Re: [lng-odp] [PATCH] Fixes for GCC 7

[Bill Fischofer]

On Thu, Jun 1, 2017 at 9:48 PM, Brian Brooks  wrote:
> On 06/01 15:00:28, Bill Fischofer wrote:
>> If this is a bug fix it should reference a Bug that describes in more
>> detail what is being fixed.
>
> Can you elaborate?
>
> The subject line "Fixes for GCC 7" is sufficient.

If this is fixing a bug the commit log should reference the bugzilla
entry associated with that bug.

>
>> On Thu, Jun 1, 2017 at 2:05 PM, Brian Brooks  wrote:
>> > Signed-off-by: Brian Brooks 
>> > Reviewed-by: Ola Liljedahl 
>> > Reviewed-by: Honnappa Nagarahalli 
>> > ---
>> >  configure.ac  | 5 +
>> >  platform/linux-generic/m4/configure.m4| 4 
>> >  platform/linux-generic/pktio/ipc.c| 6 --
>> >  platform/linux-generic/pktio/sysfs.c  | 2 +-
>> >  test/common_plat/validation/api/pktio/pktio.c | 4 +++-
>> >  5 files changed, 17 insertions(+), 4 deletions(-)
>> >
>> > diff --git a/configure.ac b/configure.ac
>> > index 7569ebe0..5eabe4d4 100644
>> > --- a/configure.ac
>> > +++ b/configure.ac
>> > @@ -300,6 +300,11 @@ ODP_CFLAGS="$ODP_CFLAGS -Wmissing-declarations 
>> > -Wold-style-definition -Wpointer-
>> >  ODP_CFLAGS="$ODP_CFLAGS -Wcast-align -Wnested-externs -Wcast-qual 
>> > -Wformat-nonliteral"
>> >  ODP_CFLAGS="$ODP_CFLAGS -Wformat-security -Wundef -Wwrite-strings"
>> >  ODP_CFLAGS="$ODP_CFLAGS -std=c99"
>> > +
>> > +if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
>> > +  ODP_CFLAGS="$ODP_CFLAGS -Wimplicit-fallthrough=0"
>> > +fi
>> > +
>> >  # Extra flags for example to suppress certain warning types
>> >  ODP_CFLAGS="$ODP_CFLAGS $ODP_CFLAGS_EXTRA"
>> >
>> > diff --git a/platform/linux-generic/m4/configure.m4 
>> > b/platform/linux-generic/m4/configure.m4
>> > index a2a25408..3e2978b5 100644
>> > --- a/platform/linux-generic/m4/configure.m4
>> > +++ b/platform/linux-generic/m4/configure.m4
>> > @@ -28,6 +28,10 @@ AC_LINK_IFELSE(
>> >  echo "Use newer version. For gcc > 4.7.0"
>> >  exit -1)
>> >
>> > +if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
>> > +  AM_LDFLAGS="$AM_LDFLAGS -latomic"
>> > +fi
>> > +
>> >  m4_include([platform/linux-generic/m4/odp_pthread.m4])
>> >  m4_include([platform/linux-generic/m4/odp_openssl.m4])
>> >  m4_include([platform/linux-generic/m4/odp_pcap.m4])
>> > diff --git a/platform/linux-generic/pktio/ipc.c 
>> > b/platform/linux-generic/pktio/ipc.c
>> > index 06175e5a..29c3a546 100644
>> > --- a/platform/linux-generic/pktio/ipc.c
>> > +++ b/platform/linux-generic/pktio/ipc.c
>> > @@ -694,8 +694,10 @@ static int ipc_close(pktio_entry_t *pktio_entry)
>> >
>> > if (sscanf(dev, "ipc:%d:%s", &pid, tail) == 2)
>> > snprintf(name, sizeof(name), "ipc:%s", tail);
>> > -   else
>> > -   snprintf(name, sizeof(name), "%s", dev);
>> > +   else {
>> > +   strncpy(name, dev, sizeof(name));
>> > +   name[sizeof(name) - 1] = '\0';
>> > +   }
>> >
>> > /* unlink this pktio info for both master and slave */
>> > odp_shm_free(pktio_entry->s.ipc.pinfo_shm);
>> > diff --git a/platform/linux-generic/pktio/sysfs.c 
>> > b/platform/linux-generic/pktio/sysfs.c
>> > index be0822dd..6e9bc59b 100644
>> > --- a/platform/linux-generic/pktio/sysfs.c
>> > +++ b/platform/linux-generic/pktio/sysfs.c
>> > @@ -43,7 +43,7 @@ static int sysfs_get_val(const char *fname, uint64_t 
>> > *val)
>> >  int sysfs_stats(pktio_entry_t *pktio_entry,
>> > odp_pktio_stats_t *stats)
>> >  {
>> > -   char fname[256];
>> > +   char fname[300];
>>
>> What does this change have to do with compiler level?
>
> GCC 7 adds some more warnings. I think this one relates to snprintf'ing
> into a buffer that was slightly too small (and thus possibly causing
> unnecessary truncation). The way forward was to increase the buffer size
> (this patch) or disable the warning.
>
>> > const char *dev = pktio_entry->s.name;
>> > int ret = 0;
>> >
>> > diff --git a/test/common_plat/validation/api/pktio/pktio.c 
>> > b/test/common_plat/validation/api/pktio/pktio.c
>> > index 11fe974f..4d8d2cc7 100644
>> > --- a/test/common_plat/validation/api/pktio/pktio.c
>> > +++ b/test/common_plat/validation/api/pktio/pktio.c
>> > @@ -1429,7 +1429,9 @@ int pktio_check_statistics_counters(void)
>> >  void pktio_test_statistics_counters(void)
>> >  {
>> > odp_pktio_t pktio_rx, pktio_tx;
>> > -   odp_pktio_t pktio[MAX_NUM_IFACES];
>> > +   odp_pktio_t pktio[MAX_NUM_IFACES] = {
>> > +   ODP_PKTIO_INVALID, ODP_PKTIO_INVALID
>> > +   };
>>
>> Same question here.
>
> GCC emitted a warning about possible use before initialization. Perhaps
> the front end semantic analysis was enhanced recently.
>
>> > odp_packet_t pkt;
>> > odp_packet_t tx_pkt[1000];
>> > uint32_t pkt_seq[1000];
>> > --
>> > 2.13.0
>> >

Re: [lng-odp] [PATCH] Fixes for GCC 7

[Brian Brooks]

On 06/01 15:00:28, Bill Fischofer wrote:
> If this is a bug fix it should reference a Bug that describes in more
> detail what is being fixed.

Can you elaborate?

The subject line "Fixes for GCC 7" is sufficient.

> On Thu, Jun 1, 2017 at 2:05 PM, Brian Brooks  wrote:
> > Signed-off-by: Brian Brooks 
> > Reviewed-by: Ola Liljedahl 
> > Reviewed-by: Honnappa Nagarahalli 
> > ---
> >  configure.ac  | 5 +
> >  platform/linux-generic/m4/configure.m4| 4 
> >  platform/linux-generic/pktio/ipc.c| 6 --
> >  platform/linux-generic/pktio/sysfs.c  | 2 +-
> >  test/common_plat/validation/api/pktio/pktio.c | 4 +++-
> >  5 files changed, 17 insertions(+), 4 deletions(-)
> >
> > diff --git a/configure.ac b/configure.ac
> > index 7569ebe0..5eabe4d4 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -300,6 +300,11 @@ ODP_CFLAGS="$ODP_CFLAGS -Wmissing-declarations 
> > -Wold-style-definition -Wpointer-
> >  ODP_CFLAGS="$ODP_CFLAGS -Wcast-align -Wnested-externs -Wcast-qual 
> > -Wformat-nonliteral"
> >  ODP_CFLAGS="$ODP_CFLAGS -Wformat-security -Wundef -Wwrite-strings"
> >  ODP_CFLAGS="$ODP_CFLAGS -std=c99"
> > +
> > +if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
> > +  ODP_CFLAGS="$ODP_CFLAGS -Wimplicit-fallthrough=0"
> > +fi
> > +
> >  # Extra flags for example to suppress certain warning types
> >  ODP_CFLAGS="$ODP_CFLAGS $ODP_CFLAGS_EXTRA"
> >
> > diff --git a/platform/linux-generic/m4/configure.m4 
> > b/platform/linux-generic/m4/configure.m4
> > index a2a25408..3e2978b5 100644
> > --- a/platform/linux-generic/m4/configure.m4
> > +++ b/platform/linux-generic/m4/configure.m4
> > @@ -28,6 +28,10 @@ AC_LINK_IFELSE(
> >  echo "Use newer version. For gcc > 4.7.0"
> >  exit -1)
> >
> > +if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
> > +  AM_LDFLAGS="$AM_LDFLAGS -latomic"
> > +fi
> > +
> >  m4_include([platform/linux-generic/m4/odp_pthread.m4])
> >  m4_include([platform/linux-generic/m4/odp_openssl.m4])
> >  m4_include([platform/linux-generic/m4/odp_pcap.m4])
> > diff --git a/platform/linux-generic/pktio/ipc.c 
> > b/platform/linux-generic/pktio/ipc.c
> > index 06175e5a..29c3a546 100644
> > --- a/platform/linux-generic/pktio/ipc.c
> > +++ b/platform/linux-generic/pktio/ipc.c
> > @@ -694,8 +694,10 @@ static int ipc_close(pktio_entry_t *pktio_entry)
> >
> > if (sscanf(dev, "ipc:%d:%s", &pid, tail) == 2)
> > snprintf(name, sizeof(name), "ipc:%s", tail);
> > -   else
> > -   snprintf(name, sizeof(name), "%s", dev);
> > +   else {
> > +   strncpy(name, dev, sizeof(name));
> > +   name[sizeof(name) - 1] = '\0';
> > +   }
> >
> > /* unlink this pktio info for both master and slave */
> > odp_shm_free(pktio_entry->s.ipc.pinfo_shm);
> > diff --git a/platform/linux-generic/pktio/sysfs.c 
> > b/platform/linux-generic/pktio/sysfs.c
> > index be0822dd..6e9bc59b 100644
> > --- a/platform/linux-generic/pktio/sysfs.c
> > +++ b/platform/linux-generic/pktio/sysfs.c
> > @@ -43,7 +43,7 @@ static int sysfs_get_val(const char *fname, uint64_t *val)
> >  int sysfs_stats(pktio_entry_t *pktio_entry,
> > odp_pktio_stats_t *stats)
> >  {
> > -   char fname[256];
> > +   char fname[300];
> 
> What does this change have to do with compiler level?

GCC 7 adds some more warnings. I think this one relates to snprintf'ing
into a buffer that was slightly too small (and thus possibly causing
unnecessary truncation). The way forward was to increase the buffer size
(this patch) or disable the warning.

> > const char *dev = pktio_entry->s.name;
> > int ret = 0;
> >
> > diff --git a/test/common_plat/validation/api/pktio/pktio.c 
> > b/test/common_plat/validation/api/pktio/pktio.c
> > index 11fe974f..4d8d2cc7 100644
> > --- a/test/common_plat/validation/api/pktio/pktio.c
> > +++ b/test/common_plat/validation/api/pktio/pktio.c
> > @@ -1429,7 +1429,9 @@ int pktio_check_statistics_counters(void)
> >  void pktio_test_statistics_counters(void)
> >  {
> > odp_pktio_t pktio_rx, pktio_tx;
> > -   odp_pktio_t pktio[MAX_NUM_IFACES];
> > +   odp_pktio_t pktio[MAX_NUM_IFACES] = {
> > +   ODP_PKTIO_INVALID, ODP_PKTIO_INVALID
> > +   };
> 
> Same question here.

GCC emitted a warning about possible use before initialization. Perhaps
the front end semantic analysis was enhanced recently.

> > odp_packet_t pkt;
> > odp_packet_t tx_pkt[1000];
> > uint32_t pkt_seq[1000];
> > --
> > 2.13.0
> >

[lng-odp] [Bug 3024] odp_traffic_mngr example is broken

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3024

Bill Fischofer  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

--- Comment #1 from Bill Fischofer  ---
I've confirmed that the offending commit adds this to _fdserver.c

/* request to be killed if parent dies, hence avoiding  */
/* orphans being "adopted" by the init process...   */
prctl(PR_SET_PDEATHSIG, SIGTERM);


The problem is the the odp_traffic_mngr example sets up its own signal handler.
This suggests that somehow ODP isn't working correctly with applications that
set their own handlers. Since most production apps would be expected to do
this, we need to figure out how best to avoid conflicts between ODP and
applications in this area.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.

[lng-odp] [Bug 3024] New: odp_traffic_mngr example is broken

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3024

Bug ID: 3024
   Summary: odp_traffic_mngr example is broken
   Product: OpenDataPlane - linux- generic reference
   Version: v1.14.0.0
  Hardware: Other
OS: Linux
Status: UNCONFIRMED
  Severity: enhancement
  Priority: ---
 Component: Traffic Manager
  Assignee: lng-odp@lists.linaro.org
  Reporter: bill.fischo...@linaro.org
CC: lng-odp@lists.linaro.org
  Target Milestone: ---

The odp_traffic_mngr example is broken and running it results in an abort. This
has been present for quite some time.

Git bisect shows that the breakage was introduced by this commit:

9c4d778148d514adf8586939123acdcdc022e8e5 is the first bad commit
commit 9c4d778148d514adf8586939123acdcdc022e8e5
Author: Christophe Milard 
Date:   Fri Nov 25 15:39:33 2016 +0100

linux-gen: _fdserver: request sigterm if parent dies

_fdserver now request SIGTERM if parent process (ODP instantiation
process) dies, hence avoiding it to become orphan and reattached to the
init process.

Signed-off-by: Christophe Milard 
Reviewed-by: Mike Holmes 
Signed-off-by: Maxim Uvarov 

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Bill Fischofer]

On Thu, Jun 1, 2017 at 3:09 PM, Ola Liljedahl  wrote:
>
>
> On 01/06/2017, 21:03, "Bill Fischofer"  wrote:
>
>>On Thu, Jun 1, 2017 at 10:59 AM, Honnappa Nagarahalli
>> wrote:
>>> On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
>>>  wrote:

> On 31 May 2017, at 23:53, Bill Fischofer 
>wrote:
>
> On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
>  wrote:
>>
> What¹s the purpose of calling ord_enq_multi() here? To save
>(stash)
> packets if the thread is out-of-order?
> And when the thread is in-order, it is re-enqueueing the packets
>which
> again will invoke pktout_enqueue/pktout_enq_multi but this time
> ord_enq_multi() will not save the packets, instead they will
>actually be
> transmitted by odp_pktout_send()?
>

 Since transmitting packets may fail, out-of-order packets cannot be
 stashed here.
>>> You mean that the TX queue of the pktio might be full so not all
>>>packets
>>> will actually be enqueued for transmission.
>>
>> Yep.
>>
>>> This is an interesting case but is it a must to know how many
>>>packets are
>>> actually accepted? Packets can always be dropped without notice, the
>>> question is from which point this is acceptable. If packets
>>>enqueued onto
>>> a pktout (egress) queue are accepted, this means that they must
>>>also be
>>> put onto the driver TX queue (as done by odp_pktout_send)?
>>>
>>
>> Currently, the packet_io/queue APIs don't say anything about packets
>>being
>> possibly dropped after successfully calling odp_queue_enq() to a
>>pktout
>> event queue. So to be consistent with standard odp_queue_enq()
>>operations I
>> think it is better to return the number of events actually accepted
>>to the TX queue.
>>
>> To have more leeway one option would be to modify the API
>>documentation to
>> state that packets may still be dropped after a successful
>>odp_queue_enq() call
>> before reaching the NIC. If the application would like to be sure
>>that the
>> packets are actually sent, it should use odp_pktout_send() instead.
>
> Ordered queues simply say that packets will be delivered to the next
> queue in the pipeline in the order they originated from their source
> queue. What happens after that depends on the attributes of the target
> queue. If the target queue is an exit point from the application, then
> this is outside of ODP's scope.

 My point was that with stashing the application has no way of knowing
if an
 ordered pktout enqueue call actually succeed. In case of parallel and
atomic
 queues it does. So my question is, is this acceptable?

>>> Also, currently, it is not possible for the application to have a
>>> consistent 'wait/drop on destination queue full' policy for all the
>>> queue types.
>>
>>Today applications have no way of knowing whether packets sent to a
>>pktout_queue or tm_queue actually make it to the wire or whether they
>>are vaporized as soon as they hit the wire, so there's no change here.
>>An RC of 0 simply says that the packet was "accepted" for transmission
>>and hence the caller no longer owns that packet handle. You need
>>higher-level protocols to track end-to-end transmission and receipt.
>>All that ordered queues say is that packets being sent to TX queues
>>will have those TX calls made in the same order as the source queue
>>they originated from.
>>
>>The only way to track packet disposition today is to (a) create a
>>reference to the packet you want to transmit, (b) verify that
>>odp_packet_has_ref(original_pkt) > 0, indicating that an actual
>>reference was created, (c) transmit that reference, and (d) note when
>>odp_packet_has_ref(original_pkt) returns to 0. That confirms that the
>>reference has exited the scope of this ODP instance since a
>>"successful" transmission will free that reference.
> Doesn¹t this just confirm that the reference has been freed? But you don¹t
> know if this was due to the packet actually being transmitted on the wire
> or if it was dropped before that (which would also free the reference).

Yes, that's why I said it confirms that the packet has "exited the
scope of this ODP instance". Actual transmission would be the usual
reason for this exit, but any number of things could cause the packet
to be dropped instead. The out_discards stat associated with the
interface tracks these -- see packet_io_stats.h.

>
> Back to my original question, how far into the ³machine² can we return
> (to SW) absolute knowledge of the states of packets?
>
> With normal queues (including scheduled queues), a successful enqueue
> guarantees that the packet (event) was actually enqueued. But pktio egress
> queues are not normal queues, they are essentially representations of a
> network interface¹s TX queu

[lng-odp] [Bug 3023] New: dpdk and netmap pkio are not test covered

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3023

Bug ID: 3023
   Summary: dpdk and netmap pkio are not test covered
   Product: OpenDataPlane - linux- generic reference
   Version: v1.13.0.0
  Hardware: Other
OS: Linux
Status: UNCONFIRMED
  Severity: enhancement
  Priority: ---
 Component: Packet IO
  Assignee: maxim.uva...@linaro.org
  Reporter: maxim.uva...@linaro.org
CC: lng-odp@lists.linaro.org
  Target Milestone: ---

Test run for some reason do not highlight code coverage for dpdk, netmap, mmap.
It might be something broken an that code is not executed on test run. Needed
investigation.

https://codecov.io/gh/Linaro/odp/tree/14bebe8bac40b2b0f4a00cce4ef9a7031cc1b8cc/platform/linux-generic/pktio

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Re: [lng-odp] Release needed

[Maxim Uvarov]

Petri, next builds now. Will exclude patches you listed bellow and it
will be ready. Please let me know if there any update.

On 06/01/17 15:18, Savolainen, Petri (Nokia - FI/Espoo) wrote:
> * partial packet.h
>   * addition of odp_packet_data_range_t
>   * keep in api-next: chksum_insert
> * partial packet_io.h
>   * addition of parse config
>   * keep in api-next: ipsec config

Thank you,
Maxim.

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Honnappa Nagarahalli]

On 1 June 2017 at 15:20, Ola Liljedahl  wrote:
>
>
>
>
> On 01/06/2017, 22:15, "Honnappa Nagarahalli"
>  wrote:
>
>>On 1 June 2017 at 15:09, Ola Liljedahl  wrote:
>>>
>>>
>>> On 01/06/2017, 21:03, "Bill Fischofer" 
>>>wrote:
>>>
On Thu, Jun 1, 2017 at 10:59 AM, Honnappa Nagarahalli
 wrote:
> On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
>  wrote:
>>
>>> On 31 May 2017, at 23:53, Bill Fischofer 
>>>wrote:
>>>
>>> On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
>>>  wrote:

>>> What¹s the purpose of calling ord_enq_multi() here? To save
>>>(stash)
>>> packets if the thread is out-of-order?
>>> And when the thread is in-order, it is re-enqueueing the packets
>>>which
>>> again will invoke pktout_enqueue/pktout_enq_multi but this time
>>> ord_enq_multi() will not save the packets, instead they will
>>>actually be
>>> transmitted by odp_pktout_send()?
>>>
>>
>> Since transmitting packets may fail, out-of-order packets cannot
>>be
>> stashed here.
> You mean that the TX queue of the pktio might be full so not all
>packets
> will actually be enqueued for transmission.

 Yep.

> This is an interesting case but is it a must to know how many
>packets are
> actually accepted? Packets can always be dropped without notice,
>the
> question is from which point this is acceptable. If packets
>enqueued onto
> a pktout (egress) queue are accepted, this means that they must
>also be
> put onto the driver TX queue (as done by odp_pktout_send)?
>

 Currently, the packet_io/queue APIs don't say anything about
packets
being
 possibly dropped after successfully calling odp_queue_enq() to a
pktout
 event queue. So to be consistent with standard odp_queue_enq()
operations I
 think it is better to return the number of events actually accepted
to the TX queue.

 To have more leeway one option would be to modify the API
documentation to
 state that packets may still be dropped after a successful
odp_queue_enq() call
 before reaching the NIC. If the application would like to be sure
that the
 packets are actually sent, it should use odp_pktout_send() instead.
>>>
>>> Ordered queues simply say that packets will be delivered to the next
>>> queue in the pipeline in the order they originated from their source
>>> queue. What happens after that depends on the attributes of the
>>>target
>>> queue. If the target queue is an exit point from the application,
>>>then
>>> this is outside of ODP's scope.
>>
>> My point was that with stashing the application has no way of knowing
>>if an
>> ordered pktout enqueue call actually succeed. In case of parallel and
>>atomic
>> queues it does. So my question is, is this acceptable?
>>
> Also, currently, it is not possible for the application to have a
> consistent 'wait/drop on destination queue full' policy for all the
> queue types.

Today applications have no way of knowing whether packets sent to a
pktout_queue or tm_queue actually make it to the wire or whether they
are vaporized as soon as they hit the wire, so there's no change here.
An RC of 0 simply says that the packet was "accepted" for transmission
and hence the caller no longer owns that packet handle. You need
higher-level protocols to track end-to-end transmission and receipt.
All that ordered queues say is that packets being sent to TX queues
will have those TX calls made in the same order as the source queue
they originated from.

The only way to track packet disposition today is to (a) create a
reference to the packet you want to transmit, (b) verify that
odp_packet_has_ref(original_pkt) > 0, indicating that an actual
reference was created, (c) transmit that reference, and (d) note when
odp_packet_has_ref(original_pkt) returns to 0. That confirms that the
reference has exited the scope of this ODP instance since a
"successful" transmission will free that reference.
>>> Doesn¹t this just confirm that the reference has been freed? But you
>>>don¹t
>>> know if this was due to the packet actually being transmitted on the
>>>wire
>>> or if it was dropped before that (which would also free the reference).
>>>
>>> Back to my original question, how far into the ³machine² can we return
>>> (to SW) absolute knowledge of the states of packets?
>>>
>>> With normal queues (including scheduled queues), a successful enqueue
>>> guarantees that the packet (event) was actually enqueued. But pktio
>>>egress
>>> queues are not normal queues, they are essentially r

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Ola Liljedahl]

On 01/06/2017, 22:15, "Honnappa Nagarahalli"
 wrote:

>On 1 June 2017 at 15:09, Ola Liljedahl  wrote:
>>
>>
>> On 01/06/2017, 21:03, "Bill Fischofer" 
>>wrote:
>>
>>>On Thu, Jun 1, 2017 at 10:59 AM, Honnappa Nagarahalli
>>> wrote:
 On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
  wrote:
>
>> On 31 May 2017, at 23:53, Bill Fischofer 
>>wrote:
>>
>> On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
>>  wrote:
>>>
>> What¹s the purpose of calling ord_enq_multi() here? To save
>>(stash)
>> packets if the thread is out-of-order?
>> And when the thread is in-order, it is re-enqueueing the packets
>>which
>> again will invoke pktout_enqueue/pktout_enq_multi but this time
>> ord_enq_multi() will not save the packets, instead they will
>>actually be
>> transmitted by odp_pktout_send()?
>>
>
> Since transmitting packets may fail, out-of-order packets cannot
>be
> stashed here.
 You mean that the TX queue of the pktio might be full so not all
packets
 will actually be enqueued for transmission.
>>>
>>> Yep.
>>>
 This is an interesting case but is it a must to know how many
packets are
 actually accepted? Packets can always be dropped without notice,
the
 question is from which point this is acceptable. If packets
enqueued onto
 a pktout (egress) queue are accepted, this means that they must
also be
 put onto the driver TX queue (as done by odp_pktout_send)?

>>>
>>> Currently, the packet_io/queue APIs don't say anything about
>>>packets
>>>being
>>> possibly dropped after successfully calling odp_queue_enq() to a
>>>pktout
>>> event queue. So to be consistent with standard odp_queue_enq()
>>>operations I
>>> think it is better to return the number of events actually accepted
>>>to the TX queue.
>>>
>>> To have more leeway one option would be to modify the API
>>>documentation to
>>> state that packets may still be dropped after a successful
>>>odp_queue_enq() call
>>> before reaching the NIC. If the application would like to be sure
>>>that the
>>> packets are actually sent, it should use odp_pktout_send() instead.
>>
>> Ordered queues simply say that packets will be delivered to the next
>> queue in the pipeline in the order they originated from their source
>> queue. What happens after that depends on the attributes of the
>>target
>> queue. If the target queue is an exit point from the application,
>>then
>> this is outside of ODP's scope.
>
> My point was that with stashing the application has no way of knowing
>if an
> ordered pktout enqueue call actually succeed. In case of parallel and
>atomic
> queues it does. So my question is, is this acceptable?
>
 Also, currently, it is not possible for the application to have a
 consistent 'wait/drop on destination queue full' policy for all the
 queue types.
>>>
>>>Today applications have no way of knowing whether packets sent to a
>>>pktout_queue or tm_queue actually make it to the wire or whether they
>>>are vaporized as soon as they hit the wire, so there's no change here.
>>>An RC of 0 simply says that the packet was "accepted" for transmission
>>>and hence the caller no longer owns that packet handle. You need
>>>higher-level protocols to track end-to-end transmission and receipt.
>>>All that ordered queues say is that packets being sent to TX queues
>>>will have those TX calls made in the same order as the source queue
>>>they originated from.
>>>
>>>The only way to track packet disposition today is to (a) create a
>>>reference to the packet you want to transmit, (b) verify that
>>>odp_packet_has_ref(original_pkt) > 0, indicating that an actual
>>>reference was created, (c) transmit that reference, and (d) note when
>>>odp_packet_has_ref(original_pkt) returns to 0. That confirms that the
>>>reference has exited the scope of this ODP instance since a
>>>"successful" transmission will free that reference.
>> Doesn¹t this just confirm that the reference has been freed? But you
>>don¹t
>> know if this was due to the packet actually being transmitted on the
>>wire
>> or if it was dropped before that (which would also free the reference).
>>
>> Back to my original question, how far into the ³machine² can we return
>> (to SW) absolute knowledge of the states of packets?
>>
>> With normal queues (including scheduled queues), a successful enqueue
>> guarantees that the packet (event) was actually enqueued. But pktio
>>egress
>> queues are not normal queues, they are essentially representations of a
>> network interface¹s TX queues but also maintain the order restoration
>> function of events enqueued to a queue when processing an ordered queue.
>

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Honnappa Nagarahalli]

On 1 June 2017 at 15:09, Ola Liljedahl  wrote:
>
>
> On 01/06/2017, 21:03, "Bill Fischofer"  wrote:
>
>>On Thu, Jun 1, 2017 at 10:59 AM, Honnappa Nagarahalli
>> wrote:
>>> On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
>>>  wrote:

> On 31 May 2017, at 23:53, Bill Fischofer 
>wrote:
>
> On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
>  wrote:
>>
> What¹s the purpose of calling ord_enq_multi() here? To save
>(stash)
> packets if the thread is out-of-order?
> And when the thread is in-order, it is re-enqueueing the packets
>which
> again will invoke pktout_enqueue/pktout_enq_multi but this time
> ord_enq_multi() will not save the packets, instead they will
>actually be
> transmitted by odp_pktout_send()?
>

 Since transmitting packets may fail, out-of-order packets cannot be
 stashed here.
>>> You mean that the TX queue of the pktio might be full so not all
>>>packets
>>> will actually be enqueued for transmission.
>>
>> Yep.
>>
>>> This is an interesting case but is it a must to know how many
>>>packets are
>>> actually accepted? Packets can always be dropped without notice, the
>>> question is from which point this is acceptable. If packets
>>>enqueued onto
>>> a pktout (egress) queue are accepted, this means that they must
>>>also be
>>> put onto the driver TX queue (as done by odp_pktout_send)?
>>>
>>
>> Currently, the packet_io/queue APIs don't say anything about packets
>>being
>> possibly dropped after successfully calling odp_queue_enq() to a
>>pktout
>> event queue. So to be consistent with standard odp_queue_enq()
>>operations I
>> think it is better to return the number of events actually accepted
>>to the TX queue.
>>
>> To have more leeway one option would be to modify the API
>>documentation to
>> state that packets may still be dropped after a successful
>>odp_queue_enq() call
>> before reaching the NIC. If the application would like to be sure
>>that the
>> packets are actually sent, it should use odp_pktout_send() instead.
>
> Ordered queues simply say that packets will be delivered to the next
> queue in the pipeline in the order they originated from their source
> queue. What happens after that depends on the attributes of the target
> queue. If the target queue is an exit point from the application, then
> this is outside of ODP's scope.

 My point was that with stashing the application has no way of knowing
if an
 ordered pktout enqueue call actually succeed. In case of parallel and
atomic
 queues it does. So my question is, is this acceptable?

>>> Also, currently, it is not possible for the application to have a
>>> consistent 'wait/drop on destination queue full' policy for all the
>>> queue types.
>>
>>Today applications have no way of knowing whether packets sent to a
>>pktout_queue or tm_queue actually make it to the wire or whether they
>>are vaporized as soon as they hit the wire, so there's no change here.
>>An RC of 0 simply says that the packet was "accepted" for transmission
>>and hence the caller no longer owns that packet handle. You need
>>higher-level protocols to track end-to-end transmission and receipt.
>>All that ordered queues say is that packets being sent to TX queues
>>will have those TX calls made in the same order as the source queue
>>they originated from.
>>
>>The only way to track packet disposition today is to (a) create a
>>reference to the packet you want to transmit, (b) verify that
>>odp_packet_has_ref(original_pkt) > 0, indicating that an actual
>>reference was created, (c) transmit that reference, and (d) note when
>>odp_packet_has_ref(original_pkt) returns to 0. That confirms that the
>>reference has exited the scope of this ODP instance since a
>>"successful" transmission will free that reference.
> Doesn¹t this just confirm that the reference has been freed? But you don¹t
> know if this was due to the packet actually being transmitted on the wire
> or if it was dropped before that (which would also free the reference).
>
> Back to my original question, how far into the ³machine² can we return
> (to SW) absolute knowledge of the states of packets?
>
> With normal queues (including scheduled queues), a successful enqueue
> guarantees that the packet (event) was actually enqueued. But pktio egress
> queues are not normal queues, they are essentially representations of a
> network interface¹s TX queues but also maintain the order restoration
> function of events enqueued to a queue when processing an ordered queue.
>
Why is this specific to pktio egress queues. This problem exists even
with normal/scheduled queues. Issue is due to source queue being an
ordered queue.

> I interpret your comments Bill as even if enqueue to

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Ola Liljedahl]

On 01/06/2017, 21:03, "Bill Fischofer"  wrote:

>On Thu, Jun 1, 2017 at 10:59 AM, Honnappa Nagarahalli
> wrote:
>> On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
>>  wrote:
>>>
 On 31 May 2017, at 23:53, Bill Fischofer 
wrote:

 On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
  wrote:
>
 What¹s the purpose of calling ord_enq_multi() here? To save
(stash)
 packets if the thread is out-of-order?
 And when the thread is in-order, it is re-enqueueing the packets
which
 again will invoke pktout_enqueue/pktout_enq_multi but this time
 ord_enq_multi() will not save the packets, instead they will
actually be
 transmitted by odp_pktout_send()?

>>>
>>> Since transmitting packets may fail, out-of-order packets cannot be
>>> stashed here.
>> You mean that the TX queue of the pktio might be full so not all
>>packets
>> will actually be enqueued for transmission.
>
> Yep.
>
>> This is an interesting case but is it a must to know how many
>>packets are
>> actually accepted? Packets can always be dropped without notice, the
>> question is from which point this is acceptable. If packets
>>enqueued onto
>> a pktout (egress) queue are accepted, this means that they must
>>also be
>> put onto the driver TX queue (as done by odp_pktout_send)?
>>
>
> Currently, the packet_io/queue APIs don't say anything about packets
>being
> possibly dropped after successfully calling odp_queue_enq() to a
>pktout
> event queue. So to be consistent with standard odp_queue_enq()
>operations I
> think it is better to return the number of events actually accepted
>to the TX queue.
>
> To have more leeway one option would be to modify the API
>documentation to
> state that packets may still be dropped after a successful
>odp_queue_enq() call
> before reaching the NIC. If the application would like to be sure
>that the
> packets are actually sent, it should use odp_pktout_send() instead.

 Ordered queues simply say that packets will be delivered to the next
 queue in the pipeline in the order they originated from their source
 queue. What happens after that depends on the attributes of the target
 queue. If the target queue is an exit point from the application, then
 this is outside of ODP's scope.
>>>
>>> My point was that with stashing the application has no way of knowing
>>>if an
>>> ordered pktout enqueue call actually succeed. In case of parallel and
>>>atomic
>>> queues it does. So my question is, is this acceptable?
>>>
>> Also, currently, it is not possible for the application to have a
>> consistent 'wait/drop on destination queue full' policy for all the
>> queue types.
>
>Today applications have no way of knowing whether packets sent to a
>pktout_queue or tm_queue actually make it to the wire or whether they
>are vaporized as soon as they hit the wire, so there's no change here.
>An RC of 0 simply says that the packet was "accepted" for transmission
>and hence the caller no longer owns that packet handle. You need
>higher-level protocols to track end-to-end transmission and receipt.
>All that ordered queues say is that packets being sent to TX queues
>will have those TX calls made in the same order as the source queue
>they originated from.
>
>The only way to track packet disposition today is to (a) create a
>reference to the packet you want to transmit, (b) verify that
>odp_packet_has_ref(original_pkt) > 0, indicating that an actual
>reference was created, (c) transmit that reference, and (d) note when
>odp_packet_has_ref(original_pkt) returns to 0. That confirms that the
>reference has exited the scope of this ODP instance since a
>"successful" transmission will free that reference.
Doesn¹t this just confirm that the reference has been freed? But you don¹t
know if this was due to the packet actually being transmitted on the wire
or if it was dropped before that (which would also free the reference).

Back to my original question, how far into the ³machine² can we return
(to SW) absolute knowledge of the states of packets?

With normal queues (including scheduled queues), a successful enqueue
guarantees that the packet (event) was actually enqueued. But pktio egress
queues are not normal queues, they are essentially representations of a
network interface¹s TX queues but also maintain the order restoration
function of events enqueued to a queue when processing an ordered queue.

I interpret your comments Bill as even if enqueue to a pktio egress queue
is successful (the packet handle is no longer owned by the application),
the implementation from that moment on can do whatever it wants with the
packets (as long as the packets are eventually freed). Of course some
behaviours might not be very useful.

What would an application do if some packets 

Re: [lng-odp] [PATCH] Fixes for GCC 7

[Bill Fischofer]

If this is a bug fix it should reference a Bug that describes in more
detail what is being fixed.

On Thu, Jun 1, 2017 at 2:05 PM, Brian Brooks  wrote:
> Signed-off-by: Brian Brooks 
> Reviewed-by: Ola Liljedahl 
> Reviewed-by: Honnappa Nagarahalli 
> ---
>  configure.ac  | 5 +
>  platform/linux-generic/m4/configure.m4| 4 
>  platform/linux-generic/pktio/ipc.c| 6 --
>  platform/linux-generic/pktio/sysfs.c  | 2 +-
>  test/common_plat/validation/api/pktio/pktio.c | 4 +++-
>  5 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index 7569ebe0..5eabe4d4 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -300,6 +300,11 @@ ODP_CFLAGS="$ODP_CFLAGS -Wmissing-declarations 
> -Wold-style-definition -Wpointer-
>  ODP_CFLAGS="$ODP_CFLAGS -Wcast-align -Wnested-externs -Wcast-qual 
> -Wformat-nonliteral"
>  ODP_CFLAGS="$ODP_CFLAGS -Wformat-security -Wundef -Wwrite-strings"
>  ODP_CFLAGS="$ODP_CFLAGS -std=c99"
> +
> +if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
> +  ODP_CFLAGS="$ODP_CFLAGS -Wimplicit-fallthrough=0"
> +fi
> +
>  # Extra flags for example to suppress certain warning types
>  ODP_CFLAGS="$ODP_CFLAGS $ODP_CFLAGS_EXTRA"
>
> diff --git a/platform/linux-generic/m4/configure.m4 
> b/platform/linux-generic/m4/configure.m4
> index a2a25408..3e2978b5 100644
> --- a/platform/linux-generic/m4/configure.m4
> +++ b/platform/linux-generic/m4/configure.m4
> @@ -28,6 +28,10 @@ AC_LINK_IFELSE(
>  echo "Use newer version. For gcc > 4.7.0"
>  exit -1)
>
> +if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
> +  AM_LDFLAGS="$AM_LDFLAGS -latomic"
> +fi
> +
>  m4_include([platform/linux-generic/m4/odp_pthread.m4])
>  m4_include([platform/linux-generic/m4/odp_openssl.m4])
>  m4_include([platform/linux-generic/m4/odp_pcap.m4])
> diff --git a/platform/linux-generic/pktio/ipc.c 
> b/platform/linux-generic/pktio/ipc.c
> index 06175e5a..29c3a546 100644
> --- a/platform/linux-generic/pktio/ipc.c
> +++ b/platform/linux-generic/pktio/ipc.c
> @@ -694,8 +694,10 @@ static int ipc_close(pktio_entry_t *pktio_entry)
>
> if (sscanf(dev, "ipc:%d:%s", &pid, tail) == 2)
> snprintf(name, sizeof(name), "ipc:%s", tail);
> -   else
> -   snprintf(name, sizeof(name), "%s", dev);
> +   else {
> +   strncpy(name, dev, sizeof(name));
> +   name[sizeof(name) - 1] = '\0';
> +   }
>
> /* unlink this pktio info for both master and slave */
> odp_shm_free(pktio_entry->s.ipc.pinfo_shm);
> diff --git a/platform/linux-generic/pktio/sysfs.c 
> b/platform/linux-generic/pktio/sysfs.c
> index be0822dd..6e9bc59b 100644
> --- a/platform/linux-generic/pktio/sysfs.c
> +++ b/platform/linux-generic/pktio/sysfs.c
> @@ -43,7 +43,7 @@ static int sysfs_get_val(const char *fname, uint64_t *val)
>  int sysfs_stats(pktio_entry_t *pktio_entry,
> odp_pktio_stats_t *stats)
>  {
> -   char fname[256];
> +   char fname[300];

What does this change have to do with compiler level?

> const char *dev = pktio_entry->s.name;
> int ret = 0;
>
> diff --git a/test/common_plat/validation/api/pktio/pktio.c 
> b/test/common_plat/validation/api/pktio/pktio.c
> index 11fe974f..4d8d2cc7 100644
> --- a/test/common_plat/validation/api/pktio/pktio.c
> +++ b/test/common_plat/validation/api/pktio/pktio.c
> @@ -1429,7 +1429,9 @@ int pktio_check_statistics_counters(void)
>  void pktio_test_statistics_counters(void)
>  {
> odp_pktio_t pktio_rx, pktio_tx;
> -   odp_pktio_t pktio[MAX_NUM_IFACES];
> +   odp_pktio_t pktio[MAX_NUM_IFACES] = {
> +   ODP_PKTIO_INVALID, ODP_PKTIO_INVALID
> +   };

Same question here.

> odp_packet_t pkt;
> odp_packet_t tx_pkt[1000];
> uint32_t pkt_seq[1000];
> --
> 2.13.0
>

[lng-odp] [Linaro/odp] a48979: scripts: checkpatch: revert code modification

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/Linaro/odp
  Commit: a48979af5b36c11fb5c7f8d2c6029c12bb191b51
  
https://github.com/Linaro/odp/commit/a48979af5b36c11fb5c7f8d2c6029c12bb191b51
  Author: Petri Savolainen 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M scripts/checkpatch.pl

  Log Message:
  ---
  scripts: checkpatch: revert code modification

Checkpatch code should not be modified directly. When the code
is updated to a next version, any local modifications would
be lost and needed to be done again.

Camelcase check is enabled again. Exceptions to camelcase are
allowed e.g. when calling an external library interface.

Signed-off-by: Petri Savolainen 
Reviewed-by: Bill Fischofer 
Signed-off-by: Maxim Uvarov 


  Commit: 15ea6562d284bd5f2bd20e9b79bd102db106555c
  
https://github.com/Linaro/odp/commit/15ea6562d284bd5f2bd20e9b79bd102db106555c
  Author: Petri Savolainen 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M .checkpatch.conf

  Log Message:
  ---
  scripts: checkpatch: ignore volatile and extern warnings

These warnings were disabled with code modification. Use
checkpatch config file to ignore those.

Signed-off-by: Petri Savolainen 
Reviewed-by: Bill Fischofer 
Signed-off-by: Maxim Uvarov 


  Commit: e6be64e01589f1aa335ea178e8314bf35ad34847
  
https://github.com/Linaro/odp/commit/e6be64e01589f1aa335ea178e8314bf35ad34847
  Author: Petri Savolainen 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M scripts/spelling.txt

  Log Message:
  ---
  scripts: spelling: update to latest version

Updated Linux spelling file to it's latest version.

Signed-off-by: Petri Savolainen 
Reviewed-by: Bill Fischofer 
Signed-off-by: Maxim Uvarov 


Compare: https://github.com/Linaro/odp/compare/7a7e3ff9d50d...e6be64e01589

[lng-odp] [PATCH] Fixes for GCC 7

[Brian Brooks]

Signed-off-by: Brian Brooks 
Reviewed-by: Ola Liljedahl 
Reviewed-by: Honnappa Nagarahalli 
---
 configure.ac  | 5 +
 platform/linux-generic/m4/configure.m4| 4 
 platform/linux-generic/pktio/ipc.c| 6 --
 platform/linux-generic/pktio/sysfs.c  | 2 +-
 test/common_plat/validation/api/pktio/pktio.c | 4 +++-
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7569ebe0..5eabe4d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -300,6 +300,11 @@ ODP_CFLAGS="$ODP_CFLAGS -Wmissing-declarations 
-Wold-style-definition -Wpointer-
 ODP_CFLAGS="$ODP_CFLAGS -Wcast-align -Wnested-externs -Wcast-qual 
-Wformat-nonliteral"
 ODP_CFLAGS="$ODP_CFLAGS -Wformat-security -Wundef -Wwrite-strings"
 ODP_CFLAGS="$ODP_CFLAGS -std=c99"
+
+if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
+  ODP_CFLAGS="$ODP_CFLAGS -Wimplicit-fallthrough=0"
+fi
+
 # Extra flags for example to suppress certain warning types
 ODP_CFLAGS="$ODP_CFLAGS $ODP_CFLAGS_EXTRA"
 
diff --git a/platform/linux-generic/m4/configure.m4 
b/platform/linux-generic/m4/configure.m4
index a2a25408..3e2978b5 100644
--- a/platform/linux-generic/m4/configure.m4
+++ b/platform/linux-generic/m4/configure.m4
@@ -28,6 +28,10 @@ AC_LINK_IFELSE(
 echo "Use newer version. For gcc > 4.7.0"
 exit -1)
 
+if test "${CC}" == "gcc" -a ${CC_VERSION_MAJOR} -ge 7; then
+  AM_LDFLAGS="$AM_LDFLAGS -latomic"
+fi
+
 m4_include([platform/linux-generic/m4/odp_pthread.m4])
 m4_include([platform/linux-generic/m4/odp_openssl.m4])
 m4_include([platform/linux-generic/m4/odp_pcap.m4])
diff --git a/platform/linux-generic/pktio/ipc.c 
b/platform/linux-generic/pktio/ipc.c
index 06175e5a..29c3a546 100644
--- a/platform/linux-generic/pktio/ipc.c
+++ b/platform/linux-generic/pktio/ipc.c
@@ -694,8 +694,10 @@ static int ipc_close(pktio_entry_t *pktio_entry)
 
if (sscanf(dev, "ipc:%d:%s", &pid, tail) == 2)
snprintf(name, sizeof(name), "ipc:%s", tail);
-   else
-   snprintf(name, sizeof(name), "%s", dev);
+   else {
+   strncpy(name, dev, sizeof(name));
+   name[sizeof(name) - 1] = '\0';
+   }
 
/* unlink this pktio info for both master and slave */
odp_shm_free(pktio_entry->s.ipc.pinfo_shm);
diff --git a/platform/linux-generic/pktio/sysfs.c 
b/platform/linux-generic/pktio/sysfs.c
index be0822dd..6e9bc59b 100644
--- a/platform/linux-generic/pktio/sysfs.c
+++ b/platform/linux-generic/pktio/sysfs.c
@@ -43,7 +43,7 @@ static int sysfs_get_val(const char *fname, uint64_t *val)
 int sysfs_stats(pktio_entry_t *pktio_entry,
odp_pktio_stats_t *stats)
 {
-   char fname[256];
+   char fname[300];
const char *dev = pktio_entry->s.name;
int ret = 0;
 
diff --git a/test/common_plat/validation/api/pktio/pktio.c 
b/test/common_plat/validation/api/pktio/pktio.c
index 11fe974f..4d8d2cc7 100644
--- a/test/common_plat/validation/api/pktio/pktio.c
+++ b/test/common_plat/validation/api/pktio/pktio.c
@@ -1429,7 +1429,9 @@ int pktio_check_statistics_counters(void)
 void pktio_test_statistics_counters(void)
 {
odp_pktio_t pktio_rx, pktio_tx;
-   odp_pktio_t pktio[MAX_NUM_IFACES];
+   odp_pktio_t pktio[MAX_NUM_IFACES] = {
+   ODP_PKTIO_INVALID, ODP_PKTIO_INVALID
+   };
odp_packet_t pkt;
odp_packet_t tx_pkt[1000];
uint32_t pkt_seq[1000];
-- 
2.13.0

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Bill Fischofer]

On Thu, Jun 1, 2017 at 10:59 AM, Honnappa Nagarahalli
 wrote:
> On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
>  wrote:
>>
>>> On 31 May 2017, at 23:53, Bill Fischofer  wrote:
>>>
>>> On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
>>>  wrote:

>>> What’s the purpose of calling ord_enq_multi() here? To save (stash)
>>> packets if the thread is out-of-order?
>>> And when the thread is in-order, it is re-enqueueing the packets which
>>> again will invoke pktout_enqueue/pktout_enq_multi but this time
>>> ord_enq_multi() will not save the packets, instead they will actually be
>>> transmitted by odp_pktout_send()?
>>>
>>
>> Since transmitting packets may fail, out-of-order packets cannot be
>> stashed here.
> You mean that the TX queue of the pktio might be full so not all packets
> will actually be enqueued for transmission.

 Yep.

> This is an interesting case but is it a must to know how many packets are
> actually accepted? Packets can always be dropped without notice, the
> question is from which point this is acceptable. If packets enqueued onto
> a pktout (egress) queue are accepted, this means that they must also be
> put onto the driver TX queue (as done by odp_pktout_send)?
>

 Currently, the packet_io/queue APIs don't say anything about packets being
 possibly dropped after successfully calling odp_queue_enq() to a pktout
 event queue. So to be consistent with standard odp_queue_enq() operations I
 think it is better to return the number of events actually accepted to the 
 TX queue.

 To have more leeway one option would be to modify the API documentation to
 state that packets may still be dropped after a successful odp_queue_enq() 
 call
 before reaching the NIC. If the application would like to be sure that the
 packets are actually sent, it should use odp_pktout_send() instead.
>>>
>>> Ordered queues simply say that packets will be delivered to the next
>>> queue in the pipeline in the order they originated from their source
>>> queue. What happens after that depends on the attributes of the target
>>> queue. If the target queue is an exit point from the application, then
>>> this is outside of ODP's scope.
>>
>> My point was that with stashing the application has no way of knowing if an
>> ordered pktout enqueue call actually succeed. In case of parallel and atomic
>> queues it does. So my question is, is this acceptable?
>>
> Also, currently, it is not possible for the application to have a
> consistent 'wait/drop on destination queue full' policy for all the
> queue types.

Today applications have no way of knowing whether packets sent to a
pktout_queue or tm_queue actually make it to the wire or whether they
are vaporized as soon as they hit the wire, so there's no change here.
An RC of 0 simply says that the packet was "accepted" for transmission
and hence the caller no longer owns that packet handle. You need
higher-level protocols to track end-to-end transmission and receipt.
All that ordered queues say is that packets being sent to TX queues
will have those TX calls made in the same order as the source queue
they originated from.

The only way to track packet disposition today is to (a) create a
reference to the packet you want to transmit, (b) verify that
odp_packet_has_ref(original_pkt) > 0, indicating that an actual
reference was created, (c) transmit that reference, and (d) note when
odp_packet_has_ref(original_pkt) returns to 0. That confirms that the
reference has exited the scope of this ODP instance since a
"successful" transmission will free that reference.

>>

Re: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface

[shally verma]

Re-sending with updated comments.

Regards
Shally

On Thu, Jun 1, 2017 at 7:58 PM, Verma, Shally 
wrote:

> Regards
> Shally
>
> -Original Message-
> From: Savolainen, Petri (Nokia - FI/Espoo) [mailto:petri.savolainen@
> nokia.com]
> Sent: 01 June 2017 18:20
> To: Shally Verma ; lng-odp@lists.linaro.org
> Cc: Challa, Mahipal ; Narayana, Prasad Athreya
> ; Verma, Shally <
> shally.ve...@cavium.com>
> Subject: RE: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface
>
>
>
> > -Original Message-
> > From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of
> > Shally Verma
> > Sent: Monday, May 22, 2017 9:55 AM
> > To: lng-odp@lists.linaro.org
> > Cc: Mahipal Challa ; pathr...@cavium.com; Shally
> > Verma 
> > Subject: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface
> >
>
> A short description (5-10 lines) about the new API should be added here.
>
> For example: what kind of compression this API offers. How it's used.
> Which kind of applications typical use it.
>
> Current ODP Comp interface is designed to support widely used lossless
> data compression schemes : deflate, zlib and lzs.
> Typical applications include (but not limited to ) IPComp, other
> application and transport layer protocols such as HTTP compression.
>
> Changes from V2:
> Add separate API for sync and async operation,
> Add separate API to load dictionary,
> Removed SHA only support from compression interface,
> Rename SHA operations as hash operation.
> Add reference odp_packet_data_range_t for accessing packet buffer
>
>
> > Signed-off-by: Shally Verma 
> > Signed-off-by: Mahipal Challa 
> > ---
> >  include/odp/api/spec/comp.h | 740
> > 
> >  1 file changed, 740 insertions(+)
> >
> > diff --git a/include/odp/api/spec/comp.h b/include/odp/api/spec/comp.h
> > new file mode 100644 index 000..6c13ad4
> > --- /dev/null
> > +++ b/include/odp/api/spec/comp.h
> > @@ -0,0 +1,740 @@
> > +/*
> > + */
> > +
> > +/**
> > + * @file
> > + *
> > + * ODP Compression
> > + */
> > +
> > +#ifndef ODP_API_COMP_H_
> > +#define ODP_API_COMP_H_
> > +
> > +#include 
> > +#include 
> > +#include 
> > +
> > +#ifdef __cplusplus
> > +extern "C" {
> > +#endif
> > +
> > +/** @defgroup odp_compression ODP COMP
> > + *  ODP Compression defines interface to compress/decompress along
> > +with
> > hash
> > + *  operations.
> > + *
> > + *  Compression here implicitly refer to both compression and
> > decompression.
>
> Typo: implicitly.
>
> Actually, you could just say: "Compression API supports both compression
> and decompression operations."
>
>
> > + *  Example, compression algo 'deflate' mean both 'deflate' and
> > 'inflate'.
> > + *
> > + *  if opcode = ODP_COMP_COMPRESS, then it will Compress and/or apply
> > hash,
> > + *  if opcode = ODP_COMP_DECOMPRESS, then it will Decompress and/or
> > + apply
> > + *  hash.
>
> I think it would be better to have separate operations for compress and
> decompress. Application would typically call one on ingress side and the
> other on egress side, or maybe only one of those. Dual functionality would
> make sense if every second packet on the same code path would be compressed
> and every second decompressed, but I think that's not the case.
>
> Application will create either Compression session or Decompression
> session. so if two operations are requested simultaneously, then two
> sessions would be created where each session will have its specific
> operation context. So this way Compress and Decompress will be two separate
> operations.
>


> > + *
> > + *  Current version of interface allow Compression ONLY,and
> > + *  both Compression + hash ONLY sessions.
>
> What this comment tries to say. Decompression is not supported at all ? Or
>
- Decompression and Decompression+hash supported

"hashing only" is not supported yet.
>
-Yes "hashing only" not supported.

"Hashing only" should not be a target for this API.
> - Yes. it is not.
>


>
>
> > + *
> > + *  Macros, enums, types and operations to utilise compression.
> > + *  @{
> > + */
> > +
> > +/**
> > + * @def ODP_COMP_SESSION_INVALID
> > + * Invalid session handle
> > + */
> > +
> > +/**
> > + * @typedef odp_comp_session_t (platform dependent)
> > + * Comp API opaque session handle
>
> "Compression session handle"
>
> No need to mention opaque, as all ODP handles are opaque.
> Ack.
>
> > + */
> > +
> > +/**
> > + * @typedef odp_comp_compl_t
> > +* Compression API completion event (platform dependent)
>
> Remove "platform dependent", all opaque types are like that.
> Ack.
>
> > +*/
> > +
> > +/**
> > + * Compression API operation mode
> > + */
> > +typedef enum {
> > + /** Synchronous, return results immediately */
> > + ODP_COMP_SYNC,
> > + /** Asynchronous, return results via queue event */
> > + ODP_COMP_ASYNC,
> > +} odp_comp_op_mode_t;
> > +
> > +/**
> > + * Comp API operation type.
> > + *
> > + */
> > +typedef enum {
> > + /** Compress and/or Compu

[lng-odp] [PATCH API-NEXT v3 1/1] linux-generic: queue: modular queue interface

[Github ODP bot]

From: Honnappa Nagarahalli 

Created abstract queue type. Queue APIs and functions towards the
internal components are converted into function pointers.

Signed-off-by: Honnappa Nagarahalli 
---
/** Email created from pull request 43 (nagarahalli:api-next-mod-queue1)
 ** https://github.com/Linaro/odp/pull/43
 ** Patch: https://github.com/Linaro/odp/pull/43.patch
 ** Base sha: a9fc17e1bbef1c3585fd5de47e5023e4d66504f5
 ** Merge commit sha: 49f6b791fa55cbc0a3df53091dba738ac973454d
 **/
 .../include/odp_classification_datamodel.h |   4 +-
 .../include/odp_forward_typedefs_internal.h|   1 -
 .../linux-generic/include/odp_packet_io_queue.h|  20 +-
 .../linux-generic/include/odp_queue_internal.h |  43 ++---
 platform/linux-generic/include/odp_schedule_if.h   |  87 -
 .../include/odp_traffic_mngr_internal.h|   4 +-
 platform/linux-generic/odp_classification.c|  10 +-
 platform/linux-generic/odp_init.c  |  17 +-
 platform/linux-generic/odp_packet_io.c |  89 +
 platform/linux-generic/odp_queue.c | 215 -
 platform/linux-generic/odp_schedule.c  |   8 +-
 platform/linux-generic/odp_schedule_if.c   |  96 +
 platform/linux-generic/odp_schedule_iquery.c   |  11 +-
 platform/linux-generic/odp_schedule_sp.c   |   6 +-
 platform/linux-generic/odp_traffic_mngr.c  |  21 +-
 platform/linux-generic/pktio/loop.c|  12 +-
 16 files changed, 480 insertions(+), 164 deletions(-)

diff --git a/platform/linux-generic/include/odp_classification_datamodel.h 
b/platform/linux-generic/include/odp_classification_datamodel.h
index 9df756bf..e673a274 100644
--- a/platform/linux-generic/include/odp_classification_datamodel.h
+++ b/platform/linux-generic/include/odp_classification_datamodel.h
@@ -24,7 +24,7 @@ extern "C" {
 #include 
 #include 
 #include 
-#include 
+#include 
 #include 
 
 /* Maximum Class Of Service Entry */
@@ -85,7 +85,7 @@ typedef struct pmr_term_value {
 Class Of Service
 */
 struct cos_s {
-   queue_entry_t *queue;   /* Associated Queue */
+   queue_t queue;  /* Associated Queue */
odp_pool_t pool;/* Associated Buffer pool */
union pmr_u *pmr[ODP_PMR_PER_COS_MAX];  /* Chained PMR */
union cos_u *linked_cos[ODP_PMR_PER_COS_MAX]; /* Chained CoS with PMR*/
diff --git a/platform/linux-generic/include/odp_forward_typedefs_internal.h 
b/platform/linux-generic/include/odp_forward_typedefs_internal.h
index f8832f77..5213db71 100644
--- a/platform/linux-generic/include/odp_forward_typedefs_internal.h
+++ b/platform/linux-generic/include/odp_forward_typedefs_internal.h
@@ -23,7 +23,6 @@ extern "C" {
 #endif
 
 typedef struct odp_buffer_hdr_t odp_buffer_hdr_t;
-typedef union queue_entry_u queue_entry_t;
 
 #ifdef __cplusplus
 }
diff --git a/platform/linux-generic/include/odp_packet_io_queue.h 
b/platform/linux-generic/include/odp_packet_io_queue.h
index d1d4b225..c24dbb63 100644
--- a/platform/linux-generic/include/odp_packet_io_queue.h
+++ b/platform/linux-generic/include/odp_packet_io_queue.h
@@ -18,7 +18,7 @@
 extern "C" {
 #endif
 
-#include 
+#include 
 #include 
 #include 
 
@@ -28,20 +28,18 @@ extern "C" {
 ODP_STATIC_ASSERT(ODP_PKTIN_QUEUE_MAX_BURST >= QUEUE_MULTI_MAX,
  "ODP_PKTIN_DEQ_MULTI_MAX_ERROR");
 
-int pktin_enqueue(queue_entry_t *queue, odp_buffer_hdr_t *buf_hdr);
-odp_buffer_hdr_t *pktin_dequeue(queue_entry_t *queue);
+int pktin_enqueue(queue_t queue, odp_buffer_hdr_t *buf_hdr);
+odp_buffer_hdr_t *pktin_dequeue(queue_t queue);
 
-int pktin_enq_multi(queue_entry_t *queue, odp_buffer_hdr_t *buf_hdr[], int 
num);
-int pktin_deq_multi(queue_entry_t *queue, odp_buffer_hdr_t *buf_hdr[], int 
num);
+int pktin_enq_multi(queue_t queue, odp_buffer_hdr_t *buf_hdr[], int num);
+int pktin_deq_multi(queue_t queue, odp_buffer_hdr_t *buf_hdr[], int num);
 
 
-int pktout_enqueue(queue_entry_t *queue, odp_buffer_hdr_t *buf_hdr);
-odp_buffer_hdr_t *pktout_dequeue(queue_entry_t *queue);
+int pktout_enqueue(queue_t queue, odp_buffer_hdr_t *buf_hdr);
+odp_buffer_hdr_t *pktout_dequeue(queue_t queue);
 
-int pktout_enq_multi(queue_entry_t *queue, odp_buffer_hdr_t *buf_hdr[],
-int num);
-int pktout_deq_multi(queue_entry_t *queue, odp_buffer_hdr_t *buf_hdr[],
-int num);
+int pktout_enq_multi(queue_t queue, odp_buffer_hdr_t *buf_hdr[], int num);
+int pktout_deq_multi(queue_t queue, odp_buffer_hdr_t *buf_hdr[], int num);
 
 #ifdef __cplusplus
 }
diff --git a/platform/linux-generic/include/odp_queue_internal.h 
b/platform/linux-generic/include/odp_queue_internal.h
index 560f826e..e60f6187 100644
--- a/platform/linux-generic/include/odp_queue_internal.h
+++ b/platform/linux-generic/include/odp_queue_internal.h
@@ -29,26 +29,12 @@ extern "C" {
 #include 
 #include 
 
-#define QUEUE_MULTI_MAX CONFIG_BURST_SIZE
-
 #define QUEUE_STATUS_F

[lng-odp] [PATCH API-NEXT v3 0/1] Modular queue interface

[Github ODP bot]

github
/** Email created from pull request 43 (nagarahalli:api-next-mod-queue1)
 ** https://github.com/Linaro/odp/pull/43
 ** Patch: https://github.com/Linaro/odp/pull/43.patch
 ** Base sha: a9fc17e1bbef1c3585fd5de47e5023e4d66504f5
 ** Merge commit sha: 49f6b791fa55cbc0a3df53091dba738ac973454d
 **/
/github

checkpatch.pl
WARNING: externs should be avoided in .c files
#1166: FILE: platform/linux-generic/odp_schedule_if.c:9:
+extern const queue_api_t queue_default_api;

WARNING: externs should be avoided in .c files
#1167: FILE: platform/linux-generic/odp_schedule_if.c:10:
+extern const queue_fn_t queue_default_fn;

total: 0 errors, 2 warnings, 0 checks, 1264 lines checked


to_send-p-000.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
/checkpatch.pl

Re: [lng-odp] [API-NEXT PATCH v6 6/6] Add scalable scheduler

[Honnappa Nagarahalli]

On 1 June 2017 at 01:26, Elo, Matias (Nokia - FI/Espoo)
 wrote:
>
>> On 31 May 2017, at 23:53, Bill Fischofer  wrote:
>>
>> On Wed, May 31, 2017 at 8:12 AM, Elo, Matias (Nokia - FI/Espoo)
>>  wrote:
>>>
>> What’s the purpose of calling ord_enq_multi() here? To save (stash)
>> packets if the thread is out-of-order?
>> And when the thread is in-order, it is re-enqueueing the packets which
>> again will invoke pktout_enqueue/pktout_enq_multi but this time
>> ord_enq_multi() will not save the packets, instead they will actually be
>> transmitted by odp_pktout_send()?
>>
>
> Since transmitting packets may fail, out-of-order packets cannot be
> stashed here.
 You mean that the TX queue of the pktio might be full so not all packets
 will actually be enqueued for transmission.
>>>
>>> Yep.
>>>
 This is an interesting case but is it a must to know how many packets are
 actually accepted? Packets can always be dropped without notice, the
 question is from which point this is acceptable. If packets enqueued onto
 a pktout (egress) queue are accepted, this means that they must also be
 put onto the driver TX queue (as done by odp_pktout_send)?

>>>
>>> Currently, the packet_io/queue APIs don't say anything about packets being
>>> possibly dropped after successfully calling odp_queue_enq() to a pktout
>>> event queue. So to be consistent with standard odp_queue_enq() operations I
>>> think it is better to return the number of events actually accepted to the 
>>> TX queue.
>>>
>>> To have more leeway one option would be to modify the API documentation to
>>> state that packets may still be dropped after a successful odp_queue_enq() 
>>> call
>>> before reaching the NIC. If the application would like to be sure that the
>>> packets are actually sent, it should use odp_pktout_send() instead.
>>
>> Ordered queues simply say that packets will be delivered to the next
>> queue in the pipeline in the order they originated from their source
>> queue. What happens after that depends on the attributes of the target
>> queue. If the target queue is an exit point from the application, then
>> this is outside of ODP's scope.
>
> My point was that with stashing the application has no way of knowing if an
> ordered pktout enqueue call actually succeed. In case of parallel and atomic
> queues it does. So my question is, is this acceptable?
>
Also, currently, it is not possible for the application to have a
consistent 'wait/drop on destination queue full' policy for all the
queue types.
>

[lng-odp] [Bug 3017] Travis: time main test out of boundaries

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3017

--- Comment #4 from Maxim Uvarov  ---
https://github.com/Linaro/odp/commit/14bebe8bac40b2b0f4a00cce4ef9a7031cc1b8cc
2017-06-01T17:43:16+03:00
Maxim Uvarov maxim.uva...@linaro.org
test: time: do not fail under gcov

code coverage gcov make test very slow and it does not pass
accepted boundaries. Test if env TEST=coverage variable is set
and do no generate fail result if some boundaries are missing.
https://bugs.linaro.org/show_bug.cgi?id=3017

Signed-off-by: Maxim Uvarov 
Reviewed-by: Bill Fischofer 

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

[lng-odp] [Linaro/odp] f0483a: validation: crypto: add stubs for sha-1 and sha-51...

[GitHub]

  Branch: refs/heads/next
  Home:   https://github.com/Linaro/odp
  Commit: f0483afab9c4a75210e1bd9a66b37432eafa6e3a
  
https://github.com/Linaro/odp/commit/f0483afab9c4a75210e1bd9a66b37432eafa6e3a
  Author: Petri Savolainen 
  Date:   2017-05-30 (Tue, 30 May 2017)

  Changed paths:
M test/common_plat/validation/api/crypto/crypto.h
M test/common_plat/validation/api/crypto/odp_crypto_test_inp.c

  Log Message:
  ---
  validation: crypto: add stubs for sha-1 and sha-512 tests

API enumerations are tested but functional tests are missing still.

Signed-off-by: Petri Savolainen 
Reviewed-by: Dmitry Eremin-Solenikov 
Signed-off-by: Maxim Uvarov 


  Commit: 14bebe8bac40b2b0f4a00cce4ef9a7031cc1b8cc
  
https://github.com/Linaro/odp/commit/14bebe8bac40b2b0f4a00cce4ef9a7031cc1b8cc
  Author: Maxim Uvarov 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M test/common_plat/validation/api/time/Makefile.am
A test/common_plat/validation/api/time/time.sh
M test/linux-generic/Makefile.am

  Log Message:
  ---
  test: time: do not fail under gcov

code coverage gcov make test very slow and it does not pass
accepted boundaries. Test if env TEST=coverage variable is set
and do no generate fail result if some boundaries are missing.
https://bugs.linaro.org/show_bug.cgi?id=3017

Signed-off-by: Maxim Uvarov 
Reviewed-by: Bill Fischofer 


Compare: https://github.com/Linaro/odp/compare/dbec145ddcf4...14bebe8bac40

[lng-odp] [Bug 3017] Travis: time main test out of boundaries

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3017

--- Comment #3 from Maxim Uvarov  ---
https://github.com/Linaro/odp/commit/7a7e3ff9d50d67b7c79058db98ba27ab5a806437
2017-06-01T16:04:07+03:00
Maxim Uvarov maxim.uva...@linaro.org
test: time: do not fail under gcov

code coverage gcov make test very slow and it does not pass
accepted boundaries. Test if env TEST=coverage variable is set
and do no generate fail result if some boundaries are missing.
https://bugs.linaro.org/show_bug.cgi?id=3017

Signed-off-by: Maxim Uvarov 
Reviewed-by: Bill Fischofer 

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.

[lng-odp] [Linaro/odp] 7a7e3f: test: time: do not fail under gcov

[GitHub]

  Branch: refs/heads/api-next
  Home:   https://github.com/Linaro/odp
  Commit: 7a7e3ff9d50d67b7c79058db98ba27ab5a806437
  
https://github.com/Linaro/odp/commit/7a7e3ff9d50d67b7c79058db98ba27ab5a806437
  Author: Maxim Uvarov 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M test/common_plat/validation/api/time/Makefile.am
A test/common_plat/validation/api/time/time.sh
M test/linux-generic/Makefile.am

  Log Message:
  ---
  test: time: do not fail under gcov

code coverage gcov make test very slow and it does not pass
accepted boundaries. Test if env TEST=coverage variable is set
and do no generate fail result if some boundaries are missing.
https://bugs.linaro.org/show_bug.cgi?id=3017

Signed-off-by: Maxim Uvarov 
Reviewed-by: Bill Fischofer 


  Commit: a9fc17e1bbef1c3585fd5de47e5023e4d66504f5
  
https://github.com/Linaro/odp/commit/a9fc17e1bbef1c3585fd5de47e5023e4d66504f5
  Author: Maxim Uvarov 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M test/common_plat/validation/api/time/Makefile.am
A test/common_plat/validation/api/time/time.sh
M test/linux-generic/Makefile.am

  Log Message:
  ---
  Merge branch 'master' into api-next

Signed-off-by: Maxim Uvarov 


Compare: https://github.com/Linaro/odp/compare/b67bfce457a7...a9fc17e1bbef

Re: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface

[Verma, Shally]

Regards
Shally

-Original Message-
From: Savolainen, Petri (Nokia - FI/Espoo) [mailto:petri.savolai...@nokia.com] 
Sent: 01 June 2017 18:20
To: Shally Verma ; lng-odp@lists.linaro.org
Cc: Challa, Mahipal ; Narayana, Prasad Athreya 
; Verma, Shally 
Subject: RE: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface



> -Original Message-
> From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of 
> Shally Verma
> Sent: Monday, May 22, 2017 9:55 AM
> To: lng-odp@lists.linaro.org
> Cc: Mahipal Challa ; pathr...@cavium.com; Shally 
> Verma 
> Subject: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface
> 

A short description (5-10 lines) about the new API should be added here.

For example: what kind of compression this API offers. How it's used. Which 
kind of applications typical use it.

Current ODP Comp interface is designed to support widely used lossless data 
compression schemes : deflate, zlib and lzs.
Typical applications include (but not limited to ) IPComp, other application 
and transport layer protocols such as HTTP compression.

Changes from V2:
Add separate API for sync and async operation, 
Add separate API to load dictionary, 
Removed SHA only support from compression interface, 
Rename SHA operations as hash operation.
Add reference odp_packet_data_range_t for accessing packet buffer


> Signed-off-by: Shally Verma 
> Signed-off-by: Mahipal Challa 
> ---
>  include/odp/api/spec/comp.h | 740
> 
>  1 file changed, 740 insertions(+)
> 
> diff --git a/include/odp/api/spec/comp.h b/include/odp/api/spec/comp.h 
> new file mode 100644 index 000..6c13ad4
> --- /dev/null
> +++ b/include/odp/api/spec/comp.h
> @@ -0,0 +1,740 @@
> +/*
> + */
> +
> +/**
> + * @file
> + *
> + * ODP Compression
> + */
> +
> +#ifndef ODP_API_COMP_H_
> +#define ODP_API_COMP_H_
> +
> +#include 
> +#include 
> +#include 
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +/** @defgroup odp_compression ODP COMP
> + *  ODP Compression defines interface to compress/decompress along 
> +with
> hash
> + *  operations.
> + *
> + *  Compression here implicilty refer to both compression and
> decompression.

Typo: implicitly.

Actually, you could just say: "Compression API supports both compression and 
decompression operations."


> + *  Example, compression algo 'deflate' mean both 'deflate' and
> 'inflate'.
> + *
> + *  if opcode = ODP_COMP_COMPRESS, then it will Compress and/or apply
> hash,
> + *  if opcode = ODP_COMP_DECOMPRESS, then it will Decompress and/or 
> + apply
> + *  hash.

I think it would be better to have separate operations for compress and 
decompress. Application would typically call one on ingress side and the other 
on egress side, or maybe only one of those. Dual functionality would make sense 
if every second packet on the same code path would be compressed and every 
second decompressed, but I think that's not the case.


> + *
> + *  Current version of interface allow Compression ONLY,and
> + *  both Compression + hash ONLY sessions.

What this comment tries to say. Decompression is not supported at all ? Or 
"hashing only" is not supported yet. "Hashing only" should not be a target for 
this API.



> + *
> + *  Macros, enums, types and operations to utilise compression.
> + *  @{
> + */
> +
> +/**
> + * @def ODP_COMP_SESSION_INVALID
> + * Invalid session handle
> + */
> +
> +/**
> + * @typedef odp_comp_session_t (platform dependent)
> + * Comp API opaque session handle

"Compression session handle"

No need to mention opaque, as all ODP handles are opaque.


> + */
> +
> +/**
> + * @typedef odp_comp_compl_t
> +* Compression API completion event (platform dependent)

Remove "platform dependent", all opaque types are like that.


> +*/
> +
> +/**
> + * Compression API operation mode
> + */
> +typedef enum {
> + /** Synchronous, return results immediately */
> + ODP_COMP_SYNC,
> + /** Asynchronous, return results via queue event */
> + ODP_COMP_ASYNC,
> +} odp_comp_op_mode_t;
> +
> +/**
> + * Comp API operation type.
> + *
> + */
> +typedef enum {
> + /** Compress and/or Compute digest  */
> + ODP_COMP_OP_COMPRESS,
> + /** Decompress and/or Compute digest */
> + ODP_COMP_OP_DECOMPRESS,
> +} odp_comp_op_t;

Maybe we get rid of this. Anyway, *or* compute digest is wrong. Digest don't 
need to be mentioned here at all.

> +
> +/**
> + * Comp API hash algorithm
> + *
> + */
> +typedef enum {
> + /** ODP_COMP_HASH_ALG_NONE*/
> + ODP_COMP_HASH_ALG_NONE,
> + /** ODP_COMP_HASH_ALG_SHA1*/
> + ODP_COMP_HASH_ALG_SHA1,
> + /**  ODP_COMP_HASH_ALG_SHA256*/
> + ODP_COMP_HASH_ALG_SHA256
> +} odp_comp_hash_alg_t;
> +
> +/**
> + * Comp API compression algorithm
> + *
> + */
> +typedef enum {
> + /** No algorithm specified.
> + * Means no compression, no output provided.
> + */
> + ODP_COMP_ALG_NULL,

Isn't output of null == input data. So, there's *output* 

Re: [lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Maxim Uvarov]

On 06/01/17 13:52, Matias Elo wrote:
> A system may simultaneously support multiple huge page sizes. Add a new API
> function odp_sys_huge_page_size_all() which returns all supported page
> sizes. odp_sys_huge_page_size() stays unmodified to maintain backward
> compatibility.
> 
> Signed-off-by: Matias Elo 
> ---
>  include/odp/api/spec/system_info.h | 19 +++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/include/odp/api/spec/system_info.h 
> b/include/odp/api/spec/system_info.h
> index ca4dcdc..c41d3c5 100644
> --- a/include/odp/api/spec/system_info.h
> +++ b/include/odp/api/spec/system_info.h
> @@ -27,10 +27,29 @@ extern "C" {
>   * Default system huge page size in bytes
>   *
>   * @return Default huge page size in bytes
> + * @retval 0 on no huge pages
>   */
>  uint64_t odp_sys_huge_page_size(void);
>  
>  /**
> + * System huge page sizes in bytes
> + *
> + * Returns the number of huge page sizes supported by the system. Outputs up 
> to
> + * 'num' sizes when the 'size' array pointer is not NULL. If return value is
> + * larger than 'num', there are more supported sizes than the function was
> + * allowed to output. If return value (N) is less than 'num', only sizes
> + * [0 ... N-1] have been written. Returned values are ordered from smallest 
> to
> + * largest.
> + *
> + * @param[out] size Points to an array of huge page sizes for output
> + * @param  num  Maximum number of huge page sizes to output
> + *
> + * @return Number of supported huge page sizes
> + * @retval 0 on no huge pages
> + */
> +unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);
> +

I think it has to be int. -1 on error, 0 - no hp, > 0 pages.
For linux it might be similar to getpagesizes()
https://linux.die.net/man/3/getpagesizes
"""
if pagesizes is NULL and n_elem is 0, then the number of pages the
system supports is returned. Otherwise, pagesizes is filled with at most
n_elem page sizes.
"""


num might be better to set to int also.

For size uint64_t looks like ok.

But why do we need this inside ODP? It time be reasonable to say that
it's number of pages/sizes visible to current ODP instance (i.e. not the
system global.)

Maxim.

> +/**
>   * Page size in bytes
>   *
>   * @return Page size in bytes
> 

[lng-odp] [Bug 3017] Travis: time main test out of boundaries

[bugzilla-daemon]

https://bugs.linaro.org/show_bug.cgi?id=3017

--- Comment #2 from Maxim Uvarov  ---
https://github.com/Linaro/odp/commit/7a7e3ff9d50d67b7c79058db98ba27ab5a806437
2017-06-01T16:04:07+03:00
Maxim Uvarov maxim.uva...@linaro.org
test: time: do not fail under gcov

code coverage gcov make test very slow and it does not pass
accepted boundaries. Test if env TEST=coverage variable is set
and do no generate fail result if some boundaries are missing.
https://bugs.linaro.org/show_bug.cgi?id=3017

Signed-off-by: Maxim Uvarov 
Reviewed-by: Bill Fischofer 

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.

[lng-odp] [Linaro/odp] 7a7e3f: test: time: do not fail under gcov

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/Linaro/odp
  Commit: 7a7e3ff9d50d67b7c79058db98ba27ab5a806437
  
https://github.com/Linaro/odp/commit/7a7e3ff9d50d67b7c79058db98ba27ab5a806437
  Author: Maxim Uvarov 
  Date:   2017-06-01 (Thu, 01 Jun 2017)

  Changed paths:
M test/common_plat/validation/api/time/Makefile.am
A test/common_plat/validation/api/time/time.sh
M test/linux-generic/Makefile.am

  Log Message:
  ---
  test: time: do not fail under gcov

code coverage gcov make test very slow and it does not pass
accepted boundaries. Test if env TEST=coverage variable is set
and do no generate fail result if some boundaries are missing.
https://bugs.linaro.org/show_bug.cgi?id=3017

Signed-off-by: Maxim Uvarov 
Reviewed-by: Bill Fischofer 

Re: [lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Elo, Matias (Nokia - FI/Espoo)]

Thanks, will do.

-Matias

> On 1 Jun 2017, at 15:44, Bill Fischofer  wrote:
> 
> This still needs implementation, validation tests, and doc updates to
> be complete.
> 
> On Thu, Jun 1, 2017 at 5:52 AM, Matias Elo  wrote:
>> A system may simultaneously support multiple huge page sizes. Add a new API
>> function odp_sys_huge_page_size_all() which returns all supported page
>> sizes. odp_sys_huge_page_size() stays unmodified to maintain backward
>> compatibility.
>> 
>> Signed-off-by: Matias Elo 
> 
> Reviewed-by: Bill Fischofer 
> 
>> ---
>> include/odp/api/spec/system_info.h | 19 +++
>> 1 file changed, 19 insertions(+)
>> 
>> diff --git a/include/odp/api/spec/system_info.h 
>> b/include/odp/api/spec/system_info.h
>> index ca4dcdc..c41d3c5 100644
>> --- a/include/odp/api/spec/system_info.h
>> +++ b/include/odp/api/spec/system_info.h
>> @@ -27,10 +27,29 @@ extern "C" {
>>  * Default system huge page size in bytes
>>  *
>>  * @return Default huge page size in bytes
>> + * @retval 0 on no huge pages
>>  */
>> uint64_t odp_sys_huge_page_size(void);
>> 
>> /**
>> + * System huge page sizes in bytes
>> + *
>> + * Returns the number of huge page sizes supported by the system. Outputs 
>> up to
>> + * 'num' sizes when the 'size' array pointer is not NULL. If return value is
>> + * larger than 'num', there are more supported sizes than the function was
>> + * allowed to output. If return value (N) is less than 'num', only sizes
>> + * [0 ... N-1] have been written. Returned values are ordered from smallest 
>> to
>> + * largest.
>> + *
>> + * @param[out] size Points to an array of huge page sizes for output
>> + * @param  num  Maximum number of huge page sizes to output
>> + *
>> + * @return Number of supported huge page sizes
>> + * @retval 0 on no huge pages
>> + */
>> +unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);
>> +
>> +/**
>>  * Page size in bytes
>>  *
>>  * @return Page size in bytes
>> --
>> 2.7.4
>> 

Re: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface

[Savolainen, Petri (Nokia - FI/Espoo)]

> -Original Message-
> From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of
> Shally Verma
> Sent: Monday, May 22, 2017 9:55 AM
> To: lng-odp@lists.linaro.org
> Cc: Mahipal Challa ; pathr...@cavium.com; Shally Verma
> 
> Subject: [lng-odp] [RFC, API-NEXT v3 1/1] comp: compression interface
> 

A short description (5-10 lines) about the new API should be added here.

For example: what kind of compression this API offers. How it's used. Which 
kind of applications typical use it.


> Signed-off-by: Shally Verma 
> Signed-off-by: Mahipal Challa 
> ---
>  include/odp/api/spec/comp.h | 740
> 
>  1 file changed, 740 insertions(+)
> 
> diff --git a/include/odp/api/spec/comp.h b/include/odp/api/spec/comp.h
> new file mode 100644
> index 000..6c13ad4
> --- /dev/null
> +++ b/include/odp/api/spec/comp.h
> @@ -0,0 +1,740 @@
> +/*
> + */
> +
> +/**
> + * @file
> + *
> + * ODP Compression
> + */
> +
> +#ifndef ODP_API_COMP_H_
> +#define ODP_API_COMP_H_
> +
> +#include 
> +#include 
> +#include 
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +/** @defgroup odp_compression ODP COMP
> + *  ODP Compression defines interface to compress/decompress along with
> hash
> + *  operations.
> + *
> + *  Compression here implicilty refer to both compression and
> decompression.

Typo: implicitly.

Actually, you could just say: "Compression API supports both compression and 
decompression operations."


> + *  Example, compression algo 'deflate' mean both 'deflate' and
> 'inflate'.
> + *
> + *  if opcode = ODP_COMP_COMPRESS, then it will Compress and/or apply
> hash,
> + *  if opcode = ODP_COMP_DECOMPRESS, then it will Decompress and/or apply
> + *  hash.

I think it would be better to have separate operations for compress and 
decompress. Application would typically call one on ingress side and the other 
on egress side, or maybe only one of those. Dual functionality would make sense 
if every second packet on the same code path would be compressed and every 
second decompressed, but I think that's not the case.


> + *
> + *  Current version of interface allow Compression ONLY,and
> + *  both Compression + hash ONLY sessions.

What this comment tries to say. Decompression is not supported at all ? Or 
"hashing only" is not supported yet. "Hashing only" should not be a target for 
this API.



> + *
> + *  Macros, enums, types and operations to utilise compression.
> + *  @{
> + */
> +
> +/**
> + * @def ODP_COMP_SESSION_INVALID
> + * Invalid session handle
> + */
> +
> +/**
> + * @typedef odp_comp_session_t (platform dependent)
> + * Comp API opaque session handle

"Compression session handle"

No need to mention opaque, as all ODP handles are opaque.


> + */
> +
> +/**
> + * @typedef odp_comp_compl_t
> +* Compression API completion event (platform dependent)

Remove "platform dependent", all opaque types are like that.


> +*/
> +
> +/**
> + * Compression API operation mode
> + */
> +typedef enum {
> + /** Synchronous, return results immediately */
> + ODP_COMP_SYNC,
> + /** Asynchronous, return results via queue event */
> + ODP_COMP_ASYNC,
> +} odp_comp_op_mode_t;
> +
> +/**
> + * Comp API operation type.
> + *
> + */
> +typedef enum {
> + /** Compress and/or Compute digest  */
> + ODP_COMP_OP_COMPRESS,
> + /** Decompress and/or Compute digest */
> + ODP_COMP_OP_DECOMPRESS,
> +} odp_comp_op_t;

Maybe we get rid of this. Anyway, *or* compute digest is wrong. Digest don't 
need to be mentioned here at all.

> +
> +/**
> + * Comp API hash algorithm
> + *
> + */
> +typedef enum {
> + /** ODP_COMP_HASH_ALG_NONE*/
> + ODP_COMP_HASH_ALG_NONE,
> + /** ODP_COMP_HASH_ALG_SHA1*/
> + ODP_COMP_HASH_ALG_SHA1,
> + /**  ODP_COMP_HASH_ALG_SHA256*/
> + ODP_COMP_HASH_ALG_SHA256
> +} odp_comp_hash_alg_t;
> +
> +/**
> + * Comp API compression algorithm
> + *
> + */
> +typedef enum {
> + /** No algorithm specified.
> + * Means no compression, no output provided.
> + */
> + ODP_COMP_ALG_NULL,

Isn't output of null == input data. So, there's *output* but no 
*transformation*. Also it could be mentioned that this is only for testing 
purposes (not for generic hash offload).


> + /** DEFLATE -
> + * implicit Inflate in case of decode operation.
> + */


You just need to specify the algorithm accurately: e.g. Deflate algorithm as 
specified RFC 1951 etc.

No need to mention inflate if it's not a specific algorithm but just the 
decomposes operation of Deflate.


> + ODP_COMP_ALG_DEFLATE,
> + /** ZLIB-RFC1950 */
> + ODP_COMP_ALG_ZLIB,
> + /** LZS*/
> + ODP_COMP_ALG_LZS
> +} odp_comp_alg_t;
> +
> +/**
> + * Comp API session creation return code
> + *
> + */
> +typedef enum {
> + /** Session created */
> + ODP_COMP_SES_CREATE_ERR_NONE,
> + /** Creation failed, no resources */
> + ODP_COMP_SES_CREATE_ERR_ENOMEM,
> + /** Creation failed, bad compression 

Re: [lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Bill Fischofer]

This still needs implementation, validation tests, and doc updates to
be complete.

On Thu, Jun 1, 2017 at 5:52 AM, Matias Elo  wrote:
> A system may simultaneously support multiple huge page sizes. Add a new API
> function odp_sys_huge_page_size_all() which returns all supported page
> sizes. odp_sys_huge_page_size() stays unmodified to maintain backward
> compatibility.
>
> Signed-off-by: Matias Elo 

Reviewed-by: Bill Fischofer 

> ---
>  include/odp/api/spec/system_info.h | 19 +++
>  1 file changed, 19 insertions(+)
>
> diff --git a/include/odp/api/spec/system_info.h 
> b/include/odp/api/spec/system_info.h
> index ca4dcdc..c41d3c5 100644
> --- a/include/odp/api/spec/system_info.h
> +++ b/include/odp/api/spec/system_info.h
> @@ -27,10 +27,29 @@ extern "C" {
>   * Default system huge page size in bytes
>   *
>   * @return Default huge page size in bytes
> + * @retval 0 on no huge pages
>   */
>  uint64_t odp_sys_huge_page_size(void);
>
>  /**
> + * System huge page sizes in bytes
> + *
> + * Returns the number of huge page sizes supported by the system. Outputs up 
> to
> + * 'num' sizes when the 'size' array pointer is not NULL. If return value is
> + * larger than 'num', there are more supported sizes than the function was
> + * allowed to output. If return value (N) is less than 'num', only sizes
> + * [0 ... N-1] have been written. Returned values are ordered from smallest 
> to
> + * largest.
> + *
> + * @param[out] size Points to an array of huge page sizes for output
> + * @param  num  Maximum number of huge page sizes to output
> + *
> + * @return Number of supported huge page sizes
> + * @retval 0 on no huge pages
> + */
> +unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);
> +
> +/**
>   * Page size in bytes
>   *
>   * @return Page size in bytes
> --
> 2.7.4
>

Re: [lng-odp] Release needed

[Savolainen, Petri (Nokia - FI/Espoo)]

After quick comparison between next and api-next: ipsec.h should not yet be in 
next branch == not in next release.

Also, it would be good to have these in next release
 * checkpatch/spelling (master)
 * crypto bug fixes/missing implementation series (api-next)

-Petri


From: Maxim Uvarov [mailto:maxim.uva...@linaro.org] 
Sent: Wednesday, May 24, 2017 10:41 AM
To: Savolainen, Petri (Nokia - FI/Espoo) 
Cc: Bill Fischofer ; LNG ODP Mailman List 

Subject: Re: Release needed

Ok, thanks for details. I will try to prepare release according to your list on 
this week.

On 24 May 2017 at 10:38, Savolainen, Petri (Nokia - FI/Espoo) 
 wrote:
Hi,

It's already two months since 1.14 release. We have again missed the target of 
a release per month. Additionally, we have bunch of stuff in api-next that 
could move to master, and thus to the next release.

From api-next these API spec files (or parts) are OK to move into master:
* entire classification.h
  * fix doxygen warnings
* entire crypto.h
  * new deprecation support
  * SHA1 and SHA512 enumerations
  * odp_packet_data_range_t
  * addition of auth_digest_len and AAD config
* entire hints.h
  * new deprecation support
* partial packet.h
  * addition of odp_packet_data_range_t
  * keep in api-next: chksum_insert
* partial packet_io.h
  * addition of parse config
  * keep in api-next: ipsec config
* entire pool.h
  * fix doxygen warnings
* entire queue.h
  * addition of queue size capa / param
* entire support.h
  * new file and type
* entire system_info.h
  * added sys_info_print()
* entire time.h
  * removed time_to_u64()
* entire tm.h
  * fix doxygen warnings

-Petri

Re: [lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Elo, Matias (Nokia - FI/Espoo)]

>>> + *
>>> + * @param[out] size Points to an array of huge page sizes for output
>>> + * @param  num  Maximum number of huge page sizes to output
>>> + *
>>> + * @return Number of supported huge page sizes
>>> + * @retval 0 on no huge pages
>>> + */
>>> +unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);
> 
> Would it make sense to have an odp_sys_hube_page_size_num() API that
> returned the number of huge page sizes available? As currently defined
> that would be a shorthand for odp_sys_huge_page_size_all() with num ==
> 0.

As you noted the same thing can already be done with this function. Since 
reading
the number of supported huge page sizes is not a fast path operation I don't see
much motivation for a separate function. Additionally, we already have similar 
API
functions e.g. odp_pktin_event_queue(), odp_pktout_queue().

-Matias

Re: [lng-odp] [PATCH 1/2] scripts: checkpatch: revert code modification

[Bill Fischofer]

For this series:

Reviewed-by: Bill Fischofer 

On Thu, Jun 1, 2017 at 2:18 AM, Petri Savolainen
 wrote:
> Checkpatch code should not be modified directly. When the code
> is updated to a next version, any local modifications would
> be lost and needed to be done again.
>
> Camelcase check is enabled again. Exceptions to camelcase are
> allowed e.g. when calling an external library interface.
>
> Signed-off-by: Petri Savolainen 
> ---
>  scripts/checkpatch.pl | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
> index 1c27ac60..16316b92 100755
> --- a/scripts/checkpatch.pl
> +++ b/scripts/checkpatch.pl
> @@ -4273,7 +4273,7 @@ sub process {
> 
> $camelcase_file_seeded = 1;
> }
> }
> -   if (!defined $camelcase{$word} && 0) {
> +   if (!defined $camelcase{$word}) {
> $camelcase{$word} = 1;
> CHK("CAMELCASE",
> "Avoid CamelCase: 
> <$word>\n" . $herecurr);
> @@ -4620,7 +4620,7 @@ sub process {
>
>  # no volatiles please
> my $asm_volatile = 
> qr{\b(__asm__|asm)\s+(__volatile__|volatile)\b};
> -   if ($line =~ /\bvolatile\b/ && 0 && $line !~ /$asm_volatile/) 
> {
> +   if ($line =~ /\bvolatile\b/ && $line !~ /$asm_volatile/) {
> WARN("VOLATILE",
>  "Use of volatile is usually wrong: see 
> Documentation/volatile-considered-harmful.txt\n" . $herecurr);
> }
> @@ -5134,7 +5134,7 @@ sub process {
> if (defined $cond) {
> substr($s, 0, length($cond), '');
> }
> -   if ($s =~ /^\s*;/ && 0 &&
> +   if ($s =~ /^\s*;/ &&
> $function_name ne 'uninitialized_var')
> {
> WARN("AVOID_EXTERNS",
> --
> 2.11.0
>

Re: [lng-odp] [PATCH] validation: shmem: fix odp_shm_info_t page_size test

[Bill Fischofer]

On Fri, May 5, 2017 at 8:58 AM, Matias Elo  wrote:
> The old test wasn't valid, since a system may support multiple huge page
> sizes. As odp_sys_huge_page_size() returns currently only a single value
> more precise test than 'page_size != 0' cannot be performed.
>
> Signed-off-by: Matias Elo 

Reviewed-by: Bill Fischofer 

> ---
>  test/common_plat/validation/api/shmem/shmem.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/test/common_plat/validation/api/shmem/shmem.c 
> b/test/common_plat/validation/api/shmem/shmem.c
> index 0e757a7..2fda42b 100644
> --- a/test/common_plat/validation/api/shmem/shmem.c
> +++ b/test/common_plat/validation/api/shmem/shmem.c
> @@ -96,8 +96,7 @@ static int run_test_basic_thread(void *arg ODP_UNUSED)
> CU_ASSERT(0 == info.flags);
> CU_ASSERT(shared_test_data == info.addr);
> CU_ASSERT(sizeof(shared_test_data_t) <= info.size);
> -   CU_ASSERT((info.page_size == odp_sys_huge_page_size()) ||
> - (info.page_size == odp_sys_page_size()))
> +   CU_ASSERT(info.page_size != 0);
> odp_shm_print_all();
>
> fflush(stdout);
> --
> 2.7.4
>

Re: [lng-odp] [PATCH] scripts: spelling: update to latest version

[Bill Fischofer]

On Thu, Jun 1, 2017 at 6:00 AM, Petri Savolainen
 wrote:
> Updated Linux spelling file to it's latest version.
>
> Signed-off-by: Petri Savolainen 

Reviewed-by: Bill Fischofer 

> ---
>  scripts/spelling.txt | 151 
> +--
>  1 file changed, 147 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/spelling.txt b/scripts/spelling.txt
> index bb8e4d0a..eb38f49d 100644
> --- a/scripts/spelling.txt
> +++ b/scripts/spelling.txt
> @@ -16,6 +16,7 @@ absense||absence
>  absolut||absolute
>  absoulte||absolute
>  acccess||access
> +acceess||access
>  acceleratoin||acceleration
>  accelleration||acceleration
>  accesing||accessing
> @@ -32,19 +33,23 @@ accoring||according
>  accout||account
>  accquire||acquire
>  accquired||acquired
> +accross||across
>  acessable||accessible
>  acess||access
>  achitecture||architecture
>  acient||ancient
>  acitions||actions
>  acitve||active
> -acknowldegement||acknowldegement
> +acknowldegement||acknowledgment
>  acknowledgement||acknowledgment
>  ackowledge||acknowledge
>  ackowledged||acknowledged
>  acording||according
>  activete||activate
> +actived||activated
> +actualy||actually
>  acumulating||accumulating
> +acumulator||accumulator
>  adapater||adapter
>  addional||additional
>  additionaly||additionally
> @@ -59,16 +64,22 @@ adress||address
>  adresses||addresses
>  adviced||advised
>  afecting||affecting
> +againt||against
>  agaist||against
>  albumns||albums
>  alegorical||allegorical
> +algined||aligned
>  algorith||algorithm
>  algorithmical||algorithmically
>  algoritm||algorithm
>  algoritms||algorithms
>  algorrithm||algorithm
>  algorritm||algorithm
> +aligment||alignment
> +alignement||alignment
>  allign||align
> +alligned||aligned
> +allocatote||allocate
>  allocatrd||allocated
>  allocte||allocate
>  allpication||application
> @@ -83,6 +94,10 @@ alue||value
>  ambigious||ambiguous
>  amoung||among
>  amout||amount
> +an union||a union
> +an user||a user
> +an userspace||a userspace
> +an one||a one
>  analysator||analyzer
>  ang||and
>  anniversery||anniversary
> @@ -95,13 +110,16 @@ appearence||appearance
>  applicaion||application
>  appliction||application
>  applictions||applications
> +applys||applies
>  appplications||applications
>  appropiate||appropriate
>  appropriatly||appropriately
>  approriate||appropriate
>  approriately||appropriately
> +apropriate||appropriate
>  aquainted||acquainted
>  aquired||acquired
> +aquisition||acquisition
>  arbitary||arbitrary
>  architechture||architecture
>  arguement||argument
> @@ -111,6 +129,8 @@ arne't||aren't
>  arraival||arrival
>  artifical||artificial
>  artillary||artillery
> +asign||assign
> +assertation||assertion
>  assiged||assigned
>  assigment||assignment
>  assigments||assignments
> @@ -125,6 +145,7 @@ asycronous||asynchronous
>  asynchnous||asynchronous
>  atomatically||automatically
>  atomicly||atomically
> +atempt||attempt
>  attachement||attachment
>  attched||attached
>  attemps||attempts
> @@ -136,6 +157,7 @@ automatize||automate
>  automatized||automated
>  automatizes||automates
>  autonymous||autonomous
> +auxillary||auxiliary
>  auxilliary||auxiliary
>  avaiable||available
>  avaible||available
> @@ -157,6 +179,7 @@ bakup||backup
>  baloon||balloon
>  baloons||balloons
>  bandwith||bandwidth
> +banlance||balance
>  batery||battery
>  beacuse||because
>  becasue||because
> @@ -178,6 +201,7 @@ cacluated||calculated
>  caculation||calculation
>  calender||calendar
>  calle||called
> +callibration||calibration
>  calucate||calculate
>  calulate||calculate
>  cancelation||cancellation
> @@ -187,6 +211,7 @@ capatibilities||capabilities
>  carefuly||carefully
>  cariage||carriage
>  catagory||category
> +cehck||check
>  challange||challenge
>  challanges||challenges
>  chanell||channel
> @@ -199,6 +224,8 @@ charactor||character
>  charater||character
>  charaters||characters
>  charcter||character
> +chcek||check
> +chck||check
>  checksuming||checksumming
>  childern||children
>  childs||children
> @@ -225,14 +252,20 @@ commited||committed
>  commiting||committing
>  committ||commit
>  commoditiy||commodity
> +comsume||consume
> +comsumer||consumer
> +comsuming||consuming
>  compability||compatibility
>  compaibility||compatibility
>  compatability||compatibility
>  compatable||compatible
>  compatibiliy||compatibility
>  compatibilty||compatibility
> +compatiblity||compatibility
> +competion||completion
>  compilant||compliant
>  compleatly||completely
> +completition||completion
>  completly||completely
>  complient||compliant
>  componnents||components
> @@ -243,9 +276,12 @@ comunication||communication
>  conbination||combination
>  conditionaly||conditionally
>  conected||connected
> +connecetd||connected
> +configuartion||configuration
>  configuratoin||configuration
>  configuraton||configuration
>  configuretion||configuration
> +configutation||configuration
>  conider||consider
>  conjuction||conjunction
>  connectinos||connections

Re: [lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Bill Fischofer]

On Thu, Jun 1, 2017 at 6:04 AM, Savolainen, Petri (Nokia - FI/Espoo)
 wrote:
> Reviewed-by: Petri Savolainen 
>
>
>> -Original Message-
>> From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of
>> Matias Elo
>> Sent: Thursday, June 01, 2017 1:53 PM
>> To: lng-odp@lists.linaro.org
>> Subject: Suspected SPAM - [lng-odp] [API-NEXT PATCH] api: system_info: add
>> function for fetching all supported huge page sizes
>>
>> A system may simultaneously support multiple huge page sizes. Add a new
>> API
>> function odp_sys_huge_page_size_all() which returns all supported page
>> sizes. odp_sys_huge_page_size() stays unmodified to maintain backward
>> compatibility.
>>
>> Signed-off-by: Matias Elo 
>> ---
>>  include/odp/api/spec/system_info.h | 19 +++
>>  1 file changed, 19 insertions(+)
>>
>> diff --git a/include/odp/api/spec/system_info.h
>> b/include/odp/api/spec/system_info.h
>> index ca4dcdc..c41d3c5 100644
>> --- a/include/odp/api/spec/system_info.h
>> +++ b/include/odp/api/spec/system_info.h
>> @@ -27,10 +27,29 @@ extern "C" {
>>   * Default system huge page size in bytes
>>   *
>>   * @return Default huge page size in bytes
>> + * @retval 0 on no huge pages
>>   */
>>  uint64_t odp_sys_huge_page_size(void);
>>
>>  /**
>> + * System huge page sizes in bytes
>> + *
>> + * Returns the number of huge page sizes supported by the system. Outputs
>> up to
>> + * 'num' sizes when the 'size' array pointer is not NULL. If return value
>> is
>> + * larger than 'num', there are more supported sizes than the function
>> was
>> + * allowed to output. If return value (N) is less than 'num', only sizes
>> + * [0 ... N-1] have been written. Returned values are ordered from
>> smallest to
>> + * largest.
>> + *
>> + * @param[out] size Points to an array of huge page sizes for output
>> + * @param  num  Maximum number of huge page sizes to output
>> + *
>> + * @return Number of supported huge page sizes
>> + * @retval 0 on no huge pages
>> + */
>> +unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);

Would it make sense to have an odp_sys_hube_page_size_num() API that
returned the number of huge page sizes available? As currently defined
that would be a shorthand for odp_sys_huge_page_size_all() with num ==
0.

>> +
>> +/**
>>   * Page size in bytes
>>   *
>>   * @return Page size in bytes
>> --
>> 2.7.4
>

Re: [lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Savolainen, Petri (Nokia - FI/Espoo)]

Reviewed-by: Petri Savolainen 


> -Original Message-
> From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of
> Matias Elo
> Sent: Thursday, June 01, 2017 1:53 PM
> To: lng-odp@lists.linaro.org
> Subject: Suspected SPAM - [lng-odp] [API-NEXT PATCH] api: system_info: add
> function for fetching all supported huge page sizes
> 
> A system may simultaneously support multiple huge page sizes. Add a new
> API
> function odp_sys_huge_page_size_all() which returns all supported page
> sizes. odp_sys_huge_page_size() stays unmodified to maintain backward
> compatibility.
> 
> Signed-off-by: Matias Elo 
> ---
>  include/odp/api/spec/system_info.h | 19 +++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/include/odp/api/spec/system_info.h
> b/include/odp/api/spec/system_info.h
> index ca4dcdc..c41d3c5 100644
> --- a/include/odp/api/spec/system_info.h
> +++ b/include/odp/api/spec/system_info.h
> @@ -27,10 +27,29 @@ extern "C" {
>   * Default system huge page size in bytes
>   *
>   * @return Default huge page size in bytes
> + * @retval 0 on no huge pages
>   */
>  uint64_t odp_sys_huge_page_size(void);
> 
>  /**
> + * System huge page sizes in bytes
> + *
> + * Returns the number of huge page sizes supported by the system. Outputs
> up to
> + * 'num' sizes when the 'size' array pointer is not NULL. If return value
> is
> + * larger than 'num', there are more supported sizes than the function
> was
> + * allowed to output. If return value (N) is less than 'num', only sizes
> + * [0 ... N-1] have been written. Returned values are ordered from
> smallest to
> + * largest.
> + *
> + * @param[out] size Points to an array of huge page sizes for output
> + * @param  num  Maximum number of huge page sizes to output
> + *
> + * @return Number of supported huge page sizes
> + * @retval 0 on no huge pages
> + */
> +unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);
> +
> +/**
>   * Page size in bytes
>   *
>   * @return Page size in bytes
> --
> 2.7.4

[lng-odp] [PATCH] scripts: spelling: update to latest version

[Petri Savolainen]

Updated Linux spelling file to it's latest version.

Signed-off-by: Petri Savolainen 
---
 scripts/spelling.txt | 151 +--
 1 file changed, 147 insertions(+), 4 deletions(-)

diff --git a/scripts/spelling.txt b/scripts/spelling.txt
index bb8e4d0a..eb38f49d 100644
--- a/scripts/spelling.txt
+++ b/scripts/spelling.txt
@@ -16,6 +16,7 @@ absense||absence
 absolut||absolute
 absoulte||absolute
 acccess||access
+acceess||access
 acceleratoin||acceleration
 accelleration||acceleration
 accesing||accessing
@@ -32,19 +33,23 @@ accoring||according
 accout||account
 accquire||acquire
 accquired||acquired
+accross||across
 acessable||accessible
 acess||access
 achitecture||architecture
 acient||ancient
 acitions||actions
 acitve||active
-acknowldegement||acknowldegement
+acknowldegement||acknowledgment
 acknowledgement||acknowledgment
 ackowledge||acknowledge
 ackowledged||acknowledged
 acording||according
 activete||activate
+actived||activated
+actualy||actually
 acumulating||accumulating
+acumulator||accumulator
 adapater||adapter
 addional||additional
 additionaly||additionally
@@ -59,16 +64,22 @@ adress||address
 adresses||addresses
 adviced||advised
 afecting||affecting
+againt||against
 agaist||against
 albumns||albums
 alegorical||allegorical
+algined||aligned
 algorith||algorithm
 algorithmical||algorithmically
 algoritm||algorithm
 algoritms||algorithms
 algorrithm||algorithm
 algorritm||algorithm
+aligment||alignment
+alignement||alignment
 allign||align
+alligned||aligned
+allocatote||allocate
 allocatrd||allocated
 allocte||allocate
 allpication||application
@@ -83,6 +94,10 @@ alue||value
 ambigious||ambiguous
 amoung||among
 amout||amount
+an union||a union
+an user||a user
+an userspace||a userspace
+an one||a one
 analysator||analyzer
 ang||and
 anniversery||anniversary
@@ -95,13 +110,16 @@ appearence||appearance
 applicaion||application
 appliction||application
 applictions||applications
+applys||applies
 appplications||applications
 appropiate||appropriate
 appropriatly||appropriately
 approriate||appropriate
 approriately||appropriately
+apropriate||appropriate
 aquainted||acquainted
 aquired||acquired
+aquisition||acquisition
 arbitary||arbitrary
 architechture||architecture
 arguement||argument
@@ -111,6 +129,8 @@ arne't||aren't
 arraival||arrival
 artifical||artificial
 artillary||artillery
+asign||assign
+assertation||assertion
 assiged||assigned
 assigment||assignment
 assigments||assignments
@@ -125,6 +145,7 @@ asycronous||asynchronous
 asynchnous||asynchronous
 atomatically||automatically
 atomicly||atomically
+atempt||attempt
 attachement||attachment
 attched||attached
 attemps||attempts
@@ -136,6 +157,7 @@ automatize||automate
 automatized||automated
 automatizes||automates
 autonymous||autonomous
+auxillary||auxiliary
 auxilliary||auxiliary
 avaiable||available
 avaible||available
@@ -157,6 +179,7 @@ bakup||backup
 baloon||balloon
 baloons||balloons
 bandwith||bandwidth
+banlance||balance
 batery||battery
 beacuse||because
 becasue||because
@@ -178,6 +201,7 @@ cacluated||calculated
 caculation||calculation
 calender||calendar
 calle||called
+callibration||calibration
 calucate||calculate
 calulate||calculate
 cancelation||cancellation
@@ -187,6 +211,7 @@ capatibilities||capabilities
 carefuly||carefully
 cariage||carriage
 catagory||category
+cehck||check
 challange||challenge
 challanges||challenges
 chanell||channel
@@ -199,6 +224,8 @@ charactor||character
 charater||character
 charaters||characters
 charcter||character
+chcek||check
+chck||check
 checksuming||checksumming
 childern||children
 childs||children
@@ -225,14 +252,20 @@ commited||committed
 commiting||committing
 committ||commit
 commoditiy||commodity
+comsume||consume
+comsumer||consumer
+comsuming||consuming
 compability||compatibility
 compaibility||compatibility
 compatability||compatibility
 compatable||compatible
 compatibiliy||compatibility
 compatibilty||compatibility
+compatiblity||compatibility
+competion||completion
 compilant||compliant
 compleatly||completely
+completition||completion
 completly||completely
 complient||compliant
 componnents||components
@@ -243,9 +276,12 @@ comunication||communication
 conbination||combination
 conditionaly||conditionally
 conected||connected
+connecetd||connected
+configuartion||configuration
 configuratoin||configuration
 configuraton||configuration
 configuretion||configuration
+configutation||configuration
 conider||consider
 conjuction||conjunction
 connectinos||connections
@@ -262,11 +298,14 @@ continous||continuous
 continously||continuously
 continueing||continuing
 contraints||constraints
+contol||control
+contoller||controller
 controled||controlled
 controler||controller
 controll||control
 contruction||construction
 contry||country
+conuntry||country
 convertion||conversion
 convertor||converter
 convienient||convenient
@@ -281,6 +320,7 @@ coutner||counter
 cryptocraphic||cryptographic
 cunter||counter
 curently||currentl

[lng-odp] [API-NEXT PATCH] api: system_info: add function for fetching all supported huge page sizes

[Matias Elo]

A system may simultaneously support multiple huge page sizes. Add a new API
function odp_sys_huge_page_size_all() which returns all supported page
sizes. odp_sys_huge_page_size() stays unmodified to maintain backward
compatibility.

Signed-off-by: Matias Elo 
---
 include/odp/api/spec/system_info.h | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/include/odp/api/spec/system_info.h 
b/include/odp/api/spec/system_info.h
index ca4dcdc..c41d3c5 100644
--- a/include/odp/api/spec/system_info.h
+++ b/include/odp/api/spec/system_info.h
@@ -27,10 +27,29 @@ extern "C" {
  * Default system huge page size in bytes
  *
  * @return Default huge page size in bytes
+ * @retval 0 on no huge pages
  */
 uint64_t odp_sys_huge_page_size(void);
 
 /**
+ * System huge page sizes in bytes
+ *
+ * Returns the number of huge page sizes supported by the system. Outputs up to
+ * 'num' sizes when the 'size' array pointer is not NULL. If return value is
+ * larger than 'num', there are more supported sizes than the function was
+ * allowed to output. If return value (N) is less than 'num', only sizes
+ * [0 ... N-1] have been written. Returned values are ordered from smallest to
+ * largest.
+ *
+ * @param[out] size Points to an array of huge page sizes for output
+ * @param  num  Maximum number of huge page sizes to output
+ *
+ * @return Number of supported huge page sizes
+ * @retval 0 on no huge pages
+ */
+unsigned odp_sys_huge_page_size_all(uint64_t size[], unsigned num);
+
+/**
  * Page size in bytes
  *
  * @return Page size in bytes
-- 
2.7.4

Re: [lng-odp] [PATCH API-NEXT v5 00/23] Major cryptography code rework

[Savolainen, Petri (Nokia - FI/Espoo)]

Reviewed-by: Petri Savolainen 


> -Original Message-
> From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of
> Dmitry Eremin-Solenikov
> Sent: Thursday, June 01, 2017 12:03 PM
> To: lng-odp@lists.linaro.org
> Subject: [lng-odp] [PATCH API-NEXT v5 00/23] Major cryptography code
> rework
> 
> This is a cummulative patchset incorporating:
>  - AAD/ auth_digest_len implementation
>  - crypto engine working across packet segments
>  - SHA-1/SHA-512 implementation
>  - small fixes
> 
> GitHub bot did not send this serie for quite some time, so I'm sending it
> manually. On GitHub exactly the same patch serie is visible as PR #34.
> 

Re: [lng-odp] [PATCH] validation: shmem: fix odp_shm_info_t page_size test

[Elo, Matias (Nokia - FI/Espoo)]

> On 5 May 2017, at 17:19, Bill Fischofer  wrote:
> 
> 
> 
> On Fri, May 5, 2017 at 8:58 AM, Matias Elo  wrote:
> The old test wasn't valid, since a system may support multiple huge page
> sizes. As odp_sys_huge_page_size() returns currently only a single value
> more precise test than 'page_size != 0' cannot be performed.
> 
> Good point, but might a better approach be to expand what's returned to 
> include a list of supported sizes, or at least the range of those sizes?
> 

Hi Bill,

Could this patch be merged as a stopgap before the required API change is done? 
The problem is that odp-dpdk's (+ new native shm implementation) validation 
test fails on systems with default 2MB hugepages without this fix.

I can submit an API change proposal. 

 -Matias

[lng-odp] [PATCH API-NEXT v5 23/23] linux-generic: crypto: add HMAC-SHA-512 authentication support

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3117f65d5601..6fc1907d9dca 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -69,6 +69,10 @@ static const odp_crypto_auth_capability_t 
auth_capa_sha256_hmac[] = {
 {.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} },
 {.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
+static const odp_crypto_auth_capability_t auth_capa_sha512_hmac[] = {
+{.digest_len = 32, .key_len = 64, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 64, .key_len = 64, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } 
};
 
@@ -555,7 +559,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
capa->auths.bit.md5_hmac = 1;
capa->auths.bit.sha1_hmac= 1;
capa->auths.bit.sha256_hmac  = 1;
-   capa->auths.bit.sha512_hmac  = 0;
+   capa->auths.bit.sha512_hmac  = 1;
capa->auths.bit.aes_gcm  = 1;
 
 #if ODP_DEPRECATED_API
@@ -636,6 +640,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
src = auth_capa_sha256_hmac;
num = sizeof(auth_capa_sha256_hmac) / size;
break;
+   case ODP_AUTH_ALG_SHA512_HMAC:
+   src = auth_capa_sha512_hmac;
+   num = sizeof(auth_capa_sha512_hmac) / size;
+   break;
case ODP_AUTH_ALG_AES_GCM:
src = auth_capa_aes_gcm;
num = sizeof(auth_capa_aes_gcm) / size;
@@ -761,6 +769,9 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
case ODP_AUTH_ALG_SHA256_HMAC:
rc = process_auth_param(session, 32, EVP_sha256());
break;
+   case ODP_AUTH_ALG_SHA512_HMAC:
+   rc = process_auth_param(session, 64, EVP_sha512());
+   break;
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_AES128_GCM:
if (param->cipher_alg == ODP_CIPHER_ALG_AES128_GCM)
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 22/23] linux-generic: crypto: add SHA-1 authentication support

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 9e5a11900d66..3117f65d5601 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -61,6 +61,10 @@ static const odp_crypto_auth_capability_t 
auth_capa_md5_hmac[] = {
 {.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
 {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
+static const odp_crypto_auth_capability_t auth_capa_sha1_hmac[] = {
+{.digest_len = 12, .key_len = 20, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 20, .key_len = 20, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+
 static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = {
 {.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} },
 {.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
@@ -549,7 +553,7 @@ int odp_crypto_capability(odp_crypto_capability_t *capa)
 
capa->auths.bit.null = 1;
capa->auths.bit.md5_hmac = 1;
-   capa->auths.bit.sha1_hmac= 0;
+   capa->auths.bit.sha1_hmac= 1;
capa->auths.bit.sha256_hmac  = 1;
capa->auths.bit.sha512_hmac  = 0;
capa->auths.bit.aes_gcm  = 1;
@@ -624,6 +628,10 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
src = auth_capa_md5_hmac;
num = sizeof(auth_capa_md5_hmac) / size;
break;
+   case ODP_AUTH_ALG_SHA1_HMAC:
+   src = auth_capa_sha1_hmac;
+   num = sizeof(auth_capa_sha1_hmac) / size;
+   break;
case ODP_AUTH_ALG_SHA256_HMAC:
src = auth_capa_sha256_hmac;
num = sizeof(auth_capa_sha256_hmac) / size;
@@ -741,6 +749,9 @@ odp_crypto_session_create(odp_crypto_session_param_t *param,
case ODP_AUTH_ALG_MD5_HMAC:
rc = process_auth_param(session, 16, EVP_md5());
break;
+   case ODP_AUTH_ALG_SHA1_HMAC:
+   rc = process_auth_param(session, 20, EVP_sha1());
+   break;
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_SHA256_128:
/* Fixed digest tag length with deprecated algo */
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 21/23] validation: crypto: add HMAC-SHA-512 test cases

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/validation/api/crypto/crypto.h|   3 +-
 .../validation/api/crypto/odp_crypto_test_inp.c| 110 -
 .../validation/api/crypto/test_vectors.h   |  50 ++
 .../validation/api/crypto/test_vectors_len.h   |   6 ++
 4 files changed, 165 insertions(+), 4 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/crypto.h 
b/test/common_plat/validation/api/crypto/crypto.h
index 84e673791607..dd15b448f130 100644
--- a/test/common_plat/validation/api/crypto/crypto.h
+++ b/test/common_plat/validation/api/crypto/crypto.h
@@ -30,7 +30,8 @@ void crypto_test_gen_alg_hmac_sha1(void);
 void crypto_test_check_alg_hmac_sha1(void);
 void crypto_test_gen_alg_hmac_sha256(void);
 void crypto_test_check_alg_hmac_sha256(void);
-void crypto_test_alg_hmac_sha512(void);
+void crypto_test_gen_alg_hmac_sha512(void);
+void crypto_test_check_alg_hmac_sha512(void);
 
 /* test arrays: */
 extern odp_testinfo_t crypto_suite[];
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 6129d82d9ea0..ae600e230118 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -32,6 +32,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth)
return "ODP_AUTH_ALG_SHA1_HMAC";
case ODP_AUTH_ALG_SHA256_HMAC:
return "ODP_AUTH_ALG_SHA256_HMAC";
+   case ODP_AUTH_ALG_SHA512_HMAC:
+   return "ODP_AUTH_ALG_SHA512_HMAC";
case ODP_AUTH_ALG_AES_GCM:
return "ODP_AUTH_ALG_AES_GCM";
default:
@@ -139,6 +141,9 @@ static void alg_test(odp_crypto_op_t op,
if (auth_alg == ODP_AUTH_ALG_SHA256_HMAC &&
!(capa.auths.bit.sha256_hmac))
rc = -1;
+   if (auth_alg == ODP_AUTH_ALG_SHA512_HMAC &&
+   !(capa.auths.bit.sha512_hmac))
+   rc = -1;
 
CU_ASSERT(!rc);
CU_ASSERT((~capa.auths.all_bits & capa.hw_auths.all_bits) == 0);
@@ -1391,9 +1396,106 @@ static int check_alg_hmac_sha512(void)
return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA512_HMAC);
 }
 
-void crypto_test_alg_hmac_sha512(void)
+/* This test verifies the correctness of HMAC_SHA512 digest operation.
+ * The output check length is truncated to 32 bytes (256 bits) as
+ * returned by the crypto operation API call.
+ * Note that hash digest is a one-way operation.
+ * In addition the test verifies if the implementation can use the
+ * packet buffer as completion event buffer.
+ * */
+void crypto_test_gen_alg_hmac_sha512(void)
 {
-   printf(" TEST NOT IMPLEMENTED YET ");
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0 };
+
+   unsigned int test_vec_num = (sizeof(hmac_sha512_reference_length) /
+sizeof(hmac_sha512_reference_length[0]));
+
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++) {
+   auth_key.data = hmac_sha512_reference_key[i];
+   auth_key.length = sizeof(hmac_sha512_reference_key[i]);
+
+   if (!check_auth_options(ODP_AUTH_ALG_SHA512_HMAC,
+   auth_key.length,
+   HMAC_SHA512_256_CHECK_LEN))
+   continue;
+
+   alg_test(ODP_CRYPTO_OP_ENCODE,
+0,
+ODP_CIPHER_ALG_NULL,
+iv,
+iv.data,
+cipher_key,
+ODP_AUTH_ALG_SHA512_HMAC,
+auth_key,
+NULL, NULL,
+NULL, 0,
+hmac_sha512_reference_plaintext[i],
+hmac_sha512_reference_length[i],
+NULL, 0,
+hmac_sha512_reference_digest[i],
+HMAC_SHA512_256_CHECK_LEN);
+   }
+}
+
+void crypto_test_check_alg_hmac_sha512(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0 };
+   uint8_t wrong_digest[HMAC_SHA512_DIGEST_LEN];
+
+   unsigned int test_vec_num = (sizeof(hmac_sha512_reference_length) /
+sizeof(hmac_sha512_reference_length[0]));
+
+   unsigned int i;
+
+   memset(wrong_digest, 0xa5, sizeof(wrong_digest));
+
+   for (i = 0; i < test_vec_num; i++) {
+   auth_key.data = hmac_sha512_reference_key[i];
+   auth_key.length = sizeof(hmac_sha512_reference_key[i]);
+
+   if (!check_auth_options(ODP_AUTH_ALG_S

[lng-odp] [PATCH API-NEXT v5 20/23] validation: crypto: add HMAC-SHA-1 test cases

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/validation/api/crypto/crypto.h|   3 +-
 .../validation/api/crypto/odp_crypto_test_inp.c| 126 +++--
 .../validation/api/crypto/test_vectors.h   |  44 +++
 .../validation/api/crypto/test_vectors_len.h   |   6 +
 4 files changed, 167 insertions(+), 12 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/crypto.h 
b/test/common_plat/validation/api/crypto/crypto.h
index 2a491c3c9170..84e673791607 100644
--- a/test/common_plat/validation/api/crypto/crypto.h
+++ b/test/common_plat/validation/api/crypto/crypto.h
@@ -26,7 +26,8 @@ void crypto_test_dec_alg_aes128_gcm(void);
 void crypto_test_dec_alg_aes128_gcm_ovr_iv(void);
 void crypto_test_gen_alg_hmac_md5(void);
 void crypto_test_check_alg_hmac_md5(void);
-void crypto_test_alg_hmac_sha1(void);
+void crypto_test_gen_alg_hmac_sha1(void);
+void crypto_test_check_alg_hmac_sha1(void);
 void crypto_test_gen_alg_hmac_sha256(void);
 void crypto_test_check_alg_hmac_sha256(void);
 void crypto_test_alg_hmac_sha512(void);
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 4d8f7b54a51b..6129d82d9ea0 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -28,6 +28,8 @@ static const char *auth_alg_name(odp_auth_alg_t auth)
return "ODP_AUTH_ALG_NULL";
case ODP_AUTH_ALG_MD5_HMAC:
return "ODP_AUTH_ALG_MD5_HMAC";
+   case ODP_AUTH_ALG_SHA1_HMAC:
+   return "ODP_AUTH_ALG_SHA1_HMAC";
case ODP_AUTH_ALG_SHA256_HMAC:
return "ODP_AUTH_ALG_SHA256_HMAC";
case ODP_AUTH_ALG_AES_GCM:
@@ -131,6 +133,9 @@ static void alg_test(odp_crypto_op_t op,
if (auth_alg == ODP_AUTH_ALG_NULL &&
!(capa.auths.bit.null))
rc = -1;
+   if (auth_alg == ODP_AUTH_ALG_SHA1_HMAC &&
+   !(capa.auths.bit.sha1_hmac))
+   rc = -1;
if (auth_alg == ODP_AUTH_ALG_SHA256_HMAC &&
!(capa.auths.bit.sha256_hmac))
rc = -1;
@@ -1167,6 +1172,113 @@ void crypto_test_check_alg_hmac_md5(void)
}
 }
 
+static int check_alg_hmac_sha1(void)
+{
+   return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_SHA1_HMAC);
+}
+
+/* This test verifies the correctness of HMAC_SHA1 digest operation.
+ * The output check length is truncated to 12 bytes (96 bits) as
+ * returned by the crypto operation API call.
+ * Note that hash digest is a one-way operation.
+ * In addition the test verifies if the implementation can use the
+ * packet buffer as completion event buffer.
+ * */
+void crypto_test_gen_alg_hmac_sha1(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0 };
+
+   unsigned int test_vec_num = (sizeof(hmac_sha1_reference_length) /
+sizeof(hmac_sha1_reference_length[0]));
+
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++) {
+   auth_key.data = hmac_sha1_reference_key[i];
+   auth_key.length = sizeof(hmac_sha1_reference_key[i]);
+
+   if (!check_auth_options(ODP_AUTH_ALG_SHA1_HMAC,
+   auth_key.length,
+   HMAC_SHA1_96_CHECK_LEN))
+   continue;
+
+   alg_test(ODP_CRYPTO_OP_ENCODE,
+0,
+ODP_CIPHER_ALG_NULL,
+iv,
+iv.data,
+cipher_key,
+ODP_AUTH_ALG_SHA1_HMAC,
+auth_key,
+NULL, NULL,
+NULL, 0,
+hmac_sha1_reference_plaintext[i],
+hmac_sha1_reference_length[i],
+NULL, 0,
+hmac_sha1_reference_digest[i],
+HMAC_SHA1_96_CHECK_LEN);
+   }
+}
+
+void crypto_test_check_alg_hmac_sha1(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0 };
+   uint8_t wrong_digest[HMAC_SHA1_DIGEST_LEN];
+
+   unsigned int test_vec_num = (sizeof(hmac_sha1_reference_length) /
+sizeof(hmac_sha1_reference_length[0]));
+
+   unsigned int i;
+
+   memset(wrong_digest, 0xa5, sizeof(wrong_digest));
+
+   for (i = 0; i < test_vec_num; i++) {
+   auth_key.data = hmac_sha1_reference_key[i];
+   auth_key.length = sizeof(hmac_sha1_reference_key[i]);
+
+   if (!check_auth_options(ODP_AU

[lng-odp] [PATCH API-NEXT v5 19/23] validation: crypto: add tests for NULL cipher

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/validation/api/crypto/crypto.h|  2 +
 .../validation/api/crypto/odp_crypto_test_inp.c| 71 ++
 .../validation/api/crypto/test_vectors.h   | 12 
 .../validation/api/crypto/test_vectors_len.h   |  3 +
 4 files changed, 88 insertions(+)

diff --git a/test/common_plat/validation/api/crypto/crypto.h 
b/test/common_plat/validation/api/crypto/crypto.h
index 4d810f62b7ce..2a491c3c9170 100644
--- a/test/common_plat/validation/api/crypto/crypto.h
+++ b/test/common_plat/validation/api/crypto/crypto.h
@@ -10,6 +10,8 @@
 #include "odp_cunit_common.h"
 
 /* test functions: */
+void crypto_test_enc_alg_null(void);
+void crypto_test_dec_alg_null(void);
 void crypto_test_enc_alg_3des_cbc(void);
 void crypto_test_enc_alg_3des_cbc_ovr_iv(void);
 void crypto_test_dec_alg_3des_cbc(void);
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 470c5bc5e70d..4d8f7b54a51b 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -430,6 +430,73 @@ static int check_auth_options(odp_auth_alg_t auth, 
uint32_t key_len,
return 1;
 }
 
+static int check_alg_null(void)
+{
+   return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_NULL);
+}
+
+void crypto_test_enc_alg_null(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0};
+   unsigned int test_vec_num = (sizeof(null_reference_length) /
+sizeof(null_reference_length[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++) {
+   if (!check_cipher_options(ODP_CIPHER_ALG_NULL,
+ cipher_key.length, iv.length))
+   continue;
+
+   alg_test(ODP_CRYPTO_OP_ENCODE,
+0,
+ODP_CIPHER_ALG_NULL,
+iv,
+NULL,
+cipher_key,
+ODP_AUTH_ALG_NULL,
+auth_key,
+NULL, NULL,
+NULL, 0,
+null_reference_plaintext[i],
+null_reference_length[i],
+null_reference_plaintext[i],
+null_reference_length[i], NULL, 0);
+   }
+}
+
+void crypto_test_dec_alg_null(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0 };
+   unsigned int test_vec_num = (sizeof(null_reference_length) /
+sizeof(null_reference_length[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++) {
+   if (!check_cipher_options(ODP_CIPHER_ALG_NULL,
+ cipher_key.length, iv.length))
+   continue;
+
+   alg_test(ODP_CRYPTO_OP_DECODE,
+0,
+ODP_CIPHER_ALG_NULL,
+iv,
+NULL,
+cipher_key,
+ODP_AUTH_ALG_NULL,
+auth_key,
+NULL, NULL,
+NULL, 0,
+null_reference_plaintext[i],
+null_reference_length[i],
+null_reference_plaintext[i],
+null_reference_length[i], NULL, 0);
+   }
+}
+
 static int check_alg_3des_cbc(void)
 {
return check_alg_support(ODP_CIPHER_ALG_3DES_CBC, ODP_AUTH_ALG_NULL);
@@ -1252,6 +1319,10 @@ int crypto_suite_async_init(void)
 }
 
 odp_testinfo_t crypto_suite[] = {
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_null,
+ check_alg_null),
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_null,
+ check_alg_null),
ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_3des_cbc,
  check_alg_3des_cbc),
ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc,
diff --git a/test/common_plat/validation/api/crypto/test_vectors.h 
b/test/common_plat/validation/api/crypto/test_vectors.h
index 0d36c249870f..6d568b918aa4 100644
--- a/test/common_plat/validation/api/crypto/test_vectors.h
+++ b/test/common_plat/validation/api/crypto/test_vectors.h
@@ -8,6 +8,18 @@
 #define _ODP_TEST_CRYPTO_VECTORS_H_
 
 #include "test_vectors_len.h"
+
+/** length in bytes */
+static uint32_t null_reference_length[] = { 8, 16 };
+
+static uint8_t
+null_reference_plaintext[][NULL_MAX_

[lng-odp] [PATCH API-NEXT v5 17/23] test: odp_crypto: bail out if odp_crypto_session_create failed

[Dmitry Eremin-Solenikov]

If odp_crypto_session_create() failed, there is no point in
checking/freeing session, as it might not have been updated.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/performance/odp_crypto.c | 44 +++
 1 file changed, 21 insertions(+), 23 deletions(-)

diff --git a/test/common_plat/performance/odp_crypto.c 
b/test/common_plat/performance/odp_crypto.c
index 6a58294a25ff..c3dd6d38f3cb 100644
--- a/test/common_plat/performance/odp_crypto.c
+++ b/test/common_plat/performance/odp_crypto.c
@@ -665,34 +665,32 @@ run_measure_one_config(crypto_args_t *cargs,
int rc = 0;
 
if (create_session_from_config(&session, config, cargs))
-   rc = -1;
-
-   if (!rc) {
-   if (cargs->payload_length) {
-   rc = run_measure_one(cargs, config, &session,
-cargs->payload_length, &result);
-   if (!rc) {
-   print_result_header();
-   print_result(cargs, cargs->payload_length,
-config, &result);
-   }
-   } else {
-   unsigned i;
+   return -1;
 
+   if (cargs->payload_length) {
+   rc = run_measure_one(cargs, config, &session,
+cargs->payload_length, &result);
+   if (!rc) {
print_result_header();
-   for (i = 0; i < num_payloads; i++) {
-   rc = run_measure_one(cargs, config, &session,
-payloads[i], &result);
-   if (rc)
-   break;
-   print_result(cargs, payloads[i],
-config, &result);
-   }
+   print_result(cargs, cargs->payload_length,
+config, &result);
+   }
+   } else {
+   unsigned i;
+
+   print_result_header();
+   for (i = 0; i < num_payloads; i++) {
+   rc = run_measure_one(cargs, config, &session,
+payloads[i], &result);
+   if (rc)
+   break;
+   print_result(cargs, payloads[i],
+config, &result);
}
}
 
-   if (session != ODP_CRYPTO_SESSION_INVALID)
-   odp_crypto_session_destroy(session);
+   odp_crypto_session_destroy(session);
+
return rc;
 }
 
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 18/23] crypto: linux-generic: add capabilities for CIPHER_NULL and AUTH_NULL

[Dmitry Eremin-Solenikov]

There is no point in having separate cases for NULL algorithms. Add
capabilities returning 0 key/digest/iv length.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c| 14 ++
 .../validation/api/crypto/odp_crypto_test_inp.c| 18 --
 2 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 32fece308beb..9e5a11900d66 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -34,6 +34,9 @@
  *
  * Keep sorted: first by key length, then by IV length
  */
+static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
+{.key_len = 0, .iv_len = 0} };
+
 static const odp_crypto_cipher_capability_t cipher_capa_des[] = {
 {.key_len = 24, .iv_len = 8} };
 
@@ -51,6 +54,9 @@ static const odp_crypto_cipher_capability_t 
cipher_capa_aes_gcm[] = {
  *
  * Keep sorted: first by digest length, then by key length
  */
+static const odp_crypto_auth_capability_t auth_capa_null[] = {
+{.digest_len = 0, .key_len = 0, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+
 static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = {
 {.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
 {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
@@ -571,8 +577,8 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher,
 
switch (cipher) {
case ODP_CIPHER_ALG_NULL:
-   src = NULL;
-   num = 0;
+   src = cipher_capa_null;
+   num = sizeof(cipher_capa_null) / size;
break;
case ODP_CIPHER_ALG_DES:
src = cipher_capa_des;
@@ -611,8 +617,8 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
 
switch (auth) {
case ODP_AUTH_ALG_NULL:
-   src = NULL;
-   num = 0;
+   src = auth_capa_null;
+   num = sizeof(auth_capa_null) / size;
break;
case ODP_AUTH_ALG_MD5_HMAC:
src = auth_capa_md5_hmac;
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index c89d04f9c238..470c5bc5e70d 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -141,13 +141,8 @@ static void alg_test(odp_crypto_op_t op,
num = odp_crypto_cipher_capability(cipher_alg, cipher_capa,
   MAX_ALG_CAPA);
 
-   if (cipher_alg != ODP_CIPHER_ALG_NULL) {
-   CU_ASSERT(num > 0);
-   found = 0;
-   } else {
-   CU_ASSERT(num == 0);
-   found = 1;
-   }
+   CU_ASSERT(num > 0);
+   found = 0;
 
CU_ASSERT(num <= MAX_ALG_CAPA);
 
@@ -167,13 +162,8 @@ static void alg_test(odp_crypto_op_t op,
 
num = odp_crypto_auth_capability(auth_alg, auth_capa, MAX_ALG_CAPA);
 
-   if (auth_alg != ODP_AUTH_ALG_NULL) {
-   CU_ASSERT(num > 0);
-   found = 0;
-   } else {
-   CU_ASSERT(num == 0);
-   found = 1;
-   }
+   CU_ASSERT(num > 0);
+   found = 0;
 
CU_ASSERT(num <= MAX_ALG_CAPA);
 
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 16/23] linux-generic: crypto: NULL session->next pointer on session allocation

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index ea7c702650f6..32fece308beb 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -88,8 +88,10 @@ odp_crypto_generic_session_t *alloc_session(void)
 
odp_spinlock_lock(&global->lock);
session = global->free;
-   if (session)
+   if (session) {
global->free = session->next;
+   session->next = NULL;
+   }
odp_spinlock_unlock(&global->lock);
 
return session;
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 15/23] linux-generic: crypto: make en/decryption work across packet segments

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 184 +++-
 1 file changed, 138 insertions(+), 46 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 7ea90fb92b48..ea7c702650f6 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -190,14 +190,122 @@ odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t 
*param,
 }
 
 static
+int internal_encrypt(EVP_CIPHER_CTX *ctx, odp_crypto_op_param_t *param)
+{
+   odp_packet_t pkt = param->out_pkt;
+   unsigned in_pos = param->cipher_range.offset;
+   unsigned out_pos = param->cipher_range.offset;
+   unsigned in_len = param->cipher_range.length;
+   uint8_t block[2 * EVP_MAX_BLOCK_LENGTH];
+   unsigned block_len = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ctx));
+   int cipher_len;
+   int ret;
+
+   while (in_len > 0) {
+   uint32_t seglen = 0; /* GCC */
+   uint8_t *insegaddr = odp_packet_offset(pkt, in_pos,
+  &seglen, NULL);
+   unsigned inseglen = in_len < seglen ? in_len : seglen;
+
+   /* There should be at least 1 additional block in out buffer */
+   if (inseglen > block_len) {
+   unsigned part = inseglen - block_len;
+
+   EVP_EncryptUpdate(ctx, insegaddr, &cipher_len,
+ insegaddr, part);
+   in_pos += part;
+   in_len -= part;
+   insegaddr += part;
+   inseglen -= part;
+
+   out_pos += cipher_len;
+   }
+
+   /* Use temporal storage */
+   if (inseglen > 0) {
+   unsigned part = inseglen;
+
+   EVP_EncryptUpdate(ctx, block, &cipher_len,
+ insegaddr, part);
+   in_pos += part;
+   in_len -= part;
+   insegaddr += part;
+   inseglen -= part;
+
+   odp_packet_copy_from_mem(pkt, out_pos,
+cipher_len, block);
+   out_pos += cipher_len;
+   }
+   }
+
+   ret = EVP_EncryptFinal_ex(ctx, block, &cipher_len);
+   odp_packet_copy_from_mem(pkt, out_pos, cipher_len, block);
+
+   return ret;
+}
+
+static
+int internal_decrypt(EVP_CIPHER_CTX *ctx, odp_crypto_op_param_t *param)
+{
+   odp_packet_t pkt = param->out_pkt;
+   unsigned in_pos = param->cipher_range.offset;
+   unsigned out_pos = param->cipher_range.offset;
+   unsigned in_len = param->cipher_range.length;
+   uint8_t block[2 * EVP_MAX_BLOCK_LENGTH];
+   unsigned block_len = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ctx));
+   int cipher_len;
+   int ret;
+
+   while (in_len > 0) {
+   uint32_t seglen = 0; /* GCC */
+   uint8_t *insegaddr = odp_packet_offset(pkt, in_pos,
+  &seglen, NULL);
+   unsigned inseglen = in_len < seglen ? in_len : seglen;
+
+   /* There should be at least 1 additional block in out buffer */
+   if (inseglen > block_len) {
+   unsigned part = inseglen - block_len;
+
+   EVP_DecryptUpdate(ctx, insegaddr, &cipher_len,
+ insegaddr, part);
+   in_pos += part;
+   in_len -= part;
+   insegaddr += part;
+   inseglen -= part;
+
+   out_pos += cipher_len;
+   }
+
+   /* Use temporal storage */
+   if (inseglen > 0) {
+   unsigned part = inseglen;
+
+   EVP_DecryptUpdate(ctx, block, &cipher_len,
+ insegaddr, part);
+   in_pos += part;
+   in_len -= part;
+   insegaddr += part;
+   inseglen -= part;
+
+   odp_packet_copy_from_mem(pkt, out_pos,
+cipher_len, block);
+   out_pos += cipher_len;
+   }
+   }
+
+   ret = EVP_DecryptFinal_ex(ctx, block, &cipher_len);
+   odp_packet_copy_from_mem(pkt, out_pos, cipher_len, block);
+
+   return ret;
+}
+
+static
 odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param,
odp_crypto_generic_session_t *session)
 {
EVP_CIPHER_CTX *ctx;
-   uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint32_t plain_len   = param->cipher_range.length;
void *iv_ptr;
-   int ciph

[lng-odp] [PATCH API-NEXT v5 14/23] linux-generic: crypto: make HMAC work across segmented packets

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 78 +
 1 file changed, 45 insertions(+), 33 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 2ba077f9dcd9..7ea90fb92b48 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -112,29 +112,53 @@ null_crypto_routine(odp_crypto_op_param_t *param 
ODP_UNUSED,
 }
 
 static
+void packet_hmac(odp_crypto_op_param_t *param,
+odp_crypto_generic_session_t *session,
+uint8_t *hash)
+{
+   odp_packet_t pkt = param->out_pkt;
+   uint32_t offset = param->auth_range.offset;
+   uint32_t len   = param->auth_range.length;
+   HMAC_CTX ctx;
+
+   ODP_ASSERT(offset + len <= odp_packet_len(pkt));
+
+   /* Hash it */
+   HMAC_CTX_init(&ctx);
+   HMAC_Init_ex(&ctx,
+session->auth.key,
+session->auth.key_length,
+session->auth.evp_md,
+NULL);
+
+   while (len > 0) {
+   uint32_t seglen = 0; /* GCC */
+   void *mapaddr = odp_packet_offset(pkt, offset, &seglen, NULL);
+   uint32_t maclen = len > seglen ? seglen : len;
+
+   HMAC_Update(&ctx, mapaddr, maclen);
+   offset  += maclen;
+   len -= maclen;
+   }
+
+   HMAC_Final(&ctx, hash, NULL);
+   HMAC_CTX_cleanup(&ctx);
+}
+
+static
 odp_crypto_alg_err_t auth_gen(odp_crypto_op_param_t *param,
  odp_crypto_generic_session_t *session)
 {
-   uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint8_t *icv   = data;
-   uint32_t len   = param->auth_range.length;
uint8_t  hash[EVP_MAX_MD_SIZE];
 
-   /* Adjust pointer for beginning of area to auth */
-   data += param->auth_range.offset;
-   icv  += param->hash_result_offset;
-
/* Hash it */
-   HMAC(session->auth.evp_md,
-session->auth.key,
-session->auth.key_length,
-data,
-len,
-hash,
-NULL);
+   packet_hmac(param, session, hash);
 
/* Copy to the output location */
-   memcpy(icv, hash, session->auth.bytes);
+   odp_packet_copy_from_mem(param->out_pkt,
+param->hash_result_offset,
+session->auth.bytes,
+hash);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -143,31 +167,19 @@ static
 odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t *param,
odp_crypto_generic_session_t *session)
 {
-   uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint8_t *icv   = data;
-   uint32_t len   = param->auth_range.length;
uint32_t bytes = session->auth.bytes;
uint8_t  hash_in[EVP_MAX_MD_SIZE];
uint8_t  hash_out[EVP_MAX_MD_SIZE];
 
-   /* Adjust pointer for beginning of area to auth */
-   data += param->auth_range.offset;
-   icv  += param->hash_result_offset;
-
/* Copy current value out and clear it before authentication */
-   memset(hash_in, 0, sizeof(hash_in));
-   memcpy(hash_in, icv, bytes);
-   memset(icv, 0, bytes);
-   memset(hash_out, 0, sizeof(hash_out));
+   odp_packet_copy_to_mem(param->out_pkt, param->hash_result_offset,
+  bytes, hash_in);
+
+   _odp_packet_set_data(param->out_pkt, param->hash_result_offset,
+0, bytes);
 
/* Hash it */
-   HMAC(session->auth.evp_md,
-session->auth.key,
-session->auth.key_length,
-data,
-len,
-hash_out,
-NULL);
+   packet_hmac(param, session, hash_out);
 
/* Verify match */
if (0 != memcmp(hash_in, hash_out, bytes))
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 13/23] linux-generic: crypto: merge AES-CBC and 3DES-CBC support

[Dmitry Eremin-Solenikov]

There is now nearly no difference between AES-CBC and 3DES-CBC code.
Merge it into generic 'cipher' support, easing adding support for other
ciphers in future.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../linux-generic/include/odp_crypto_internal.h|  13 +-
 platform/linux-generic/odp_crypto.c| 153 +
 2 files changed, 40 insertions(+), 126 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index f4f1948f898d..c3b70b23142c 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -40,18 +40,9 @@ struct odp_crypto_generic_session {
struct {
/* Copy of session IV data */
uint8_t iv_data[MAX_IV_LEN];
+   uint8_t key_data[EVP_MAX_KEY_LENGTH];
 
-   union {
-   struct {
-   uint8_t  key[EVP_MAX_KEY_LENGTH];
-   } des;
-   struct {
-   uint8_t  key[EVP_MAX_KEY_LENGTH];
-   } aes;
-   struct {
-   uint8_t  key[EVP_MAX_KEY_LENGTH];
-   } aes_gcm;
-   } data;
+   const EVP_CIPHER *evp_cipher;
crypto_func_t func;
} cipher;
 
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index bff712d18cdf..2ba077f9dcd9 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -178,8 +178,8 @@ odp_crypto_alg_err_t auth_check(odp_crypto_op_param_t 
*param,
 }
 
 static
-odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
-odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t cipher_encrypt(odp_crypto_op_param_t *param,
+   odp_crypto_generic_session_t *session)
 {
EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
@@ -199,8 +199,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t 
*param,
 
/* Encrypt it */
ctx = EVP_CIPHER_CTX_new();
-   EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-  session->cipher.data.aes.key, NULL);
+   EVP_EncryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+  session->cipher.key_data, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
EVP_CIPHER_CTX_set_padding(ctx, 0);
 
@@ -214,8 +214,8 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t 
*param,
 }
 
 static
-odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
-odp_crypto_generic_session_t *session)
+odp_crypto_alg_err_t cipher_decrypt(odp_crypto_op_param_t *param,
+   odp_crypto_generic_session_t *session)
 {
EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
@@ -235,8 +235,8 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t 
*param,
 
/* Decrypt it */
ctx = EVP_CIPHER_CTX_new();
-   EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-  session->cipher.data.aes.key, NULL);
+   EVP_DecryptInit_ex(ctx, session->cipher.evp_cipher, NULL,
+  session->cipher.key_data, NULL);
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
EVP_CIPHER_CTX_set_padding(ctx, 0);
 
@@ -249,20 +249,29 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t 
*param,
return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
-static int process_aes_param(odp_crypto_generic_session_t *session)
+static int process_cipher_param(odp_crypto_generic_session_t *session,
+   const EVP_CIPHER *cipher)
 {
-   /* Verify IV len is either 0 or 16 */
-   if (!((0 == session->p.iv.length) || (16 == session->p.iv.length)))
+   /* Verify Key len is valid */
+   if ((uint32_t)EVP_CIPHER_key_length(cipher) !=
+   session->p.cipher_key.length)
return -1;
 
-   memcpy(session->cipher.data.aes.key, session->p.cipher_key.data,
+   /* Verify IV len is correct */
+   if (!((0 == session->p.iv.length) ||
+ ((uint32_t)EVP_CIPHER_iv_length(cipher) == session->p.iv.length)))
+   return -1;
+
+   session->cipher.evp_cipher = cipher;
+
+   memcpy(session->cipher.key_data, session->p.cipher_key.data,
   session->p.cipher_key.length);
 
/* Set function */
if (ODP_CRYPTO_OP_ENCODE == session->p.op)
-   session->cipher.func = aes_encrypt;
+   session->cipher.func = cipher_encrypt;
else
-   session->cipher.func = aes_decrypt;
+   session->cipher.func = cipher_decrypt;
 
return 0;
 }
@@ -292,8 +301,8 @@ odp_crypto_alg_err_

[lng-odp] [PATCH API-NEXT v5 12/23] linux-generic: crypto: rewrite 3DES-CBC support using EVP functions

[Dmitry Eremin-Solenikov]

Rewrite 3DES-CBC to use generic EVP interface following AES-GCM
implementation.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../linux-generic/include/odp_crypto_internal.h|  5 +-
 platform/linux-generic/odp_crypto.c| 78 ++
 2 files changed, 35 insertions(+), 48 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index d6fd040038bb..f4f1948f898d 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -11,7 +11,6 @@
 extern "C" {
 #endif
 
-#include 
 #include 
 
 #define MAX_IV_LEN  64
@@ -44,9 +43,7 @@ struct odp_crypto_generic_session {
 
union {
struct {
-   DES_key_schedule ks1;
-   DES_key_schedule ks2;
-   DES_key_schedule ks3;
+   uint8_t  key[EVP_MAX_KEY_LENGTH];
} des;
struct {
uint8_t  key[EVP_MAX_KEY_LENGTH];
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index f503bd9832d9..bff712d18cdf 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -387,10 +387,11 @@ static
 odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint32_t len   = param->cipher_range.length;
-   DES_cblock iv;
+   uint32_t plain_len   = param->cipher_range.length;
void *iv_ptr;
+   int cipher_len = 0;
 
if (param->override_iv_ptr)
iv_ptr = param->override_iv_ptr;
@@ -399,24 +400,21 @@ odp_crypto_alg_err_t des_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv, iv_ptr, sizeof(iv));
-
-   /* Adjust pointer for beginning of area to cipher */
+   /* Adjust pointer for beginning of area to cipher/auth */
data += param->cipher_range.offset;
+
/* Encrypt it */
-   DES_ede3_cbc_encrypt(data,
-data,
-len,
-&session->cipher.data.des.ks1,
-&session->cipher.data.des.ks2,
-&session->cipher.data.des.ks3,
-&iv,
-1);
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
+  session->cipher.data.des.key, NULL);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+   EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
+
+   EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
+
+   EVP_CIPHER_CTX_cleanup(ctx);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -425,9 +423,10 @@ static
 odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint32_t len   = param->cipher_range.length;
-   DES_cblock iv;
+   uint32_t cipher_len   = param->cipher_range.length;
+   int plain_len = 0;
void *iv_ptr;
 
if (param->override_iv_ptr)
@@ -437,25 +436,21 @@ odp_crypto_alg_err_t des_decrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv, iv_ptr, sizeof(iv));
-
-   /* Adjust pointer for beginning of area to cipher */
+   /* Adjust pointer for beginning of area to cipher/auth */
data += param->cipher_range.offset;
 
/* Decrypt it */
-   DES_ede3_cbc_encrypt(data,
-data,
-len,
-&session->cipher.data.des.ks1,
-&session->cipher.data.des.ks2,
-&session->cipher.data.des.ks3,
-&iv,
-0);
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL,
+  session->cipher.data.des.key, NULL);
+   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ 

[lng-odp] [PATCH API-NEXT v5 11/23] linux-generic: crypto: rewrite AES-CBC support using EVP functions

[Dmitry Eremin-Solenikov]

Rewrite AES-CBC to use generic EVP interface following AES-GCM
implementation.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../linux-generic/include/odp_crypto_internal.h|  3 +-
 platform/linux-generic/odp_crypto.c| 70 --
 2 files changed, 39 insertions(+), 34 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index d1020dba3edd..d6fd040038bb 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -12,7 +12,6 @@ extern "C" {
 #endif
 
 #include 
-#include 
 #include 
 
 #define MAX_IV_LEN  64
@@ -50,7 +49,7 @@ struct odp_crypto_generic_session {
DES_key_schedule ks3;
} des;
struct {
-   AES_KEY key;
+   uint8_t  key[EVP_MAX_KEY_LENGTH];
} aes;
struct {
uint8_t  key[EVP_MAX_KEY_LENGTH];
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index ff3f1ac76780..f503bd9832d9 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -181,10 +181,11 @@ static
 odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint32_t len   = param->cipher_range.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
+   uint32_t plain_len   = param->cipher_range.length;
void *iv_ptr;
+   int cipher_len = 0;
 
if (param->override_iv_ptr)
iv_ptr = param->override_iv_ptr;
@@ -193,18 +194,21 @@ odp_crypto_alg_err_t aes_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
-   /* Adjust pointer for beginning of area to cipher */
+   /* Adjust pointer for beginning of area to cipher/auth */
data += param->cipher_range.offset;
+
/* Encrypt it */
-   AES_cbc_encrypt(data, data, len, &session->cipher.data.aes.key,
-   iv_enc, AES_ENCRYPT);
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+  session->cipher.data.aes.key, NULL);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+   EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
+
+   EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
+
+   EVP_CIPHER_CTX_free(ctx);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -213,9 +217,10 @@ static
 odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
-   uint32_t len   = param->cipher_range.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
+   uint32_t cipher_len   = param->cipher_range.length;
+   int plain_len = 0;
void *iv_ptr;
 
if (param->override_iv_ptr)
@@ -225,18 +230,21 @@ odp_crypto_alg_err_t aes_decrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
-   /* Adjust pointer for beginning of area to cipher */
+   /* Adjust pointer for beginning of area to cipher/auth */
data += param->cipher_range.offset;
-   /* Encrypt it */
-   AES_cbc_encrypt(data, data, len, &session->cipher.data.aes.key,
-   iv_enc, AES_DECRYPT);
+
+   /* Decrypt it */
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
+  session->cipher.data.aes.key, NULL);
+   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+   EVP_DecryptUpdate(ctx, data, &plain_len, data, cipher_len);
+
+   EVP_DecryptFinal_ex(ctx, data + plain_len, &plain_len);
+
+   EVP_CIPHER_CTX_free(ctx);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -247,16 +255,14 @@ static int process_aes_param(odp_crypto_generic_session_t 
*session)
if (!((0 == session->p.iv.length) || (16 == session->p.iv.length)))
return -1;
 
+   memcpy(session->ciph

[lng-odp] [PATCH API-NEXT v5 10/23] linux-generic: crypto: explicitly disable padding for AES-GCM

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3deec7de3f7c..ff3f1ac76780 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -291,6 +291,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
session->p.iv.length, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
 
/* Authenticate header data (if any) without encrypting them */
if (aad_len > 0)
@@ -338,6 +339,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
session->p.iv.length, NULL);
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
session->p.auth_digest_len, tag);
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 09/23] linux-generic: crypto: make AES-GCM thread safe

[Dmitry Eremin-Solenikov]

Using single context for all operations is not thread safe: multiple
threads can access the same context in parallel, affecting its internal
state. Make AES-GCM functions use local context for en/decryption
operations.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../linux-generic/include/odp_crypto_internal.h|  2 +-
 platform/linux-generic/odp_crypto.c| 84 ++
 2 files changed, 38 insertions(+), 48 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index 515cefaa06cc..d1020dba3edd 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -53,7 +53,7 @@ struct odp_crypto_generic_session {
AES_KEY key;
} aes;
struct {
-   EVP_CIPHER_CTX *ctx;
+   uint8_t  key[EVP_MAX_KEY_LENGTH];
} aes_gcm;
} data;
crypto_func_t func;
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3f298485caef..3deec7de3f7c 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -265,11 +265,13 @@ static
 odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t plain_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
void *iv_ptr;
+   int cipher_len = 0;
uint8_t *tag = data + param->hash_result_offset;
 
if (param->override_iv_ptr)
@@ -280,12 +282,14 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
/* Adjust pointer for beginning of area to cipher/auth */
-   uint8_t *plaindata = data + param->cipher_range.offset;
+   data += param->cipher_range.offset;
 
/* Encrypt it */
-   EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
-   int cipher_len = 0;
-
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
+  session->cipher.data.aes_gcm.key, NULL);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+   session->p.iv.length, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
/* Authenticate header data (if any) without encrypting them */
@@ -293,13 +297,14 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
EVP_EncryptUpdate(ctx, NULL, &cipher_len,
  aad_head, aad_len);
 
-   EVP_EncryptUpdate(ctx, plaindata, &cipher_len,
- plaindata, plain_len);
+   EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
 
-   EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len);
+   EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
session->p.auth_digest_len, tag);
 
+   EVP_CIPHER_CTX_free(ctx);
+
return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
@@ -307,10 +312,12 @@ static
 odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t cipher_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
+   int plain_len = 0;
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
 
@@ -322,11 +329,14 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
/* Adjust pointer for beginning of area to cipher/auth */
-   uint8_t *cipherdata = data + param->cipher_range.offset;
-   /* Encrypt it */
-   EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
-   int plain_len = 0;
+   data += param->cipher_range.offset;
 
+   /* Decrypt it */
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
+  session->cipher.data.aes_gcm.key, NULL);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+   session->p.iv.length, NULL);
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
@@ -337,12 +347,13 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
EVP_DecryptUpdate(ctx, NULL, &plain_len,
   

[lng-odp] [PATCH API-NEXT v5 08/23] linux-generic: crypto: remote extra memcpy in AES-GCM

[Dmitry Eremin-Solenikov]

There is no need to memcpy IV if it gets passed to EVP functions.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 20 ++--
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 352cfa536268..3f298485caef 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -269,7 +269,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
uint32_t plain_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag = data + param->hash_result_offset;
 
@@ -280,13 +279,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
/* Adjust pointer for beginning of area to cipher/auth */
uint8_t *plaindata = data + param->cipher_range.offset;
 
@@ -294,7 +286,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
int cipher_len = 0;
 
-   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
/* Authenticate header data (if any) without encrypting them */
if (aad_len > 0)
@@ -319,7 +311,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
uint32_t cipher_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
 
@@ -330,20 +321,13 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
/* Adjust pointer for beginning of area to cipher/auth */
uint8_t *cipherdata = data + param->cipher_range.offset;
/* Encrypt it */
EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
int plain_len = 0;
 
-   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
+   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
session->p.auth_digest_len, tag);
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 07/23] linux-generic: crypto: update AES-GCM support to reflect aad and auth_digest_len

[Dmitry Eremin-Solenikov]

Make AES-GCM use recently introduced aad and auth_digest_len fields.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 58 ++---
 1 file changed, 15 insertions(+), 43 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 91ef05aebadf..352cfa536268 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -267,10 +267,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
 {
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t plain_len   = param->cipher_range.length;
-   uint8_t *aad_head = data + param->auth_range.offset;
-   uint8_t *aad_tail = data + param->cipher_range.offset +
-   param->cipher_range.length;
-   uint32_t auth_len = param->auth_range.length;
+   const uint8_t *aad_head = param->aad.ptr;
+   uint32_t aad_len = param->aad.length;
unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag = data + param->hash_result_offset;
@@ -282,12 +280,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /* All cipher data must be part of the authentication */
-   if (param->auth_range.offset > param->cipher_range.offset ||
-   param->auth_range.offset + auth_len <
-   param->cipher_range.offset + plain_len)
-   return ODP_CRYPTO_ALG_ERR_DATA_SIZE;
-
/*
 * Create a copy of the IV.  The DES library modifies IV
 * and if we are processing packets on parallel threads
@@ -305,23 +297,16 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
/* Authenticate header data (if any) without encrypting them */
-   if (aad_head < plaindata) {
+   if (aad_len > 0)
EVP_EncryptUpdate(ctx, NULL, &cipher_len,
- aad_head, plaindata - aad_head);
-   }
+ aad_head, aad_len);
 
EVP_EncryptUpdate(ctx, plaindata, &cipher_len,
  plaindata, plain_len);
-   cipher_len = plain_len;
-
-   /* Authenticate footer data (if any) without encrypting them */
-   if (aad_head + auth_len > plaindata + plain_len) {
-   EVP_EncryptUpdate(ctx, NULL, NULL, aad_tail,
- auth_len - (aad_tail - aad_head));
-   }
 
EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len);
-   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+   session->p.auth_digest_len, tag);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -332,10 +317,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
 {
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t cipher_len   = param->cipher_range.length;
-   uint8_t *aad_head = data + param->auth_range.offset;
-   uint8_t *aad_tail = data + param->cipher_range.offset +
-   param->cipher_range.length;
-   uint32_t auth_len = param->auth_range.length;
+   const uint8_t *aad_head = param->aad.ptr;
+   uint32_t aad_len = param->aad.length;
unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
@@ -347,12 +330,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /* All cipher data must be part of the authentication */
-   if (param->auth_range.offset > param->cipher_range.offset ||
-   param->auth_range.offset + auth_len <
-   param->cipher_range.offset + cipher_len)
-   return ODP_CRYPTO_ALG_ERR_DATA_SIZE;
-
/*
 * Create a copy of the IV.  The DES library modifies IV
 * and if we are processing packets on parallel threads
@@ -368,25 +345,18 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
 
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
-   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
+   session->p.auth_digest_len, tag);
 
/* Authenticate header data (if any) without encrypting them */
-   if (aad_head < cipherdata) {
+   if (aad_len > 0)
EVP_DecryptUpdate(ctx, NULL, &plain_len,
- aad_head, cipherdata - aad_head);
-   }
+ aad_head, aad_len);
 
EVP_DecryptUpdate(ctx, cipherdata, &plain_len,
  cipherdata, cipher_len);
-   plain_len = cipher_len;
-
-   /* Authenticate footer data (if any) without encrypting the

[lng-odp] [PATCH API-NEXT v5 06/23] linux-generic: crypto: add SHA* capabilities for full length digests

[Dmitry Eremin-Solenikov]

In addition to truncated digests (used by IPsec) add full-length
capabilities to SHA* algos.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 472ee3107de3..91ef05aebadf 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -52,10 +52,12 @@ static const odp_crypto_cipher_capability_t 
cipher_capa_aes_gcm[] = {
  * Keep sorted: first by digest length, then by key length
  */
 static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = {
-{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
 static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = {
-{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } 
};
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 05/23] linux-generic: crypto: use auth_digest_len when calculating HMACs

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index a993542f50b5..472ee3107de3 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -522,7 +522,6 @@ static int process_des_param(odp_crypto_generic_session_t 
*session)
 }
 
 static int process_auth_param(odp_crypto_generic_session_t *session,
- uint32_t bits,
  uint32_t key_length,
  const EVP_MD *evp_md)
 {
@@ -535,7 +534,9 @@ static int process_auth_param(odp_crypto_generic_session_t 
*session,
session->auth.evp_md = evp_md;
 
/* Number of valid bytes */
-   session->auth.bytes = bits / 8;
+   session->auth.bytes = session->p.auth_digest_len;
+   if (session->auth.bytes < (unsigned)EVP_MD_size(evp_md) / 2)
+   return -1;
 
/* Convert keys */
session->auth.key_length = key_length;
@@ -745,17 +746,23 @@ odp_crypto_session_create(odp_crypto_session_param_t 
*param,
session->auth.func = null_crypto_routine;
rc = 0;
break;
-   case ODP_AUTH_ALG_MD5_HMAC:
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_MD5_96:
+   /* Fixed digest tag length with deprecated algo */
+   session->p.auth_digest_len = 96 / 8;
+   /* Fallthrough */
 #endif
-   rc = process_auth_param(session, 96, 16, EVP_md5());
+   case ODP_AUTH_ALG_MD5_HMAC:
+   rc = process_auth_param(session, 16, EVP_md5());
break;
-   case ODP_AUTH_ALG_SHA256_HMAC:
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_SHA256_128:
+   /* Fixed digest tag length with deprecated algo */
+   session->p.auth_digest_len = 128 / 8;
+   /* Fallthrough */
 #endif
-   rc = process_auth_param(session, 128, 32, EVP_sha256());
+   case ODP_AUTH_ALG_SHA256_HMAC:
+   rc = process_auth_param(session, 32, EVP_sha256());
break;
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_AES128_GCM:
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 04/23] example: ipsec: set auth_digest_len

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 example/ipsec/odp_ipsec_cache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c
index b2a91c242fe0..dba0ea0ab0c6 100644
--- a/example/ipsec/odp_ipsec_cache.c
+++ b/example/ipsec/odp_ipsec_cache.c
@@ -100,6 +100,7 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa,
params.auth_alg = auth_sa->alg.u.auth;
params.auth_key.data = auth_sa->key.data;
params.auth_key.length = auth_sa->key.length;
+   params.auth_digest_len = auth_sa->icv_len;
mode = auth_sa->mode;
} else {
params.auth_alg = ODP_AUTH_ALG_NULL;
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 02/23] validation: crypto: explicitly pass AAD to crypto subsystem

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../validation/api/crypto/odp_crypto_test_inp.c| 55 +-
 .../validation/api/crypto/test_vectors.h   | 65 --
 2 files changed, 64 insertions(+), 56 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 3d09e3745b4b..c89d04f9c238 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -74,6 +74,8 @@ static void alg_test(odp_crypto_op_t op,
 odp_crypto_key_t auth_key,
 odp_packet_data_range_t *cipher_range,
 odp_packet_data_range_t *auth_range,
+uint8_t *aad,
+uint32_t aad_len,
 const uint8_t *plaintext,
 unsigned int plaintext_len,
 const uint8_t *ciphertext,
@@ -240,6 +242,9 @@ static void alg_test(odp_crypto_op_t op,
if (op_iv_ptr)
op_params.override_iv_ptr = op_iv_ptr;
 
+   op_params.aad.ptr = aad;
+   op_params.aad.length = aad_len;
+
op_params.hash_result_offset = plaintext_len;
if (0 != digest_len) {
memcpy(data_addr + op_params.hash_result_offset,
@@ -472,6 +477,7 @@ void crypto_test_enc_alg_3des_cbc(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_plaintext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_ciphertext[i],
@@ -508,6 +514,7 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_plaintext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_ciphertext[i],
@@ -548,6 +555,7 @@ void crypto_test_dec_alg_3des_cbc(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_ciphertext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_plaintext[i],
@@ -586,6 +594,7 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_ciphertext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_plaintext[i],
@@ -634,7 +643,9 @@ void crypto_test_enc_alg_aes128_gcm(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i],
@@ -679,7 +690,9 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i],
@@ -730,10 +743,11 @@ void crypto_test_dec_alg_aes128_gcm(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] +
-aes128_gcm_reference_tag_length[i],
+aes128_gcm_reference_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
@@ -749,10 +763,11 @@ void crypto_test_dec_al

[lng-odp] [PATCH API-NEXT v5 03/23] test: odp_crypto: update performance test to set auth_digest_length

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/performance/odp_crypto.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/test/common_plat/performance/odp_crypto.c 
b/test/common_plat/performance/odp_crypto.c
index b3857973eee7..6a58294a25ff 100644
--- a/test/common_plat/performance/odp_crypto.c
+++ b/test/common_plat/performance/odp_crypto.c
@@ -50,7 +50,6 @@ static uint8_t test_key24[24] = { 0x01, 0x02, 0x03, 0x04, 
0x05,
 typedef struct {
const char *name; /**< Algorithm name */
odp_crypto_session_param_t session;   /**< Prefilled crypto session 
params */
-   unsigned int hash_adjust; /**< Size of hash */
 } crypto_alg_config_t;
 
 /**
@@ -209,9 +208,9 @@ static crypto_alg_config_t algs_config[] = {
.auth_key = {
.data = test_key16,
.length = sizeof(test_key16)
-   }
+   },
+   .auth_digest_len = 12,
},
-   .hash_adjust = 12
},
{
.name = "null-hmac-md5-96",
@@ -221,9 +220,9 @@ static crypto_alg_config_t algs_config[] = {
.auth_key = {
.data = test_key16,
.length = sizeof(test_key16)
-   }
+   },
+   .auth_digest_len = 12,
},
-   .hash_adjust = 12
},
 };
 
@@ -578,7 +577,7 @@ run_measure_one(crypto_args_t *cargs,
mem = odp_packet_data(params.out_pkt);
print_mem("Immediately encrypted packet", mem,
  payload_length +
- config->hash_adjust);
+ config->session.auth_digest_len);
}
if (!cargs->in_place) {
if (cargs->reuse_packet) {
@@ -611,7 +610,8 @@ run_measure_one(crypto_args_t *cargs,
print_mem("Receieved encrypted packet",
  mem,
  payload_length +
- config->hash_adjust);
+ config->
+ session.auth_digest_len);
}
if (cargs->reuse_packet) {
params.pkt = out_pkt;
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v5 01/23] validation: crypto: explicitly pass auth_digest_len to crypto subsystem

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../validation/api/crypto/odp_crypto_test_inp.c| 57 +-
 .../validation/api/crypto/test_vectors.h   | 10 
 .../validation/api/crypto/test_vectors_len.h   |  3 --
 3 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index bfc9da3c681e..3d09e3745b4b 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -201,6 +201,7 @@ static void alg_test(odp_crypto_op_t op,
ses_params.cipher_key = cipher_key;
ses_params.iv = ses_iv;
ses_params.auth_key = auth_key;
+   ses_params.auth_digest_len = digest_len;
 
rc = odp_crypto_session_create(&ses_params, &session, &status);
CU_ASSERT_FATAL(!rc);
@@ -620,7 +621,8 @@ void crypto_test_enc_alg_aes128_gcm(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_ENCODE,
@@ -639,7 +641,7 @@ void crypto_test_enc_alg_aes128_gcm(void)
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -664,7 +666,8 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_ENCODE,
@@ -683,7 +686,7 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -714,7 +717,8 @@ void crypto_test_dec_alg_aes128_gcm(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_DECODE,
@@ -728,12 +732,13 @@ void crypto_test_dec_alg_aes128_gcm(void)
 &aes128_gcm_cipher_range[i],
 &aes128_gcm_auth_range[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+aes128_gcm_reference_length[i] +
+aes128_gcm_reference_tag_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
 
alg_test(ODP_CRYPTO_OP_DECODE,
 1,
@@ -746,11 +751,12 @@ void crypto_test_dec_alg_aes128_gcm(void)
 &aes128_gcm_cipher_range[i],
 &aes128_gcm_auth_range[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+aes128_gcm_reference_length[i] +
+aes128_gcm_reference_tag_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 wrong_digest,
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -779,7 +785,8 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void)
  cipher_key.length, iv.length))
cont

[lng-odp] [PATCH API-NEXT v5 00/23] Major cryptography code rework

[Dmitry Eremin-Solenikov]

This is a cummulative patchset incorporating:
 - AAD/ auth_digest_len implementation
 - crypto engine working across packet segments
 - SHA-1/SHA-512 implementation
 - small fixes

GitHub bot did not send this serie for quite some time, so I'm sending it
manually. On GitHub exactly the same patch serie is visible as PR #34.


Dmitry Eremin-Solenikov (23):
  validation: crypto: explicitly pass auth_digest_len to crypto
subsystem
  validation: crypto: explicitly pass AAD to crypto subsystem
  test: odp_crypto: update performance test to set auth_digest_length
  example: ipsec: set auth_digest_len
  linux-generic: crypto: use auth_digest_len when calculating HMACs
  linux-generic: crypto: add SHA* capabilities for full length digests
  linux-generic: crypto: update AES-GCM support to reflect aad and
auth_digest_len
  linux-generic: crypto: remote extra memcpy in AES-GCM
  linux-generic: crypto: make AES-GCM thread safe
  linux-generic: crypto: explicitly disable padding for AES-GCM
  linux-generic: crypto: rewrite AES-CBC support using EVP functions
  linux-generic: crypto: rewrite 3DES-CBC support using EVP functions
  linux-generic: crypto: merge AES-CBC and 3DES-CBC support
  linux-generic: crypto: make HMAC work across segmented packets
  linux-generic: crypto: make en/decryption work across packet segments
  linux-generic: crypto: NULL session->next pointer on session
allocation
  test: odp_crypto: bail out if odp_crypto_session_create failed
  crypto: linux-generic: add capabilities for CIPHER_NULL and AUTH_NULL
  validation: crypto: add tests for NULL cipher
  validation: crypto: add HMAC-SHA-1 test cases
  validation: crypto: add HMAC-SHA-512 test cases
  linux-generic: crypto: add SHA-1 authentication support
  linux-generic: crypto: add HMAC-SHA-512 authentication support

 example/ipsec/odp_ipsec_cache.c|   1 +
 .../linux-generic/include/odp_crypto_internal.h|  17 +-
 platform/linux-generic/odp_crypto.c| 628 +++--
 test/common_plat/performance/odp_crypto.c  |  58 +-
 test/common_plat/validation/api/crypto/crypto.h|   8 +-
 .../validation/api/crypto/odp_crypto_test_inp.c| 417 --
 .../validation/api/crypto/test_vectors.h   | 181 --
 .../validation/api/crypto/test_vectors_len.h   |  18 +-
 8 files changed, 871 insertions(+), 457 deletions(-)

-- 
2.11.0

Re: [lng-odp] [PATCH API-NEXT v4 00/23] Major cryptography rework

[Dmitry Eremin-Solenikov]

On 01.06.2017 11:22, Dmitry Eremin-Solenikov wrote:
> This is a cummulative patchset incorporating:
>  - AAD/ auth_digest_len implementation
>  - crypto engine working across packet segments
>  - SHA-1/SHA-512 implementation
>  - small fixes
> 
> GitHub bot did not send this serie for quite some time, so I'm sending it
> manually. On GitHub exactly the same patch serie is visible as PR #34.

Please ignore this thread.

-- 
With best wishes
Dmitry

[lng-odp] [PATCH 09/23] test: crypto: add tests for NULL cipher

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/validation/api/crypto/crypto.h|  2 +
 .../validation/api/crypto/odp_crypto_test_inp.c| 71 ++
 .../validation/api/crypto/test_vectors.h   | 12 
 .../validation/api/crypto/test_vectors_len.h   |  3 +
 4 files changed, 88 insertions(+)

diff --git a/test/common_plat/validation/api/crypto/crypto.h 
b/test/common_plat/validation/api/crypto/crypto.h
index 4d810f62b7ce..2a491c3c9170 100644
--- a/test/common_plat/validation/api/crypto/crypto.h
+++ b/test/common_plat/validation/api/crypto/crypto.h
@@ -10,6 +10,8 @@
 #include "odp_cunit_common.h"
 
 /* test functions: */
+void crypto_test_enc_alg_null(void);
+void crypto_test_dec_alg_null(void);
 void crypto_test_enc_alg_3des_cbc(void);
 void crypto_test_enc_alg_3des_cbc_ovr_iv(void);
 void crypto_test_dec_alg_3des_cbc(void);
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 470c5bc5e70d..e33597ed0b80 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -430,6 +430,73 @@ static int check_auth_options(odp_auth_alg_t auth, 
uint32_t key_len,
return 1;
 }
 
+static int check_alg_null(void)
+{
+   return check_alg_support(ODP_CIPHER_ALG_NULL, ODP_AUTH_ALG_NULL);
+}
+
+void crypto_test_enc_alg_null(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv;
+   unsigned int test_vec_num = (sizeof(null_reference_length) /
+sizeof(null_reference_length[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++) {
+   if (!check_cipher_options(ODP_CIPHER_ALG_NULL,
+ cipher_key.length, iv.length))
+   continue;
+
+   alg_test(ODP_CRYPTO_OP_ENCODE,
+0,
+ODP_CIPHER_ALG_NULL,
+iv,
+NULL,
+cipher_key,
+ODP_AUTH_ALG_NULL,
+auth_key,
+NULL, NULL,
+NULL, 0,
+null_reference_plaintext[i],
+null_reference_length[i],
+null_reference_plaintext[i],
+null_reference_length[i], NULL, 0);
+   }
+}
+
+void crypto_test_dec_alg_null(void)
+{
+   odp_crypto_key_t cipher_key = { .data = NULL, .length = 0 },
+auth_key   = { .data = NULL, .length = 0 };
+   odp_crypto_iv_t iv = { .data = NULL, .length = 0 };
+   unsigned int test_vec_num = (sizeof(null_reference_length) /
+sizeof(null_reference_length[0]));
+   unsigned int i;
+
+   for (i = 0; i < test_vec_num; i++) {
+   if (!check_cipher_options(ODP_CIPHER_ALG_NULL,
+ cipher_key.length, iv.length))
+   continue;
+
+   alg_test(ODP_CRYPTO_OP_DECODE,
+0,
+ODP_CIPHER_ALG_NULL,
+iv,
+NULL,
+cipher_key,
+ODP_AUTH_ALG_NULL,
+auth_key,
+NULL, NULL,
+NULL, 0,
+null_reference_plaintext[i],
+null_reference_length[i],
+null_reference_plaintext[i],
+null_reference_length[i], NULL, 0);
+   }
+}
+
 static int check_alg_3des_cbc(void)
 {
return check_alg_support(ODP_CIPHER_ALG_3DES_CBC, ODP_AUTH_ALG_NULL);
@@ -1252,6 +1319,10 @@ int crypto_suite_async_init(void)
 }
 
 odp_testinfo_t crypto_suite[] = {
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_null,
+ check_alg_null),
+   ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_null,
+ check_alg_null),
ODP_TEST_INFO_CONDITIONAL(crypto_test_enc_alg_3des_cbc,
  check_alg_3des_cbc),
ODP_TEST_INFO_CONDITIONAL(crypto_test_dec_alg_3des_cbc,
diff --git a/test/common_plat/validation/api/crypto/test_vectors.h 
b/test/common_plat/validation/api/crypto/test_vectors.h
index 0d36c249870f..6d568b918aa4 100644
--- a/test/common_plat/validation/api/crypto/test_vectors.h
+++ b/test/common_plat/validation/api/crypto/test_vectors.h
@@ -8,6 +8,18 @@
 #define _ODP_TEST_CRYPTO_VECTORS_H_
 
 #include "test_vectors_len.h"
+
+/** length in bytes */
+static uint32_t null_reference_length[] = { 8, 16 };
+
+static uint8_t
+null_reference_plaintext[][NULL_MAX_DATA_LEN] = {
+   {0x32, 0x

[lng-odp] [PATCH 10/23] linux-generic: crypto: remote extra memcpy in AES-GCM

[Dmitry Eremin-Solenikov]

There is no need to memcpy IV if it gets passed to EVP functions.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 20 ++--
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 5f4f5250df14..efbc958de0c8 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -275,7 +275,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
uint32_t plain_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag = data + param->hash_result_offset;
 
@@ -286,13 +285,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
/* Adjust pointer for beginning of area to cipher/auth */
uint8_t *plaindata = data + param->cipher_range.offset;
 
@@ -300,7 +292,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
int cipher_len = 0;
 
-   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
/* Authenticate header data (if any) without encrypting them */
if (aad_len > 0)
@@ -325,7 +317,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
uint32_t cipher_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
 
@@ -336,20 +327,13 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
/* Adjust pointer for beginning of area to cipher/auth */
uint8_t *cipherdata = data + param->cipher_range.offset;
/* Encrypt it */
EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
int plain_len = 0;
 
-   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
+   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
session->p.auth_digest_len, tag);
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 10/23] linux-generic: crypto: explicitly disable padding for AES-GCM

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3deec7de3f7c..ff3f1ac76780 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -291,6 +291,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
session->p.iv.length, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
 
/* Authenticate header data (if any) without encrypting them */
if (aad_len > 0)
@@ -338,6 +339,7 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
session->p.iv.length, NULL);
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
+   EVP_CIPHER_CTX_set_padding(ctx, 0);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
session->p.auth_digest_len, tag);
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 09/23] linux-generic: crypto: make AES-GCM thread safe

[Dmitry Eremin-Solenikov]

Using single context for all operations is not thread safe: multiple
threads can access the same context in parallel, affecting its internal
state. Make AES-GCM functions use local context for en/decryption
operations.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../linux-generic/include/odp_crypto_internal.h|  2 +-
 platform/linux-generic/odp_crypto.c| 84 ++
 2 files changed, 38 insertions(+), 48 deletions(-)

diff --git a/platform/linux-generic/include/odp_crypto_internal.h 
b/platform/linux-generic/include/odp_crypto_internal.h
index 515cefaa06cc..d1020dba3edd 100644
--- a/platform/linux-generic/include/odp_crypto_internal.h
+++ b/platform/linux-generic/include/odp_crypto_internal.h
@@ -53,7 +53,7 @@ struct odp_crypto_generic_session {
AES_KEY key;
} aes;
struct {
-   EVP_CIPHER_CTX *ctx;
+   uint8_t  key[EVP_MAX_KEY_LENGTH];
} aes_gcm;
} data;
crypto_func_t func;
diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 3f298485caef..3deec7de3f7c 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -265,11 +265,13 @@ static
 odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t plain_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
void *iv_ptr;
+   int cipher_len = 0;
uint8_t *tag = data + param->hash_result_offset;
 
if (param->override_iv_ptr)
@@ -280,12 +282,14 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
/* Adjust pointer for beginning of area to cipher/auth */
-   uint8_t *plaindata = data + param->cipher_range.offset;
+   data += param->cipher_range.offset;
 
/* Encrypt it */
-   EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
-   int cipher_len = 0;
-
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
+  session->cipher.data.aes_gcm.key, NULL);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+   session->p.iv.length, NULL);
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
/* Authenticate header data (if any) without encrypting them */
@@ -293,13 +297,14 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
EVP_EncryptUpdate(ctx, NULL, &cipher_len,
  aad_head, aad_len);
 
-   EVP_EncryptUpdate(ctx, plaindata, &cipher_len,
- plaindata, plain_len);
+   EVP_EncryptUpdate(ctx, data, &cipher_len, data, plain_len);
 
-   EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len);
+   EVP_EncryptFinal_ex(ctx, data + cipher_len, &cipher_len);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
session->p.auth_digest_len, tag);
 
+   EVP_CIPHER_CTX_free(ctx);
+
return ODP_CRYPTO_ALG_ERR_NONE;
 }
 
@@ -307,10 +312,12 @@ static
 odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t *param,
 odp_crypto_generic_session_t *session)
 {
+   EVP_CIPHER_CTX *ctx;
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t cipher_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
+   int plain_len = 0;
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
 
@@ -322,11 +329,14 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
/* Adjust pointer for beginning of area to cipher/auth */
-   uint8_t *cipherdata = data + param->cipher_range.offset;
-   /* Encrypt it */
-   EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
-   int plain_len = 0;
+   data += param->cipher_range.offset;
 
+   /* Decrypt it */
+   ctx = EVP_CIPHER_CTX_new();
+   EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL,
+  session->cipher.data.aes_gcm.key, NULL);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+   session->p.iv.length, NULL);
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
@@ -337,12 +347,13 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
EVP_DecryptUpdate(ctx, NULL, &plain_len,
   

[lng-odp] [PATCH 08/23] crypto: linux-generic: add capabilities for CIPHER_NULL and AUTH_NULL

[Dmitry Eremin-Solenikov]

There is no point in having separate cases for NULL algorithms. Add
capabilities returning 0 key/digest/iv length.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c| 14 ++
 .../validation/api/crypto/odp_crypto_test_inp.c| 18 --
 2 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 352cfa536268..5f4f5250df14 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -34,6 +34,9 @@
  *
  * Keep sorted: first by key length, then by IV length
  */
+static const odp_crypto_cipher_capability_t cipher_capa_null[] = {
+{.key_len = 0, .iv_len = 0} };
+
 static const odp_crypto_cipher_capability_t cipher_capa_des[] = {
 {.key_len = 24, .iv_len = 8} };
 
@@ -51,6 +54,9 @@ static const odp_crypto_cipher_capability_t 
cipher_capa_aes_gcm[] = {
  *
  * Keep sorted: first by digest length, then by key length
  */
+static const odp_crypto_auth_capability_t auth_capa_null[] = {
+{.digest_len = 0, .key_len = 0, .aad_len = {.min = 0, .max = 0, .inc = 0} } };
+
 static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = {
 {.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
 {.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
@@ -562,8 +568,8 @@ int odp_crypto_cipher_capability(odp_cipher_alg_t cipher,
 
switch (cipher) {
case ODP_CIPHER_ALG_NULL:
-   src = NULL;
-   num = 0;
+   src = cipher_capa_null;
+   num = sizeof(cipher_capa_null) / size;
break;
case ODP_CIPHER_ALG_DES:
src = cipher_capa_des;
@@ -602,8 +608,8 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth,
 
switch (auth) {
case ODP_AUTH_ALG_NULL:
-   src = NULL;
-   num = 0;
+   src = auth_capa_null;
+   num = sizeof(auth_capa_null) / size;
break;
case ODP_AUTH_ALG_MD5_HMAC:
src = auth_capa_md5_hmac;
diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index c89d04f9c238..470c5bc5e70d 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -141,13 +141,8 @@ static void alg_test(odp_crypto_op_t op,
num = odp_crypto_cipher_capability(cipher_alg, cipher_capa,
   MAX_ALG_CAPA);
 
-   if (cipher_alg != ODP_CIPHER_ALG_NULL) {
-   CU_ASSERT(num > 0);
-   found = 0;
-   } else {
-   CU_ASSERT(num == 0);
-   found = 1;
-   }
+   CU_ASSERT(num > 0);
+   found = 0;
 
CU_ASSERT(num <= MAX_ALG_CAPA);
 
@@ -167,13 +162,8 @@ static void alg_test(odp_crypto_op_t op,
 
num = odp_crypto_auth_capability(auth_alg, auth_capa, MAX_ALG_CAPA);
 
-   if (auth_alg != ODP_AUTH_ALG_NULL) {
-   CU_ASSERT(num > 0);
-   found = 0;
-   } else {
-   CU_ASSERT(num == 0);
-   found = 1;
-   }
+   CU_ASSERT(num > 0);
+   found = 0;
 
CU_ASSERT(num <= MAX_ALG_CAPA);
 
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 08/23] linux-generic: crypto: remote extra memcpy in AES-GCM

[Dmitry Eremin-Solenikov]

There is no need to memcpy IV if it gets passed to EVP functions.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 20 ++--
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 352cfa536268..3f298485caef 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -269,7 +269,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
uint32_t plain_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag = data + param->hash_result_offset;
 
@@ -280,13 +279,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
/* Adjust pointer for beginning of area to cipher/auth */
uint8_t *plaindata = data + param->cipher_range.offset;
 
@@ -294,7 +286,7 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
int cipher_len = 0;
 
-   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
+   EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
/* Authenticate header data (if any) without encrypting them */
if (aad_len > 0)
@@ -319,7 +311,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
uint32_t cipher_len   = param->cipher_range.length;
const uint8_t *aad_head = param->aad.ptr;
uint32_t aad_len = param->aad.length;
-   unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
 
@@ -330,20 +321,13 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /*
-* Create a copy of the IV.  The DES library modifies IV
-* and if we are processing packets on parallel threads
-* we could get corruption.
-*/
-   memcpy(iv_enc, iv_ptr, AES_BLOCK_SIZE);
-
/* Adjust pointer for beginning of area to cipher/auth */
uint8_t *cipherdata = data + param->cipher_range.offset;
/* Encrypt it */
EVP_CIPHER_CTX *ctx = session->cipher.data.aes_gcm.ctx;
int plain_len = 0;
 
-   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
+   EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_ptr);
 
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
session->p.auth_digest_len, tag);
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 07/23] linux-generic: crypto: update AES-GCM support to reflect aad and auth_digest_len

[Dmitry Eremin-Solenikov]

Make AES-GCM use recently introduced aad and auth_digest_len fields.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 58 ++---
 1 file changed, 15 insertions(+), 43 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 91ef05aebadf..352cfa536268 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -267,10 +267,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
 {
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t plain_len   = param->cipher_range.length;
-   uint8_t *aad_head = data + param->auth_range.offset;
-   uint8_t *aad_tail = data + param->cipher_range.offset +
-   param->cipher_range.length;
-   uint32_t auth_len = param->auth_range.length;
+   const uint8_t *aad_head = param->aad.ptr;
+   uint32_t aad_len = param->aad.length;
unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag = data + param->hash_result_offset;
@@ -282,12 +280,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /* All cipher data must be part of the authentication */
-   if (param->auth_range.offset > param->cipher_range.offset ||
-   param->auth_range.offset + auth_len <
-   param->cipher_range.offset + plain_len)
-   return ODP_CRYPTO_ALG_ERR_DATA_SIZE;
-
/*
 * Create a copy of the IV.  The DES library modifies IV
 * and if we are processing packets on parallel threads
@@ -305,23 +297,16 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
/* Authenticate header data (if any) without encrypting them */
-   if (aad_head < plaindata) {
+   if (aad_len > 0)
EVP_EncryptUpdate(ctx, NULL, &cipher_len,
- aad_head, plaindata - aad_head);
-   }
+ aad_head, aad_len);
 
EVP_EncryptUpdate(ctx, plaindata, &cipher_len,
  plaindata, plain_len);
-   cipher_len = plain_len;
-
-   /* Authenticate footer data (if any) without encrypting them */
-   if (aad_head + auth_len > plaindata + plain_len) {
-   EVP_EncryptUpdate(ctx, NULL, NULL, aad_tail,
- auth_len - (aad_tail - aad_head));
-   }
 
EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len);
-   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+   session->p.auth_digest_len, tag);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -332,10 +317,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
 {
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t cipher_len   = param->cipher_range.length;
-   uint8_t *aad_head = data + param->auth_range.offset;
-   uint8_t *aad_tail = data + param->cipher_range.offset +
-   param->cipher_range.length;
-   uint32_t auth_len = param->auth_range.length;
+   const uint8_t *aad_head = param->aad.ptr;
+   uint32_t aad_len = param->aad.length;
unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
@@ -347,12 +330,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /* All cipher data must be part of the authentication */
-   if (param->auth_range.offset > param->cipher_range.offset ||
-   param->auth_range.offset + auth_len <
-   param->cipher_range.offset + cipher_len)
-   return ODP_CRYPTO_ALG_ERR_DATA_SIZE;
-
/*
 * Create a copy of the IV.  The DES library modifies IV
 * and if we are processing packets on parallel threads
@@ -368,25 +345,18 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
 
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
-   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
+   session->p.auth_digest_len, tag);
 
/* Authenticate header data (if any) without encrypting them */
-   if (aad_head < cipherdata) {
+   if (aad_len > 0)
EVP_DecryptUpdate(ctx, NULL, &plain_len,
- aad_head, cipherdata - aad_head);
-   }
+ aad_head, aad_len);
 
EVP_DecryptUpdate(ctx, cipherdata, &plain_len,
  cipherdata, cipher_len);
-   plain_len = cipher_len;
-
-   /* Authenticate footer data (if any) without encrypting the

[lng-odp] [PATCH 07/23] linux: crypto: update AES-GCM support to reflect aad and auth_digest_len

[Dmitry Eremin-Solenikov]

Make AES-GCM use recently introduced aad and auth_digest_len fields.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 58 ++---
 1 file changed, 15 insertions(+), 43 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 91ef05aebadf..352cfa536268 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -267,10 +267,8 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
 {
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t plain_len   = param->cipher_range.length;
-   uint8_t *aad_head = data + param->auth_range.offset;
-   uint8_t *aad_tail = data + param->cipher_range.offset +
-   param->cipher_range.length;
-   uint32_t auth_len = param->auth_range.length;
+   const uint8_t *aad_head = param->aad.ptr;
+   uint32_t aad_len = param->aad.length;
unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag = data + param->hash_result_offset;
@@ -282,12 +280,6 @@ odp_crypto_alg_err_t aes_gcm_encrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /* All cipher data must be part of the authentication */
-   if (param->auth_range.offset > param->cipher_range.offset ||
-   param->auth_range.offset + auth_len <
-   param->cipher_range.offset + plain_len)
-   return ODP_CRYPTO_ALG_ERR_DATA_SIZE;
-
/*
 * Create a copy of the IV.  The DES library modifies IV
 * and if we are processing packets on parallel threads
@@ -305,23 +297,16 @@ odp_crypto_alg_err_t 
aes_gcm_encrypt(odp_crypto_op_param_t *param,
EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
/* Authenticate header data (if any) without encrypting them */
-   if (aad_head < plaindata) {
+   if (aad_len > 0)
EVP_EncryptUpdate(ctx, NULL, &cipher_len,
- aad_head, plaindata - aad_head);
-   }
+ aad_head, aad_len);
 
EVP_EncryptUpdate(ctx, plaindata, &cipher_len,
  plaindata, plain_len);
-   cipher_len = plain_len;
-
-   /* Authenticate footer data (if any) without encrypting them */
-   if (aad_head + auth_len > plaindata + plain_len) {
-   EVP_EncryptUpdate(ctx, NULL, NULL, aad_tail,
- auth_len - (aad_tail - aad_head));
-   }
 
EVP_EncryptFinal_ex(ctx, plaindata + cipher_len, &cipher_len);
-   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+   session->p.auth_digest_len, tag);
 
return ODP_CRYPTO_ALG_ERR_NONE;
 }
@@ -332,10 +317,8 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
 {
uint8_t *data  = odp_packet_data(param->out_pkt);
uint32_t cipher_len   = param->cipher_range.length;
-   uint8_t *aad_head = data + param->auth_range.offset;
-   uint8_t *aad_tail = data + param->cipher_range.offset +
-   param->cipher_range.length;
-   uint32_t auth_len = param->auth_range.length;
+   const uint8_t *aad_head = param->aad.ptr;
+   uint32_t aad_len = param->aad.length;
unsigned char iv_enc[AES_BLOCK_SIZE];
void *iv_ptr;
uint8_t *tag   = data + param->hash_result_offset;
@@ -347,12 +330,6 @@ odp_crypto_alg_err_t aes_gcm_decrypt(odp_crypto_op_param_t 
*param,
else
return ODP_CRYPTO_ALG_ERR_IV_INVALID;
 
-   /* All cipher data must be part of the authentication */
-   if (param->auth_range.offset > param->cipher_range.offset ||
-   param->auth_range.offset + auth_len <
-   param->cipher_range.offset + cipher_len)
-   return ODP_CRYPTO_ALG_ERR_DATA_SIZE;
-
/*
 * Create a copy of the IV.  The DES library modifies IV
 * and if we are processing packets on parallel threads
@@ -368,25 +345,18 @@ odp_crypto_alg_err_t 
aes_gcm_decrypt(odp_crypto_op_param_t *param,
 
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv_enc);
 
-   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
+   EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
+   session->p.auth_digest_len, tag);
 
/* Authenticate header data (if any) without encrypting them */
-   if (aad_head < cipherdata) {
+   if (aad_len > 0)
EVP_DecryptUpdate(ctx, NULL, &plain_len,
- aad_head, cipherdata - aad_head);
-   }
+ aad_head, aad_len);
 
EVP_DecryptUpdate(ctx, cipherdata, &plain_len,
  cipherdata, cipher_len);
-   plain_len = cipher_len;
-
-   /* Authenticate footer data (if any) without encrypting the

[lng-odp] [PATCH API-NEXT v4 06/23] linux-generic: crypto: add SHA* capabilities for full length digests

[Dmitry Eremin-Solenikov]

In addition to truncated digests (used by IPsec) add full-length
capabilities to SHA* algos.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 472ee3107de3..91ef05aebadf 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -52,10 +52,12 @@ static const odp_crypto_cipher_capability_t 
cipher_capa_aes_gcm[] = {
  * Keep sorted: first by digest length, then by key length
  */
 static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = {
-{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
 static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = {
-{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } 
};
-- 
2.11.0

[lng-odp] [PATCH 06/23] linux: crypto: add SHA* capabilities for full length digests

[Dmitry Eremin-Solenikov]

In addition to truncated digests (used by IPsec) add full-length
capabilities to SHA* algos.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index 472ee3107de3..91ef05aebadf 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -52,10 +52,12 @@ static const odp_crypto_cipher_capability_t 
cipher_capa_aes_gcm[] = {
  * Keep sorted: first by digest length, then by key length
  */
 static const odp_crypto_auth_capability_t auth_capa_md5_hmac[] = {
-{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+{.digest_len = 12, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 16, .key_len = 16, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
 static const odp_crypto_auth_capability_t auth_capa_sha256_hmac[] = {
-{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
+{.digest_len = 16, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} },
+{.digest_len = 32, .key_len = 32, .aad_len = {.min = 0, .max = 0, .inc = 0} } 
};
 
 static const odp_crypto_auth_capability_t auth_capa_aes_gcm[] = {
 {.digest_len = 16, .key_len = 0, .aad_len = {.min = 8, .max = 12, .inc = 4} } 
};
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 05/23] linux-generic: crypto: use auth_digest_len when calculating HMACs

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index a993542f50b5..472ee3107de3 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -522,7 +522,6 @@ static int process_des_param(odp_crypto_generic_session_t 
*session)
 }
 
 static int process_auth_param(odp_crypto_generic_session_t *session,
- uint32_t bits,
  uint32_t key_length,
  const EVP_MD *evp_md)
 {
@@ -535,7 +534,9 @@ static int process_auth_param(odp_crypto_generic_session_t 
*session,
session->auth.evp_md = evp_md;
 
/* Number of valid bytes */
-   session->auth.bytes = bits / 8;
+   session->auth.bytes = session->p.auth_digest_len;
+   if (session->auth.bytes < (unsigned)EVP_MD_size(evp_md) / 2)
+   return -1;
 
/* Convert keys */
session->auth.key_length = key_length;
@@ -745,17 +746,23 @@ odp_crypto_session_create(odp_crypto_session_param_t 
*param,
session->auth.func = null_crypto_routine;
rc = 0;
break;
-   case ODP_AUTH_ALG_MD5_HMAC:
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_MD5_96:
+   /* Fixed digest tag length with deprecated algo */
+   session->p.auth_digest_len = 96 / 8;
+   /* Fallthrough */
 #endif
-   rc = process_auth_param(session, 96, 16, EVP_md5());
+   case ODP_AUTH_ALG_MD5_HMAC:
+   rc = process_auth_param(session, 16, EVP_md5());
break;
-   case ODP_AUTH_ALG_SHA256_HMAC:
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_SHA256_128:
+   /* Fixed digest tag length with deprecated algo */
+   session->p.auth_digest_len = 128 / 8;
+   /* Fallthrough */
 #endif
-   rc = process_auth_param(session, 128, 32, EVP_sha256());
+   case ODP_AUTH_ALG_SHA256_HMAC:
+   rc = process_auth_param(session, 32, EVP_sha256());
break;
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_AES128_GCM:
-- 
2.11.0

[lng-odp] [PATCH 05/23] linux: crypto: use auth_digest_len when calculating HMACs

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 platform/linux-generic/odp_crypto.c | 19 +--
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/platform/linux-generic/odp_crypto.c 
b/platform/linux-generic/odp_crypto.c
index a993542f50b5..472ee3107de3 100644
--- a/platform/linux-generic/odp_crypto.c
+++ b/platform/linux-generic/odp_crypto.c
@@ -522,7 +522,6 @@ static int process_des_param(odp_crypto_generic_session_t 
*session)
 }
 
 static int process_auth_param(odp_crypto_generic_session_t *session,
- uint32_t bits,
  uint32_t key_length,
  const EVP_MD *evp_md)
 {
@@ -535,7 +534,9 @@ static int process_auth_param(odp_crypto_generic_session_t 
*session,
session->auth.evp_md = evp_md;
 
/* Number of valid bytes */
-   session->auth.bytes = bits / 8;
+   session->auth.bytes = session->p.auth_digest_len;
+   if (session->auth.bytes < (unsigned)EVP_MD_size(evp_md) / 2)
+   return -1;
 
/* Convert keys */
session->auth.key_length = key_length;
@@ -745,17 +746,23 @@ odp_crypto_session_create(odp_crypto_session_param_t 
*param,
session->auth.func = null_crypto_routine;
rc = 0;
break;
-   case ODP_AUTH_ALG_MD5_HMAC:
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_MD5_96:
+   /* Fixed digest tag length with deprecated algo */
+   session->p.auth_digest_len = 96 / 8;
+   /* Fallthrough */
 #endif
-   rc = process_auth_param(session, 96, 16, EVP_md5());
+   case ODP_AUTH_ALG_MD5_HMAC:
+   rc = process_auth_param(session, 16, EVP_md5());
break;
-   case ODP_AUTH_ALG_SHA256_HMAC:
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_SHA256_128:
+   /* Fixed digest tag length with deprecated algo */
+   session->p.auth_digest_len = 128 / 8;
+   /* Fallthrough */
 #endif
-   rc = process_auth_param(session, 128, 32, EVP_sha256());
+   case ODP_AUTH_ALG_SHA256_HMAC:
+   rc = process_auth_param(session, 32, EVP_sha256());
break;
 #if ODP_DEPRECATED_API
case ODP_AUTH_ALG_AES128_GCM:
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 03/23] test: odp_crypto: update performance test to set auth_digest_length

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 test/common_plat/performance/odp_crypto.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/test/common_plat/performance/odp_crypto.c 
b/test/common_plat/performance/odp_crypto.c
index b3857973eee7..b1ed6743e6e5 100644
--- a/test/common_plat/performance/odp_crypto.c
+++ b/test/common_plat/performance/odp_crypto.c
@@ -50,7 +50,6 @@ static uint8_t test_key24[24] = { 0x01, 0x02, 0x03, 0x04, 
0x05,
 typedef struct {
const char *name; /**< Algorithm name */
odp_crypto_session_param_t session;   /**< Prefilled crypto session 
params */
-   unsigned int hash_adjust; /**< Size of hash */
 } crypto_alg_config_t;
 
 /**
@@ -209,9 +208,9 @@ static crypto_alg_config_t algs_config[] = {
.auth_key = {
.data = test_key16,
.length = sizeof(test_key16)
-   }
+   },
+   .auth_digest_len = 12,
},
-   .hash_adjust = 12
},
{
.name = "null-hmac-md5-96",
@@ -221,9 +220,9 @@ static crypto_alg_config_t algs_config[] = {
.auth_key = {
.data = test_key16,
.length = sizeof(test_key16)
-   }
+   },
+   .auth_digest_len = 12,
},
-   .hash_adjust = 12
},
 };
 
@@ -578,7 +577,7 @@ run_measure_one(crypto_args_t *cargs,
mem = odp_packet_data(params.out_pkt);
print_mem("Immediately encrypted packet", mem,
  payload_length +
- config->hash_adjust);
+ config->session.auth_digest_len);
}
if (!cargs->in_place) {
if (cargs->reuse_packet) {
@@ -611,7 +610,7 @@ run_measure_one(crypto_args_t *cargs,
print_mem("Receieved encrypted packet",
  mem,
  payload_length +
- config->hash_adjust);
+ 
config->session.auth_digest_len);
}
if (cargs->reuse_packet) {
params.pkt = out_pkt;
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 04/23] example: ipsec: set auth_digest_len

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 example/ipsec/odp_ipsec_cache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/example/ipsec/odp_ipsec_cache.c b/example/ipsec/odp_ipsec_cache.c
index b2a91c242fe0..dba0ea0ab0c6 100644
--- a/example/ipsec/odp_ipsec_cache.c
+++ b/example/ipsec/odp_ipsec_cache.c
@@ -100,6 +100,7 @@ int create_ipsec_cache_entry(sa_db_entry_t *cipher_sa,
params.auth_alg = auth_sa->alg.u.auth;
params.auth_key.data = auth_sa->key.data;
params.auth_key.length = auth_sa->key.length;
+   params.auth_digest_len = auth_sa->icv_len;
mode = auth_sa->mode;
} else {
params.auth_alg = ODP_AUTH_ALG_NULL;
-- 
2.11.0

[lng-odp] [PATCH API-NEXT v4 02/23] validation: crypto: explicitly pass AAD to crypto subsystem

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../validation/api/crypto/odp_crypto_test_inp.c| 55 +-
 .../validation/api/crypto/test_vectors.h   | 65 --
 2 files changed, 64 insertions(+), 56 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 3d09e3745b4b..c89d04f9c238 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -74,6 +74,8 @@ static void alg_test(odp_crypto_op_t op,
 odp_crypto_key_t auth_key,
 odp_packet_data_range_t *cipher_range,
 odp_packet_data_range_t *auth_range,
+uint8_t *aad,
+uint32_t aad_len,
 const uint8_t *plaintext,
 unsigned int plaintext_len,
 const uint8_t *ciphertext,
@@ -240,6 +242,9 @@ static void alg_test(odp_crypto_op_t op,
if (op_iv_ptr)
op_params.override_iv_ptr = op_iv_ptr;
 
+   op_params.aad.ptr = aad;
+   op_params.aad.length = aad_len;
+
op_params.hash_result_offset = plaintext_len;
if (0 != digest_len) {
memcpy(data_addr + op_params.hash_result_offset,
@@ -472,6 +477,7 @@ void crypto_test_enc_alg_3des_cbc(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_plaintext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_ciphertext[i],
@@ -508,6 +514,7 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_plaintext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_ciphertext[i],
@@ -548,6 +555,7 @@ void crypto_test_dec_alg_3des_cbc(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_ciphertext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_plaintext[i],
@@ -586,6 +594,7 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_ciphertext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_plaintext[i],
@@ -634,7 +643,9 @@ void crypto_test_enc_alg_aes128_gcm(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i],
@@ -679,7 +690,9 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i],
@@ -730,10 +743,11 @@ void crypto_test_dec_alg_aes128_gcm(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] +
-aes128_gcm_reference_tag_length[i],
+aes128_gcm_reference_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
@@ -749,10 +763,11 @@ void crypto_test_dec_al

[lng-odp] [PATCH 02/23] test: crypto: explicitly pass AAD to crypto subsystem

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../validation/api/crypto/odp_crypto_test_inp.c| 55 +-
 .../validation/api/crypto/test_vectors.h   | 65 --
 2 files changed, 64 insertions(+), 56 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index 3d09e3745b4b..c89d04f9c238 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -74,6 +74,8 @@ static void alg_test(odp_crypto_op_t op,
 odp_crypto_key_t auth_key,
 odp_packet_data_range_t *cipher_range,
 odp_packet_data_range_t *auth_range,
+uint8_t *aad,
+uint32_t aad_len,
 const uint8_t *plaintext,
 unsigned int plaintext_len,
 const uint8_t *ciphertext,
@@ -240,6 +242,9 @@ static void alg_test(odp_crypto_op_t op,
if (op_iv_ptr)
op_params.override_iv_ptr = op_iv_ptr;
 
+   op_params.aad.ptr = aad;
+   op_params.aad.length = aad_len;
+
op_params.hash_result_offset = plaintext_len;
if (0 != digest_len) {
memcpy(data_addr + op_params.hash_result_offset,
@@ -472,6 +477,7 @@ void crypto_test_enc_alg_3des_cbc(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_plaintext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_ciphertext[i],
@@ -508,6 +514,7 @@ void crypto_test_enc_alg_3des_cbc_ovr_iv(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_plaintext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_ciphertext[i],
@@ -548,6 +555,7 @@ void crypto_test_dec_alg_3des_cbc(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_ciphertext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_plaintext[i],
@@ -586,6 +594,7 @@ void crypto_test_dec_alg_3des_cbc_ovr_iv(void)
 ODP_AUTH_ALG_NULL,
 auth_key,
 NULL, NULL,
+NULL, 0,
 tdes_cbc_reference_ciphertext[i],
 tdes_cbc_reference_length[i],
 tdes_cbc_reference_plaintext[i],
@@ -634,7 +643,9 @@ void crypto_test_enc_alg_aes128_gcm(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i],
@@ -679,7 +690,9 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i],
@@ -730,10 +743,11 @@ void crypto_test_dec_alg_aes128_gcm(void)
 ODP_AUTH_ALG_AES_GCM,
 auth_key,
 &aes128_gcm_cipher_range[i],
-&aes128_gcm_auth_range[i],
+&aes128_gcm_cipher_range[i],
+aes128_gcm_reference_aad[i],
+aes128_gcm_reference_aad_length[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] +
-aes128_gcm_reference_tag_length[i],
+aes128_gcm_reference_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
@@ -749,10 +763,11 @@ void crypto_test_dec_al

[lng-odp] [PATCH API-NEXT v4 01/23] validation: crypto: explicitly pass auth_digest_len to crypto subsystem

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../validation/api/crypto/odp_crypto_test_inp.c| 57 +-
 .../validation/api/crypto/test_vectors.h   | 10 
 .../validation/api/crypto/test_vectors_len.h   |  3 --
 3 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index bfc9da3c681e..3d09e3745b4b 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -201,6 +201,7 @@ static void alg_test(odp_crypto_op_t op,
ses_params.cipher_key = cipher_key;
ses_params.iv = ses_iv;
ses_params.auth_key = auth_key;
+   ses_params.auth_digest_len = digest_len;
 
rc = odp_crypto_session_create(&ses_params, &session, &status);
CU_ASSERT_FATAL(!rc);
@@ -620,7 +621,8 @@ void crypto_test_enc_alg_aes128_gcm(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_ENCODE,
@@ -639,7 +641,7 @@ void crypto_test_enc_alg_aes128_gcm(void)
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -664,7 +666,8 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_ENCODE,
@@ -683,7 +686,7 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -714,7 +717,8 @@ void crypto_test_dec_alg_aes128_gcm(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_DECODE,
@@ -728,12 +732,13 @@ void crypto_test_dec_alg_aes128_gcm(void)
 &aes128_gcm_cipher_range[i],
 &aes128_gcm_auth_range[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+aes128_gcm_reference_length[i] +
+aes128_gcm_reference_tag_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
 
alg_test(ODP_CRYPTO_OP_DECODE,
 1,
@@ -746,11 +751,12 @@ void crypto_test_dec_alg_aes128_gcm(void)
 &aes128_gcm_cipher_range[i],
 &aes128_gcm_auth_range[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+aes128_gcm_reference_length[i] +
+aes128_gcm_reference_tag_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 wrong_digest,
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -779,7 +785,8 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void)
  cipher_key.length, iv.length))
cont

[lng-odp] [PATCH 01/23] test: crypto: explicitly pass auth_digest_len to crypto subsystem

[Dmitry Eremin-Solenikov]

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .../validation/api/crypto/odp_crypto_test_inp.c| 57 +-
 .../validation/api/crypto/test_vectors.h   | 10 
 .../validation/api/crypto/test_vectors_len.h   |  3 --
 3 files changed, 43 insertions(+), 27 deletions(-)

diff --git a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c 
b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
index bfc9da3c681e..3d09e3745b4b 100644
--- a/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
+++ b/test/common_plat/validation/api/crypto/odp_crypto_test_inp.c
@@ -201,6 +201,7 @@ static void alg_test(odp_crypto_op_t op,
ses_params.cipher_key = cipher_key;
ses_params.iv = ses_iv;
ses_params.auth_key = auth_key;
+   ses_params.auth_digest_len = digest_len;
 
rc = odp_crypto_session_create(&ses_params, &session, &status);
CU_ASSERT_FATAL(!rc);
@@ -620,7 +621,8 @@ void crypto_test_enc_alg_aes128_gcm(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_ENCODE,
@@ -639,7 +641,7 @@ void crypto_test_enc_alg_aes128_gcm(void)
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -664,7 +666,8 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_ENCODE,
@@ -683,7 +686,7 @@ void crypto_test_enc_alg_aes128_gcm_ovr_iv(void)
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -714,7 +717,8 @@ void crypto_test_dec_alg_aes128_gcm(void)
  cipher_key.length, iv.length))
continue;
if (!check_auth_options(ODP_AUTH_ALG_AES_GCM,
-   auth_key.length, AES128_GCM_CHECK_LEN))
+   auth_key.length,
+   aes128_gcm_reference_tag_length[i]))
continue;
 
alg_test(ODP_CRYPTO_OP_DECODE,
@@ -728,12 +732,13 @@ void crypto_test_dec_alg_aes128_gcm(void)
 &aes128_gcm_cipher_range[i],
 &aes128_gcm_auth_range[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+aes128_gcm_reference_length[i] +
+aes128_gcm_reference_tag_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 aes128_gcm_reference_ciphertext[i] +
 aes128_gcm_reference_length[i],
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
 
alg_test(ODP_CRYPTO_OP_DECODE,
 1,
@@ -746,11 +751,12 @@ void crypto_test_dec_alg_aes128_gcm(void)
 &aes128_gcm_cipher_range[i],
 &aes128_gcm_auth_range[i],
 aes128_gcm_reference_ciphertext[i],
-aes128_gcm_reference_length[i] + AES128_GCM_CHECK_LEN,
+aes128_gcm_reference_length[i] +
+aes128_gcm_reference_tag_length[i],
 aes128_gcm_reference_plaintext[i],
 aes128_gcm_reference_length[i],
 wrong_digest,
-AES128_GCM_CHECK_LEN);
+aes128_gcm_reference_tag_length[i]);
}
 }
 
@@ -779,7 +785,8 @@ void crypto_test_dec_alg_aes128_gcm_ovr_iv(void)
  cipher_key.length, iv.length))
cont

[lng-odp] [PATCH API-NEXT v4 00/23] Major cryptography rework

[Dmitry Eremin-Solenikov]

This is a cummulative patchset incorporating:
 - AAD/ auth_digest_len implementation
 - crypto engine working across packet segments
 - SHA-1/SHA-512 implementation
 - small fixes

GitHub bot did not send this serie for quite some time, so I'm sending it
manually. On GitHub exactly the same patch serie is visible as PR #34.

Dmitry Eremin-Solenikov (23):
  validation: crypto: explicitly pass auth_digest_len to crypto
subsystem
  validation: crypto: explicitly pass AAD to crypto subsystem
  test: odp_crypto: update performance test to set auth_digest_length
  example: ipsec: set auth_digest_len
  linux-generic: crypto: use auth_digest_len when calculating HMACs
  linux-generic: crypto: add SHA* capabilities for full length digests
  linux-generic: crypto: update AES-GCM support to reflect aad and
auth_digest_len
  linux-generic: crypto: remote extra memcpy in AES-GCM
  linux-generic: crypto: make AES-GCM thread safe
  linux-generic: crypto: explicitly disable padding for AES-GCM
  linux-generic: crypto: rewrite AES-CBC support using EVP functions
  linux-generic: crypto: rewrite 3DES-CBC support using EVP functions
  linux-generic: crypto: merge AES-CBC and 3DES-CBC support
  linux-generic: crypto: make HMAC work across segmented packets
  linux-generic: crypto: make en/decryption work across packet segments
  linux-generic: crypto: NULL session->next pointer on session
allocation
  test: odp_crypto: bail out if odp_crypto_session_create failed
  crypto: linux-generic: add capabilities for CIPHER_NULL and AUTH_NULL
  validation: crypto: add tests for NULL cipher
  validation: crypto: add HMAC-SHA-1 test cases
  validation: crypto: add HMAC-SHA-512 test cases
  linux-generic: crypto: add SHA-1 authentication support
  linux-generic: crypto: add HMAC-SHA-512 authentication support

 example/ipsec/odp_ipsec_cache.c|   1 +
 .../linux-generic/include/odp_crypto_internal.h|  17 +-
 platform/linux-generic/odp_crypto.c| 628 +++--
 test/common_plat/performance/odp_crypto.c  |  57 +-
 test/common_plat/validation/api/crypto/crypto.h|   8 +-
 .../validation/api/crypto/odp_crypto_test_inp.c| 417 --
 .../validation/api/crypto/test_vectors.h   | 181 --
 .../validation/api/crypto/test_vectors_len.h   |  18 +-
 8 files changed, 870 insertions(+), 457 deletions(-)

-- 
2.11.0

Re: [lng-odp] [API-NEXT PATCH v6 3/6] Add arch/ files

[Savolainen, Petri (Nokia - FI/Espoo)]

> -Original Message-
> From: Honnappa Nagarahalli [mailto:honnappa.nagaraha...@linaro.org]
> Sent: Wednesday, May 31, 2017 9:03 PM
> To: Savolainen, Petri (Nokia - FI/Espoo) 
> Cc: Brian Brooks ; lng-odp@lists.linaro.org; Ola
> Liljedahl 
> Subject: Re: [lng-odp] [API-NEXT PATCH v6 3/6] Add arch/ files
> 
> On 31 May 2017 at 03:02, Savolainen, Petri (Nokia - FI/Espoo)
>  wrote:
> >
> >
> >> -Original Message-
> >> From: Honnappa Nagarahalli [mailto:honnappa.nagaraha...@linaro.org]
> >> Sent: Wednesday, May 31, 2017 6:11 AM
> >> To: Savolainen, Petri (Nokia - FI/Espoo) 
> >> Cc: Brian Brooks ; lng-odp@lists.linaro.org; Ola
> >> Liljedahl 
> >> Subject: Re: [lng-odp] [API-NEXT PATCH v6 3/6] Add arch/ files
> >>
> >> On 24 May 2017 at 06:55, Savolainen, Petri (Nokia - FI/Espoo)
> >>  wrote:
> >> >
> >> >
> >> >> -Original Message-
> >> >> From: Honnappa Nagarahalli [mailto:honnappa.nagaraha...@linaro.org]
> >> >> Sent: Wednesday, May 24, 2017 6:59 AM
> >> >> To: Savolainen, Petri (Nokia - FI/Espoo)
> 
> >> >> Cc: Brian Brooks ; lng-odp@lists.linaro.org;
> Ola
> >> >> Liljedahl 
> >> >> Subject: Re: [lng-odp] [API-NEXT PATCH v6 3/6] Add arch/ files
> >> >>
> >> >> On 23 May 2017 at 02:10, Savolainen, Petri (Nokia - FI/Espoo)
> >> >>  wrote:
> >> >> >> diff --git a/platform/linux-generic/arch/powerpc/odp_cpu.h
> >> >> >> b/platform/linux-generic/arch/powerpc/odp_cpu.h
> >> >> >> new file mode 100644
> >> >> >> index ..e118e709
> >> >> >> --- /dev/null
> >> >> >> +++ b/platform/linux-generic/arch/powerpc/odp_cpu.h
> >> >> >> @@ -0,0 +1,10 @@
> >> >> >> +/* Copyright (c) 2017, Linaro Limited
> >> >> >> + * All rights reserved.
> >> >> >> + *
> >> >> >> + * SPDX-License-Identifier: BSD-3-Clause
> >> >> >> + */
> >> >> >> +
> >> >> >> +#ifndef ODP_POWERPC_CPU_H_
> >> >> >> +#define ODP_POWERPC_CPU_H_
> >> >> >> +
> >> >> >> +#endif
> >> >> >
> >> >> >
> >> >> > Does this patch break build for all other archs but arm and x86?
> >> >> Shouldn't you do the same (dummy) definitions for all architectures,
> as
> >> >> you do for x86?
> >> >> >
> >> >> > Odp-linux should be usable in any system that runs Linux. It's not
> >> >> practical to test on every arch, but we should always offer the
> default
> >> >> code path that builds and should work fine on any arch. For example,
> I
> >> did
> >> >> cross compile my latest x86 specific changes for PowerPC to see that
> a
> >> >> non-x86 path also builds.
> >> >> >
> >> >>
> >> >> We do not have the environment to compile for PowerPC or MIPS. Even
> if
> >> >> we write dummy functions, we will not be able to compile the code
> for
> >> >> those targets. During our earlier discussions, there was an
> agreement
> >> >> that we will not do this for PowerPC or MIPS. Respective arch owners
> >> >> have to create those functions.
> >> >
> >> > ODP dependencies file have some instructions for cross compiling.
> With
> >> Ubuntu you just need to install some extra packages. E.g.
> >> >
> >> > sudo apt-get install gcc-powerpc-linux-gnu
> >> >
> >> > So, you have the environment to build for e.g. PowerPC. Since odp-
> linux
> >> is for everybody (not only x86 and arm), you must not break the build
> for
> >> others. You may offer the minimal support, dummy functions, something
> that
> >> is functionally correct but not optimized - but you must not break the
> >> build.
> >> >
> >>
> >> Why would we have code which is not tested? Successful compilation
> >> does not mean, the code would work. It is better that compilation
> >> fails rather than things not work during run time.
> >>
> >> Does ODP claim it supports PowerPC? As far as I know, it claims it is
> >> supported on Linux. In that case, why not use the 'default' in arch
> >> directory for PowerPC?
> >>
> >> What about MIPS?
> >>
> >> What about Kalray?
> >>
> >> What is the version of the gcc compiler that needs to be used?
> >>
> >> What about support for Clang on PowerPC and MIPS? What is the Clang
> >> version we need to support?
> >>
> >> These builds are in ODP CI.
> >>
> >> We had agreed that support for PowerPC and MIPS needs to come from
> >> respective owners.
> >
> >
> > Odp-linux should build and run where ever you have Linux. Obviously, we
> cannot guarantee the quality without testing, but we must not deliberately
> break the build. After every commit, makefiles rules and potential arch
> files/functions must be present to build for MIPS/PPC/Kalray etc. You
> don't need to write assembly for other than ARM, but you need to add
> stubs/generic C implementations for others.
> 
> Again, what is the use of code that compiles but not tested and does
> not work potentially?


Think it this way, the asm/arch-specific code is an exception. In order to get 
that exception path approved, you need to provide the default C-only code path. 
You should develop and test the default path also locally before adding the asm 
path. You can do it in two commits. First commit, implement only the de

Re: [lng-odp] [PATCH 0/6] dpdk pktio: enable hardware checksum support

[Elo, Matias (Nokia - FI/Espoo)]

> On 31 May 2017, at 17:40, Bogdan Pricope  wrote:
> 
> Add HW checksum calculation/validation support for dpdk pktio.
> No UDP/TCP HW checksum calculation/validation support for:
> - IPv4 fragments
> - IPv6 packets with extension headers (including fragments)
> 
> Bogdan Pricope (6):
>  Initialize pktio configuration structure
>  dpdk: retrieve offload capabilities
>  dpdk: enable per pktio RX IP/UDP/TCP checksum offload
>  dpdk: RX - process checksum validation offload flags
>  dpdk: TX - set checksum calculation offload flags
>  examples: generator: update odp_generator to use HW checksum
>capabilities
> 
> example/generator/odp_generator.c  | 107 ++---
> platform/linux-generic/odp_packet_io.c |   2 +
> platform/linux-generic/pktio/dpdk.c| 203 -
> 3 files changed, 293 insertions(+), 19 deletions(-)
> 
> -- 
> 1.9.1
> 


As I commented to the RFC, this patch set is missing RX packet parsing. Without
it being part of this set the next step would require removing the code added in
'dpdk: RX - process checksum validation offload flags'. The packet parsing 
function
could also be used by odp-dpdk.

-Matias

Re: [lng-odp] [API-NEXT PATCH v6 3/6] Add arch/ files

[Dmitry Eremin-Solenikov]

On 31.05.2017 21:03, Honnappa Nagarahalli wrote:
> On 31 May 2017 at 03:02, Savolainen, Petri (Nokia - FI/Espoo)
>  wrote:
>>
>>
>> Arch specific code is not commonly added into odp-linux, but when you do add 
>> it you need to try hard not to break the code for others. You can test the C 
>> generic also on ARM/x86, before turning the asm optimized version the 
>> default. So, also without a PPC target you can develop/test the C generic 
>> path (on ARM/x86) and build it for PPC to check that makefiles and #ifdefs 
>> are OK.
> 
> This is how the scope of the work increases unnecessarily. As we had
> agreed during our discussions, functions for MIPS and PowerPC code
> should be provided by the respective maintainers. It is not possible
> to compile for 8 different targets ourselves.
> 
> ODP does not run the CI for these 2 targets.
> 
> Why not fold these two targets into default?

Exactly. Do you provide default target non-specific implementation?

-- 
With best wishes
Dmitry

[lng-odp] [PATCH 1/2] scripts: checkpatch: revert code modification

[Petri Savolainen]

Checkpatch code should not be modified directly. When the code
is updated to a next version, any local modifications would
be lost and needed to be done again.

Camelcase check is enabled again. Exceptions to camelcase are
allowed e.g. when calling an external library interface.

Signed-off-by: Petri Savolainen 
---
 scripts/checkpatch.pl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 1c27ac60..16316b92 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -4273,7 +4273,7 @@ sub process {
$camelcase_file_seeded 
= 1;
}
}
-   if (!defined $camelcase{$word} && 0) {
+   if (!defined $camelcase{$word}) {
$camelcase{$word} = 1;
CHK("CAMELCASE",
"Avoid CamelCase: 
<$word>\n" . $herecurr);
@@ -4620,7 +4620,7 @@ sub process {
 
 # no volatiles please
my $asm_volatile = 
qr{\b(__asm__|asm)\s+(__volatile__|volatile)\b};
-   if ($line =~ /\bvolatile\b/ && 0 && $line !~ /$asm_volatile/) {
+   if ($line =~ /\bvolatile\b/ && $line !~ /$asm_volatile/) {
WARN("VOLATILE",
 "Use of volatile is usually wrong: see 
Documentation/volatile-considered-harmful.txt\n" . $herecurr);
}
@@ -5134,7 +5134,7 @@ sub process {
if (defined $cond) {
substr($s, 0, length($cond), '');
}
-   if ($s =~ /^\s*;/ && 0 &&
+   if ($s =~ /^\s*;/ &&
$function_name ne 'uninitialized_var')
{
WARN("AVOID_EXTERNS",
-- 
2.11.0

[lng-odp] [PATCH 2/2] scripts: checkpatch: ignore volatile and extern warnings

[Petri Savolainen]

These warnings were disabled with code modification. Use
checkpatch config file to ignore those.

Signed-off-by: Petri Savolainen 
---
 .checkpatch.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.checkpatch.conf b/.checkpatch.conf
index 043551a4..990a54d2 100644
--- a/.checkpatch.conf
+++ b/.checkpatch.conf
@@ -8,5 +8,7 @@
 --ignore=BIT_MACRO
 --ignore=PREFER_PRINTF
 --ignore=PREFER_SCANF
+--ignore=VOLATILE
+--ignore=AVOID_EXTERNS
 --codespell
 --codespellfile=/usr/share/codespell/dictionary.txt
-- 
2.11.0