Add support to the AESNI-MB PMD for the DOCSIS protocol, through the
rte_security API. This, therefore, includes adding support for the
rte_security API to this PMD.
Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds the verification of the crypto session IOVA
that should be known (not zero) to proceed with the
session initialisation. In case of unknown IOVA
the error code -EINVAL is returned.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
ZUC, SNOW3G and KASUMI PMDs support Out-of-place operations,
but their feature flags did not reflect this.
Fixes: 2717246ecd7d ("cryptodev: replace mbuf scatter gather flag")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Now that all libraries have a single version, we can drop the empty
stable blocks that had been added when moving symbols from stable to
internal ABI.
Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Introduce the RTE_LOG_REGISTER macro to avoid the code duplication
in the logtype registration process.
It is a wrapper macro for declaring the logtype, registering it and
setting its level in the constructor context.
Signed-off-by: Jerin Jacob <jerinj@marvell.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Sachin Saxena <sachin.saxena@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Some compilers raise an error when declaring a variable
in the middle of a function. This is a C99 allowance.
Even if DPDK switches globally to C99 or C11 standard,
the coding rules are for declarations at the beginning
of a block:
http://doc.dpdk.org/guides/contributing/coding_style.html#local-variables
This coding style is enforced by adding a check of
the common patterns like "for (int i;"
The occurrences of the checked pattern are fixed:
'for *(\(char\|u\?int\|unsigned\|s\?size_t\)'
In the file dpaa2_sparser.c, the fix is to remove the unused macros.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: David Marchand <david.marchand@redhat.com>
Some places were calling the meson function host_machine.system()
instead of the variables is_windows and is_linux defined
in config/meson.build.
At the same time, the missing "Linux restriction" reason is added to
pfe and octeontx2 crypto PMDs.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Currently rte_mcp_ptr_list is being shared as a variable
across libs. This is only used in control path.
This patch change it to a exported function based access.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
qman caam and pool portal ids are only used in control
path. This patch changes their inter library access to
function call instead of direct shared variable.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
This patch moves the internal symbols to INTERNAL sections
so that any change in them is not reported as ABI breakage.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Since it will check the feature mask before running out-of-place
test cases and the virtio-crypto device supports OOP_LB_IN_LB_OUT mode.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
The OCTEON TX crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Session configure should return -ENOTSUP in case of unsupported xform
requests. Moving the validation of combinations out of cpt, as the
feature support will not be same across OCTEON TX and OCTEON TX2.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The OCTEON TX2 crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The caam_jr_enable_irqs() and caam_jr_disable_irqs() methods maybe return a
negative error. So use int instead of uint32_t int the functions.
Fixes: e7a45f3cc245 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
Zero is a valid fd. It will fail to check the fd if the fd is zero.
The "job_ring->uio_fd" is an fd, so define it as "int".
Fixes: e7a45f3cc245 ("crypto/caam_jr: add UIO specific operations")
Fixes: a5e1018d5e67 ("crypto/caam_jr: add routines to configure HW")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This patch fixes the blunt workaround in the following commit.
Fixes: 50b03f3b8eaf ("drivers/crypto: disable gcc 10 no-common errors")
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Tested-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Update the portal allocation failure log to print the thread id
as well.
Signed-off-by: Nipun Gupta <nipun.gupta@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement. Hence added a
new feature flag RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
to identify which all PMDs can support non-byte aligned
data.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
gcc 10 defaults to -fno-common and as a result when linking
with crypto drivers:
drivers/librte_pmd_dpaa_sec.a(crypto_dpaa_sec_dpaa_sec.c.o):
(.bss+0x4): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
drivers/librte_pmd_dpaa2_sec.a(crypto_dpaa2_sec_dpaa2_sec_dpseci.c.o):
(.data+0x0): multiple definition of `rta_sec_era';
drivers/librte_pmd_caam_jr.a(crypto_caam_jr_caam_jr.c.o):
(.bss+0x0): first defined here
This is a blunt fix for the issue by enabling fcommon for
dpaa_sec/dpaa2_sec/caam_jr.
Bugzilla ID: 469
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
The return values in cases of errors were not
specified properly. With this patch appropriate
error numbers are returned.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
gcc 10 defaults to fno-common and it reports:
crypto_kasumi_rte_kasumi_pmd_ops.c.o:(.data.rel+0x0):
multiple definition of `rte_kasumi_pmd_ops';
crypto_kasumi_rte_kasumi_pmd.c.o:(.bss+0x8): first defined here
Fix by making rte_kasumi_pmd_ops extern in the header file.
Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch repairs 2 memory allocations issues:
1) possible leak of memory
In cryptodev_dpaa_sec_probe() function in case of portal
initialization failure, function exited without cleanup.
The patch redirects flow to out label, which provides
proper cleanup in case of error: freeing cryptodevice private
data and releasing cryptodevice.
2) double free of cryptodev private data
The function dpaa_sec_dev_init() in case of failure called
dpaa_sec_uninit() which freed both private data and security
context. However one layer above in cryptodev_dpaa_sec_probe()
function, the private data were freed one more time.
The patch limits cleanup of the dpaa_sec_dev_init() function
to freeing only the security context.
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch fixes management of memory for authentication
and encryption keys.
There were two issues with former state of implementation:
1) Invalid access to dpaa_sec_session union members
The dpaa_sec_session structure includes an anonymous union:
union {
struct {...} aead_key;
struct {
struct {...} cipher_key;
struct {...} auth_key;
};
};
Depending on the used algorithm a rte_zmalloc() function
allocated memory that was kept in aead_key, cipher_key
or auth_key. However every time the memory was released,
rte_free() was called only on cipher and auth keys, even
if pointer to allocated memory was stored in aead_key.
The C language specification defines such behavior as undefined.
As the cipher_key and aead_key are similar, have same sizes and
alignment, it has worked, but it's directly against C specification.
This patch fixes this, providing a free_session_data() function
to free the keys data. It verifies which algorithm was used
(aead or auth+cipher) and frees proper part of the union.
2) Some keys might have been freed multiple times
In functions like: dpaa_sec_cipher_init(), dpaa_sec_auth_init(),
dpaa_sec_chain_init(), dpaa_sec_aead_init() keys data were freed
before returning due to some error conditions. However the pointers
were not zeroed causing another calls to ret_free from higher
layers of code. This causes an error log about invalid memory address
to be printed.
This patch fixes it by making only one layer responsible for freeing
memory
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Offset of cd pointer is too big by state1size + state2size, so few extra
unnecessary bytes will be copied into cd. Snow offset was improved as well.
Fixes: d9b7d5bbc845 ("crypto/qat: add ZUC EEA3/EIA3 capability")
Cc: stable@dpdk.org
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Zero is a valid fd. When ccp_probe_device() is failed, the uio_fd won't be
closed thus leading fd leak.
Fixes: ef4b04f87fa6 ("crypto/ccp: support device init")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Ravi Kumar <ravi1.kumar@amd.com>
When adding support for DOCSIS AES-256,
when setting the cipher parameters, all key sizes
were accepted, but only 128-bit and 256-bit keys
are supported.
Fixes: 9536622b86c8 ("crypto/aesni_mb: support DOCSIS AES-256")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Check if session is valid after getting operation
out of the internal IPSec MB manager, in case the
session has been freed while the operation was still
inside the manager.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds support for plain SHA-1, SHA-224, SHA-256,
SHA-384 and SHA-512 hashes to QAT PMD.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Add feature flag for symmetric sessionless support,
so it can be checked by applications.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Tested-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
When authenticating after encrypting, if the operation
is out-of-place, the destination buffer is the one
that will get authenticated.
If the cipher offset is higher than the authentication
offset, it means that part of the text to authenticate
will be plaintext, so this needs to get copied to the
destination buffer, or the result will be incorrect.
Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Add support for CPU crypto mode by introducing required handler.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This patch adds support for DOCSIS AES-256 when using AESNI-MB
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The four crypto drivers: kasumi, mvsam, snow3g and zuc define logtype
variables in their header file. As the header files are included
in more than one compilation unit, it might cause appearance
of multiple instances of the variable and a linker error.
Such situation can occur, when no common section is allowed
by the compiler settings and tentative definitions are placed
in BSS section.
Fixes: 2cba3814932e ("crypto/kasumi: add dynamic logging")
Fixes: a05a450f42fd ("crypto/mvsam: add dynamic logging")
Fixes: f3af5f9d1325 ("crypto/zuc: add dynamic logging")
Fixes: a3277ad47feb ("cryptodev: remove crypto device driver name")
Cc: stable@dpdk.org
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
The zlib compression driver, as well as the aesni-gcm, aesni-mb and openssl
crypto drivers all defined the logtype variable in the header file
directly. This gives errors with gcc 10, due to -fno-common being the
default, so we need to apply the same fix in all cases:
* move the variable definition to a suitable .c file
* mark the forward declaration of the variable in the header as "extern"
Fixes: 0c4e4c16b004 ("compress/zlib: introduce zlib PMD")
Fixes: 90c8a2d02a31 ("crypto/aesni_gcm: add dynamic logging")
Fixes: 276624ae2ef6 ("crypto/aesni_mb: add dynamic logging")
Fixes: 094b2386f461 ("crypto/openssl: add dynamic logging")
Cc: stable@dpdk.org
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
This NULL check is unnecessary, container_of is never NULL.
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
There is a common macro __rte_unused, avoiding warnings,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
There is a common macro __rte_packed for packing structs,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
There is a common macro __rte_aligned for alignment,
which is now used where appropriate for consistency.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: David Christensen <drc@linux.vnet.ibm.com>
Remove setting ALLOW_EXPERIMENTAL_API individually for each Makefile and
meson.build. Instead, enable ALLOW_EXPERIMENTAL_API flag across app, lib
and drivers.
This changes reduces the clutter across the project while still
maintaining the functionality of ALLOW_EXPERIMENTAL_API i.e. warning
external applications about experimental API usage.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
In nitrox_sym_pmd_create() the name array will overflow if the pci
device name is greater than 57 bytes. To fix this issue subtract pci
device name length from array length while appending substring to the
name.
Coverity issue: 349926
Fixes: 9fdef0cc2385 ("crypto/nitrox: create symmetric cryptodev")
Cc: stable@dpdk.org
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
If the NPS_PKT ring/port is greater than 8191 the NPS_PKT*() macros will
evaluate to incorrect values due to unintended sign extension from int
to unsigned long. To fix this, add UL suffix to the constants in these
macros. The same problem is with AQMQ_QSZX() macro also.
Coverity issue: 349899, 349905, 349911, 349921, 349923
Fixes: 32e4930d5a3b ("crypto/nitrox: add hardware queue management")
Fixes: 0a8fc2423bff ("crypto/nitrox: introduce Nitrox driver")
Cc: stable@dpdk.org
Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This patch adds handling of mixed hash-cipher algorithms
available on GEN2 QAT in particular firmware versions.
Also the documentation is updated to show the mixed crypto
algorithms are supported on QAT GEN2.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
