From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 40EA71E2F for ; Fri, 15 Mar 2019 17:38:05 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2019 09:38:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,482,1544515200"; d="scan'208";a="155392415" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga001.fm.intel.com with ESMTP; 15 Mar 2019 09:38:04 -0700 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 15 Mar 2019 09:38:03 -0700 Received: from hasmsx108.ger.corp.intel.com (10.184.198.18) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 15 Mar 2019 09:38:02 -0700 Received: from HASMSX109.ger.corp.intel.com ([169.254.3.144]) by hasmsx108.ger.corp.intel.com ([169.254.9.237]) with mapi id 14.03.0415.000; Fri, 15 Mar 2019 18:37:59 +0200 From: "Kusztal, ArkadiuszX" To: "Zhang, Roy Fan" , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , "jerin.jacob@caviumnetworks.com" , "Trahe, Fiona" Thread-Topic: [PATCH] cryptodev: make xform key pointer constant Thread-Index: AQHU0DTz4xTkSh0gdES8br/pPXuHRqYM+Llw Date: Fri, 15 Mar 2019 16:37:58 +0000 Message-ID: <06EE24DD0B19E248B53F6DC8657831551B14B03E@hasmsx109.ger.corp.intel.com> References: <20190301134325.30600-1-roy.fan.zhang@intel.com> In-Reply-To: <20190301134325.30600-1-roy.fan.zhang@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.104.14.162] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] cryptodev: make xform key pointer constant X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Mar 2019 16:38:06 -0000 Hi Fan, Only one thing from me (with [AK]) Except for that looks good, I can ack v2. Arek > -----Original Message----- > From: Zhang, Roy Fan > Sent: Friday, March 1, 2019 2:43 PM > To: dev@dpdk.org > Cc: akhil.goyal@nxp.com; Zhang, Roy Fan ; > Kusztal, ArkadiuszX ; > jerin.jacob@caviumnetworks.com; Trahe, Fiona > Subject: [PATCH] cryptodev: make xform key pointer constant >=20 > This patch changes the key pointer data types in cipher, auth, and aead > xforms from "uint8_t *" to "const uint8_t *" for a more intuitive and saf= e > sessionn creation. >=20 > Signed-off-by: Fan Zhang > --- > Although it is a relative big patch, but I believe it is the right thing = to do > towards a safer and better DPDK Cryptodev, and we should have done this > long time ago. >=20 > I have been trying to avoid the problems that may cause due to the > bug/missed updates places. However, due to lacking the hardware I was onl= y > able to test the PMDs I have. So please forgive me if I missed updating c= ertain > drivers/tests. I will amend that. >=20 > drivers/common/cpt/cpt_ucode.h | 14 ++--- > drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 2 +- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 2 +- > drivers/crypto/openssl/rte_openssl_pmd.c | 8 +-- > drivers/crypto/qat/qat_sym_session.c | 8 +-- > drivers/crypto/qat/qat_sym_session.h | 4 +- > drivers/crypto/snow3g/rte_snow3g_pmd.c | 23 ++++++-- > drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 1 + > drivers/crypto/virtio/virtio_cryptodev.c | 30 +++++++--- > drivers/crypto/virtio/virtio_cryptodev.h | 2 + > drivers/net/ixgbe/ixgbe_ipsec.c | 33 ++++++++--- > drivers/net/ixgbe/ixgbe_ipsec.h | 3 +- > drivers/net/softnic/rte_eth_softnic_cli.c | 74 ++++++++++++-------= ------ > drivers/net/softnic/rte_eth_softnic_internals.h | 4 ++ > examples/ip_pipeline/cli.c | 74 ++++++++++++-------= ------ > examples/ip_pipeline/cryptodev.c | 2 - > examples/ip_pipeline/pipeline.h | 6 ++ > examples/l2fwd-crypto/main.c | 40 +++++-------- > lib/librte_cryptodev/Makefile | 2 +- > lib/librte_cryptodev/rte_crypto_sym.h | 12 ++-- > 20 files changed, 189 insertions(+), 155 deletions(-) >=20 > diff --git a/drivers/common/cpt/cpt_ucode.h > b/drivers/common/cpt/cpt_ucode.h index 5933ea77e..3e1127174 100644 > --- a/drivers/common/cpt/cpt_ucode.h > +++ b/drivers/common/cpt/cpt_ucode.h > @@ -55,7 +55,7 @@ cpt_is_algo_supported(struct rte_crypto_sym_xform > *xform) } >=20 > static __rte_always_inline void > -gen_key_snow3g(uint8_t *ck, uint32_t *keyx) > +gen_key_snow3g(const uint8_t *ck, uint32_t *keyx) > { > int i, base; >=20 > @@ -174,7 +174,7 @@ > cpt_fc_ciph_set_key_set_aes_key_type(mc_fc_context_t *fctx, uint16_t > key_len) } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, const uint8_t > +*key, > uint16_t key_len) > { > uint32_t keyx[4]; > @@ -186,7 +186,7 @@ cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx > *cpt_ctx, uint8_t *key, } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, const uint8_t > +*key, > uint16_t key_len) > { > cpt_ctx->snow3g =3D 0; > @@ -197,7 +197,7 @@ cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx > *cpt_ctx, uint8_t *key, } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, const > +uint8_t *key, > uint16_t key_len) > { > cpt_ctx->k_ecb =3D 1; > @@ -207,7 +207,7 @@ cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx > *cpt_ctx, uint8_t *key, } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, const > +uint8_t *key, > uint16_t key_len) > { > memcpy(cpt_ctx->k_ctx.ci_key, key, key_len); @@ -216,7 +216,7 @@ > cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key, = } >=20 > static __rte_always_inline int > -cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, uint8_t *key, > +cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, const uint8_t *key, > uint16_t key_len, uint8_t *salt) > { > struct cpt_ctx *cpt_ctx =3D ctx; > @@ -2539,7 +2539,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t > d_offs, uint64_t d_lens, } >=20 > static __rte_always_inline int > -cpt_fc_auth_set_key(void *ctx, auth_type_t type, uint8_t *key, > +cpt_fc_auth_set_key(void *ctx, auth_type_t type, const uint8_t *key, > uint16_t key_len, uint16_t mac_len) { > struct cpt_ctx *cpt_ctx =3D ctx; > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > index 948ff0763..009885f08 100644 > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > @@ -24,7 +24,7 @@ aesni_gcm_set_session_parameters(const struct > aesni_gcm_ops *gcm_ops, > const struct rte_crypto_sym_xform *auth_xform; > const struct rte_crypto_sym_xform *aead_xform; > uint8_t key_length; > - uint8_t *key; > + const uint8_t *key; >=20 > /* AES-GMAC */ > if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { diff --git > a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > index 48d6ac002..c0670fa40 100644 > --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > @@ -35,7 +35,7 @@ typedef void (*aes_keyexp_t)(const void *key, void > *enc_exp_keys, void *dec_exp_ static void > calculate_auth_precomputes(hash_one_block_t one_block_hash, > uint8_t *ipad, uint8_t *opad, > - uint8_t *hkey, uint16_t hkey_len, > + const uint8_t *hkey, uint16_t hkey_len, > uint16_t blocksize) > { > unsigned i, length; > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index ea5aac69e..f76d081e7 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -92,14 +92,14 @@ openssl_get_chain_order(const struct > rte_crypto_sym_xform *xform) >=20 > /** Get session cipher key from input cipher key */ static void - > get_cipher_key(uint8_t *input_key, int keylen, uint8_t *session_key) > +get_cipher_key(const uint8_t *input_key, int keylen, uint8_t > +*session_key) > { > memcpy(session_key, input_key, keylen); } >=20 > /** Get key ede 24 bytes standard from input key */ static int - > get_cipher_key_ede(uint8_t *key, int keylen, uint8_t *key_ede) > +get_cipher_key_ede(const uint8_t *key, int keylen, uint8_t *key_ede) > { > int res =3D 0; >=20 > @@ -292,7 +292,7 @@ get_aead_algo(enum rte_crypto_aead_algorithm > sess_algo, size_t keylen, static int openssl_set_sess_aead_enc_param(st= ruct > openssl_session *sess, > enum rte_crypto_aead_algorithm algo, > - uint8_t tag_len, uint8_t *key) > + uint8_t tag_len, const uint8_t *key) > { > int iv_type =3D 0; > unsigned int do_ccm; > @@ -352,7 +352,7 @@ openssl_set_sess_aead_enc_param(struct > openssl_session *sess, static int openssl_set_sess_aead_dec_param(struc= t > openssl_session *sess, > enum rte_crypto_aead_algorithm algo, > - uint8_t tag_len, uint8_t *key) > + uint8_t tag_len, const uint8_t *key) > { > int iv_type =3D 0; > unsigned int do_ccm =3D 0; > diff --git a/drivers/crypto/qat/qat_sym_session.c > b/drivers/crypto/qat/qat_sym_session.c > index 4d7ec01d4..917c5e927 100644 > --- a/drivers/crypto/qat/qat_sym_session.c > +++ b/drivers/crypto/qat/qat_sym_session.c > @@ -35,7 +35,7 @@ bpi_cipher_ctx_free(void *bpi_ctx) static int > bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo, > enum rte_crypto_cipher_operation direction __rte_unused, > - uint8_t *key, void **ctx) > + const uint8_t *key, void **ctx) > { > const EVP_CIPHER *algo =3D NULL; > int ret; > @@ -496,7 +496,7 @@ qat_sym_session_configure_auth(struct > rte_cryptodev *dev, { > struct rte_crypto_auth_xform *auth_xform =3D > qat_get_auth_xform(xform); > struct qat_sym_dev_private *internals =3D dev->data->dev_private; > - uint8_t *key_data =3D auth_xform->key.data; > + const uint8_t *key_data =3D auth_xform->key.data; > uint8_t key_length =3D auth_xform->key.length; > session->aes_cmac =3D 0; >=20 > @@ -1258,7 +1258,7 @@ qat_get_crypto_proto_flag(uint16_t flags) } >=20 > int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session > *cdesc, > - uint8_t *cipherkey, > + const uint8_t *cipherkey, > uint32_t cipherkeylen) > { > struct icp_qat_hw_cipher_algo_blk *cipher; @@ -1413,7 +1413,7 > @@ int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session > *cdesc, } >=20 > int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, > - uint8_t *authkey, > + const uint8_t *authkey, > uint32_t authkeylen, > uint32_t aad_length, > uint32_t digestsize, > diff --git a/drivers/crypto/qat/qat_sym_session.h > b/drivers/crypto/qat/qat_sym_session.h > index 43e25ceb7..ce1ca5af8 100644 > --- a/drivers/crypto/qat/qat_sym_session.h > +++ b/drivers/crypto/qat/qat_sym_session.h > @@ -106,12 +106,12 @@ qat_sym_session_configure_auth(struct > rte_cryptodev *dev, >=20 > int > qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cd, > - uint8_t *enckey, > + const uint8_t *enckey, > uint32_t enckeylen); >=20 > int > qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, > - uint8_t *authkey, > + const uint8_t *authkey, > uint32_t authkeylen, > uint32_t aad_length, > uint32_t digestsize, > diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c > b/drivers/crypto/snow3g/rte_snow3g_pmd.c > index 5fd94b686..68d7176f4 100644 > --- a/drivers/crypto/snow3g/rte_snow3g_pmd.c > +++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c > @@ -84,6 +84,8 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > } >=20 > if (cipher_xform) { > + uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE]; > + > /* Only SNOW 3G UEA2 supported */ > if (cipher_xform->cipher.algo !=3D > RTE_CRYPTO_CIPHER_SNOW3G_UEA2) > return -ENOTSUP; > @@ -92,14 +94,22 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > SNOW3G_LOG(ERR, "Wrong IV length"); > return -EINVAL; > } > + if (cipher_xform->cipher.key.length > > SNOW3G_MAX_KEY_SIZE) { > + SNOW3G_LOG(ERR, "Not enough memory to store > the key"); > + return -ENOMEM; > + } > + > sess->cipher_iv_offset =3D cipher_xform->cipher.iv.offset; >=20 > /* Initialize key */ > - sso_snow3g_init_key_sched(cipher_xform->cipher.key.data, > - &sess->pKeySched_cipher); > + memcpy(cipher_key, cipher_xform->cipher.key.data, > + cipher_xform->cipher.key.length); > + sso_snow3g_init_key_sched(cipher_key, &sess- > >pKeySched_cipher); > } >=20 > if (auth_xform) { > + uint8_t auth_key[SNOW3G_MAX_KEY_SIZE]; > + > /* Only SNOW 3G UIA2 supported */ > if (auth_xform->auth.algo !=3D > RTE_CRYPTO_AUTH_SNOW3G_UIA2) > return -ENOTSUP; > @@ -108,6 +118,10 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > SNOW3G_LOG(ERR, "Wrong digest length"); > return -EINVAL; > } > + if (auth_xform->auth.key.length > SNOW3G_MAX_KEY_SIZE) > { > + SNOW3G_LOG(ERR, "Not enough memory to store > the key"); > + return -ENOMEM; > + } >=20 > sess->auth_op =3D auth_xform->auth.op; >=20 > @@ -118,8 +132,9 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > sess->auth_iv_offset =3D auth_xform->auth.iv.offset; >=20 > /* Initialize key */ > - sso_snow3g_init_key_sched(auth_xform->auth.key.data, > - &sess->pKeySched_hash); > + memcpy(auth_key, auth_xform->auth.key.data, > + auth_xform->auth.key.length); > + sso_snow3g_init_key_sched(auth_key, &sess- > >pKeySched_hash); > } >=20 >=20 > diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > index df5c6092b..95a3eba22 100644 > --- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > +++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > @@ -19,6 +19,7 @@ int snow3g_logtype_driver; > ## __VA_ARGS__) >=20 > #define SNOW3G_DIGEST_LENGTH 4 > +#define SNOW3G_MAX_KEY_SIZE 128 >=20 > /** private data structure for each virtual SNOW 3G device */ struct > snow3g_private { diff --git a/drivers/crypto/virtio/virtio_cryptodev.c > b/drivers/crypto/virtio/virtio_cryptodev.c > index 4bae3b865..f16bdfe57 100644 > --- a/drivers/crypto/virtio/virtio_cryptodev.c > +++ b/drivers/crypto/virtio/virtio_cryptodev.c > @@ -1210,7 +1210,7 @@ static int > virtio_crypto_sym_pad_op_ctrl_req( > struct virtio_crypto_op_ctrl_req *ctrl, > struct rte_crypto_sym_xform *xform, bool is_chainned, > - uint8_t **cipher_key_data, uint8_t **auth_key_data, > + uint8_t *cipher_key_data, uint8_t *auth_key_data, > struct virtio_crypto_session *session) { > int ret; > @@ -1220,6 +1220,12 @@ virtio_crypto_sym_pad_op_ctrl_req( > /* Get cipher xform from crypto xform chain */ > cipher_xform =3D virtio_crypto_get_cipher_xform(xform); > if (cipher_xform) { > + if (cipher_xform->key.length > > VIRTIO_CRYPTO_MAX_KEY_SIZE) { > + VIRTIO_CRYPTO_SESSION_LOG_ERR( > + "cipher key size cannot be longer than %u", > + VIRTIO_CRYPTO_MAX_KEY_SIZE); > + return -1; > + } > if (cipher_xform->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) { > VIRTIO_CRYPTO_SESSION_LOG_ERR( > "cipher IV size cannot be longer than %u", > @@ -1241,7 +1247,8 @@ virtio_crypto_sym_pad_op_ctrl_req( > return -1; > } >=20 > - *cipher_key_data =3D cipher_xform->key.data; > + memcpy(cipher_key_data, cipher_xform->key.data, > + cipher_xform->key.length); >=20 > session->iv.offset =3D cipher_xform->iv.offset; > session->iv.length =3D cipher_xform->iv.length; @@ -1254,13 > +1261,20 @@ virtio_crypto_sym_pad_op_ctrl_req( > struct virtio_crypto_alg_chain_session_para *para =3D > &(ctrl->u.sym_create_session.u.chain.para); > if (auth_xform->key.length) { > + if (auth_xform->key.length > > + VIRTIO_CRYPTO_MAX_KEY_SIZE) { > + VIRTIO_CRYPTO_SESSION_LOG_ERR( > + "auth key size cannot be longer than %u", > + VIRTIO_CRYPTO_MAX_KEY_SIZE); > + return -1; > + } > para->hash_mode =3D > VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH; > para->u.mac_param.auth_key_len =3D > (uint32_t)auth_xform->key.length; > para->u.mac_param.hash_result_len =3D > auth_xform->digest_length; > - > - *auth_key_data =3D auth_xform->key.data; > + memcpy(auth_key_data, auth_xform->key.data, > + auth_xform->key.length); > } else { > para->hash_mode =3D > VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN; > para->u.hash_param.hash_result_len =3D @@ -1310,8 > +1324,8 @@ virtio_crypto_sym_configure_session( > struct virtio_crypto_session *session; > struct virtio_crypto_op_ctrl_req *ctrl_req; > enum virtio_crypto_cmd_id cmd_id; > - uint8_t *cipher_key_data =3D NULL; > - uint8_t *auth_key_data =3D NULL; > + uint8_t cipher_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] =3D {0}; > + uint8_t auth_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] =3D {0}; > struct virtio_crypto_hw *hw; > struct virtqueue *control_vq; >=20 > @@ -1355,7 +1369,7 @@ virtio_crypto_sym_configure_session( > =3D VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING; >=20 > ret =3D virtio_crypto_sym_pad_op_ctrl_req(ctrl_req, > - xform, true, &cipher_key_data, &auth_key_data, > session); > + xform, true, cipher_key_data, auth_key_data, > session); > if (ret < 0) { > VIRTIO_CRYPTO_SESSION_LOG_ERR( > "padding sym op ctrl req failed"); > @@ -1373,7 +1387,7 @@ virtio_crypto_sym_configure_session( > ctrl_req->u.sym_create_session.op_type > =3D VIRTIO_CRYPTO_SYM_OP_CIPHER; > ret =3D virtio_crypto_sym_pad_op_ctrl_req(ctrl_req, xform, > - false, &cipher_key_data, &auth_key_data, session); > + false, cipher_key_data, auth_key_data, session); > if (ret < 0) { > VIRTIO_CRYPTO_SESSION_LOG_ERR( > "padding sym op ctrl req failed"); > diff --git a/drivers/crypto/virtio/virtio_cryptodev.h > b/drivers/crypto/virtio/virtio_cryptodev.h > index 0fd7b722e..215bce786 100644 > --- a/drivers/crypto/virtio/virtio_cryptodev.h > +++ b/drivers/crypto/virtio/virtio_cryptodev.h > @@ -18,6 +18,8 @@ >=20 > #define VIRTIO_CRYPTO_MAX_IV_SIZE 16 >=20 > +#define VIRTIO_CRYPTO_MAX_KEY_SIZE 256 > + > extern uint8_t cryptodev_virtio_driver_id; >=20 > enum virtio_crypto_cmd_id { > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ip= sec.c > index 5a416885f..018722100 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.c > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c > @@ -97,6 +97,7 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session > *ic_session) >=20 > if (ic_session->op =3D=3D IXGBE_OP_AUTHENTICATED_DECRYPTION) { > int i, ip_index =3D -1; > + uint8_t *key; >=20 > /* Find a match in the IP table*/ > for (i =3D 0; i < IPSEC_MAX_RX_IP_COUNT; i++) { @@ -189,23 > +190,32 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) > IXGBE_WAIT_RWRITE; >=20 > /* write Key table entry*/ > + key =3D malloc(ic_session->key_len); > + if (!key) > + return -ENOMEM; > + > + memcpy(key, ic_session->key, ic_session->key_len); > + > reg_val =3D IPSRXIDX_RX_EN | IPSRXIDX_WRITE | > IPSRXIDX_TABLE_KEY | (sa_index << 3); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[12])); > + rte_cpu_to_be_32(*(uint32_t *)&key[12])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[8])); > + rte_cpu_to_be_32(*(uint32_t *)&key[8])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[4])); > + rte_cpu_to_be_32(*(uint32_t *)&key[4])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[0])); > + rte_cpu_to_be_32(*(uint32_t *)&key[0])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT, > rte_cpu_to_be_32(ic_session->salt)); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD, > priv->rx_sa_tbl[sa_index].mode); > IXGBE_WAIT_RWRITE; >=20 > + free(key); > + > } else { /* sess->dir =3D=3D RTE_CRYPTO_OUTBOUND */ > + uint8_t *key; > int i; >=20 > /* Find a free entry in the SA table*/ @@ -227,16 +237,22 > @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) > priv->tx_sa_tbl[i].used =3D 1; > ic_session->sa_index =3D sa_index; >=20 > + key =3D malloc(ic_session->key_len); [AK] - This key is not freed after this malloc. > + if (!key) > + return -ENOMEM; > + > + memcpy(key, ic_session->key, ic_session->key_len); > + > /* write Key table entry*/ > reg_val =3D IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << > 3); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[12])); > + rte_cpu_to_be_32(*(uint32_t *)&key[12])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[8])); > + rte_cpu_to_be_32(*(uint32_t *)&key[8])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[4])); > + rte_cpu_to_be_32(*(uint32_t *)&key[4])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[0])); > + rte_cpu_to_be_32(*(uint32_t *)&key[0])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, > rte_cpu_to_be_32(ic_session->salt)); > IXGBE_WAIT_TWRITE; > @@ -388,6 +404,7 @@ ixgbe_crypto_create_session(void *device, > } >=20 > ic_session->key =3D aead_xform->key.data; > + ic_session->key_len =3D aead_xform->key.length; > memcpy(&ic_session->salt, > &aead_xform->key.data[aead_xform->key.length], 4); > ic_session->spi =3D conf->ipsec.spi; > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ip= sec.h > index c73e18069..e218c0a4a 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.h > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h > @@ -62,7 +62,8 @@ struct ipaddr { > /** inline crypto crypto private session structure */ struct > ixgbe_crypto_session { > enum ixgbe_operation op; > - uint8_t *key; > + const uint8_t *key; > + uint32_t key_len; > uint32_t salt; > uint32_t sa_index; > uint32_t spi; > diff --git a/drivers/net/softnic/rte_eth_softnic_cli.c > b/drivers/net/softnic/rte_eth_softnic_cli.c > index 76136c2e2..f4df3dc96 100644 > --- a/drivers/net/softnic/rte_eth_softnic_cli.c > +++ b/drivers/net/softnic/rte_eth_softnic_cli.c > @@ -4053,24 +4053,18 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > switch (xform[i]->type) { > case RTE_CRYPTO_SYM_XFORM_CIPHER: > - if (xform[i]->cipher.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.cipher_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.cipher_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AUTH: > - if (xform[i]->auth.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.auth_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.auth_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AEAD: > - if (xform[i]->aead.key.data) > - free(xform[i]->cipher.key.data); > if (p->aead.iv.val) > free(p->aead.iv.val); > if (p->aead.aad.val) > @@ -4085,8 +4079,8 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > int status; > @@ -4113,16 +4107,16 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > /* cipher_key */ > len =3D strlen(tokens[4]); > - xform_cipher->cipher.key.data =3D calloc(1, len / 2 + 1); > - if (xform_cipher->cipher.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D softnic_parse_hex_string(tokens[4], > - xform_cipher->cipher.key.data, > - (uint32_t *)&len); > + status =3D softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_cipher->cipher.key.data =3D key; > xform_cipher->cipher.key.length =3D (uint16_t)len; >=20 > /* cipher_iv */ > @@ -4146,9 +4140,6 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, > return xform_cipher; >=20 > error_exit: > - if (xform_cipher->cipher.key.data) > - free(xform_cipher->cipher.key.data); > - > if (p->cipher_auth.cipher_iv.val) { > free(p->cipher_auth.cipher_iv.val); > p->cipher_auth.cipher_iv.val =3D NULL; > @@ -4161,8 +4152,8 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > struct rte_crypto_sym_xform *xform_auth; @@ -4191,17 +4182,21 > @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > /* auth_key */ > len =3D strlen(tokens[10]); > - xform_auth->auth.key.data =3D calloc(1, len / 2 + 1); > - if (xform_auth->auth.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D softnic_parse_hex_string(tokens[10], > - xform_auth->auth.key.data, (uint32_t *)&len); > + status =3D softnic_parse_hex_string(tokens[10], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_auth->auth.key.data =3D key; > xform_auth->auth.key.length =3D (uint16_t)len; >=20 > + key +=3D xform_auth->auth.key.length; > + max_key_len -=3D xform_auth->auth.key.length; > + > if (strcmp(tokens[11], "digest_size")) > goto error_exit; >=20 > @@ -4210,8 +4205,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > if (status < 0) > goto error_exit; >=20 > - xform_cipher =3D parse_table_action_cipher(p, tokens, 7, encrypt, > - used_n_tokens); > + xform_cipher =3D parse_table_action_cipher(p, key, max_key_len, > tokens, 7, > + encrypt, used_n_tokens); > if (xform_cipher =3D=3D NULL) > goto error_exit; >=20 > @@ -4226,8 +4221,6 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > } >=20 > error_exit: > - if (xform_auth->auth.key.data) > - free(xform_auth->auth.key.data); > if (p->cipher_auth.auth_iv.val) { > free(p->cipher_auth.auth_iv.val); > p->cipher_auth.auth_iv.val =3D 0; > @@ -4240,8 +4233,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_aead(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_aead; > int status; > @@ -4270,15 +4263,16 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, >=20 > /* aead_key */ > len =3D strlen(tokens[4]); > - xform_aead->aead.key.data =3D calloc(1, len / 2 + 1); > - if (xform_aead->aead.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D softnic_parse_hex_string(tokens[4], xform_aead- > >aead.key.data, > - (uint32_t *)&len); > + status =3D softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_aead->aead.key.data =3D key; > xform_aead->aead.key.length =3D (uint16_t)len; >=20 > /* aead_iv */ > @@ -4320,8 +4314,6 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, > return xform_aead; >=20 > error_exit: > - if (xform_aead->aead.key.data) > - free(xform_aead->aead.key.data); > if (p->aead.iv.val) { > free(p->aead.iv.val); > p->aead.iv.val =3D NULL; > @@ -4344,6 +4336,8 @@ parse_table_action_sym_crypto(char **tokens, { > struct rte_table_action_sym_crypto_params *p =3D &a->sym_crypto; > struct rte_crypto_sym_xform *xform =3D NULL; > + uint8_t *key =3D a->sym_crypto_key; > + uint32_t max_key_len =3D SYM_CRYPTO_MAX_KEY_SIZE; > uint32_t used_n_tokens; > uint32_t encrypt; > int status; > @@ -4368,20 +4362,20 @@ parse_table_action_sym_crypto(char **tokens, > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_cipher(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "cipher_auth") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher_auth(p, tokens, > n_tokens, > - encrypt, &used_n_tokens); > + xform =3D parse_table_action_cipher_auth(p, key, > max_key_len, > + tokens, n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "aead") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_aead(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_aead(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } >=20 > if (xform =3D=3D NULL) > diff --git a/drivers/net/softnic/rte_eth_softnic_internals.h > b/drivers/net/softnic/rte_eth_softnic_internals.h > index 415434d0d..08bc66051 100644 > --- a/drivers/net/softnic/rte_eth_softnic_internals.h > +++ b/drivers/net/softnic/rte_eth_softnic_internals.h > @@ -948,6 +948,9 @@ struct softnic_table_rule_match { > } match; > }; >=20 > +#ifndef SYM_CRYPTO_MAX_KEY_SIZE > +#define SYM_CRYPTO_MAX_KEY_SIZE (256) > +#endif > struct softnic_table_rule_action { > uint64_t action_mask; > struct rte_table_action_fwd_params fwd; @@ -962,6 +965,7 @@ > struct softnic_table_rule_action { > struct rte_table_action_tag_params tag; > struct rte_table_action_decap_params decap; > struct rte_table_action_sym_crypto_params sym_crypto; > + uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE]; > }; >=20 > struct rte_flow { > diff --git a/examples/ip_pipeline/cli.c b/examples/ip_pipeline/cli.c inde= x > a92467e63..6d547efd6 100644 > --- a/examples/ip_pipeline/cli.c > +++ b/examples/ip_pipeline/cli.c > @@ -3730,24 +3730,18 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > switch (xform[i]->type) { > case RTE_CRYPTO_SYM_XFORM_CIPHER: > - if (xform[i]->cipher.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.cipher_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.cipher_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AUTH: > - if (xform[i]->auth.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.auth_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.auth_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AEAD: > - if (xform[i]->aead.key.data) > - free(xform[i]->cipher.key.data); > if (p->aead.iv.val) > free(p->aead.iv.val); > if (p->aead.aad.val) > @@ -3762,8 +3756,8 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > int status; > @@ -3790,16 +3784,16 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > /* cipher_key */ > len =3D strlen(tokens[4]); > - xform_cipher->cipher.key.data =3D calloc(1, len / 2 + 1); > - if (xform_cipher->cipher.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D parse_hex_string(tokens[4], > - xform_cipher->cipher.key.data, > - (uint32_t *)&len); > + status =3D parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_cipher->cipher.key.data =3D key; > xform_cipher->cipher.key.length =3D (uint16_t)len; >=20 > /* cipher_iv */ > @@ -3823,9 +3817,6 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, > return xform_cipher; >=20 > error_exit: > - if (xform_cipher->cipher.key.data) > - free(xform_cipher->cipher.key.data); > - > if (p->cipher_auth.cipher_iv.val) { > free(p->cipher_auth.cipher_iv.val); > p->cipher_auth.cipher_iv.val =3D NULL; > @@ -3838,8 +3829,8 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > struct rte_crypto_sym_xform *xform_auth; @@ -3868,17 +3859,21 > @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > /* auth_key */ > len =3D strlen(tokens[10]); > - xform_auth->auth.key.data =3D calloc(1, len / 2 + 1); > - if (xform_auth->auth.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D parse_hex_string(tokens[10], > - xform_auth->auth.key.data, (uint32_t *)&len); > + status =3D parse_hex_string(tokens[10], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_auth->auth.key.data =3D key; > xform_auth->auth.key.length =3D (uint16_t)len; >=20 > + key +=3D xform_auth->auth.key.length; > + max_key_len -=3D xform_auth->auth.key.length; > + > if (strcmp(tokens[11], "digest_size")) > goto error_exit; >=20 > @@ -3887,8 +3882,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > if (status < 0) > goto error_exit; >=20 > - xform_cipher =3D parse_table_action_cipher(p, tokens, 7, encrypt, > - used_n_tokens); > + xform_cipher =3D parse_table_action_cipher(p, key, max_key_len, > tokens, > + 7, encrypt, used_n_tokens); > if (xform_cipher =3D=3D NULL) > goto error_exit; >=20 > @@ -3903,8 +3898,6 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > } >=20 > error_exit: > - if (xform_auth->auth.key.data) > - free(xform_auth->auth.key.data); > if (p->cipher_auth.auth_iv.val) { > free(p->cipher_auth.auth_iv.val); > p->cipher_auth.auth_iv.val =3D 0; > @@ -3917,8 +3910,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_aead(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_aead; > int status; > @@ -3947,15 +3940,16 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, >=20 > /* aead_key */ > len =3D strlen(tokens[4]); > - xform_aead->aead.key.data =3D calloc(1, len / 2 + 1); > - if (xform_aead->aead.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D parse_hex_string(tokens[4], xform_aead->aead.key.data, > - (uint32_t *)&len); > + status =3D parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_aead->aead.key.data =3D key; > xform_aead->aead.key.length =3D (uint16_t)len; >=20 > /* aead_iv */ > @@ -3997,8 +3991,6 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, > return xform_aead; >=20 > error_exit: > - if (xform_aead->aead.key.data) > - free(xform_aead->aead.key.data); > if (p->aead.iv.val) { > free(p->aead.iv.val); > p->aead.iv.val =3D NULL; > @@ -4021,6 +4013,8 @@ parse_table_action_sym_crypto(char **tokens, { > struct rte_table_action_sym_crypto_params *p =3D &a->sym_crypto; > struct rte_crypto_sym_xform *xform =3D NULL; > + uint8_t *key =3D a->sym_crypto_key; > + uint32_t max_key_len =3D SYM_CRYPTO_MAX_KEY_SIZE; > uint32_t used_n_tokens; > uint32_t encrypt; > int status; > @@ -4045,20 +4039,20 @@ parse_table_action_sym_crypto(char **tokens, > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_cipher(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "cipher_auth") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher_auth(p, tokens, > n_tokens, > - encrypt, &used_n_tokens); > + xform =3D parse_table_action_cipher_auth(p, key, > max_key_len, > + tokens, n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "aead") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_aead(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_aead(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } >=20 > if (xform =3D=3D NULL) > diff --git a/examples/ip_pipeline/cryptodev.c > b/examples/ip_pipeline/cryptodev.c > index ac1e38d6a..94a0462d0 100644 > --- a/examples/ip_pipeline/cryptodev.c > +++ b/examples/ip_pipeline/cryptodev.c > @@ -90,8 +90,6 @@ cryptodev_create(const char *name, struct > cryptodev_params *params) >=20 > if (dev_info.max_nb_queue_pairs < params->n_queues) > return NULL; > - if (dev_info.feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED) > - return NULL; >=20 > dev_conf.socket_id =3D socket_id; > dev_conf.nb_queue_pairs =3D params->n_queues; diff --git > a/examples/ip_pipeline/pipeline.h b/examples/ip_pipeline/pipeline.h index > 278775c2d..4d2ee29a5 100644 > --- a/examples/ip_pipeline/pipeline.h > +++ b/examples/ip_pipeline/pipeline.h > @@ -276,6 +276,10 @@ struct table_rule_match { > } match; > }; >=20 > +#ifndef SYM_CRYPTO_MAX_KEY_SIZE > +#define SYM_CRYPTO_MAX_KEY_SIZE (256) > +#endif > + > struct table_rule_action { > uint64_t action_mask; > struct rte_table_action_fwd_params fwd; @@ -288,8 +292,10 @@ > struct table_rule_action { > struct rte_table_action_stats_params stats; > struct rte_table_action_time_params time; > struct rte_table_action_sym_crypto_params sym_crypto; > + uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE]; > struct rte_table_action_tag_params tag; > struct rte_table_action_decap_params decap; > + > }; >=20 > struct table_rule { > diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c > index 9982f07e9..aa8b92e2c 100644 > --- a/examples/l2fwd-crypto/main.c > +++ b/examples/l2fwd-crypto/main.c > @@ -135,6 +135,7 @@ struct l2fwd_crypto_options { > struct rte_crypto_sym_xform cipher_xform; > unsigned ckey_param; > int ckey_random_size; > + uint8_t cipher_key[MAX_KEY_SIZE]; >=20 > struct l2fwd_iv cipher_iv; > unsigned int cipher_iv_param; > @@ -143,6 +144,7 @@ struct l2fwd_crypto_options { > struct rte_crypto_sym_xform auth_xform; > uint8_t akey_param; > int akey_random_size; > + uint8_t auth_key[MAX_KEY_SIZE]; >=20 > struct l2fwd_iv auth_iv; > unsigned int auth_iv_param; > @@ -151,6 +153,7 @@ struct l2fwd_crypto_options { > struct rte_crypto_sym_xform aead_xform; > unsigned int aead_key_param; > int aead_key_random_size; > + uint8_t aead_key[MAX_KEY_SIZE]; >=20 > struct l2fwd_iv aead_iv; > unsigned int aead_iv_param; > @@ -1219,8 +1222,7 @@ l2fwd_crypto_parse_args_long_options(struct > l2fwd_crypto_options *options, > else if (strcmp(lgopts[option_index].name, "cipher_key") =3D=3D 0) { > options->ckey_param =3D 1; > options->cipher_xform.cipher.key.length =3D > - parse_bytes(options->cipher_xform.cipher.key.data, > optarg, > - MAX_KEY_SIZE); > + parse_bytes(options->cipher_key, optarg, > MAX_KEY_SIZE); > if (options->cipher_xform.cipher.key.length > 0) > return 0; > else > @@ -1256,8 +1258,7 @@ l2fwd_crypto_parse_args_long_options(struct > l2fwd_crypto_options *options, > else if (strcmp(lgopts[option_index].name, "auth_key") =3D=3D 0) { > options->akey_param =3D 1; > options->auth_xform.auth.key.length =3D > - parse_bytes(options->auth_xform.auth.key.data, > optarg, > - MAX_KEY_SIZE); > + parse_bytes(options->auth_key, optarg, > MAX_KEY_SIZE); > if (options->auth_xform.auth.key.length > 0) > return 0; > else > @@ -1294,8 +1295,7 @@ l2fwd_crypto_parse_args_long_options(struct > l2fwd_crypto_options *options, > else if (strcmp(lgopts[option_index].name, "aead_key") =3D=3D 0) { > options->aead_key_param =3D 1; > options->aead_xform.aead.key.length =3D > - parse_bytes(options->aead_xform.aead.key.data, > optarg, > - MAX_KEY_SIZE); > + parse_bytes(options->aead_key, optarg, > MAX_KEY_SIZE); > if (options->aead_xform.aead.key.length > 0) > return 0; > else > @@ -2348,8 +2348,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options > *options, unsigned nb_ports, > options- > >aead_xform.aead.key.length =3D > cap->sym.aead.key_size.min; >=20 > - generate_random_key( > - options->aead_xform.aead.key.data, > + generate_random_key(options->aead_key, > options- > >aead_xform.aead.key.length); > } >=20 > @@ -2406,8 +2405,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options > *options, unsigned nb_ports, > options- > >cipher_xform.cipher.key.length =3D > cap- > >sym.cipher.key_size.min; >=20 > - generate_random_key( > - options- > >cipher_xform.cipher.key.data, > + generate_random_key(options->cipher_key, > options- > >cipher_xform.cipher.key.length); > } > } > @@ -2440,8 +2438,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options > *options, unsigned nb_ports, > options->auth_xform.auth.key.length > =3D > cap->sym.auth.key_size.min; >=20 > - generate_random_key( > - options->auth_xform.auth.key.data, > + generate_random_key(options->auth_key, > options- > >auth_xform.auth.key.length); > } >=20 > @@ -2612,20 +2609,11 @@ initialize_ports(struct l2fwd_crypto_options > *options) static void reserve_key_memory(struct l2fwd_crypto_options > *options) { > - options->cipher_xform.cipher.key.data =3D rte_malloc("crypto key", > - MAX_KEY_SIZE, 0); > - if (options->cipher_xform.cipher.key.data =3D=3D NULL) > - rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher > key"); > - > - options->auth_xform.auth.key.data =3D rte_malloc("auth key", > - MAX_KEY_SIZE, 0); > - if (options->auth_xform.auth.key.data =3D=3D NULL) > - rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth > key"); > - > - options->aead_xform.aead.key.data =3D rte_malloc("aead key", > - MAX_KEY_SIZE, 0); > - if (options->aead_xform.aead.key.data =3D=3D NULL) > - rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD > key"); > + options->cipher_xform.cipher.key.data =3D options->cipher_key; > + > + options->auth_xform.auth.key.data =3D options->auth_key; > + > + options->aead_xform.aead.key.data =3D options->aead_key; >=20 > options->cipher_iv.data =3D rte_malloc("cipher iv", MAX_KEY_SIZE, 0); > if (options->cipher_iv.data =3D=3D NULL) > diff --git a/lib/librte_cryptodev/Makefile b/lib/librte_cryptodev/Makefil= e > index 859c4f0f1..c20e090a8 100644 > --- a/lib/librte_cryptodev/Makefile > +++ b/lib/librte_cryptodev/Makefile > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk LIB =3D > librte_cryptodev.a >=20 > # library version > -LIBABIVER :=3D 6 > +LIBABIVER :=3D 7 >=20 > # build flags > CFLAGS +=3D -O3 > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > b/lib/librte_cryptodev/rte_crypto_sym.h > index eb5afc5ef..00e1b358f 100644 > --- a/lib/librte_cryptodev/rte_crypto_sym.h > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > @@ -114,8 +114,8 @@ struct rte_crypto_cipher_xform { > /**< Cipher algorithm */ >=20 > struct { > - uint8_t *data; /**< pointer to key data */ > - uint16_t length;/**< key length in bytes */ > + const uint8_t *data; /**< pointer to key data */ > + uint16_t length; /**< key length in bytes */ > } key; > /**< Cipher key > * > @@ -293,8 +293,8 @@ struct rte_crypto_auth_xform { > /**< Authentication algorithm selection */ >=20 > struct { > - uint8_t *data; /**< pointer to key data */ > - uint16_t length;/**< key length in bytes */ > + const uint8_t *data; /**< pointer to key data */ > + uint16_t length; /**< key length in bytes */ > } key; > /**< Authentication key data. > * The authentication key length MUST be less than or equal to the > @@ -376,8 +376,8 @@ struct rte_crypto_aead_xform { > /**< AEAD algorithm selection */ >=20 > struct { > - uint8_t *data; /**< pointer to key data */ > - uint16_t length;/**< key length in bytes */ > + const uint8_t *data; /**< pointer to key data */ > + uint16_t length; /**< key length in bytes */ > } key; >=20 > struct { > -- > 2.14.5 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 11D4BA0096 for ; Fri, 15 Mar 2019 17:38:09 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D7C602BD3; Fri, 15 Mar 2019 17:38:06 +0100 (CET) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 40EA71E2F for ; Fri, 15 Mar 2019 17:38:05 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2019 09:38:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,482,1544515200"; d="scan'208";a="155392415" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga001.fm.intel.com with ESMTP; 15 Mar 2019 09:38:04 -0700 Received: from fmsmsx126.amr.corp.intel.com (10.18.125.43) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 15 Mar 2019 09:38:03 -0700 Received: from hasmsx108.ger.corp.intel.com (10.184.198.18) by FMSMSX126.amr.corp.intel.com (10.18.125.43) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 15 Mar 2019 09:38:02 -0700 Received: from HASMSX109.ger.corp.intel.com ([169.254.3.144]) by hasmsx108.ger.corp.intel.com ([169.254.9.237]) with mapi id 14.03.0415.000; Fri, 15 Mar 2019 18:37:59 +0200 From: "Kusztal, ArkadiuszX" To: "Zhang, Roy Fan" , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , "jerin.jacob@caviumnetworks.com" , "Trahe, Fiona" Thread-Topic: [PATCH] cryptodev: make xform key pointer constant Thread-Index: AQHU0DTz4xTkSh0gdES8br/pPXuHRqYM+Llw Date: Fri, 15 Mar 2019 16:37:58 +0000 Message-ID: <06EE24DD0B19E248B53F6DC8657831551B14B03E@hasmsx109.ger.corp.intel.com> References: <20190301134325.30600-1-roy.fan.zhang@intel.com> In-Reply-To: <20190301134325.30600-1-roy.fan.zhang@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.104.14.162] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] cryptodev: make xform key pointer constant X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Message-ID: <20190315163758.Y02yqwMQEcxN4yPBsQbvYBmXeXylrHnvcr8-rzu7BtY@z> Hi Fan, Only one thing from me (with [AK]) Except for that looks good, I can ack v2. Arek > -----Original Message----- > From: Zhang, Roy Fan > Sent: Friday, March 1, 2019 2:43 PM > To: dev@dpdk.org > Cc: akhil.goyal@nxp.com; Zhang, Roy Fan ; > Kusztal, ArkadiuszX ; > jerin.jacob@caviumnetworks.com; Trahe, Fiona > Subject: [PATCH] cryptodev: make xform key pointer constant >=20 > This patch changes the key pointer data types in cipher, auth, and aead > xforms from "uint8_t *" to "const uint8_t *" for a more intuitive and saf= e > sessionn creation. >=20 > Signed-off-by: Fan Zhang > --- > Although it is a relative big patch, but I believe it is the right thing = to do > towards a safer and better DPDK Cryptodev, and we should have done this > long time ago. >=20 > I have been trying to avoid the problems that may cause due to the > bug/missed updates places. However, due to lacking the hardware I was onl= y > able to test the PMDs I have. So please forgive me if I missed updating c= ertain > drivers/tests. I will amend that. >=20 > drivers/common/cpt/cpt_ucode.h | 14 ++--- > drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 2 +- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 2 +- > drivers/crypto/openssl/rte_openssl_pmd.c | 8 +-- > drivers/crypto/qat/qat_sym_session.c | 8 +-- > drivers/crypto/qat/qat_sym_session.h | 4 +- > drivers/crypto/snow3g/rte_snow3g_pmd.c | 23 ++++++-- > drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 1 + > drivers/crypto/virtio/virtio_cryptodev.c | 30 +++++++--- > drivers/crypto/virtio/virtio_cryptodev.h | 2 + > drivers/net/ixgbe/ixgbe_ipsec.c | 33 ++++++++--- > drivers/net/ixgbe/ixgbe_ipsec.h | 3 +- > drivers/net/softnic/rte_eth_softnic_cli.c | 74 ++++++++++++-------= ------ > drivers/net/softnic/rte_eth_softnic_internals.h | 4 ++ > examples/ip_pipeline/cli.c | 74 ++++++++++++-------= ------ > examples/ip_pipeline/cryptodev.c | 2 - > examples/ip_pipeline/pipeline.h | 6 ++ > examples/l2fwd-crypto/main.c | 40 +++++-------- > lib/librte_cryptodev/Makefile | 2 +- > lib/librte_cryptodev/rte_crypto_sym.h | 12 ++-- > 20 files changed, 189 insertions(+), 155 deletions(-) >=20 > diff --git a/drivers/common/cpt/cpt_ucode.h > b/drivers/common/cpt/cpt_ucode.h index 5933ea77e..3e1127174 100644 > --- a/drivers/common/cpt/cpt_ucode.h > +++ b/drivers/common/cpt/cpt_ucode.h > @@ -55,7 +55,7 @@ cpt_is_algo_supported(struct rte_crypto_sym_xform > *xform) } >=20 > static __rte_always_inline void > -gen_key_snow3g(uint8_t *ck, uint32_t *keyx) > +gen_key_snow3g(const uint8_t *ck, uint32_t *keyx) > { > int i, base; >=20 > @@ -174,7 +174,7 @@ > cpt_fc_ciph_set_key_set_aes_key_type(mc_fc_context_t *fctx, uint16_t > key_len) } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, const uint8_t > +*key, > uint16_t key_len) > { > uint32_t keyx[4]; > @@ -186,7 +186,7 @@ cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx > *cpt_ctx, uint8_t *key, } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, const uint8_t > +*key, > uint16_t key_len) > { > cpt_ctx->snow3g =3D 0; > @@ -197,7 +197,7 @@ cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx > *cpt_ctx, uint8_t *key, } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, const > +uint8_t *key, > uint16_t key_len) > { > cpt_ctx->k_ecb =3D 1; > @@ -207,7 +207,7 @@ cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx > *cpt_ctx, uint8_t *key, } >=20 > static __rte_always_inline void > -cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key, > +cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, const > +uint8_t *key, > uint16_t key_len) > { > memcpy(cpt_ctx->k_ctx.ci_key, key, key_len); @@ -216,7 +216,7 @@ > cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key, = } >=20 > static __rte_always_inline int > -cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, uint8_t *key, > +cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, const uint8_t *key, > uint16_t key_len, uint8_t *salt) > { > struct cpt_ctx *cpt_ctx =3D ctx; > @@ -2539,7 +2539,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t > d_offs, uint64_t d_lens, } >=20 > static __rte_always_inline int > -cpt_fc_auth_set_key(void *ctx, auth_type_t type, uint8_t *key, > +cpt_fc_auth_set_key(void *ctx, auth_type_t type, const uint8_t *key, > uint16_t key_len, uint16_t mac_len) { > struct cpt_ctx *cpt_ctx =3D ctx; > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > index 948ff0763..009885f08 100644 > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > @@ -24,7 +24,7 @@ aesni_gcm_set_session_parameters(const struct > aesni_gcm_ops *gcm_ops, > const struct rte_crypto_sym_xform *auth_xform; > const struct rte_crypto_sym_xform *aead_xform; > uint8_t key_length; > - uint8_t *key; > + const uint8_t *key; >=20 > /* AES-GMAC */ > if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { diff --git > a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > index 48d6ac002..c0670fa40 100644 > --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c > @@ -35,7 +35,7 @@ typedef void (*aes_keyexp_t)(const void *key, void > *enc_exp_keys, void *dec_exp_ static void > calculate_auth_precomputes(hash_one_block_t one_block_hash, > uint8_t *ipad, uint8_t *opad, > - uint8_t *hkey, uint16_t hkey_len, > + const uint8_t *hkey, uint16_t hkey_len, > uint16_t blocksize) > { > unsigned i, length; > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index ea5aac69e..f76d081e7 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -92,14 +92,14 @@ openssl_get_chain_order(const struct > rte_crypto_sym_xform *xform) >=20 > /** Get session cipher key from input cipher key */ static void - > get_cipher_key(uint8_t *input_key, int keylen, uint8_t *session_key) > +get_cipher_key(const uint8_t *input_key, int keylen, uint8_t > +*session_key) > { > memcpy(session_key, input_key, keylen); } >=20 > /** Get key ede 24 bytes standard from input key */ static int - > get_cipher_key_ede(uint8_t *key, int keylen, uint8_t *key_ede) > +get_cipher_key_ede(const uint8_t *key, int keylen, uint8_t *key_ede) > { > int res =3D 0; >=20 > @@ -292,7 +292,7 @@ get_aead_algo(enum rte_crypto_aead_algorithm > sess_algo, size_t keylen, static int openssl_set_sess_aead_enc_param(st= ruct > openssl_session *sess, > enum rte_crypto_aead_algorithm algo, > - uint8_t tag_len, uint8_t *key) > + uint8_t tag_len, const uint8_t *key) > { > int iv_type =3D 0; > unsigned int do_ccm; > @@ -352,7 +352,7 @@ openssl_set_sess_aead_enc_param(struct > openssl_session *sess, static int openssl_set_sess_aead_dec_param(struc= t > openssl_session *sess, > enum rte_crypto_aead_algorithm algo, > - uint8_t tag_len, uint8_t *key) > + uint8_t tag_len, const uint8_t *key) > { > int iv_type =3D 0; > unsigned int do_ccm =3D 0; > diff --git a/drivers/crypto/qat/qat_sym_session.c > b/drivers/crypto/qat/qat_sym_session.c > index 4d7ec01d4..917c5e927 100644 > --- a/drivers/crypto/qat/qat_sym_session.c > +++ b/drivers/crypto/qat/qat_sym_session.c > @@ -35,7 +35,7 @@ bpi_cipher_ctx_free(void *bpi_ctx) static int > bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo, > enum rte_crypto_cipher_operation direction __rte_unused, > - uint8_t *key, void **ctx) > + const uint8_t *key, void **ctx) > { > const EVP_CIPHER *algo =3D NULL; > int ret; > @@ -496,7 +496,7 @@ qat_sym_session_configure_auth(struct > rte_cryptodev *dev, { > struct rte_crypto_auth_xform *auth_xform =3D > qat_get_auth_xform(xform); > struct qat_sym_dev_private *internals =3D dev->data->dev_private; > - uint8_t *key_data =3D auth_xform->key.data; > + const uint8_t *key_data =3D auth_xform->key.data; > uint8_t key_length =3D auth_xform->key.length; > session->aes_cmac =3D 0; >=20 > @@ -1258,7 +1258,7 @@ qat_get_crypto_proto_flag(uint16_t flags) } >=20 > int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session > *cdesc, > - uint8_t *cipherkey, > + const uint8_t *cipherkey, > uint32_t cipherkeylen) > { > struct icp_qat_hw_cipher_algo_blk *cipher; @@ -1413,7 +1413,7 > @@ int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session > *cdesc, } >=20 > int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, > - uint8_t *authkey, > + const uint8_t *authkey, > uint32_t authkeylen, > uint32_t aad_length, > uint32_t digestsize, > diff --git a/drivers/crypto/qat/qat_sym_session.h > b/drivers/crypto/qat/qat_sym_session.h > index 43e25ceb7..ce1ca5af8 100644 > --- a/drivers/crypto/qat/qat_sym_session.h > +++ b/drivers/crypto/qat/qat_sym_session.h > @@ -106,12 +106,12 @@ qat_sym_session_configure_auth(struct > rte_cryptodev *dev, >=20 > int > qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cd, > - uint8_t *enckey, > + const uint8_t *enckey, > uint32_t enckeylen); >=20 > int > qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, > - uint8_t *authkey, > + const uint8_t *authkey, > uint32_t authkeylen, > uint32_t aad_length, > uint32_t digestsize, > diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c > b/drivers/crypto/snow3g/rte_snow3g_pmd.c > index 5fd94b686..68d7176f4 100644 > --- a/drivers/crypto/snow3g/rte_snow3g_pmd.c > +++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c > @@ -84,6 +84,8 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > } >=20 > if (cipher_xform) { > + uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE]; > + > /* Only SNOW 3G UEA2 supported */ > if (cipher_xform->cipher.algo !=3D > RTE_CRYPTO_CIPHER_SNOW3G_UEA2) > return -ENOTSUP; > @@ -92,14 +94,22 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > SNOW3G_LOG(ERR, "Wrong IV length"); > return -EINVAL; > } > + if (cipher_xform->cipher.key.length > > SNOW3G_MAX_KEY_SIZE) { > + SNOW3G_LOG(ERR, "Not enough memory to store > the key"); > + return -ENOMEM; > + } > + > sess->cipher_iv_offset =3D cipher_xform->cipher.iv.offset; >=20 > /* Initialize key */ > - sso_snow3g_init_key_sched(cipher_xform->cipher.key.data, > - &sess->pKeySched_cipher); > + memcpy(cipher_key, cipher_xform->cipher.key.data, > + cipher_xform->cipher.key.length); > + sso_snow3g_init_key_sched(cipher_key, &sess- > >pKeySched_cipher); > } >=20 > if (auth_xform) { > + uint8_t auth_key[SNOW3G_MAX_KEY_SIZE]; > + > /* Only SNOW 3G UIA2 supported */ > if (auth_xform->auth.algo !=3D > RTE_CRYPTO_AUTH_SNOW3G_UIA2) > return -ENOTSUP; > @@ -108,6 +118,10 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > SNOW3G_LOG(ERR, "Wrong digest length"); > return -EINVAL; > } > + if (auth_xform->auth.key.length > SNOW3G_MAX_KEY_SIZE) > { > + SNOW3G_LOG(ERR, "Not enough memory to store > the key"); > + return -ENOMEM; > + } >=20 > sess->auth_op =3D auth_xform->auth.op; >=20 > @@ -118,8 +132,9 @@ snow3g_set_session_parameters(struct > snow3g_session *sess, > sess->auth_iv_offset =3D auth_xform->auth.iv.offset; >=20 > /* Initialize key */ > - sso_snow3g_init_key_sched(auth_xform->auth.key.data, > - &sess->pKeySched_hash); > + memcpy(auth_key, auth_xform->auth.key.data, > + auth_xform->auth.key.length); > + sso_snow3g_init_key_sched(auth_key, &sess- > >pKeySched_hash); > } >=20 >=20 > diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > index df5c6092b..95a3eba22 100644 > --- a/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > +++ b/drivers/crypto/snow3g/rte_snow3g_pmd_private.h > @@ -19,6 +19,7 @@ int snow3g_logtype_driver; > ## __VA_ARGS__) >=20 > #define SNOW3G_DIGEST_LENGTH 4 > +#define SNOW3G_MAX_KEY_SIZE 128 >=20 > /** private data structure for each virtual SNOW 3G device */ struct > snow3g_private { diff --git a/drivers/crypto/virtio/virtio_cryptodev.c > b/drivers/crypto/virtio/virtio_cryptodev.c > index 4bae3b865..f16bdfe57 100644 > --- a/drivers/crypto/virtio/virtio_cryptodev.c > +++ b/drivers/crypto/virtio/virtio_cryptodev.c > @@ -1210,7 +1210,7 @@ static int > virtio_crypto_sym_pad_op_ctrl_req( > struct virtio_crypto_op_ctrl_req *ctrl, > struct rte_crypto_sym_xform *xform, bool is_chainned, > - uint8_t **cipher_key_data, uint8_t **auth_key_data, > + uint8_t *cipher_key_data, uint8_t *auth_key_data, > struct virtio_crypto_session *session) { > int ret; > @@ -1220,6 +1220,12 @@ virtio_crypto_sym_pad_op_ctrl_req( > /* Get cipher xform from crypto xform chain */ > cipher_xform =3D virtio_crypto_get_cipher_xform(xform); > if (cipher_xform) { > + if (cipher_xform->key.length > > VIRTIO_CRYPTO_MAX_KEY_SIZE) { > + VIRTIO_CRYPTO_SESSION_LOG_ERR( > + "cipher key size cannot be longer than %u", > + VIRTIO_CRYPTO_MAX_KEY_SIZE); > + return -1; > + } > if (cipher_xform->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) { > VIRTIO_CRYPTO_SESSION_LOG_ERR( > "cipher IV size cannot be longer than %u", > @@ -1241,7 +1247,8 @@ virtio_crypto_sym_pad_op_ctrl_req( > return -1; > } >=20 > - *cipher_key_data =3D cipher_xform->key.data; > + memcpy(cipher_key_data, cipher_xform->key.data, > + cipher_xform->key.length); >=20 > session->iv.offset =3D cipher_xform->iv.offset; > session->iv.length =3D cipher_xform->iv.length; @@ -1254,13 > +1261,20 @@ virtio_crypto_sym_pad_op_ctrl_req( > struct virtio_crypto_alg_chain_session_para *para =3D > &(ctrl->u.sym_create_session.u.chain.para); > if (auth_xform->key.length) { > + if (auth_xform->key.length > > + VIRTIO_CRYPTO_MAX_KEY_SIZE) { > + VIRTIO_CRYPTO_SESSION_LOG_ERR( > + "auth key size cannot be longer than %u", > + VIRTIO_CRYPTO_MAX_KEY_SIZE); > + return -1; > + } > para->hash_mode =3D > VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH; > para->u.mac_param.auth_key_len =3D > (uint32_t)auth_xform->key.length; > para->u.mac_param.hash_result_len =3D > auth_xform->digest_length; > - > - *auth_key_data =3D auth_xform->key.data; > + memcpy(auth_key_data, auth_xform->key.data, > + auth_xform->key.length); > } else { > para->hash_mode =3D > VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN; > para->u.hash_param.hash_result_len =3D @@ -1310,8 > +1324,8 @@ virtio_crypto_sym_configure_session( > struct virtio_crypto_session *session; > struct virtio_crypto_op_ctrl_req *ctrl_req; > enum virtio_crypto_cmd_id cmd_id; > - uint8_t *cipher_key_data =3D NULL; > - uint8_t *auth_key_data =3D NULL; > + uint8_t cipher_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] =3D {0}; > + uint8_t auth_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] =3D {0}; > struct virtio_crypto_hw *hw; > struct virtqueue *control_vq; >=20 > @@ -1355,7 +1369,7 @@ virtio_crypto_sym_configure_session( > =3D VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING; >=20 > ret =3D virtio_crypto_sym_pad_op_ctrl_req(ctrl_req, > - xform, true, &cipher_key_data, &auth_key_data, > session); > + xform, true, cipher_key_data, auth_key_data, > session); > if (ret < 0) { > VIRTIO_CRYPTO_SESSION_LOG_ERR( > "padding sym op ctrl req failed"); > @@ -1373,7 +1387,7 @@ virtio_crypto_sym_configure_session( > ctrl_req->u.sym_create_session.op_type > =3D VIRTIO_CRYPTO_SYM_OP_CIPHER; > ret =3D virtio_crypto_sym_pad_op_ctrl_req(ctrl_req, xform, > - false, &cipher_key_data, &auth_key_data, session); > + false, cipher_key_data, auth_key_data, session); > if (ret < 0) { > VIRTIO_CRYPTO_SESSION_LOG_ERR( > "padding sym op ctrl req failed"); > diff --git a/drivers/crypto/virtio/virtio_cryptodev.h > b/drivers/crypto/virtio/virtio_cryptodev.h > index 0fd7b722e..215bce786 100644 > --- a/drivers/crypto/virtio/virtio_cryptodev.h > +++ b/drivers/crypto/virtio/virtio_cryptodev.h > @@ -18,6 +18,8 @@ >=20 > #define VIRTIO_CRYPTO_MAX_IV_SIZE 16 >=20 > +#define VIRTIO_CRYPTO_MAX_KEY_SIZE 256 > + > extern uint8_t cryptodev_virtio_driver_id; >=20 > enum virtio_crypto_cmd_id { > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.c b/drivers/net/ixgbe/ixgbe_ip= sec.c > index 5a416885f..018722100 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.c > +++ b/drivers/net/ixgbe/ixgbe_ipsec.c > @@ -97,6 +97,7 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session > *ic_session) >=20 > if (ic_session->op =3D=3D IXGBE_OP_AUTHENTICATED_DECRYPTION) { > int i, ip_index =3D -1; > + uint8_t *key; >=20 > /* Find a match in the IP table*/ > for (i =3D 0; i < IPSEC_MAX_RX_IP_COUNT; i++) { @@ -189,23 > +190,32 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) > IXGBE_WAIT_RWRITE; >=20 > /* write Key table entry*/ > + key =3D malloc(ic_session->key_len); > + if (!key) > + return -ENOMEM; > + > + memcpy(key, ic_session->key, ic_session->key_len); > + > reg_val =3D IPSRXIDX_RX_EN | IPSRXIDX_WRITE | > IPSRXIDX_TABLE_KEY | (sa_index << 3); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[12])); > + rte_cpu_to_be_32(*(uint32_t *)&key[12])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[8])); > + rte_cpu_to_be_32(*(uint32_t *)&key[8])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[4])); > + rte_cpu_to_be_32(*(uint32_t *)&key[4])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[0])); > + rte_cpu_to_be_32(*(uint32_t *)&key[0])); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT, > rte_cpu_to_be_32(ic_session->salt)); > IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD, > priv->rx_sa_tbl[sa_index].mode); > IXGBE_WAIT_RWRITE; >=20 > + free(key); > + > } else { /* sess->dir =3D=3D RTE_CRYPTO_OUTBOUND */ > + uint8_t *key; > int i; >=20 > /* Find a free entry in the SA table*/ @@ -227,16 +237,22 > @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session) > priv->tx_sa_tbl[i].used =3D 1; > ic_session->sa_index =3D sa_index; >=20 > + key =3D malloc(ic_session->key_len); [AK] - This key is not freed after this malloc. > + if (!key) > + return -ENOMEM; > + > + memcpy(key, ic_session->key, ic_session->key_len); > + > /* write Key table entry*/ > reg_val =3D IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << > 3); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[12])); > + rte_cpu_to_be_32(*(uint32_t *)&key[12])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[8])); > + rte_cpu_to_be_32(*(uint32_t *)&key[8])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[4])); > + rte_cpu_to_be_32(*(uint32_t *)&key[4])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3), > - rte_cpu_to_be_32(*(uint32_t *)&ic_session- > >key[0])); > + rte_cpu_to_be_32(*(uint32_t *)&key[0])); > IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT, > rte_cpu_to_be_32(ic_session->salt)); > IXGBE_WAIT_TWRITE; > @@ -388,6 +404,7 @@ ixgbe_crypto_create_session(void *device, > } >=20 > ic_session->key =3D aead_xform->key.data; > + ic_session->key_len =3D aead_xform->key.length; > memcpy(&ic_session->salt, > &aead_xform->key.data[aead_xform->key.length], 4); > ic_session->spi =3D conf->ipsec.spi; > diff --git a/drivers/net/ixgbe/ixgbe_ipsec.h b/drivers/net/ixgbe/ixgbe_ip= sec.h > index c73e18069..e218c0a4a 100644 > --- a/drivers/net/ixgbe/ixgbe_ipsec.h > +++ b/drivers/net/ixgbe/ixgbe_ipsec.h > @@ -62,7 +62,8 @@ struct ipaddr { > /** inline crypto crypto private session structure */ struct > ixgbe_crypto_session { > enum ixgbe_operation op; > - uint8_t *key; > + const uint8_t *key; > + uint32_t key_len; > uint32_t salt; > uint32_t sa_index; > uint32_t spi; > diff --git a/drivers/net/softnic/rte_eth_softnic_cli.c > b/drivers/net/softnic/rte_eth_softnic_cli.c > index 76136c2e2..f4df3dc96 100644 > --- a/drivers/net/softnic/rte_eth_softnic_cli.c > +++ b/drivers/net/softnic/rte_eth_softnic_cli.c > @@ -4053,24 +4053,18 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > switch (xform[i]->type) { > case RTE_CRYPTO_SYM_XFORM_CIPHER: > - if (xform[i]->cipher.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.cipher_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.cipher_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AUTH: > - if (xform[i]->auth.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.auth_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.auth_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AEAD: > - if (xform[i]->aead.key.data) > - free(xform[i]->cipher.key.data); > if (p->aead.iv.val) > free(p->aead.iv.val); > if (p->aead.aad.val) > @@ -4085,8 +4079,8 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > int status; > @@ -4113,16 +4107,16 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > /* cipher_key */ > len =3D strlen(tokens[4]); > - xform_cipher->cipher.key.data =3D calloc(1, len / 2 + 1); > - if (xform_cipher->cipher.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D softnic_parse_hex_string(tokens[4], > - xform_cipher->cipher.key.data, > - (uint32_t *)&len); > + status =3D softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_cipher->cipher.key.data =3D key; > xform_cipher->cipher.key.length =3D (uint16_t)len; >=20 > /* cipher_iv */ > @@ -4146,9 +4140,6 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, > return xform_cipher; >=20 > error_exit: > - if (xform_cipher->cipher.key.data) > - free(xform_cipher->cipher.key.data); > - > if (p->cipher_auth.cipher_iv.val) { > free(p->cipher_auth.cipher_iv.val); > p->cipher_auth.cipher_iv.val =3D NULL; > @@ -4161,8 +4152,8 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > struct rte_crypto_sym_xform *xform_auth; @@ -4191,17 +4182,21 > @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > /* auth_key */ > len =3D strlen(tokens[10]); > - xform_auth->auth.key.data =3D calloc(1, len / 2 + 1); > - if (xform_auth->auth.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D softnic_parse_hex_string(tokens[10], > - xform_auth->auth.key.data, (uint32_t *)&len); > + status =3D softnic_parse_hex_string(tokens[10], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_auth->auth.key.data =3D key; > xform_auth->auth.key.length =3D (uint16_t)len; >=20 > + key +=3D xform_auth->auth.key.length; > + max_key_len -=3D xform_auth->auth.key.length; > + > if (strcmp(tokens[11], "digest_size")) > goto error_exit; >=20 > @@ -4210,8 +4205,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > if (status < 0) > goto error_exit; >=20 > - xform_cipher =3D parse_table_action_cipher(p, tokens, 7, encrypt, > - used_n_tokens); > + xform_cipher =3D parse_table_action_cipher(p, key, max_key_len, > tokens, 7, > + encrypt, used_n_tokens); > if (xform_cipher =3D=3D NULL) > goto error_exit; >=20 > @@ -4226,8 +4221,6 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > } >=20 > error_exit: > - if (xform_auth->auth.key.data) > - free(xform_auth->auth.key.data); > if (p->cipher_auth.auth_iv.val) { > free(p->cipher_auth.auth_iv.val); > p->cipher_auth.auth_iv.val =3D 0; > @@ -4240,8 +4233,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_aead(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_aead; > int status; > @@ -4270,15 +4263,16 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, >=20 > /* aead_key */ > len =3D strlen(tokens[4]); > - xform_aead->aead.key.data =3D calloc(1, len / 2 + 1); > - if (xform_aead->aead.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D softnic_parse_hex_string(tokens[4], xform_aead- > >aead.key.data, > - (uint32_t *)&len); > + status =3D softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_aead->aead.key.data =3D key; > xform_aead->aead.key.length =3D (uint16_t)len; >=20 > /* aead_iv */ > @@ -4320,8 +4314,6 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, > return xform_aead; >=20 > error_exit: > - if (xform_aead->aead.key.data) > - free(xform_aead->aead.key.data); > if (p->aead.iv.val) { > free(p->aead.iv.val); > p->aead.iv.val =3D NULL; > @@ -4344,6 +4336,8 @@ parse_table_action_sym_crypto(char **tokens, { > struct rte_table_action_sym_crypto_params *p =3D &a->sym_crypto; > struct rte_crypto_sym_xform *xform =3D NULL; > + uint8_t *key =3D a->sym_crypto_key; > + uint32_t max_key_len =3D SYM_CRYPTO_MAX_KEY_SIZE; > uint32_t used_n_tokens; > uint32_t encrypt; > int status; > @@ -4368,20 +4362,20 @@ parse_table_action_sym_crypto(char **tokens, > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_cipher(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "cipher_auth") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher_auth(p, tokens, > n_tokens, > - encrypt, &used_n_tokens); > + xform =3D parse_table_action_cipher_auth(p, key, > max_key_len, > + tokens, n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "aead") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_aead(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_aead(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } >=20 > if (xform =3D=3D NULL) > diff --git a/drivers/net/softnic/rte_eth_softnic_internals.h > b/drivers/net/softnic/rte_eth_softnic_internals.h > index 415434d0d..08bc66051 100644 > --- a/drivers/net/softnic/rte_eth_softnic_internals.h > +++ b/drivers/net/softnic/rte_eth_softnic_internals.h > @@ -948,6 +948,9 @@ struct softnic_table_rule_match { > } match; > }; >=20 > +#ifndef SYM_CRYPTO_MAX_KEY_SIZE > +#define SYM_CRYPTO_MAX_KEY_SIZE (256) > +#endif > struct softnic_table_rule_action { > uint64_t action_mask; > struct rte_table_action_fwd_params fwd; @@ -962,6 +965,7 @@ > struct softnic_table_rule_action { > struct rte_table_action_tag_params tag; > struct rte_table_action_decap_params decap; > struct rte_table_action_sym_crypto_params sym_crypto; > + uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE]; > }; >=20 > struct rte_flow { > diff --git a/examples/ip_pipeline/cli.c b/examples/ip_pipeline/cli.c inde= x > a92467e63..6d547efd6 100644 > --- a/examples/ip_pipeline/cli.c > +++ b/examples/ip_pipeline/cli.c > @@ -3730,24 +3730,18 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > switch (xform[i]->type) { > case RTE_CRYPTO_SYM_XFORM_CIPHER: > - if (xform[i]->cipher.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.cipher_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.cipher_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AUTH: > - if (xform[i]->auth.key.data) > - free(xform[i]->cipher.key.data); > if (p->cipher_auth.auth_iv.val) > free(p->cipher_auth.cipher_iv.val); > if (p->cipher_auth.auth_iv_update.val) > free(p->cipher_auth.cipher_iv_update.val); > break; > case RTE_CRYPTO_SYM_XFORM_AEAD: > - if (xform[i]->aead.key.data) > - free(xform[i]->cipher.key.data); > if (p->aead.iv.val) > free(p->aead.iv.val); > if (p->aead.aad.val) > @@ -3762,8 +3756,8 @@ parse_free_sym_crypto_param_data(struct > rte_table_action_sym_crypto_params *p) >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > int status; > @@ -3790,16 +3784,16 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > /* cipher_key */ > len =3D strlen(tokens[4]); > - xform_cipher->cipher.key.data =3D calloc(1, len / 2 + 1); > - if (xform_cipher->cipher.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D parse_hex_string(tokens[4], > - xform_cipher->cipher.key.data, > - (uint32_t *)&len); > + status =3D parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_cipher->cipher.key.data =3D key; > xform_cipher->cipher.key.length =3D (uint16_t)len; >=20 > /* cipher_iv */ > @@ -3823,9 +3817,6 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, > return xform_cipher; >=20 > error_exit: > - if (xform_cipher->cipher.key.data) > - free(xform_cipher->cipher.key.data); > - > if (p->cipher_auth.cipher_iv.val) { > free(p->cipher_auth.cipher_iv.val); > p->cipher_auth.cipher_iv.val =3D NULL; > @@ -3838,8 +3829,8 @@ parse_table_action_cipher(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_cipher; > struct rte_crypto_sym_xform *xform_auth; @@ -3868,17 +3859,21 > @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > /* auth_key */ > len =3D strlen(tokens[10]); > - xform_auth->auth.key.data =3D calloc(1, len / 2 + 1); > - if (xform_auth->auth.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D parse_hex_string(tokens[10], > - xform_auth->auth.key.data, (uint32_t *)&len); > + status =3D parse_hex_string(tokens[10], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_auth->auth.key.data =3D key; > xform_auth->auth.key.length =3D (uint16_t)len; >=20 > + key +=3D xform_auth->auth.key.length; > + max_key_len -=3D xform_auth->auth.key.length; > + > if (strcmp(tokens[11], "digest_size")) > goto error_exit; >=20 > @@ -3887,8 +3882,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > if (status < 0) > goto error_exit; >=20 > - xform_cipher =3D parse_table_action_cipher(p, tokens, 7, encrypt, > - used_n_tokens); > + xform_cipher =3D parse_table_action_cipher(p, key, max_key_len, > tokens, > + 7, encrypt, used_n_tokens); > if (xform_cipher =3D=3D NULL) > goto error_exit; >=20 > @@ -3903,8 +3898,6 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, > } >=20 > error_exit: > - if (xform_auth->auth.key.data) > - free(xform_auth->auth.key.data); > if (p->cipher_auth.auth_iv.val) { > free(p->cipher_auth.auth_iv.val); > p->cipher_auth.auth_iv.val =3D 0; > @@ -3917,8 +3910,8 @@ parse_table_action_cipher_auth(struct > rte_table_action_sym_crypto_params *p, >=20 > static struct rte_crypto_sym_xform * > parse_table_action_aead(struct rte_table_action_sym_crypto_params *p, > - char **tokens, uint32_t n_tokens, uint32_t encrypt, > - uint32_t *used_n_tokens) > + uint8_t *key, uint32_t max_key_len, char **tokens, > + uint32_t n_tokens, uint32_t encrypt, uint32_t > *used_n_tokens) > { > struct rte_crypto_sym_xform *xform_aead; > int status; > @@ -3947,15 +3940,16 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, >=20 > /* aead_key */ > len =3D strlen(tokens[4]); > - xform_aead->aead.key.data =3D calloc(1, len / 2 + 1); > - if (xform_aead->aead.key.data =3D=3D NULL) > + if (len / 2 > max_key_len) { > + status =3D -ENOMEM; > goto error_exit; > + } >=20 > - status =3D parse_hex_string(tokens[4], xform_aead->aead.key.data, > - (uint32_t *)&len); > + status =3D parse_hex_string(tokens[4], key, (uint32_t *)&len); > if (status < 0) > goto error_exit; >=20 > + xform_aead->aead.key.data =3D key; > xform_aead->aead.key.length =3D (uint16_t)len; >=20 > /* aead_iv */ > @@ -3997,8 +3991,6 @@ parse_table_action_aead(struct > rte_table_action_sym_crypto_params *p, > return xform_aead; >=20 > error_exit: > - if (xform_aead->aead.key.data) > - free(xform_aead->aead.key.data); > if (p->aead.iv.val) { > free(p->aead.iv.val); > p->aead.iv.val =3D NULL; > @@ -4021,6 +4013,8 @@ parse_table_action_sym_crypto(char **tokens, { > struct rte_table_action_sym_crypto_params *p =3D &a->sym_crypto; > struct rte_crypto_sym_xform *xform =3D NULL; > + uint8_t *key =3D a->sym_crypto_key; > + uint32_t max_key_len =3D SYM_CRYPTO_MAX_KEY_SIZE; > uint32_t used_n_tokens; > uint32_t encrypt; > int status; > @@ -4045,20 +4039,20 @@ parse_table_action_sym_crypto(char **tokens, > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_cipher(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "cipher_auth") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_cipher_auth(p, tokens, > n_tokens, > - encrypt, &used_n_tokens); > + xform =3D parse_table_action_cipher_auth(p, key, > max_key_len, > + tokens, n_tokens, encrypt, &used_n_tokens); > } else if (strcmp(tokens[3], "aead") =3D=3D 0) { > tokens +=3D 3; > n_tokens -=3D 3; >=20 > - xform =3D parse_table_action_aead(p, tokens, n_tokens, > encrypt, > - &used_n_tokens); > + xform =3D parse_table_action_aead(p, key, max_key_len, > tokens, > + n_tokens, encrypt, &used_n_tokens); > } >=20 > if (xform =3D=3D NULL) > diff --git a/examples/ip_pipeline/cryptodev.c > b/examples/ip_pipeline/cryptodev.c > index ac1e38d6a..94a0462d0 100644 > --- a/examples/ip_pipeline/cryptodev.c > +++ b/examples/ip_pipeline/cryptodev.c > @@ -90,8 +90,6 @@ cryptodev_create(const char *name, struct > cryptodev_params *params) >=20 > if (dev_info.max_nb_queue_pairs < params->n_queues) > return NULL; > - if (dev_info.feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED) > - return NULL; >=20 > dev_conf.socket_id =3D socket_id; > dev_conf.nb_queue_pairs =3D params->n_queues; diff --git > a/examples/ip_pipeline/pipeline.h b/examples/ip_pipeline/pipeline.h index > 278775c2d..4d2ee29a5 100644 > --- a/examples/ip_pipeline/pipeline.h > +++ b/examples/ip_pipeline/pipeline.h > @@ -276,6 +276,10 @@ struct table_rule_match { > } match; > }; >=20 > +#ifndef SYM_CRYPTO_MAX_KEY_SIZE > +#define SYM_CRYPTO_MAX_KEY_SIZE (256) > +#endif > + > struct table_rule_action { > uint64_t action_mask; > struct rte_table_action_fwd_params fwd; @@ -288,8 +292,10 @@ > struct table_rule_action { > struct rte_table_action_stats_params stats; > struct rte_table_action_time_params time; > struct rte_table_action_sym_crypto_params sym_crypto; > + uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE]; > struct rte_table_action_tag_params tag; > struct rte_table_action_decap_params decap; > + > }; >=20 > struct table_rule { > diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c > index 9982f07e9..aa8b92e2c 100644 > --- a/examples/l2fwd-crypto/main.c > +++ b/examples/l2fwd-crypto/main.c > @@ -135,6 +135,7 @@ struct l2fwd_crypto_options { > struct rte_crypto_sym_xform cipher_xform; > unsigned ckey_param; > int ckey_random_size; > + uint8_t cipher_key[MAX_KEY_SIZE]; >=20 > struct l2fwd_iv cipher_iv; > unsigned int cipher_iv_param; > @@ -143,6 +144,7 @@ struct l2fwd_crypto_options { > struct rte_crypto_sym_xform auth_xform; > uint8_t akey_param; > int akey_random_size; > + uint8_t auth_key[MAX_KEY_SIZE]; >=20 > struct l2fwd_iv auth_iv; > unsigned int auth_iv_param; > @@ -151,6 +153,7 @@ struct l2fwd_crypto_options { > struct rte_crypto_sym_xform aead_xform; > unsigned int aead_key_param; > int aead_key_random_size; > + uint8_t aead_key[MAX_KEY_SIZE]; >=20 > struct l2fwd_iv aead_iv; > unsigned int aead_iv_param; > @@ -1219,8 +1222,7 @@ l2fwd_crypto_parse_args_long_options(struct > l2fwd_crypto_options *options, > else if (strcmp(lgopts[option_index].name, "cipher_key") =3D=3D 0) { > options->ckey_param =3D 1; > options->cipher_xform.cipher.key.length =3D > - parse_bytes(options->cipher_xform.cipher.key.data, > optarg, > - MAX_KEY_SIZE); > + parse_bytes(options->cipher_key, optarg, > MAX_KEY_SIZE); > if (options->cipher_xform.cipher.key.length > 0) > return 0; > else > @@ -1256,8 +1258,7 @@ l2fwd_crypto_parse_args_long_options(struct > l2fwd_crypto_options *options, > else if (strcmp(lgopts[option_index].name, "auth_key") =3D=3D 0) { > options->akey_param =3D 1; > options->auth_xform.auth.key.length =3D > - parse_bytes(options->auth_xform.auth.key.data, > optarg, > - MAX_KEY_SIZE); > + parse_bytes(options->auth_key, optarg, > MAX_KEY_SIZE); > if (options->auth_xform.auth.key.length > 0) > return 0; > else > @@ -1294,8 +1295,7 @@ l2fwd_crypto_parse_args_long_options(struct > l2fwd_crypto_options *options, > else if (strcmp(lgopts[option_index].name, "aead_key") =3D=3D 0) { > options->aead_key_param =3D 1; > options->aead_xform.aead.key.length =3D > - parse_bytes(options->aead_xform.aead.key.data, > optarg, > - MAX_KEY_SIZE); > + parse_bytes(options->aead_key, optarg, > MAX_KEY_SIZE); > if (options->aead_xform.aead.key.length > 0) > return 0; > else > @@ -2348,8 +2348,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options > *options, unsigned nb_ports, > options- > >aead_xform.aead.key.length =3D > cap->sym.aead.key_size.min; >=20 > - generate_random_key( > - options->aead_xform.aead.key.data, > + generate_random_key(options->aead_key, > options- > >aead_xform.aead.key.length); > } >=20 > @@ -2406,8 +2405,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options > *options, unsigned nb_ports, > options- > >cipher_xform.cipher.key.length =3D > cap- > >sym.cipher.key_size.min; >=20 > - generate_random_key( > - options- > >cipher_xform.cipher.key.data, > + generate_random_key(options->cipher_key, > options- > >cipher_xform.cipher.key.length); > } > } > @@ -2440,8 +2438,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options > *options, unsigned nb_ports, > options->auth_xform.auth.key.length > =3D > cap->sym.auth.key_size.min; >=20 > - generate_random_key( > - options->auth_xform.auth.key.data, > + generate_random_key(options->auth_key, > options- > >auth_xform.auth.key.length); > } >=20 > @@ -2612,20 +2609,11 @@ initialize_ports(struct l2fwd_crypto_options > *options) static void reserve_key_memory(struct l2fwd_crypto_options > *options) { > - options->cipher_xform.cipher.key.data =3D rte_malloc("crypto key", > - MAX_KEY_SIZE, 0); > - if (options->cipher_xform.cipher.key.data =3D=3D NULL) > - rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher > key"); > - > - options->auth_xform.auth.key.data =3D rte_malloc("auth key", > - MAX_KEY_SIZE, 0); > - if (options->auth_xform.auth.key.data =3D=3D NULL) > - rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth > key"); > - > - options->aead_xform.aead.key.data =3D rte_malloc("aead key", > - MAX_KEY_SIZE, 0); > - if (options->aead_xform.aead.key.data =3D=3D NULL) > - rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD > key"); > + options->cipher_xform.cipher.key.data =3D options->cipher_key; > + > + options->auth_xform.auth.key.data =3D options->auth_key; > + > + options->aead_xform.aead.key.data =3D options->aead_key; >=20 > options->cipher_iv.data =3D rte_malloc("cipher iv", MAX_KEY_SIZE, 0); > if (options->cipher_iv.data =3D=3D NULL) > diff --git a/lib/librte_cryptodev/Makefile b/lib/librte_cryptodev/Makefil= e > index 859c4f0f1..c20e090a8 100644 > --- a/lib/librte_cryptodev/Makefile > +++ b/lib/librte_cryptodev/Makefile > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk LIB =3D > librte_cryptodev.a >=20 > # library version > -LIBABIVER :=3D 6 > +LIBABIVER :=3D 7 >=20 > # build flags > CFLAGS +=3D -O3 > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > b/lib/librte_cryptodev/rte_crypto_sym.h > index eb5afc5ef..00e1b358f 100644 > --- a/lib/librte_cryptodev/rte_crypto_sym.h > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > @@ -114,8 +114,8 @@ struct rte_crypto_cipher_xform { > /**< Cipher algorithm */ >=20 > struct { > - uint8_t *data; /**< pointer to key data */ > - uint16_t length;/**< key length in bytes */ > + const uint8_t *data; /**< pointer to key data */ > + uint16_t length; /**< key length in bytes */ > } key; > /**< Cipher key > * > @@ -293,8 +293,8 @@ struct rte_crypto_auth_xform { > /**< Authentication algorithm selection */ >=20 > struct { > - uint8_t *data; /**< pointer to key data */ > - uint16_t length;/**< key length in bytes */ > + const uint8_t *data; /**< pointer to key data */ > + uint16_t length; /**< key length in bytes */ > } key; > /**< Authentication key data. > * The authentication key length MUST be less than or equal to the > @@ -376,8 +376,8 @@ struct rte_crypto_aead_xform { > /**< AEAD algorithm selection */ >=20 > struct { > - uint8_t *data; /**< pointer to key data */ > - uint16_t length;/**< key length in bytes */ > + const uint8_t *data; /**< pointer to key data */ > + uint16_t length; /**< key length in bytes */ > } key; >=20 > struct { > -- > 2.14.5