summaryrefslogtreecommitdiffstats
path: root/src/vnet/crypto/crypto.c
AgeCommit message (Collapse)AuthorFilesLines
2022-01-05crypto: encrypt/decrypt queues sw_schedulerJakub Wysocki1-18/+85
Type: improvement Previously multiple sw crypto scheduler queues per core design caused unaverage frame processing rate for each async op ID – the lower the op ID is the highly likely they are processed first. For example, when a RX core is feeding both encryption and decryption jobs of the same crypto algorithm to the queues at a high rate, in the mean time the crypto cores have no enough cycles to process all: the jobs in the decryption queue are less likely being processed, causing packet drop. To improve the situation this patch makes every core only owning a two queues, one for encrypt operations and one for decrypt. The queue is changed either after checking each core or after founding a frame to process. All crypto jobs with different algorithm are pushed to thoses queues and are treated evenly. In addition, the crypto async infra now uses unified dequeue handler, one per engine. Only the active engine will be registered its dequeue handler in crypto main. Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Jakub Wysocki <jakubx.wysocki@intel.com> Change-Id: I517ee8e31633980de5e0dd4b05e1d5db5dea760e
2021-10-26crypto: add barrier in crypto key addGabriel Oginski1-0/+12
Originally the pool of keys can be expand and cache with pointer for key can be invalid. For example in Wireguard during handshake process this pool can be expand and pointer for these keys in cache can be invalid for workers or can has incorrect value (poison memory). The fixes add barrier if the pool needs be to expand to ensure that cache in function will be valid and avoid situation when cache has invalid pointer for these keys. Type: fix Signed-off-by: Gabriel Oginski <gabrielx.oginski@intel.com> Change-Id: Ida8f300213dfebb91ecaf1937fb08de81c20ba7b
2021-05-05crypto crypto-openssl: support hashing operationsFilip Tehlar1-1/+26
Type: feature Change-Id: I36041fe5c5f0ff129aee42516189807e96f62123 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2021-04-20crypto: support async handlers for 3des and md5Alexander Chernavin1-3/+3
With this change, add support for 3DES and MD5 in IPsec async mode. After changes in foreach_crypto_link_async_alg, the last combination in the list (aes-256-cbc-hmac-sha-512) started to fail during decription. That was also fixed by proper vector size validation. Type: improvement Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I660657bdab62ea9cf031c3e43d99f2317e5f74d7
2021-04-09dpdk: selection of cryptodev engine data-pathFan Zhang1-2/+3
Type: improvement This patch combined cryptodev op and cryptodev raw API data paths into one and makes the engine run-timely select which data path is used: if all cryptodev devices support RTE_CRYPTODEV_FF_SYM_RAW_DP feature flag, the raw data path API is used, otherwise the traditional data path is used. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: Ibbd7c4405288bd9a48a34878954fd3040df7b4ad
2021-03-26vlib: introduce vlib_get_main_by_index(), vlib_get_n_threads()Damjan Marion1-8/+9
Type: improvement Change-Id: If3da7d4338470912f37ff1794620418d928fb77f Signed-off-by: Damjan Marion <damarion@cisco.com>
2021-02-26crypto: fix coverity issue 218445Piotr Bronowski1-3/+0
Fixes coverity issue CID 218445 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement: return 4294967295U;. Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibf8ee0458320d20c3adca2efa2a4bfad7c190dbe
2021-01-20crypto: fixed vnet_crypto_is_set_handler()PiotrX Kleski1-1/+10
Type: fix vnet_crypto_is_set_handler() was checking if op handler is set by using alg instead of op id. This fix changes the check to use op ids from crypto_main's alg_data for provided alg. Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Change-Id: I5f0f00a889ddada44d9912af175ebad66677037a
2020-09-09crypto: change cryptodev with new cryptodev APIFan Zhang1-1/+1
Type: feature This patch updateds cryptodev engine uses new DPDK Cryptodev API planned to be upstreamed in DPDK 20.11. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrX.bronowski@intel.com> Change-Id: I8dd1a8ac643f1e952deb787e466b76ea7aa5f420
2020-09-03crypto: Add async crypto APIsNathan Skrzypczak1-4/+0
Type: feature This adds api calls for the following CLIs: * set sw_scheuduler worker <N> crypto on|off * set crypto async dispatch polling|interrupt * set crypto handler * set crypto async handler Change-Id: Ic701d149c440e42ea4575da42b9f69e4c8759602 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2020-09-03crypto: SW scheduler async crypto enginePiotrX Kleski1-17/+65
Type: feature This patch adds new sw_scheduler async crypto engine. The engine transforms async frames info sync crypto ops and delegates them to active sync engines. With the patch it is possible to increase the single worker crypto throughput by offloading the crypto workload to multiple workers. By default all workers in the system will attend the crypto workload processing. However a worker's available cycles are limited. To avail more cycles to one worker to process other workload (e.g. the worker core that handles the RX/TX and IPSec stack processing), a useful cli command is added to remove itself (or add it back later) from the heavy crypto workload but only let other workers to process the crypto. The command is: - set sw_scheduler worker <idx> crypto <on|off> It also adds new interrupt mode to async crypto dispatch node. This mode signals the node when new frames are enqueued as opposed to polling mode that continuously calls dispatch node. New cli commands: - set crypto async dispatch [polling|interrupt] - show crypto async status (displays mode and nodes' states) Signed-off-by: PiotrX Kleski <piotrx.kleski@intel.com> Signed-off-by: DariuszX Kazimierski <dariuszx.kazimierski@intel.com> Reviewed-by: Fan Zhang <roy.fan.zhang@intel.com> Change-Id: I332655f347bb9e3bc9c64166e86e393e911bdb39
2020-04-30crypto: introduce async crypto infraFan Zhang1-5/+291
Type: feature Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Dariusz Kazimierski <dariuszx.kazimierski@intel.com> Signed-off-by: Piotr Kleski <piotrx.kleski@intel.com> Change-Id: I4c3fcccf55c36842b7b48aed260fef2802b5c54b
2020-02-26crypto: fix set crypto handlersFilip Tehlar1-1/+1
Type: fix Change-Id: I9e168a87aff1882636840eb94e5509cd08885fb5 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2020-02-11ipsec: add support for chained buffersFilip Tehlar1-39/+144
Type: feature Change-Id: Ie072a7c2bbb1e4a77f7001754f01897efd30fc53 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-11-13crypto: do not crash if no crypto engine loadedBenoît Ganne1-1/+1
Do not overflow ops_handlers vector. Type: fix Change-Id: I8d5e7fb8125a7bd87ecfe6f4f1390fb9f43dad8f Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-11-12crypto: not use vec api with opt_data[VNET_CRYPTO_N_OP_IDS]Lijian Zhang1-1/+1
opt_data is defined as a array, while in some code, e.g., function vnet_crypto_get_op_type, it's used as vec. vec api is not applicable to static arraies. src/vnet/crypto/crypto.h:234:70: error: address of array 'cm->opt_data' will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion] vnet_crypto_op_data_t *od = ({ do { if ((0 > 0) && ! ((id) < ((cm->opt_data) ? (((vec_header_t *) (cm->opt_data) - 1)->len) : 0))) Type: fix Change-Id: I0b6754406e4216ca975bc1da4b5d4ce293a9bb45 Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
2019-06-25ipsec: return error if the engine backend has no handler for theNeale Ranns1-0/+8
requested alogrithm. Type: feature Change-Id: I19a9c14b2bb52ba2fc66246845b7ada73d5095d1 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-07ipsec: remove the set_key APINeale Ranns1-22/+0
there's no use case to just change the key of an SA. instead the SA should be renegociated and the new SA applied to the existing SPD entry or tunnel. the set_key functions were untested. Type: refactor Change-Id: Ib096eebaafb20be7b5501ece5a24aea038373002 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-06-05IPSEC: some CLI fixesNeale Ranns1-2/+2
Change-Id: I45618347e37440263270baf07b2f82f653f754a5 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-30crypto: enforce per-alg crypto key lengthBenoît Ganne1-2/+34
Crypto algorithms have different requirements on key length. As we do not support key stretching (eg. PBKDF2), user must provide the exact key length used by the algorithm. Failing that means low-level crypto functions might read garbage (eg. aes128_key_expand() will read 16-bytes, regardless of the key provided by the user). Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2019-04-25crypto: improve key handlingDamjan Marion1-3/+75
Change-Id: If96f661d507305da4b96cac7b1a8f14ba90676ad Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-11IPSEC-MB: Use random & non-repeating IV (VPP-1642)Neale Ranns1-2/+5
hard code IV and key lengths based on cipher. Init IV from random data, use AES instruction to rotate. Change-Id: I13a6507d12267b823c528660a903787baeba47a0 Signed-off-by: Neale Ranns <nranns@cisco.com>
2019-04-07crypto: add support for AEAD and AES-GCMDamjan Marion1-42/+76
Change-Id: Iff6f81a49b9cff5522fbb4914d47472423eac5db Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-07crypto: coverity issuesDamjan Marion1-1/+1
Change-Id: I9db1b74097c9df587b9265b14a969d347bcb731a Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-04-04crypto: pass multiple ops to handlerDamjan Marion1-6/+41
Change-Id: I438ef1f50d83560ecc608f898cfc61d7f51e1724 Signed-off-by: Damjan Marion <damarion@cisco.com>
2019-03-26crypto: add set crypto handler CLIFilip Tehlar1-8/+47
Change-Id: I40124f8d6e529256b1ccc6eb78dda9c5119b8951 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2019-03-19crypto: introduce crypto infraDamjan Marion1-0/+127
Change-Id: Ibf320b3e7b054b686f3af9a55afd5d5bda9b1048 Signed-off-by: Damjan Marion <damarion@cisco.com> Signed-off-by: Filip Tehlar <ftehlar@cisco.com>