From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72BE0A0523; Tue, 30 Jun 2020 18:53:49 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 655B01BFC3; Tue, 30 Jun 2020 18:53:39 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 5221C1BF95 for ; Tue, 30 Jun 2020 18:53:36 +0200 (CEST) IronPort-SDR: LFYq5sbXdTr3+z7iXaD7wgHP4PBXKN4QtqlwV+0+zYBQ7CU+t25I/89hQIOr2qjXtnUvw+sz3h HJ9LPnKYwTfA== X-IronPort-AV: E=McAfee;i="6000,8403,9667"; a="207815878" X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="207815878" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 09:53:35 -0700 IronPort-SDR: gp5DjI32HWzyqAwxD10iznF0rF77UFxaRia96GqwrIuPQBBT5i/qzhAeQOKm1bmXc1PfQJRCcZ etxd2EyddDQw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,298,1589266800"; d="scan'208";a="386747395" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by fmsmga001.fm.intel.com with ESMTP; 30 Jun 2020 09:53:29 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com, konstantin.ananyev@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Tue, 30 Jun 2020 17:30:45 +0100 Message-Id: <20200630163049.61900-5-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200630163049.61900-1-david.coyle@intel.com> References: <20200623101423.9215-1-david.coyle@intel.com> <20200630163049.61900-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH v3 4/8] crypto/qat: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support to the QAT SYM PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- drivers/common/qat/Makefile | 3 + drivers/crypto/qat/meson.build | 2 + drivers/crypto/qat/qat_sym.c | 70 ++++++++++- drivers/crypto/qat/qat_sym.h | 69 ++++++++-- drivers/crypto/qat/qat_sym_capabilities.h | 42 +++++++ drivers/crypto/qat/qat_sym_pmd.c | 53 +++++++- drivers/crypto/qat/qat_sym_pmd.h | 4 + drivers/crypto/qat/qat_sym_session.c | 146 ++++++++++++++++++++++ drivers/crypto/qat/qat_sym_session.h | 12 ++ 9 files changed, 389 insertions(+), 12 deletions(-) diff --git a/drivers/common/qat/Makefile b/drivers/common/qat/Makefile index 28bd5668f..85d420709 100644 --- a/drivers/common/qat/Makefile +++ b/drivers/common/qat/Makefile @@ -35,6 +35,9 @@ endif ifeq ($(CONFIG_RTE_LIBRTE_PMD_QAT_SYM),y) LDLIBS += -lrte_cryptodev LDLIBS += -lcrypto +ifeq ($(CONFIG_RTE_LIBRTE_SECURITY),y) + LDLIBS += -lrte_net +endif CFLAGS += -DBUILD_QAT_SYM SRCS-y += qat_sym.c SRCS-y += qat_sym_session.c diff --git a/drivers/crypto/qat/meson.build b/drivers/crypto/qat/meson.build index fc65923a7..a225f374a 100644 --- a/drivers/crypto/qat/meson.build +++ b/drivers/crypto/qat/meson.build @@ -8,6 +8,8 @@ reason = '' # sentinal value to suppress printout dep = dependency('libcrypto', required: false) qat_includes += include_directories('.') qat_deps += 'cryptodev' +qat_deps += 'net' +qat_deps += 'security' if dep.found() # Add our sources files to the list qat_sources += files('qat_sym_pmd.c', diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 25b6dd5f4..cc4d2c2cd 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -9,6 +9,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym.h" @@ -99,6 +102,30 @@ qat_bpicipher_preprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY +static inline void +qat_crc_generate(struct qat_sym_session *ctx, + struct rte_crypto_op *op) +{ + struct rte_crypto_sym_op *sym_op = op->sym; + uint8_t *crc_data; + uint32_t *crc; + uint32_t crc_length; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT && + sym_op->auth.data.length != 0) { + + crc_length = sym_op->auth.data.length; + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_src, uint8_t *, + sym_op->auth.data.offset); + crc = (uint32_t *)(crc_data + crc_length); + *crc = rte_net_crc_calc(crc_data, crc_length, + RTE_NET_CRC32_ETH); + } +} +#endif + static inline void set_cipher_iv(uint16_t iv_length, uint16_t iv_offset, struct icp_qat_fw_la_cipher_req_params *cipher_param, @@ -161,6 +188,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint64_t auth_data_end = 0; uint8_t do_sgl = 0; uint8_t in_place = 1; + uint8_t is_docsis_sec = 0; int alignment_adjustment = 0; struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = @@ -177,11 +205,23 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, QAT_DP_LOG(ERR, "QAT PMD only supports session oriented" " requests, op (%p) is sessionless.", op); return -EINVAL; + } else if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + ctx = (struct qat_sym_session *)get_sym_session_private_data( + op->sym->session, cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + } else { + ctx = (struct qat_sym_session *)get_sec_session_private_data( + op->sym->sec_session); + if (ctx && ctx->bpi_ctx == NULL) { + QAT_DP_LOG(ERR, "QAT PMD only supports security" + " operation requests for DOCSIS, op" + " (%p) is not for DOCSIS.", op); + return -EINVAL; + } + is_docsis_sec = 1; +#endif } - ctx = (struct qat_sym_session *)get_sym_session_private_data( - op->sym->session, cryptodev_qat_driver_id); - if (unlikely(ctx == NULL)) { QAT_DP_LOG(ERR, "Session was not created for this device"); return -EINVAL; @@ -242,7 +282,29 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, cipher_ofs = op->sym->cipher.data.offset >> 3; } else if (ctx->bpi_ctx) { - /* DOCSIS - only send complete blocks to device + /* DOCSIS processing */ +#ifdef RTE_LIBRTE_SECURITY + if (is_docsis_sec) { + /* Check for OOP */ + if (unlikely((op->sym->m_dst != NULL) && + (op->sym->m_dst != + op->sym->m_src))) { + QAT_DP_LOG(ERR, + "OOP not supported for DOCSIS " + "security"); + op->status = + RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + return -EINVAL; + } + + /* Calculate CRC */ + qat_crc_generate(ctx, op); + } +#else + RTE_SET_USED(is_docsis_sec); +#endif + + /* Only send complete blocks to device. * Process any partial block using CFB mode. * Even if 0 complete blocks, still send this to device * to get into rx queue for post-process and dequeuing diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index bc6426c32..712a62856 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -6,6 +6,9 @@ #define _QAT_SYM_H_ #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #ifdef BUILD_QAT_SYM #include @@ -132,14 +135,45 @@ qat_bpicipher_postprocess(struct qat_sym_session *ctx, return sym_op->cipher.data.length - last_block_len; } +#ifdef RTE_LIBRTE_SECURITY static inline void -qat_sym_process_response(void **op, uint8_t *resp) +qat_crc_verify(struct qat_sym_session *ctx, struct rte_crypto_op *op) { + struct rte_crypto_sym_op *sym_op = op->sym; + uint32_t crc = 0; + uint8_t *crc_data; + uint32_t crc_offset, crc_length; + + if (ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT && + sym_op->auth.data.length != 0) { + + crc_offset = sym_op->auth.data.offset; + crc_length = sym_op->auth.data.length; + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_src, uint8_t *, crc_offset); + if (unlikely((sym_op->m_dst != NULL) + && (sym_op->m_dst != sym_op->m_src))) + /* out-of-place operation (OOP) */ + crc_data = (uint8_t *) rte_pktmbuf_mtod_offset( + sym_op->m_dst, uint8_t *, crc_offset); + + crc = rte_net_crc_calc(crc_data, crc_length, RTE_NET_CRC32_ETH); + + if (crc != *(uint32_t *)(crc_data + crc_length)) + op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + } +} +#endif + +static inline void +qat_sym_process_response(void **op, uint8_t *resp) +{ struct icp_qat_fw_comn_resp *resp_msg = (struct icp_qat_fw_comn_resp *)resp; struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t) (resp_msg->opaque_data); + struct qat_sym_session *sess; #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg, @@ -152,15 +186,36 @@ qat_sym_process_response(void **op, uint8_t *resp) rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } else { - struct qat_sym_session *sess = (struct qat_sym_session *) - get_sym_session_private_data( - rx_op->sym->session, - cryptodev_qat_driver_id); +#ifdef RTE_LIBRTE_SECURITY + uint8_t is_docsis_sec = 0; + + if (rx_op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + /* + * Assuming at this point that if it's a security + * op, that this is for DOCSIS + */ + sess = (struct qat_sym_session *) + get_sec_session_private_data( + rx_op->sym->sec_session); + is_docsis_sec = 1; + } else +#endif + { + sess = (struct qat_sym_session *) + get_sym_session_private_data( + rx_op->sym->session, + cryptodev_qat_driver_id); + } + rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - if (sess->bpi_ctx) + if (sess->bpi_ctx) { qat_bpicipher_postprocess(sess, rx_op); - rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; +#ifdef RTE_LIBRTE_SECURITY + if (is_docsis_sec) + qat_crc_verify(sess, rx_op); +#endif + } } *op = (void *)rx_op; } diff --git a/drivers/crypto/qat/qat_sym_capabilities.h b/drivers/crypto/qat/qat_sym_capabilities.h index ff691ce35..7b8b13b4f 100644 --- a/drivers/crypto/qat/qat_sym_capabilities.h +++ b/drivers/crypto/qat/qat_sym_capabilities.h @@ -699,4 +699,46 @@ }, } \ } +#ifdef RTE_LIBRTE_SECURITY +#define QAT_SECURITY_SYM_CAPABILITIES \ + { /* AES DOCSIS BPI */ \ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ + {.sym = { \ + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, \ + {.cipher = { \ + .algo = RTE_CRYPTO_CIPHER_AES_DOCSISBPI,\ + .block_size = 16, \ + .key_size = { \ + .min = 16, \ + .max = 32, \ + .increment = 16 \ + }, \ + .iv_size = { \ + .min = 16, \ + .max = 16, \ + .increment = 0 \ + } \ + }, } \ + }, } \ + } + +#define QAT_SECURITY_CAPABILITIES(sym) \ + [0] = { /* DOCSIS Uplink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_UPLINK \ + }, \ + .crypto_capabilities = (sym) \ + }, \ + [1] = { /* DOCSIS Downlink */ \ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, \ + .protocol = RTE_SECURITY_PROTOCOL_DOCSIS, \ + .docsis = { \ + .direction = RTE_SECURITY_DOCSIS_DOWNLINK \ + }, \ + .crypto_capabilities = (sym) \ + } +#endif + #endif /* _QAT_SYM_CAPABILITIES_H_ */ diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index e887c880f..711d1585f 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -8,6 +8,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym.h" @@ -29,6 +32,21 @@ static const struct rte_cryptodev_capabilities qat_gen2_sym_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_cryptodev_capabilities + qat_security_sym_capabilities[] = { + QAT_SECURITY_SYM_CAPABILITIES, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + +static const struct rte_security_capability qat_security_capabilities[] = { + QAT_SECURITY_CAPABILITIES(qat_security_sym_capabilities), + { + .action = RTE_SECURITY_ACTION_TYPE_NONE + } +}; +#endif + static int qat_sym_qp_release(struct rte_cryptodev *dev, uint16_t queue_pair_id); @@ -237,6 +255,23 @@ static struct rte_cryptodev_ops crypto_qat_ops = { .sym_session_clear = qat_sym_session_clear }; +#ifdef RTE_LIBRTE_SECURITY +static const struct rte_security_capability * +qat_security_cap_get(void *device __rte_unused) +{ + return qat_security_capabilities; +} + +static struct rte_security_ops security_qat_ops = { + .session_create = qat_security_session_create, + .session_update = NULL, + .session_stats_get = NULL, + .session_destroy = qat_security_session_destroy, + .set_pkt_metadata = NULL, + .capabilities_get = qat_security_cap_get +}; +#endif + static uint16_t qat_sym_pmd_enqueue_op_burst(void *qp, struct rte_crypto_op **ops, uint16_t nb_ops) @@ -276,6 +311,9 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, char name[RTE_CRYPTODEV_NAME_MAX_LEN]; struct rte_cryptodev *cryptodev; struct qat_sym_dev_private *internals; +#ifdef RTE_LIBRTE_SECURITY + struct rte_security_ctx *security_instance; +#endif snprintf(name, RTE_CRYPTODEV_NAME_MAX_LEN, "%s_%s", qat_pci_dev->name, "sym"); @@ -308,7 +346,20 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | - RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED | + RTE_CRYPTODEV_FF_SECURITY; + +#ifdef RTE_LIBRTE_SECURITY + security_instance = rte_malloc("qat_sec", + sizeof(struct rte_security_ctx), 0); + if (security_instance == NULL) + QAT_LOG(ERR, "rte_security_ctx memory alloc failed\n"); + + security_instance->device = (void *)cryptodev; + security_instance->ops = &security_qat_ops; + security_instance->sess_cnt = 0; + cryptodev->security_ctx = security_instance; +#endif internals = cryptodev->data->dev_private; internals->qat_dev = qat_pci_dev; diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h index a5a31e512..c625fef4a 100644 --- a/drivers/crypto/qat/qat_sym_pmd.h +++ b/drivers/crypto/qat/qat_sym_pmd.h @@ -7,7 +7,11 @@ #ifdef BUILD_QAT_SYM +#include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_sym_capabilities.h" #include "qat_device.h" diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 58bdbd343..82ba2b47c 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -14,6 +14,9 @@ #include #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_logs.h" #include "qat_sym_session.h" @@ -2092,3 +2095,146 @@ int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg) } return 0; } + +#ifdef RTE_LIBRTE_SECURITY +static int +qat_sec_session_check_docsis(struct rte_security_session_conf *conf) +{ + struct rte_crypto_sym_xform *crypto_sym = conf->crypto_xform; + struct rte_security_docsis_xform *docsis = &conf->docsis; + + /* CRC generate -> Cipher encrypt */ + if (docsis->direction == RTE_SECURITY_DOCSIS_DOWNLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL) { + return 0; + } + /* Cipher decrypt -> CRC verify */ + } else if (docsis->direction == RTE_SECURITY_DOCSIS_UPLINK) { + + if (crypto_sym != NULL && + crypto_sym->type == RTE_CRYPTO_SYM_XFORM_CIPHER && + crypto_sym->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT && + crypto_sym->cipher.algo == + RTE_CRYPTO_CIPHER_AES_DOCSISBPI && + (crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_128_KEY_SZ || + crypto_sym->cipher.key.length == + ICP_QAT_HW_AES_256_KEY_SZ) && + crypto_sym->cipher.iv.length == ICP_QAT_HW_AES_BLK_SZ && + crypto_sym->next == NULL) { + return 0; + } + } + + return -EINVAL; +} + +static int +qat_sec_session_set_docsis_parameters(struct rte_cryptodev *dev, + struct rte_security_session_conf *conf, void *session_private) +{ + int ret; + int qat_cmd_id; + struct rte_crypto_sym_xform *xform = NULL; + struct qat_sym_session *session = session_private; + + ret = qat_sec_session_check_docsis(conf); + if (ret) { + QAT_LOG(ERR, "Unsupported DOCSIS security configuration"); + return ret; + } + + xform = conf->crypto_xform; + + /* Set context descriptor physical address */ + session->cd_paddr = rte_mempool_virt2iova(session) + + offsetof(struct qat_sym_session, cd); + + session->min_qat_dev_gen = QAT_GEN1; + + /* Get requested QAT command id */ + qat_cmd_id = qat_get_cmd_id(xform); + if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) { + QAT_LOG(ERR, "Unsupported xform chain requested"); + return -ENOTSUP; + } + session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id; + switch (session->qat_cmd) { + case ICP_QAT_FW_LA_CMD_CIPHER: + ret = qat_sym_session_configure_cipher(dev, xform, session); + if (ret < 0) + return ret; + break; + default: + QAT_LOG(ERR, "Unsupported Service %u", + session->qat_cmd); + return -ENOTSUP; + } + + return 0; +} + +int +qat_security_session_create(void *dev, + struct rte_security_session_conf *conf, + struct rte_security_session *sess, + struct rte_mempool *mempool) +{ + void *sess_private_data; + struct rte_cryptodev *cdev = (struct rte_cryptodev *)dev; + int ret; + + if (rte_mempool_get(mempool, &sess_private_data)) { + QAT_LOG(ERR, "Couldn't get object from session mempool"); + return -ENOMEM; + } + + if (conf->protocol != RTE_SECURITY_PROTOCOL_DOCSIS) { + QAT_LOG(ERR, "Invalid security protocol"); + return -EINVAL; + } + + ret = qat_sec_session_set_docsis_parameters(cdev, conf, + sess_private_data); + if (ret != 0) { + QAT_LOG(ERR, "Failed to configure session parameters"); + /* Return session to mempool */ + rte_mempool_put(mempool, sess_private_data); + return ret; + } + + set_sec_session_private_data(sess, sess_private_data); + + return ret; +} + +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess) +{ + void *sess_priv = get_sec_session_private_data(sess); + struct qat_sym_session *s = (struct qat_sym_session *)sess_priv; + + if (sess_priv) { + if (s->bpi_ctx) + bpi_cipher_ctx_free(s->bpi_ctx); + memset(s, 0, qat_sym_session_get_private_size(dev)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + + set_sec_session_private_data(sess, NULL); + rte_mempool_put(sess_mp, sess_priv); + } + return 0; +} +#endif diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index e6538f627..721f8fcd3 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -6,6 +6,9 @@ #include #include +#ifdef RTE_LIBRTE_SECURITY +#include +#endif #include "qat_common.h" #include "icp_qat_hw.h" @@ -156,4 +159,13 @@ qat_cipher_get_block_size(enum icp_qat_hw_cipher_algo qat_cipher_alg); int qat_sym_validate_zuc_key(int key_len, enum icp_qat_hw_cipher_algo *alg); +#ifdef RTE_LIBRTE_SECURITY +int +qat_security_session_create(void *dev, struct rte_security_session_conf *conf, + struct rte_security_session *sess, struct rte_mempool *mempool); +int +qat_security_session_destroy(void *dev __rte_unused, + struct rte_security_session *sess); +#endif + #endif /* _QAT_SYM_SESSION_H_ */ -- 2.17.1