[dpdk-dev] [PATCH 0/6] L2fwd-crypto enhancements

[dpdk-dev] [PATCH 0/6] L2fwd-crypto enhancements

[Pablo de Lara]

This patchset cleans up the l2fwd-crypto app,
implements some missing functionality
and makes use of the new capability discovery mechanism
that cryptodev library offers to discover which crypto operations
a PMD can provide.

This patchset depends on "cryptodev: add capabilities discovery mechanism" patch
(http://dpdk.org/dev/patchwork/patch/11434/)

Pablo de Lara (6):
  l2fwd-crypto: code cleanup
  l2fwd-crypto: update auth algo list
  l2fwd-crypto: implement parse_key function
  l2fwd_crypto: add AAD parsing
  l2fwd-crypto: add missing cipher/hash only cases
  l2fwd-crypto: use cryptodev capability discovery

 examples/l2fwd-crypto/main.c | 517 +++++++++++++++++++++++++++++--------------
 1 file changed, 348 insertions(+), 169 deletions(-)

-- 
2.5.0

[dpdk-dev] [PATCH 1/6] l2fwd-crypto: code cleanup

[Pablo de Lara]

- Removed unnecessary blank lines
- Changed some variable types (longer)
- Removed commented code

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 49 ++++++++------------------------------------
 1 file changed, 8 insertions(+), 41 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 65e90b5..12854e3 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -84,6 +84,7 @@
  */
 #define RTE_TEST_RX_DESC_DEFAULT 128
 #define RTE_TEST_TX_DESC_DEFAULT 512
+
 static uint16_t nb_rxd = RTE_TEST_RX_DESC_DEFAULT;
 static uint16_t nb_txd = RTE_TEST_TX_DESC_DEFAULT;
 
@@ -209,7 +210,7 @@ struct l2fwd_crypto_statistics crypto_statistics[RTE_MAX_ETHPORTS];
 
 /* A tsc-based timer responsible for triggering statistics printout */
 #define TIMER_MILLISECOND 2000000ULL /* around 1ms at 2 Ghz */
-#define MAX_TIMER_PERIOD 86400 /* 1 day max */
+#define MAX_TIMER_PERIOD 86400UL /* 1 day max */
 
 /* default period is 10 seconds */
 static int64_t timer_period = 10 * TIMER_MILLISECOND * 1000;
@@ -847,7 +848,6 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		options->cipher_xform.cipher.key.length = key.length;
 
 		return retval;
-
 	} else if (strcmp(lgopts[option_index].name, "iv") == 0)
 		return parse_key(&options->iv_key, sizeof(options->ivkey_data),
 				optarg);
@@ -871,7 +871,6 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		options->auth_xform.auth.key.length = key.length;
 
 		return retval;
-
 	} else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
 		options->sessionless = 1;
 		return 0;
@@ -932,16 +931,16 @@ l2fwd_crypto_parse_timer_period(struct l2fwd_crypto_options *options,
 		const char *q_arg)
 {
 	char *end = NULL;
-	long int n;
+	unsigned long n;
 
 	/* parse number string */
-	n = strtol(q_arg, &end, 10);
+	n = (unsigned)strtol(q_arg, &end, 10);
 	if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
 		n = 0;
 
 	if (n >= MAX_TIMER_PERIOD) {
-		printf("Warning refresh period specified %ld is greater than "
-				"max value %d! using max value",
+		printf("Warning refresh period specified %lu is greater than "
+				"max value %lu! using max value",
 				n, MAX_TIMER_PERIOD);
 		n = MAX_TIMER_PERIOD;
 	}
@@ -961,9 +960,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->nb_ports_per_lcore = 1;
 	options->refresh_period = 10000;
 	options->single_lcore = 0;
+	options->sessionless = 0;
 
 	options->cdev_type = RTE_CRYPTODEV_AESNI_MB_PMD;
-	options->sessionless = 0;
 	options->xform_chain = L2FWD_CRYPTO_CIPHER_HASH;
 
 	/* Cipher Data */
@@ -1018,39 +1017,6 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 
 	printf("sessionless crypto: %s\n",
 			options->sessionless ? "enabled" : "disabled");
-#if 0
-	options->xform_chain = L2FWD_CRYPTO_CIPHER_HASH;
-
-	/* Cipher Data */
-	options->cipher_xform.type = RTE_CRYPTO_XFORM_CIPHER;
-	options->cipher_xform.next = NULL;
-
-	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
-	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
-
-	generate_random_key(options->ckey_data, sizeof(options->ckey_data));
-
-	options->cipher_xform.cipher.key.data = options->ckey_data;
-	options->cipher_xform.cipher.key.phys_addr = 0;
-	options->cipher_xform.cipher.key.length = 16;
-
-
-	/* Authentication Data */
-	options->auth_xform.type = RTE_CRYPTO_XFORM_AUTH;
-	options->auth_xform.next = NULL;
-
-	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
-
-	options->auth_xform.auth.add_auth_data_length = 0;
-	options->auth_xform.auth.digest_length = 20;
-
-	generate_random_key(options->akey_data, sizeof(options->akey_data));
-
-	options->auth_xform.auth.key.data = options->akey_data;
-	options->auth_xform.auth.key.phys_addr = 0;
-	options->auth_xform.auth.key.length = 20;
-#endif
 }
 
 /* Parse the argument given in the command line of the application */
@@ -1078,6 +1044,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "iv", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
+
 			{ NULL, 0, 0, 0 }
 	};
 
-- 
2.5.0

[dpdk-dev] [PATCH 2/6] l2fwd-crypto: update auth algo list

[Pablo de Lara]

Updated authentication algorithm list:
- Added MD5_HMAC and SHA384_HMAC
- Removed SHA1, SHA224, SHA256

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 12854e3..d1e05d9 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -773,29 +773,23 @@ parse_key(struct l2fwd_key *key __rte_unused,
 static int
 parse_auth_algo(enum rte_crypto_auth_algorithm *algo, char *optarg)
 {
-	if (strcmp("SHA1", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA1;
+	if (strcmp("MD5_HMAC", optarg) == 0) {
+		*algo = RTE_CRYPTO_AUTH_MD5_HMAC;
 		return 0;
 	} else if (strcmp("SHA1_HMAC", optarg) == 0) {
 		*algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 		return 0;
-	} else if (strcmp("SHA224", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA224;
-		return 0;
 	} else if (strcmp("SHA224_HMAC", optarg) == 0) {
 		*algo = RTE_CRYPTO_AUTH_SHA224_HMAC;
 		return 0;
-	} else if (strcmp("SHA256", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA256;
-		return 0;
 	} else if (strcmp("SHA256_HMAC", optarg) == 0) {
 		*algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
 		return 0;
-	} else if (strcmp("SHA512", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA256;
+	}  else if (strcmp("SHA384_HMAC", optarg) == 0) {
+		*algo = RTE_CRYPTO_AUTH_SHA384_HMAC;
 		return 0;
 	} else if (strcmp("SHA512_HMAC", optarg) == 0) {
-		*algo = RTE_CRYPTO_AUTH_SHA256_HMAC;
+		*algo = RTE_CRYPTO_AUTH_SHA512_HMAC;
 		return 0;
 	}
 
-- 
2.5.0

[dpdk-dev] [PATCH 3/6] l2fwd-crypto: implement parse_key function

[Pablo de Lara]

Implement key parsing functionality, so user can provide
auth and cipher keys, plus IV, from the command line.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 123 +++++++++++++++++++++++++++----------------
 1 file changed, 78 insertions(+), 45 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index d1e05d9..bc37746 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -76,6 +76,7 @@
 
 #define NB_MBUF   8192
 
+#define MAX_KEY_SIZE 128
 #define MAX_PKT_BURST 32
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
 
@@ -136,13 +137,13 @@ struct l2fwd_crypto_options {
 	enum l2fwd_crypto_xform_chain xform_chain;
 
 	struct rte_crypto_sym_xform cipher_xform;
-	uint8_t ckey_data[32];
+	unsigned ckey_param;
 
-	struct l2fwd_key iv_key;
-	uint8_t ivkey_data[16];
+	struct l2fwd_key iv;
+	unsigned iv_param;
 
 	struct rte_crypto_sym_xform auth_xform;
-	uint8_t akey_data[128];
+	uint8_t akey_param;
 };
 
 /** l2fwd crypto lcore params */
@@ -152,7 +153,7 @@ struct l2fwd_crypto_params {
 
 	unsigned digest_length;
 	unsigned block_size;
-	struct l2fwd_key iv_key;
+	struct l2fwd_key iv;
 	struct rte_cryptodev_sym_session *session;
 };
 
@@ -172,6 +173,8 @@ struct lcore_queue_conf lcore_queue_conf[RTE_MAX_LCORE];
 
 static const struct rte_eth_conf port_conf = {
 	.rxmode = {
+		.mq_mode = ETH_MQ_RX_NONE,
+		.max_rx_pkt_len = ETHER_MAX_LEN,
 		.split_hdr_size = 0,
 		.header_split   = 0, /**< Header Split disabled */
 		.hw_ip_checksum = 0, /**< IP checksum offload disabled */
@@ -397,9 +400,9 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	op->sym->auth.data.length = data_len;
 
 
-	op->sym->cipher.iv.data = cparams->iv_key.data;
-	op->sym->cipher.iv.phys_addr = cparams->iv_key.phys_addr;
-	op->sym->cipher.iv.length = cparams->iv_key.length;
+	op->sym->cipher.iv.data = cparams->iv.data;
+	op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
+	op->sym->cipher.iv.length = cparams->iv.length;
 
 	op->sym->cipher.data.offset = ipdata_offset;
 	op->sym->cipher.data.length = data_len;
@@ -546,13 +549,12 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		port_cparams[i].block_size = 64;
 		port_cparams[i].digest_length = 20;
 
-		port_cparams[i].iv_key.data =
-				(uint8_t *)rte_malloc(NULL, 16, 8);
-		port_cparams[i].iv_key.length = 16;
-		port_cparams[i].iv_key.phys_addr = rte_malloc_virt2phy(
-				(void *)port_cparams[i].iv_key.data);
-		generate_random_key(port_cparams[i].iv_key.data,
-				sizeof(cparams[i].iv_key.length));
+		port_cparams[i].iv.length = 16;
+		port_cparams[i].iv.data = options->iv.data;
+		port_cparams[i].iv.phys_addr = options->iv.phys_addr;
+		if (!options->iv_param)
+			generate_random_key(options->iv.data,
+					port_cparams[i].iv.length);
 
 		port_cparams[i].session = initialize_crypto_session(options,
 				port_cparams[i].dev_id);
@@ -762,11 +764,24 @@ parse_cipher_op(enum rte_crypto_cipher_operation *op, char *optarg)
 
 /** Parse crypto key command line argument */
 static int
-parse_key(struct l2fwd_key *key __rte_unused,
-		unsigned length __rte_unused, char *arg __rte_unused)
+parse_key(uint8_t *data, char *input_arg)
 {
-	printf("Currently an unsupported argument!\n");
-	return -1;
+	unsigned byte_count;
+	char *token;
+
+	for (byte_count = 0, token = strtok(input_arg, ":");
+			(byte_count < MAX_KEY_SIZE) && (token != NULL);
+			token = strtok(NULL, ":")) {
+
+		int number = (int)strtol(token, NULL, 16);
+
+		if (errno == EINVAL || errno == ERANGE || number > 0xFF)
+			return -1;
+
+		data[byte_count++] = (uint8_t)number;
+	}
+
+	return 0;
 }
 
 /** Parse crypto cipher operation command line argument */
@@ -833,18 +848,14 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 				optarg);
 
 	else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
-		struct l2fwd_key key = { 0 };
-		int retval = 0;
-
-		retval = parse_key(&key, sizeof(options->ckey_data), optarg);
-
-		options->cipher_xform.cipher.key.data = key.data;
-		options->cipher_xform.cipher.key.length = key.length;
+		options->ckey_param = 1;
+		return parse_key(options->cipher_xform.cipher.key.data, optarg);
+	}
 
-		return retval;
-	} else if (strcmp(lgopts[option_index].name, "iv") == 0)
-		return parse_key(&options->iv_key, sizeof(options->ivkey_data),
-				optarg);
+	else if (strcmp(lgopts[option_index].name, "iv") == 0) {
+		options->iv_param = 1;
+		return parse_key(options->iv.data, optarg);
+	}
 
 	/* Authentication options */
 	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0)
@@ -856,16 +867,11 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 				optarg);
 
 	else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
-		struct l2fwd_key key = { 0 };
-		int retval = 0;
-
-		retval = parse_key(&key, sizeof(options->akey_data), optarg);
-
-		options->auth_xform.auth.key.data = key.data;
-		options->auth_xform.auth.key.length = key.length;
+		options->akey_param = 1;
+		return parse_key(options->auth_xform.auth.key.data, optarg);
+	}
 
-		return retval;
-	} else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
+	else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
 		options->sessionless = 1;
 		return 0;
 	}
@@ -962,19 +968,19 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	/* Cipher Data */
 	options->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	options->cipher_xform.next = NULL;
+	options->ckey_param = 0;
+	options->iv_param = 0;
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
-	generate_random_key(options->ckey_data, sizeof(options->ckey_data));
-
-	options->cipher_xform.cipher.key.data = options->ckey_data;
 	options->cipher_xform.cipher.key.length = 16;
 
 
 	/* Authentication Data */
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	options->auth_xform.next = NULL;
+	options->akey_param = 0;
 
 	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
@@ -982,9 +988,6 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_xform.auth.add_auth_data_length = 0;
 	options->auth_xform.auth.digest_length = 20;
 
-	generate_random_key(options->akey_data, sizeof(options->akey_data));
-
-	options->auth_xform.auth.key.data = options->akey_data;
 	options->auth_xform.auth.key.length = 20;
 }
 
@@ -1333,6 +1336,26 @@ initialize_ports(struct l2fwd_crypto_options *options)
 	return enabled_portcount;
 }
 
+static void
+reserve_key_memory(struct l2fwd_crypto_options *options)
+{
+	options->cipher_xform.cipher.key.data = rte_malloc("crypto key",
+						MAX_KEY_SIZE, 0);
+	if (options->cipher_xform.cipher.key.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
+
+
+	options->auth_xform.auth.key.data = rte_malloc("auth key",
+						MAX_KEY_SIZE, 0);
+	if (options->auth_xform.auth.key.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
+
+	options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
+	if (options->iv.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
+	options->iv.phys_addr = rte_malloc_virt2phy(options->iv.data);
+}
+
 int
 main(int argc, char **argv)
 {
@@ -1350,6 +1373,9 @@ main(int argc, char **argv)
 	argc -= ret;
 	argv += ret;
 
+	/* reserve memory for Cipher/Auth key and IV */
+	reserve_key_memory(&options);
+
 	/* parse application arguments (after the EAL ones) */
 	ret = l2fwd_crypto_parse_args(&options, argc, argv);
 	if (ret < 0)
@@ -1463,6 +1489,13 @@ main(int argc, char **argv)
 				(unsigned)cdev_id);
 	}
 
+	if (!options.akey_param)
+		generate_random_key(options.auth_xform.auth.key.data,
+				options.auth_xform.auth.key.length);
+
+	if (!options.ckey_param)
+		generate_random_key(options.cipher_xform.cipher.key.data,
+				options.cipher_xform.cipher.key.length);
 
 
 	/* launch per-lcore init on every lcore */
-- 
2.5.0

[dpdk-dev] [PATCH 4/6] l2fwd_crypto: add AAD parsing

[Pablo de Lara]

So far, L2fwd crypto app could parse cipher, auth keys
and IV, but not AAD (additional authentication data).

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index bc37746..d7e3499 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -144,6 +144,9 @@ struct l2fwd_crypto_options {
 
 	struct rte_crypto_sym_xform auth_xform;
 	uint8_t akey_param;
+
+	struct l2fwd_key aad;
+	unsigned aad_param;
 };
 
 /** l2fwd crypto lcore params */
@@ -154,6 +157,7 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 	struct l2fwd_key iv;
+	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 };
 
@@ -404,6 +408,12 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
 	op->sym->cipher.iv.length = cparams->iv.length;
 
+	if (cparams->aad.length) {
+		op->sym->auth.aad.data = cparams->aad.data;
+		op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
+		op->sym->auth.aad.length = cparams->aad.length;
+	}
+
 	op->sym->cipher.data.offset = ipdata_offset;
 	op->sym->cipher.data.length = data_len;
 
@@ -556,6 +566,15 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 			generate_random_key(options->iv.data,
 					port_cparams[i].iv.length);
 
+		port_cparams[i].aad.length =
+				options->auth_xform.auth.add_auth_data_length;
+		port_cparams[i].aad.phys_addr = options->aad.phys_addr;
+		port_cparams[i].aad.data = options->aad.data;
+		if (!options->aad_param)
+			generate_random_key(options->aad.data,
+					port_cparams[i].aad.length);
+
+
 		port_cparams[i].session = initialize_crypto_session(options,
 				port_cparams[i].dev_id);
 
@@ -695,6 +714,7 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
 		"  --auth_key KEY\n"
+		"  --aad AAD\n"
 
 		"  --sessionless\n",
 	       prgname);
@@ -871,6 +891,11 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		return parse_key(options->auth_xform.auth.key.data, optarg);
 	}
 
+	else if (strcmp(lgopts[option_index].name, "aad") == 0) {
+		options->aad_param = 1;
+		return parse_key(options->aad.data, optarg);
+	}
+
 	else if (strcmp(lgopts[option_index].name, "sessionless") == 0) {
 		options->sessionless = 1;
 		return 0;
@@ -981,6 +1006,7 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	options->auth_xform.next = NULL;
 	options->akey_param = 0;
+	options->aad_param = 0;
 
 	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
 	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
@@ -1039,6 +1065,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "auth_key", required_argument, 0, 0 },
 
 			{ "iv", required_argument, 0, 0 },
+			{ "aad", required_argument, 0, 0 },
 
 			{ "sessionless", no_argument, 0, 0 },
 
@@ -1354,6 +1381,11 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
 	if (options->iv.data == NULL)
 		rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
 	options->iv.phys_addr = rte_malloc_virt2phy(options->iv.data);
+
+	options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
+	if (options->aad.data == NULL)
+		rte_exit(EXIT_FAILURE, "Failed to allocate memory for AAD");
+	options->aad.phys_addr = rte_malloc_virt2phy(options->aad.data);
 }
 
 int
-- 
2.5.0

[dpdk-dev] [PATCH 5/6] l2fwd-crypto: add missing cipher/hash only cases

[Pablo de Lara]

Added cipher-only, hash-only operation cases,
which will be supported in the future.
Also, only sets authentication and ciphering parameters
when needed.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 112 +++++++++++++++++++++++++++++--------------
 1 file changed, 76 insertions(+), 36 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index d7e3499..c8e4c6e 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -115,7 +115,9 @@ struct op_buffer {
 
 enum l2fwd_crypto_xform_chain {
 	L2FWD_CRYPTO_CIPHER_HASH,
-	L2FWD_CRYPTO_HASH_CIPHER
+	L2FWD_CRYPTO_HASH_CIPHER,
+	L2FWD_CRYPTO_CIPHER_ONLY,
+	L2FWD_CRYPTO_HASH_ONLY
 };
 
 struct l2fwd_key {
@@ -159,6 +161,9 @@ struct l2fwd_crypto_params {
 	struct l2fwd_key iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
+
+	uint8_t do_cipher;
+	uint8_t do_hash;
 };
 
 /** lcore configuration */
@@ -393,30 +398,33 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	/* Set crypto operation data parameters */
 	rte_crypto_op_attach_sym_session(op, cparams->session);
 
-	/* Append space for digest to end of packet */
-	op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
-			cparams->digest_length);
-	op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
-			rte_pktmbuf_pkt_len(m) - cparams->digest_length);
-	op->sym->auth.digest.length = cparams->digest_length;
-
-	op->sym->auth.data.offset = ipdata_offset;
-	op->sym->auth.data.length = data_len;
-
+	if (cparams->do_hash) {
+		/* Append space for digest to end of packet */
+		op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
+				cparams->digest_length);
+		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
+				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
+		op->sym->auth.digest.length = cparams->digest_length;
+
+		op->sym->auth.data.offset = ipdata_offset;
+		op->sym->auth.data.length = data_len;
+
+		if (cparams->aad.length) {
+			op->sym->auth.aad.data = cparams->aad.data;
+			op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
+			op->sym->auth.aad.length = cparams->aad.length;
+		}
+	}
 
-	op->sym->cipher.iv.data = cparams->iv.data;
-	op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
-	op->sym->cipher.iv.length = cparams->iv.length;
+	if (cparams->do_cipher) {
+		op->sym->cipher.iv.data = cparams->iv.data;
+		op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
+		op->sym->cipher.iv.length = cparams->iv.length;
 
-	if (cparams->aad.length) {
-		op->sym->auth.aad.data = cparams->aad.data;
-		op->sym->auth.aad.phys_addr = cparams->aad.phys_addr;
-		op->sym->auth.aad.length = cparams->aad.length;
+		op->sym->cipher.data.offset = ipdata_offset;
+		op->sym->cipher.data.length = data_len;
 	}
 
-	op->sym->cipher.data.offset = ipdata_offset;
-	op->sym->cipher.data.length = data_len;
-
 	op->sym->m_src = m;
 
 	return l2fwd_crypto_enqueue(op, cparams);
@@ -508,9 +516,13 @@ initialize_crypto_session(struct l2fwd_crypto_options *options,
 	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH) {
 		first_xform = &options->cipher_xform;
 		first_xform->next = &options->auth_xform;
-	} else {
+	} else if (options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER) {
 		first_xform = &options->auth_xform;
 		first_xform->next = &options->cipher_xform;
+	} else if (options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
+		first_xform = &options->cipher_xform;
+	} else {
+		first_xform = &options->auth_xform;
 	}
 
 	/* Setup Cipher Parameters */
@@ -553,26 +565,48 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 	}
 
 	for (i = 0; i < qconf->nb_crypto_devs; i++) {
+		port_cparams[i].do_cipher = 0;
+		port_cparams[i].do_hash = 0;
+
+		switch (options->xform_chain) {
+		case L2FWD_CRYPTO_CIPHER_HASH:
+		case L2FWD_CRYPTO_HASH_CIPHER:
+			port_cparams[i].do_cipher = 1;
+			port_cparams[i].do_hash = 1;
+			break;
+		case L2FWD_CRYPTO_HASH_ONLY:
+			port_cparams[i].do_hash = 1;
+			break;
+		case L2FWD_CRYPTO_CIPHER_ONLY:
+			port_cparams[i].do_cipher = 1;
+			break;
+		}
+
 		port_cparams[i].dev_id = qconf->cryptodev_list[i];
 		port_cparams[i].qp_id = 0;
 
 		port_cparams[i].block_size = 64;
-		port_cparams[i].digest_length = 20;
 
-		port_cparams[i].iv.length = 16;
-		port_cparams[i].iv.data = options->iv.data;
-		port_cparams[i].iv.phys_addr = options->iv.phys_addr;
-		if (!options->iv_param)
-			generate_random_key(options->iv.data,
-					port_cparams[i].iv.length);
+		if (port_cparams[i].do_hash) {
+			port_cparams[i].digest_length = 20;
 
-		port_cparams[i].aad.length =
-				options->auth_xform.auth.add_auth_data_length;
-		port_cparams[i].aad.phys_addr = options->aad.phys_addr;
-		port_cparams[i].aad.data = options->aad.data;
-		if (!options->aad_param)
-			generate_random_key(options->aad.data,
-					port_cparams[i].aad.length);
+			port_cparams[i].aad.length =
+					options->auth_xform.auth.add_auth_data_length;
+			port_cparams[i].aad.phys_addr = options->aad.phys_addr;
+			port_cparams[i].aad.data = options->aad.data;
+			if (!options->aad_param)
+				generate_random_key(options->aad.data,
+						port_cparams[i].aad.length);
+		}
+
+		if (port_cparams[i].do_cipher) {
+			port_cparams[i].iv.length = 16;
+			port_cparams[i].iv.data = options->iv.data;
+			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
+			if (!options->iv_param)
+				generate_random_key(options->iv.data,
+					port_cparams[i].iv.length);
+		}
 
 
 		port_cparams[i].session = initialize_crypto_session(options,
@@ -745,6 +779,12 @@ parse_crypto_opt_chain(struct l2fwd_crypto_options *options, char *optarg)
 	} else if (strcmp("HASH_CIPHER", optarg) == 0) {
 		options->xform_chain = L2FWD_CRYPTO_HASH_CIPHER;
 		return 0;
+	} else if (strcmp("CIPHER_ONLY", optarg) == 0) {
+		options->xform_chain = L2FWD_CRYPTO_CIPHER_ONLY;
+		return 0;
+	} else if (strcmp("HASH_ONLY", optarg) == 0) {
+		options->xform_chain = L2FWD_CRYPTO_HASH_ONLY;
+		return 0;
 	}
 
 	return -1;
-- 
2.5.0

[dpdk-dev] [PATCH 6/6] l2fwd-crypto: use cryptodev capability discovery

[Pablo de Lara]

Crypto devices now have information about
which crypto operations they are capable of provide.

This patch makes the app use this information,
removing all hardcoded values.

User now needs to create the virtual crypto devices
or bind the HW crypto devices, and the app will use
the ones capable of performing the crypto op specified
(user can select between HW/SW through command line)

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 277 ++++++++++++++++++++++++++++++-------------
 1 file changed, 195 insertions(+), 82 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index c8e4c6e..762d22a 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -72,10 +72,17 @@
 #include <rte_random.h>
 #include <rte_ring.h>
 
+enum cdev_type {
+	CDEV_TYPE_ANY,
+	CDEV_TYPE_HW,
+	CDEV_TYPE_SW
+};
+
 #define RTE_LOGTYPE_L2FWD RTE_LOGTYPE_USER1
 
 #define NB_MBUF   8192
 
+#define MAX_STR_LEN 32
 #define MAX_KEY_SIZE 128
 #define MAX_PKT_BURST 32
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
@@ -133,7 +140,7 @@ struct l2fwd_crypto_options {
 	unsigned refresh_period;
 	unsigned single_lcore:1;
 
-	enum rte_cryptodev_type cdev_type;
+	enum cdev_type type;
 	unsigned sessionless:1;
 
 	enum l2fwd_crypto_xform_chain xform_chain;
@@ -149,6 +156,11 @@ struct l2fwd_crypto_options {
 
 	struct l2fwd_key aad;
 	unsigned aad_param;
+
+	uint16_t block_size;
+	char string_auth_algo[MAX_STR_LEN];
+	char string_cipher_algo[MAX_STR_LEN];
+	char string_type[MAX_STR_LEN];
 };
 
 /** l2fwd crypto lcore params */
@@ -158,12 +170,14 @@ struct l2fwd_crypto_params {
 
 	unsigned digest_length;
 	unsigned block_size;
+
 	struct l2fwd_key iv;
 	struct l2fwd_key aad;
 	struct rte_cryptodev_sym_session *session;
 
 	uint8_t do_cipher;
 	uint8_t do_hash;
+	uint8_t hash_verify;
 };
 
 /** lcore configuration */
@@ -399,9 +413,15 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 	rte_crypto_op_attach_sym_session(op, cparams->session);
 
 	if (cparams->do_hash) {
-		/* Append space for digest to end of packet */
-		op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
+		if (!cparams->hash_verify) {
+			/* Append space for digest to end of packet */
+			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
 				cparams->digest_length);
+		} else {
+			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
+				cparams->digest_length);
+		}
+
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
 				rte_pktmbuf_pkt_len(m) - cparams->digest_length);
 		op->sym->auth.digest.length = cparams->digest_length;
@@ -422,7 +442,12 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 		op->sym->cipher.iv.length = cparams->iv.length;
 
 		op->sym->cipher.data.offset = ipdata_offset;
-		op->sym->cipher.data.length = data_len;
+		if (cparams->do_hash && cparams->hash_verify)
+			/* Do not cipher the hash tag */
+			op->sym->cipher.data.length = data_len -
+				cparams->digest_length;
+		else
+			op->sym->cipher.data.length = data_len;
 	}
 
 	op->sym->m_src = m;
@@ -585,29 +610,37 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		port_cparams[i].dev_id = qconf->cryptodev_list[i];
 		port_cparams[i].qp_id = 0;
 
-		port_cparams[i].block_size = 64;
+		port_cparams[i].block_size = options->block_size;
 
 		if (port_cparams[i].do_hash) {
-			port_cparams[i].digest_length = 20;
-
-			port_cparams[i].aad.length =
+			port_cparams[i].digest_length =
+					options->auth_xform.auth.digest_length;
+			if (options->auth_xform.auth.add_auth_data_length) {
+				port_cparams[i].aad.data = options->aad.data;
+				port_cparams[i].aad.length =
 					options->auth_xform.auth.add_auth_data_length;
-			port_cparams[i].aad.phys_addr = options->aad.phys_addr;
-			port_cparams[i].aad.data = options->aad.data;
-			if (!options->aad_param)
-				generate_random_key(options->aad.data,
-						port_cparams[i].aad.length);
+				port_cparams[i].aad.phys_addr = options->aad.phys_addr;
+				if (!options->aad_param)
+					generate_random_key(port_cparams[i].aad.data,
+						sizeof(port_cparams[i].aad.length));
+
+			}
+
+			if (options->auth_xform.auth.op == RTE_CRYPTO_AUTH_OP_VERIFY)
+				port_cparams[i].hash_verify = 1;
+			else
+				port_cparams[i].hash_verify = 0;
 		}
 
 		if (port_cparams[i].do_cipher) {
-			port_cparams[i].iv.length = 16;
 			port_cparams[i].iv.data = options->iv.data;
+			port_cparams[i].iv.length = options->iv.length;
 			port_cparams[i].iv.phys_addr = options->iv.phys_addr;
 			if (!options->iv_param)
-				generate_random_key(options->iv.data,
-					port_cparams[i].iv.length);
-		}
+				generate_random_key(port_cparams[i].iv.data,
+						sizeof(port_cparams[i].iv.length));
 
+		}
 
 		port_cparams[i].session = initialize_crypto_session(options,
 				port_cparams[i].dev_id);
@@ -627,7 +660,6 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 		 */
 		diff_tsc = cur_tsc - prev_tsc;
 		if (unlikely(diff_tsc > drain_tsc)) {
-
 			for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
 				if (qconf->pkt_buf[portid].len == 0)
 					continue;
@@ -756,13 +788,16 @@ l2fwd_crypto_usage(const char *prgname)
 
 /** Parse crypto device type command line argument */
 static int
-parse_cryptodev_type(enum rte_cryptodev_type *type, char *optarg)
+parse_cryptodev_type(enum cdev_type *type, char *optarg)
 {
-	if (strcmp("AESNI_MB", optarg) == 0) {
-		*type = RTE_CRYPTODEV_AESNI_MB_PMD;
+	if (strcmp("HW", optarg) == 0) {
+		*type = CDEV_TYPE_HW;
 		return 0;
-	} else if (strcmp("QAT", optarg) == 0) {
-		*type = RTE_CRYPTODEV_QAT_SYM_PMD;
+	} else if (strcmp("SW", optarg) == 0) {
+		*type = CDEV_TYPE_SW;
+		return 0;
+	} else if (strcmp("ANY", optarg) == 0) {
+		*type = CDEV_TYPE_ANY;
 		return 0;
 	}
 
@@ -892,16 +927,22 @@ static int
 l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		struct option *lgopts, int option_index)
 {
+	int retval;
+
 	if (strcmp(lgopts[option_index].name, "cdev_type") == 0)
-		return parse_cryptodev_type(&options->cdev_type, optarg);
+		return parse_cryptodev_type(&options->type, optarg);
 
 	else if (strcmp(lgopts[option_index].name, "chain") == 0)
 		return parse_crypto_opt_chain(options, optarg);
 
 	/* Cipher options */
-	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0)
-		return parse_cipher_algo(&options->cipher_xform.cipher.algo,
+	else if (strcmp(lgopts[option_index].name, "cipher_algo") == 0) {
+		retval = parse_cipher_algo(&options->cipher_xform.cipher.algo,
 				optarg);
+		if (retval == 0)
+			strcpy(options->string_cipher_algo, optarg);
+		return retval;
+	}
 
 	else if (strcmp(lgopts[option_index].name, "cipher_op") == 0)
 		return parse_cipher_op(&options->cipher_xform.cipher.op,
@@ -918,9 +959,13 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 	}
 
 	/* Authentication options */
-	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0)
-		return parse_auth_algo(&options->auth_xform.auth.algo,
+	else if (strcmp(lgopts[option_index].name, "auth_algo") == 0) {
+		retval = parse_auth_algo(&options->auth_xform.auth.algo,
 				optarg);
+		if (retval == 0)
+			strcpy(options->string_auth_algo, optarg);
+		return retval;
+	}
 
 	else if (strcmp(lgopts[option_index].name, "auth_op") == 0)
 		return parse_auth_op(&options->auth_xform.auth.op,
@@ -1027,7 +1072,6 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->single_lcore = 0;
 	options->sessionless = 0;
 
-	options->cdev_type = RTE_CRYPTODEV_AESNI_MB_PMD;
 	options->xform_chain = L2FWD_CRYPTO_CIPHER_HASH;
 
 	/* Cipher Data */
@@ -1039,9 +1083,6 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
 
-	options->cipher_xform.cipher.key.length = 16;
-
-
 	/* Authentication Data */
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	options->auth_xform.next = NULL;
@@ -1049,12 +1090,9 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 	options->aad_param = 0;
 
 	options->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
-	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
-
-	options->auth_xform.auth.add_auth_data_length = 0;
-	options->auth_xform.auth.digest_length = 20;
+	options->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
 
-	options->auth_xform.auth.key.length = 20;
+	options->type = CDEV_TYPE_ANY;
 }
 
 static void
@@ -1069,15 +1107,6 @@ l2fwd_crypto_options_print(struct l2fwd_crypto_options *options)
 	printf("stats_printing: %s\n",
 			options->refresh_period == 0 ? "disabled" : "enabled");
 
-	switch (options->cdev_type) {
-	case RTE_CRYPTODEV_AESNI_MB_PMD:
-		printf("cryptodev type: AES-NI MB PMD\n"); break;
-	case RTE_CRYPTODEV_QAT_SYM_PMD:
-		printf("cryptodev type: QAT PMD\n"); break;
-	default:
-		break;
-	}
-
 	printf("sessionless crypto: %s\n",
 			options->sessionless ? "enabled" : "disabled");
 }
@@ -1232,27 +1261,41 @@ check_all_ports_link_status(uint8_t port_num, uint32_t port_mask)
 	}
 }
 
+/* Check if device has to be HW/SW or any */
+static int
+check_type(struct l2fwd_crypto_options *options, struct rte_cryptodev_info *dev_info)
+{
+	if (options->type == CDEV_TYPE_HW &&
+			(dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
+		return 0;
+	if (options->type == CDEV_TYPE_SW &&
+			!(dev_info->feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED))
+		return 0;
+	if (options->type == CDEV_TYPE_ANY)
+		return 0;
+
+	return -1;
+}
+
 static int
-initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports)
+initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
+		uint8_t *enabled_cdevs)
 {
 	unsigned i, cdev_id, cdev_count, enabled_cdev_count = 0;
+	const struct rte_cryptodev_capabilities *cap;
+	enum rte_crypto_auth_algorithm cap_auth_algo;
+	enum rte_crypto_auth_algorithm opt_auth_algo;
+	enum rte_crypto_cipher_algorithm cap_cipher_algo;
+	enum rte_crypto_cipher_algorithm opt_cipher_algo;
 	int retval;
 
-	if (options->cdev_type == RTE_CRYPTODEV_QAT_SYM_PMD) {
-		if (rte_cryptodev_count() < nb_ports)
-			return -1;
-	} else if (options->cdev_type == RTE_CRYPTODEV_AESNI_MB_PMD) {
-		for (i = 0; i < nb_ports; i++) {
-			int retval = rte_eal_vdev_init(CRYPTODEV_NAME_AESNI_MB_PMD,
-					NULL);
-			if (retval < 0)
-				return -1;
-		}
+	cdev_count = rte_cryptodev_count();
+	if (cdev_count == 0) {
+		printf("No crypto devices available\n");
+		return -1;
 	}
 
-	cdev_count = rte_cryptodev_count();
-	for (cdev_id = 0;
-			cdev_id < cdev_count && enabled_cdev_count < nb_ports;
+	for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
 			cdev_id++) {
 		struct rte_cryptodev_qp_conf qp_conf;
 		struct rte_cryptodev_info dev_info;
@@ -1268,9 +1311,84 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports)
 
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
-		if (dev_info.dev_type != options->cdev_type)
-			continue;
+		/* Set cipher parameters */
+		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
+				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
+				options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
+			/* Check if device supports cipher algo */
+			i = 0;
+			opt_cipher_algo = options->cipher_xform.cipher.algo;
+			cap = &dev_info.capabilities[i];
+			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+				cap_cipher_algo = cap->sym.cipher.algo;
+				if (cap->sym.xform_type ==
+						RTE_CRYPTO_SYM_XFORM_CIPHER) {
+					if (cap_cipher_algo == opt_cipher_algo) {
+						if (check_type(options, &dev_info) == 0)
+							break;
+					}
+				}
+				cap = &dev_info.capabilities[++i];
+			}
+
+			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+				printf("Algorithm %s not supported by cryptodev %u"
+					" or device not of preferred type (%s)\n",
+					options->string_cipher_algo, cdev_id,
+					options->string_type);
+				continue;
+			}
+
+			options->block_size = cap->sym.cipher.block_size;
+			options->iv.length = cap->sym.cipher.iv_size.min;
+			options->cipher_xform.cipher.key.length =
+						cap->sym.cipher.key_size.min;
+			if (!options->ckey_param)
+				generate_random_key(
+					options->cipher_xform.cipher.key.data,
+					options->cipher_xform.cipher.key.length);
 
+		}
+
+		/* Set auth parameters */
+		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
+				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
+				options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
+			/* Check if device supports auth algo */
+			i = 0;
+			opt_auth_algo = options->auth_xform.auth.algo;
+			cap = &dev_info.capabilities[i];
+			while (cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+				cap_auth_algo = cap->sym.auth.algo;
+				if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH) &&
+						(cap_auth_algo == opt_auth_algo) &&
+						(check_type(options, &dev_info) == 0)) {
+					break;
+				}
+				cap = &dev_info.capabilities[++i];
+			}
+
+			if (cap->op == RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+				printf("Algorithm %s not supported by cryptodev %u"
+					" or device not of preferred type (%s)\n",
+					options->string_auth_algo, cdev_id,
+					options->string_type);
+				continue;
+			}
+
+			options->block_size = cap->sym.auth.block_size;
+			options->auth_xform.auth.add_auth_data_length =
+						cap->sym.auth.aad_size.min;
+			options->auth_xform.auth.digest_length =
+						cap->sym.auth.digest_size.min;
+			options->auth_xform.auth.key.length =
+						cap->sym.auth.key_size.min;
+
+			if (!options->akey_param)
+				generate_random_key(
+					options->auth_xform.auth.key.data,
+					options->auth_xform.auth.key.length);
+		}
 
 		retval = rte_cryptodev_configure(cdev_id, &conf);
 		if (retval < 0) {
@@ -1290,6 +1408,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports)
 
 		l2fwd_enabled_crypto_mask |= (1 << cdev_id);
 
+		enabled_cdevs[cdev_id] = 1;
 		enabled_cdev_count++;
 	}
 
@@ -1437,6 +1556,7 @@ main(int argc, char **argv)
 	uint8_t nb_ports, nb_cryptodevs, portid, cdev_id;
 	unsigned lcore_id, rx_lcore_id;
 	int ret, enabled_cdevcount, enabled_portcount;
+	uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
 
 	/* init EAL */
 	ret = rte_eal_init(argc, argv);
@@ -1510,23 +1630,25 @@ main(int argc, char **argv)
 		printf("Lcore %u: RX port %u\n", rx_lcore_id, (unsigned)portid);
 	}
 
-
 	/* Enable Crypto devices */
-	enabled_cdevcount = initialize_cryptodevs(&options, enabled_portcount);
-	if (enabled_cdevcount < 1)
-		rte_exit(EXIT_FAILURE, "Failed to initial crypto devices\n");
+	enabled_cdevcount = initialize_cryptodevs(&options, enabled_portcount,
+			enabled_cdevs);
+	if (enabled_cdevcount < 0)
+		rte_exit(EXIT_FAILURE, "Failed to initialize crypto devices\n");
+
+	if (enabled_cdevcount < enabled_portcount)
+		rte_exit(EXIT_FAILURE, "Number of capable crypto devices (%d) "
+				"has to be more or equal to number of ports (%d)\n",
+				enabled_cdevcount, enabled_portcount);
 
 	nb_cryptodevs = rte_cryptodev_count();
-	/* Initialize the port/queue configuration of each logical core */
+
+	/* Initialize the port/cryptodev configuration of each logical core */
 	for (rx_lcore_id = 0, qconf = NULL, cdev_id = 0;
 			cdev_id < nb_cryptodevs && enabled_cdevcount;
 			cdev_id++) {
-		struct rte_cryptodev_info info;
-
-		rte_cryptodev_info_get(cdev_id, &info);
-
-		/* skip devices of the wrong type */
-		if (options.cdev_type != info.dev_type)
+		/* Crypto op not supported by crypto device */
+		if (!enabled_cdevs[cdev_id])
 			continue;
 
 		if (options.single_lcore && qconf == NULL) {
@@ -1561,15 +1683,6 @@ main(int argc, char **argv)
 				(unsigned)cdev_id);
 	}
 
-	if (!options.akey_param)
-		generate_random_key(options.auth_xform.auth.key.data,
-				options.auth_xform.auth.key.length);
-
-	if (!options.ckey_param)
-		generate_random_key(options.cipher_xform.cipher.key.data,
-				options.cipher_xform.cipher.key.length);
-
-
 	/* launch per-lcore init on every lcore */
 	rte_eal_mp_remote_launch(l2fwd_launch_one_lcore, (void *)&options,
 			CALL_MASTER);
-- 
2.5.0

Re: [dpdk-dev] [PATCH 0/6] L2fwd-crypto enhancements

[Cao, Min]

Tested-by: Min Cao <min.cao@intel.com>

- Tested Commit: 94b0ad8e0aa556230183f4c4d06b68bfd145dce3
- OS: Fedora20 3.11.10-301.fc20.x86_64
- GCC: gcc (GCC) 4.8.3
- CPU: Intel(R) Xeon(R) CPU E5-2658 v3 @ 2.20GHz
- NIC: Niantic
- Default x86_64-native-linuxapp-gcc configuration
- Prerequisites:
- Total 65 cases, 65 passed, 0 failed

- test case 1: QAT Unit test 
    Total 45 cases, 45 passed, 0 failed

- test case 2: AES_NI Unit test 
    Total 10 cases, 10 passed, 0 failed

- test case 3: AES_NI GCM Unit test 
    Total 10 cases, 10 passed, 0 failed

-----Original Message-----
From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Pablo de Lara
Sent: Friday, March 11, 2016 8:03 AM
To: dev@dpdk.org
Subject: [dpdk-dev] [PATCH 0/6] L2fwd-crypto enhancements

This patchset cleans up the l2fwd-crypto app, implements some missing functionality and makes use of the new capability discovery mechanism that cryptodev library offers to discover which crypto operations a PMD can provide.

This patchset depends on "cryptodev: add capabilities discovery mechanism" patch
(http://dpdk.org/dev/patchwork/patch/11434/)

Pablo de Lara (6):
  l2fwd-crypto: code cleanup
  l2fwd-crypto: update auth algo list
  l2fwd-crypto: implement parse_key function
  l2fwd_crypto: add AAD parsing
  l2fwd-crypto: add missing cipher/hash only cases
  l2fwd-crypto: use cryptodev capability discovery

 examples/l2fwd-crypto/main.c | 517 +++++++++++++++++++++++++++++--------------
 1 file changed, 348 insertions(+), 169 deletions(-)

--
2.5.0

Re: [dpdk-dev] [PATCH 0/6] L2fwd-crypto enhancements

[Sergio Gonzalez Monroy]

On 11/03/2016 00:02, Pablo de Lara wrote:
> This patchset cleans up the l2fwd-crypto app,
> implements some missing functionality
> and makes use of the new capability discovery mechanism
> that cryptodev library offers to discover which crypto operations
> a PMD can provide.
>
> This patchset depends on "cryptodev: add capabilities discovery mechanism" patch
> (http://dpdk.org/dev/patchwork/patch/11434/)
>
> Pablo de Lara (6):
>    l2fwd-crypto: code cleanup
>    l2fwd-crypto: update auth algo list
>    l2fwd-crypto: implement parse_key function
>    l2fwd_crypto: add AAD parsing
>    l2fwd-crypto: add missing cipher/hash only cases
>    l2fwd-crypto: use cryptodev capability discovery
>
>   examples/l2fwd-crypto/main.c | 517 +++++++++++++++++++++++++++++--------------
>   1 file changed, 348 insertions(+), 169 deletions(-)
>

Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

Re: [dpdk-dev] [PATCH 0/6] L2fwd-crypto enhancements

[Thomas Monjalon]

> > This patchset cleans up the l2fwd-crypto app,
> > implements some missing functionality
> > and makes use of the new capability discovery mechanism
> > that cryptodev library offers to discover which crypto operations
> > a PMD can provide.
> >
> > This patchset depends on "cryptodev: add capabilities discovery mechanism" patch
> > (http://dpdk.org/dev/patchwork/patch/11434/)
> >
> > Pablo de Lara (6):
> >    l2fwd-crypto: code cleanup
> >    l2fwd-crypto: update auth algo list
> >    l2fwd-crypto: implement parse_key function
> >    l2fwd_crypto: add AAD parsing
> >    l2fwd-crypto: add missing cipher/hash only cases
> >    l2fwd-crypto: use cryptodev capability discovery
> >
> >   examples/l2fwd-crypto/main.c | 517 +++++++++++++++++++++++++++++--------------
> >   1 file changed, 348 insertions(+), 169 deletions(-)
> 
> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

Applied, thanks