[dpdk-dev] [PATCH 0/7] L2fwd-crypto fixes/enhancements

[dpdk-dev] [PATCH 0/7] L2fwd-crypto fixes/enhancements

[Pablo de Lara]

This patches fixes some small issues in L2fwd-crypto
app and also improves the app, making it more flexible
(accepting different key sizes)
and readable (information display improvement).

Pablo de Lara (7):
  l2fwd-crypto: add missing new line character in help
  l2fwd-crypto: rename period parameter
  l2fwd-crypto: add missing string initialization
  l2fwd-crypto: fix length of random IV/AAD
  l2fwd-crypto: fix ambiguous input key size
  l2fwd-crypto: use key-value list of supported algorithms
  l2fwd-crypto: extend crypto information

 examples/l2fwd-crypto/main.c          | 465 ++++++++++++++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 398 insertions(+), 73 deletions(-)

-- 
2.5.5

[dpdk-dev] [PATCH 1/7] l2fwd-crypto: add missing new line character in help

[Pablo de Lara]

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 5fd4ff1..0cb46c2 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -789,7 +789,7 @@ l2fwd_crypto_usage(const char *prgname)
 	printf("%s [EAL options] --\n"
 		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 		"  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
-		"  -s manage all ports from single lcore"
+		"  -s manage all ports from single lcore\n"
 		"  -t PERIOD: statistics will be refreshed each PERIOD seconds"
 		" (0 to disable, 10 default, 86400 maximum)\n"
 
-- 
2.5.5

[dpdk-dev] [PATCH 2/7] l2fwd-crypto: rename period parameter

[Pablo de Lara]

L2fwd-crypto app is based on L2fwd app and it inherits
some of its parameters (such as portmask, queues per core...).

The parameter period (period of time between statistic updates)
is -T in L2fwd, but was -t in L2fwd-crypto, so for consistency,
it is changed back to -T

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 0cb46c2..fd30826 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -790,7 +790,7 @@ l2fwd_crypto_usage(const char *prgname)
 		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 		"  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
 		"  -s manage all ports from single lcore\n"
-		"  -t PERIOD: statistics will be refreshed each PERIOD seconds"
+		"  -T PERIOD: statistics will be refreshed each PERIOD seconds"
 		" (0 to disable, 10 default, 86400 maximum)\n"
 
 		"  --cdev_type HW / SW / ANY\n"
@@ -1220,7 +1220,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			break;
 
 		/* timer period */
-		case 't':
+		case 'T':
 			retval = l2fwd_crypto_parse_timer_period(options,
 					optarg);
 			if (retval < 0) {
-- 
2.5.5

[dpdk-dev] [PATCH 3/7] l2fwd-crypto: add missing string initialization

[Pablo de Lara]

When passing the preferred crypto device type in the command line parameters,
the string (HW/SW/ANY) was not being saved, which is used
for error information to the user.

Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index fd30826..1b0c229 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -968,8 +968,12 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 {
 	int retval;
 
-	if (strcmp(lgopts[option_index].name, "cdev_type") == 0)
-		return parse_cryptodev_type(&options->type, optarg);
+	if (strcmp(lgopts[option_index].name, "cdev_type") == 0) {
+		retval = parse_cryptodev_type(&options->type, optarg);
+		if (retval == 0)
+			strcpy(options->string_type, optarg);
+		return retval;
+	}
 
 	else if (strcmp(lgopts[option_index].name, "chain") == 0)
 		return parse_crypto_opt_chain(options, optarg);
-- 
2.5.5

[dpdk-dev] [PATCH 4/7] l2fwd-crypto: fix length of random IV/AAD

[Pablo de Lara]

App was generating a random IV/AAD of only 4 bytes,
instead of the actual length, since it was using sizeof(length).

Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 1b0c229..c323b55 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -643,7 +643,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
-						sizeof(port_cparams[i].aad.length));
+						port_cparams[i].aad.length);
 
 			}
 
@@ -661,7 +661,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
 				generate_random_key(port_cparams[i].iv.data,
-						sizeof(port_cparams[i].iv.length));
+						port_cparams[i].iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 		}
-- 
2.5.5

[dpdk-dev] [PATCH 5/7] l2fwd-crypto: fix ambiguous input key size

[Pablo de Lara]

Some crypto algorithms support more than one key size
(including cipher key, authentication key, IV and AAD),
but the app was using always the minimum size.

These changes allows the user to use an specific size,
either from the string provided with cipher_key, auth_key, iv and ADD parameters,
or from the values provided with cipher_key_random_size,
auth_key_random_size, iv_random_size and aad_random_size.

This also allows the user to specify the digest size.

Fixes: 1df9c0109f4c ("examples/l2fwd-crypto: parse key parameters")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 257 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 247 insertions(+), 10 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c323b55..c561270 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -147,15 +147,21 @@ struct l2fwd_crypto_options {
 
 	struct rte_crypto_sym_xform cipher_xform;
 	unsigned ckey_param;
+	int ckey_random_size;
 
 	struct l2fwd_key iv;
 	unsigned iv_param;
+	int iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
+	int akey_random_size;
 
 	struct l2fwd_key aad;
 	unsigned aad_param;
+	int aad_random_size;
+
+	int digest_size;
 
 	uint16_t block_size;
 	char string_auth_algo[MAX_STR_LEN];
@@ -799,12 +805,17 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
 		"  --cipher_key KEY\n"
+		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
 		"  --iv IV\n"
+		"  --iv_random_size SIZE: size of IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY\n"
+		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
 		"  --aad AAD\n"
+		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
+		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
 		"  --sessionless\n",
 	       prgname);
@@ -906,6 +917,27 @@ parse_key(uint8_t *data, char *input_arg)
 		data[byte_count++] = (uint8_t)number;
 	}
 
+	return byte_count;
+}
+
+/** Parse size param*/
+static int
+parse_size(int *size, const char *q_arg)
+{
+	char *end = NULL;
+	unsigned long n;
+
+	/* parse hexadecimal string */
+	n = strtoul(q_arg, &end, 10);
+	if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
+		n = 0;
+
+	if (n == 0) {
+		printf("invalid size\n");
+		return -1;
+	}
+
+	*size = n;
 	return 0;
 }
 
@@ -993,14 +1025,30 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
 		options->ckey_param = 1;
-		return parse_key(options->cipher_xform.cipher.key.data, optarg);
+		options->cipher_xform.cipher.key.length =
+			parse_key(options->cipher_xform.cipher.key.data, optarg);
+		if (options->cipher_xform.cipher.key.length > 0)
+			return 0;
+		else
+			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
+		return parse_size(&options->ckey_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
 		options->iv_param = 1;
-		return parse_key(options->iv.data, optarg);
+		options->iv.length =
+			parse_key(options->iv.data, optarg);
+		if (options->iv.length > 0)
+			return 0;
+		else
+			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
+		return parse_size(&options->iv_random_size, optarg);
+
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
 		retval = parse_auth_algo(&options->auth_xform.auth.algo,
@@ -1016,12 +1064,34 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
 		options->akey_param = 1;
-		return parse_key(options->auth_xform.auth.key.data, optarg);
+		options->auth_xform.auth.key.length =
+			parse_key(options->auth_xform.auth.key.data, optarg);
+		if (options->auth_xform.auth.key.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "auth_key_random_size") == 0) {
+		return parse_size(&options->akey_random_size, optarg);
 	}
 
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
-		return parse_key(options->aad.data, optarg);
+		options->aad.length =
+			parse_key(options->aad.data, optarg);
+		if (options->aad.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aad_random_size") == 0) {
+		return parse_size(&options->aad_random_size, optarg);
+	}
+
+	else if (strcmp(lgopts[option_index].name, "digest_size") == 0) {
+		return parse_size(&options->digest_size, optarg);
 	}
 
 	else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
@@ -1121,7 +1191,11 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	options->cipher_xform.next = NULL;
 	options->ckey_param = 0;
+	options->ckey_random_size = -1;
+	options->cipher_xform.cipher.key.length = 0;
 	options->iv_param = 0;
+	options->iv_random_size = -1;
+	options->iv.length = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1130,7 +1204,12 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	options->auth_xform.next = NULL;
 	options->akey_param = 0;
+	options->akey_random_size = -1;
+	options->auth_xform.auth.key.length = 0;
 	options->aad_param = 0;
+	options->aad_random_size = -1;
+	options->aad.length = 0;
+	options->digest_size = -1;
 
 	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
@@ -1171,13 +1250,18 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_algo", required_argument, 0, 0 },
 			{ "cipher_op", required_argument, 0, 0 },
 			{ "cipher_key", required_argument, 0, 0 },
+			{ "cipher_key_random_size", required_argument, 0, 0 },
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
 			{ "auth_key", required_argument, 0, 0 },
+			{ "auth_key_random_size", required_argument, 0, 0 },
 
 			{ "iv", required_argument, 0, 0 },
+			{ "iv_random_size", required_argument, 0, 0 },
 			{ "aad", required_argument, 0, 0 },
+			{ "aad_random_size", required_argument, 0, 0 },
+			{ "digest_size", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
 
@@ -1320,6 +1404,19 @@ check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_
 	return -1;
 }
 
+static inline int
+check_supported_size(uint16_t length, uint16_t min, uint16_t max,
+		uint16_t increment)
+{
+	uint16_t supp_size;
+
+	for (supp_size = min; supp_size <= max; supp_size += increment) {
+		if (length == supp_size)
+			return 0;
+	}
+
+	return -1;
+}
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
@@ -1383,9 +1480,71 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.cipher.block_size;
-			options->iv.length = cap->sym.cipher.iv_size.min;
-			options->cipher_xform.cipher.key.length =
+			/*
+			 * Check if length of provided IV is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->iv_param) {
+				if (check_supported_size(options->iv.length,
+						cap->sym.cipher.iv_size.min,
+						cap->sym.cipher.iv_size.max,
+						cap->sym.cipher.iv_size.increment)
+							!= 0) {
+					printf("Unsupported IV length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of IV to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->iv_random_size != -1) {
+				if (check_supported_size(options->iv_random_size,
+						cap->sym.cipher.iv_size.min,
+						cap->sym.cipher.iv_size.max,
+						cap->sym.cipher.iv_size.increment)
+							!= 0) {
+					printf("Unsupported IV length\n");
+					return -1;
+				}
+				options->iv.length = options->iv_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->iv.length = cap->sym.cipher.iv_size.min;
+
+			/*
+			 * Check if length of provided cipher key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->ckey_param) {
+				if (check_supported_size(
+						options->cipher_xform.cipher.key.length,
+						cap->sym.cipher.key_size.min,
+						cap->sym.cipher.key_size.max,
+						cap->sym.cipher.key_size.increment)
+							!= 0) {
+					printf("Unsupported cipher key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the cipher key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->ckey_random_size != -1) {
+				if (check_supported_size(options->ckey_random_size,
+						cap->sym.cipher.key_size.min,
+						cap->sym.cipher.key_size.max,
+						cap->sym.cipher.key_size.increment)
+							!= 0) {
+					printf("Unsupported cipher key length\n");
+					return -1;
+				}
+				options->cipher_xform.cipher.key.length =
+							options->ckey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->cipher_xform.cipher.key.length =
 						cap->sym.cipher.key_size.min;
+
 			if (!options->ckey_param)
 				generate_random_key(
 					options->cipher_xform.cipher.key.data,
@@ -1420,17 +1579,95 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.auth.block_size;
+			/*
+			 * Check if length of provided AAD is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aad_param) {
+				if (check_supported_size(options->aad.length,
+						cap->sym.auth.aad_size.min,
+						cap->sym.auth.aad_size.max,
+						cap->sym.auth.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of AAD to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aad_random_size != -1) {
+				if (check_supported_size(options->aad_random_size,
+						cap->sym.auth.aad_size.min,
+						cap->sym.auth.aad_size.max,
+						cap->sym.auth.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+				options->aad.length = options->aad_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aad.length = cap->sym.auth.aad_size.min;
+
 			options->auth_xform.auth.add_auth_data_length =
-						cap->sym.auth.aad_size.min;
-			options->auth_xform.auth.digest_length =
-						cap->sym.auth.digest_size.min;
-			options->auth_xform.auth.key.length =
+						options->aad.length;
+
+			/*
+			 * Check if length of provided auth key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->akey_param) {
+				if (check_supported_size(
+						options->auth_xform.auth.key.length,
+						cap->sym.auth.key_size.min,
+						cap->sym.auth.key_size.max,
+						cap->sym.auth.key_size.increment)
+							!= 0) {
+					printf("Unsupported auth key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the auth key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->akey_random_size != -1) {
+				if (check_supported_size(options->akey_random_size,
+						cap->sym.auth.key_size.min,
+						cap->sym.auth.key_size.max,
+						cap->sym.auth.key_size.increment)
+							!= 0) {
+					printf("Unsupported auth key length\n");
+					return -1;
+				}
+				options->auth_xform.auth.key.length =
+							options->akey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->auth_xform.auth.key.length =
 						cap->sym.auth.key_size.min;
 
 			if (!options->akey_param)
 				generate_random_key(
 					options->auth_xform.auth.key.data,
 					options->auth_xform.auth.key.length);
+
+			/* Check if digest size is supported by the algorithm. */
+			if (options->digest_size != -1) {
+				if (check_supported_size(options->digest_size,
+						cap->sym.auth.digest_size.min,
+						cap->sym.auth.digest_size.max,
+						cap->sym.auth.digest_size.increment)
+							!= 0) {
+					printf("Unsupported digest length\n");
+					return -1;
+				}
+				options->auth_xform.auth.digest_length =
+							options->digest_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->auth_xform.auth.digest_length =
+						cap->sym.auth.digest_size.min;
 		}
 
 		retval = rte_cryptodev_configure(cdev_id, &conf);
-- 
2.5.5

[dpdk-dev] [PATCH 6/7] l2fwd-crypto: use key-value list of supported algorithms

[Pablo de Lara]

In order to ease the parsing and display of supported algorithms
in the application, two new arrays are created, which contains
the strings of the different cipher and authentication algorithms,

These lists are used to parse the algorithms from the command line,
and will be used to display crypto information to the user.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c          | 106 +++++++++++++++++-----------------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c561270..6de29c5 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -133,6 +133,9 @@ struct l2fwd_key {
 	phys_addr_t phys_addr;
 };
 
+char supported_auth_algo[RTE_CRYPTO_AUTH_LIST_END][MAX_STR_LEN];
+char supported_cipher_algo[RTE_CRYPTO_CIPHER_LIST_END][MAX_STR_LEN];
+
 /** l2fwd crypto application command line options */
 struct l2fwd_crypto_options {
 	unsigned portmask;
@@ -164,8 +167,6 @@ struct l2fwd_crypto_options {
 	int digest_size;
 
 	uint16_t block_size;
-	char string_auth_algo[MAX_STR_LEN];
-	char string_cipher_algo[MAX_STR_LEN];
 	char string_type[MAX_STR_LEN];
 };
 
@@ -328,6 +329,32 @@ print_stats(void)
 	printf("\n====================================================\n");
 }
 
+static void
+fill_supported_algorithm_tables(void)
+{
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_AUTH_LIST_END; i++)
+		strcpy(supported_auth_algo[i], "NOT_SUPPORTED");
+
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_AES_GCM], "AES_GCM");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_MD5_HMAC], "MD5_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_NULL], "NULL");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA1_HMAC], "SHA1_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA224_HMAC], "SHA224_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA256_HMAC], "SHA256_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA384_HMAC], "SHA384_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA512_HMAC], "SHA512_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SNOW3G_UIA2], "SNOW3G_UIA2");
+
+	for (i = 0; i < RTE_CRYPTO_CIPHER_LIST_END; i++)
+		strcpy(supported_cipher_algo[i], "NOT_SUPPORTED");
+
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CBC], "AES_CBC");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_GCM], "AES_GCM");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_NULL], "NULL");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_SNOW3G_UEA2], "SNOW3G_UEA2");
+}
 
 
 static int
@@ -864,18 +891,13 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 static int
 parse_cipher_algo(enum rte_crypto_cipher_algorithm *algo, char *optarg)
 {
-	if (strcmp("AES_CBC", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_AES_CBC;
-		return 0;
-	} else if (strcmp("AES_GCM", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_AES_GCM;
-		return 0;
-	} else if (strcmp("NULL", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_NULL;
-		return 0;
-	} else if (strcmp("SNOW3G_UEA2", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2;
-		return 0;
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_CIPHER_LIST_END; i++) {
+		if (!strcmp(supported_cipher_algo[i], optarg)) {
+			*algo = i;
+			return 0;
+		}
 	}
 
 	printf("Cipher algorithm  not supported!\n");
@@ -945,33 +967,13 @@ parse_size(int *size, const char *q_arg)
 static int
 parse_auth_algo(enum rte_crypto_auth_algorithm *algo, char *optarg)
 {
-	if (strcmp("AES_GCM", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_AES_GCM;
-		return 0;
-	} else if (strcmp("MD5_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_MD5_HMAC;
-		return 0;
-	} else if (strcmp("NULL", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_NULL;
-		return 0;
-	} else if (strcmp("SHA1_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-		return 0;
-	} else if (strcmp("SHA224_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA224_HMAC;
-		return 0;
-	} else if (strcmp("SHA256_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
-		return 0;
-	}  else if (strcmp("SHA384_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA384_HMAC;
-		return 0;
-	} else if (strcmp("SHA512_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA512_HMAC;
-		return 0;
-	} else if (strcmp("SNOW3G_UIA2", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2;
-		return 0;
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_AUTH_LIST_END; i++) {
+		if (!strcmp(supported_auth_algo[i], optarg)) {
+			*algo = i;
+			return 0;
+		}
 	}
 
 	printf("Authentication algorithm specified not supported!\n");
@@ -1011,13 +1013,9 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_crypto_opt_chain(options, optarg);
 
 	/* Cipher options */
-	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0) {
-		retval = parse_cipher_algo(&options->cipher_xform.cipher.algo,
+	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0)
+		return parse_cipher_algo(&options->cipher_xform.cipher.algo,
 				optarg);
-		if (retval == 0)
-			strcpy(options->string_cipher_algo, optarg);
-		return retval;
-	}
 
 	else if (strcmp(lgopts[option_index].name, "cipher_op") == 0)
 		return parse_cipher_op(&options->cipher_xform.cipher.op,
@@ -1051,11 +1049,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
-		retval = parse_auth_algo(&options->auth_xform.auth.algo,
+		return parse_auth_algo(&options->auth_xform.auth.algo,
 				optarg);
-		if (retval == 0)
-			strcpy(options->string_auth_algo, optarg);
-		return retval;
 	}
 
 	else if (strcmp(lgopts[option_index].name, "auth_op") == 0)
@@ -1474,7 +1469,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
 				printf("Algorithm %s not supported by cryptodev %u"
 					" or device not of preferred type (%s)\n",
-					options->string_cipher_algo, cdev_id,
+					supported_cipher_algo[opt_cipher_algo],
+					cdev_id,
 					options->string_type);
 				continue;
 			}
@@ -1573,7 +1569,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
 				printf("Algorithm %s not supported by cryptodev %u"
 					" or device not of preferred type (%s)\n",
-					options->string_auth_algo, cdev_id,
+					supported_auth_algo[opt_auth_algo],
+					cdev_id,
 					options->string_type);
 				continue;
 			}
@@ -1848,6 +1845,9 @@ main(int argc, char **argv)
 	/* reserve memory for Cipher/Auth key and IV */
 	reserve_key_memory(&options);
 
+	/* fill out the supported algorithm tables */
+	fill_supported_algorithm_tables();
+
 	/* parse application arguments (after the EAL ones) */
 	ret = l2fwd_crypto_parse_args(&options, argc, argv);
 	if (ret < 0)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index d01287c..913941a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -101,8 +101,10 @@ enum rte_crypto_cipher_algorithm {
 	RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 	/**< SNOW3G algorithm in UEA2 mode */
 
-	RTE_CRYPTO_CIPHER_ZUC_EEA3
+	RTE_CRYPTO_CIPHER_ZUC_EEA3,
 	/**< ZUC algorithm in EEA3 mode */
+
+	RTE_CRYPTO_CIPHER_LIST_END
 };
 
 /** Symmetric Cipher Direction */
@@ -234,6 +236,8 @@ enum rte_crypto_auth_algorithm {
 
 	RTE_CRYPTO_AUTH_ZUC_EIA3,
 	/**< ZUC algorithm in EIA3 mode */
+
+	RTE_CRYPTO_AUTH_LIST_END
 };
 
 /** Symmetric Authentication / Hash Operations */
-- 
2.5.5

[dpdk-dev] [PATCH 7/7] l2fwd-crypto: extend crypto information

[Pablo de Lara]

Display extra crypto information (algorithms, keys/IV/AAD used, chain...),
so user can know exactly what operations are being carried out.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 84 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 82 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6de29c5..9c95392 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -71,6 +71,7 @@
 #include <rte_prefetch.h>
 #include <rte_random.h>
 #include <rte_ring.h>
+#include <rte_hexdump.h>
 
 enum cdev_type {
 	CDEV_TYPE_ANY,
@@ -634,8 +635,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 
 	RTE_LOG(INFO, L2FWD, "entering main loop on lcore %u\n", lcore_id);
 
-	l2fwd_crypto_options_print(options);
-
 	for (i = 0; i < qconf->nb_rx_ports; i++) {
 
 		portid = qconf->rx_port_list[i];
@@ -708,6 +707,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				port_cparams[i].dev_id);
 	}
 
+	l2fwd_crypto_options_print(options);
+
+	/*
+	 * Initialize previous tsc timestamp before the loop,
+	 * to avoid showing the port statistics immediately,
+	 * so user can see the crypto information.
+	 */
+	prev_tsc = rte_rdtsc();
 	while (1) {
 
 		cur_tsc = rte_rdtsc();
@@ -1213,8 +1220,45 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 }
 
 static void
+display_cipher_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- Cipher information ---\n");
+	printf("Algorithm: %s\n",
+		supported_cipher_algo[options->cipher_xform.cipher.algo]);
+	rte_hexdump(stdout, "Cipher key:",
+			options->cipher_xform.cipher.key.data,
+			options->cipher_xform.cipher.key.length);
+	rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+}
+
+static void
+display_auth_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- Authentication information ---\n");
+	printf("Algorithm: %s\n",
+		supported_auth_algo[options->auth_xform.auth.algo]);
+	rte_hexdump(stdout, "Auth key:",
+			options->auth_xform.auth.key.data,
+			options->auth_xform.auth.key.length);
+	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
+}
+
+static void
 l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 {
+	char string_cipher_op[MAX_STR_LEN];
+	char string_auth_op[MAX_STR_LEN];
+
+	if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+		strcpy(string_cipher_op, "Encrypt");
+	else
+		strcpy(string_cipher_op, "Decrypt");
+
+	if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		strcpy(string_auth_op, "Auth generate");
+	else
+		strcpy(string_auth_op, "Auth verify");
+
 	printf("Options:-\nn");
 	printf("portmask: %x\n", options->portmask);
 	printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
@@ -1226,6 +1270,42 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("sessionless crypto: %s\n",
 			options->sessionless ? "enabled" : "disabled");
+
+	if (options->ckey_param && (options->ckey_random_size != -1))
+		printf("Cipher key already parsed, ignoring size of random key\n");
+
+	if (options->akey_param && (options->akey_random_size != -1))
+		printf("Auth key already parsed, ignoring size of random key\n");
+
+	if (options->iv_param && (options->iv_random_size != -1))
+		printf("IV already parsed, ignoring size of random IV\n");
+
+	if (options->aad_param && (options->aad_random_size != -1))
+		printf("AAD already parsed, ignoring size of random AAD\n");
+
+	printf("\nCrypto chain: ");
+	switch (options->xform_chain) {
+	case L2FWD_CRYPTO_CIPHER_HASH:
+		printf("Input --> %s --> %s --> Output\n",
+			string_cipher_op, string_auth_op);
+		display_cipher_info(options);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_HASH_CIPHER:
+		printf("Input --> %s --> %s --> Output\n",
+			string_auth_op, string_cipher_op);
+		display_cipher_info(options);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_HASH_ONLY:
+		printf("Input --> %s --> Output\n", string_auth_op);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_CIPHER_ONLY:
+		printf("Input --> %s --> Output\n", string_cipher_op);
+		display_cipher_info(options);
+		break;
+	}
 }
 
 /* Parse the argument given in the command line of the application */
-- 
2.5.5

Re: [dpdk-dev] [PATCH 0/7] L2fwd-crypto fixes/enhancements

[Cao, Min]

Tested-by: Min Cao <min.cao@intel.com>

- Tested Commit: 6ac91f938cc88423885b757ce24c2a984da097d4
- OS: Fedora20 3.11.10-301.fc20.x86_64
- GCC: gcc (GCC) 4.8.3
- CPU: Intel(R) Xeon(R) CPU E5-2658 v3 @ 2.20GHz
- NIC: Niantic
- Default x86_64-native-linuxapp-gcc configuration
- Prerequisites:
- Total 44 cases, 44 passed, 0 failed

- test case 1: QAT Unit test 
    Total 31 cases, 31 passed, 0 failed

- test case 2: AES_NI Unit test 
    Total 10 cases, 10 passed, 0 failed

- test case 3: l2fwd-crypto AES-CBC 128/192/256
    Total 3 cases, 3 passed, 0 failed



-----Original Message-----
From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Pablo de Lara
Sent: Wednesday, March 30, 2016 9:02 PM
To: dev@dpdk.org
Cc: Doherty, Declan; De Lara Guarch, Pablo
Subject: [dpdk-dev] [PATCH 0/7] L2fwd-crypto fixes/enhancements

This patches fixes some small issues in L2fwd-crypto app and also improves the app, making it more flexible (accepting different key sizes) and readable (information display improvement).

Pablo de Lara (7):
  l2fwd-crypto: add missing new line character in help
  l2fwd-crypto: rename period parameter
  l2fwd-crypto: add missing string initialization
  l2fwd-crypto: fix length of random IV/AAD
  l2fwd-crypto: fix ambiguous input key size
  l2fwd-crypto: use key-value list of supported algorithms
  l2fwd-crypto: extend crypto information

 examples/l2fwd-crypto/main.c          | 465 ++++++++++++++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 398 insertions(+), 73 deletions(-)

--
2.5.5

[dpdk-dev] [PATCH v2 0/8] L2fwd-crypto fixes/enhancements

[Pablo de Lara]

This patches fixes some small issues in L2fwd-crypto
app and also improves the app, making it more flexible
(accepting different key sizes)
and readable (information display improvement).

Changes in v2:

- Extended help information

Pablo de Lara (8):
  l2fwd-crypto: add missing new line character in help
  l2fwd-crypto: rename period parameter
  l2fwd-crypto: add missing string initialization
  l2fwd-crypto: fix length of random IV/AAD
  l2fwd-crypto: fix ambiguous input key size
  l2fwd-crypto: clarify key parsing in help
  l2fwd-crypto: use key-value list of supported algorithms
  l2fwd-crypto: extend crypto information

 examples/l2fwd-crypto/main.c          | 473 ++++++++++++++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 402 insertions(+), 77 deletions(-)

-- 
2.5.5

[dpdk-dev] [PATCH v2 1/8] l2fwd-crypto: add missing new line character in help

[Pablo de Lara]

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 5fd4ff1..0cb46c2 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -789,7 +789,7 @@ l2fwd_crypto_usage(const char *prgname)
 	printf("%s [EAL options] --\n"
 		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 		"  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
-		"  -s manage all ports from single lcore"
+		"  -s manage all ports from single lcore\n"
 		"  -t PERIOD: statistics will be refreshed each PERIOD seconds"
 		" (0 to disable, 10 default, 86400 maximum)\n"
 
-- 
2.5.5

[dpdk-dev] [PATCH v2 2/8] l2fwd-crypto: rename period parameter

[Pablo de Lara]

L2fwd-crypto app is based on L2fwd app and it inherits
some of its parameters (such as portmask, queues per core...).

The parameter period (period of time between statistic updates)
is -T in L2fwd, but was -t in L2fwd-crypto, so for consistency,
it is changed back to -T

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 0cb46c2..fd30826 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -790,7 +790,7 @@ l2fwd_crypto_usage(const char *prgname)
 		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 		"  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
 		"  -s manage all ports from single lcore\n"
-		"  -t PERIOD: statistics will be refreshed each PERIOD seconds"
+		"  -T PERIOD: statistics will be refreshed each PERIOD seconds"
 		" (0 to disable, 10 default, 86400 maximum)\n"
 
 		"  --cdev_type HW / SW / ANY\n"
@@ -1220,7 +1220,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			break;
 
 		/* timer period */
-		case 't':
+		case 'T':
 			retval = l2fwd_crypto_parse_timer_period(options,
 					optarg);
 			if (retval < 0) {
-- 
2.5.5

[dpdk-dev] [PATCH v2 3/8] l2fwd-crypto: add missing string initialization

[Pablo de Lara]

When passing the preferred crypto device type in the command line parameters,
the string (HW/SW/ANY) was not being saved, which is used
for error information to the user.

Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index fd30826..1b0c229 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -968,8 +968,12 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 {
 	int retval;
 
-	if (strcmp(lgopts[option_index].name, "cdev_type") == 0)
-		return parse_cryptodev_type(&options->type, optarg);
+	if (strcmp(lgopts[option_index].name, "cdev_type") == 0) {
+		retval = parse_cryptodev_type(&options->type, optarg);
+		if (retval == 0)
+			strcpy(options->string_type, optarg);
+		return retval;
+	}
 
 	else if (strcmp(lgopts[option_index].name, "chain") == 0)
 		return parse_crypto_opt_chain(options, optarg);
-- 
2.5.5

[dpdk-dev] [PATCH v2 4/8] l2fwd-crypto: fix length of random IV/AAD

[Pablo de Lara]

App was generating a random IV/AAD of only 4 bytes,
instead of the actual length, since it was using sizeof(length).

Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 1b0c229..c323b55 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -643,7 +643,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
-						sizeof(port_cparams[i].aad.length));
+						port_cparams[i].aad.length);
 
 			}
 
@@ -661,7 +661,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
 				generate_random_key(port_cparams[i].iv.data,
-						sizeof(port_cparams[i].iv.length));
+						port_cparams[i].iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 		}
-- 
2.5.5

[dpdk-dev] [PATCH v2 5/8] l2fwd-crypto: fix ambiguous input key size

[Pablo de Lara]

Some crypto algorithms support more than one key size
(including cipher key, authentication key, IV and AAD),
but the app was using always the minimum size.

These changes allows the user to use an specific size,
either from the string provided with cipher_key, auth_key, iv and ADD parameters,
or from the values provided with cipher_key_random_size,
auth_key_random_size, iv_random_size and aad_random_size.

This also allows the user to specify the digest size.

Fixes: 1df9c0109f4c ("examples/l2fwd-crypto: parse key parameters")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 257 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 247 insertions(+), 10 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c323b55..c561270 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -147,15 +147,21 @@ struct l2fwd_crypto_options {
 
 	struct rte_crypto_sym_xform cipher_xform;
 	unsigned ckey_param;
+	int ckey_random_size;
 
 	struct l2fwd_key iv;
 	unsigned iv_param;
+	int iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
+	int akey_random_size;
 
 	struct l2fwd_key aad;
 	unsigned aad_param;
+	int aad_random_size;
+
+	int digest_size;
 
 	uint16_t block_size;
 	char string_auth_algo[MAX_STR_LEN];
@@ -799,12 +805,17 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
 		"  --cipher_key KEY\n"
+		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
 		"  --iv IV\n"
+		"  --iv_random_size SIZE: size of IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY\n"
+		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
 		"  --aad AAD\n"
+		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
+		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
 		"  --sessionless\n",
 	       prgname);
@@ -906,6 +917,27 @@ parse_key(uint8_t *data, char *input_arg)
 		data[byte_count++] = (uint8_t)number;
 	}
 
+	return byte_count;
+}
+
+/** Parse size param*/
+static int
+parse_size(int *size, const char *q_arg)
+{
+	char *end = NULL;
+	unsigned long n;
+
+	/* parse hexadecimal string */
+	n = strtoul(q_arg, &end, 10);
+	if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
+		n = 0;
+
+	if (n == 0) {
+		printf("invalid size\n");
+		return -1;
+	}
+
+	*size = n;
 	return 0;
 }
 
@@ -993,14 +1025,30 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
 		options->ckey_param = 1;
-		return parse_key(options->cipher_xform.cipher.key.data, optarg);
+		options->cipher_xform.cipher.key.length =
+			parse_key(options->cipher_xform.cipher.key.data, optarg);
+		if (options->cipher_xform.cipher.key.length > 0)
+			return 0;
+		else
+			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
+		return parse_size(&options->ckey_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
 		options->iv_param = 1;
-		return parse_key(options->iv.data, optarg);
+		options->iv.length =
+			parse_key(options->iv.data, optarg);
+		if (options->iv.length > 0)
+			return 0;
+		else
+			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
+		return parse_size(&options->iv_random_size, optarg);
+
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
 		retval = parse_auth_algo(&options->auth_xform.auth.algo,
@@ -1016,12 +1064,34 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
 		options->akey_param = 1;
-		return parse_key(options->auth_xform.auth.key.data, optarg);
+		options->auth_xform.auth.key.length =
+			parse_key(options->auth_xform.auth.key.data, optarg);
+		if (options->auth_xform.auth.key.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "auth_key_random_size") == 0) {
+		return parse_size(&options->akey_random_size, optarg);
 	}
 
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
-		return parse_key(options->aad.data, optarg);
+		options->aad.length =
+			parse_key(options->aad.data, optarg);
+		if (options->aad.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aad_random_size") == 0) {
+		return parse_size(&options->aad_random_size, optarg);
+	}
+
+	else if (strcmp(lgopts[option_index].name, "digest_size") == 0) {
+		return parse_size(&options->digest_size, optarg);
 	}
 
 	else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
@@ -1121,7 +1191,11 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	options->cipher_xform.next = NULL;
 	options->ckey_param = 0;
+	options->ckey_random_size = -1;
+	options->cipher_xform.cipher.key.length = 0;
 	options->iv_param = 0;
+	options->iv_random_size = -1;
+	options->iv.length = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1130,7 +1204,12 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	options->auth_xform.next = NULL;
 	options->akey_param = 0;
+	options->akey_random_size = -1;
+	options->auth_xform.auth.key.length = 0;
 	options->aad_param = 0;
+	options->aad_random_size = -1;
+	options->aad.length = 0;
+	options->digest_size = -1;
 
 	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
@@ -1171,13 +1250,18 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_algo", required_argument, 0, 0 },
 			{ "cipher_op", required_argument, 0, 0 },
 			{ "cipher_key", required_argument, 0, 0 },
+			{ "cipher_key_random_size", required_argument, 0, 0 },
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
 			{ "auth_key", required_argument, 0, 0 },
+			{ "auth_key_random_size", required_argument, 0, 0 },
 
 			{ "iv", required_argument, 0, 0 },
+			{ "iv_random_size", required_argument, 0, 0 },
 			{ "aad", required_argument, 0, 0 },
+			{ "aad_random_size", required_argument, 0, 0 },
+			{ "digest_size", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
 
@@ -1320,6 +1404,19 @@ check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_
 	return -1;
 }
 
+static inline int
+check_supported_size(uint16_t length, uint16_t min, uint16_t max,
+		uint16_t increment)
+{
+	uint16_t supp_size;
+
+	for (supp_size = min; supp_size <= max; supp_size += increment) {
+		if (length == supp_size)
+			return 0;
+	}
+
+	return -1;
+}
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
@@ -1383,9 +1480,71 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.cipher.block_size;
-			options->iv.length = cap->sym.cipher.iv_size.min;
-			options->cipher_xform.cipher.key.length =
+			/*
+			 * Check if length of provided IV is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->iv_param) {
+				if (check_supported_size(options->iv.length,
+						cap->sym.cipher.iv_size.min,
+						cap->sym.cipher.iv_size.max,
+						cap->sym.cipher.iv_size.increment)
+							!= 0) {
+					printf("Unsupported IV length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of IV to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->iv_random_size != -1) {
+				if (check_supported_size(options->iv_random_size,
+						cap->sym.cipher.iv_size.min,
+						cap->sym.cipher.iv_size.max,
+						cap->sym.cipher.iv_size.increment)
+							!= 0) {
+					printf("Unsupported IV length\n");
+					return -1;
+				}
+				options->iv.length = options->iv_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->iv.length = cap->sym.cipher.iv_size.min;
+
+			/*
+			 * Check if length of provided cipher key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->ckey_param) {
+				if (check_supported_size(
+						options->cipher_xform.cipher.key.length,
+						cap->sym.cipher.key_size.min,
+						cap->sym.cipher.key_size.max,
+						cap->sym.cipher.key_size.increment)
+							!= 0) {
+					printf("Unsupported cipher key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the cipher key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->ckey_random_size != -1) {
+				if (check_supported_size(options->ckey_random_size,
+						cap->sym.cipher.key_size.min,
+						cap->sym.cipher.key_size.max,
+						cap->sym.cipher.key_size.increment)
+							!= 0) {
+					printf("Unsupported cipher key length\n");
+					return -1;
+				}
+				options->cipher_xform.cipher.key.length =
+							options->ckey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->cipher_xform.cipher.key.length =
 						cap->sym.cipher.key_size.min;
+
 			if (!options->ckey_param)
 				generate_random_key(
 					options->cipher_xform.cipher.key.data,
@@ -1420,17 +1579,95 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.auth.block_size;
+			/*
+			 * Check if length of provided AAD is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aad_param) {
+				if (check_supported_size(options->aad.length,
+						cap->sym.auth.aad_size.min,
+						cap->sym.auth.aad_size.max,
+						cap->sym.auth.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of AAD to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aad_random_size != -1) {
+				if (check_supported_size(options->aad_random_size,
+						cap->sym.auth.aad_size.min,
+						cap->sym.auth.aad_size.max,
+						cap->sym.auth.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+				options->aad.length = options->aad_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aad.length = cap->sym.auth.aad_size.min;
+
 			options->auth_xform.auth.add_auth_data_length =
-						cap->sym.auth.aad_size.min;
-			options->auth_xform.auth.digest_length =
-						cap->sym.auth.digest_size.min;
-			options->auth_xform.auth.key.length =
+						options->aad.length;
+
+			/*
+			 * Check if length of provided auth key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->akey_param) {
+				if (check_supported_size(
+						options->auth_xform.auth.key.length,
+						cap->sym.auth.key_size.min,
+						cap->sym.auth.key_size.max,
+						cap->sym.auth.key_size.increment)
+							!= 0) {
+					printf("Unsupported auth key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the auth key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->akey_random_size != -1) {
+				if (check_supported_size(options->akey_random_size,
+						cap->sym.auth.key_size.min,
+						cap->sym.auth.key_size.max,
+						cap->sym.auth.key_size.increment)
+							!= 0) {
+					printf("Unsupported auth key length\n");
+					return -1;
+				}
+				options->auth_xform.auth.key.length =
+							options->akey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->auth_xform.auth.key.length =
 						cap->sym.auth.key_size.min;
 
 			if (!options->akey_param)
 				generate_random_key(
 					options->auth_xform.auth.key.data,
 					options->auth_xform.auth.key.length);
+
+			/* Check if digest size is supported by the algorithm. */
+			if (options->digest_size != -1) {
+				if (check_supported_size(options->digest_size,
+						cap->sym.auth.digest_size.min,
+						cap->sym.auth.digest_size.max,
+						cap->sym.auth.digest_size.increment)
+							!= 0) {
+					printf("Unsupported digest length\n");
+					return -1;
+				}
+				options->auth_xform.auth.digest_length =
+							options->digest_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->auth_xform.auth.digest_length =
+						cap->sym.auth.digest_size.min;
 		}
 
 		retval = rte_cryptodev_configure(cdev_id, &conf);
-- 
2.5.5

[dpdk-dev] [PATCH v2 6/8] l2fwd-crypto: clarify key parsing in help

[Pablo de Lara]

Cipher/Auth keys, AAD and IV must be passed from command line
with ":" between bytes, but help was not clarifying that.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c561270..6a28448 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -804,16 +804,16 @@ l2fwd_crypto_usage(const char *prgname)
 
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
-		"  --cipher_key KEY\n"
+		"  --cipher_key KEY (bytes separated with \":\")\n"
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
-		"  --iv IV\n"
+		"  --iv IV (bytes separated with \":\")\n"
 		"  --iv_random_size SIZE: size of IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
-		"  --auth_key KEY\n"
+		"  --auth_key KEY (bytes separated with \":\")\n"
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
-		"  --aad AAD\n"
+		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
-- 
2.5.5

[dpdk-dev] [PATCH v2 7/8] l2fwd-crypto: use key-value list of supported algorithms

[Pablo de Lara]

In order to ease the parsing and display of supported algorithms
in the application, two new arrays are created, which contains
the strings of the different cipher and authentication algorithms,

These lists are used to parse the algorithms from the command line,
and will be used to display crypto information to the user.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c          | 106 +++++++++++++++++-----------------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6a28448..5fb33df 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -133,6 +133,9 @@ struct l2fwd_key {
 	phys_addr_t phys_addr;
 };
 
+char supported_auth_algo[RTE_CRYPTO_AUTH_LIST_END][MAX_STR_LEN];
+char supported_cipher_algo[RTE_CRYPTO_CIPHER_LIST_END][MAX_STR_LEN];
+
 /** l2fwd crypto application command line options */
 struct l2fwd_crypto_options {
 	unsigned portmask;
@@ -164,8 +167,6 @@ struct l2fwd_crypto_options {
 	int digest_size;
 
 	uint16_t block_size;
-	char string_auth_algo[MAX_STR_LEN];
-	char string_cipher_algo[MAX_STR_LEN];
 	char string_type[MAX_STR_LEN];
 };
 
@@ -328,6 +329,32 @@ print_stats(void)
 	printf("\n====================================================\n");
 }
 
+static void
+fill_supported_algorithm_tables(void)
+{
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_AUTH_LIST_END; i++)
+		strcpy(supported_auth_algo[i], "NOT_SUPPORTED");
+
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_AES_GCM], "AES_GCM");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_MD5_HMAC], "MD5_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_NULL], "NULL");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA1_HMAC], "SHA1_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA224_HMAC], "SHA224_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA256_HMAC], "SHA256_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA384_HMAC], "SHA384_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA512_HMAC], "SHA512_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SNOW3G_UIA2], "SNOW3G_UIA2");
+
+	for (i = 0; i < RTE_CRYPTO_CIPHER_LIST_END; i++)
+		strcpy(supported_cipher_algo[i], "NOT_SUPPORTED");
+
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CBC], "AES_CBC");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_GCM], "AES_GCM");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_NULL], "NULL");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_SNOW3G_UEA2], "SNOW3G_UEA2");
+}
 
 
 static int
@@ -864,18 +891,13 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 static int
 parse_cipher_algo(enum rte_crypto_cipher_algorithm *algo, char *optarg)
 {
-	if (strcmp("AES_CBC", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_AES_CBC;
-		return 0;
-	} else if (strcmp("AES_GCM", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_AES_GCM;
-		return 0;
-	} else if (strcmp("NULL", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_NULL;
-		return 0;
-	} else if (strcmp("SNOW3G_UEA2", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2;
-		return 0;
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_CIPHER_LIST_END; i++) {
+		if (!strcmp(supported_cipher_algo[i], optarg)) {
+			*algo = i;
+			return 0;
+		}
 	}
 
 	printf("Cipher algorithm  not supported!\n");
@@ -945,33 +967,13 @@ parse_size(int *size, const char *q_arg)
 static int
 parse_auth_algo(enum rte_crypto_auth_algorithm *algo, char *optarg)
 {
-	if (strcmp("AES_GCM", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_AES_GCM;
-		return 0;
-	} else if (strcmp("MD5_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_MD5_HMAC;
-		return 0;
-	} else if (strcmp("NULL", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_NULL;
-		return 0;
-	} else if (strcmp("SHA1_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-		return 0;
-	} else if (strcmp("SHA224_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA224_HMAC;
-		return 0;
-	} else if (strcmp("SHA256_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
-		return 0;
-	}  else if (strcmp("SHA384_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA384_HMAC;
-		return 0;
-	} else if (strcmp("SHA512_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA512_HMAC;
-		return 0;
-	} else if (strcmp("SNOW3G_UIA2", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2;
-		return 0;
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_AUTH_LIST_END; i++) {
+		if (!strcmp(supported_auth_algo[i], optarg)) {
+			*algo = i;
+			return 0;
+		}
 	}
 
 	printf("Authentication algorithm specified not supported!\n");
@@ -1011,13 +1013,9 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_crypto_opt_chain(options, optarg);
 
 	/* Cipher options */
-	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0) {
-		retval = parse_cipher_algo(&options->cipher_xform.cipher.algo,
+	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0)
+		return parse_cipher_algo(&options->cipher_xform.cipher.algo,
 				optarg);
-		if (retval == 0)
-			strcpy(options->string_cipher_algo, optarg);
-		return retval;
-	}
 
 	else if (strcmp(lgopts[option_index].name, "cipher_op") == 0)
 		return parse_cipher_op(&options->cipher_xform.cipher.op,
@@ -1051,11 +1049,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
-		retval = parse_auth_algo(&options->auth_xform.auth.algo,
+		return parse_auth_algo(&options->auth_xform.auth.algo,
 				optarg);
-		if (retval == 0)
-			strcpy(options->string_auth_algo, optarg);
-		return retval;
 	}
 
 	else if (strcmp(lgopts[option_index].name, "auth_op") == 0)
@@ -1474,7 +1469,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
 				printf("Algorithm %s not supported by cryptodev %u"
 					" or device not of preferred type (%s)\n",
-					options->string_cipher_algo, cdev_id,
+					supported_cipher_algo[opt_cipher_algo],
+					cdev_id,
 					options->string_type);
 				continue;
 			}
@@ -1573,7 +1569,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
 				printf("Algorithm %s not supported by cryptodev %u"
 					" or device not of preferred type (%s)\n",
-					options->string_auth_algo, cdev_id,
+					supported_auth_algo[opt_auth_algo],
+					cdev_id,
 					options->string_type);
 				continue;
 			}
@@ -1848,6 +1845,9 @@ main(int argc, char **argv)
 	/* reserve memory for Cipher/Auth key and IV */
 	reserve_key_memory(&options);
 
+	/* fill out the supported algorithm tables */
+	fill_supported_algorithm_tables();
+
 	/* parse application arguments (after the EAL ones) */
 	ret = l2fwd_crypto_parse_args(&options, argc, argv);
 	if (ret < 0)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index d01287c..913941a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -101,8 +101,10 @@ enum rte_crypto_cipher_algorithm {
 	RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 	/**< SNOW3G algorithm in UEA2 mode */
 
-	RTE_CRYPTO_CIPHER_ZUC_EEA3
+	RTE_CRYPTO_CIPHER_ZUC_EEA3,
 	/**< ZUC algorithm in EEA3 mode */
+
+	RTE_CRYPTO_CIPHER_LIST_END
 };
 
 /** Symmetric Cipher Direction */
@@ -234,6 +236,8 @@ enum rte_crypto_auth_algorithm {
 
 	RTE_CRYPTO_AUTH_ZUC_EIA3,
 	/**< ZUC algorithm in EIA3 mode */
+
+	RTE_CRYPTO_AUTH_LIST_END
 };
 
 /** Symmetric Authentication / Hash Operations */
-- 
2.5.5

[dpdk-dev] [PATCH v2 8/8] l2fwd-crypto: extend crypto information

[Pablo de Lara]

Display extra crypto information (algorithms, keys/IV/AAD used, chain...),
so user can know exactly what operations are being carried out.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 84 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 82 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 5fb33df..09a07d3 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -71,6 +71,7 @@
 #include <rte_prefetch.h>
 #include <rte_random.h>
 #include <rte_ring.h>
+#include <rte_hexdump.h>
 
 enum cdev_type {
 	CDEV_TYPE_ANY,
@@ -634,8 +635,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 
 	RTE_LOG(INFO, L2FWD, "entering main loop on lcore %u\n", lcore_id);
 
-	l2fwd_crypto_options_print(options);
-
 	for (i = 0; i < qconf->nb_rx_ports; i++) {
 
 		portid = qconf->rx_port_list[i];
@@ -708,6 +707,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				port_cparams[i].dev_id);
 	}
 
+	l2fwd_crypto_options_print(options);
+
+	/*
+	 * Initialize previous tsc timestamp before the loop,
+	 * to avoid showing the port statistics immediately,
+	 * so user can see the crypto information.
+	 */
+	prev_tsc = rte_rdtsc();
 	while (1) {
 
 		cur_tsc = rte_rdtsc();
@@ -1213,8 +1220,45 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 }
 
 static void
+display_cipher_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- Cipher information ---\n");
+	printf("Algorithm: %s\n",
+		supported_cipher_algo[options->cipher_xform.cipher.algo]);
+	rte_hexdump(stdout, "Cipher key:",
+			options->cipher_xform.cipher.key.data,
+			options->cipher_xform.cipher.key.length);
+	rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+}
+
+static void
+display_auth_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- Authentication information ---\n");
+	printf("Algorithm: %s\n",
+		supported_auth_algo[options->auth_xform.auth.algo]);
+	rte_hexdump(stdout, "Auth key:",
+			options->auth_xform.auth.key.data,
+			options->auth_xform.auth.key.length);
+	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
+}
+
+static void
 l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 {
+	char string_cipher_op[MAX_STR_LEN];
+	char string_auth_op[MAX_STR_LEN];
+
+	if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+		strcpy(string_cipher_op, "Encrypt");
+	else
+		strcpy(string_cipher_op, "Decrypt");
+
+	if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		strcpy(string_auth_op, "Auth generate");
+	else
+		strcpy(string_auth_op, "Auth verify");
+
 	printf("Options:-\nn");
 	printf("portmask: %x\n", options->portmask);
 	printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
@@ -1226,6 +1270,42 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("sessionless crypto: %s\n",
 			options->sessionless ? "enabled" : "disabled");
+
+	if (options->ckey_param && (options->ckey_random_size != -1))
+		printf("Cipher key already parsed, ignoring size of random key\n");
+
+	if (options->akey_param && (options->akey_random_size != -1))
+		printf("Auth key already parsed, ignoring size of random key\n");
+
+	if (options->iv_param && (options->iv_random_size != -1))
+		printf("IV already parsed, ignoring size of random IV\n");
+
+	if (options->aad_param && (options->aad_random_size != -1))
+		printf("AAD already parsed, ignoring size of random AAD\n");
+
+	printf("\nCrypto chain: ");
+	switch (options->xform_chain) {
+	case L2FWD_CRYPTO_CIPHER_HASH:
+		printf("Input --> %s --> %s --> Output\n",
+			string_cipher_op, string_auth_op);
+		display_cipher_info(options);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_HASH_CIPHER:
+		printf("Input --> %s --> %s --> Output\n",
+			string_auth_op, string_cipher_op);
+		display_cipher_info(options);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_HASH_ONLY:
+		printf("Input --> %s --> Output\n", string_auth_op);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_CIPHER_ONLY:
+		printf("Input --> %s --> Output\n", string_cipher_op);
+		display_cipher_info(options);
+		break;
+	}
 }
 
 /* Parse the argument given in the command line of the application */
-- 
2.5.5

Re: [dpdk-dev] [PATCH v2 0/8] L2fwd-crypto fixes/enhancements

[Thomas Monjalon]

2016-03-31 10:01, Pablo de Lara:
> This patches fixes some small issues in L2fwd-crypto
> app and also improves the app, making it more flexible
> (accepting different key sizes)
> and readable (information display improvement).
> 
> Changes in v2:
> 
> - Extended help information

The line "Tested-by: Min Cao <min.cao@intel.com>" is missing.

[dpdk-dev] [PATCH v3 0/8] L2fwd-crypto fixes/enhancements

[Pablo de Lara]

This patches fixes some small issues in L2fwd-crypto
app and also improves the app, making it more flexible
(accepting different key sizes)
and readable (information display improvement).

Series-tested-by: Min Cao <min.cao@intel.com>


Changes in v3:

- Added missing Tested-by line.

Changes in v2:

- Extended help information

Pablo de Lara (8):
  l2fwd-crypto: add missing new line character in help
  l2fwd-crypto: rename period parameter
  l2fwd-crypto: add missing string initialization
  l2fwd-crypto: fix length of random IV/AAD
  l2fwd-crypto: fix ambiguous input key size
  l2fwd-crypto: clarify key parsing in help
  l2fwd-crypto: use key-value list of supported algorithms
  l2fwd-crypto: extend crypto information

 examples/l2fwd-crypto/main.c          | 473 ++++++++++++++++++++++++++++------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 402 insertions(+), 77 deletions(-)

-- 
2.5.5

[dpdk-dev] [PATCH v3 1/8] l2fwd-crypto: add missing new line character in help

[Pablo de Lara]

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 5fd4ff1..0cb46c2 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -789,7 +789,7 @@ l2fwd_crypto_usage(const char *prgname)
 	printf("%s [EAL options] --\n"
 		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 		"  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
-		"  -s manage all ports from single lcore"
+		"  -s manage all ports from single lcore\n"
 		"  -t PERIOD: statistics will be refreshed each PERIOD seconds"
 		" (0 to disable, 10 default, 86400 maximum)\n"
 
-- 
2.5.5

[dpdk-dev] [PATCH v3 2/8] l2fwd-crypto: rename period parameter

[Pablo de Lara]

L2fwd-crypto app is based on L2fwd app and it inherits
some of its parameters (such as portmask, queues per core...).

The parameter period (period of time between statistic updates)
is -T in L2fwd, but was -t in L2fwd-crypto, so for consistency,
it is changed back to -T

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 0cb46c2..fd30826 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -790,7 +790,7 @@ l2fwd_crypto_usage(const char *prgname)
 		"  -p PORTMASK: hexadecimal bitmask of ports to configure\n"
 		"  -q NQ: number of queue (=ports) per lcore (default is 1)\n"
 		"  -s manage all ports from single lcore\n"
-		"  -t PERIOD: statistics will be refreshed each PERIOD seconds"
+		"  -T PERIOD: statistics will be refreshed each PERIOD seconds"
 		" (0 to disable, 10 default, 86400 maximum)\n"
 
 		"  --cdev_type HW / SW / ANY\n"
@@ -1220,7 +1220,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			break;
 
 		/* timer period */
-		case 't':
+		case 'T':
 			retval = l2fwd_crypto_parse_timer_period(options,
 					optarg);
 			if (retval < 0) {
-- 
2.5.5

[dpdk-dev] [PATCH v3 3/8] l2fwd-crypto: add missing string initialization

[Pablo de Lara]

When passing the preferred crypto device type in the command line parameters,
the string (HW/SW/ANY) was not being saved, which is used
for error information to the user.

Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index fd30826..1b0c229 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -968,8 +968,12 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 {
 	int retval;
 
-	if (strcmp(lgopts[option_index].name, "cdev_type") == 0)
-		return parse_cryptodev_type(&options->type, optarg);
+	if (strcmp(lgopts[option_index].name, "cdev_type") == 0) {
+		retval = parse_cryptodev_type(&options->type, optarg);
+		if (retval == 0)
+			strcpy(options->string_type, optarg);
+		return retval;
+	}
 
 	else if (strcmp(lgopts[option_index].name, "chain") == 0)
 		return parse_crypto_opt_chain(options, optarg);
-- 
2.5.5

[dpdk-dev] [PATCH v3 4/8] l2fwd-crypto: fix length of random IV/AAD

[Pablo de Lara]

App was generating a random IV/AAD of only 4 bytes,
instead of the actual length, since it was using sizeof(length).

Fixes: 27cf2d1b18e1 ("examples/l2fwd-crypto: discover capabilities")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 1b0c229..c323b55 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -643,7 +643,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
 				if (!options->aad_param)
 					generate_random_key(port_cparams[i].aad.data,
-						sizeof(port_cparams[i].aad.length));
+						port_cparams[i].aad.length);
 
 			}
 
@@ -661,7 +661,7 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
 				generate_random_key(port_cparams[i].iv.data,
-						sizeof(port_cparams[i].iv.length));
+						port_cparams[i].iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
 		}
-- 
2.5.5

[dpdk-dev] [PATCH v3 5/8] l2fwd-crypto: fix ambiguous input key size

[Pablo de Lara]

Some crypto algorithms support more than one key size
(including cipher key, authentication key, IV and AAD),
but the app was using always the minimum size.

These changes allows the user to use an specific size,
either from the string provided with cipher_key, auth_key, iv and ADD parameters,
or from the values provided with cipher_key_random_size,
auth_key_random_size, iv_random_size and aad_random_size.

This also allows the user to specify the digest size.

Fixes: 1df9c0109f4c ("examples/l2fwd-crypto: parse key parameters")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 257 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 247 insertions(+), 10 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c323b55..c561270 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -147,15 +147,21 @@ struct l2fwd_crypto_options {
 
 	struct rte_crypto_sym_xform cipher_xform;
 	unsigned ckey_param;
+	int ckey_random_size;
 
 	struct l2fwd_key iv;
 	unsigned iv_param;
+	int iv_random_size;
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
+	int akey_random_size;
 
 	struct l2fwd_key aad;
 	unsigned aad_param;
+	int aad_random_size;
+
+	int digest_size;
 
 	uint16_t block_size;
 	char string_auth_algo[MAX_STR_LEN];
@@ -799,12 +805,17 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
 		"  --cipher_key KEY\n"
+		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
 		"  --iv IV\n"
+		"  --iv_random_size SIZE: size of IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY\n"
+		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
 		"  --aad AAD\n"
+		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
+		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
 		"  --sessionless\n",
 	       prgname);
@@ -906,6 +917,27 @@ parse_key(uint8_t *data, char *input_arg)
 		data[byte_count++] = (uint8_t)number;
 	}
 
+	return byte_count;
+}
+
+/** Parse size param*/
+static int
+parse_size(int *size, const char *q_arg)
+{
+	char *end = NULL;
+	unsigned long n;
+
+	/* parse hexadecimal string */
+	n = strtoul(q_arg, &end, 10);
+	if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
+		n = 0;
+
+	if (n == 0) {
+		printf("invalid size\n");
+		return -1;
+	}
+
+	*size = n;
 	return 0;
 }
 
@@ -993,14 +1025,30 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
 		options->ckey_param = 1;
-		return parse_key(options->cipher_xform.cipher.key.data, optarg);
+		options->cipher_xform.cipher.key.length =
+			parse_key(options->cipher_xform.cipher.key.data, optarg);
+		if (options->cipher_xform.cipher.key.length > 0)
+			return 0;
+		else
+			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
+		return parse_size(&options->ckey_random_size, optarg);
+
 	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
 		options->iv_param = 1;
-		return parse_key(options->iv.data, optarg);
+		options->iv.length =
+			parse_key(options->iv.data, optarg);
+		if (options->iv.length > 0)
+			return 0;
+		else
+			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "iv_random_size") == 0)
+		return parse_size(&options->iv_random_size, optarg);
+
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
 		retval = parse_auth_algo(&options->auth_xform.auth.algo,
@@ -1016,12 +1064,34 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
 		options->akey_param = 1;
-		return parse_key(options->auth_xform.auth.key.data, optarg);
+		options->auth_xform.auth.key.length =
+			parse_key(options->auth_xform.auth.key.data, optarg);
+		if (options->auth_xform.auth.key.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "auth_key_random_size") == 0) {
+		return parse_size(&options->akey_random_size, optarg);
 	}
 
 	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
 		options->aad_param = 1;
-		return parse_key(options->aad.data, optarg);
+		options->aad.length =
+			parse_key(options->aad.data, optarg);
+		if (options->aad.length > 0)
+			return 0;
+		else
+			return -1;
+	}
+
+	else if (strcmp(lgopts[option_index].name, "aad_random_size") == 0) {
+		return parse_size(&options->aad_random_size, optarg);
+	}
+
+	else if (strcmp(lgopts[option_index].name, "digest_size") == 0) {
+		return parse_size(&options->digest_size, optarg);
 	}
 
 	else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
@@ -1121,7 +1191,11 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	options->cipher_xform.next = NULL;
 	options->ckey_param = 0;
+	options->ckey_random_size = -1;
+	options->cipher_xform.cipher.key.length = 0;
 	options->iv_param = 0;
+	options->iv_random_size = -1;
+	options->iv.length = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@@ -1130,7 +1204,12 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	options->auth_xform.next = NULL;
 	options->akey_param = 0;
+	options->akey_random_size = -1;
+	options->auth_xform.auth.key.length = 0;
 	options->aad_param = 0;
+	options->aad_random_size = -1;
+	options->aad.length = 0;
+	options->digest_size = -1;
 
 	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
@@ -1171,13 +1250,18 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_algo", required_argument, 0, 0 },
 			{ "cipher_op", required_argument, 0, 0 },
 			{ "cipher_key", required_argument, 0, 0 },
+			{ "cipher_key_random_size", required_argument, 0, 0 },
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
 			{ "auth_key", required_argument, 0, 0 },
+			{ "auth_key_random_size", required_argument, 0, 0 },
 
 			{ "iv", required_argument, 0, 0 },
+			{ "iv_random_size", required_argument, 0, 0 },
 			{ "aad", required_argument, 0, 0 },
+			{ "aad_random_size", required_argument, 0, 0 },
+			{ "digest_size", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
 
@@ -1320,6 +1404,19 @@ check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_
 	return -1;
 }
 
+static inline int
+check_supported_size(uint16_t length, uint16_t min, uint16_t max,
+		uint16_t increment)
+{
+	uint16_t supp_size;
+
+	for (supp_size = min; supp_size <= max; supp_size += increment) {
+		if (length == supp_size)
+			return 0;
+	}
+
+	return -1;
+}
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
@@ -1383,9 +1480,71 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.cipher.block_size;
-			options->iv.length = cap->sym.cipher.iv_size.min;
-			options->cipher_xform.cipher.key.length =
+			/*
+			 * Check if length of provided IV is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->iv_param) {
+				if (check_supported_size(options->iv.length,
+						cap->sym.cipher.iv_size.min,
+						cap->sym.cipher.iv_size.max,
+						cap->sym.cipher.iv_size.increment)
+							!= 0) {
+					printf("Unsupported IV length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of IV to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->iv_random_size != -1) {
+				if (check_supported_size(options->iv_random_size,
+						cap->sym.cipher.iv_size.min,
+						cap->sym.cipher.iv_size.max,
+						cap->sym.cipher.iv_size.increment)
+							!= 0) {
+					printf("Unsupported IV length\n");
+					return -1;
+				}
+				options->iv.length = options->iv_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->iv.length = cap->sym.cipher.iv_size.min;
+
+			/*
+			 * Check if length of provided cipher key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->ckey_param) {
+				if (check_supported_size(
+						options->cipher_xform.cipher.key.length,
+						cap->sym.cipher.key_size.min,
+						cap->sym.cipher.key_size.max,
+						cap->sym.cipher.key_size.increment)
+							!= 0) {
+					printf("Unsupported cipher key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the cipher key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->ckey_random_size != -1) {
+				if (check_supported_size(options->ckey_random_size,
+						cap->sym.cipher.key_size.min,
+						cap->sym.cipher.key_size.max,
+						cap->sym.cipher.key_size.increment)
+							!= 0) {
+					printf("Unsupported cipher key length\n");
+					return -1;
+				}
+				options->cipher_xform.cipher.key.length =
+							options->ckey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->cipher_xform.cipher.key.length =
 						cap->sym.cipher.key_size.min;
+
 			if (!options->ckey_param)
 				generate_random_key(
 					options->cipher_xform.cipher.key.data,
@@ -1420,17 +1579,95 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			}
 
 			options->block_size = cap->sym.auth.block_size;
+			/*
+			 * Check if length of provided AAD is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->aad_param) {
+				if (check_supported_size(options->aad.length,
+						cap->sym.auth.aad_size.min,
+						cap->sym.auth.aad_size.max,
+						cap->sym.auth.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of AAD to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->aad_random_size != -1) {
+				if (check_supported_size(options->aad_random_size,
+						cap->sym.auth.aad_size.min,
+						cap->sym.auth.aad_size.max,
+						cap->sym.auth.aad_size.increment)
+							!= 0) {
+					printf("Unsupported AAD length\n");
+					return -1;
+				}
+				options->aad.length = options->aad_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->aad.length = cap->sym.auth.aad_size.min;
+
 			options->auth_xform.auth.add_auth_data_length =
-						cap->sym.auth.aad_size.min;
-			options->auth_xform.auth.digest_length =
-						cap->sym.auth.digest_size.min;
-			options->auth_xform.auth.key.length =
+						options->aad.length;
+
+			/*
+			 * Check if length of provided auth key is supported
+			 * by the algorithm chosen.
+			 */
+			if (options->akey_param) {
+				if (check_supported_size(
+						options->auth_xform.auth.key.length,
+						cap->sym.auth.key_size.min,
+						cap->sym.auth.key_size.max,
+						cap->sym.auth.key_size.increment)
+							!= 0) {
+					printf("Unsupported auth key length\n");
+					return -1;
+				}
+			/*
+			 * Check if length of the auth key to be randomly generated
+			 * is supported by the algorithm chosen.
+			 */
+			} else if (options->akey_random_size != -1) {
+				if (check_supported_size(options->akey_random_size,
+						cap->sym.auth.key_size.min,
+						cap->sym.auth.key_size.max,
+						cap->sym.auth.key_size.increment)
+							!= 0) {
+					printf("Unsupported auth key length\n");
+					return -1;
+				}
+				options->auth_xform.auth.key.length =
+							options->akey_random_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->auth_xform.auth.key.length =
 						cap->sym.auth.key_size.min;
 
 			if (!options->akey_param)
 				generate_random_key(
 					options->auth_xform.auth.key.data,
 					options->auth_xform.auth.key.length);
+
+			/* Check if digest size is supported by the algorithm. */
+			if (options->digest_size != -1) {
+				if (check_supported_size(options->digest_size,
+						cap->sym.auth.digest_size.min,
+						cap->sym.auth.digest_size.max,
+						cap->sym.auth.digest_size.increment)
+							!= 0) {
+					printf("Unsupported digest length\n");
+					return -1;
+				}
+				options->auth_xform.auth.digest_length =
+							options->digest_size;
+			/* No size provided, use minimum size. */
+			} else
+				options->auth_xform.auth.digest_length =
+						cap->sym.auth.digest_size.min;
 		}
 
 		retval = rte_cryptodev_configure(cdev_id, &conf);
-- 
2.5.5

[dpdk-dev] [PATCH v3 6/8] l2fwd-crypto: clarify key parsing in help

[Pablo de Lara]

Cipher/Auth keys, AAD and IV must be passed from command line
with ":" between bytes, but help was not clarifying that.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c561270..6a28448 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -804,16 +804,16 @@ l2fwd_crypto_usage(const char *prgname)
 
 		"  --cipher_algo ALGO\n"
 		"  --cipher_op ENCRYPT / DECRYPT\n"
-		"  --cipher_key KEY\n"
+		"  --cipher_key KEY (bytes separated with \":\")\n"
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
-		"  --iv IV\n"
+		"  --iv IV (bytes separated with \":\")\n"
 		"  --iv_random_size SIZE: size of IV when generated randomly\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
-		"  --auth_key KEY\n"
+		"  --auth_key KEY (bytes separated with \":\")\n"
 		"  --auth_key_random_size SIZE: size of auth key when generated randomly\n"
-		"  --aad AAD\n"
+		"  --aad AAD (bytes separated with \":\")\n"
 		"  --aad_random_size SIZE: size of AAD when generated randomly\n"
 		"  --digest_size SIZE: size of digest to be generated/verified\n"
 
-- 
2.5.5

[dpdk-dev] [PATCH v3 7/8] l2fwd-crypto: use key-value list of supported algorithms

[Pablo de Lara]

In order to ease the parsing and display of supported algorithms
in the application, two new arrays are created, which contains
the strings of the different cipher and authentication algorithms,

These lists are used to parse the algorithms from the command line,
and will be used to display crypto information to the user.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c          | 106 +++++++++++++++++-----------------
 lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
 2 files changed, 58 insertions(+), 54 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 6a28448..5fb33df 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -133,6 +133,9 @@ struct l2fwd_key {
 	phys_addr_t phys_addr;
 };
 
+char supported_auth_algo[RTE_CRYPTO_AUTH_LIST_END][MAX_STR_LEN];
+char supported_cipher_algo[RTE_CRYPTO_CIPHER_LIST_END][MAX_STR_LEN];
+
 /** l2fwd crypto application command line options */
 struct l2fwd_crypto_options {
 	unsigned portmask;
@@ -164,8 +167,6 @@ struct l2fwd_crypto_options {
 	int digest_size;
 
 	uint16_t block_size;
-	char string_auth_algo[MAX_STR_LEN];
-	char string_cipher_algo[MAX_STR_LEN];
 	char string_type[MAX_STR_LEN];
 };
 
@@ -328,6 +329,32 @@ print_stats(void)
 	printf("\n====================================================\n");
 }
 
+static void
+fill_supported_algorithm_tables(void)
+{
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_AUTH_LIST_END; i++)
+		strcpy(supported_auth_algo[i], "NOT_SUPPORTED");
+
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_AES_GCM], "AES_GCM");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_MD5_HMAC], "MD5_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_NULL], "NULL");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA1_HMAC], "SHA1_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA224_HMAC], "SHA224_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA256_HMAC], "SHA256_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA384_HMAC], "SHA384_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SHA512_HMAC], "SHA512_HMAC");
+	strcpy(supported_auth_algo[RTE_CRYPTO_AUTH_SNOW3G_UIA2], "SNOW3G_UIA2");
+
+	for (i = 0; i < RTE_CRYPTO_CIPHER_LIST_END; i++)
+		strcpy(supported_cipher_algo[i], "NOT_SUPPORTED");
+
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_CBC], "AES_CBC");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_AES_GCM], "AES_GCM");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_NULL], "NULL");
+	strcpy(supported_cipher_algo[RTE_CRYPTO_CIPHER_SNOW3G_UEA2], "SNOW3G_UEA2");
+}
 
 
 static int
@@ -864,18 +891,13 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 static int
 parse_cipher_algo(enum rte_crypto_cipher_algorithm *algo, char *optarg)
 {
-	if (strcmp("AES_CBC", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_AES_CBC;
-		return 0;
-	} else if (strcmp("AES_GCM", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_AES_GCM;
-		return 0;
-	} else if (strcmp("NULL", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_NULL;
-		return 0;
-	} else if (strcmp("SNOW3G_UEA2", optarg) == 0) {
-		*algo = RTE_CRYPTO_CIPHER_SNOW3G_UEA2;
-		return 0;
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_CIPHER_LIST_END; i++) {
+		if (!strcmp(supported_cipher_algo[i], optarg)) {
+			*algo = i;
+			return 0;
+		}
 	}
 
 	printf("Cipher algorithm  not supported!\n");
@@ -945,33 +967,13 @@ parse_size(int *size, const char *q_arg)
 static int
 parse_auth_algo(enum rte_crypto_auth_algorithm *algo, char *optarg)
 {
-	if (strcmp("AES_GCM", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_AES_GCM;
-		return 0;
-	} else if (strcmp("MD5_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_MD5_HMAC;
-		return 0;
-	} else if (strcmp("NULL", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_NULL;
-		return 0;
-	} else if (strcmp("SHA1_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-		return 0;
-	} else if (strcmp("SHA224_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA224_HMAC;
-		return 0;
-	} else if (strcmp("SHA256_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
-		return 0;
-	}  else if (strcmp("SHA384_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA384_HMAC;
-		return 0;
-	} else if (strcmp("SHA512_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA512_HMAC;
-		return 0;
-	} else if (strcmp("SNOW3G_UIA2", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SNOW3G_UIA2;
-		return 0;
+	unsigned i;
+
+	for (i = 0; i < RTE_CRYPTO_AUTH_LIST_END; i++) {
+		if (!strcmp(supported_auth_algo[i], optarg)) {
+			*algo = i;
+			return 0;
+		}
 	}
 
 	printf("Authentication algorithm specified not supported!\n");
@@ -1011,13 +1013,9 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_crypto_opt_chain(options, optarg);
 
 	/* Cipher options */
-	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0) {
-		retval = parse_cipher_algo(&options->cipher_xform.cipher.algo,
+	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0)
+		return parse_cipher_algo(&options->cipher_xform.cipher.algo,
 				optarg);
-		if (retval == 0)
-			strcpy(options->string_cipher_algo, optarg);
-		return retval;
-	}
 
 	else if (strcmp(lgopts[option_index].name, "cipher_op") == 0)
 		return parse_cipher_op(&options->cipher_xform.cipher.op,
@@ -1051,11 +1049,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
-		retval = parse_auth_algo(&options->auth_xform.auth.algo,
+		return parse_auth_algo(&options->auth_xform.auth.algo,
 				optarg);
-		if (retval == 0)
-			strcpy(options->string_auth_algo, optarg);
-		return retval;
 	}
 
 	else if (strcmp(lgopts[option_index].name, "auth_op") == 0)
@@ -1474,7 +1469,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
 				printf("Algorithm %s not supported by cryptodev %u"
 					" or device not of preferred type (%s)\n",
-					options->string_cipher_algo, cdev_id,
+					supported_cipher_algo[opt_cipher_algo],
+					cdev_id,
 					options->string_type);
 				continue;
 			}
@@ -1573,7 +1569,8 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
 				printf("Algorithm %s not supported by cryptodev %u"
 					" or device not of preferred type (%s)\n",
-					options->string_auth_algo, cdev_id,
+					supported_auth_algo[opt_auth_algo],
+					cdev_id,
 					options->string_type);
 				continue;
 			}
@@ -1848,6 +1845,9 @@ main(int argc, char **argv)
 	/* reserve memory for Cipher/Auth key and IV */
 	reserve_key_memory(&options);
 
+	/* fill out the supported algorithm tables */
+	fill_supported_algorithm_tables();
+
 	/* parse application arguments (after the EAL ones) */
 	ret = l2fwd_crypto_parse_args(&options, argc, argv);
 	if (ret < 0)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index d01287c..913941a 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -101,8 +101,10 @@ enum rte_crypto_cipher_algorithm {
 	RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
 	/**< SNOW3G algorithm in UEA2 mode */
 
-	RTE_CRYPTO_CIPHER_ZUC_EEA3
+	RTE_CRYPTO_CIPHER_ZUC_EEA3,
 	/**< ZUC algorithm in EEA3 mode */
+
+	RTE_CRYPTO_CIPHER_LIST_END
 };
 
 /** Symmetric Cipher Direction */
@@ -234,6 +236,8 @@ enum rte_crypto_auth_algorithm {
 
 	RTE_CRYPTO_AUTH_ZUC_EIA3,
 	/**< ZUC algorithm in EIA3 mode */
+
+	RTE_CRYPTO_AUTH_LIST_END
 };
 
 /** Symmetric Authentication / Hash Operations */
-- 
2.5.5

[dpdk-dev] [PATCH v3 8/8] l2fwd-crypto: extend crypto information

[Pablo de Lara]

Display extra crypto information (algorithms, keys/IV/AAD used, chain...),
so user can know exactly what operations are being carried out.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 84 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 82 insertions(+), 2 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 5fb33df..09a07d3 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -71,6 +71,7 @@
 #include <rte_prefetch.h>
 #include <rte_random.h>
 #include <rte_ring.h>
+#include <rte_hexdump.h>
 
 enum cdev_type {
 	CDEV_TYPE_ANY,
@@ -634,8 +635,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 
 	RTE_LOG(INFO, L2FWD, "entering main loop on lcore %u\n", lcore_id);
 
-	l2fwd_crypto_options_print(options);
-
 	for (i = 0; i < qconf->nb_rx_ports; i++) {
 
 		portid = qconf->rx_port_list[i];
@@ -708,6 +707,14 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 				port_cparams[i].dev_id);
 	}
 
+	l2fwd_crypto_options_print(options);
+
+	/*
+	 * Initialize previous tsc timestamp before the loop,
+	 * to avoid showing the port statistics immediately,
+	 * so user can see the crypto information.
+	 */
+	prev_tsc = rte_rdtsc();
 	while (1) {
 
 		cur_tsc = rte_rdtsc();
@@ -1213,8 +1220,45 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 }
 
 static void
+display_cipher_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- Cipher information ---\n");
+	printf("Algorithm: %s\n",
+		supported_cipher_algo[options->cipher_xform.cipher.algo]);
+	rte_hexdump(stdout, "Cipher key:",
+			options->cipher_xform.cipher.key.data,
+			options->cipher_xform.cipher.key.length);
+	rte_hexdump(stdout, "IV:", options->iv.data, options->iv.length);
+}
+
+static void
+display_auth_info(struct l2fwd_crypto_options *options)
+{
+	printf("\n---- Authentication information ---\n");
+	printf("Algorithm: %s\n",
+		supported_auth_algo[options->auth_xform.auth.algo]);
+	rte_hexdump(stdout, "Auth key:",
+			options->auth_xform.auth.key.data,
+			options->auth_xform.auth.key.length);
+	rte_hexdump(stdout, "AAD:", options->aad.data, options->aad.length);
+}
+
+static void
 l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 {
+	char string_cipher_op[MAX_STR_LEN];
+	char string_auth_op[MAX_STR_LEN];
+
+	if (options->cipher_xform.cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+		strcpy(string_cipher_op, "Encrypt");
+	else
+		strcpy(string_cipher_op, "Decrypt");
+
+	if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
+		strcpy(string_auth_op, "Auth generate");
+	else
+		strcpy(string_auth_op, "Auth verify");
+
 	printf("Options:-\nn");
 	printf("portmask: %x\n", options->portmask);
 	printf("ports per lcore: %u\n", options->nb_ports_per_lcore);
@@ -1226,6 +1270,42 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("sessionless crypto: %s\n",
 			options->sessionless ? "enabled" : "disabled");
+
+	if (options->ckey_param && (options->ckey_random_size != -1))
+		printf("Cipher key already parsed, ignoring size of random key\n");
+
+	if (options->akey_param && (options->akey_random_size != -1))
+		printf("Auth key already parsed, ignoring size of random key\n");
+
+	if (options->iv_param && (options->iv_random_size != -1))
+		printf("IV already parsed, ignoring size of random IV\n");
+
+	if (options->aad_param && (options->aad_random_size != -1))
+		printf("AAD already parsed, ignoring size of random AAD\n");
+
+	printf("\nCrypto chain: ");
+	switch (options->xform_chain) {
+	case L2FWD_CRYPTO_CIPHER_HASH:
+		printf("Input --> %s --> %s --> Output\n",
+			string_cipher_op, string_auth_op);
+		display_cipher_info(options);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_HASH_CIPHER:
+		printf("Input --> %s --> %s --> Output\n",
+			string_auth_op, string_cipher_op);
+		display_cipher_info(options);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_HASH_ONLY:
+		printf("Input --> %s --> Output\n", string_auth_op);
+		display_auth_info(options);
+		break;
+	case L2FWD_CRYPTO_CIPHER_ONLY:
+		printf("Input --> %s --> Output\n", string_cipher_op);
+		display_cipher_info(options);
+		break;
+	}
 }
 
 /* Parse the argument given in the command line of the application */
-- 
2.5.5

Re: [dpdk-dev] [PATCH v2 0/8] L2fwd-crypto fixes/enhancements

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas.monjalon@6wind.com]
> Sent: Thursday, March 31, 2016 10:20 AM
> To: De Lara Guarch, Pablo
> Cc: dev@dpdk.org; Doherty, Declan
> Subject: Re: [dpdk-dev] [PATCH v2 0/8] L2fwd-crypto fixes/enhancements
> 
> 2016-03-31 10:01, Pablo de Lara:
> > This patches fixes some small issues in L2fwd-crypto
> > app and also improves the app, making it more flexible
> > (accepting different key sizes)
> > and readable (information display improvement).
> >
> > Changes in v2:
> >
> > - Extended help information
> 
> The line "Tested-by: Min Cao <min.cao@intel.com>" is missing.

Thanks for pointing that out. V3 sent with that line.

Pablo

Re: [dpdk-dev] [PATCH v3 0/8] L2fwd-crypto fixes/enhancements

[Bruce Richardson]

On Thu, Mar 31, 2016 at 10:32:06AM +0100, Pablo de Lara wrote:
> This patches fixes some small issues in L2fwd-crypto
> app and also improves the app, making it more flexible
> (accepting different key sizes)
> and readable (information display improvement).
> 
> Series-tested-by: Min Cao <min.cao@intel.com>
> 

Hi,

Just some general advice:

When someone is acking/resporting a tested-by for a patch series it's ok to 
reply to the patch 0.

However, for subsequent versions of the patchset itself, the acks and tested-bys
should be placed on (all) the patches themselves, not in the cover letter. If
it's in the cover letter, you're forcing the applier of the patch to modify each
one individually to stick on the extra information.

Thanks,
/Bruce

> 
> Changes in v3:
> 
> - Added missing Tested-by line.
> 
> Changes in v2:
> 
> - Extended help information
> 
> Pablo de Lara (8):
>   l2fwd-crypto: add missing new line character in help
>   l2fwd-crypto: rename period parameter
>   l2fwd-crypto: add missing string initialization
>   l2fwd-crypto: fix length of random IV/AAD
>   l2fwd-crypto: fix ambiguous input key size
>   l2fwd-crypto: clarify key parsing in help
>   l2fwd-crypto: use key-value list of supported algorithms
>   l2fwd-crypto: extend crypto information
> 
>  examples/l2fwd-crypto/main.c          | 473 ++++++++++++++++++++++++++++------
>  lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
>  2 files changed, 402 insertions(+), 77 deletions(-)
> 
> -- 
> 2.5.5
> 

Re: [dpdk-dev] [PATCH v3 0/8] L2fwd-crypto fixes/enhancements

[Thomas Monjalon]

2016-03-31 13:14, Bruce Richardson:
> On Thu, Mar 31, 2016 at 10:32:06AM +0100, Pablo de Lara wrote:
> > This patches fixes some small issues in L2fwd-crypto
> > app and also improves the app, making it more flexible
> > (accepting different key sizes)
> > and readable (information display improvement).
> > 
> > Series-tested-by: Min Cao <min.cao@intel.com>
> > 
> 
> Hi,
> 
> Just some general advice:
> 
> When someone is acking/resporting a tested-by for a patch series it's ok to 
> reply to the patch 0.
> 
> However, for subsequent versions of the patchset itself, the acks and tested-bys
> should be placed on (all) the patches themselves, not in the cover letter. If
> it's in the cover letter, you're forcing the applier of the patch to modify each
> one individually to stick on the extra information.

Yes
More information about Tested-by:
In general it doesn't apply to each patch. Example, here, I doubt
it has to be added to the patch "add missing new line character in help".

Thanks for adding the tag where relevant (by reading the test report).

[...]
> > Pablo de Lara (8):
> >   l2fwd-crypto: add missing new line character in help
> >   l2fwd-crypto: rename period parameter
> >   l2fwd-crypto: add missing string initialization
> >   l2fwd-crypto: fix length of random IV/AAD
> >   l2fwd-crypto: fix ambiguous input key size
> >   l2fwd-crypto: clarify key parsing in help
> >   l2fwd-crypto: use key-value list of supported algorithms
> >   l2fwd-crypto: extend crypto information

Re: [dpdk-dev] [PATCH v3 0/8] L2fwd-crypto fixes/enhancements

[Declan Doherty]

On 31/03/16 10:32, Pablo de Lara wrote:
> This patches fixes some small issues in L2fwd-crypto
> app and also improves the app, making it more flexible
> (accepting different key sizes)
> and readable (information display improvement).
>
> Series-tested-by: Min Cao <min.cao@intel.com>
>
>
> Changes in v3:
>
> - Added missing Tested-by line.
>
> Changes in v2:
>
> - Extended help information
>
> Pablo de Lara (8):
>    l2fwd-crypto: add missing new line character in help
>    l2fwd-crypto: rename period parameter
>    l2fwd-crypto: add missing string initialization
>    l2fwd-crypto: fix length of random IV/AAD
>    l2fwd-crypto: fix ambiguous input key size
>    l2fwd-crypto: clarify key parsing in help
>    l2fwd-crypto: use key-value list of supported algorithms
>    l2fwd-crypto: extend crypto information
>
>   examples/l2fwd-crypto/main.c          | 473 ++++++++++++++++++++++++++++------
>   lib/librte_cryptodev/rte_crypto_sym.h |   6 +-
>   2 files changed, 402 insertions(+), 77 deletions(-)
>

Series-Acked-by: Declan Doherty <declan.doherty@intel.com>

Re: [dpdk-dev] [PATCH v3 0/8] L2fwd-crypto fixes/enhancements

[Thomas Monjalon]

> > Pablo de Lara (8):
> >    l2fwd-crypto: add missing new line character in help
> >    l2fwd-crypto: rename period parameter
> >    l2fwd-crypto: add missing string initialization
> >    l2fwd-crypto: fix length of random IV/AAD
> >    l2fwd-crypto: fix ambiguous input key size
> >    l2fwd-crypto: clarify key parsing in help
> >    l2fwd-crypto: use key-value list of supported algorithms
> >    l2fwd-crypto: extend crypto information
> 
> Series-Acked-by: Declan Doherty <declan.doherty@intel.com>

Applied, thanks