is not required for ZUC. Update IV updation
sequence to remove the redundant swap in case of ZUC.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
The opcode for encryption & decryption is the
same and single routine would be able to handle
both encryption and decryption operations.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
This patch adds support for the timestamp format settings for
the receive and send queues. If the firmware version x.30.1000
or above is installed and the NIC timestamps are configured
with the real-time format, the default zero values for newly
added fields cause the queue creation to fail.
The patch queries the timestamp formats supported by the hardware
and sets the configuration values in queue context accordingly.
Fixes: 6152534e21 ("crypto/mlx5: support queue pairs operations")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Use otx2_mbox_memcpy() instead of memcpy() to prevent unaligned access.
Fixes: a0645ed0d6 ("crypto/octeontx2: discover capabilities")
Cc: stable@dpdk.org
Signed-off-by: Danny Patel <dannyp@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
IPsec verify functions can be made common which can
be used for both cn9k and cn10k
Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Start a new release cycle with empty release notes.
The ABI version becomes 22.0.
The map files are updated to the new ABI major number (22).
The ABI exceptions are dropped and CI ABI checks are disabled because
compatibility is not preserved.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: David Marchand <david.marchand@redhat.com>
In crypto driver probing, there are two validations after context
allocation.
When one of them fails, the context structure was not freed what caused
a memory leak.
Free it.
Fixes: debb27ea34 ("crypto/mlx5: create login object using DevX")
Fixes: e8db4413cb ("crypto/mlx5: add keytag configuration")
Cc: stable@dpdk.org
Signed-off-by: Michael Baum <michaelba@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Fix return code when asymmetric crypto
or compression service is selected on GEN4 devices.
Fixes: 8f393c4ffd ("common/qat: support GEN4 devices")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
When the PMD is removed, rte_cryptodev_pmd_release_device
is called which frees cryptodev->data, and then tries to free
cryptodev->data->dev_private, which causes the heap use
after free issue.
A temporary pointer is set before the free of cryptodev->data,
which can then be used afterwards to free dev_private.
Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org
Reported-by: Zhihong Peng <zhihongx.peng@intel.com>
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
This patch fixes the raw data path dequeue burst fail problem.
Previously in case the queue is full and not all packets
asked to be dequeued are processed, the dequeue burst will
never happen.
Fixes: c21574edc5 ("cryptodev: add dequeue count parameter in raw API")
Cc: stable@dpdk.org
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Fix possible access of an array by negative index in function
qat_sym_qp_setup.
Coverity issue: 372131, 372134
Fixes: 8f393c4ffd ("common/qat: support GEN4 devices")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Adding changes to asymmetric ECDSA messages to align with
the new ucode for cnxk device.
Signed-off-by: Kiran Kumar K <kirankumark@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
