From: Radu Nicolau <radu.nicolau@intel.com>
To: dev@dpdk.org
Cc: Radu Nicolau <radu.nicolau@intel.com>
Subject: [dpdk-dev] [RFC PATCH 3/5] rte_security: updates and enabled security operations for ethdev
Date: Fri, 25 Aug 2017 15:57:24 +0100 [thread overview]
Message-ID: <1503673046-30651-4-git-send-email-radu.nicolau@intel.com> (raw)
In-Reply-To: <1503673046-30651-1-git-send-email-radu.nicolau@intel.com>
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
---
lib/Makefile | 1 +
lib/librte_cryptodev/rte_cryptodev_pmd.h | 4 +--
lib/librte_cryptodev/rte_cryptodev_version.map | 10 ++++++++
lib/librte_cryptodev/rte_security.c | 34 +++++++++++++++++---------
lib/librte_cryptodev/rte_security.h | 12 ++++++---
5 files changed, 44 insertions(+), 17 deletions(-)
diff --git a/lib/Makefile b/lib/Makefile
index 86caba1..08a1767 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -51,6 +51,7 @@ DEPDIRS-librte_ether += librte_mbuf
DIRS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += librte_cryptodev
DEPDIRS-librte_cryptodev := librte_eal librte_mempool librte_ring librte_mbuf
DEPDIRS-librte_cryptodev += librte_kvargs
+DEPDIRS-librte_cryptodev += librte_ether
DIRS-$(CONFIG_RTE_LIBRTE_EVENTDEV) += librte_eventdev
DEPDIRS-librte_eventdev := librte_eal librte_ring
DIRS-$(CONFIG_RTE_LIBRTE_VHOST) += librte_vhost
diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.h b/lib/librte_cryptodev/rte_cryptodev_pmd.h
index 219fba6..ab3ecf7 100644
--- a/lib/librte_cryptodev/rte_cryptodev_pmd.h
+++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h
@@ -371,7 +371,7 @@ struct rte_cryptodev_ops {
* - Returns -ENOTSUP if crypto device does not support the crypto transform.
* - Returns -ENOMEM if the private session could not be allocated.
*/
-typedef int (*security_configure_session_t)(struct rte_cryptodev *dev,
+typedef int (*security_configure_session_t)(void *dev,
struct rte_security_sess_conf *conf,
struct rte_security_session *sess,
struct rte_mempool *mp);
@@ -382,7 +382,7 @@ typedef int (*security_configure_session_t)(struct rte_cryptodev *dev,
* @param dev Crypto device pointer
* @param sess Security session structure
*/
-typedef void (*security_free_session_t)(struct rte_cryptodev *dev,
+typedef void (*security_free_session_t)(void *dev,
struct rte_security_session *sess);
/** Security operations function pointer table */
diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
index e9ba88a..20b553e 100644
--- a/lib/librte_cryptodev/rte_cryptodev_version.map
+++ b/lib/librte_cryptodev/rte_cryptodev_version.map
@@ -79,3 +79,13 @@ DPDK_17.08 {
rte_crypto_aead_operation_strings;
} DPDK_17.05;
+
+DPDK_17.11 {
+ global:
+
+ rte_security_session_create;
+ rte_security_session_init;
+ rte_security_attach_session;
+ rte_security_session_free;
+
+} DPDK_17.08;
diff --git a/lib/librte_cryptodev/rte_security.c b/lib/librte_cryptodev/rte_security.c
index 7c73c93..5f35355 100644
--- a/lib/librte_cryptodev/rte_security.c
+++ b/lib/librte_cryptodev/rte_security.c
@@ -86,8 +86,12 @@ rte_security_session_init(uint16_t dev_id,
return -EINVAL;
cdev = rte_cryptodev_pmd_get_dev(dev_id);
index = cdev->driver_id;
+ if (cdev == NULL || sess == NULL || cdev->sec_ops == NULL
+ || cdev->sec_ops->session_configure == NULL)
+ return -EINVAL;
if (sess->sess_private_data[index] == NULL) {
- ret = cdev->sec_ops->session_configure(cdev, conf, sess, mp);
+ ret = cdev->sec_ops->session_configure((void *)cdev,
+ conf, sess, mp);
if (ret < 0) {
CDEV_LOG_ERR(
"cdev_id %d failed to configure session details",
@@ -100,14 +104,18 @@ rte_security_session_init(uint16_t dev_id,
case RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD:
dev = &rte_eth_devices[dev_id];
index = dev->data->port_id;
+ if (dev == NULL || sess == NULL || dev->sec_ops == NULL
+ || dev->sec_ops->session_configure == NULL)
+ return -EINVAL;
if (sess->sess_private_data[index] == NULL) {
-// ret = dev->sec_ops->session_configure(dev, conf, sess, mp);
-// if (ret < 0) {
-// CDEV_LOG_ERR(
-// "dev_id %d failed to configure session details",
-// dev_id);
-// return ret;
-// }
+ ret = dev->sec_ops->session_configure((void *)dev,
+ conf, sess, mp);
+ if (ret < 0) {
+ CDEV_LOG_ERR(
+ "dev_id %d failed to configure session details",
+ dev_id);
+ return ret;
+ }
}
break;
default:
@@ -152,16 +160,18 @@ rte_security_session_clear(uint8_t dev_id,
switch (action_type) {
case RTE_SECURITY_SESS_CRYPTO_PROTO_OFFLOAD:
cdev = rte_cryptodev_pmd_get_dev(dev_id);
- if (cdev == NULL || sess == NULL)
+ if (cdev == NULL || sess == NULL || cdev->sec_ops == NULL
+ || cdev->sec_ops->session_clear == NULL)
return -EINVAL;
- cdev->sec_ops->session_clear(cdev, sess);
+ cdev->sec_ops->session_clear((void *)cdev, sess);
break;
case RTE_SECURITY_SESS_ETH_INLINE_CRYPTO:
case RTE_SECURITY_SESS_ETH_PROTO_OFFLOAD:
dev = &rte_eth_devices[dev_id];
- if (dev == NULL || sess == NULL)
+ if (dev == NULL || sess == NULL || dev->sec_ops == NULL
+ || dev->sec_ops->session_clear == NULL)
return -EINVAL;
-// dev->dev_ops->session_clear(dev, sess);
+ dev->sec_ops->session_clear((void *)dev, sess);
break;
default:
return -EINVAL;
diff --git a/lib/librte_cryptodev/rte_security.h b/lib/librte_cryptodev/rte_security.h
index 9747d5e..0c8b358 100644
--- a/lib/librte_cryptodev/rte_security.h
+++ b/lib/librte_cryptodev/rte_security.h
@@ -20,7 +20,7 @@ extern "C" {
#include <rte_memory.h>
#include <rte_mempool.h>
#include <rte_common.h>
-#include <rte_crypto.h>
+#include "rte_crypto.h"
/** IPSec protocol mode */
enum rte_security_conf_ipsec_sa_mode {
@@ -70,9 +70,9 @@ struct rte_security_ipsec_tunnel_param {
} ipv4; /**< IPv4 header parameters */
struct {
- struct in6_addr *src_addr;
+ struct in6_addr src_addr;
/**< IPv6 source address */
- struct in6_addr *dst_addr;
+ struct in6_addr dst_addr;
/**< IPv6 destination address */
uint8_t dscp;
/**< IPv6 Differentiated Services Code Point */
@@ -171,6 +171,12 @@ struct rte_security_ipsec_xform {
uint8_t *data; /**< pointer to key data */
size_t length; /**< key length in bytes */
} auth_key;
+ enum rte_crypto_aead_algorithm aead_alg;
+ /**< AEAD Algorithm */
+ struct {
+ uint8_t *data; /**< pointer to key data */
+ size_t length; /**< key length in bytes */
+ } aead_key;
uint32_t salt; /**< salt for this SA */
enum rte_security_conf_ipsec_sa_mode mode;
/**< IPsec SA Mode - transport/tunnel */
--
2.7.5
next prev parent reply other threads:[~2017-08-25 15:01 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-25 14:57 [dpdk-dev] [RFC PATCH 0/5] Enable IPSec Inline for IXGBE PMD Radu Nicolau
2017-08-25 14:57 ` [dpdk-dev] [RFC PATCH 1/5] mbuff: added security offload flags Radu Nicolau
2017-08-25 14:57 ` [dpdk-dev] [RFC PATCH 2/5] ethdev: added security ops struct pointer Radu Nicolau
2017-08-25 14:57 ` Radu Nicolau [this message]
2017-08-29 12:14 ` [dpdk-dev] [RFC PATCH 3/5] rte_security: updates and enabled security operations for ethdev Akhil Goyal
2017-08-29 13:13 ` Radu Nicolau
2017-08-29 13:19 ` Akhil Goyal
2017-08-25 14:57 ` [dpdk-dev] [RFC PATCH 4/5] ixgbe: enable inline ipsec Radu Nicolau
2017-08-28 17:47 ` Ananyev, Konstantin
2017-08-29 13:06 ` Radu Nicolau
2017-08-25 14:57 ` [dpdk-dev] [RFC PATCH 5/5] examples/ipsec-secgw: enabled " Radu Nicolau
2017-08-29 12:04 ` Akhil Goyal
2017-08-29 13:00 ` [dpdk-dev] [RFC PATCH 0/5] Enable IPSec Inline for IXGBE PMD Boris Pismenny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1503673046-30651-4-git-send-email-radu.nicolau@intel.com \
--to=radu.nicolau@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).