cryptodev: remove RSA PKCS1 BT0 padding

BT0 block type padding after rfc2313 has been discontinued.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvel

cryptodev: remove RSA PKCS1 BT0 padding

BT0 block type padding after rfc2313 has been discontinued.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>

show more ...

cryptodev: add cipher field to RSA op

Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with

cryptodev: add cipher field to RSA op

Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>

show more ...

cryptodev: make xform key pointer constant

This patch changes the key pointer data types in cipher, auth,
and aead xforms from "uint8_t *" to "const uint8_t *" for a
more intuitive and safe sessionn

cryptodev: make xform key pointer constant

This patch changes the key pointer data types in cipher, auth,
and aead xforms from "uint8_t *" to "const uint8_t *" for a
more intuitive and safe sessionn creation.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Liron Himi <lironh@marvell.com>

show more ...

crypto/openssl: fix usage of non constant time memcmp

ANSI C memcmp is not constant time function per spec so it should
be avoided in cryptography usage.

Fixes: d61f70b4c918 ("crypto/libcrypto: add

crypto/openssl: fix usage of non constant time memcmp

ANSI C memcmp is not constant time function per spec so it should
be avoided in cryptography usage.

Fixes: d61f70b4c918 ("crypto/libcrypto: add driver for OpenSSL library")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

show more ...

crypto/openssl: set RSA private op feature flag

openssl PMD support RSA private key operation
using both qt and exp key type.
Set rsa key type feature flag

Signed-off-by: Ayuj Verma <ayverma@marvel

crypto/openssl: set RSA private op feature flag

openssl PMD support RSA private key operation
using both qt and exp key type.
Set rsa key type feature flag

Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: add result field to mod exp and inv

This patch adds result field to modular exponentiation and modular
multiplicative inverse operations in openssl pmd functions

Signed-off-by: Arek

crypto/openssl: add result field to mod exp and inv

This patch adds result field to modular exponentiation and modular
multiplicative inverse operations in openssl pmd functions

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>

show more ...

crypto/openssl: fix modexp

Fixes bad reference of modinv struct in openssl pmd

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Arek Kuszt

crypto/openssl: fix modexp

Fixes bad reference of modinv struct in openssl pmd

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: fix big numbers after computations

After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely

crypto/openssl: fix big numbers after computations

After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: add sym session header size function

This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.

Signed-off-by:

cryptodev: add sym session header size function

This patch adds a new API in Cryptodev Framework. The API is used
to get the header size for the created symmetric Cryptodev session.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: change queue pair configure structure

This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.

Signed-off-by: Fan Zh

cryptodev: change queue pair configure structure

This patch changes the cryptodev queue pair configure structure
to enable two mempool passed into cryptodev PMD simutaneously.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: remove useless check before freeing

Remove if() condition prior to calling BN_free() as
BN_free(a) does nothing if a is NULL.

Signed-off-by: Akash Saxena <akash.saxena@caviumnetwork

crypto/openssl: remove useless check before freeing

Remove if() condition prior to calling BN_free() as
BN_free(a) does nothing if a is NULL.

Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: fix RSA verify operation

In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a

crypto/openssl: fix RSA verify operation

In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
Current OpenSSL PMD RSA verify implementation overrides application passed
sign input by decrypted output which isn't expected.

This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use
tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPTO_OP_STATUS_ERROR on signature mismatch.

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org

Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: support truncated HMAC operations

IPsec requires truncated HMAC operations support. Extend OpenSSL crypto
PMD to support truncated HMAC operations necessary for IPsec.

Signed-off-by

crypto/openssl: support truncated HMAC operations

IPsec requires truncated HMAC operations support. Extend OpenSSL crypto
PMD to support truncated HMAC operations necessary for IPsec.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: replace macros by static inline functions

Replace macros by static inline functions in openssl version
compatibility layer

Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com

crypto/openssl: replace macros by static inline functions

Replace macros by static inline functions in openssl version
compatibility layer

Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: add DH and DSA asym operations

- Add dh key generation and shared compute
- Add dsa sign and verify operation

Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-

crypto/openssl: add DH and DSA asym operations

- Add dh key generation and shared compute
- Add dsa sign and verify operation

Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>

show more ...

crypto/openssl: add RSA and mod asym operations

- Add compat.h to make pmd compatible to openssl-1.1.0 and
backward version
- Add rsa sign/verify/encrypt/decrypt and modular operation
support

S

crypto/openssl: add RSA and mod asym operations

- Add compat.h to make pmd compatible to openssl-1.1.0 and
backward version
- Add rsa sign/verify/encrypt/decrypt and modular operation
support

Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>

show more ...

crypto/openssl: support 8-byte 3DES

Added extra case to support 8 byte key size
for 3DES CBC. Also changed capabilities to reflect
the change.

Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.

crypto/openssl: support 8-byte 3DES

Added extra case to support 8 byte key size
for 3DES CBC. Also changed capabilities to reflect
the change.

Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

show more ...

remove useless constructor headers

A constructor is usually declared with RTE_INIT* macros.
As it is a static function, no need to declare before its definition.
The macro is used directly in the fu

remove useless constructor headers

A constructor is usually declared with RTE_INIT* macros.
As it is a static function, no need to declare before its definition.
The macro is used directly in the function definition.

Signed-off-by: Thomas Monjalon <thomas@monjalon.net>

show more ...

cryptodev: rename PMD symmetric session API

The PMD specific API to configure, clear and
obtain session private size is renamed, including
the word _sym_ to clarify that it is API
for symmetric sess

cryptodev: rename PMD symmetric session API

The PMD specific API to configure, clear and
obtain session private size is renamed, including
the word _sym_ to clarify that it is API
for symmetric sessions, so there will not be any
conflicts for asymmetric and other type of sessions
in the future.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: replace mbuf scatter gather flag

The current mbuf scatter gatter feature flag is
too ambiguous, as it is not clear if input and/or output
buffers can be scatter gather mbufs or not, plus

cryptodev: replace mbuf scatter gather flag

The current mbuf scatter gatter feature flag is
too ambiguous, as it is not clear if input and/or output
buffers can be scatter gather mbufs or not, plus
if in-place and/or out-of-place is supported.

Therefore, five new flags will replace this flag:
- RTE_CRYPTODEV_FF_IN_PLACE_SGL
- RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT
- RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT
- RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT
- RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

cryptodev: remove max number of sessions parameter

Most crypto PMDs do not have a limitation
of the number of the sessions that can be handled
internally. The value that was set before was not
actua

cryptodev: remove max number of sessions parameter

Most crypto PMDs do not have a limitation
of the number of the sessions that can be handled
internally. The value that was set before was not
actually used at all, since the sessions are created
at the application level.
Therefore, this value is not parsed from the initial
crypto parameters anymore and it is set to 0,
meaning that there is no actual limit.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

crypto/openssl: add dynamic logging

Registered new dynamic logtype for driver and
replaced OPENSSL_LOG_ERR and CDEV_LOG_ERR macros with
new OPENSSL_LOG macro, which uses the new logtype.

Signed-off

crypto/openssl: add dynamic logging

Registered new dynamic logtype for driver and
replaced OPENSSL_LOG_ERR and CDEV_LOG_ERR macros with
new OPENSSL_LOG macro, which uses the new logtype.

Signed-off-by: Naga Suresh Somarowthu <naga.sureshx.somarowthu@intel.com>
Reviewed-by: Reshma Pattan <reshma.pattan@intel.com>
Reviewed-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

show more ...

cryptodev: rename functions to get session size

rte_cryptodev_get_header_session_size() and
rte_cryptodev_get_private_session_size() functions are
targeting symmetric sessions.

With the future addi

cryptodev: rename functions to get session size

rte_cryptodev_get_header_session_size() and
rte_cryptodev_get_private_session_size() functions are
targeting symmetric sessions.

With the future addition of asymmetric operations,
these functions need to be renamed from *cryptodev_*_session_*
to *cryptodev_sym_*_session_* to be symmetric specific.

The two original functions are marked as deprecated
and will be removed in 18.08, so applications can still
use the functions in 18.05.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Shally Verma <shally.verma@caviumnetworks.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>

show more ...

cryptodev: change argument of driver registration

Pass an rte_driver to the RTE_PMD_REGISTER_CRYPTO_DRIVER macro
rather than an unspecified container which holds an rte_driver.
All the macro actuall

cryptodev: change argument of driver registration

Pass an rte_driver to the RTE_PMD_REGISTER_CRYPTO_DRIVER macro
rather than an unspecified container which holds an rte_driver.
All the macro actually needs is the rte_driver, not the
container holding it.
This paves the way for a later patch in which a driver
will be registered which does not naturally derive from a
container and so avoids having to create an arbitrary container
to pass in the rte_driver.

This patch changes the cryptodev lib macro and all the
PMDs which use it.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Reviewed-by: Akhil Goyal <akhil.goyal@nxp.com>

show more ...

drivers: use SPDX tag for Intel copyright files

Replace the BSD license header with the SPDX tag for files
with only an Intel copyright on them.

Signed-off-by: Bruce Richardson <bruce.richardson@in

drivers: use SPDX tag for Intel copyright files

Replace the BSD license header with the SPDX tag for files
with only an Intel copyright on them.

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>

show more ...