[dpdk-dev,v2,03/12] cryptodev: extend cryptodev to support security APIs
Checks
Commit Message
security ops are added to crypto device to support
protocol offloaded security operations.
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
Signed-off-by: Declan Doherty <declan.doherty@intel.com>
---
doc/guides/cryptodevs/features/default.ini | 1 +
lib/librte_cryptodev/rte_crypto.h | 3 ++-
lib/librte_cryptodev/rte_crypto_sym.h | 2 ++
lib/librte_cryptodev/rte_cryptodev.c | 10 ++++++++++
lib/librte_cryptodev/rte_cryptodev.h | 8 ++++++--
lib/librte_cryptodev/rte_cryptodev_version.map | 7 +++++++
6 files changed, 28 insertions(+), 3 deletions(-)
Comments
> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, October 3, 2017 2:14 PM
> To: dev@dpdk.org
> Cc: Doherty, Declan <declan.doherty@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; hemant.agrawal@nxp.com; Nicolau,
> Radu <radu.nicolau@intel.com>; borisp@mellanox.com;
> aviadye@mellanox.com; thomas@monjalon.net; sandeep.malik@nxp.com;
> jerin.jacob@caviumnetworks.com; Mcnamara, John
> <john.mcnamara@intel.com>; olivier.matz@6wind.com
> Subject: [PATCH v2 03/12] cryptodev: extend cryptodev to support security
> APIs
>
I would change the title to something a bit shorter "cryptodev: support security APIs"?
No need to duplicate "cryptodev".
> security ops are added to crypto device to support protocol offloaded
> security operations.
>
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> ---
...
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c
> b/lib/librte_cryptodev/rte_cryptodev.c
> index 327d7e8..e52fc88 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -488,6 +488,16 @@ rte_cryptodev_devices_get(const char
> *driver_name, uint8_t *devices,
> return count;
> }
>
> +uint16_t
> +rte_cryptodev_get_sec_id(uint8_t dev_id) {
> + if (rte_crypto_devices[dev_id].feature_flags &
> + RTE_CRYPTODEV_FF_SECURITY)
> + return rte_crypto_devices[dev_id].data->sec_id;
> +
> + return -1;
The return value of this function is uint16_t, but you are returning a -1
if the crypto device does not support security sessions.
> +}
> +
> int
> rte_cryptodev_socket_id(uint8_t dev_id) { diff --git
> a/lib/librte_cryptodev/rte_cryptodev.h
> b/lib/librte_cryptodev/rte_cryptodev.h
> index 7ec9c4b..867b5be 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.h
> +++ b/lib/librte_cryptodev/rte_cryptodev.h
> @@ -51,8 +51,6 @@ extern "C" {
> #include <rte_common.h>
> #include <rte_vdev.h>
>
> -extern const char **rte_cyptodev_names;
> -
I think this removal deserves another patch, separate from this patchset.
> /* Logging Macros */
>
> #define CDEV_LOG_ERR(...) \
> @@ -351,6 +349,8 @@ rte_cryptodev_get_aead_algo_enum(enum
> rte_crypto_aead_algorithm *algo_enum, /**< Utilises CPU NEON
> instructions */
> #define RTE_CRYPTODEV_FF_CPU_ARM_CE (1ULL << 11)
> /**< Utilises ARM CPU Cryptographic Extensions */
> +#define RTE_CRYPTODEV_FF_SECURITY (1ULL << 12)
> +/**< Support Security Protocol Processing */
>
>
> /**
> @@ -761,6 +761,9 @@ struct rte_cryptodev {
> /**< Flag indicating the device is attached */ }
> __rte_cache_aligned;
>
> +uint16_t
> +rte_cryptodev_get_sec_id(uint8_t dev_id);
> +
> /**
> *
> * The data part, with no function pointers, associated with each device.
> @@ -789,6 +792,7 @@ struct rte_cryptodev_data {
>
> void *dev_private;
> /**< PMD-specific private data */
> + uint16_t sec_id;
Add a description about "sec_id".
> } __rte_cache_aligned;
>
@@ -10,6 +10,7 @@ Symmetric crypto =
Asymmetric crypto =
Sym operation chaining =
HW Accelerated =
+Protocol offload =
CPU SSE =
CPU AVX =
CPU AVX2 =
@@ -86,7 +86,8 @@ enum rte_crypto_op_status {
*/
enum rte_crypto_op_sess_type {
RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */
- RTE_CRYPTO_OP_SESSIONLESS /**< Session-less crypto operation */
+ RTE_CRYPTO_OP_SESSIONLESS, /**< Session-less crypto operation */
+ RTE_CRYPTO_OP_SECURITY_SESSION /**< Security session crypto operation */
};
/**
@@ -505,6 +505,8 @@ struct rte_crypto_sym_op {
/**< Handle for the initialised session context */
struct rte_crypto_sym_xform *xform;
/**< Session-less API crypto operation parameters */
+ struct rte_security_session *sec_session;
+ /**< Handle for the initialised security session context */
};
RTE_STD_C11
@@ -488,6 +488,16 @@ rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
return count;
}
+uint16_t
+rte_cryptodev_get_sec_id(uint8_t dev_id)
+{
+ if (rte_crypto_devices[dev_id].feature_flags &
+ RTE_CRYPTODEV_FF_SECURITY)
+ return rte_crypto_devices[dev_id].data->sec_id;
+
+ return -1;
+}
+
int
rte_cryptodev_socket_id(uint8_t dev_id)
{
@@ -51,8 +51,6 @@ extern "C" {
#include <rte_common.h>
#include <rte_vdev.h>
-extern const char **rte_cyptodev_names;
-
/* Logging Macros */
#define CDEV_LOG_ERR(...) \
@@ -351,6 +349,8 @@ rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
/**< Utilises CPU NEON instructions */
#define RTE_CRYPTODEV_FF_CPU_ARM_CE (1ULL << 11)
/**< Utilises ARM CPU Cryptographic Extensions */
+#define RTE_CRYPTODEV_FF_SECURITY (1ULL << 12)
+/**< Support Security Protocol Processing */
/**
@@ -761,6 +761,9 @@ struct rte_cryptodev {
/**< Flag indicating the device is attached */
} __rte_cache_aligned;
+uint16_t
+rte_cryptodev_get_sec_id(uint8_t dev_id);
+
/**
*
* The data part, with no function pointers, associated with each device.
@@ -789,6 +792,7 @@ struct rte_cryptodev_data {
void *dev_private;
/**< PMD-specific private data */
+ uint16_t sec_id;
} __rte_cache_aligned;
extern struct rte_cryptodev *rte_cryptodevs;
@@ -79,3 +79,10 @@ DPDK_17.08 {
rte_crypto_aead_operation_strings;
} DPDK_17.05;
+
+DPDK_17.11 {
+ global:
+
+ rte_cryptodev_get_sec_id;
+
+} DPDK_17.08;