cryptodev: add SM4-XTS

Added support for symmetric algorithm SM4-XTS in cryptodev.

Signed-off-by: Hanxiao Li <li.hanxiao@zte.com.cn>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: add EdDSA asymmetric algorithm

Add support for asymmetric EdDSA in cryptodev, as referenced in RFC:
https://datatracker.ietf.org/doc/html/rfc8032

Signed-off-by: Gowrishankar Muthukrishna

cryptodev: add EdDSA asymmetric algorithm

Add support for asymmetric EdDSA in cryptodev, as referenced in RFC:
https://datatracker.ietf.org/doc/html/rfc8032

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: add fallback security processing and Rx inject

Add alternate datapath API for security processing which would do Rx
injection (similar to loopback) after successful security processing.

W

security: add fallback security processing and Rx inject

Add alternate datapath API for security processing which would do Rx
injection (similar to loopback) after successful security processing.

With inline protocol offload, variable part of the session context
(AR windows, lifetime etc in case of IPsec), is not accessible to the
application. If packets are not getting processed in the inline path
due to non security reasons (such as outer fragmentation or rte_flow
packet steering limitations), then the packet cannot be security
processed as the session context is private to the PMD and security
library doesn't provide alternate APIs to make use of the same session.

Introduce new API and Rx injection as fallback mechanism to security
processing failures due to non-security reasons. For example, when there
is outer fragmentation and PMD doesn't support reassembly of outer
fragments, application would receive fragments which it can then
reassemble. Post successful reassembly, packet can be submitted for
security processing and Rx inject. The packets can be then received in
the application as normal inline protocol processed packets.

Same API can be leveraged in lookaside protocol offload mode to inject
packet to Rx. This would help in using rte_flow based packet parsing
after security processing. For example, with IPsec, this will help in
flow splitting after IPsec processing is done.

In both inline protocol capable ethdevs and lookaside protocol capable
cryptodevs, the packet would be received back in eth port & queue based
on rte_flow rules and packet parsing after security processing. The API
would behave like a loopback but with the additional security
processing.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add asymmetric SM2 algorithm

ShangMi 2 (SM2) is set of public-key cryptography algorithms
based on elliptic curves.

Added support for asymmetric SM2 in cryptodev along with prime
field c

cryptodev: add asymmetric SM2 algorithm

ShangMi 2 (SM2) is set of public-key cryptography algorithms
based on elliptic curves.

Added support for asymmetric SM2 in cryptodev along with prime
field curve, as referenced in RFC:
https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa-02

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add SM3-HMAC and SM4-CFB/OFB

Add SM3_HMAC/SM4_CFB/SM4_OFB support in DPDK.

Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

cryptodev: add SHAKE algorithm

Added support for a new hash algorithm,
SHAKE (Secure Hash Algorithm and KECCAK) defined in FIPS 202.

Added test cases for SHAKE hash algorithm for Digest and Digest-

cryptodev: add SHAKE algorithm

Added support for a new hash algorithm,
SHAKE (Secure Hash Algorithm and KECCAK) defined in FIPS 202.

Added test cases for SHAKE hash algorithm for Digest and Digest-Verify.

Signed-off-by: Volodymyr Fialko <vfialko@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add SM3 hash algorithm

ShangMi 3 (SM3) is a cryptographic hash function used in
the Chinese National Standard.

- Added SM3 algorithm

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@inte

cryptodev: add SM3 hash algorithm

ShangMi 3 (SM3) is a cryptographic hash function used in
the Chinese National Standard.

- Added SM3 algorithm

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add SM4 encryption algorithm

ShangMi 4 (SM4) is a block cipher used in the
Chinese National Standard for Wireless LAN WAPI and also
used with Transport Layer Security.

Added SM4 encrypti

cryptodev: add SM4 encryption algorithm

ShangMi 4 (SM4) is a block cipher used in the
Chinese National Standard for Wireless LAN WAPI and also
used with Transport Layer Security.

Added SM4 encryption algorithm in ECB, CBC and CTR modes.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add elliptic curve Diffie-Hellman

- Added elliptic curve Diffie-Hellman parameters.
Point multiplication allows the user to process every phase of
ECDH, but for phase 1, user should not r

cryptodev: add elliptic curve Diffie-Hellman

- Added elliptic curve Diffie-Hellman parameters.
Point multiplication allows the user to process every phase of
ECDH, but for phase 1, user should not really care about the generator.
The user does not even need to know what the generator looks like,
therefore setting ec xform would make this work.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

doc: add cryptodev table for supported operating systems

Added table to the crypto device drivers documentation
stating the support of each PMD on Linux, FreeBSD and Windows.

Signed-off-by: Tal Shn

doc: add cryptodev table for supported operating systems

Added table to the crypto device drivers documentation
stating the support of each PMD on Linux, FreeBSD and Windows.

Signed-off-by: Tal Shnaiderman <talshn@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

security: add SA config option for inner checksum

Add inner packet IPv4 hdr and L4 checksum enable options
in conf. These will be used in case of protocol offload.
Per SA, application could specify

security: add SA config option for inner checksum

Add inner packet IPv4 hdr and L4 checksum enable options
in conf. These will be used in case of protocol offload.
Per SA, application could specify whether the
checksum(compute/verify) can be offloaded to security device.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: formalize key wrap method in API

The Key Wrap approach is used by applications in order to protect keys
located in untrusted storage or transmitted over untrusted
communications networks.

cryptodev: formalize key wrap method in API

The Key Wrap approach is used by applications in order to protect keys
located in untrusted storage or transmitted over untrusted
communications networks. The constructions are typically built from
standard primitives such as block ciphers and cryptographic hash
functions.

The Key Wrap method and its parameters are a secret between the keys
provider and the device, means that the device is preconfigured for
this method using very secured way.

The key wrap method may change the key length and layout.

Add a description for the cipher transformation key to allow wrapped key
to be forwarded by the same API.

Add a new feature flag RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY to be enabled
by PMDs support wrapped key in cipher trasformation.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: support multiple cipher data-units

In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.

A block cipher consists of two pa

cryptodev: support multiple cipher data-units

In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.

A block cipher consists of two paired algorithms, one for encryption
and the other for decryption. Both algorithms accept two inputs:
an input block of size n bits and a key of size k bits; and both yield
an n-bit output block. The decryption algorithm is defined to be the
inverse function of the encryption.

For AES standard the block size is 16 bytes.
For AES in XTS mode, the data to be encrypted\decrypted does not have to
be multiple of 16B size, the unit of data is called data-unit.
The data-unit size can be any size in range [16B, 2^24B], so, in this
case, a data stream is divided into N amount of equal data-units and
must be encrypted\decrypted in the same data-unit resolution.

For ABI compatibility reason, the size is limited to 64K (16-bit field).
The new field dataunit_len is inserted in a struct padding hole,
which is only 2 bytes long in 32-bit build.
It could be moved and extended later during an ABI-breakage window.

The current cryptodev API doesn't allow the user to select a specific
data-unit length supported by the devices.
In addition, there is no definition how the IV is detected per data-unit
when single operation includes more than one data-unit.

That causes applications to use single operation per data-unit even though
all the data is continuous in memory what reduces datapath performance.

Add a new feature flag to support multiple data-unit sizes, called
RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
Add a new field in cipher capability, called dataunit_set,
where the devices can report the range of the supported data-unit sizes.
Add a new cipher transformation field, called dataunit_len, where the user
can select the data-unit length for all the operations.

All the new fields do not change the size of their structures,
by filling some struct padding holes.
They are added as exceptions in the ABI check file libabigail.abignore.

Using a bitmap to report the supported data-unit sizes capability allows
the devices to report a range simply as same as the user to read it
simply. also, thus sizes are usually common and probably will be shared
among different devices.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add raw crypto datapath API

This patch adds raw data-path APIs for enqueue and dequeue
operations to cryptodev. The APIs support flexible user-define
enqueue and dequeue behaviors.

Signe

cryptodev: add raw crypto datapath API

This patch adds raw data-path APIs for enqueue and dequeue
operations to cryptodev. The APIs support flexible user-define
enqueue and dequeue behaviors.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: add ChaCha20-Poly1305 AEAD algorithm

This patch adds Chacha20-Poly1305 AEAD algorithm to Cryptodev.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fion

cryptodev: add ChaCha20-Poly1305 AEAD algorithm

This patch adds Chacha20-Poly1305 AEAD algorithm to Cryptodev.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: add feature flag for non-byte aligned data

Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement

cryptodev: add feature flag for non-byte aligned data

Some wireless algos like SNOW, ZUC may support input
data in bits which are not byte aligned. However, not
all PMDs can support this requirement. Hence added a
new feature flag RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA
to identify which all PMDs can support non-byte aligned
data.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...

cryptodev: add session-less feature flag

Add feature flag for symmetric sessionless support,
so it can be checked by applications.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acke

cryptodev: add session-less feature flag

Add feature flag for symmetric sessionless support,
so it can be checked by applications.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Tested-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: introduce CPU crypto API

Add new API allowing to process crypto operations in a synchronous
manner. Operations are performed on a set of SG arrays.

Cryptodevs which allows CPU crypto ope

cryptodev: introduce CPU crypto API

Add new API allowing to process crypto operations in a synchronous
manner. Operations are performed on a set of SG arrays.

Cryptodevs which allows CPU crypto operation mode have to
use RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability.

Add a helper method to easily convert mbufs to a SGL form.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: revert Chacha20-Poly1305 AEAD algorithm

API makes think that rte_cryptodev_info_get() cannot return
a value >= 3 (RTE_CRYPTO_AEAD_LIST_END in 19.11).
20.02-rc1 was returning 3 (RTE_CRYPTO

cryptodev: revert Chacha20-Poly1305 AEAD algorithm

API makes think that rte_cryptodev_info_get() cannot return
a value >= 3 (RTE_CRYPTO_AEAD_LIST_END in 19.11).
20.02-rc1 was returning 3 (RTE_CRYPTO_AEAD_CHACHA20_POLY1305).
So the ABI compatibility contract was broken.

It could be solved with some function versioning,
but because a lack of time, the feature is reverted for now.

This reverts following commits:
- 6c9f3b347e21 ("cryptodev: add Chacha20-Poly1305 AEAD algorithm")
- 2c512e64d600 ("crypto/qat: support Chacha Poly")
- d55e01f579e1 ("test/crypto: add Chacha Poly cases")

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>

show more ...

cryptodev: support ECPM

Asymmetric crypto library is extended to add ECPM (Elliptic Curve Point
Multiplication). The required xform type and op parameters are
introduced.

Signed-off-by: Anoob Josep

cryptodev: support ECPM

Asymmetric crypto library is extended to add ECPM (Elliptic Curve Point
Multiplication). The required xform type and op parameters are
introduced.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Balakrishna Bhamidipati <bbhamidipati@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: support ECDSA

Asymmetric crypto library is extended to add ECDSA. Elliptic curve
xform and ECDSA op params are introduced.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by:

cryptodev: support ECDSA

Asymmetric crypto library is extended to add ECDSA. Elliptic curve
xform and ECDSA op params are introduced.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Sunila Sahu <ssahu@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: add Chacha20-Poly1305 AEAD algorithm

This patch adds Chacha20-Poly1305 AEAD algorithm to Cryptodev.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fion

cryptodev: add Chacha20-Poly1305 AEAD algorithm

This patch adds Chacha20-Poly1305 AEAD algorithm to Cryptodev.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: add asymmetric session-less

This commit adds asymmetric session-less option to
rte_crypto_asym_op. Feature flag for session-less is added
to rte_cryptodev.

Signed-off-by: Arek Kusztal <a

cryptodev: add asymmetric session-less

This commit adds asymmetric session-less option to
rte_crypto_asym_op. Feature flag for session-less is added
to rte_cryptodev.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: add digest encrypted feature flag

Some PMDs can only support digest being
encrypted separately in auth-cipher operations.
Thus it is required to add feature flag in PMD
to reflect if it d

cryptodev: add digest encrypted feature flag

Some PMDs can only support digest being
encrypted separately in auth-cipher operations.
Thus it is required to add feature flag in PMD
to reflect if it does support digest-appended
both: digest generation with encryption and
decryption with digest verification.
This patch also adds information about new
feature flag to the release notes.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

show more ...

doc: fix missing asymmetric crypto table

Fixes: 11e5ba72cf67 ("doc: add crypto asymmetric feature list")
Cc: stable@dpdk.org

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal

doc: fix missing asymmetric crypto table

Fixes: 11e5ba72cf67 ("doc: add crypto asymmetric feature list")
Cc: stable@dpdk.org

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...