#include <rte_cryptodev_pmd.h>
#include <rte_crypto.h>
#include <rte_cryptodev.h>
+#ifdef RTE_LIBRTE_SECURITY
#include <rte_security_driver.h>
+#endif
#include <rte_cycles.h>
#include <rte_dev.h>
#include <rte_kvargs.h>
#include <fsl_usd.h>
#include <fsl_qman.h>
-#include <of.h>
+#include <dpaa_of.h>
/* RTA header files */
#include <desc/common.h>
return ses->dir == DIR_DEC;
}
+#ifdef RTE_LIBRTE_SECURITY
static int
dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
{
ses->pdcp.hfn_threshold,
&cipherdata, p_authdata, 0);
}
-
return shared_desc_len;
}
}
return shared_desc_len;
}
-
+#endif
/* prepare command block of the session */
static int
dpaa_sec_prep_cdb(dpaa_sec_session *ses)
memset(cdb, 0, sizeof(struct sec_cdb));
switch (ses->ctxt) {
+#ifdef RTE_LIBRTE_SECURITY
case DPAA_SEC_IPSEC:
shared_desc_len = dpaa_sec_prep_ipsec_cdb(ses);
break;
case DPAA_SEC_PDCP:
shared_desc_len = dpaa_sec_prep_pdcp_cdb(ses);
break;
+#endif
case DPAA_SEC_CIPHER:
alginfo_c.key = (size_t)ses->cipher_key.data;
alginfo_c.keylen = ses->cipher_key.length;
return cf;
}
+#ifdef RTE_LIBRTE_SECURITY
static inline struct dpaa_sec_job *
build_proto(struct rte_crypto_op *op, dpaa_sec_session *ses)
{
return cf;
}
+#endif
static uint16_t
dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
op->sym->session,
cryptodev_driver_id);
break;
+#ifdef RTE_LIBRTE_SECURITY
case RTE_CRYPTO_OP_SECURITY_SESSION:
ses = (dpaa_sec_session *)
get_sec_session_private_data(
op->sym->sec_session);
break;
+#endif
default:
DPAA_SEC_DP_ERR(
"sessionless crypto op not supported");
nb_ops = loop;
goto send_pkts;
}
+
+ if (!ses) {
+ DPAA_SEC_DP_ERR("session not available");
+ frames_to_send = loop;
+ nb_ops = loop;
+ goto send_pkts;
+ }
+
if (unlikely(!ses->qp[rte_lcore_id() % MAX_DPAA_CORES])) {
if (dpaa_sec_attach_sess_q(qp, ses)) {
frames_to_send = loop;
((op->sym->m_dst == NULL) ||
rte_pktmbuf_is_contiguous(op->sym->m_dst))) {
switch (ses->ctxt) {
+#ifdef RTE_LIBRTE_SECURITY
case DPAA_SEC_PDCP:
case DPAA_SEC_IPSEC:
cf = build_proto(op, ses);
break;
+#endif
case DPAA_SEC_AUTH:
cf = build_auth_only(op, ses);
break;
}
} else {
switch (ses->ctxt) {
+#ifdef RTE_LIBRTE_SECURITY
case DPAA_SEC_PDCP:
case DPAA_SEC_IPSEC:
cf = build_proto_sg(op, ses);
break;
+#endif
case DPAA_SEC_AUTH:
cf = build_auth_only_sg(op, ses);
break;
((auth_tail_len << 16) | auth_hdr_len);
}
+#ifdef RTE_LIBRTE_SECURITY
/* In case of PDCP, per packet HFN is stored in
* mbuf priv after sym_op.
*/
ses->pdcp.hfn_ovd_offset)),
ses->pdcp.hfn_ovd);
}
-
+#endif
}
send_pkts:
loop = 0;
struct rte_crypto_sym_xform *xform,
dpaa_sec_session *session)
{
+ session->ctxt = DPAA_SEC_CIPHER;
session->cipher_alg = xform->cipher.algo;
session->iv.length = xform->cipher.iv.length;
session->iv.offset = xform->cipher.iv.offset;
struct rte_crypto_sym_xform *xform,
dpaa_sec_session *session)
{
+ session->ctxt = DPAA_SEC_AUTH;
session->auth_alg = xform->auth.algo;
session->auth_key.data = rte_zmalloc(NULL, xform->auth.key.length,
RTE_CACHE_LINE_SIZE);
struct rte_crypto_cipher_xform *cipher_xform;
struct rte_crypto_auth_xform *auth_xform;
+ session->ctxt = DPAA_SEC_CIPHER_HASH;
if (session->auth_cipher_text) {
cipher_xform = &xform->cipher;
auth_xform = &xform->next->auth;
struct dpaa_sec_dev_private *internals = dev->data->dev_private;
dpaa_sec_session *session = sess;
uint32_t i;
+ int ret;
PMD_INIT_FUNC_TRACE();
/* Cipher Only */
if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
session->auth_alg = RTE_CRYPTO_AUTH_NULL;
- session->ctxt = DPAA_SEC_CIPHER;
- dpaa_sec_cipher_init(dev, xform, session);
+ ret = dpaa_sec_cipher_init(dev, xform, session);
/* Authentication Only */
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next == NULL) {
session->cipher_alg = RTE_CRYPTO_CIPHER_NULL;
session->ctxt = DPAA_SEC_AUTH;
- dpaa_sec_auth_init(dev, xform, session);
+ ret = dpaa_sec_auth_init(dev, xform, session);
/* Cipher then Authenticate */
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
if (xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
- session->ctxt = DPAA_SEC_CIPHER_HASH;
session->auth_cipher_text = 1;
- dpaa_sec_chain_init(dev, xform, session);
+ if (xform->cipher.algo == RTE_CRYPTO_CIPHER_NULL)
+ ret = dpaa_sec_auth_init(dev, xform, session);
+ else if (xform->next->auth.algo == RTE_CRYPTO_AUTH_NULL)
+ ret = dpaa_sec_cipher_init(dev, xform, session);
+ else
+ ret = dpaa_sec_chain_init(dev, xform, session);
} else {
DPAA_SEC_ERR("Not supported: Auth then Cipher");
return -EINVAL;
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
if (xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
- session->ctxt = DPAA_SEC_CIPHER_HASH;
session->auth_cipher_text = 0;
- dpaa_sec_chain_init(dev, xform, session);
+ if (xform->auth.algo == RTE_CRYPTO_AUTH_NULL)
+ ret = dpaa_sec_cipher_init(dev, xform, session);
+ else if (xform->next->cipher.algo
+ == RTE_CRYPTO_CIPHER_NULL)
+ ret = dpaa_sec_auth_init(dev, xform, session);
+ else
+ ret = dpaa_sec_chain_init(dev, xform, session);
} else {
DPAA_SEC_ERR("Not supported: Auth then Cipher");
return -EINVAL;
/* AEAD operation for AES-GCM kind of Algorithms */
} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
xform->next == NULL) {
- dpaa_sec_aead_init(dev, xform, session);
+ ret = dpaa_sec_aead_init(dev, xform, session);
} else {
DPAA_SEC_ERR("Invalid crypto type");
return -EINVAL;
}
+ if (ret) {
+ DPAA_SEC_ERR("unable to init session");
+ goto err1;
+ }
+
rte_spinlock_lock(&internals->lock);
for (i = 0; i < MAX_DPAA_CORES; i++) {
session->inq[i] = dpaa_sec_attach_rxq(internals);
}
}
+#ifdef RTE_LIBRTE_SECURITY
static int
dpaa_sec_set_ipsec_session(__rte_unused struct rte_cryptodev *dev,
struct rte_security_session_conf *conf,
}
return 0;
}
-
+#endif
static int
dpaa_sec_dev_configure(struct rte_cryptodev *dev __rte_unused,
struct rte_cryptodev_config *config __rte_unused)
.sym_session_clear = dpaa_sec_sym_session_clear
};
+#ifdef RTE_LIBRTE_SECURITY
static const struct rte_security_capability *
dpaa_sec_capabilities_get(void *device __rte_unused)
{
.set_pkt_metadata = NULL,
.capabilities_get = dpaa_sec_capabilities_get
};
-
+#endif
static int
dpaa_sec_uninit(struct rte_cryptodev *dev)
{
dpaa_sec_dev_init(struct rte_cryptodev *cryptodev)
{
struct dpaa_sec_dev_private *internals;
+#ifdef RTE_LIBRTE_SECURITY
struct rte_security_ctx *security_instance;
+#endif
struct dpaa_sec_qp *qp;
uint32_t i, flags;
int ret;
DPAA_SEC_WARN("Device already init by primary process");
return 0;
}
-
+#ifdef RTE_LIBRTE_SECURITY
/* Initialize security_ctx only for primary process*/
security_instance = rte_malloc("rte_security_instances_ops",
sizeof(struct rte_security_ctx), 0);
security_instance->ops = &dpaa_sec_security_ops;
security_instance->sess_cnt = 0;
cryptodev->security_ctx = security_instance;
-
+#endif
rte_spinlock_init(&internals->lock);
for (i = 0; i < internals->max_nb_queue_pairs; i++) {
/* init qman fq for queue pair */
}
}
+ if (unlikely(!RTE_PER_LCORE(dpaa_io))) {
+ retval = rte_dpaa_portal_init((void *)1);
+ if (retval) {
+ DPAA_SEC_ERR("Unable to initialize portal");
+ return retval;
+ }
+ }
+
/* Invoke PMD device initialization function */
retval = dpaa_sec_dev_init(cryptodev);
if (retval == 0)