examples/l2fwd-crypto: support AES-CCM

[dpdk.git] / examples / l2fwd-crypto / main.c

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 71cb133..5aa71c8 100644 (file)
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -86,6 +86,8 @@ enum cdev_type {
 
 #define MAX_STR_LEN 32
 #define MAX_KEY_SIZE 128
+#define MAX_IV_SIZE 16
+#define MAX_AAD_SIZE 65535
 #define MAX_PKT_BURST 32
 #define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
 #define MAX_SESSIONS 32
@@ -193,6 +195,8 @@ struct l2fwd_crypto_options {
        char string_type[MAX_STR_LEN];
 
        uint64_t cryptodev_mask;
+
+       unsigned int mac_updating;
 };
 
 /** l2fwd crypto lcore params */
@@ -532,7 +536,16 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
                uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
                                                        IV_OFFSET);
                /* Copy IV at the end of the crypto operation */
-               rte_memcpy(iv_ptr, cparams->aead_iv.data, cparams->aead_iv.length);
+               /*
+                * If doing AES-CCM, nonce is copied one byte
+                * after the start of IV field
+                */
+               if (cparams->aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+                       rte_memcpy(iv_ptr + 1, cparams->aead_iv.data,
+                                       cparams->aead_iv.length);
+               else
+                       rte_memcpy(iv_ptr, cparams->aead_iv.data,
+                                       cparams->aead_iv.length);
 
                op->sym->aead.data.offset = ipdata_offset;
                op->sym->aead.data.length = data_len;
@@ -608,21 +621,31 @@ l2fwd_send_packet(struct rte_mbuf *m, uint8_t port)
 }
 
 static void
-l2fwd_simple_forward(struct rte_mbuf *m, unsigned portid)
+l2fwd_mac_updating(struct rte_mbuf *m, unsigned int dest_portid)
 {
        struct ether_hdr *eth;
        void *tmp;
-       unsigned dst_port;
 
-       dst_port = l2fwd_dst_ports[portid];
        eth = rte_pktmbuf_mtod(m, struct ether_hdr *);
 
        /* 02:00:00:00:00:xx */
        tmp = &eth->d_addr.addr_bytes[0];
-       *((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dst_port << 40);
+       *((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dest_portid << 40);
 
        /* src addr */
-       ether_addr_copy(&l2fwd_ports_eth_addr[dst_port], &eth->s_addr);
+       ether_addr_copy(&l2fwd_ports_eth_addr[dest_portid], &eth->s_addr);
+}
+
+static void
+l2fwd_simple_forward(struct rte_mbuf *m, unsigned int portid,
+               struct l2fwd_crypto_options *options)
+{
+       unsigned int dst_port;
+
+       dst_port = l2fwd_dst_ports[portid];
+
+       if (options->mac_updating)
+               l2fwd_mac_updating(m, dst_port);
 
        l2fwd_send_packet(m, (uint8_t) dst_port);
 }
@@ -650,7 +673,12 @@ initialize_crypto_session(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 {
        struct rte_crypto_sym_xform *first_xform;
        struct rte_cryptodev_sym_session *session;
-       uint8_t socket_id = rte_cryptodev_socket_id(cdev_id);
+       int retval = rte_cryptodev_socket_id(cdev_id);
+
+       if (retval < 0)
+               return NULL;
+
+       uint8_t socket_id = (uint8_t) retval;
        struct rte_mempool *sess_mp = session_pool_socket[socket_id];
 
        if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
@@ -752,6 +780,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
                                port_cparams[i].hash_verify = 0;
 
                        port_cparams[i].auth_algo = options->auth_xform.auth.algo;
+                       port_cparams[i].digest_length =
+                                       options->auth_xform.auth.digest_length;
                        /* Set IV parameters */
                        if (options->auth_iv.length) {
                                options->auth_xform.auth.iv.offset =
@@ -762,16 +792,29 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
                }
 
                if (port_cparams[i].do_aead) {
+                       port_cparams[i].aead_iv.data = options->aead_iv.data;
+                       port_cparams[i].aead_iv.length = options->aead_iv.length;
+                       if (!options->aead_iv_param)
+                               generate_random_key(port_cparams[i].aead_iv.data,
+                                               port_cparams[i].aead_iv.length);
                        port_cparams[i].aead_algo = options->aead_xform.aead.algo;
                        port_cparams[i].digest_length =
                                        options->aead_xform.aead.digest_length;
-                       if (options->aead_xform.aead.add_auth_data_length) {
+                       if (options->aead_xform.aead.aad_length) {
                                port_cparams[i].aad.data = options->aad.data;
                                port_cparams[i].aad.phys_addr = options->aad.phys_addr;
                                port_cparams[i].aad.length = options->aad.length;
                                if (!options->aad_param)
                                        generate_random_key(port_cparams[i].aad.data,
                                                port_cparams[i].aad.length);
+                               /*
+                                * If doing AES-CCM, first 18 bytes has to be reserved,
+                                * and actual AAD should start from byte 18
+                                */
+                               if (port_cparams[i].aead_algo == RTE_CRYPTO_AEAD_AES_CCM)
+                                       memmove(port_cparams[i].aad.data + 18,
+                                                       port_cparams[i].aad.data,
+                                                       port_cparams[i].aad.length);
 
                        } else
                                port_cparams[i].aad.length = 0;
@@ -920,7 +963,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
                                        m = ops_burst[j]->sym->m_src;
 
                                        rte_crypto_op_free(ops_burst[j]);
-                                       l2fwd_simple_forward(m, portid);
+                                       l2fwd_simple_forward(m, portid,
+                                                       options);
                                }
                        } while (nb_rx == MAX_PKT_BURST);
                }
@@ -975,7 +1019,12 @@ l2fwd_crypto_usage(const char *prgname)
                "  --digest_size SIZE: size of digest to be generated/verified\n"
 
                "  --sessionless\n"
-               "  --cryptodev_mask MASK: hexadecimal bitmask of crypto devices to configure\n",
+               "  --cryptodev_mask MASK: hexadecimal bitmask of crypto devices to configure\n"
+
+               "  --[no-]mac-updating: Enable or disable MAC addresses updating (enabled by default)\n"
+               "      When enabled:\n"
+               "       - The source MAC address is replaced by the TX port MAC address\n"
+               "       - The destination MAC address is replaced by 02:00:00:00:00:TX_PORT_ID\n",
               prgname);
 }
 
@@ -1051,15 +1100,16 @@ parse_cipher_op(enum rte_crypto_cipher_operation *op, char *optarg)
        return -1;
 }
 
-/** Parse crypto key command line argument */
+/** Parse bytes from command line argument */
 static int
-parse_key(uint8_t *data, char *input_arg)
+parse_bytes(uint8_t *data, char *input_arg, uint16_t max_size)
 {
        unsigned byte_count;
        char *token;
 
+       errno = 0;
        for (byte_count = 0, token = strtok(input_arg, ":");
-                       (byte_count < MAX_KEY_SIZE) && (token != NULL);
+                       (byte_count < max_size) && (token != NULL);
                        token = strtok(NULL, ":")) {
 
                int number = (int)strtol(token, NULL, 16);
@@ -1199,7 +1249,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
                options->ckey_param = 1;
                options->cipher_xform.cipher.key.length =
-                       parse_key(options->cipher_xform.cipher.key.data, optarg);
+                       parse_bytes(options->cipher_xform.cipher.key.data, optarg,
+                                       MAX_KEY_SIZE);
                if (options->cipher_xform.cipher.key.length > 0)
                        return 0;
                else
@@ -1212,7 +1263,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "cipher_iv") == 0) {
                options->cipher_iv_param = 1;
                options->cipher_iv.length =
-                       parse_key(options->cipher_iv.data, optarg);
+                       parse_bytes(options->cipher_iv.data, optarg, MAX_IV_SIZE);
                if (options->cipher_iv.length > 0)
                        return 0;
                else
@@ -1235,7 +1286,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
                options->akey_param = 1;
                options->auth_xform.auth.key.length =
-                       parse_key(options->auth_xform.auth.key.data, optarg);
+                       parse_bytes(options->auth_xform.auth.key.data, optarg,
+                                       MAX_KEY_SIZE);
                if (options->auth_xform.auth.key.length > 0)
                        return 0;
                else
@@ -1249,7 +1301,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "auth_iv") == 0) {
                options->auth_iv_param = 1;
                options->auth_iv.length =
-                       parse_key(options->auth_iv.data, optarg);
+                       parse_bytes(options->auth_iv.data, optarg, MAX_IV_SIZE);
                if (options->auth_iv.length > 0)
                        return 0;
                else
@@ -1272,7 +1324,8 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
                options->aead_key_param = 1;
                options->aead_xform.aead.key.length =
-                       parse_key(options->aead_xform.aead.key.data, optarg);
+                       parse_bytes(options->aead_xform.aead.key.data, optarg,
+                                       MAX_KEY_SIZE);
                if (options->aead_xform.aead.key.length > 0)
                        return 0;
                else
@@ -1286,7 +1339,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "aead_iv") == 0) {
                options->aead_iv_param = 1;
                options->aead_iv.length =
-                       parse_key(options->aead_iv.data, optarg);
+                       parse_bytes(options->aead_iv.data, optarg, MAX_IV_SIZE);
                if (options->aead_iv.length > 0)
                        return 0;
                else
@@ -1299,7 +1352,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "aad") == 0) {
                options->aad_param = 1;
                options->aad.length =
-                       parse_key(options->aad.data, optarg);
+                       parse_bytes(options->aad.data, optarg, MAX_AAD_SIZE);
                if (options->aad.length > 0)
                        return 0;
                else
@@ -1322,6 +1375,16 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "cryptodev_mask") == 0)
                return parse_cryptodev_mask(options, optarg);
 
+       else if (strcmp(lgopts[option_index].name, "mac-updating") == 0) {
+               options->mac_updating = 1;
+               return 0;
+       }
+
+       else if (strcmp(lgopts[option_index].name, "no-mac-updating") == 0) {
+               options->mac_updating = 0;
+               return 0;
+       }
+
        return -1;
 }
 
@@ -1455,6 +1518,8 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 
        options->type = CDEV_TYPE_ANY;
        options->cryptodev_mask = UINT64_MAX;
+
+       options->mac_updating = 1;
 }
 
 static void
@@ -1616,6 +1681,9 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
                        { "sessionless", no_argument, 0, 0 },
                        { "cryptodev_mask", required_argument, 0, 0},
 
+                       { "mac-updating", no_argument, 0, 0},
+                       { "no-mac-updating", no_argument, 0, 0},
+
                        { NULL, 0, 0, 0 }
        };
 
@@ -1956,7 +2024,14 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                        cdev_id++) {
                struct rte_cryptodev_qp_conf qp_conf;
                struct rte_cryptodev_info dev_info;
-               uint8_t socket_id = rte_cryptodev_socket_id(cdev_id);
+               retval = rte_cryptodev_socket_id(cdev_id);
+
+               if (retval < 0) {
+                       printf("Invalid crypto device id used\n");
+                       return -1;
+               }
+
+               uint8_t socket_id = (uint8_t) retval;
 
                struct rte_cryptodev_config conf = {
                        .nb_queue_pairs = 1,
@@ -2031,7 +2106,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                         * is supported by the algorithm chosen.
                         */
                        } else if (options->aead_key_random_size != -1) {
-                               if (check_supported_size(options->ckey_random_size,
+                               if (check_supported_size(options->aead_key_random_size,
                                                cap->sym.aead.key_size.min,
                                                cap->sym.aead.key_size.max,
                                                cap->sym.aead.key_size.increment)
@@ -2040,7 +2115,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                                        return -1;
                                }
                                options->aead_xform.aead.key.length =
-                                                       options->ckey_random_size;
+                                                       options->aead_key_random_size;
                        /* No size provided, use minimum size. */
                        } else
                                options->aead_xform.aead.key.length =
@@ -2082,7 +2157,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                        } else
                                options->aad.length = cap->sym.auth.aad_size.min;
 
-                       options->aead_xform.aead.add_auth_data_length =
+                       options->aead_xform.aead.aad_length =
                                                options->aad.length;
 
                        /* Check if digest size is supported by the algorithm. */
@@ -2438,6 +2513,9 @@ main(int argc, char **argv)
        if (ret < 0)
                rte_exit(EXIT_FAILURE, "Invalid L2FWD-CRYPTO arguments\n");
 
+       printf("MAC updating %s\n",
+                       options.mac_updating ? "enabled" : "disabled");
+
        /* create the mbuf pool */
        l2fwd_pktmbuf_pool = rte_pktmbuf_pool_create("mbuf_pool", NB_MBUF, 512,
                        sizeof(struct rte_crypto_op),