Commit Graph

709 Commits

Author SHA1 Message Date
Hemant Agrawal
0964a95120 bus/dpaa: fix dpaa_sec blacklist
The black list of dpaa_sec devices fails.
EAL: failed to parse device "dpaa:dpaa_sec-1"

This patch address following issues:
- bus usages dpaa-sec while the driver usage dpaa_sec
- bus usages numbers from 0 to MAX_SEC - while driver
probe usages sec number form max-fman_device +1

Fixes: 6e0752205b ("bus/dpaa: support device blacklisting")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Reviewed-by: Sachin Saxena <sachin.saxena@nxp.com>
2019-10-08 12:14:30 +02:00
Akhil Goyal
fe3688ba79 crypto/dpaa_sec: support event crypto adapter
dpaa_sec hw queues can be attached to a hw dpaa event
device and the application can configure the event
crypto adapter to access the dpaa_sec packets using
hardware events.
This patch defines APIs which can be used by the
dpaa event device to attach/detach dpaa_sec queues.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 13:14:18 +02:00
Anoob Joseph
98c7b9c97e crypto/octeontx: fix global log variable definition
'cpt_logtype' & 'otx_cryptodev_driver_id' global variables are defined
in a header file which was causing multiple definitions of the
variables. Fixed it by moving the required vars to the .c file and
introducing a new macro so the CPT_LOG macros in common/cpt would use
the associated PMD log var.

Issue has been detected by '-fno-common' gcc flag.

Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Reported-by: Ferruh Yigit <ferruh.yigit@intel.com>
2019-10-09 11:50:12 +02:00
Xiao Wang
933f42eac9 crypto/virtio: allocate private data by NUMA affinity
It's better to allocate device private data on the same NUMA node with
device, rather than with the main thread. This helps avoid cross-NUMA
access for worker thread.

Signed-off-by: Xiao Wang <xiao.w.wang@intel.com>
Reviewed-by: Jay Zhou <jianjay.zhou@huawei.com>
2019-10-09 11:50:12 +02:00
Adam Dybkowski
aa983f03ad crypto/qat: handle Single Pass Crypto Requests on GEN3
This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to the classic 2-pass mode on older
hardware.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2019-10-09 11:50:12 +02:00
Thierry Herbelot
310d2ea632 drivers/crypto: remove some invalid comments
A comment valid in AESNI PMD was copied and pasted in other code

Fixes: 8a61c83af2 ("crypto/mrvl: add mrvl crypto driver")
Fixes: 169ca3db55 ("crypto/armv8: add PMD optimized for ARMv8 processors")
Fixes: d61f70b4c9 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
9282bdee5c crypto/nitrox: add cipher auth chain processing
Add cipher auth crypto chain processing functionality in symmetric
request manager. Update the release notes.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
1acffa3929 crypto/nitrox: add burst enqueue and dequeue ops
Add burst enqueue and dequeue operations along with interface for
symmetric request manager.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
cafd270356 crypto/nitrox: add session management
Add all the session management operations.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
32e4930d5a crypto/nitrox: add hardware queue management
Add hardware queue management code corresponding to
queue pair setup and release functions.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
3b1fa94a02 crypto/nitrox: add software queue management
Add software queue management code corresponding to
queue pair setup and release functions.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
9fdef0cc23 crypto/nitrox: create symmetric cryptodev
Add Nitrox symmetric cryptodev with following operations,
- dev_configure
- dev_start
- dev_stop
- dev_close
- dev_infos_get

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Nagadheeraj Rottela
0a8fc2423b crypto/nitrox: introduce Nitrox driver
Add bare minimum Nitrox PMD library which handles pci probe, remove and
hardware initialization. Add logs, documentation and update maintainers
file.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
e671f2041f crypto/dpaa2_sec: improve debug logging
unnecessary debug logs in data path are removed
and hardware debug logs are compiled off.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
2ffb940e14 crypto/dpaa_sec: change per device pool to per qp
In cases where single cryptodev is used by multiple cores
using multiple queues, there will be contention for mempool
resources and may eventually get exhausted.
Basically, mempool should be defined per core.
Now since qp is used per core, mempools are defined in qp setup.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
f7a5752e70 crypto/dpaa_sec: allocate context dynamically for SG
This patch allocate/clean the SEC context dynamically
based on the number of SG entries in the buffer.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
62a3162239 crypto/dpaa2_sec: allocate context as per num segs
DPAA2_SEC hardware can support any number of SG entries.
This patch allocate as many SG entries as are required.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
b69ee13859 crypto/dpaa2_sec: support ZUC ciphering/integrity
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
680f73272a crypto/dpaa2_sec/hw: support ZUCE and ZUCA
This patch add support for ZUC Encryption and ZUC Authentication.
Before passing to CAAM, the 16-byte ZUCA IV is converted to 8-byte
format which consists of 38-bits of count||bearer|direction.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
4f52e0cff3 crypto/dpaa2_sec/hw: support KASUMI
Add Kasumi processing for non PDCP proto offload cases.
Also add support for pre-computed IV in Kasumi-f9

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
9ecbe824af crypto/dpaa2_sec: support SNOW3G cipher/integrity
Adding basic framework to use snow3g f8 and f9 based
ciphering or integrity with direct crypto apis.
This patch does not support any combo usages yet.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
0b1e34348f crypto/dpaa2_sec/hw: support SNOW-f9
Add support for snow-f9 in non pdcp protocol offload mode.
This essentially add support to pass pre-computed IV to SEC.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
8d83487fd0 crypto/dpaa2_sec/hw: support SNOW-f8
This patch add support for non-protocol offload mode
of snow-f8 algo

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
b0f4b15550 crypto/dpaa2_sec/hw: support SNOW-SNOW 18-bit PDCP
This patch support SNOW-SNOW (enc-auth) 18bit PDCP case
for devices which do not support PROTOCOL command

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
890639fc54 crypto/dpaa2_sec/hw: support ZUC-ZUC 18-bit PDCP
This patch support ZUC-ZUC PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
8827d94398 crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP
This patch support AES-AES PDCP enc-auth case for
devices which do not support PROTOCOL command for 18bit

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
ea1f0e5104 crypto/dpaa2_sec/hw: support 18-bit PDCP enc-auth
This patch support following algo combinations(ENC-AUTH).
- AES-SNOW
- SNOW-AES
- AES-ZUC
- ZUC-AES
- SNOW-ZUC
- ZUC-SNOW

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
2dc8b4aa31 crypto/dpaa2_sec: disable write-safe for PDCP
PDCP descriptors in some cases internally use commands which overwrite
memory with extra '0s' if write-safe is kept enabled. This breaks
correct functional behavior of PDCP apis and they in many cases give
incorrect crypto output. There we disable 'write-safe' bit in FLC for
PDCP cases. If there is a performance drop, then write-safe would be
enabled selectively through a separate patch.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
af61f07509 crypto/dpaa2_sec: support scatter gather for proto offloads
This patch add support for chained input or output
mbufs for PDCP and ipsec protocol offload cases.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
fb5c100a14 crypto/dpaa_sec: support scatter gather for PDCP
This patch add support for chained input or output
mbufs for PDCP operations.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
2eeedffc42 crypto/dpaa2_sec/hw: update 12-bit SN desc for NULL auth
For sec era 8, NULL auth using protocol command does not add
4 bytes of null MAC-I and treat NULL integrity as no integrity which
is not correct.
Hence converting this particular case of null integrity on 12b SN
on SEC ERA 8 from protocol offload to non-protocol offload case.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
cee221f670 crypto/dpaa2_sec: support CAAM HW era 10
Adding minimal support for CAAM HW era 10  (used in LX2)
Primary changes are:
1. increased shard desc length form 6 bit to 7 bits
2. support for several PDCP operations as PROTOCOL offload.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
526cdf60f1 crypto/dpaa2_sec: update desc for PDCP 18-bit enc-auth
Support following cases
int-only (NULL-NULL, NULL-SNOW, NULL-AES, NULL-ZUC)
enc-only (SNOW-NULL, AES-NULL, ZUC-NULL)

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
6a0c9d364a crypto/dpaax_sec: support HFN override
Per packet HFN override is supported in NXP PMDs
(dpaa2_sec and dpaa_sec). DPOVRD register can be
updated with the per packet value if it is enabled
in session configuration. The value is read from
the IV offset.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
2e4cbdb4b2 crypto/dpaax_sec: support PDCP U-Plane with integrity
PDCP u-plane may optionally support integrity as well.
This patch add support for supporting integrity along with
confidentiality.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Vakul Garg
eac600824e crypto/dpaax_sec: support PDCP 12-bit C-Plane
Added support for 12-bit c-plane. We implement it using 'u-plane for RN'
protocol descriptors. This is because 'c-plane' protocol descriptors
assume 5-bit sequence numbers. Since the crypto processing remains same
irrespective of c-plane or u-plane, we choose 'u-plane for RN' protocol
descriptors to implement 12-bit c-plane. 'U-plane for RN' protocol
descriptors support both confidentiality and integrity (required for
c-plane) for 7/12/15 bit sequence numbers.

For little endian platforms, incorrect IV is generated if MOVE command
is used in pdcp non-proto descriptors. This is because MOVE command
treats data as word. We changed MOVE to MOVEB since we require data to
be treated as byte array. The change works on both ls1046, ls2088.

Signed-off-by: Vakul Garg <vakul.garg@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
53982ba280 crypto/dpaa2_sec: support IPv6 tunnel for protocol offload
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
5ab35d2e3e crypto/dpaa_sec: support IPv6 tunnel for protocol offload
outer IP header is formed at the time of session initialization
using the ipsec xform. This outer IP header will be appended by
hardware for each packet.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Thierry Herbelot
1378ddce50 crypto/octeontx: enable unbinding
Like for Ethernet ports, the OCTEON TX crypto engines must
first be unbound from their kernel module, then rebound to
vfio-pci, before being used in DPDK.

As this capability is detected at runtime by dpdk-pmdinfo,
add the info in the PMD registering directives.

Then an external script can be used for bind and unbind.

Fixes: bfe2ae495e ("crypto/octeontx: add PMD skeleton")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
2019-10-09 11:50:12 +02:00
Thierry Herbelot
12e5842945 crypto/dpaa_sec: fix IOVA table
dpaa_sec needs translations between physical and virtual addresses.
V to P translation is relatively fast, as memory is managed in
contiguous segments.

The result of each V to P translation is used to update the DPAA iova
table, which should be updated by a Mem event callback, but is not.
Then the DPAA iova table has entries for all needed memory ranges.

With this patch, dpaa_mem_ptov will always use dpaax_iova_table_get_va,
which ensures optimal performance.

Fixes: 5a7dbb934d ("dpaa: enable dpaax library")
Cc: stable@dpdk.org

Signed-off-by: Thierry Herbelot <thierry.herbelot@6wind.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2019-10-09 11:50:12 +02:00
Fiona Trahe
0996ed0d5a crypto/qat: fix digest length in XCBC capability
Digest length in RTE_CRYPTO_AUTH_AES_XCBC_MAC capability
was incorrectly marked 16 bytes, should be 12.

Fixes: 6a3c87bc6a ("crypto/qat: refactor capabilities infrastructure")
Cc: stable@dpdk.org

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
2019-10-09 11:50:12 +02:00
Pablo de Lara
13209e9be7 crypto/aesni_mb: update chain order for AES-CCM
Up to version 0.52 of the IPSec Multi buffer library,
the chain order for AES-CCM was CIPHER_HASH when encrypting.
However, after this version, the order has been reversed in the library
since, when encrypting, hashing is done first and then ciphering.

Therefore, order is changed to be compatible with newer versions
of the library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
0f318781bd drivers/crypto: enable ESN in NXP drivers
If the application enables the use of ESN in the
ipsec_xform for security session create, pdb options
are set for enabling ESN.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Akhil Goyal
3d0d533277 crypto/dpaa_sec: detach queues in session destroy
crypto queues need to be detached while session destroy
so that they can be reused.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Gagandeep Singh
9e727d4a3f crypto/caam_jr: integrate DPAAX table
Virtual to physical conversions are optimized using the
DPAAX tables. This patch integrates DPAAX with caam_jr PMD.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
b48a3d859f crypto/caam_jr: reduce function traces in critical path
Reducing the functional traces from data path and critical session path

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-10-09 11:50:12 +02:00
Hemant Agrawal
c0ed103a02 crypto/dpaa2_sec: fix handling of session init failure
The session init shall return failure if the internal
session create fails for any reasons.

Fixes: 13273250ee ("crypto/dpaa2_sec: support AES-GCM and CTR")
Cc: stable@dpdk.org

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2019-07-19 14:43:40 +02:00
Arek Kusztal
40dd1f42e1 cryptodev: remove RSA PKCS1 BT0 padding
BT0 block type padding after rfc2313 has been discontinued.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
2019-07-19 14:17:11 +02:00
Arek Kusztal
501ed9c661 cryptodev: add cipher field to RSA op
Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
2019-07-19 14:17:11 +02:00
Fiona Trahe
1a2ff59679 crypto/qat: fix crashes
Resolution for seg-faults observed:
1) in buffer re-alignment in-place sgl case
2) case where data end is exactly at end of an sgl segment.
Also renamed variable and increased comments for clearer code.

Fixes: 40002f6c2a ("crypto/qat: extend support for digest-encrypted auth-cipher")

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Damian Nowak <damianx.nowak@intel.com>
2019-07-19 14:15:21 +02:00