* [PATCH 00/11] DPAA and DPAA2 crypto specific fixes
@ 2024-07-03 10:26 Gagandeep Singh
2024-07-03 10:26 ` [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err Gagandeep Singh
` (10 more replies)
0 siblings, 11 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev
This series include bug fixes and enhancement of
DPAA and DPAA2 crypto drivers.
Gagandeep Singh (6):
common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err
crypto/dpaa: fix SEC err due to an wrong desc
common/dpaax: caamflib change desc sharing mode
crypto/dpaa_sec: improve return value for retired queues
crypto/dpaa2_sec: add a check on nb desc
crypto/dpaa2_sec: initialize esp sequence number
Hemant Agrawal (3):
crypto/dpaax_sec: improve non-supported algo logs
crypto/dpaa2_sec: adding session update API support
crypto/dpaa2_sec: initialize the authdata
Jun Yang (1):
crypto/dpaa2_sec: fix issue of user ctxt for Event queue
Varun Sethi (1):
common/dpaax: caamflib: fix PDCP AES-AES wdog DECO err
drivers/bus/dpaa/base/qbman/qman.c | 5 +-
drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++
drivers/common/dpaax/caamflib/desc/pdcp.h | 26 ++-
drivers/common/dpaax/caamflib/desc/sdap.h | 10 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 181 +++++++++-----------
drivers/crypto/dpaa_sec/dpaa_sec.c | 70 ++++----
6 files changed, 214 insertions(+), 151 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
` (9 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Akhil Goyal, Franck Lenormand; +Cc: stable
Adding a Jump instruction with CALM flag to ensure
previous processing has been completed.
Fixes: 3ba2e519eafa ("common/dpaax/caamflib: support PDCP-SDAP")
Cc: franck.lenormand@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/sdap.h | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/common/dpaax/caamflib/desc/sdap.h b/drivers/common/dpaax/caamflib/desc/sdap.h
index b38c15a24f..d41bacf8f9 100644
--- a/drivers/common/dpaax/caamflib/desc/sdap.h
+++ b/drivers/common/dpaax/caamflib/desc/sdap.h
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2020-2022 NXP
+ * Copyright 2020-2023 NXP
*/
#ifndef __DESC_SDAP_H__
@@ -628,6 +628,10 @@ static inline int pdcp_sdap_insert_no_snoop_op(
/* Save the ICV generated */
MOVEB(p, CONTEXT1, 0, MATH3, 0, 4, WAITCOMP | IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
/* The CHA will be reused so we need to clear it */
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
@@ -718,6 +722,10 @@ static inline int pdcp_sdap_insert_no_snoop_op(
/* Save the ICV which is stalling in output FIFO to MATH3 */
MOVEB(p, OFIFO, 0, MATH3, 0, 4, IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
/* Reset class 1 CHA */
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES wdog DECO err
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
2024-07-03 10:26 ` [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 17:25 ` [EXTERNAL] " Akhil Goyal
2024-07-03 10:26 ` [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc Gagandeep Singh
` (8 subsequent siblings)
10 siblings, 1 reply; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Akhil Goyal, Vakul Garg
Cc: Varun Sethi, stable
From: Varun Sethi <v.sethi@nxp.com>
Adding a Jump instruction with CALM flag to ensure
previous processing has been completed.
Fixes: 8827d94398f1 ("crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP")
Cc: vakul.garg@nxp.com
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Varun Sethi <v.sethi@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 7d16c66d79..0ed9eec816 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1023,6 +1023,11 @@ pdcp_insert_uplane_aes_aes_op(struct program *p,
SEQFIFOLOAD(p, MSG1, 0, VLF | LAST1 | FLUSH1);
MOVEB(p, CONTEXT1, 0, MATH3, 0, 4, WAITCOMP | IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
+
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
CLRW_CLR_C1CTX |
@@ -1070,6 +1075,11 @@ pdcp_insert_uplane_aes_aes_op(struct program *p,
MOVEB(p, OFIFO, 0, MATH3, 0, 4, IMMED);
+ /* conditional jump with calm added to ensure that the
+ * previous processing has been completed
+ */
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
+
LOAD(p, CLRW_RESET_CLS1_CHA |
CLRW_CLR_C1KEY |
CLRW_CLR_C1CTX |
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
2024-07-03 10:26 ` [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err Gagandeep Singh
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 04/11] common/dpaax: caamflib change desc sharing mode Gagandeep Singh
` (7 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena, Akhil Goyal; +Cc: stable
During IPsec operations, driver code pre-check
whether KEYS can be inlined to limited size descriptor
or not and based on that it decides to copy the complete
KEY in descriptor or just give the memory pointer of
KEY in descriptor.
This pre-check code does not take care of padding required
for security engine to make the KEYs inline which results
in incorrect length descriptor for some algorithms.
This patch fixes this issue by updating the pre-check code
with proper padding size included for each supported
algorithm.
Fixes: 453b9593a3cf ("crypto/dpaax_sec: fix inline query for descriptors")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++++++++++++++++
drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +-
2 files changed, 75 insertions(+), 2 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h
index eff26f6f8b..b902873970 100644
--- a/drivers/common/dpaax/caamflib/desc/ipsec.h
+++ b/drivers/common/dpaax/caamflib/desc/ipsec.h
@@ -728,6 +728,79 @@ static inline void __gen_auth_key(struct program *program,
authdata->key, authdata->key_type);
}
+/**
+ * rta_inline_ipsec_query() - Provide indications on which data items can be inlined
+ * and which shall be referenced in IPsec shared descriptor.
+ * @sd_base_len: Shared descriptor base length - bytes consumed by the commands,
+ * excluding the data items to be inlined (or corresponding
+ * pointer if an item is not inlined). Each cnstr_* function that
+ * generates descriptors should have a define mentioning
+ * corresponding length.
+ * @jd_len: Maximum length of the job descriptor(s) that will be used
+ * together with the shared descriptor.
+ * @data_len: Array of lengths of the data items trying to be inlined
+ * @inl_mask: 32bit mask with bit x = 1 if data item x can be inlined, 0
+ * otherwise.
+ * @count: Number of data items (size of @data_len array); must be <= 32
+ * @auth_algtype: Authentication algorithm type.
+ * @auth_index: Index value of data_len for authentication key length.
+ * -1 if authentication key length is not present in data_len.
+ *
+ * Return: 0 if data can be inlined / referenced, negative value if not. If 0,
+ * check @inl_mask for details.
+ */
+static inline int
+rta_inline_ipsec_query(unsigned int sd_base_len,
+ unsigned int jd_len,
+ unsigned int *data_len,
+ uint32_t *inl_mask,
+ unsigned int count,
+ uint32_t auth_algtype,
+ int32_t auth_index)
+{
+ uint32_t dkp_protid;
+
+ switch (auth_algtype & OP_PCL_IPSEC_AUTH_MASK) {
+ case OP_PCL_IPSEC_HMAC_MD5_96:
+ case OP_PCL_IPSEC_HMAC_MD5_128:
+ dkp_protid = OP_PCLID_DKP_MD5;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA1_96:
+ case OP_PCL_IPSEC_HMAC_SHA1_160:
+ dkp_protid = OP_PCLID_DKP_SHA1;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_256_128:
+ dkp_protid = OP_PCLID_DKP_SHA256;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_384_192:
+ dkp_protid = OP_PCLID_DKP_SHA384;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_512_256:
+ dkp_protid = OP_PCLID_DKP_SHA512;
+ break;
+ case OP_PCL_IPSEC_HMAC_SHA2_224_96:
+ case OP_PCL_IPSEC_HMAC_SHA2_224_112:
+ case OP_PCL_IPSEC_HMAC_SHA2_224_224:
+ dkp_protid = OP_PCLID_DKP_SHA224;
+ break;
+ default:
+ return rta_inline_query(sd_base_len,
+ jd_len,
+ data_len,
+ inl_mask, count);
+ }
+
+ /* Updating the maximum supported inline key length */
+ if (auth_index != -1) {
+ if (split_key_len(dkp_protid) > data_len[auth_index])
+ data_len[auth_index] = split_key_len(dkp_protid);
+ }
+ return rta_inline_query(sd_base_len,
+ jd_len,
+ data_len,
+ inl_mask, count);
+}
+
/**
* cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared
* descriptor.
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 44528eaf7f..679f78c4b9 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -395,10 +395,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses)
cdb->sh_desc[0] = cipherdata.keylen;
cdb->sh_desc[1] = authdata.keylen;
- err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
+ err = rta_inline_ipsec_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
DESC_JOB_IO_LEN,
(unsigned int *)cdb->sh_desc,
- &cdb->sh_desc[2], 2);
+ &cdb->sh_desc[2], 2, authdata.algtype, 1);
if (err < 0) {
DPAA_SEC_ERR("Crypto: Incorrect key lengths");
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 04/11] common/dpaax: caamflib change desc sharing mode
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (2 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 05/11] crypto/dpaa_sec: improve return value for retired queues Gagandeep Singh
` (6 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena
Updating sharing mode for aes-aes and null-aes
pdcp test cases to SHR_ALWAYS.
This patch avoid Invalid key SEC err issue.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 0ed9eec816..bc35114cf4 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -2349,7 +2349,7 @@ cnstr_shdsc_pdcp_c_plane_encap(uint32_t *descbuf,
{ /* NULL */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* SNOW f8 */
@@ -2361,7 +2361,7 @@ cnstr_shdsc_pdcp_c_plane_encap(uint32_t *descbuf,
{ /* AES CTR */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* ZUC-E */
@@ -2489,7 +2489,7 @@ cnstr_shdsc_pdcp_c_plane_decap(uint32_t *descbuf,
{ /* NULL */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* SNOW f8 */
@@ -2501,7 +2501,7 @@ cnstr_shdsc_pdcp_c_plane_decap(uint32_t *descbuf,
{ /* AES CTR */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* ZUC-E */
@@ -2654,7 +2654,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
{ /* NULL */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* SNOW f8 */
@@ -2666,7 +2666,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
{ /* AES CTR */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* ZUC-E */
@@ -2839,7 +2839,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
{ /* NULL */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* SNOW f8 */
@@ -2851,7 +2851,7 @@ cnstr_shdsc_pdcp_u_plane_decap(uint32_t *descbuf,
{ /* AES CTR */
SHR_WAIT, /* NULL */
SHR_WAIT, /* SNOW f9 */
- SHR_WAIT, /* AES CMAC */
+ SHR_ALWAYS, /* AES CMAC */
SHR_WAIT /* ZUC-I */
},
{ /* ZUC-E */
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 05/11] crypto/dpaa_sec: improve return value for retired queues
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (3 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 04/11] common/dpaax: caamflib change desc sharing mode Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 06/11] crypto/dpaax_sec: improve non-supported algo logs Gagandeep Singh
` (5 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Sachin Saxena
This patch improves the return value for retired queues
to enchance debugging prints.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/bus/dpaa/base/qbman/qman.c | 5 +++--
drivers/crypto/dpaa_sec/dpaa_sec.c | 10 +++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/bus/dpaa/base/qbman/qman.c b/drivers/bus/dpaa/base/qbman/qman.c
index 6d2fbdcf02..9975271ba2 100644
--- a/drivers/bus/dpaa/base/qbman/qman.c
+++ b/drivers/bus/dpaa/base/qbman/qman.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
*
* Copyright 2008-2016 Freescale Semiconductor Inc.
- * Copyright 2017,2019-2023 NXP
+ * Copyright 2017,2019-2024 NXP
*
*/
@@ -1746,9 +1746,10 @@ int qman_retire_fq(struct qman_fq *fq, u32 *flags)
int rval;
u8 res;
+ /* Queue is already in retire or oos state */
if ((fq->state != qman_fq_state_parked) &&
(fq->state != qman_fq_state_sched))
- return -EINVAL;
+ return 0;
#ifdef RTE_LIBRTE_DPAA_HWDEBUG
if (unlikely(fq_isset(fq, QMAN_FQ_FLAG_NO_MODIFY)))
return -EINVAL;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 679f78c4b9..105274e49e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (c) 2016 Freescale Semiconductor, Inc. All rights reserved.
- * Copyright 2017-2022 NXP
+ * Copyright 2017-2024 NXP
*
*/
@@ -2504,11 +2504,15 @@ static int
dpaa_sec_detach_rxq(struct dpaa_sec_dev_private *qi, struct qman_fq *fq)
{
unsigned int i;
+ int ret;
for (i = 0; i < RTE_DPAA_MAX_RX_QUEUE; i++) {
if (&qi->inq[i] == fq) {
- if (qman_retire_fq(fq, NULL) != 0)
- DPAA_SEC_DEBUG("Queue is not retired\n");
+ ret = qman_retire_fq(fq, NULL);
+ if (ret != 0)
+ DPAA_SEC_ERR("Queue %d is not retired"
+ " err: %d\n", fq->fqid,
+ ret);
qman_oos_fq(fq);
qi->inq_attach[i] = 0;
return 0;
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 06/11] crypto/dpaax_sec: improve non-supported algo logs
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (4 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 05/11] crypto/dpaa_sec: improve return value for retired queues Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 07/11] crypto/dpaa2_sec: adding session update API support Gagandeep Singh
` (4 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch improves the debug logs for un-supported algo sessions.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 128 +++++---------------
drivers/crypto/dpaa_sec/dpaa_sec.c | 56 ++++-----
2 files changed, 53 insertions(+), 131 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1cae6c4505..922a35e3ee 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1378,9 +1378,10 @@ build_sec_fd(struct rte_crypto_op *op,
case DPAA2_SEC_PDCP:
ret = build_proto_compound_sg_fd(sess, op, fd, bpid);
break;
- case DPAA2_SEC_HASH_CIPHER:
default:
- DPAA2_SEC_ERR("error: Unsupported session");
+ DPAA2_SEC_ERR("error: Unsupported session %d",
+ sess->ctxt_type);
+ ret = -ENOTSUP;
}
} else {
switch (sess->ctxt_type) {
@@ -1402,9 +1403,9 @@ build_sec_fd(struct rte_crypto_op *op,
case DPAA2_SEC_PDCP:
ret = build_proto_compound_fd(sess, op, fd, bpid, qp);
break;
- case DPAA2_SEC_HASH_CIPHER:
default:
- DPAA2_SEC_ERR("error: Unsupported session");
+ DPAA2_SEC_ERR("error: Unsupported session%d",
+ sess->ctxt_type);
ret = -ENOTSUP;
}
}
@@ -2169,20 +2170,9 @@ dpaa2_sec_cipher_init(struct rte_crypto_sym_xform *xform,
&cipherdata,
session->dir);
break;
- case RTE_CRYPTO_CIPHER_KASUMI_F8:
- case RTE_CRYPTO_CIPHER_AES_F8:
- case RTE_CRYPTO_CIPHER_AES_ECB:
- case RTE_CRYPTO_CIPHER_3DES_ECB:
- case RTE_CRYPTO_CIPHER_3DES_CTR:
- case RTE_CRYPTO_CIPHER_AES_XTS:
- case RTE_CRYPTO_CIPHER_ARC4:
- case RTE_CRYPTO_CIPHER_NULL:
- DPAA2_SEC_ERR("Crypto: Unsupported Cipher alg %u",
- xform->cipher.algo);
- ret = -ENOTSUP;
- goto error_out;
default:
- DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %u",
+ DPAA2_SEC_ERR("Crypto: Unsupported Cipher alg %s (%u)",
+ rte_cryptodev_get_cipher_algo_string(xform->cipher.algo),
xform->cipher.algo);
ret = -ENOTSUP;
goto error_out;
@@ -2407,23 +2397,16 @@ dpaa2_sec_auth_init(struct rte_crypto_sym_xform *xform,
!session->dir,
session->digest_length);
break;
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
- case RTE_CRYPTO_AUTH_AES_GMAC:
- case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_NULL:
- DPAA2_SEC_ERR("Crypto: Unsupported auth alg %un",
- xform->auth.algo);
- ret = -ENOTSUP;
- goto error_out;
default:
- DPAA2_SEC_ERR("Crypto: Undefined Auth specified %u",
- xform->auth.algo);
+ DPAA2_SEC_ERR("Crypto: Unsupported Auth alg %s (%u)",
+ rte_cryptodev_get_auth_algo_string(xform->auth.algo),
+ xform->auth.algo);
ret = -ENOTSUP;
goto error_out;
}
if (bufsize < 0) {
- DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+ DPAA2_SEC_ERR("Crypto: Invalid SEC-DESC buffer length");
ret = -EINVAL;
goto error_out;
}
@@ -2500,14 +2483,11 @@ dpaa2_sec_aead_init(struct rte_crypto_sym_xform *xform,
aeaddata.algmode = OP_ALG_AAI_GCM;
session->aead_alg = RTE_CRYPTO_AEAD_AES_GCM;
break;
- case RTE_CRYPTO_AEAD_AES_CCM:
- DPAA2_SEC_ERR("Crypto: Unsupported AEAD alg %u",
- aead_xform->algo);
- ret = -ENOTSUP;
- goto error_out;
default:
- DPAA2_SEC_ERR("Crypto: Undefined AEAD specified %u",
- aead_xform->algo);
+
+ DPAA2_SEC_ERR("Crypto: Unsupported AEAD alg %s (%u)",
+ rte_cryptodev_get_aead_algo_string(aead_xform->algo),
+ aead_xform->algo);
ret = -ENOTSUP;
goto error_out;
}
@@ -2545,7 +2525,7 @@ dpaa2_sec_aead_init(struct rte_crypto_sym_xform *xform,
&aeaddata, session->iv.length,
session->digest_length);
if (bufsize < 0) {
- DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+ DPAA2_SEC_ERR("Crypto: Invalid SEC-DESC buffer length");
ret = -EINVAL;
goto error_out;
}
@@ -2680,24 +2660,9 @@ dpaa2_sec_aead_chain_init(struct rte_crypto_sym_xform *xform,
authdata.algmode = OP_ALG_AAI_CMAC;
session->auth_alg = RTE_CRYPTO_AUTH_AES_CMAC;
break;
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
- case RTE_CRYPTO_AUTH_AES_GMAC:
- case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
- case RTE_CRYPTO_AUTH_NULL:
- case RTE_CRYPTO_AUTH_SHA1:
- case RTE_CRYPTO_AUTH_SHA256:
- case RTE_CRYPTO_AUTH_SHA512:
- case RTE_CRYPTO_AUTH_SHA224:
- case RTE_CRYPTO_AUTH_SHA384:
- case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_ZUC_EIA3:
- DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
- auth_xform->algo);
- ret = -ENOTSUP;
- goto error_out;
default:
- DPAA2_SEC_ERR("Crypto: Undefined Auth specified %u",
+ DPAA2_SEC_ERR("Crypto: Undefined Auth specified %s (%u)",
+ rte_cryptodev_get_auth_algo_string(auth_xform->algo),
auth_xform->algo);
ret = -ENOTSUP;
goto error_out;
@@ -2728,20 +2693,10 @@ dpaa2_sec_aead_chain_init(struct rte_crypto_sym_xform *xform,
cipherdata.algmode = OP_ALG_AAI_CTR;
session->cipher_alg = RTE_CRYPTO_CIPHER_AES_CTR;
break;
- case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
- case RTE_CRYPTO_CIPHER_ZUC_EEA3:
- case RTE_CRYPTO_CIPHER_NULL:
- case RTE_CRYPTO_CIPHER_3DES_ECB:
- case RTE_CRYPTO_CIPHER_3DES_CTR:
- case RTE_CRYPTO_CIPHER_AES_ECB:
- case RTE_CRYPTO_CIPHER_KASUMI_F8:
- DPAA2_SEC_ERR("Crypto: Unsupported Cipher alg %u",
- cipher_xform->algo);
- ret = -ENOTSUP;
- goto error_out;
default:
- DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %u",
- cipher_xform->algo);
+ DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %s (%u)",
+ rte_cryptodev_get_cipher_algo_string(cipher_xform->algo),
+ cipher_xform->algo);
ret = -ENOTSUP;
goto error_out;
}
@@ -2784,7 +2739,7 @@ dpaa2_sec_aead_chain_init(struct rte_crypto_sym_xform *xform,
session->digest_length,
session->dir);
if (bufsize < 0) {
- DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+ DPAA2_SEC_ERR("Crypto: Invalid SEC-DESC buffer length");
ret = -EINVAL;
goto error_out;
}
@@ -3041,22 +2996,9 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_NULL:
authdata->algtype = OP_PCL_IPSEC_HMAC_NULL;
break;
- case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
- case RTE_CRYPTO_AUTH_SHA1:
- case RTE_CRYPTO_AUTH_SHA256:
- case RTE_CRYPTO_AUTH_SHA512:
- case RTE_CRYPTO_AUTH_SHA224:
- case RTE_CRYPTO_AUTH_SHA384:
- case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
- case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
- case RTE_CRYPTO_AUTH_ZUC_EIA3:
- DPAA2_SEC_ERR("Crypto: Unsupported auth alg %u",
- session->auth_alg);
- return -ENOTSUP;
default:
- DPAA2_SEC_ERR("Crypto: Undefined Auth specified %u",
+ DPAA2_SEC_ERR("Crypto: Unsupported auth alg %s (%u)",
+ rte_cryptodev_get_auth_algo_string(session->auth_alg),
session->auth_alg);
return -ENOTSUP;
}
@@ -3085,18 +3027,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_CIPHER_NULL:
cipherdata->algtype = OP_PCL_IPSEC_NULL;
break;
- case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
- case RTE_CRYPTO_CIPHER_ZUC_EEA3:
- case RTE_CRYPTO_CIPHER_3DES_ECB:
- case RTE_CRYPTO_CIPHER_3DES_CTR:
- case RTE_CRYPTO_CIPHER_AES_ECB:
- case RTE_CRYPTO_CIPHER_KASUMI_F8:
- DPAA2_SEC_ERR("Crypto: Unsupported Cipher alg %u",
- session->cipher_alg);
- return -ENOTSUP;
default:
- DPAA2_SEC_ERR("Crypto: Undefined Cipher specified %u",
- session->cipher_alg);
+ DPAA2_SEC_ERR("Crypto: Unsupported Cipher alg %s (%u)",
+ rte_cryptodev_get_cipher_algo_string(session->cipher_alg),
+ session->cipher_alg);
return -ENOTSUP;
}
@@ -3380,7 +3314,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
goto out;
if (bufsize < 0) {
- DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+ DPAA2_SEC_ERR("Crypto: Invalid SEC-DESC buffer length");
goto out;
}
@@ -3679,7 +3613,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
}
if (bufsize < 0) {
- DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+ DPAA2_SEC_ERR("Crypto: Invalid SEC-DESC buffer length");
goto out;
}
@@ -3739,7 +3673,7 @@ dpaa2_sec_security_session_create(void *dev,
return -EINVAL;
}
if (ret != 0) {
- DPAA2_SEC_ERR("Failed to configure session parameters");
+ DPAA2_SEC_DEBUG("Failed to configure session parameters %d", ret);
return ret;
}
@@ -3781,7 +3715,7 @@ dpaa2_sec_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
ret = dpaa2_sec_set_session_parameters(xform, sess_private_data);
if (ret != 0) {
- DPAA2_SEC_ERR("Failed to configure session parameters");
+ DPAA2_SEC_DEBUG("Failed to configure session parameters %d", ret);
/* Return session to mempool */
return ret;
}
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 105274e49e..453066fded 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -495,7 +495,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->dir);
break;
default:
- DPAA_SEC_ERR("unsupported cipher alg %d",
+ DPAA_SEC_ERR("unsupported cipher alg %s (%d)",
+ rte_cryptodev_get_cipher_algo_string(ses->cipher_alg),
ses->cipher_alg);
return -ENOTSUP;
}
@@ -556,7 +557,9 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->digest_length);
break;
default:
- DPAA_SEC_ERR("unsupported auth alg %u", ses->auth_alg);
+ DPAA_SEC_ERR("unsupported auth alg %s (%u)",
+ rte_cryptodev_get_auth_algo_string(ses->auth_alg),
+ ses->auth_alg);
}
break;
case DPAA_SEC_AEAD:
@@ -635,9 +638,8 @@ dpaa_sec_prep_cdb(dpaa_sec_session *ses)
ses->iv.length,
ses->digest_length, ses->dir);
break;
- case DPAA_SEC_HASH_CIPHER:
default:
- DPAA_SEC_ERR("error: Unsupported session");
+ DPAA_SEC_ERR("error: Unsupported session %d", ses->ctxt);
return -ENOTSUP;
}
@@ -2221,8 +2223,9 @@ dpaa_sec_cipher_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.alg = OP_ALG_ALGSEL_ZUCE;
break;
default:
- DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
- xform->cipher.algo);
+ DPAA_SEC_ERR("Crypto: Unsupported Cipher specified %s (%u)",
+ rte_cryptodev_get_cipher_algo_string(xform->cipher.algo),
+ xform->cipher.algo);
return -ENOTSUP;
}
session->dir = (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) ?
@@ -2323,7 +2326,8 @@ dpaa_sec_auth_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
default:
- DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
+ DPAA_SEC_ERR("Crypto: Unsupported Auth specified %s (%u)",
+ rte_cryptodev_get_auth_algo_string(xform->auth.algo),
xform->auth.algo);
return -ENOTSUP;
}
@@ -2412,7 +2416,8 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->auth_key.algmode = OP_ALG_AAI_CMAC;
break;
default:
- DPAA_SEC_ERR("Crypto: Unsupported Auth specified %u",
+ DPAA_SEC_ERR("Crypto: Unsupported Auth specified %s (%u)",
+ rte_cryptodev_get_auth_algo_string(auth_xform->algo),
auth_xform->algo);
return -ENOTSUP;
}
@@ -2437,7 +2442,9 @@ dpaa_sec_chain_init(struct rte_cryptodev *dev __rte_unused,
session->cipher_key.algmode = OP_ALG_AAI_CTR;
break;
default:
- DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
+
+ DPAA_SEC_ERR("Crypto: Undefined Cipher specified %s (%u)",
+ rte_cryptodev_get_cipher_algo_string(cipher_xform->algo),
cipher_xform->algo);
return -ENOTSUP;
}
@@ -2849,22 +2856,9 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
session->auth_key.alg = OP_PCL_IPSEC_AES_XCBC_MAC_96;
session->auth_key.algmode = OP_ALG_AAI_XCBC_MAC;
break;
- case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
- case RTE_CRYPTO_AUTH_SHA1:
- case RTE_CRYPTO_AUTH_SHA256:
- case RTE_CRYPTO_AUTH_SHA512:
- case RTE_CRYPTO_AUTH_SHA224:
- case RTE_CRYPTO_AUTH_SHA384:
- case RTE_CRYPTO_AUTH_MD5:
- case RTE_CRYPTO_AUTH_AES_GMAC:
- case RTE_CRYPTO_AUTH_KASUMI_F9:
- case RTE_CRYPTO_AUTH_AES_CBC_MAC:
- case RTE_CRYPTO_AUTH_ZUC_EIA3:
- DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
- session->auth_alg);
- return -ENOTSUP;
default:
- DPAA_SEC_ERR("Crypto: Undefined Auth specified %u",
+ DPAA_SEC_ERR("Crypto: Unsupported auth alg %s (%u)",
+ rte_cryptodev_get_auth_algo_string(session->auth_alg),
session->auth_alg);
return -ENOTSUP;
}
@@ -2896,16 +2890,9 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_CIPHER_NULL:
session->cipher_key.alg = OP_PCL_IPSEC_NULL;
break;
- case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
- case RTE_CRYPTO_CIPHER_ZUC_EEA3:
- case RTE_CRYPTO_CIPHER_3DES_ECB:
- case RTE_CRYPTO_CIPHER_AES_ECB:
- case RTE_CRYPTO_CIPHER_KASUMI_F8:
- DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %u",
- session->cipher_alg);
- return -ENOTSUP;
default:
- DPAA_SEC_ERR("Crypto: Undefined Cipher specified %u",
+ DPAA_SEC_ERR("Crypto: Unsupported Cipher alg %s (%u)",
+ rte_cryptodev_get_cipher_algo_string(session->cipher_alg),
session->cipher_alg);
return -ENOTSUP;
}
@@ -3181,7 +3168,8 @@ dpaa_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->auth_key.alg = PDCP_AUTH_TYPE_NULL;
break;
default:
- DPAA_SEC_ERR("Crypto: Unsupported auth alg %u",
+ DPAA_SEC_ERR("Crypto: Unsupported auth alg %s (%u)",
+ rte_cryptodev_get_auth_algo_string(session->auth_alg),
session->auth_alg);
rte_free(session->cipher_key.data);
return -EINVAL;
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 07/11] crypto/dpaa2_sec: adding session update API support
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (5 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 06/11] crypto/dpaax_sec: improve non-supported algo logs Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 08/11] crypto/dpaa2_sec: add a check on nb desc Gagandeep Singh
` (3 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch add support for Session Update API for RTE Security sessions.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 37 +++++++++++++++++++--
1 file changed, 34 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 922a35e3ee..4f80cfea5e 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3134,8 +3134,11 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
if (ipsec_xform->options.iv_gen_disable == 0)
encap_pdb.options |= PDBOPTS_ESP_IVSRC;
- if (ipsec_xform->options.esn)
+ if (ipsec_xform->options.esn) {
encap_pdb.options |= PDBOPTS_ESP_ESN;
+ encap_pdb.seq_num_ext_hi = conf->ipsec.esn.hi;
+ encap_pdb.seq_num = conf->ipsec.esn.low;
+ }
if (ipsec_xform->options.copy_dscp)
encap_pdb.options |= PDBOPTS_ESP_DIFFSERV;
if (ipsec_xform->options.ecn)
@@ -3264,8 +3267,11 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
} else {
decap_pdb.options = sizeof(struct rte_ipv6_hdr) << 16;
}
- if (ipsec_xform->options.esn)
+ if (ipsec_xform->options.esn) {
decap_pdb.options |= PDBOPTS_ESP_ESN;
+ decap_pdb.seq_num_ext_hi = conf->ipsec.esn.hi;
+ decap_pdb.seq_num = conf->ipsec.esn.low;
+ }
if (ipsec_xform->options.copy_dscp)
decap_pdb.options |= PDBOPTS_ESP_DIFFSERV;
if (ipsec_xform->options.ecn)
@@ -3699,6 +3705,31 @@ dpaa2_sec_security_session_destroy(void *dev __rte_unused,
return 0;
}
+static int
+dpaa2_sec_security_session_update(void *dev,
+ struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev;
+ void *sess_private_data = SECURITY_GET_SESS_PRIV(sess);
+ int ret;
+
+ if (conf->protocol != RTE_SECURITY_PROTOCOL_IPSEC &&
+ conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS)
+ return -ENOTSUP;
+
+ dpaa2_sec_security_session_destroy(dev, sess);
+
+ ret = dpaa2_sec_set_ipsec_session(cdev, conf,
+ sess_private_data);
+ if (ret != 0) {
+ DPAA2_SEC_DEBUG("Failed to configure session parameters %d", ret);
+ return ret;
+ }
+
+ return ret;
+}
+
static unsigned int
dpaa2_sec_security_session_get_size(void *device __rte_unused)
{
@@ -4153,7 +4184,7 @@ dpaa2_sec_capabilities_get(void *device __rte_unused)
static const struct rte_security_ops dpaa2_sec_security_ops = {
.session_create = dpaa2_sec_security_session_create,
- .session_update = NULL,
+ .session_update = dpaa2_sec_security_session_update,
.session_get_size = dpaa2_sec_security_session_get_size,
.session_stats_get = NULL,
.session_destroy = dpaa2_sec_security_session_destroy,
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 08/11] crypto/dpaa2_sec: add a check on nb desc
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (6 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 07/11] crypto/dpaa2_sec: adding session update API support Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 09/11] crypto/dpaa2_sec: initialize the authdata Gagandeep Singh
` (2 subsequent siblings)
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal
This patch add preventive check for the validity of nb descriptors
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 4f80cfea5e..88cca1b429 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2015,6 +2015,13 @@ dpaa2_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
return 0;
}
+ if (qp_conf->nb_descriptors < (2 * FLE_POOL_CACHE_SIZE)) {
+ DPAA2_SEC_ERR("Minimum supported nb_descriptors %d,"
+ " but given %d\n", (2 * FLE_POOL_CACHE_SIZE),
+ qp_conf->nb_descriptors);
+ return -EINVAL;
+ }
+
DPAA2_SEC_DEBUG("dev =%p, queue =%d, conf =%p",
dev, qp_id, qp_conf);
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 09/11] crypto/dpaa2_sec: initialize the authdata
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (7 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 08/11] crypto/dpaa2_sec: add a check on nb desc Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 10/11] crypto/dpaa2_sec: initialize esp sequence number Gagandeep Singh
2024-07-03 10:26 ` [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue Gagandeep Singh
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch memset the authdata to 0.
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 88cca1b429..e115007cfd 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2218,6 +2218,8 @@ dpaa2_sec_auth_init(struct rte_crypto_sym_xform *xform,
PMD_INIT_FUNC_TRACE();
+ memset(&authdata, 0, sizeof(authdata));
+
/* For SEC AUTH three descriptors are required for various stages */
priv = (struct ctxt_priv *)rte_zmalloc(NULL,
sizeof(struct ctxt_priv) + 3 *
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 10/11] crypto/dpaa2_sec: initialize esp sequence number
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (8 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 09/11] crypto/dpaa2_sec: initialize the authdata Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
2024-07-03 10:26 ` [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue Gagandeep Singh
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal
Initialize the sequence number of ESP to 1.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index e115007cfd..eed66d721f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3143,6 +3143,11 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
if (ipsec_xform->options.iv_gen_disable == 0)
encap_pdb.options |= PDBOPTS_ESP_IVSRC;
+ /* Initializing the sequence number to 1, Security
+ * engine will choose this sequence number for first packet
+ * Refer: RFC4303 section: 3.3.3.Sequence Number Generation
+ */
+ encap_pdb.seq_num = 1;
if (ipsec_xform->options.esn) {
encap_pdb.options |= PDBOPTS_ESP_ESN;
encap_pdb.seq_num_ext_hi = conf->ipsec.esn.hi;
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
` (9 preceding siblings ...)
2024-07-03 10:26 ` [PATCH 10/11] crypto/dpaa2_sec: initialize esp sequence number Gagandeep Singh
@ 2024-07-03 10:26 ` Gagandeep Singh
10 siblings, 0 replies; 13+ messages in thread
From: Gagandeep Singh @ 2024-07-03 10:26 UTC (permalink / raw)
To: dev, Hemant Agrawal, Akhil Goyal, Ashish Jain; +Cc: Jun Yang, stable
From: Jun Yang <jun.yang@nxp.com>
Context configured should be aligned with context got in dq process.
Here the rx_vq is just the first element of qp which covers the issue.
Fixes: bffc7d561c81 ("crypto/dpaa2_sec: support event crypto adapter")
Cc: stable@dpdk.org
Signed-off-by: Jun Yang <jun.yang@nxp.com>
---
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index eed66d721f..b35bba3bdd 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -4103,7 +4103,7 @@ dpaa2_sec_eventq_attach(const struct rte_cryptodev *dev,
cfg.dest_cfg.priority = priority;
cfg.options |= DPSECI_QUEUE_OPT_USER_CTX;
- cfg.user_ctx = (size_t)(qp);
+ cfg.user_ctx = (size_t)(&qp->rx_vq);
if (event->sched_type == RTE_SCHED_TYPE_ATOMIC) {
cfg.options |= DPSECI_QUEUE_OPT_ORDER_PRESERVATION;
cfg.order_preservation_en = 1;
--
2.25.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: [EXTERNAL] [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES wdog DECO err
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
@ 2024-07-03 17:25 ` Akhil Goyal
0 siblings, 0 replies; 13+ messages in thread
From: Akhil Goyal @ 2024-07-03 17:25 UTC (permalink / raw)
To: Gagandeep Singh, dev, Hemant Agrawal, Sachin Saxena, Vakul Garg
Cc: Varun Sethi, stable
> From: Varun Sethi <v.sethi@nxp.com>
>
> Adding a Jump instruction with CALM flag to ensure
> previous processing has been completed.
>
> Fixes: 8827d94398f1 ("crypto/dpaa2_sec/hw: support AES-AES 18-bit PDCP")
> Cc: vakul.garg@nxp.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Signed-off-by: Varun Sethi <v.sethi@nxp.com>
Series applied to dpdk-next-crypto
Updated .mailmap for Varun
Updated patch titles for most of the patches. Please review.
Thanks.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2024-07-03 17:25 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-03 10:26 [PATCH 00/11] DPAA and DPAA2 crypto specific fixes Gagandeep Singh
2024-07-03 10:26 ` [PATCH 01/11] common/dpaax: caamflib: fix PDCP-SDAP wdog DECO err Gagandeep Singh
2024-07-03 10:26 ` [PATCH 02/11] common/dpaax: caamflib: fix PDCP AES-AES " Gagandeep Singh
2024-07-03 17:25 ` [EXTERNAL] " Akhil Goyal
2024-07-03 10:26 ` [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc Gagandeep Singh
2024-07-03 10:26 ` [PATCH 04/11] common/dpaax: caamflib change desc sharing mode Gagandeep Singh
2024-07-03 10:26 ` [PATCH 05/11] crypto/dpaa_sec: improve return value for retired queues Gagandeep Singh
2024-07-03 10:26 ` [PATCH 06/11] crypto/dpaax_sec: improve non-supported algo logs Gagandeep Singh
2024-07-03 10:26 ` [PATCH 07/11] crypto/dpaa2_sec: adding session update API support Gagandeep Singh
2024-07-03 10:26 ` [PATCH 08/11] crypto/dpaa2_sec: add a check on nb desc Gagandeep Singh
2024-07-03 10:26 ` [PATCH 09/11] crypto/dpaa2_sec: initialize the authdata Gagandeep Singh
2024-07-03 10:26 ` [PATCH 10/11] crypto/dpaa2_sec: initialize esp sequence number Gagandeep Singh
2024-07-03 10:26 ` [PATCH 11/11] crypto/dpaa2_sec: fix issue of user ctxt for Event queue Gagandeep Singh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).