From patchwork Mon Sep 26 19:14:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 116908 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A14D4A00C2; Mon, 26 Sep 2022 21:15:46 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BED3E41145; Mon, 26 Sep 2022 21:15:37 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 5396B40146 for ; Mon, 26 Sep 2022 21:15:36 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28QH69w1032016; Mon, 26 Sep 2022 12:15:30 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=+GMsHzhJV6FWkhgcf+KmlRNeu1u54RXAE+fi5aSemLE=; b=YCAIWi5wwCi6h4J6Xor/X4MnvPfPqF6/kWjNV1WkLylJ2YDjLfeYhf+dqoNrKLEoghxB edXovXq29/mvPjqPF2GYxnoIBD/1axScaMc1LMnfUKL3hChHS1rfzeyWZQJ74QbXijFf 9F/SS5+g5TeRVSaUzsUIHcvx+/4W6WtuHZS2z1gO1iDMFLIcrB8PSuRUSAienyhWiD74 55Az9VSdtuSzjvnTht76ipLi6dJXB52R0XaLmTyTTTBbG8Dv8M9oxY2yXcG1odtPOX8x gGv8/FRhwUGy22W2X3HkYd4++5R0aIXPzV+WxfhTveUpa2UfB4QG/WOQNVVoGkvOB7o8 wQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jucsq18sc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 26 Sep 2022 12:15:29 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 26 Sep 2022 12:15:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 26 Sep 2022 12:15:28 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 1D75D3F70D9; Mon, 26 Sep 2022 12:15:19 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , Akhil Goyal , David Coyle , Kevin O'Sullivan Subject: [PATCH v4 6/6] security: hide session structure Date: Tue, 27 Sep 2022 00:44:24 +0530 Message-ID: <20220926191424.1069668-7-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220926191424.1069668-1-gakhil@marvell.com> References: <20220924163542.4159562-1-gakhil@marvell.com> <20220926191424.1069668-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: O0Yfid8rwLXPYTtyzrt1Sn1dKi6DDKcc X-Proofpoint-ORIG-GUID: O0Yfid8rwLXPYTtyzrt1Sn1dKi6DDKcc X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-26_09,2022-09-22_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Structure rte_security_session is moved to internal headers which are not visible to applications. The only field which should be used by app is opaque_data. This field can now be accessed via set/get APIs added in this patch. Subsequent changes in app and lib are made to compile the code. Signed-off-by: Akhil Goyal Tested-by: Gagandeep Singh Tested-by: David Coyle Tested-by: Kevin O'Sullivan --- app/test-crypto-perf/cperf_ops.c | 6 +- .../cperf_test_pmd_cyclecount.c | 2 +- app/test-crypto-perf/cperf_test_throughput.c | 2 +- app/test/test_cryptodev.c | 2 +- app/test/test_cryptodev_security_ipsec.c | 2 +- app/test/test_cryptodev_security_ipsec.h | 2 +- app/test/test_security.c | 32 ++++---- app/test/test_security_inline_proto.c | 10 +-- doc/guides/rel_notes/deprecation.rst | 4 - doc/guides/rel_notes/release_22_11.rst | 5 ++ drivers/crypto/caam_jr/caam_jr.c | 2 +- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 4 +- drivers/crypto/cnxk/cn9k_cryptodev_ops.c | 6 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 6 +- drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 4 +- drivers/crypto/qat/qat_sym.c | 4 +- drivers/crypto/qat/qat_sym.h | 4 +- drivers/net/iavf/iavf_ipsec_crypto.h | 2 +- examples/ipsec-secgw/ipsec_worker.c | 2 +- lib/cryptodev/rte_crypto_sym.h | 4 +- lib/ipsec/rte_ipsec_group.h | 12 +-- lib/ipsec/ses.c | 2 +- lib/security/rte_security.c | 13 ++- lib/security/rte_security.h | 80 ++++++++++++------- lib/security/rte_security_driver.h | 18 +++++ 26 files changed, 137 insertions(+), 97 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index bd3c941fea..7ba4e13244 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops, for (i = 0; i < nb_ops; i++) { struct rte_crypto_sym_op *sym_op = ops[i]->sym; - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; + void *sec_sess = (void *)sess; uint32_t buf_sz; uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i], @@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops, uint16_t iv_offset __rte_unused, uint32_t *imix_idx, uint64_t *tsc_start) { - struct rte_security_session *sec_sess = - (struct rte_security_session *)sess; + void *sec_sess = sess; const uint32_t test_buffer_size = options->test_buffer_size; const uint32_t headroom_sz = options->headroom_sz; const uint32_t segment_sz = options->segment_sz; diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c index f0ca78af4f..045fd1c29a 100644 --- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c +++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c @@ -71,7 +71,7 @@ cperf_pmd_cyclecount_test_free(struct cperf_pmd_cyclecount_ctx *ctx) (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy(sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } else #endif rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess); diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index c924459958..38340dae08 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -49,7 +49,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) rte_cryptodev_get_sec_ctx(ctx->dev_id); rte_security_session_destroy( sec_ctx, - (struct rte_security_session *)ctx->sess); + (void *)ctx->sess); } #endif else diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index f0315f9195..981db009b8 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -84,7 +84,7 @@ struct crypto_unittest_params { union { struct rte_cryptodev_sym_session *sess; #ifdef RTE_LIB_SECURITY - struct rte_security_session *sec_session; + void *sec_session; #endif }; #ifdef RTE_LIB_SECURITY diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 3f691f0f56..cb77b39dbb 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td, int test_ipsec_stats_verify(struct rte_security_ctx *ctx, - struct rte_security_session *sess, + void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir) { diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 02b08f9f95..6a119bee46 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -277,7 +277,7 @@ int test_ipsec_status_check(const struct ipsec_test_data *td, int pkt_num); int test_ipsec_stats_verify(struct rte_security_ctx *ctx, - struct rte_security_session *sess, + void *sess, const struct ipsec_test_flags *flags, enum rte_security_ipsec_sa_direction dir); diff --git a/app/test/test_security.c b/app/test/test_security.c index bb3b3835fa..f336479b2e 100644 --- a/app/test/test_security.c +++ b/app/test/test_security.c @@ -234,7 +234,7 @@ static struct mock_session_create_data { void *device; struct rte_security_session_conf *conf; - struct rte_security_session *sess; + void *sess; struct rte_mempool *mp; struct rte_mempool *priv_mp; @@ -268,7 +268,7 @@ mock_session_create(void *device, */ static struct mock_session_update_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_session_conf *conf; int ret; @@ -322,7 +322,7 @@ mock_session_get_size(void *device) */ static struct mock_session_stats_get_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_security_stats *stats; int ret; @@ -352,7 +352,7 @@ mock_session_stats_get(void *device, */ static struct mock_session_destroy_data { void *device; - struct rte_security_session *sess; + void *sess; int ret; @@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct rte_security_session *sess) */ static struct mock_set_pkt_metadata_data { void *device; - struct rte_security_session *sess; + void *sess; struct rte_mbuf *m; void *params; @@ -513,7 +513,7 @@ static struct security_testsuite_params { static struct security_unittest_params { struct rte_security_ctx ctx; struct rte_security_session_conf conf; - struct rte_security_session *sess; + void *sess; } unittest_params = { .ctx = { .device = NULL, @@ -650,7 +650,7 @@ ut_setup_with_session(void) { struct security_unittest_params *ut_params = &unittest_params; struct security_testsuite_params *ts_params = &testsuite_params; - struct rte_security_session *sess; + void *sess; int ret = ut_setup(); if (ret != TEST_SUCCESS) @@ -701,7 +701,7 @@ test_session_create_inv_context(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(NULL, &ut_params->conf, ts_params->session_mpool); @@ -723,7 +723,7 @@ test_session_create_inv_context_ops(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = NULL; @@ -747,7 +747,7 @@ test_session_create_inv_context_ops_fun(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; ut_params->ctx.ops = &empty_ops; @@ -770,7 +770,7 @@ test_session_create_inv_configuration(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, NULL, ts_params->session_mpool); @@ -791,7 +791,7 @@ static int test_session_create_inv_mempool(void) { struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, NULL); TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create, @@ -812,8 +812,8 @@ test_session_create_mempool_empty(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE]; - struct rte_security_session *sess; + void *tmp[SECURITY_TEST_MEMPOOL_SIZE]; + void *sess; /* Get all available objects from mempool. */ int i, ret; @@ -853,7 +853,7 @@ test_session_create_ops_failure(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; @@ -879,7 +879,7 @@ test_session_create_success(void) { struct security_testsuite_params *ts_params = &testsuite_params; struct security_unittest_params *ut_params = &unittest_params; - struct rte_security_session *sess; + void *sess; mock_session_create_exp.device = NULL; mock_session_create_exp.conf = &ut_params->conf; diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 9c6a09676e..3f520840ac 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS]; /* Create Inline IPsec session */ static int create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, - struct rte_security_session **sess, struct rte_security_ctx **ctx, + void **sess, struct rte_security_ctx **ctx, uint32_t *ol_flags, const struct ipsec_test_flags *flags, struct rte_security_session_conf *sess_conf) { @@ -695,8 +695,8 @@ static int test_ipsec_with_reassembly(struct reassembly_vector *vector, const struct ipsec_test_flags *flags) { - struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0}; - struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0}; + void *out_ses[ENCAP_DECAP_BURST_SZ] = {0}; + void *in_ses[ENCAP_DECAP_BURST_SZ] = {0}; struct rte_eth_ip_reassembly_params reass_capa = {0}; struct rte_security_session_conf sess_conf_out = {0}; struct rte_security_session_conf sess_conf_in = {0}; @@ -963,7 +963,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td, struct rte_crypto_sym_xform cipher = {0}; struct rte_crypto_sym_xform auth = {0}; struct rte_crypto_sym_xform aead = {0}; - struct rte_security_session *ses; + void *ses; struct rte_security_ctx *ctx; int nb_rx = 0, nb_sent; uint32_t ol_flags; @@ -1199,7 +1199,7 @@ test_ipsec_inline_proto_process_with_esn(struct ipsec_test_data td[], struct rte_mbuf *rx_pkt = NULL; struct rte_mbuf *tx_pkt = NULL; int nb_rx, nb_sent; - struct rte_security_session *ses; + void *ses; struct rte_security_ctx *ctx; uint32_t ol_flags; bool outer_ipv4; diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 9785a0f3ce..701d32b818 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -166,10 +166,6 @@ Deprecation Notices which got error interrupt to the application, so that application can reset that particular queue pair. -* security: Hide structure ``rte_security_session`` and expose an opaque - pointer for the private data to the application which can be attached - to the packet while enqueuing. - * security: MACsec support is planned to be added in DPDK 22.11, which would result in updates to structures ``rte_security_macsec_xform``, ``rte_security_macsec_stats`` and security capability structure diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst index 4b8b34d8ba..6a6d1649cc 100644 --- a/doc/guides/rel_notes/release_22_11.rst +++ b/doc/guides/rel_notes/release_22_11.rst @@ -98,6 +98,11 @@ API Changes All sample applications were updated to attach an opaque pointer for the session to the ``rte_crypto_op`` while enqueuing. +* security: The structure ``rte_security_session`` was made internal and corresponding + APIs were updated to take/return an opaque session pointer. The API + ``rte_security_session_create`` was updated to take only one mempool which has enough + space to hold session and driver private data. + ABI Changes ----------- diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c index a6d3a494e6..3b06522d06 100644 --- a/drivers/crypto/caam_jr/caam_jr.c +++ b/drivers/crypto/caam_jr/caam_jr.c @@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct caam_jr_qp *qp) ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); break; case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ses = SECURITY_GET_SESS_PRIV(op->sym->session); break; default: CAAM_JR_DP_ERR("sessionless crypto op not supported"); diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index f127c84fd3..0dc2dc4baa 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -103,7 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct rte_crypto_op *ops[], if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - sec_sess = SECURITY_GET_SESS_PRIV(sym_op->sec_session); + sec_sess = SECURITY_GET_SESS_PRIV(sym_op->session); ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]); if (unlikely(ret)) return 0; @@ -322,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op, struct cn10k_sec_session *priv; struct cn10k_ipsec_sa *sa; - priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + priv = SECURITY_GET_SESS_PRIV(op->sym->session); sa = &priv->sa; *qp = sa->qp; *w2 = sa->inst.w2; diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c index b395f830b1..2ed298e01f 100644 --- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c @@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op, struct cn9k_ipsec_sa *sa; int ret; - priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + priv = SECURITY_GET_SESS_PRIV(op->sym->session); sa = &priv->sa; if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) { @@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op, struct cn9k_sec_session *priv; struct cn9k_ipsec_sa *sa; - priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + priv = SECURITY_GET_SESS_PRIV(op->sym->session); sa = &priv->sa; *qp = sa->qp; inst->w2.u64 = sa->inst.w2; @@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop, CPT_OP_FLAGS_IPSEC_INB_REPLAY)) { int ret; - priv = SECURITY_GET_SESS_PRIV(sym_op->sec_session); + priv = SECURITY_GET_SESS_PRIV(sym_op->session); sa = &priv->sa; ret = ipsec_antireplay_check( diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index 3c51913dd8..afa9bd0a62 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op, sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); #endif else { DPAA2_SEC_DP_ERR("Session type invalid\n"); @@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd) mbuf->buf_iova = op->sym->aead.digest.phys_addr; op->sym->aead.digest.phys_addr = 0L; - sess_priv = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess_priv = SECURITY_GET_SESS_PRIV(op->sym->session); if (sess_priv->dir == DIR_ENC) mbuf->data_off += SEC_FLC_DHR_OUTBOUND; else @@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op) sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); #ifdef RTE_LIBRTE_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); #endif if (sess == NULL) diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 72b848fd49..331e23e628 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -673,7 +673,7 @@ dpaa_sec_dump(struct dpaa_sec_op_ctx *ctx, struct dpaa_sec_qp *qp) sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); #ifdef RTE_LIBRTE_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); #endif if (sess == NULL) { printf("session is NULL\n"); @@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops, break; #ifdef RTE_LIB_SECURITY case RTE_CRYPTO_OP_SECURITY_SESSION: - ses = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ses = SECURITY_GET_SESS_PRIV(op->sym->session); break; #endif default: diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index fc9ee01124..8ec2364aa7 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return -1; } - session = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + session = SECURITY_GET_SESS_PRIV(op->sym->session); if (unlikely(session == NULL)) { op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; @@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job) * this is for DOCSIS */ is_docsis_sec = 1; - sess = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(op->sym->session); } else #endif sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session); diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index f8ec8b7233..69f5add637 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, #ifdef RTE_LIB_SECURITY else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ctx = SECURITY_GET_SESS_PRIV(op->sym->session); if (unlikely(!ctx)) { QAT_DP_LOG(ERR, "No session for this device"); return -EINVAL; @@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, } } - sess = (uintptr_t)op->sym->sec_session; + sess = (uintptr_t)op->sym->session; build_request = ctx->build_request[proc_type]; opaque[0] = sess; opaque[1] = (uintptr_t)build_request; diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h index 033ec0de85..9a4251e08b 100644 --- a/drivers/crypto/qat/qat_sym.h +++ b/drivers/crypto/qat/qat_sym.h @@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops) op = (struct rte_crypto_op *)ops[i]; if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ctx = SECURITY_GET_SESS_PRIV(op->sym->sec_session); + ctx = SECURITY_GET_SESS_PRIV(op->sym->session); if (ctx == NULL || ctx->bpi_ctx == NULL) continue; @@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie, * Assuming at this point that if it's a security * op, that this is for DOCSIS */ - sess = SECURITY_GET_SESS_PRIV(rx_op->sym->sec_session); + sess = SECURITY_GET_SESS_PRIV(rx_op->sym->session); is_docsis_sec = 1; } else #endif diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h b/drivers/net/iavf/iavf_ipsec_crypto.h index 8ea0f9540e..49f9202aca 100644 --- a/drivers/net/iavf/iavf_ipsec_crypto.h +++ b/drivers/net/iavf/iavf_ipsec_crypto.h @@ -5,7 +5,7 @@ #ifndef _IAVF_IPSEC_CRYPTO_H_ #define _IAVF_IPSEC_CRYPTO_H_ -#include +#include #include "iavf.h" diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c index 5e69450d27..49b1b951f1 100644 --- a/examples/ipsec-secgw/ipsec_worker.c +++ b/examples/ipsec-secgw/ipsec_worker.c @@ -17,7 +17,7 @@ #endif struct port_drv_mode_data { - struct rte_security_session *sess; + void *sess; struct rte_security_ctx *ctx; }; diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h index 84deecac48..b1650adcac 100644 --- a/lib/cryptodev/rte_crypto_sym.h +++ b/lib/cryptodev/rte_crypto_sym.h @@ -617,11 +617,9 @@ struct rte_crypto_sym_op { RTE_STD_C11 union { void *session; - /**< Handle for the initialised session context */ + /**< Handle for the initialised crypto/security session context */ struct rte_crypto_sym_xform *xform; /**< Session-less API crypto operation parameters */ - struct rte_security_session *sec_session; - /**< Handle for the initialised security session context */ }; RTE_STD_C11 diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h index a4e0e128f8..c6458ef81e 100644 --- a/lib/ipsec/rte_ipsec_group.h +++ b/lib/ipsec/rte_ipsec_group.h @@ -44,16 +44,16 @@ struct rte_ipsec_group { static inline struct rte_ipsec_session * rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop) { - const struct rte_security_session *ss; - void *cs; + void *ses; if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - ss = cop->sym[0].sec_session; - return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data; + ses = cop->sym[0].session; + return (struct rte_ipsec_session *)(uintptr_t) + rte_security_session_opaque_data_get(ses); } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { - cs = cop->sym[0].session; + ses = cop->sym[0].session; return (struct rte_ipsec_session *)(uintptr_t) - rte_cryptodev_sym_session_opaque_data_get(cs); + rte_cryptodev_sym_session_opaque_data_get(ses); } return NULL; } diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c index 0d3c932302..d9ab1e6d2b 100644 --- a/lib/ipsec/ses.c +++ b/lib/ipsec/ses.c @@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss) rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses, (uintptr_t)ss); else - ss->security.ses->opaque_data = (uintptr_t)ss; + rte_security_session_opaque_data_set(ss->security.ses, (uintptr_t)ss); return 0; } diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index 87a21a6e33..59bb141cac 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -42,7 +42,7 @@ rte_security_dynfield_register(void) return rte_security_dynfield_offset; } -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp) @@ -72,12 +72,12 @@ rte_security_session_create(struct rte_security_ctx *instance, } instance->sess_cnt++; - return sess; + return (void *)sess; } int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL, @@ -99,7 +99,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance) int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats) { RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL, @@ -111,8 +111,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance, } int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess) +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess) { int ret; @@ -134,7 +133,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance, int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params) { #ifdef RTE_DEBUG diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index bf4ff3c18c..2e717b7468 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -518,20 +518,6 @@ struct rte_security_session_conf { /**< Application specific userdata to be saved with session */ }; -struct rte_security_session { - RTE_MARKER cacheline0; - uint64_t opaque_data; - /**< Opaque user defined data */ - uint64_t fast_mdata; - /**< Fast metadata to be used for inline path */ - rte_iova_t driver_priv_data_iova; - /**< session private data IOVA address */ - - RTE_MARKER cacheline1 __rte_cache_min_aligned; - uint8_t driver_priv_data[0]; - /**< Private session material, variable size (depends on driver) */ -}; - /** * Create security session as specified by the session configuration * @@ -542,7 +528,7 @@ struct rte_security_session { * - On success, pointer to session * - On failure, NULL */ -struct rte_security_session * +void * rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp); @@ -560,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx *instance, __rte_experimental int rte_security_session_update(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_session_conf *conf); /** @@ -590,8 +576,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance); * - other negative values in case of freeing private data errors. */ int -rte_security_session_destroy(struct rte_security_ctx *instance, - struct rte_security_session *sess); +rte_security_session_destroy(struct rte_security_ctx *instance, void *sess); /** Device-specific metadata field type */ typedef uint64_t rte_security_dynfield_t; @@ -634,10 +619,52 @@ static inline bool rte_security_dynfield_is_registered(void) return rte_security_dynfield_offset >= 0; } +#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF 0 +#define RTE_SECURITY_SESS_FAST_MDATA_OFF 1 +/** + * Get opaque data from session handle + */ +static inline uint64_t +rte_security_session_opaque_data_get(void *sess) +{ + return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF); +} + +/** + * Set opaque data in session handle + */ +static inline void +rte_security_session_opaque_data_set(void *sess, uint64_t opaque) +{ + uint64_t *data; + data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF); + *data = opaque; +} + +/** + * Get fast mdata from session handle + */ +static inline uint64_t +rte_security_session_fast_mdata_get(void *sess) +{ + return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF); +} + +/** + * Set fast mdata in session handle + */ +static inline void +rte_security_session_fast_mdata_set(void *sess, uint64_t fdata) +{ + uint64_t *data; + data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF); + *data = fdata; +} + /** Function to call PMD specific function pointer set_pkt_metadata() */ __rte_experimental extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *m, void *params); /** @@ -655,13 +682,13 @@ extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance, */ static inline int rte_security_set_pkt_metadata(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_mbuf *mb, void *params) { /* Fast Path */ if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) { - *rte_security_dynfield(mb) = - (rte_security_dynfield_t)(sess->fast_mdata); + *rte_security_dynfield(mb) = (rte_security_dynfield_t) + rte_security_session_fast_mdata_get(sess); return 0; } @@ -710,10 +737,9 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md) * @param sess security session */ static inline int -__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, - struct rte_security_session *sess) +__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess) { - sym_op->sec_session = sess; + sym_op->session = sess; return 0; } @@ -729,7 +755,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, */ static inline int rte_security_attach_session(struct rte_crypto_op *op, - struct rte_security_session *sess) + void *sess) { if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) return -EINVAL; @@ -791,7 +817,7 @@ struct rte_security_stats { __rte_experimental int rte_security_session_stats_get(struct rte_security_ctx *instance, - struct rte_security_session *sess, + void *sess, struct rte_security_stats *stats); /** diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h index c8119a8a50..37be87b9f7 100644 --- a/lib/security/rte_security_driver.h +++ b/lib/security/rte_security_driver.h @@ -19,6 +19,24 @@ extern "C" { #include "rte_security.h" +/** + * @internal + * Security session to be used by library for internal usage + */ +struct rte_security_session { + RTE_MARKER cacheline0; + uint64_t opaque_data; + /**< Opaque user defined data */ + uint64_t fast_mdata; + /**< Fast metadata to be used for inline path */ + rte_iova_t driver_priv_data_iova; + /**< session private data IOVA address */ + + RTE_MARKER cacheline1 __rte_cache_min_aligned; + uint8_t driver_priv_data[0]; + /**< Private session material, variable size (depends on driver) */ +}; + /** * Helper macro to get driver private data */