[dpdk-dev] [RFC PATCH 3/5] rte_security: updates and enabled security operations for ethdev

Radu Nicolau radu.nicolau at intel.com
Fri Aug 25 16:57:24 CEST 2017


Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
---
 lib/Makefile                                   |  1 +
 lib/librte_cryptodev/rte_cryptodev_pmd.h       |  4 +--
 lib/librte_cryptodev/rte_cryptodev_version.map | 10 ++++++++
 lib/librte_cryptodev/rte_security.c            | 34 +++++++++++++++++---------
 lib/librte_cryptodev/rte_security.h            | 12 ++++++---
 5 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/lib/Makefile b/lib/Makefile
index 86caba1..08a1767 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -51,6 +51,7 @@ DEPDIRS-librte_ether += librte_mbuf
 DIRS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += librte_cryptodev
 DEPDIRS-librte_cryptodev := librte_eal librte_mempool librte_ring librte_mbuf
 DEPDIRS-librte_cryptodev += librte_kvargs
+DEPDIRS-librte_cryptodev += librte_ether
 DIRS-$(CONFIG_RTE_LIBRTE_EVENTDEV) += librte_eventdev
 DEPDIRS-librte_eventdev := librte_eal librte_ring
 DIRS-$(CONFIG_RTE_LIBRTE_VHOST) += librte_vhost
diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.h b/lib/librte_cryptodev/rte_cryptodev_pmd.h
index 219fba6..ab3ecf7 100644
--- a/lib/librte_cryptodev/rte_cryptodev_pmd.h
+++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h
@@ -371,7 +371,7 @@ struct rte_cryptodev_ops {
  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
  *  - Returns -ENOMEM if the private session could not be allocated.
  */
-typedef int (*security_configure_session_t)(struct rte_cryptodev *dev,
+typedef int (*security_configure_session_t)(void *dev,
 		struct rte_security_sess_conf *conf,
 		struct rte_security_session *sess,
 		struct rte_mempool *mp);
@@ -382,7 +382,7 @@ typedef int (*security_configure_session_t)(struct rte_cryptodev *dev,
  * @param	dev		Crypto device pointer
  * @param	sess		Security session structure
  */
-typedef void (*security_free_session_t)(struct rte_cryptodev *dev,
+typedef void (*security_free_session_t)(void *dev,
 		struct rte_security_session *sess);
 
 /** Security operations function pointer table */
diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
index e9ba88a..20b553e 100644
--- a/lib/librte_cryptodev/rte_cryptodev_version.map
+++ b/lib/librte_cryptodev/rte_cryptodev_version.map
@@ -79,3 +79,13 @@ DPDK_17.08 {
 	rte_crypto_aead_operation_strings;
 
 } DPDK_17.05;
+
+DPDK_17.11 {
+	global:
+
+	rte_security_session_create;
+	rte_security_session_init;
+	rte_security_attach_session;
+	rte_security_session_free;
+
+} DPDK_17.08;
diff --git a/lib/librte_cryptodev/rte_security.c b/lib/librte_cryptodev/rte_security.c
index 7c73c93..5f35355 100644
--- a/lib/librte_cryptodev/rte_security.c
+++ b/lib/librte_cryptodev/rte_security.c
@@ -86,8 +86,12 @@ rte_security_session_init(uint16_t dev_id,
 			return -EINVAL;
 		cdev = rte_cryptodev_pmd_get_dev(dev_id);
 		index = cdev->driver_id;
+		if (cdev == NULL || sess == NULL || cdev->sec_ops == NULL
+				|| cdev->sec_ops->session_configure == NULL)
+			return -EINVAL;
 		if (sess->sess_private_data[index] == NULL) {
-			ret = cdev->sec_ops->session_configure(cdev, conf, sess, mp);
+			ret = cdev->sec_ops->session_configure((void *)cdev,
+					conf, sess, mp);
 			if (ret < 0) {
 				CDEV_LOG_ERR(
 					"cdev_id %d failed to configure session details",
@@ -100,14 +104,18 @@ rte_security_session_init(uint16_t dev_id,
 	case RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD:
 		dev = &rte_eth_devices[dev_id];
 		index = dev->data->port_id;
+		if (dev == NULL || sess == NULL || dev->sec_ops == NULL
+				|| dev->sec_ops->session_configure == NULL)
+			return -EINVAL;
 		if (sess->sess_private_data[index] == NULL) {
-//			ret = dev->sec_ops->session_configure(dev, conf, sess, mp);
-//			if (ret < 0) {
-//				CDEV_LOG_ERR(
-//					"dev_id %d failed to configure session details",
-//					dev_id);
-//				return ret;
-//			}
+			ret = dev->sec_ops->session_configure((void *)dev,
+					conf, sess, mp);
+			if (ret < 0) {
+				CDEV_LOG_ERR(
+					"dev_id %d failed to configure session details",
+					dev_id);
+				return ret;
+			}
 		}
 		break;
 	default:
@@ -152,16 +160,18 @@ rte_security_session_clear(uint8_t dev_id,
 	switch (action_type) {
 	case RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD:
 		cdev =  rte_cryptodev_pmd_get_dev(dev_id);
-		if (cdev == NULL || sess == NULL)
+		if (cdev == NULL || sess == NULL || cdev->sec_ops == NULL
+				|| cdev->sec_ops->session_clear == NULL)
 			return -EINVAL;
-		cdev->sec_ops->session_clear(cdev, sess);
+		cdev->sec_ops->session_clear((void *)cdev, sess);
 		break;
 	case RTE_SECURITY_SESS_ETH_INLINE_CRYPTO:
 	case RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD:
 		dev = &rte_eth_devices[dev_id];
-		if (dev == NULL || sess == NULL)
+		if (dev == NULL || sess == NULL || dev->sec_ops == NULL
+				|| dev->sec_ops->session_clear == NULL)
 			return -EINVAL;
-//		dev->dev_ops->session_clear(dev, sess);
+		dev->sec_ops->session_clear((void *)dev, sess);
 		break;
 	default:
 		return -EINVAL;
diff --git a/lib/librte_cryptodev/rte_security.h b/lib/librte_cryptodev/rte_security.h
index 9747d5e..0c8b358 100644
--- a/lib/librte_cryptodev/rte_security.h
+++ b/lib/librte_cryptodev/rte_security.h
@@ -20,7 +20,7 @@ extern "C" {
 #include <rte_memory.h>
 #include <rte_mempool.h>
 #include <rte_common.h>
-#include <rte_crypto.h>
+#include "rte_crypto.h"
 
 /** IPSec protocol mode */
 enum rte_security_conf_ipsec_sa_mode {
@@ -70,9 +70,9 @@ struct rte_security_ipsec_tunnel_param {
 		} ipv4; /**< IPv4 header parameters */
 
 		struct {
-			struct in6_addr *src_addr;
+			struct in6_addr src_addr;
 			/**< IPv6 source address */
-			struct in6_addr *dst_addr;
+			struct in6_addr dst_addr;
 			/**< IPv6 destination address */
 			uint8_t dscp;
 			/**< IPv6 Differentiated Services Code Point */
@@ -171,6 +171,12 @@ struct rte_security_ipsec_xform {
 		uint8_t *data;  /**< pointer to key data */
 		size_t length;   /**< key length in bytes */
 	} auth_key;
+	enum rte_crypto_aead_algorithm aead_alg;
+	/**< AEAD Algorithm */
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} aead_key;
 	uint32_t salt;	/**< salt for this SA */
 	enum rte_security_conf_ipsec_sa_mode mode;
 	/**< IPsec SA Mode - transport/tunnel */
-- 
2.7.5



More information about the dev mailing list