/*-
* BSD LICENSE
*
- * Copyright(c) 2015-2016 Intel Corporation. All rights reserved.
+ * Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define MAX_PKT_BURST 32
#define BURST_TX_DRAIN_US 100 /* TX drain every ~100us */
+#define MAXIMUM_IV_LENGTH 16
+#define IV_OFFSET (sizeof(struct rte_crypto_op) + \
+ sizeof(struct rte_crypto_sym_op))
+
/*
* Configurable number of RX/TX ring descriptors
*/
phys_addr_t phys_addr;
};
+struct l2fwd_iv {
+ uint8_t *data;
+ uint16_t length;
+};
+
/** l2fwd crypto application command line options */
struct l2fwd_crypto_options {
unsigned portmask;
unsigned ckey_param;
int ckey_random_size;
- struct l2fwd_key iv;
- unsigned iv_param;
+ struct l2fwd_iv iv;
+ unsigned int iv_param;
int iv_random_size;
struct rte_crypto_sym_xform auth_xform;
unsigned digest_length;
unsigned block_size;
- struct l2fwd_key iv;
+ struct l2fwd_iv iv;
struct l2fwd_key aad;
struct rte_cryptodev_sym_session *session;
}
if (cparams->do_cipher) {
- op->sym->cipher.iv.data = cparams->iv.data;
- op->sym->cipher.iv.phys_addr = cparams->iv.phys_addr;
- op->sym->cipher.iv.length = cparams->iv.length;
+ uint8_t *iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
+ IV_OFFSET);
+ /* Copy IV at the end of the crypto operation */
+ rte_memcpy(iv_ptr, cparams->iv.data, cparams->iv.length);
/* For wireless algorithms, offset/length must be in bits */
if (cparams->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
if (port_cparams[i].do_cipher) {
port_cparams[i].iv.data = options->iv.data;
port_cparams[i].iv.length = options->iv.length;
- port_cparams[i].iv.phys_addr = options->iv.phys_addr;
if (!options->iv_param)
generate_random_key(port_cparams[i].iv.data,
port_cparams[i].iv.length);
port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
+ /* Set IV parameters */
+ options->cipher_xform.cipher.iv.offset = IV_OFFSET;
+ options->cipher_xform.cipher.iv.length = options->iv.length;
}
port_cparams[i].session = initialize_crypto_session(options,
ops_burst, nb_rx) !=
nb_rx) {
for (j = 0; j < nb_rx; j++)
- rte_pktmbuf_free(pkts_burst[i]);
+ rte_pktmbuf_free(pkts_burst[j]);
nb_rx = 0;
}
" (0 to disable, 10 default, 86400 maximum)\n"
" --cdev_type HW / SW / ANY\n"
- " --chain HASH_CIPHER / CIPHER_HASH\n"
+ " --chain HASH_CIPHER / CIPHER_HASH / CIPHER_ONLY /"
+ " HASH_ONLY\n"
" --cipher_algo ALGO\n"
" --cipher_op ENCRYPT / DECRYPT\n"
{
printf("\n---- Authentication information ---\n");
printf("Algorithm: %s\n",
- rte_crypto_auth_algorithm_strings[options->auth_xform.cipher.algo]);
+ rte_crypto_auth_algorithm_strings[options->auth_xform.auth.algo]);
rte_hexdump(stdout, "Auth key:",
options->auth_xform.auth.key.data,
options->auth_xform.auth.key.length);
l2fwd_crypto_default_options(options);
- while ((opt = getopt_long(argc, argvopt, "p:q:st:", lgopts,
+ while ((opt = getopt_long(argc, argvopt, "p:q:sT:", lgopts,
&option_index)) != EOF) {
switch (opt) {
/* long options */
return -1;
}
+
+static int
+check_iv_param(const struct rte_crypto_param_range *iv_range_size,
+ unsigned int iv_param, int iv_random_size,
+ uint16_t *iv_length)
+{
+ /*
+ * Check if length of provided IV is supported
+ * by the algorithm chosen.
+ */
+ if (iv_param) {
+ if (check_supported_size(*iv_length,
+ iv_range_size->min,
+ iv_range_size->max,
+ iv_range_size->increment)
+ != 0) {
+ printf("Unsupported IV length\n");
+ return -1;
+ }
+ /*
+ * Check if length of IV to be randomly generated
+ * is supported by the algorithm chosen.
+ */
+ } else if (iv_random_size != -1) {
+ if (check_supported_size(iv_random_size,
+ iv_range_size->min,
+ iv_range_size->max,
+ iv_range_size->increment)
+ != 0) {
+ printf("Unsupported IV length\n");
+ return -1;
+ }
+ *iv_length = iv_random_size;
+ /* No size provided, use minimum size. */
+ } else
+ *iv_length = iv_range_size->min;
+
+ return 0;
+}
+
static int
initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
uint8_t *enabled_cdevs)
}
options->block_size = cap->sym.cipher.block_size;
- /*
- * Check if length of provided IV is supported
- * by the algorithm chosen.
- */
- if (options->iv_param) {
- if (check_supported_size(options->iv.length,
- cap->sym.cipher.iv_size.min,
- cap->sym.cipher.iv_size.max,
- cap->sym.cipher.iv_size.increment)
- != 0) {
- printf("Unsupported IV length\n");
- return -1;
- }
- /*
- * Check if length of IV to be randomly generated
- * is supported by the algorithm chosen.
- */
- } else if (options->iv_random_size != -1) {
- if (check_supported_size(options->iv_random_size,
- cap->sym.cipher.iv_size.min,
- cap->sym.cipher.iv_size.max,
- cap->sym.cipher.iv_size.increment)
- != 0) {
- printf("Unsupported IV length\n");
- return -1;
- }
- options->iv.length = options->iv_random_size;
- /* No size provided, use minimum size. */
- } else
- options->iv.length = cap->sym.cipher.iv_size.min;
+
+ check_iv_param(&cap->sym.cipher.iv_size, options->iv_param,
+ options->iv_random_size, &options->iv.length);
/*
* Check if length of provided cipher key is supported
continue;
}
- options->block_size = cap->sym.auth.block_size;
/*
* Check if length of provided AAD is supported
* by the algorithm chosen.
options->iv.data = rte_malloc("iv", MAX_KEY_SIZE, 0);
if (options->iv.data == NULL)
rte_exit(EXIT_FAILURE, "Failed to allocate memory for IV");
- options->iv.phys_addr = rte_malloc_virt2phy(options->iv.data);
options->aad.data = rte_malloc("aad", MAX_KEY_SIZE, 0);
if (options->aad.data == NULL)
/* create crypto op pool */
l2fwd_crypto_op_pool = rte_crypto_op_pool_create("crypto_op_pool",
- RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, 0,
+ RTE_CRYPTO_OP_TYPE_SYMMETRIC, NB_MBUF, 128, MAXIMUM_IV_LENGTH,
rte_socket_id());
if (l2fwd_crypto_op_pool == NULL)
rte_exit(EXIT_FAILURE, "Cannot create crypto op pool\n");