[dpdk-dev,v4,03/12] cryptodev: support security APIs
Checks
Commit Message
Security ops are added to crypto device to support
protocol offloaded security operations.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
---
doc/guides/cryptodevs/features/default.ini | 1 +
lib/librte_cryptodev/rte_crypto.h | 3 ++-
lib/librte_cryptodev/rte_crypto_sym.h | 2 ++
lib/librte_cryptodev/rte_cryptodev.c | 10 ++++++++++
lib/librte_cryptodev/rte_cryptodev.h | 7 +++++++
lib/librte_cryptodev/rte_cryptodev_version.map | 1 +
6 files changed, 23 insertions(+), 1 deletion(-)
Comments
On 10/15/2017 1:17 AM, Akhil Goyal wrote:
> Security ops are added to crypto device to support
> protocol offloaded security operations.
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> ---
> doc/guides/cryptodevs/features/default.ini | 1 +
> lib/librte_cryptodev/rte_crypto.h | 3 ++-
> lib/librte_cryptodev/rte_crypto_sym.h | 2 ++
> lib/librte_cryptodev/rte_cryptodev.c | 10 ++++++++++
> lib/librte_cryptodev/rte_cryptodev.h | 7 +++++++
> lib/librte_cryptodev/rte_cryptodev_version.map | 1 +
> 6 files changed, 23 insertions(+), 1 deletion(-)
>
> diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
> index c98717a..18d66cb 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -10,6 +10,7 @@ Symmetric crypto =
> Asymmetric crypto =
> Sym operation chaining =
> HW Accelerated =
> +Protocol offload =
> CPU SSE =
> CPU AVX =
> CPU AVX2 =
> diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h
> index 10fe080..3eb9ef9 100644
> --- a/lib/librte_cryptodev/rte_crypto.h
> +++ b/lib/librte_cryptodev/rte_crypto.h
> @@ -86,7 +86,8 @@ enum rte_crypto_op_status {
> */
> enum rte_crypto_op_sess_type {
> RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */
> - RTE_CRYPTO_OP_SESSIONLESS /**< Session-less crypto operation */
> + RTE_CRYPTO_OP_SESSIONLESS, /**< Session-less crypto operation */
> + RTE_CRYPTO_OP_SECURITY_SESSION /**< Security session crypto operation */
> };
>
> /**
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
> index 0a0ea59..5992063 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -508,6 +508,8 @@ struct rte_crypto_sym_op {
> /**< Handle for the initialised session context */
> struct rte_crypto_sym_xform *xform;
> /**< Session-less API crypto operation parameters */
> + struct rte_security_session *sec_session;
> + /**< Handle for the initialised security session context */
> };
>
> RTE_STD_C11
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index e48d562..5a2495b 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -488,6 +488,16 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
> return count;
> }
>
> +void *
> +rte_cryptodev_get_sec_ctx(uint8_t dev_id)
> +{
> + if (rte_crypto_devices[dev_id].feature_flags &
> + RTE_CRYPTODEV_FF_SECURITY)
> + return rte_crypto_devices[dev_id].data->security_ctx;
> +
> + return NULL;
> +}
> +
> int
> rte_cryptodev_socket_id(uint8_t dev_id)
> {
> diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
> index fd0e3f1..546454b 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.h
> +++ b/lib/librte_cryptodev/rte_cryptodev.h
> @@ -351,6 +351,8 @@ rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
> /**< Utilises CPU NEON instructions */
> #define RTE_CRYPTODEV_FF_CPU_ARM_CE (1ULL << 11)
> /**< Utilises ARM CPU Cryptographic Extensions */
> +#define RTE_CRYPTODEV_FF_SECURITY (1ULL << 12)
> +/**< Support Security Protocol Processing */
>
>
> /**
> @@ -774,6 +776,9 @@ struct rte_cryptodev {
> /**< Flag indicating the device is attached */
> } __rte_cache_aligned;
>
> +void *
> +rte_cryptodev_get_sec_ctx(uint8_t dev_id);
> +
> /**
> *
> * The data part, with no function pointers, associated with each device.
> @@ -802,6 +807,8 @@ struct rte_cryptodev_data {
>
> void *dev_private;
> /**< PMD-specific private data */
> + void *security_ctx;
> + /**< Context for security ops */
> } __rte_cache_aligned;
>
> extern struct rte_cryptodev *rte_cryptodevs;
> diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
> index 919b6cc..7ef1b0f 100644
> --- a/lib/librte_cryptodev/rte_cryptodev_version.map
> +++ b/lib/librte_cryptodev/rte_cryptodev_version.map
> @@ -84,5 +84,6 @@ DPDK_17.11 {
> global:
>
> rte_cryptodev_name_get;
> + rte_cryptodev_get_sec_ctx;
>
> } DPDK_17.08;
Tested-by: Aviad Yehezkel <aviadye@mellanox.com>
@@ -10,6 +10,7 @@ Symmetric crypto =
Asymmetric crypto =
Sym operation chaining =
HW Accelerated =
+Protocol offload =
CPU SSE =
CPU AVX =
CPU AVX2 =
@@ -86,7 +86,8 @@ enum rte_crypto_op_status {
*/
enum rte_crypto_op_sess_type {
RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */
- RTE_CRYPTO_OP_SESSIONLESS /**< Session-less crypto operation */
+ RTE_CRYPTO_OP_SESSIONLESS, /**< Session-less crypto operation */
+ RTE_CRYPTO_OP_SECURITY_SESSION /**< Security session crypto operation */
};
/**
@@ -508,6 +508,8 @@ struct rte_crypto_sym_op {
/**< Handle for the initialised session context */
struct rte_crypto_sym_xform *xform;
/**< Session-less API crypto operation parameters */
+ struct rte_security_session *sec_session;
+ /**< Handle for the initialised security session context */
};
RTE_STD_C11
@@ -488,6 +488,16 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
return count;
}
+void *
+rte_cryptodev_get_sec_ctx(uint8_t dev_id)
+{
+ if (rte_crypto_devices[dev_id].feature_flags &
+ RTE_CRYPTODEV_FF_SECURITY)
+ return rte_crypto_devices[dev_id].data->security_ctx;
+
+ return NULL;
+}
+
int
rte_cryptodev_socket_id(uint8_t dev_id)
{
@@ -351,6 +351,8 @@ rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
/**< Utilises CPU NEON instructions */
#define RTE_CRYPTODEV_FF_CPU_ARM_CE (1ULL << 11)
/**< Utilises ARM CPU Cryptographic Extensions */
+#define RTE_CRYPTODEV_FF_SECURITY (1ULL << 12)
+/**< Support Security Protocol Processing */
/**
@@ -774,6 +776,9 @@ struct rte_cryptodev {
/**< Flag indicating the device is attached */
} __rte_cache_aligned;
+void *
+rte_cryptodev_get_sec_ctx(uint8_t dev_id);
+
/**
*
* The data part, with no function pointers, associated with each device.
@@ -802,6 +807,8 @@ struct rte_cryptodev_data {
void *dev_private;
/**< PMD-specific private data */
+ void *security_ctx;
+ /**< Context for security ops */
} __rte_cache_aligned;
extern struct rte_cryptodev *rte_cryptodevs;
@@ -84,5 +84,6 @@ DPDK_17.11 {
global:
rte_cryptodev_name_get;
+ rte_cryptodev_get_sec_ctx;
} DPDK_17.08;