From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 149444C91 for ; Tue, 11 Sep 2018 12:27:41 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Sep 2018 03:27:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,360,1531810800"; d="scan'208";a="72269109" Received: from irsmsx107.ger.corp.intel.com ([163.33.3.99]) by orsmga008.jf.intel.com with ESMTP; 11 Sep 2018 03:27:39 -0700 Received: from irsmsx101.ger.corp.intel.com ([169.254.1.40]) by IRSMSX107.ger.corp.intel.com ([169.254.10.116]) with mapi id 14.03.0319.002; Tue, 11 Sep 2018 11:27:38 +0100 From: "Zhang, Roy Fan" To: "Zhang, Roy Fan" , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] crypto action Thread-Index: AQHUSRYHgAEaxLqY8ECxIkx4w1LliaTq4Qug Date: Tue, 11 Sep 2018 10:27:38 +0000 Message-ID: <9F7182E3F746AB4EA17801C148F3C604334756D8@IRSMSX101.ger.corp.intel.com> References: <20180910143322.3680-1-roy.fan.zhang@intel.com> In-Reply-To: <20180910143322.3680-1-roy.fan.zhang@intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZWIzMDc4Y2YtOWQxMC00MmUxLThlYzQtOGQ2ZjU0ZDUxNWEwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiMmoyd0RwNzdkNHdQUkhcL2JkeHZFTyticG1rQ0pBenQrbGVLcTU0SGVlak5qTnRXSUp2Q2xVT01icGxwRkFPYnUifQ== dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] crypto action X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2018 10:27:43 -0000 Hi, Sorry about the spam but this patch was not intended to send to DPDK just y= et. I need further polish it and splits into a patchset as the v2 of http://pat= chwork.dpdk.org/patch/43919/ So I marked this patch as rejected in patchwork. Regards, Fan > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Zhang, Roy Fan > Sent: Monday, September 10, 2018 3:33 PM > To: dev@dpdk.org > Cc: Dumitrescu, Cristian > Subject: [dpdk-dev] [PATCH] crypto action >=20 > Change-Id: If1aecaac3335685f3bef79f47768ba8ae7765fbb > Signed-off-by: Zhang, Roy Fan > --- > examples/ip_pipeline/Makefile | 1 + > examples/ip_pipeline/action.c | 11 + > examples/ip_pipeline/action.h | 1 + > examples/ip_pipeline/cli.c | 744 ++++++++++++++++++++= +++++- > examples/ip_pipeline/examples/flow_crypto.cli | 76 +++ > examples/ip_pipeline/main.c | 17 + > examples/ip_pipeline/mempool.c | 2 +- > examples/ip_pipeline/mempool.h | 1 + > examples/ip_pipeline/pipeline.c | 61 +++ > examples/ip_pipeline/pipeline.h | 13 + > examples/ip_pipeline/sym_crypto.c | 320 +++++++++++ > examples/ip_pipeline/sym_crypto.h | 104 ++++ > examples/ip_pipeline/thread.c | 10 + > lib/librte_pipeline/rte_table_action.c | 183 ++++--- > lib/librte_pipeline/rte_table_action.h | 28 +- > 15 files changed, 1472 insertions(+), 100 deletions(-) > create mode 100644 examples/ip_pipeline/examples/flow_crypto.cli > create mode 100644 examples/ip_pipeline/sym_crypto.c > create mode 100644 examples/ip_pipeline/sym_crypto.h >=20 > diff --git a/examples/ip_pipeline/Makefile b/examples/ip_pipeline/Makefil= e > index 3fb98ce3e..819625632 100644 > --- a/examples/ip_pipeline/Makefile > +++ b/examples/ip_pipeline/Makefile > @@ -18,6 +18,7 @@ SRCS-y +=3D swq.c > SRCS-y +=3D tap.c > SRCS-y +=3D thread.c > SRCS-y +=3D tmgr.c > +SRCS-y +=3D sym_crypto.c >=20 > # Build using pkg-config variables if possible > $(shell pkg-config --exists libdpdk) > diff --git a/examples/ip_pipeline/action.c b/examples/ip_pipeline/action.= c > index a29c2b368..d97423568 100644 > --- a/examples/ip_pipeline/action.c > +++ b/examples/ip_pipeline/action.c > @@ -333,6 +333,17 @@ table_action_profile_create(const char *name, > } > } >=20 > + if (params->action_mask & (1LLU << > RTE_TABLE_ACTION_SYM_CRYPTO)) { > + status =3D rte_table_action_profile_action_register(ap, > + RTE_TABLE_ACTION_SYM_CRYPTO, > + ¶ms->sym_crypto); > + > + if (status) { > + rte_table_action_profile_free(ap); > + return NULL; > + } > + } > + > status =3D rte_table_action_profile_freeze(ap); > if (status) { > rte_table_action_profile_free(ap); > diff --git a/examples/ip_pipeline/action.h b/examples/ip_pipeline/action.= h > index 417200e86..cde17e69a 100644 > --- a/examples/ip_pipeline/action.h > +++ b/examples/ip_pipeline/action.h > @@ -53,6 +53,7 @@ struct table_action_profile_params { > struct rte_table_action_nat_config nat; > struct rte_table_action_ttl_config ttl; > struct rte_table_action_stats_config stats; > + struct rte_table_action_sym_crypto_config sym_crypto; > }; >=20 > struct table_action_profile { > diff --git a/examples/ip_pipeline/cli.c b/examples/ip_pipeline/cli.c > index 102a1d6b7..c73403378 100644 > --- a/examples/ip_pipeline/cli.c > +++ b/examples/ip_pipeline/cli.c > @@ -17,6 +17,7 @@ > #include "mempool.h" > #include "parser.h" > #include "pipeline.h" > +#include "sym_crypto.h" > #include "swq.h" > #include "tap.h" > #include "thread.h" > @@ -66,7 +67,7 @@ cmd_mempool(char **tokens, > char *name; > struct mempool *mempool; >=20 > - if (n_tokens !=3D 10) { > + if (n_tokens !=3D 10 && n_tokens !=3D 12) { > snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]); > return; > } > @@ -113,6 +114,18 @@ cmd_mempool(char **tokens, > return; > } >=20 > + if (n_tokens =3D=3D 12) { > + if (strcmp(tokens[10], "priv") !=3D 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, "priv"); > + return; > + } > + > + if (parser_read_uint32(&p.priv_size, tokens[11]) !=3D 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, "priv"); > + return; > + } > + } > + > mempool =3D mempool_create(name, &p); > if (mempool =3D=3D NULL) { > snprintf(out, out_size, MSG_CMD_FAIL, tokens[0]); > @@ -785,6 +798,569 @@ cmd_kni(char **tokens, > } > } >=20 > +static const char cmd_sym_crypto_help[] =3D > +"sym_crypto \n" > +" cryptodev | cryptodev_id \n" > +" q \n" > +" offset \n" > +" cpu \n"; > + > +static void > +cmd_sym_crypto(char **tokens, > + uint32_t n_tokens, > + char *out, > + size_t out_size) > +{ > + struct sym_crypto_params params; > + char *name; > + > + memset(¶ms, 0, sizeof(params)); > + if (n_tokens !=3D 11) { > + snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]); > + return; > + } > + > + name =3D tokens[1]; > + > + if (strcmp(tokens[2], "cryptodev") =3D=3D 0) > + params.dev_name =3D tokens[3]; > + else if (strcmp(tokens[2], "cryptodev_id") =3D=3D 0) { > + if (parser_read_uint32(¶ms.cryptodev_id, tokens[3]) < 0) > { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "cryptodev_id"); > + return; > + } > + } else { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "cryptodev"); > + return; > + } > + > + if (strcmp(tokens[4], "q")) { > + snprintf(out, out_size, MSG_ARG_NOT_FOUND, > + "4"); > + return; > + } > + > + if (parser_read_uint32(¶ms.n_queues, tokens[5]) < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "q"); > + return; > + } > + > + if (parser_read_uint32(¶ms.queue_size, tokens[6]) < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "queue_size"); > + return; > + } > + > + if (strcmp(tokens[7], "offset")) { > + snprintf(out, out_size, MSG_ARG_NOT_FOUND, > + "offset"); > + return; > + } > + > + if (parser_read_uint32(¶ms.op_offset, tokens[8]) < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "offset"); > + return; > + } > + > + if (strcmp(tokens[9], "cpu")) { > + snprintf(out, out_size, MSG_ARG_NOT_FOUND, > + "cpu"); > + return; > + } > + > + if (parser_read_uint32(¶ms.cpu_id, tokens[10]) < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "cpu"); > + return; > + } > + > + if (sym_crypto_create(name, ¶ms) =3D=3D NULL) { > + snprintf(out, out_size, MSG_CMD_FAIL, tokens[0]); > + return; > + } > +} > + > +static const char cmd_sym_crypto_session_help[] =3D > +"sym_crypto_session \n" > +" [create" > +" | sym_crypto \n" > +" | mempool_create mempool_init > \n" > +" | op > +" | [cipher_algo cipher_key cipher_iv ]\n" > +" | [auth_algo auth_key ]\n" > +" | [aead_algo aead_key aead_iv aead_aad > ]\n" > +" | digest_size ]\n" > +" [delete]\n"; > + > +static void > +cmd_sym_crypto_session(char **tokens, > + uint32_t n_tokens, > + char *out, > + size_t out_size) > +{ > + struct rte_crypto_sym_xform xforms[2]; > + struct rte_crypto_cipher_xform *xform_cipher =3D NULL; > + struct rte_crypto_auth_xform *xform_auth =3D NULL; > + struct rte_crypto_aead_xform *xform_aead =3D NULL; > + struct sym_crypto_session_params p; > + struct sym_crypto *sym_crypto; > + struct mempool *mp; > + char *name; > + uint32_t i; > + uint32_t iv_offset =3D RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET; > + int status =3D 0; > + > + memset(&p, 0, sizeof(p)); > + memset(xforms, 0, (sizeof(*xforms) * 2)); > + > + if (n_tokens =3D=3D 3) { > + if (strcmp(tokens[2], "delete")) { > + snprintf(out, out_size, MSG_ARG_INVALID, > tokens[0]); > + return; > + } > + > + if (sym_crypto_session_delete(tokens[2]) < 0) > + snprintf(out, out_size, MSG_CMD_FAIL, tokens[0]); > + > + return; > + } > + > + name =3D tokens[1]; > + > + if (strcmp(tokens[2], "create") || strcmp(tokens[3], "sym_crypto") > || > + strcmp(tokens[5], "mempool_create") || > + strcmp(tokens[7], "mempool_init") || > + strcmp(tokens[9], "op")) { > + snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > + return; > + } > + > + sym_crypto =3D sym_crypto_find(tokens[4]); > + if (sym_crypto =3D=3D NULL) { > + snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > + return; > + } > + p.cryptodev_id =3D sym_crypto->cryptodev_id; > + > + mp =3D mempool_find(tokens[6]); > + if (mp =3D=3D NULL) { > + snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > + return; > + } > + p.mp_create =3D mp->m; > + > + mp =3D mempool_find(tokens[8]); > + if (mp =3D=3D NULL) { > + snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > + return; > + } > + p.mp_init =3D mp->m; > + > + if (strcmp(tokens[10], "cipher_auth") =3D=3D 0) { > + xforms[0].next =3D &xforms[1]; > + > + xforms[0].type =3D RTE_CRYPTO_SYM_XFORM_CIPHER; > + xform_cipher =3D &xforms[0].cipher; > + xform_cipher->op =3D RTE_CRYPTO_CIPHER_OP_ENCRYPT; > + > + xforms[1].type =3D RTE_CRYPTO_SYM_XFORM_AUTH; > + xform_auth =3D &xforms[1].auth; > + xform_auth->op =3D RTE_CRYPTO_AUTH_OP_GENERATE; > + > + } else if (strcmp(tokens[10], "auth_cipher") =3D=3D 0) { > + xforms[0].next =3D &xforms[1]; > + > + xforms[0].type =3D RTE_CRYPTO_SYM_XFORM_AUTH; > + xform_auth =3D &xforms[0].auth; > + xform_auth->op =3D RTE_CRYPTO_AUTH_OP_VERIFY; > + > + xforms[1].type =3D RTE_CRYPTO_SYM_XFORM_CIPHER; > + xform_cipher =3D &xforms[1].cipher; > + xform_cipher->op =3D RTE_CRYPTO_CIPHER_OP_DECRYPT; > + > + } else if (strcmp(tokens[10], "cipher_enc") =3D=3D 0) { > + xform_cipher =3D &xforms[0].cipher; > + xforms[0].type =3D RTE_CRYPTO_SYM_XFORM_CIPHER; > + xform_cipher->op =3D RTE_CRYPTO_CIPHER_OP_ENCRYPT; > + > + } else if (strcmp(tokens[10], "cipher_dec") =3D=3D 0) { > + xform_cipher =3D &xforms[0].cipher; > + xforms[0].type =3D RTE_CRYPTO_SYM_XFORM_CIPHER; > + xform_cipher->op =3D RTE_CRYPTO_CIPHER_OP_DECRYPT; > + > + } else if (strcmp(tokens[10], "aead_enc") =3D=3D 0) { > + xforms[0].type =3D RTE_CRYPTO_SYM_XFORM_AEAD; > + xform_aead =3D &xforms[0].aead; > + xform_aead->op =3D RTE_CRYPTO_AEAD_OP_ENCRYPT; > + > + } else if (strcmp(tokens[10], "aead_dec") =3D=3D 0) { > + xforms[0].type =3D RTE_CRYPTO_SYM_XFORM_AEAD; > + xform_aead =3D &xforms[0].aead; > + xform_aead->op =3D RTE_CRYPTO_AEAD_OP_DECRYPT; > + > + } else { > + snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > + return; > + } > + > + for (i =3D 11; i < n_tokens; i++) { > + if (strcmp(tokens[i], "cipher_algo") =3D=3D 0) { > + if (xform_cipher =3D=3D NULL || xform_aead || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + status =3D rte_cryptodev_get_cipher_algo_enum( > + &xform_cipher->algo, tokens[i + 1]); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "cipher_key") =3D=3D 0) { > + size_t len; > + > + if (xform_cipher =3D=3D NULL || xform_aead || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + xform_cipher->key.data =3D calloc(1, len / 2 + 1); > + if (xform_cipher->key.data =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], > + xform_cipher->key.data, > + (uint32_t *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_cipher->key.length =3D (uint16_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "cipher_iv") =3D=3D 0) { > + size_t len; > + > + if (xform_cipher =3D=3D NULL || xform_aead || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + > + p.cipher_iv =3D calloc(1, len / 2 + 1); > + if (p.cipher_iv =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], p.cipher_iv, > + (uint32_t *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_cipher->iv.length =3D (uint16_t)len; > + p.cipher_iv_len =3D (uint32_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "auth_algo") =3D=3D 0) { > + if (xform_auth =3D=3D NULL || xform_aead || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + status =3D rte_cryptodev_get_auth_algo_enum(& > + xform_auth->algo, tokens[i + 1]); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "auth_key") =3D=3D 0) { > + size_t len; > + > + if (xform_auth =3D=3D NULL || xform_aead || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + xform_auth->key.data =3D calloc(1, len / 2 + 1); > + if (xform_auth->key.data =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], > + xform_auth->key.data, (uint32_t > *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_auth->key.length =3D (uint16_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "auth_iv") =3D=3D 0) { > + size_t len; > + > + if (xform_auth =3D=3D NULL || xform_aead || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + > + p.auth_iv =3D calloc(1, len / 2 + 1); > + if (p.auth_iv =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], p.auth_iv, > + (uint32_t *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_auth->iv.length =3D (uint16_t)len; > + p.auth_iv_len =3D (uint32_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "aead_algo") =3D=3D 0) { > + if (xform_aead =3D=3D NULL || xform_cipher || > xform_auth || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + status =3D rte_cryptodev_get_aead_algo_enum(& > + xform_aead->algo, tokens[i + 1]); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "aead_key") =3D=3D 0) { > + size_t len; > + > + if (xform_aead =3D=3D NULL || xform_cipher || > xform_auth || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + > + xform_aead->key.data =3D calloc(1, len / 2 + 1); > + if (xform_aead->key.data =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], > + xform_aead->key.data, (uint32_t > *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_aead->key.length =3D (uint16_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "aead_iv") =3D=3D 0) { > + size_t len; > + > + if (xform_aead =3D=3D NULL || xform_cipher || > xform_auth || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + > + p.aead_iv =3D calloc(1, len / 2 + 1); > + if (p.aead_iv =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], p.aead_iv, > + (uint32_t *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_aead->iv.length =3D (uint16_t)len; > + p.aead_iv_len =3D (uint32_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "aead_aad") =3D=3D 0) { > + size_t len; > + > + if (xform_aead =3D=3D NULL || xform_cipher || > xform_auth || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + len =3D strlen(tokens[i + 1]); > + > + p.aead_aad =3D calloc(1, len / 2 + 1); > + if (p.aead_aad =3D=3D NULL) { > + snprintf(out, out_size, > MSG_OUT_OF_MEMORY); > + goto error_exit; > + } > + > + status =3D parse_hex_string(tokens[i + 1], p.aead_aad, > + (uint32_t *)&len); > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + xform_aead->aad_length =3D (uint16_t)len; > + p.aead_aad_len =3D (uint32_t)len; > + > + i++; > + continue; > + } > + > + if (strcmp(tokens[i], "digest_size") =3D=3D 0) { > + if ((xform_aead =3D=3D NULL && xform_auth =3D=3D NULL) || > + n_tokens < i + 2) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + if (xform_auth) > + status =3D parser_read_uint16( > + &xform_auth->digest_length, > + tokens[i + 1]); > + else > + status =3D parser_read_uint16( > + &xform_aead->digest_length, > + tokens[i + 1]); > + > + if (status < 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + tokens[0]); > + goto error_exit; > + } > + > + i++; > + continue; > + } > + > + snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > + goto error_exit; > + } > + > + if (xform_cipher) > + xform_cipher->iv.offset =3D iv_offset; > + > + if (xform_aead) > + xform_aead->iv.offset =3D iv_offset; > + > + if (xform_auth && (xform_auth->iv.length > 0)) { > + if (xform_cipher) > + xform_auth->iv.offset =3D iv_offset + > + xform_cipher->iv.length; > + else > + xform_auth->iv.offset =3D iv_offset; > + } > + > + p.xforms =3D xforms; > + > + if (sym_crypto_session_create(name, &p) =3D=3D NULL) > + snprintf(out, out_size, MSG_CMD_FAIL, tokens[0]); > + > +error_exit: > + if (xform_cipher && xform_cipher->key.data) > + free(xform_cipher->key.data); > + if (xform_auth && xform_auth->key.data) > + free(xform_auth->key.data); > + if (xform_aead && xform_aead->key.data) > + free(xform_aead->key.data); > + if (p.cipher_iv) > + free(p.cipher_iv); > + if (p.auth_iv) > + free(p.auth_iv); > + if (p.aead_iv) > + free(p.aead_iv); > + if (p.aead_aad) > + free(p.aead_aad); > +} >=20 > static const char cmd_port_in_action_profile_help[] =3D > "port in action profile \n" > @@ -967,7 +1543,8 @@ static const char cmd_table_action_profile_help[] = =3D > " [ttl drop | fwd\n" > " stats none | pkts]\n" > " [stats pkts | bytes | both]\n" > -" [time]\n"; > +" [time]\n" > +" [sym_crypto ]\n"; >=20 > static void > cmd_table_action_profile(char **tokens, > @@ -1285,6 +1862,30 @@ cmd_table_action_profile(char **tokens, > t0 +=3D 1; > } /* time */ >=20 > + if ((t0 < n_tokens) && (strcmp(tokens[t0], "sym_crypto") =3D=3D 0)) { > + struct sym_crypto *sym_crypto; > + > + if (n_tokens < t0 + 2) { > + snprintf(out, out_size, MSG_ARG_MISMATCH, > + "table action profile sym_crypto"); > + return; > + } > + > + sym_crypto =3D sym_crypto_find(tokens[t0 + 1]); > + if (sym_crypto =3D=3D NULL) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "table action profile sym_crypto"); > + return; > + } > + > + p.sym_crypto.cryptodev_id =3D sym_crypto->cryptodev_id; > + p.sym_crypto.op_offset =3D sym_crypto->op_offset; > + > + p.action_mask |=3D 1LLU << > RTE_TABLE_ACTION_SYM_CRYPTO; > + > + t0 +=3D 5; > + } /* sym_crypto */ > + > if (t0 < n_tokens) { > snprintf(out, out_size, MSG_ARG_MISMATCH, tokens[0]); > return; > @@ -1366,6 +1967,7 @@ static const char cmd_pipeline_port_in_help[] =3D > " | tap mempool mtu \n" > " | kni \n" > " | source mempool file bpp > \n" > +" | sym_crypto rxq \n" > " [action ]\n" > " [disabled]\n"; >=20 > @@ -1538,6 +2140,27 @@ cmd_pipeline_port_in(char **tokens, > } >=20 > t0 +=3D 7; > + } else if (strcmp(tokens[t0], "sym_crypto") =3D=3D 0) { > + if (n_tokens < t0 + 3) { > + snprintf(out, out_size, MSG_ARG_MISMATCH, > + "pipeline port in sym_crypto"); > + return; > + } > + > + p.dev_name =3D tokens[t0 + 1]; > + if (parser_read_uint16(&p.rxq.queue_id, tokens[t0 + 3]) !=3D 0) > { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "rxq"); > + return; > + } > + > + /** TODO: different callback functions */ > + p.sym_crypto.arg_callback =3D NULL; > + p.sym_crypto.f_callback =3D NULL; > + > + p.type =3D PORT_IN_SYM_CRYPTO; > + > + t0 +=3D 4; > } else { > snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > return; > @@ -1584,7 +2207,8 @@ static const char cmd_pipeline_port_out_help[] =3D > " | tmgr \n" > " | tap \n" > " | kni \n" > -" | sink [file pkts ]\n"; > +" | sink [file pkts ]\n" > +" | sym_crypto txq offset > \n"; >=20 > static void > cmd_pipeline_port_out(char **tokens, > @@ -1718,6 +2342,39 @@ cmd_pipeline_port_out(char **tokens, > return; > } > } > + > + } else if (strcmp(tokens[6], "sym_crypto") =3D=3D 0) { > + if (n_tokens !=3D 12) { > + snprintf(out, out_size, MSG_ARG_MISMATCH, > + "pipeline port out sym_crypto"); > + return; > + } > + > + p.type =3D PORT_OUT_SYM_CRYPTO; > + > + p.dev_name =3D tokens[7]; > + > + if (strcmp(tokens[8], "txq") !=3D 0) { > + snprintf(out, out_size, MSG_ARG_NOT_FOUND, > "txq"); > + return; > + } > + > + if (parser_read_uint16(&p.sym_crypto.queue_id, tokens[9]) > + !=3D 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > "queue_id"); > + return; > + } > + > + if (strcmp(tokens[10], "offset") !=3D 0) { > + snprintf(out, out_size, MSG_ARG_NOT_FOUND, > "offset"); > + return; > + } > + > + if (parser_read_uint32(&p.sym_crypto.crypto_op_offset, > + tokens[11]) !=3D 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, "offset"); > + return; > + } > } else { > snprintf(out, out_size, MSG_ARG_INVALID, tokens[0]); > return; > @@ -2866,6 +3523,7 @@ parse_match(char **tokens, > * [ttl dec | keep] > * [stats] > * [time] > + * [sym_crypto data_offset session ] > * > * where: > * ::=3D g | y | r | drop > @@ -3349,6 +4007,52 @@ parse_table_action_time(char **tokens, > } >=20 > static uint32_t > +parse_table_action_sym_crypto(char **tokens, > + uint32_t n_tokens, > + struct table_rule_action *a) > +{ > + struct rte_table_action_sym_crypto_params *p =3D &a->sym_crypto; > + struct sym_crypto_session *sym_crypto_session; > + int status; > + > + if ((n_tokens < 5) || > + strcmp(tokens[0], "sym_crypto") || > + strcmp(tokens[1], "data_offset") || > + strcmp(tokens[3], "session")) > + return 0; > + > + sym_crypto_session =3D sym_crypto_session_find(tokens[4]); > + if (sym_crypto_session =3D=3D NULL) > + return 0; > + > + memset(p, 0, sizeof(*p)); > + > + status =3D parser_read_uint32(&p->data_offset, tokens[2]); > + if (status < 0) > + return 0; > + > + p->xform =3D sym_crypto_session->xforms; > + p->session =3D sym_crypto_session->session; > + > + if (p->xform->type !=3D RTE_CRYPTO_SYM_XFORM_AEAD) { > + p->cipher_auth.cipher_iv.val =3D sym_crypto_session- > >cipher_iv; > + p->cipher_auth.cipher_iv.length =3D > + sym_crypto_session->cipher_iv_len; > + p->cipher_auth.auth_iv.val =3D sym_crypto_session->auth_iv; > + p->cipher_auth.auth_iv.length =3D sym_crypto_session- > >auth_iv_len; > + } else { > + p->aead.iv.val =3D sym_crypto_session->aead_iv; > + p->aead.iv.length =3D sym_crypto_session->aead_iv_len; > + p->aead.aad.val =3D sym_crypto_session->aead_aad; > + p->aead.aad.length =3D sym_crypto_session->aead_aad_len; > + } > + > + a->action_mask |=3D 1 << RTE_TABLE_ACTION_SYM_CRYPTO; > + > + return 5; > +} > + > +static uint32_t > parse_table_action(char **tokens, > uint32_t n_tokens, > char *out, > @@ -3492,6 +4196,20 @@ parse_table_action(char **tokens, > n_tokens -=3D n; > } >=20 > + if (n_tokens && (strcmp(tokens[0], "sym_crypto") =3D=3D 0)) { > + uint32_t n; > + > + n =3D parse_table_action_sym_crypto(tokens, n_tokens, a); > + if (n =3D=3D 0) { > + snprintf(out, out_size, MSG_ARG_INVALID, > + "action sym_crypto"); > + return 0; > + } > + > + tokens +=3D n; > + n_tokens -=3D n; > + } > + > if (n_tokens0 - n_tokens =3D=3D 1) { > snprintf(out, out_size, MSG_ARG_INVALID, "action"); > return 0; > @@ -4570,6 +5288,16 @@ cmd_help(char **tokens, uint32_t n_tokens, char > *out, size_t out_size) > return; > } >=20 > + if (strcmp(tokens[0], "sym_crypto") =3D=3D 0) { > + snprintf(out, out_size, "\n%s\n", cmd_sym_crypto_help); > + return; > + } > + > + if (strcmp(tokens[0], "sym_crypto_session") =3D=3D 0) { > + snprintf(out, out_size, "\n%s\n", > cmd_sym_crypto_session_help); > + return; > + } > + > if ((n_tokens =3D=3D 4) && > (strcmp(tokens[0], "port") =3D=3D 0) && > (strcmp(tokens[1], "in") =3D=3D 0) && > @@ -4860,6 +5588,16 @@ cli_process(char *in, char *out, size_t out_size) > return; > } >=20 > + if (strcmp(tokens[0], "sym_crypto") =3D=3D 0) { > + cmd_sym_crypto(tokens, n_tokens, out, out_size); > + return; > + } > + > + if (strcmp(tokens[0], "sym_crypto_session") =3D=3D 0) { > + cmd_sym_crypto_session(tokens, n_tokens, out, out_size); > + return; > + } > + > if (strcmp(tokens[0], "port") =3D=3D 0) { > cmd_port_in_action_profile(tokens, n_tokens, out, > out_size); > return; > diff --git a/examples/ip_pipeline/examples/flow_crypto.cli > b/examples/ip_pipeline/examples/flow_crypto.cli > new file mode 100644 > index 000000000..68b79060e > --- /dev/null > +++ b/examples/ip_pipeline/examples/flow_crypto.cli > @@ -0,0 +1,76 @@ > +; SPDX-License-Identifier: BSD-3-Clause > +; Copyright(c) 2010-2018 Intel Corporation > + > +; ________________ > +; LINK0 RXQ0 --->| |---> LINK0 TXQ0 > +; | | > +; LINK1 RXQ0 --->| |---> LINK1 TXQ0 > +; | Flow | > +; LINK2 RXQ0 --->| Classification |---> LINK2 TXQ0 > +; | | > +; LINK3 RXQ0 --->| |---> LINK3 TXQ0 > +; |________________| > +; | > +; +-----------> SINK0 (flow lookup miss) > +; > +; Input packet: Ethernet/IPv4 > +; > +; Packet buffer layout: > +; # Field Name Offset (Bytes) Size (Bytes) > +; 0 Mbuf 0 128 > +; 1 Headroom 128 128 > +; 2 Priv 256 32 > +; 3 Ethernet header 288 14 > +; 4 IPv4 header 302 20 > +; 5 TCP header 322 48 > +; > + > +mempool MEMPOOL0 buffer 2304 pool 32K cache 256 cpu 0 priv 32 > +#mempool MEMPOOL_SESSION0 buffer 1024 pool 1024 cache 128 cpu 0 > +mempool MEMPOOL_SESSION0 buffer 1024 pool 1024 cache 128 cpu 1 > + > +link LINK0 dev 0000:07:00.0 rxq 1 128 MEMPOOL0 txq 1 512 promiscuous on > +#sym_crypto CRYPTO0 cryptodev crypto_aesni_gcm0 q 1 1024 offset 128 > cpu 0 > +sym_crypto CRYPTO0 cryptodev 0000:88:01.0_qat_sym q 1 1024 offset 128 > cpu 1 > + > +#AES-CBC-128 encrypt > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op cipher_enc cipher_algo aes-cbc cipher_key > 000102030405060708090a0b0c0d0e0f cipher_iv > 000102030405060708090a0b0c0d0e0f > +#AES-CBC-128 decrypt > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op cipher_dec cipher_algo aes-cbc cipher_key > 000102030405060708090a0b0c0d0e0f cipher_iv > 000102030405060708090a0b0c0d0e0f > +#AES-CBC-128-SHA1 encrypt AESNI-MB > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op cipher_auth cipher_algo aes-cbc cipher_key > 000102030405060708090a0b0c0d0e0f cipher_iv > 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key > 000102030405060708090a0b0c0d0e0f10111213 digest_size 12 > +#AES-CBC-128-SHA1 encrypt QAT > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op cipher_auth cipher_algo aes-cbc cipher_key > 000102030405060708090a0b0c0d0e0f cipher_iv > 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key > 000102030405060708090a0b0c0d0e0f10111213 digest_size 20 > +#AES-CBC-128-SHA1 decrypt AESNI-MB > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op auth_cipher cipher_algo aes-cbc cipher_key > 000102030405060708090a0b0c0d0e0f cipher_iv > 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key > 000102030405060708090a0b0c0d0e0f10111213 digest_size 12 > +#AES-CBC-128-SHA1 decrypt QAT > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op auth_cipher cipher_algo aes-cbc cipher_key > 000102030405060708090a0b0c0d0e0f cipher_iv > 000102030405060708090a0b0c0d0e0f auth_algo sha1-hmac auth_key > 000102030405060708090a0b0c0d0e0f10111213 digest_size 20 > +#AES-GCM encrypt > +sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op aead_enc aead_algo aes-gcm aead_key > 000102030405060708090a0b0c0d0e0f aead_iv 000102030405060708090a0b > aead_aad 000102030405060708090a0b0c0d0e0f digest_size 8 > +#AES-GCM decrypt > +#sym_crypto_session SESSION0 create sym_crypto CRYPTO0 > mempool_create MEMPOOL_SESSION0 mempool_init MEMPOOL_SESSION0 > op aead_dec aead_algo aes-gcm aead_key > 000102030405060708090a0b0c0d0e0f aead_iv 000102030405060708090a0b > aead_aad 000102030405060708090a0b0c0d0e0f digest_size 8 > + > +table action profile AP0 ipv4 offset 302 fwd sym_crypto CRYPTO0 > +table action profile AP1 ipv4 offset 302 fwd > + > +pipeline PIPELINE0 period 10 offset_port_id 0 cpu 0 > + > +pipeline PIPELINE0 port in bsz 32 link LINK0 rxq 0 > +pipeline PIPELINE0 port in bsz 32 sym_crypto CRYPTO0 rxq 0 > + > +pipeline PIPELINE0 port out bsz 32 sym_crypto CRYPTO0 txq 0 offset 128 > +pipeline PIPELINE0 port out bsz 32 link LINK0 txq 0 > +pipeline PIPELINE0 port out bsz 32 sink > + > +pipeline PIPELINE0 table match hash ext key 8 mask FFFFFFFF00000000 > offset 314 buckets 16K size 65K action AP0 > +pipeline PIPELINE0 table match stub action AP1 > + > +pipeline PIPELINE0 port in 0 table 0 > +pipeline PIPELINE0 port in 1 table 1 > + > +thread 1 pipeline PIPELINE0 enable > + > +pipeline PIPELINE0 table 0 rule add match default action fwd port 2 > +pipeline PIPELINE0 table 0 rule add match hash ipv4_addr 100.0.0.10 acti= on > fwd port 0 sym_crypto data_offset 20 session SESSION0 > +pipeline PIPELINE0 table 1 rule add match default action fwd port 1 > + > diff --git a/examples/ip_pipeline/main.c b/examples/ip_pipeline/main.c > index a69faceef..2de7f399b 100644 > --- a/examples/ip_pipeline/main.c > +++ b/examples/ip_pipeline/main.c > @@ -19,6 +19,7 @@ > #include "pipeline.h" > #include "swq.h" > #include "tap.h" > +#include "sym_crypto.h" > #include "thread.h" > #include "tmgr.h" >=20 > @@ -210,6 +211,22 @@ main(int argc, char **argv) > return status; > } >=20 > + /* Sym Crypto */ > + status =3D sym_crypto_init(); > + if (status) { > + printf("Error: Sym Crypto initialization failed (%d)\n", > + status); > + return status; > + } > + > + /* Sym Crypto Session */ > + status =3D sym_crypto_session_init(); > + if (status) { > + printf("Error: Sym Crypto initialization failed (%d)\n", > + status); > + return status; > + } > + > /* Action */ > status =3D port_in_action_profile_init(); > if (status) { > diff --git a/examples/ip_pipeline/mempool.c > b/examples/ip_pipeline/mempool.c > index f5d2a7d10..9e95a3764 100644 > --- a/examples/ip_pipeline/mempool.c > +++ b/examples/ip_pipeline/mempool.c > @@ -56,7 +56,7 @@ mempool_create(const char *name, struct > mempool_params *params) > name, > params->pool_size, > params->cache_size, > - 0, > + params->priv_size, > params->buffer_size - sizeof(struct rte_mbuf), > params->cpu_id); >=20 > diff --git a/examples/ip_pipeline/mempool.h > b/examples/ip_pipeline/mempool.h > index bd46a11ca..fb405de32 100644 > --- a/examples/ip_pipeline/mempool.h > +++ b/examples/ip_pipeline/mempool.h > @@ -32,6 +32,7 @@ struct mempool_params { > uint32_t pool_size; > uint32_t cache_size; > uint32_t cpu_id; > + uint32_t priv_size; > }; >=20 > struct mempool * > diff --git a/examples/ip_pipeline/pipeline.c > b/examples/ip_pipeline/pipeline.c > index 43fe8677a..a947dc144 100644 > --- a/examples/ip_pipeline/pipeline.c > +++ b/examples/ip_pipeline/pipeline.c > @@ -18,6 +18,7 @@ > #include > #include > #include > +#include >=20 > #include > #include > @@ -35,6 +36,7 @@ > #include "tap.h" > #include "tmgr.h" > #include "swq.h" > +#include "sym_crypto.h" >=20 > #include "hash_func.h" >=20 > @@ -163,6 +165,7 @@ pipeline_port_in_create(const char *pipeline_name, > struct rte_port_kni_reader_params kni; > #endif > struct rte_port_source_params source; > + struct rte_port_sym_crypto_reader_params sym_crypto; > } pp; >=20 > struct pipeline *pipeline; > @@ -296,6 +299,27 @@ pipeline_port_in_create(const char *pipeline_name, > break; > } >=20 > + case PORT_IN_SYM_CRYPTO: > + { > + struct sym_crypto *sym_crypto; > + > + sym_crypto =3D sym_crypto_find(params->dev_name); > + if (sym_crypto =3D=3D NULL) > + return -1; > + > + if (params->rxq.queue_id > (sym_crypto->n_queues - 1)) > + return -1; > + > + pp.sym_crypto.cryptodev_id =3D sym_crypto->cryptodev_id; > + pp.sym_crypto.queue_id =3D params->rxq.queue_id; > + pp.sym_crypto.f_callback =3D params->sym_crypto.f_callback; > + pp.sym_crypto.arg_callback =3D params- > >sym_crypto.arg_callback; > + p.ops =3D &rte_port_sym_crypto_reader_ops; > + p.arg_create =3D &pp.sym_crypto; > + > + break; > + } > + > default: > return -1; > } > @@ -385,6 +409,7 @@ pipeline_port_out_create(const char *pipeline_name, > struct rte_port_kni_writer_params kni; > #endif > struct rte_port_sink_params sink; > + struct rte_port_sym_crypto_writer_params sym_crypto; > } pp; >=20 > union { > @@ -394,6 +419,7 @@ pipeline_port_out_create(const char *pipeline_name, > #ifdef RTE_LIBRTE_KNI > struct rte_port_kni_writer_nodrop_params kni; > #endif > + struct rte_port_sym_crypto_writer_nodrop_params > sym_crypto; > } pp_nodrop; >=20 > struct pipeline *pipeline; > @@ -549,6 +575,41 @@ pipeline_port_out_create(const char > *pipeline_name, > break; > } >=20 > + case PORT_OUT_SYM_CRYPTO: > + { > + struct sym_crypto *sym_crypto; > + > + sym_crypto =3D sym_crypto_find(params->dev_name); > + if (sym_crypto =3D=3D NULL) > + return -1; > + > + if (params->sym_crypto.queue_id > (sym_crypto- > >n_queues - 1)) > + return -1; > + > + pp.sym_crypto.cryptodev_id =3D sym_crypto->cryptodev_id; > + pp.sym_crypto.queue_id =3D params->txq.queue_id; > + pp.sym_crypto.tx_burst_sz =3D params->burst_size; > + pp.sym_crypto.crypto_op_offset =3D > + params->sym_crypto.crypto_op_offset; > + > + pp_nodrop.sym_crypto.cryptodev_id =3D sym_crypto- > >cryptodev_id; > + pp_nodrop.sym_crypto.queue_id =3D params->txq.queue_id; > + pp_nodrop.sym_crypto.tx_burst_sz =3D params->burst_size; > + pp_nodrop.sym_crypto.n_retries =3D params->retry; > + pp_nodrop.sym_crypto.crypto_op_offset =3D > + params->sym_crypto.crypto_op_offset; > + > + if (params->retry =3D=3D 0) { > + p.ops =3D &rte_port_sym_crypto_writer_ops; > + p.arg_create =3D &pp.sym_crypto; > + } else { > + p.ops =3D &rte_port_sym_crypto_writer_nodrop_ops; > + p.arg_create =3D &pp_nodrop.sym_crypto; > + } > + > + break; > + } > + > default: > return -1; > } > diff --git a/examples/ip_pipeline/pipeline.h > b/examples/ip_pipeline/pipeline.h > index a953a29fa..b8a420f51 100644 > --- a/examples/ip_pipeline/pipeline.h > +++ b/examples/ip_pipeline/pipeline.h > @@ -27,6 +27,7 @@ enum port_in_type { > PORT_IN_TAP, > PORT_IN_KNI, > PORT_IN_SOURCE, > + PORT_IN_SYM_CRYPTO, > }; >=20 > struct port_in_params { > @@ -48,6 +49,11 @@ struct port_in_params { > const char *file_name; > uint32_t n_bytes_per_pkt; > } source; > + > + struct { > + void *f_callback; > + void *arg_callback; > + } sym_crypto; > }; > uint32_t burst_size; >=20 > @@ -62,6 +68,7 @@ enum port_out_type { > PORT_OUT_TAP, > PORT_OUT_KNI, > PORT_OUT_SINK, > + PORT_OUT_SYM_CRYPTO, > }; >=20 > struct port_out_params { > @@ -76,6 +83,11 @@ struct port_out_params { > const char *file_name; > uint32_t max_n_pkts; > } sink; > + > + struct { > + uint16_t queue_id; > + uint32_t crypto_op_offset; > + } sym_crypto; > }; > uint32_t burst_size; > int retry; > @@ -268,6 +280,7 @@ struct table_rule_action { > struct rte_table_action_ttl_params ttl; > struct rte_table_action_stats_params stats; > struct rte_table_action_time_params time; > + struct rte_table_action_sym_crypto_params sym_crypto; > }; >=20 > int > diff --git a/examples/ip_pipeline/sym_crypto.c > b/examples/ip_pipeline/sym_crypto.c > new file mode 100644 > index 000000000..88045e163 > --- /dev/null > +++ b/examples/ip_pipeline/sym_crypto.c > @@ -0,0 +1,320 @@ > +/* SPDX-License-Identifier: BSD-3-Clause > + * Copyright(c) 2018 Intel Corporation > + */ > + > +#include > +#include > + > +#include > +#include > +#include > + > +#include "sym_crypto.h" > + > +static struct sym_crypto_list sym_crypto_list; > + > +int > +sym_crypto_init(void) > +{ > + TAILQ_INIT(&sym_crypto_list); > + > + return 0; > +} > + > +struct sym_crypto * > +sym_crypto_find(const char *name) > +{ > + struct sym_crypto *sym_crypto; > + > + if (name =3D=3D NULL) > + return NULL; > + > + TAILQ_FOREACH(sym_crypto, &sym_crypto_list, node) > + if (strcmp(sym_crypto->name, name) =3D=3D 0) > + return sym_crypto; > + > + return NULL; > +} > + > +struct sym_crypto * > +sym_crypto_next(struct sym_crypto *sym_crypto) > +{ > + return (sym_crypto =3D=3D NULL) ? > + TAILQ_FIRST(&sym_crypto_list) : > + TAILQ_NEXT(sym_crypto, node); > +} > + > +struct sym_crypto * > +sym_crypto_create(const char *name, struct sym_crypto_params *params) > +{ > + struct rte_cryptodev_info dev_info; > + struct rte_cryptodev_config dev_conf; > + struct rte_cryptodev_qp_conf queue_conf; > + struct sym_crypto *sym_crypto; > + uint32_t cryptodev_id, i; > + int status; > + > + /* Check input params */ > + if ((name =3D=3D NULL) || > + sym_crypto_find(name) || > + (params->n_queues =3D=3D 0) || > + (params->queue_size =3D=3D 0)) > + return NULL; > + > + if (params->dev_name) { > + status =3D rte_cryptodev_get_dev_id(params->dev_name); > + if (status =3D=3D -1) > + return NULL; > + > + cryptodev_id =3D (uint32_t)status; > + } else { > + if (rte_cryptodev_pmd_is_valid_dev(params->cryptodev_id) > =3D=3D 0) > + return NULL; > + > + cryptodev_id =3D params->cryptodev_id; > + } > + > + rte_cryptodev_info_get(cryptodev_id, &dev_info); > + if (dev_info.max_nb_queue_pairs < params->n_queues) > + return NULL; > + if ((dev_info.feature_flags & > RTE_CRYPTODEV_FF_HW_ACCELERATED) && > + (params->cpu_id !=3D > + (uint32_t)rte_cryptodev_socket_id(cryptodev_id))) > + return NULL; > + > + dev_conf.socket_id =3D params->cpu_id; > + dev_conf.nb_queue_pairs =3D params->n_queues; > + > + status =3D rte_cryptodev_configure(cryptodev_id, &dev_conf); > + if (status < 0) > + return NULL; > + > + queue_conf.nb_descriptors =3D params->queue_size; > + for (i =3D 0; i < params->n_queues; i++) { > + status =3D rte_cryptodev_queue_pair_setup(cryptodev_id, i, > + &queue_conf, params->cpu_id, NULL); > + if (status < 0) > + return NULL; > + } > + > + if (rte_cryptodev_start(cryptodev_id) < 0) > + return NULL; > + > + sym_crypto =3D calloc(1, sizeof(struct sym_crypto)); > + if (sym_crypto =3D=3D NULL) { > + rte_cryptodev_stop(cryptodev_id); > + return NULL; > + } > + > + strlcpy(sym_crypto->name, name, sizeof(sym_crypto->name)); > + sym_crypto->cryptodev_id =3D cryptodev_id; > + sym_crypto->n_queues =3D params->n_queues; > + sym_crypto->op_offset =3D params->op_offset; > + > + TAILQ_INSERT_TAIL(&sym_crypto_list, sym_crypto, node); > + > + return sym_crypto; > +} > + > +int > +sym_crypto_is_up(const char *name) > +{ > + struct sym_crypto *sym_crypto; > + struct rte_cryptodev *dev; > + > + /* Check input params */ > + if (name =3D=3D NULL) > + return 0; > + > + sym_crypto =3D sym_crypto_find(name); > + if (sym_crypto =3D=3D NULL) > + return 0; > + > + /* Resource */ > + dev =3D &rte_cryptodevs[sym_crypto->cryptodev_id]; > + > + return (int)dev->data->dev_started; > +} > + > +static struct sym_crypto_session_list sym_crypto_session_list; > + > +int > +sym_crypto_session_init(void) > +{ > + TAILQ_INIT(&sym_crypto_session_list); > + > + return 0; > +} > + > +struct sym_crypto_session * > +sym_crypto_session_find(const char *name) > +{ > + struct sym_crypto_session *sym_crypto_session; > + > + if (name =3D=3D NULL) > + return NULL; > + > + TAILQ_FOREACH(sym_crypto_session, &sym_crypto_session_list, > node) > + if (strcmp(sym_crypto_session->name, name) =3D=3D 0) > + return sym_crypto_session; > + > + return NULL; > +} > + > +struct sym_crypto_session * > +sym_crypto_session_next(struct sym_crypto_session > *sym_crypto_session) > +{ > + return (sym_crypto_session =3D=3D NULL) ? > + TAILQ_FIRST(&sym_crypto_session_list) : > + TAILQ_NEXT(sym_crypto_session, node); > +} > + > +struct sym_crypto_session * > +sym_crypto_session_create(const char *name, > + struct sym_crypto_session_params *params) > +{ > + struct sym_crypto_session *sym_crypto_session; > + struct rte_cryptodev_sym_session *session; > + uint32_t cryptodev_id; > + int status; > + > + /* Check input params */ > + if ((name =3D=3D NULL) || > + sym_crypto_find(name) || > + (params->mp_create =3D=3D NULL) || > + (params->mp_init =3D=3D NULL) || > + (params->xforms =3D=3D NULL)) > + return NULL; > + > + if (params->dev_name) { > + status =3D rte_cryptodev_get_dev_id(params->dev_name); > + if (status =3D=3D -1) > + return NULL; > + > + cryptodev_id =3D (uint32_t)status; > + } else { > + if (rte_cryptodev_pmd_is_valid_dev(params->cryptodev_id) > =3D=3D 0) > + return NULL; > + > + cryptodev_id =3D params->cryptodev_id; > + } > + > + session =3D rte_cryptodev_sym_session_create(params->mp_create); > + if (session =3D=3D NULL) > + return NULL; > + > + status =3D rte_cryptodev_sym_session_init(cryptodev_id, session, > + params->xforms, params->mp_init); > + if (status < 0) { > + rte_cryptodev_sym_session_free(session); > + return NULL; > + } > + > + sym_crypto_session =3D calloc(1, sizeof(struct sym_crypto_session)); > + if (sym_crypto_session =3D=3D NULL) { > + rte_cryptodev_sym_session_clear(cryptodev_id, session); > + rte_cryptodev_sym_session_free(session); > + return NULL; > + } > + > + strlcpy(sym_crypto_session->name, name, > + sizeof(sym_crypto_session->name)); > + sym_crypto_session->cryptodev_id =3D cryptodev_id; > + sym_crypto_session->session =3D session; > + > + if (params->cipher_iv_len) { > + sym_crypto_session->cipher_iv =3D calloc(1, > + params->cipher_iv_len); > + if (sym_crypto_session->cipher_iv =3D=3D NULL) { > + rte_cryptodev_sym_session_clear(cryptodev_id, > session); > + rte_cryptodev_sym_session_free(session); > + free(sym_crypto_session); > + return NULL; > + } > + memcpy(sym_crypto_session->cipher_iv, params->cipher_iv, > + params->cipher_iv_len); > + sym_crypto_session->cipher_iv_len =3D params- > >cipher_iv_len; > + } > + > + if (params->auth_iv_len) { > + sym_crypto_session->auth_iv =3D calloc(1, params- > >auth_iv_len); > + if (sym_crypto_session->auth_iv =3D=3D NULL) { > + rte_cryptodev_sym_session_clear(cryptodev_id, > session); > + rte_cryptodev_sym_session_free(session); > + free(sym_crypto_session); > + return NULL; > + } > + memcpy(sym_crypto_session->auth_iv, params->auth_iv, > + params->auth_iv_len); > + sym_crypto_session->auth_iv_len =3D params->auth_iv_len; > + } > + > + if (params->aead_iv_len) { > + sym_crypto_session->aead_iv =3D calloc(1, params- > >aead_iv_len); > + if (sym_crypto_session->aead_iv =3D=3D NULL) { > + rte_cryptodev_sym_session_clear(cryptodev_id, > session); > + rte_cryptodev_sym_session_free(session); > + free(sym_crypto_session); > + return NULL; > + } > + memcpy(sym_crypto_session->aead_iv, params->aead_iv, > + params->aead_iv_len); > + sym_crypto_session->aead_iv_len =3D params->aead_iv_len; > + } > + > + if (params->aead_aad_len) { > + sym_crypto_session->aead_aad =3D calloc(1, params- > >aead_aad_len); > + if (sym_crypto_session->aead_aad =3D=3D NULL) { > + rte_cryptodev_sym_session_clear(cryptodev_id, > session); > + rte_cryptodev_sym_session_free(session); > + free(sym_crypto_session); > + return NULL; > + } > + memcpy(sym_crypto_session->aead_aad, params- > >aead_aad, > + params->aead_aad_len); > + sym_crypto_session->aead_aad_len =3D params- > >aead_aad_len; > + } > + > + memcpy(&sym_crypto_session->xforms[0], params->xforms, > + sizeof(struct rte_crypto_sym_xform)); > + if (params->xforms->next) { > + memcpy(&sym_crypto_session->xforms[1], params- > >xforms->next, > + sizeof(struct rte_crypto_sym_xform)); > + sym_crypto_session->xforms[0].next =3D > + &sym_crypto_session->xforms[1]; > + } > + > + TAILQ_INSERT_TAIL(&sym_crypto_session_list, sym_crypto_session, > node); > + > + return sym_crypto_session; > +} > + > +int > +sym_crypto_session_delete(const char *name) > +{ > + struct sym_crypto_session *sym_crypto_session =3D > + sym_crypto_session_find(name); > + > + if (sym_crypto_session =3D=3D NULL) > + return -1; > + > + rte_cryptodev_sym_session_clear(sym_crypto_session- > >cryptodev_id, > + sym_crypto_session->session); > + rte_cryptodev_sym_session_free(sym_crypto_session->session); > + > + if (sym_crypto_session->cipher_iv) > + free(sym_crypto_session->cipher_iv); > + > + if (sym_crypto_session->auth_iv) > + free(sym_crypto_session->auth_iv); > + > + if (sym_crypto_session->aead_iv) > + free(sym_crypto_session->aead_iv); > + > + if (sym_crypto_session->aead_aad) > + free(sym_crypto_session->aead_aad); > + > + memset(sym_crypto_session, 0, sizeof(*sym_crypto_session)); > + > + return 0; > +} > diff --git a/examples/ip_pipeline/sym_crypto.h > b/examples/ip_pipeline/sym_crypto.h > new file mode 100644 > index 000000000..b9c5e442e > --- /dev/null > +++ b/examples/ip_pipeline/sym_crypto.h > @@ -0,0 +1,104 @@ > +/* SPDX-License-Identifier: BSD-3-Clause > + * Copyright(c) 2018 Intel Corporation > + */ > + > +#ifndef _INCLUDE_SYM_C_H_ > +#define _INCLUDE_SYM_C_H_ > + > +#include > +#include > + > +#include > + > +#include "common.h" > + > +struct sym_crypto { > + TAILQ_ENTRY(sym_crypto) node; > + char name[NAME_SIZE]; > + uint16_t cryptodev_id; > + uint32_t op_offset; > + uint32_t n_queues; > +}; > + > +TAILQ_HEAD(sym_crypto_list, sym_crypto); > + > +int > +sym_crypto_init(void); > + > +struct sym_crypto * > +sym_crypto_find(const char *name); > + > +struct sym_crypto * > +sym_crypto_next(struct sym_crypto *sym_crypto); > + > +struct sym_crypto_params { > + const char *dev_name; > + uint32_t cryptodev_id; /**< Valid only when *dev_name* is NULL. > */ > + uint32_t n_queues; > + uint32_t queue_size; > + uint32_t cpu_id; > + uint32_t op_offset; > +}; > + > +struct sym_crypto * > +sym_crypto_create(const char *name, struct sym_crypto_params > *params); > + > +int > +sym_crypto_is_up(const char *name); > + > +struct sym_crypto_session { > + TAILQ_ENTRY(sym_crypto_session) node; > + char name[NAME_SIZE]; > + uint32_t cryptodev_id; > + struct rte_crypto_sym_xform xforms[2]; > + /** Cipher IV */ > + uint8_t *cipher_iv; > + uint32_t cipher_iv_len; > + uint8_t *auth_iv; > + uint32_t auth_iv_len; > + uint8_t *aead_iv; > + uint32_t aead_iv_len; > + uint8_t *aead_aad; > + uint32_t aead_aad_len; > + uint32_t data_offset; > + struct rte_cryptodev_sym_session *session; > +}; > + > +TAILQ_HEAD(sym_crypto_session_list, sym_crypto_session); > + > +int > +sym_crypto_session_init(void); > + > +struct sym_crypto_session * > +sym_crypto_session_find(const char *name); > + > +struct sym_crypto_session * > +sym_crypto_session_next(struct sym_crypto_session > *sym_crypto_session); > + > +struct sym_crypto_session_params { > + const char *dev_name; > + uint32_t cryptodev_id; /**< Valid only when *dev_name* is NULL. > */ > + > + struct rte_crypto_sym_xform *xforms; > + struct rte_mempool *mp_create; > + struct rte_mempool *mp_init; > + /** Cipher IV */ > + uint8_t *cipher_iv; > + uint32_t cipher_iv_len; > + uint8_t *auth_iv; > + uint32_t auth_iv_len; > + uint8_t *aead_iv; > + uint32_t aead_iv_len; > + uint8_t *aead_aad; > + uint32_t aead_aad_len; > + uint32_t data_offset; > +}; > + > +struct sym_crypto_session * > +sym_crypto_session_create(const char *name, > + struct sym_crypto_session_params *params); > + > +int > +sym_crypto_session_delete(const char *name); > + > +#endif > diff --git a/examples/ip_pipeline/thread.c b/examples/ip_pipeline/thread.= c > index 7fc03332e..ca741952a 100644 > --- a/examples/ip_pipeline/thread.c > +++ b/examples/ip_pipeline/thread.c > @@ -2476,6 +2476,16 @@ action_convert(struct rte_table_action *a, > return status; > } >=20 > + if (action->action_mask & (1LLU << > RTE_TABLE_ACTION_SYM_CRYPTO)) { > + status =3D rte_table_action_apply(a, > + data, > + RTE_TABLE_ACTION_SYM_CRYPTO, > + &action->sym_crypto); > + > + if (status) > + return status; > + } > + > return 0; > } >=20 > diff --git a/lib/librte_pipeline/rte_table_action.c > b/lib/librte_pipeline/rte_table_action.c > index a958aa82a..866a714a8 100644 > --- a/lib/librte_pipeline/rte_table_action.c > +++ b/lib/librte_pipeline/rte_table_action.c > @@ -1,7 +1,6 @@ > /* SPDX-License-Identifier: BSD-3-Clause > * Copyright(c) 2010-2018 Intel Corporation > */ > - > #include > #include >=20 > @@ -1228,8 +1227,6 @@ pkt_work_time(struct time_data *data, > #define CRYPTO_OP_MASK_CIPHER 0x1 > #define CRYPTO_OP_MASK_AUTH 0x2 > #define CRYPTO_OP_MASK_AEAD 0x4 > -#define CRYPTO_IV_OFFSET \ > - sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op) >=20 > struct crypto_op_sym_iv_aad { > struct rte_crypto_op op; > @@ -1312,21 +1309,17 @@ struct sym_crypto_data { > /** Session pointer. */ > struct rte_cryptodev_sym_session *session; >=20 > - /** Private data size to store cipher iv / aad. */ > - uint8_t iv_aad_data[0]; > - > /** Direction of crypto, encrypt or decrypt */ > uint16_t direction; >=20 > + /** Private data size to store cipher iv / aad. */ > + uint8_t iv_aad_data[32]; > + > } __attribute__((__packed__)); >=20 > static int > sym_crypto_cfg_check(struct rte_table_action_sym_crypto_config *cfg) > { > - if (cfg->mempool_session_create =3D=3D NULL || > - cfg->mempool_session_init =3D=3D NULL) > - return -EINVAL; > - > if (cfg->cryptodev_id >=3D rte_cryptodev_count()) > return -EINVAL; >=20 > @@ -1336,18 +1329,20 @@ sym_crypto_cfg_check(struct > rte_table_action_sym_crypto_config *cfg) > static int > get_block_size(const struct rte_crypto_sym_xform *xform, uint8_t cdev_id= ) > { > - unsigned int i =3D 0; > struct rte_cryptodev_info dev_info; > const struct rte_cryptodev_capabilities *cap; > + uint32_t i; >=20 > rte_cryptodev_info_get(cdev_id, &dev_info); > - cap =3D &dev_info.capabilities[0]; >=20 > - while (cap->op !=3D RTE_CRYPTO_OP_TYPE_UNDEFINED) { > + for (i =3D 0;; i++) { > + cap =3D &dev_info.capabilities[i]; > + if (!cap) > + break; > + > if (cap->sym.xform_type !=3D xform->type) > continue; >=20 > - > if ((xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) && > (cap->sym.cipher.algo =3D=3D xform- > >cipher.algo)) > return cap->sym.cipher.block_size; > @@ -1356,7 +1351,8 @@ get_block_size(const struct rte_crypto_sym_xform > *xform, uint8_t cdev_id) > (cap->sym.aead.algo =3D=3D xform->aead.algo)) > return cap->sym.aead.block_size; >=20 > - cap =3D &dev_info.capabilities[++i]; > + if (xform->type =3D=3D > RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED) > + break; > } >=20 > return -1; > @@ -1367,11 +1363,10 @@ sym_crypto_apply(struct sym_crypto_data *data, > struct rte_table_action_sym_crypto_config *cfg, > struct rte_table_action_sym_crypto_params *p) > { > - struct rte_cryptodev_sym_session *sess; > - struct rte_crypto_sym_xform *xform =3D p->xform; > - struct rte_crypto_cipher_xform *cipher_xform =3D NULL; > - struct rte_crypto_auth_xform *auth_xform =3D NULL; > - struct rte_crypto_aead_xform *aead_xform =3D NULL; > + const struct rte_crypto_sym_xform *xform =3D p->xform; > + const struct rte_crypto_cipher_xform *cipher_xform =3D NULL; > + const struct rte_crypto_auth_xform *auth_xform =3D NULL; > + const struct rte_crypto_aead_xform *aead_xform =3D NULL; > int ret; >=20 > memset(data, 0, sizeof(*data)); > @@ -1383,6 +1378,9 @@ sym_crypto_apply(struct sym_crypto_data *data, > if (cipher_xform->iv.length > >=20 > RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX) > return -ENOMEM; > + if (cipher_xform->iv.offset !=3D > + > RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET) > + return -EINVAL; >=20 > ret =3D get_block_size(xform, cfg->cryptodev_id); > if (ret < 0) > @@ -1390,12 +1388,12 @@ sym_crypto_apply(struct sym_crypto_data *data, > data->block_size =3D (uint16_t)ret; > data->op_mask |=3D CRYPTO_OP_MASK_CIPHER; >=20 > - data->cipher_auth.cipher_iv_data_offset =3D (uint16_t) > - p->cipher_auth.cipher_iv.offset; > data->cipher_auth.cipher_iv_len =3D > cipher_xform->iv.length; > + data->cipher_auth.cipher_iv_data_offset =3D (uint16_t) > + p- > >cipher_auth.cipher_iv_update.offset; > data->cipher_auth.cipher_iv_update_len =3D (uint16_t) > - p->cipher_auth.cipher_iv.length; > + p- > >cipher_auth.cipher_iv_update.length; >=20 > rte_memcpy(data->iv_aad_data, > p->cipher_auth.cipher_iv.val, > @@ -1403,8 +1401,6 @@ sym_crypto_apply(struct sym_crypto_data *data, >=20 > data->direction =3D cipher_xform->op; >=20 > - cipher_xform->iv.offset =3D CRYPTO_IV_OFFSET; > - > } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) > { > auth_xform =3D &xform->auth; > if (auth_xform->iv.length > > @@ -1412,17 +1408,13 @@ sym_crypto_apply(struct sym_crypto_data *data, > return -ENOMEM; > data->op_mask |=3D CRYPTO_OP_MASK_AUTH; >=20 > - data->cipher_auth.auth_iv_data_offset =3D > - (uint16_t)p- > >cipher_auth.auth_iv.offset; > data->cipher_auth.auth_iv_len =3D auth_xform- > >iv.length; > + data->cipher_auth.auth_iv_data_offset =3D (uint16_t) > + p- > >cipher_auth.auth_iv_update.offset; > data->cipher_auth.auth_iv_update_len =3D (uint16_t) > - p->cipher_auth.auth_iv.length; > + p- > >cipher_auth.auth_iv_update.length; > data->digest_len =3D auth_xform->digest_length; >=20 > - if (auth_xform->iv.length) > - auth_xform->iv.offset =3D CRYPTO_IV_OFFSET > + > - > RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX; > - > data->direction =3D (auth_xform->op =3D=3D > RTE_CRYPTO_AUTH_OP_GENERATE) ? > RTE_CRYPTO_CIPHER_OP_ENCRYPT : > @@ -1436,26 +1428,28 @@ sym_crypto_apply(struct sym_crypto_data *data, > aead_xform->aad_length > >=20 > RTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX)) > return -EINVAL; > + if (aead_xform->iv.offset !=3D > + > RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET) > + return -EINVAL; >=20 > ret =3D get_block_size(xform, cfg->cryptodev_id); > if (ret < 0) > return -1; > data->block_size =3D (uint16_t)ret; > data->op_mask |=3D CRYPTO_OP_MASK_AEAD; > - data->digest_len =3D aead_xform->digest_length; >=20 > - data->aead.iv_data_offset =3D (uint16_t)p- > >aead.iv.offset; > + data->digest_len =3D aead_xform->digest_length; > data->aead.iv_len =3D aead_xform->iv.length; > - data->aead.iv_update_len =3D (uint16_t)p- > >aead.iv.length; > - > - data->aead.aad_data_offset =3D (uint16_t) > - p->aead.aad.offset; > data->aead.aad_len =3D aead_xform->aad_length; > - data->aead.aad_update_len =3D > - (uint16_t)p->aead.aad.length; >=20 > - if (aead_xform->iv.length) > - aead_xform->iv.offset =3D CRYPTO_IV_OFFSET; > + data->aead.iv_data_offset =3D (uint16_t) > + p->aead.iv_update.offset; > + data->aead.iv_update_len =3D (uint16_t) > + p->aead.iv_update.length; > + data->aead.aad_data_offset =3D (uint16_t) > + p->aead.aad_update.offset; > + data->aead.aad_update_len =3D (uint16_t) > + p->aead.aad_update.length; >=20 > rte_memcpy(data->iv_aad_data, > p->aead.iv.val, > @@ -1475,22 +1469,25 @@ sym_crypto_apply(struct sym_crypto_data *data, > xform =3D xform->next; > } >=20 > - data->data_offset =3D (uint16_t)p->data_offset; > - > - sess =3D rte_cryptodev_sym_session_create(cfg- > >mempool_session_create); > - if (!sess) { > - memset(data, 0, sizeof(*data)); > - return -ENOMEM; > - } > + if (auth_xform && auth_xform->iv.length) { > + if (cipher_xform) { > + if (auth_xform->iv.offset !=3D > + > RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET + > + cipher_xform->iv.length) > + return -EINVAL; >=20 > - ret =3D rte_cryptodev_sym_session_init(cfg->cryptodev_id, sess, > xform, > - cfg->mempool_session_init); > - if (ret < 0) { > - memset(data, 0, sizeof(*data)); > - return ret; > + rte_memcpy(data->iv_aad_data + cipher_xform- > >iv.length, > + p->cipher_auth.auth_iv.val, > + p->cipher_auth.auth_iv.length); > + } else { > + rte_memcpy(data->iv_aad_data, > + p->cipher_auth.auth_iv.val, > + p->cipher_auth.auth_iv.length); > + } > } >=20 > - data->session =3D sess; > + data->data_offset =3D (uint16_t)p->data_offset; > + data->session =3D p->session; >=20 > return 0; > } > @@ -1503,36 +1500,39 @@ pkt_work_sym_crypto(struct rte_mbuf *mbuf, > struct sym_crypto_data *data, > struct crypto_op_sym_iv_aad *crypto_op =3D (struct > crypto_op_sym_iv_aad *) > RTE_MBUF_METADATA_UINT8_PTR(mbuf, cfg- > >op_offset); > struct rte_crypto_op *op =3D &crypto_op->op; > - uint16_t rel_ip_offset =3D ip_offset - mbuf->data_off; > - uint16_t payload_len =3D 0; > + struct rte_crypto_sym_op *sym =3D op->sym; > + uint16_t rel_ip_offset =3D ip_offset - mbuf->data_off - mbuf- > >priv_size - > + RTE_PKTMBUF_HEADROOM; > + uint32_t payload_len =3D mbuf->pkt_len - rel_ip_offset - > + data->data_offset; >=20 > - op->sym->m_src =3D mbuf; > - op->sym->m_dst =3D NULL; > op->type =3D RTE_CRYPTO_OP_TYPE_SYMMETRIC; > op->sess_type =3D RTE_CRYPTO_OP_WITH_SESSION; > - op->phys_addr =3D rte_pktmbuf_iova_offset(mbuf, cfg->op_offset); > + op->phys_addr =3D mbuf->buf_iova + cfg->op_offset - sizeof(*mbuf); > op->status =3D RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; > - op->sym->session =3D data->session; > + sym->m_src =3D mbuf; > + sym->m_dst =3D NULL; > + sym->session =3D data->session; >=20 > /** pad the packet */ > if (data->direction =3D=3D RTE_CRYPTO_CIPHER_OP_ENCRYPT) { > - payload_len =3D RTE_ALIGN_CEIL(rte_pktmbuf_pkt_len(mbuf) > - > - (data->data_offset + rel_ip_offset), > - data->block_size) - > rte_pktmbuf_pkt_len(mbuf); > + uint32_t append_len =3D RTE_ALIGN_CEIL(payload_len, > + data->block_size) - payload_len; >=20 > - if (unlikely(rte_pktmbuf_append(mbuf, payload_len + > + if (unlikely(rte_pktmbuf_append(mbuf, append_len + > data->digest_len) =3D=3D NULL)) > return 1; > - } >=20 > - payload_len =3D rte_pktmbuf_pkt_len(mbuf); > + payload_len +=3D append_len; > + } else > + payload_len -=3D data->digest_len; >=20 > if (data->op_mask & CRYPTO_OP_MASK_CIPHER) { > /** prepare cipher op */ > uint8_t *iv =3D crypto_op->iv_aad.cipher_auth.cipher_iv; >=20 > - op->sym->cipher.data.length =3D payload_len; > - op->sym->cipher.data.offset =3D data->data_offset + > rel_ip_offset; > + sym->cipher.data.length =3D payload_len; > + sym->cipher.data.offset =3D rel_ip_offset + data->data_offset; >=20 > if (data->cipher_auth.cipher_iv_update_len) { > uint8_t *pkt_iv =3D > RTE_MBUF_METADATA_UINT8_PTR(mbuf, > @@ -1556,12 +1556,12 @@ pkt_work_sym_crypto(struct rte_mbuf *mbuf, > struct sym_crypto_data *data, > } >=20 > if (data->op_mask & CRYPTO_OP_MASK_AUTH) { > - op->sym->auth.data.offset =3D rel_ip_offset; > - op->sym->auth.data.length =3D payload_len; > - op->sym->auth.digest.data =3D > rte_pktmbuf_mtod_offset(mbuf, > + sym->auth.data.offset =3D rel_ip_offset; > + sym->auth.data.length =3D payload_len + data->data_offset; > + sym->auth.digest.data =3D rte_pktmbuf_mtod_offset(mbuf, > uint8_t *, rte_pktmbuf_pkt_len(mbuf) - > data->digest_len); > - op->sym->auth.digest.phys_addr =3D > rte_pktmbuf_iova_offset(mbuf, > + sym->auth.digest.phys_addr =3D > rte_pktmbuf_iova_offset(mbuf, > rte_pktmbuf_pkt_len(mbuf) - data- > >digest_len); >=20 > if (data->cipher_auth.auth_iv_update_len) { > @@ -1593,17 +1593,19 @@ pkt_work_sym_crypto(struct rte_mbuf *mbuf, > struct sym_crypto_data *data, > uint8_t *iv =3D crypto_op->iv_aad.aead_iv_aad.iv; > uint8_t *aad =3D crypto_op->iv_aad.aead_iv_aad.aad; >=20 > - op->sym->aead.aad.data =3D aad; > - op->sym->aead.aad.phys_addr =3D op->phys_addr + > - CRYPTO_IV_OFFSET + > - > RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX; > - op->sym->aead.digest.data =3D > rte_pktmbuf_mtod_offset(mbuf, > + sym->aead.aad.data =3D aad; > + sym->aead.aad.phys_addr =3D rte_pktmbuf_iova_offset(mbuf, > + aad - rte_pktmbuf_mtod(mbuf, uint8_t *)); > + /*sym->aead.aad.phys_addr =3D op->phys_addr + > + > RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET + > + > RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX;*/ > + sym->aead.digest.data =3D rte_pktmbuf_mtod_offset(mbuf, > uint8_t *, rte_pktmbuf_pkt_len(mbuf) - > data->digest_len); > - op->sym->aead.digest.phys_addr =3D > rte_pktmbuf_iova_offset(mbuf, > + sym->aead.digest.phys_addr =3D > rte_pktmbuf_iova_offset(mbuf, > rte_pktmbuf_pkt_len(mbuf) - data- > >digest_len); > - op->sym->aead.data.offset =3D data->data_offset + > rel_ip_offset; > - op->sym->aead.data.length =3D payload_len; > + sym->aead.data.offset =3D data->data_offset + rel_ip_offset; > + sym->aead.data.length =3D payload_len; >=20 > if (data->aead.iv_update_len) { > uint8_t *pkt_iv =3D > RTE_MBUF_METADATA_UINT8_PTR(mbuf, > @@ -1678,7 +1680,7 @@ struct ap_config { > struct rte_table_action_nat_config nat; > struct rte_table_action_ttl_config ttl; > struct rte_table_action_stats_config stats; > - struct rte_table_action_sym_crypto_config crypto; > + struct rte_table_action_sym_crypto_config sym_crypto; > }; >=20 > static size_t > @@ -1733,7 +1735,7 @@ action_cfg_get(struct ap_config *ap_config, > return &ap_config->stats; >=20 > case RTE_TABLE_ACTION_SYM_CRYPTO: > - return &ap_config->crypto; > + return &ap_config->sym_crypto; > default: > return NULL; > } > @@ -1790,6 +1792,9 @@ action_data_size(enum rte_table_action_type > action, > case RTE_TABLE_ACTION_TIME: > return sizeof(struct time_data); >=20 > + case RTE_TABLE_ACTION_SYM_CRYPTO: > + return (sizeof(struct sym_crypto_data)); > + > default: > return 0; > } > @@ -2044,7 +2049,7 @@ rte_table_action_apply(struct rte_table_action > *action, >=20 > case RTE_TABLE_ACTION_SYM_CRYPTO: > return sym_crypto_apply(action_data, > - &action->cfg.crypto, > + &action->cfg.sym_crypto, > action_params); >=20 > default: > @@ -2408,7 +2413,7 @@ pkt_work(struct rte_mbuf *mbuf, > void *data =3D action_data_get(table_entry, action, > RTE_TABLE_ACTION_SYM_CRYPTO); >=20 > - drop_mask |=3D pkt_work_sym_crypto(mbuf, data, &cfg- > >crypto, > + drop_mask |=3D pkt_work_sym_crypto(mbuf, data, &cfg- > >sym_crypto, > ip_offset); > } >=20 > @@ -2710,13 +2715,13 @@ pkt4_work(struct rte_mbuf **mbufs, > void *data3 =3D action_data_get(table_entry3, action, > RTE_TABLE_ACTION_SYM_CRYPTO); >=20 > - drop_mask0 |=3D pkt_work_sym_crypto(mbuf0, data0, &cfg- > >crypto, > + drop_mask0 |=3D pkt_work_sym_crypto(mbuf0, data0, &cfg- > >sym_crypto, > ip_offset); > - drop_mask1 |=3D pkt_work_sym_crypto(mbuf1, data1, &cfg- > >crypto, > + drop_mask1 |=3D pkt_work_sym_crypto(mbuf1, data1, &cfg- > >sym_crypto, > ip_offset); > - drop_mask2 |=3D pkt_work_sym_crypto(mbuf2, data2, &cfg- > >crypto, > + drop_mask2 |=3D pkt_work_sym_crypto(mbuf2, data2, &cfg- > >sym_crypto, > ip_offset); > - drop_mask3 |=3D pkt_work_sym_crypto(mbuf3, data3, &cfg- > >crypto, > + drop_mask3 |=3D pkt_work_sym_crypto(mbuf3, data3, &cfg- > >sym_crypto, > ip_offset); > } >=20 > diff --git a/lib/librte_pipeline/rte_table_action.h > b/lib/librte_pipeline/rte_table_action.h > index 897f42308..cf47ebfc9 100644 > --- a/lib/librte_pipeline/rte_table_action.h > +++ b/lib/librte_pipeline/rte_table_action.h > @@ -910,12 +910,6 @@ struct rte_table_action_sym_crypto_config { > /** Target Cryptodev ID. */ > uint8_t cryptodev_id; >=20 > - /** Crypto Session mempool. */ > - struct rte_mempool *mempool_session_create; > - > - /** Crypto session init mempool, used for init cryptodev session. */ > - struct rte_mempool *mempool_session_init; > - > /** The offset to fetch rte_crypto_op. */ > uint32_t op_offset; > }; > @@ -928,6 +922,11 @@ struct rte_table_action_sym_crypto_config { > #define RTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX (16) > #endif >=20 > +#ifndef RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET > +#define RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET > \ > + sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op) > +#endif > + > /** Common action structure to store the data's value, length, and offse= t */ > struct rte_table_action_vlo { > uint8_t *val; > @@ -939,7 +938,10 @@ struct rte_table_action_vlo { > struct rte_table_action_sym_crypto_params { >=20 > /** Xform pointer contains all relevant information */ > - struct rte_crypto_sym_xform *xform; > + const struct rte_crypto_sym_xform *xform; > + > + /** Application created cryptodev symmetric session */ > + struct rte_cryptodev_sym_session *session; >=20 > /** > * Offset from start of IP packet to the first packet byte to be > @@ -952,9 +954,15 @@ struct rte_table_action_sym_crypto_params { > /** Cipher iv data, offset from start of ip header */ > struct rte_table_action_vlo cipher_iv; >=20 > + /** Cipher iv data, offset from start of ip header */ > + struct rte_table_action_vlo cipher_iv_update; > + > /** Auth iv data, offset from start of ip header */ > struct rte_table_action_vlo auth_iv; >=20 > + /** Auth iv data, offset from start of ip header */ > + struct rte_table_action_vlo auth_iv_update; > + > } cipher_auth; >=20 > struct { > @@ -964,6 +972,12 @@ struct rte_table_action_sym_crypto_params { > /** AEAD iv data, offset from start of ip header */ > struct rte_table_action_vlo iv; >=20 > + /** AEAD AAD data, offset from start of ip header */ > + struct rte_table_action_vlo aad_update; > + > + /** AEAD iv data, offset from start of ip header */ > + struct rte_table_action_vlo iv_update; > + > } aead; > }; > }; > -- > 2.13.6