diff mbox series

[v2,2/7] security: hide security session struct

Message ID 20211013192222.1582631-3-gakhil@marvell.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series crypto/security session framework rework | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Akhil Goyal Oct. 13, 2021, 7:22 p.m. UTC
rte_security_session struct is now hidden in the library.
application can access the opaque data and fast_mdata
using the set/get APIs introduced in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 lib/ipsec/rte_ipsec.h              |  2 +-
 lib/ipsec/rte_ipsec_group.h        |  5 +--
 lib/ipsec/ses.c                    |  3 +-
 lib/security/rte_security.h        | 54 ++++++++++++++++++++++++------
 lib/security/rte_security_driver.h | 13 +++++++
 5 files changed, 63 insertions(+), 14 deletions(-)
diff mbox series

Patch

diff --git a/lib/ipsec/rte_ipsec.h b/lib/ipsec/rte_ipsec.h
index dd60d95915..50d8e5098d 100644
--- a/lib/ipsec/rte_ipsec.h
+++ b/lib/ipsec/rte_ipsec.h
@@ -70,7 +70,7 @@  struct rte_ipsec_session {
 			uint8_t dev_id;
 		} crypto;
 		struct {
-			struct rte_security_session *ses;
+			void *ses;
 			struct rte_security_ctx *ctx;
 			uint32_t ol_flags;
 		} security;
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index ea3bdfad95..0cc5fedbf1 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,12 +44,13 @@  struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-	const struct rte_security_session *ss;
+	void *ss;
 	const struct rte_cryptodev_sym_session *cs;
 
 	if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
 		ss = cop->sym[0].sec_session;
-		return (void *)(uintptr_t)ss->opaque_data;
+		return (void *)(uintptr_t)
+			rte_security_session_opaque_data_get(ss);
 	} else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
 		cs = cop->sym[0].session;
 		return (void *)(uintptr_t)cs->opaque_data;
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 3d51ac4986..b12114269f 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -47,7 +47,8 @@  rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
 	if (ss->type == RTE_SECURITY_ACTION_TYPE_NONE)
 		ss->crypto.ses->opaque_data = (uintptr_t)ss;
 	else
-		ss->security.ses->opaque_data = (uintptr_t)ss;
+		rte_security_session_opaque_data_set(ss->security.ses,
+				(uintptr_t)ss);
 
 	return 0;
 }
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2c8e78c4c7..51fe1abb00 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -490,14 +490,47 @@  struct rte_security_session_conf {
 	/**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-	uint64_t opaque_data;
-	/**< Opaque user defined data */
-	uint64_t fast_mdata;
-	/**< Fast metadata to be used for inline path */
-	__extension__ void *sess_private_data[0];
-	/**< Private session material */
-};
+#define SESS_FAST_MDATA_OFF 1
+#define SESS_OPAQUE_DATA_OFF 2
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+	return *((uint64_t *)sess - SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_OPAQUE_DATA_OFF);
+	*data = opaque;
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+	uint64_t *data;
+	data = (((uint64_t *)sess) - SESS_FAST_MDATA_OFF);
+	*data = fdata;
+}
 
 /**
  * Create security session as specified by the session configuration
@@ -628,8 +661,9 @@  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 {
 	/* Fast Path */
 	if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-		*rte_security_dynfield(mb) =
-			(rte_security_dynfield_t)(sess);
+		uint64_t mdata = rte_security_session_fast_mdata_get(sess);
+
+		*rte_security_dynfield(mb) = (rte_security_dynfield_t)(mdata);
 		return 0;
 	}
 
diff --git a/lib/security/rte_security_driver.h b/lib/security/rte_security_driver.h
index 5a177d72d7..13f2f9da32 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,19 @@  extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+	/** Opaque user defined data */
+	uint64_t opaque_data;
+	/** Fast metadata to be used for inline path */
+	uint64_t fast_mdata;
+	/** Private session material */
+	__extension__ void *sess_private_data[0];
+};
+
 /**
  * Configure a security session on a device.
  *