Target release for removal of the legacy API will be defined once most
PMDs have switched to rte_flow.
-* cryptodev: the ``uint8_t *data`` member of ``key`` structure in the xforms
- structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
- ``rte_crypto_aead_xform``) will be changed to ``const uint8_t *data``.
-
* cryptodev: support for using IV with all sizes is added, J0 still can
be used but only when IV length in following structs ``rte_crypto_auth_xform``,
``rte_crypto_aead_xform`` is set to zero. When IV length is greater or equal
* malloc: The function ``rte_malloc_set_limit`` was never implemented
is deprecated and will be removed in a future release.
+* cryptodev: the ``uint8_t *data`` member of ``key`` structure in the xforms
+ structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
+ ``rte_crypto_aead_xform``) have been changed to ``const uint8_t *data``.
+
* eventdev: No longer marked as experimental.
The eventdev functions are no longer marked as experimental, and have
}
static __rte_always_inline void
-gen_key_snow3g(uint8_t *ck, uint32_t *keyx)
+gen_key_snow3g(const uint8_t *ck, uint32_t *keyx)
{
int i, base;
}
static __rte_always_inline void
-cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, const uint8_t *key,
uint16_t key_len)
{
uint32_t keyx[4];
}
static __rte_always_inline void
-cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, const uint8_t *key,
uint16_t key_len)
{
cpt_ctx->snow3g = 0;
}
static __rte_always_inline void
-cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, const uint8_t *key,
uint16_t key_len)
{
cpt_ctx->k_ecb = 1;
}
static __rte_always_inline void
-cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, const uint8_t *key,
uint16_t key_len)
{
memcpy(cpt_ctx->k_ctx.ci_key, key, key_len);
}
static __rte_always_inline int
-cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, uint8_t *key,
+cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, const uint8_t *key,
uint16_t key_len, uint8_t *salt)
{
struct cpt_ctx *cpt_ctx = ctx;
}
static __rte_always_inline int
-cpt_fc_auth_set_key(void *ctx, auth_type_t type, uint8_t *key,
+cpt_fc_auth_set_key(void *ctx, auth_type_t type, const uint8_t *key,
uint16_t key_len, uint16_t mac_len)
{
struct cpt_ctx *cpt_ctx = ctx;
const struct rte_crypto_sym_xform *auth_xform;
const struct rte_crypto_sym_xform *aead_xform;
uint8_t key_length;
- uint8_t *key;
+ const uint8_t *key;
/* AES-GMAC */
if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
static void
calculate_auth_precomputes(hash_one_block_t one_block_hash,
uint8_t *ipad, uint8_t *opad,
- uint8_t *hkey, uint16_t hkey_len,
+ const uint8_t *hkey, uint16_t hkey_len,
uint16_t blocksize)
{
unsigned i, length;
mrvl_crypto_set_cipher_session_parameters(struct mrvl_crypto_session *sess,
const struct rte_crypto_sym_xform *cipher_xform)
{
+ uint8_t *cipher_key;
+
/* Make sure we've got proper struct */
if (cipher_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
MRVL_LOG(ERR, "Wrong xform struct provided!");
return -EINVAL;
}
+ cipher_key = malloc(cipher_xform->cipher.key.length);
+ if (cipher_key == NULL) {
+ MRVL_LOG(ERR, "Insufficient memory!");
+ return -ENOMEM;
+ }
+
+ memcpy(cipher_key, cipher_xform->cipher.key.data,
+ cipher_xform->cipher.key.length);
+
sess->sam_sess_params.cipher_key_len = cipher_xform->cipher.key.length;
- sess->sam_sess_params.cipher_key = cipher_xform->cipher.key.data;
+ sess->sam_sess_params.cipher_key = cipher_key;
return 0;
}
mrvl_crypto_set_auth_session_parameters(struct mrvl_crypto_session *sess,
const struct rte_crypto_sym_xform *auth_xform)
{
+ uint8_t *auth_key = NULL;
+
/* Make sure we've got proper struct */
if (auth_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
MRVL_LOG(ERR, "Wrong xform struct provided!");
auth_map[auth_xform->auth.algo].auth_alg;
sess->sam_sess_params.u.basic.auth_icv_len =
auth_xform->auth.digest_length;
+
+ if (auth_xform->auth.key.length > 0) {
+ auth_key = malloc(auth_xform->auth.key.length);
+ if (auth_key == NULL) {
+ MRVL_LOG(ERR, "Not enough memory!");
+ return -EINVAL;
+ }
+
+ memcpy(auth_key, auth_xform->auth.key.data,
+ auth_xform->auth.key.length);
+ }
+
/* auth_key must be NULL if auth algorithm does not use HMAC */
- sess->sam_sess_params.auth_key = auth_xform->auth.key.length ?
- auth_xform->auth.key.data : NULL;
+ sess->sam_sess_params.auth_key = auth_key;
sess->sam_sess_params.auth_key_len = auth_xform->auth.key.length;
return 0;
mrvl_crypto_set_aead_session_parameters(struct mrvl_crypto_session *sess,
const struct rte_crypto_sym_xform *aead_xform)
{
+ uint8_t *aead_key;
+
/* Make sure we've got proper struct */
if (aead_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
MRVL_LOG(ERR, "Wrong xform struct provided!");
return -EINVAL;
}
- sess->sam_sess_params.cipher_key = aead_xform->aead.key.data;
+ aead_key = malloc(aead_xform->aead.key.length);
+ if (aead_key == NULL) {
+ MRVL_LOG(ERR, "Insufficient memory!");
+ return -ENOMEM;
+ }
+
+ memcpy(aead_key, aead_xform->aead.key.data,
+ aead_xform->aead.key.length);
+
+ sess->sam_sess_params.cipher_key = aead_key;
sess->sam_sess_params.cipher_key_len = aead_xform->aead.key.length;
if (sess->sam_sess_params.cipher_mode == SAM_CIPHER_GCM)
return -ENOMEM;
}
+ memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
+
ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
if (ret != 0) {
MRVL_LOG(ERR, "Failed to configure session parameters!");
return -EIO;
}
+ /* free the keys memory allocated for session creation */
+ if (mrvl_sess->sam_sess_params.cipher_key != NULL)
+ free(mrvl_sess->sam_sess_params.cipher_key);
+ if (mrvl_sess->sam_sess_params.auth_key != NULL)
+ free(mrvl_sess->sam_sess_params.auth_key);
+
return 0;
}
/** Get session cipher key from input cipher key */
static void
-get_cipher_key(uint8_t *input_key, int keylen, uint8_t *session_key)
+get_cipher_key(const uint8_t *input_key, int keylen, uint8_t *session_key)
{
memcpy(session_key, input_key, keylen);
}
/** Get key ede 24 bytes standard from input key */
static int
-get_cipher_key_ede(uint8_t *key, int keylen, uint8_t *key_ede)
+get_cipher_key_ede(const uint8_t *key, int keylen, uint8_t *key_ede)
{
int res = 0;
static int
openssl_set_sess_aead_enc_param(struct openssl_session *sess,
enum rte_crypto_aead_algorithm algo,
- uint8_t tag_len, uint8_t *key)
+ uint8_t tag_len, const uint8_t *key)
{
int iv_type = 0;
unsigned int do_ccm;
static int
openssl_set_sess_aead_dec_param(struct openssl_session *sess,
enum rte_crypto_aead_algorithm algo,
- uint8_t tag_len, uint8_t *key)
+ uint8_t tag_len, const uint8_t *key)
{
int iv_type = 0;
unsigned int do_ccm = 0;
static int
bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,
enum rte_crypto_cipher_operation direction __rte_unused,
- uint8_t *key, void **ctx)
+ const uint8_t *key, void **ctx)
{
const EVP_CIPHER *algo = NULL;
int ret;
{
struct rte_crypto_auth_xform *auth_xform = qat_get_auth_xform(xform);
struct qat_sym_dev_private *internals = dev->data->dev_private;
- uint8_t *key_data = auth_xform->key.data;
+ const uint8_t *key_data = auth_xform->key.data;
uint8_t key_length = auth_xform->key.length;
session->aes_cmac = 0;
}
int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cdesc,
- uint8_t *cipherkey,
+ const uint8_t *cipherkey,
uint32_t cipherkeylen)
{
struct icp_qat_hw_cipher_algo_blk *cipher;
}
int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
- uint8_t *authkey,
+ const uint8_t *authkey,
uint32_t authkeylen,
uint32_t aad_length,
uint32_t digestsize,
int
qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cd,
- uint8_t *enckey,
+ const uint8_t *enckey,
uint32_t enckeylen);
int
qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
- uint8_t *authkey,
+ const uint8_t *authkey,
uint32_t authkeylen,
uint32_t aad_length,
uint32_t digestsize,
}
if (cipher_xform) {
+ uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
+
/* Only SNOW 3G UEA2 supported */
if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
return -ENOTSUP;
SNOW3G_LOG(ERR, "Wrong IV length");
return -EINVAL;
}
+ if (cipher_xform->cipher.key.length > SNOW3G_MAX_KEY_SIZE) {
+ SNOW3G_LOG(ERR, "Not enough memory to store the key");
+ return -ENOMEM;
+ }
+
sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
/* Initialize key */
- sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
- &sess->pKeySched_cipher);
+ memcpy(cipher_key, cipher_xform->cipher.key.data,
+ cipher_xform->cipher.key.length);
+ sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
}
if (auth_xform) {
+ uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
+
/* Only SNOW 3G UIA2 supported */
if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
return -ENOTSUP;
SNOW3G_LOG(ERR, "Wrong digest length");
return -EINVAL;
}
+ if (auth_xform->auth.key.length > SNOW3G_MAX_KEY_SIZE) {
+ SNOW3G_LOG(ERR, "Not enough memory to store the key");
+ return -ENOMEM;
+ }
sess->auth_op = auth_xform->auth.op;
sess->auth_iv_offset = auth_xform->auth.iv.offset;
/* Initialize key */
- sso_snow3g_init_key_sched(auth_xform->auth.key.data,
- &sess->pKeySched_hash);
+ memcpy(auth_key, auth_xform->auth.key.data,
+ auth_xform->auth.key.length);
+ sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
}
## __VA_ARGS__)
#define SNOW3G_DIGEST_LENGTH 4
+#define SNOW3G_MAX_KEY_SIZE 128
/** private data structure for each virtual SNOW 3G device */
struct snow3g_private {
virtio_crypto_sym_pad_op_ctrl_req(
struct virtio_crypto_op_ctrl_req *ctrl,
struct rte_crypto_sym_xform *xform, bool is_chainned,
- uint8_t **cipher_key_data, uint8_t **auth_key_data,
+ uint8_t *cipher_key_data, uint8_t *auth_key_data,
struct virtio_crypto_session *session)
{
int ret;
/* Get cipher xform from crypto xform chain */
cipher_xform = virtio_crypto_get_cipher_xform(xform);
if (cipher_xform) {
+ if (cipher_xform->key.length > VIRTIO_CRYPTO_MAX_KEY_SIZE) {
+ VIRTIO_CRYPTO_SESSION_LOG_ERR(
+ "cipher key size cannot be longer than %u",
+ VIRTIO_CRYPTO_MAX_KEY_SIZE);
+ return -1;
+ }
if (cipher_xform->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) {
VIRTIO_CRYPTO_SESSION_LOG_ERR(
"cipher IV size cannot be longer than %u",
return -1;
}
- *cipher_key_data = cipher_xform->key.data;
+ memcpy(cipher_key_data, cipher_xform->key.data,
+ cipher_xform->key.length);
session->iv.offset = cipher_xform->iv.offset;
session->iv.length = cipher_xform->iv.length;
struct virtio_crypto_alg_chain_session_para *para =
&(ctrl->u.sym_create_session.u.chain.para);
if (auth_xform->key.length) {
+ if (auth_xform->key.length >
+ VIRTIO_CRYPTO_MAX_KEY_SIZE) {
+ VIRTIO_CRYPTO_SESSION_LOG_ERR(
+ "auth key size cannot be longer than %u",
+ VIRTIO_CRYPTO_MAX_KEY_SIZE);
+ return -1;
+ }
para->hash_mode = VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH;
para->u.mac_param.auth_key_len =
(uint32_t)auth_xform->key.length;
para->u.mac_param.hash_result_len =
auth_xform->digest_length;
-
- *auth_key_data = auth_xform->key.data;
+ memcpy(auth_key_data, auth_xform->key.data,
+ auth_xform->key.length);
} else {
para->hash_mode = VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN;
para->u.hash_param.hash_result_len =
struct virtio_crypto_session *session;
struct virtio_crypto_op_ctrl_req *ctrl_req;
enum virtio_crypto_cmd_id cmd_id;
- uint8_t *cipher_key_data = NULL;
- uint8_t *auth_key_data = NULL;
+ uint8_t cipher_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] = {0};
+ uint8_t auth_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] = {0};
struct virtio_crypto_hw *hw;
struct virtqueue *control_vq;
= VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING;
ret = virtio_crypto_sym_pad_op_ctrl_req(ctrl_req,
- xform, true, &cipher_key_data, &auth_key_data, session);
+ xform, true, cipher_key_data, auth_key_data, session);
if (ret < 0) {
VIRTIO_CRYPTO_SESSION_LOG_ERR(
"padding sym op ctrl req failed");
ctrl_req->u.sym_create_session.op_type
= VIRTIO_CRYPTO_SYM_OP_CIPHER;
ret = virtio_crypto_sym_pad_op_ctrl_req(ctrl_req, xform,
- false, &cipher_key_data, &auth_key_data, session);
+ false, cipher_key_data, auth_key_data, session);
if (ret < 0) {
VIRTIO_CRYPTO_SESSION_LOG_ERR(
"padding sym op ctrl req failed");
#define VIRTIO_CRYPTO_MAX_IV_SIZE 16
+#define VIRTIO_CRYPTO_MAX_KEY_SIZE 256
+
extern uint8_t cryptodev_virtio_driver_id;
enum virtio_crypto_cmd_id {
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
int i, ip_index = -1;
+ uint8_t *key;
/* Find a match in the IP table*/
for (i = 0; i < IPSEC_MAX_RX_IP_COUNT; i++) {
IXGBE_WAIT_RWRITE;
/* write Key table entry*/
+ key = malloc(ic_session->key_len);
+ if (!key)
+ return -ENOMEM;
+
+ memcpy(key, ic_session->key, ic_session->key_len);
+
reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE |
IPSRXIDX_TABLE_KEY | (sa_index << 3);
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[12]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[8]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[4]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[0]));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT,
rte_cpu_to_be_32(ic_session->salt));
IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD,
priv->rx_sa_tbl[sa_index].mode);
IXGBE_WAIT_RWRITE;
+ free(key);
+
} else { /* sess->dir == RTE_CRYPTO_OUTBOUND */
+ uint8_t *key;
int i;
/* Find a free entry in the SA table*/
priv->tx_sa_tbl[i].used = 1;
ic_session->sa_index = sa_index;
+ key = malloc(ic_session->key_len);
+ if (!key)
+ return -ENOMEM;
+
+ memcpy(key, ic_session->key, ic_session->key_len);
+
/* write Key table entry*/
reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << 3);
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[12]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[8]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[4]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3),
- rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
+ rte_cpu_to_be_32(*(uint32_t *)&key[0]));
IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT,
rte_cpu_to_be_32(ic_session->salt));
IXGBE_WAIT_TWRITE;
+
+ free(key);
}
return 0;
}
ic_session->key = aead_xform->key.data;
+ ic_session->key_len = aead_xform->key.length;
memcpy(&ic_session->salt,
&aead_xform->key.data[aead_xform->key.length], 4);
ic_session->spi = conf->ipsec.spi;
/** inline crypto crypto private session structure */
struct ixgbe_crypto_session {
enum ixgbe_operation op;
- uint8_t *key;
+ const uint8_t *key;
+ uint32_t key_len;
uint32_t salt;
uint32_t sa_index;
uint32_t spi;
switch (xform[i]->type) {
case RTE_CRYPTO_SYM_XFORM_CIPHER:
- if (xform[i]->cipher.key.data)
- free(xform[i]->cipher.key.data);
if (p->cipher_auth.cipher_iv.val)
free(p->cipher_auth.cipher_iv.val);
if (p->cipher_auth.cipher_iv_update.val)
free(p->cipher_auth.cipher_iv_update.val);
break;
case RTE_CRYPTO_SYM_XFORM_AUTH:
- if (xform[i]->auth.key.data)
- free(xform[i]->cipher.key.data);
if (p->cipher_auth.auth_iv.val)
free(p->cipher_auth.cipher_iv.val);
if (p->cipher_auth.auth_iv_update.val)
free(p->cipher_auth.cipher_iv_update.val);
break;
case RTE_CRYPTO_SYM_XFORM_AEAD:
- if (xform[i]->aead.key.data)
- free(xform[i]->cipher.key.data);
if (p->aead.iv.val)
free(p->aead.iv.val);
if (p->aead.aad.val)
static struct rte_crypto_sym_xform *
parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
- char **tokens, uint32_t n_tokens, uint32_t encrypt,
- uint32_t *used_n_tokens)
+ uint8_t *key, uint32_t max_key_len, char **tokens,
+ uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
{
struct rte_crypto_sym_xform *xform_cipher;
int status;
/* cipher_key */
len = strlen(tokens[4]);
- xform_cipher->cipher.key.data = calloc(1, len / 2 + 1);
- if (xform_cipher->cipher.key.data == NULL)
+ if (len / 2 > max_key_len) {
+ status = -ENOMEM;
goto error_exit;
+ }
- status = softnic_parse_hex_string(tokens[4],
- xform_cipher->cipher.key.data,
- (uint32_t *)&len);
+ status = softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len);
if (status < 0)
goto error_exit;
+ xform_cipher->cipher.key.data = key;
xform_cipher->cipher.key.length = (uint16_t)len;
/* cipher_iv */
return xform_cipher;
error_exit:
- if (xform_cipher->cipher.key.data)
- free(xform_cipher->cipher.key.data);
-
if (p->cipher_auth.cipher_iv.val) {
free(p->cipher_auth.cipher_iv.val);
p->cipher_auth.cipher_iv.val = NULL;
static struct rte_crypto_sym_xform *
parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
- char **tokens, uint32_t n_tokens, uint32_t encrypt,
- uint32_t *used_n_tokens)
+ uint8_t *key, uint32_t max_key_len, char **tokens,
+ uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
{
struct rte_crypto_sym_xform *xform_cipher;
struct rte_crypto_sym_xform *xform_auth;
/* auth_key */
len = strlen(tokens[10]);
- xform_auth->auth.key.data = calloc(1, len / 2 + 1);
- if (xform_auth->auth.key.data == NULL)
+ if (len / 2 > max_key_len) {
+ status = -ENOMEM;
goto error_exit;
+ }
- status = softnic_parse_hex_string(tokens[10],
- xform_auth->auth.key.data, (uint32_t *)&len);
+ status = softnic_parse_hex_string(tokens[10], key, (uint32_t *)&len);
if (status < 0)
goto error_exit;
+ xform_auth->auth.key.data = key;
xform_auth->auth.key.length = (uint16_t)len;
+ key += xform_auth->auth.key.length;
+ max_key_len -= xform_auth->auth.key.length;
+
if (strcmp(tokens[11], "digest_size"))
goto error_exit;
if (status < 0)
goto error_exit;
- xform_cipher = parse_table_action_cipher(p, tokens, 7, encrypt,
- used_n_tokens);
+ xform_cipher = parse_table_action_cipher(p, key, max_key_len, tokens, 7,
+ encrypt, used_n_tokens);
if (xform_cipher == NULL)
goto error_exit;
}
error_exit:
- if (xform_auth->auth.key.data)
- free(xform_auth->auth.key.data);
if (p->cipher_auth.auth_iv.val) {
free(p->cipher_auth.auth_iv.val);
p->cipher_auth.auth_iv.val = 0;
static struct rte_crypto_sym_xform *
parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
- char **tokens, uint32_t n_tokens, uint32_t encrypt,
- uint32_t *used_n_tokens)
+ uint8_t *key, uint32_t max_key_len, char **tokens,
+ uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
{
struct rte_crypto_sym_xform *xform_aead;
int status;
/* aead_key */
len = strlen(tokens[4]);
- xform_aead->aead.key.data = calloc(1, len / 2 + 1);
- if (xform_aead->aead.key.data == NULL)
+ if (len / 2 > max_key_len) {
+ status = -ENOMEM;
goto error_exit;
+ }
- status = softnic_parse_hex_string(tokens[4], xform_aead->aead.key.data,
- (uint32_t *)&len);
+ status = softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len);
if (status < 0)
goto error_exit;
+ xform_aead->aead.key.data = key;
xform_aead->aead.key.length = (uint16_t)len;
/* aead_iv */
return xform_aead;
error_exit:
- if (xform_aead->aead.key.data)
- free(xform_aead->aead.key.data);
if (p->aead.iv.val) {
free(p->aead.iv.val);
p->aead.iv.val = NULL;
{
struct rte_table_action_sym_crypto_params *p = &a->sym_crypto;
struct rte_crypto_sym_xform *xform = NULL;
+ uint8_t *key = a->sym_crypto_key;
+ uint32_t max_key_len = SYM_CRYPTO_MAX_KEY_SIZE;
uint32_t used_n_tokens;
uint32_t encrypt;
int status;
tokens += 3;
n_tokens -= 3;
- xform = parse_table_action_cipher(p, tokens, n_tokens, encrypt,
- &used_n_tokens);
+ xform = parse_table_action_cipher(p, key, max_key_len, tokens,
+ n_tokens, encrypt, &used_n_tokens);
} else if (strcmp(tokens[3], "cipher_auth") == 0) {
tokens += 3;
n_tokens -= 3;
- xform = parse_table_action_cipher_auth(p, tokens, n_tokens,
- encrypt, &used_n_tokens);
+ xform = parse_table_action_cipher_auth(p, key, max_key_len,
+ tokens, n_tokens, encrypt, &used_n_tokens);
} else if (strcmp(tokens[3], "aead") == 0) {
tokens += 3;
n_tokens -= 3;
- xform = parse_table_action_aead(p, tokens, n_tokens, encrypt,
- &used_n_tokens);
+ xform = parse_table_action_aead(p, key, max_key_len, tokens,
+ n_tokens, encrypt, &used_n_tokens);
}
if (xform == NULL)
} match;
};
+#ifndef SYM_CRYPTO_MAX_KEY_SIZE
+#define SYM_CRYPTO_MAX_KEY_SIZE (256)
+#endif
struct softnic_table_rule_action {
uint64_t action_mask;
struct rte_table_action_fwd_params fwd;
struct rte_table_action_tag_params tag;
struct rte_table_action_decap_params decap;
struct rte_table_action_sym_crypto_params sym_crypto;
+ uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE];
};
struct rte_flow {
switch (xform[i]->type) {
case RTE_CRYPTO_SYM_XFORM_CIPHER:
- if (xform[i]->cipher.key.data)
- free(xform[i]->cipher.key.data);
if (p->cipher_auth.cipher_iv.val)
free(p->cipher_auth.cipher_iv.val);
if (p->cipher_auth.cipher_iv_update.val)
free(p->cipher_auth.cipher_iv_update.val);
break;
case RTE_CRYPTO_SYM_XFORM_AUTH:
- if (xform[i]->auth.key.data)
- free(xform[i]->cipher.key.data);
if (p->cipher_auth.auth_iv.val)
free(p->cipher_auth.cipher_iv.val);
if (p->cipher_auth.auth_iv_update.val)
free(p->cipher_auth.cipher_iv_update.val);
break;
case RTE_CRYPTO_SYM_XFORM_AEAD:
- if (xform[i]->aead.key.data)
- free(xform[i]->cipher.key.data);
if (p->aead.iv.val)
free(p->aead.iv.val);
if (p->aead.aad.val)
static struct rte_crypto_sym_xform *
parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
- char **tokens, uint32_t n_tokens, uint32_t encrypt,
- uint32_t *used_n_tokens)
+ uint8_t *key, uint32_t max_key_len, char **tokens,
+ uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
{
struct rte_crypto_sym_xform *xform_cipher;
int status;
/* cipher_key */
len = strlen(tokens[4]);
- xform_cipher->cipher.key.data = calloc(1, len / 2 + 1);
- if (xform_cipher->cipher.key.data == NULL)
+ if (len / 2 > max_key_len) {
+ status = -ENOMEM;
goto error_exit;
+ }
- status = parse_hex_string(tokens[4],
- xform_cipher->cipher.key.data,
- (uint32_t *)&len);
+ status = parse_hex_string(tokens[4], key, (uint32_t *)&len);
if (status < 0)
goto error_exit;
+ xform_cipher->cipher.key.data = key;
xform_cipher->cipher.key.length = (uint16_t)len;
/* cipher_iv */
return xform_cipher;
error_exit:
- if (xform_cipher->cipher.key.data)
- free(xform_cipher->cipher.key.data);
-
if (p->cipher_auth.cipher_iv.val) {
free(p->cipher_auth.cipher_iv.val);
p->cipher_auth.cipher_iv.val = NULL;
static struct rte_crypto_sym_xform *
parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
- char **tokens, uint32_t n_tokens, uint32_t encrypt,
- uint32_t *used_n_tokens)
+ uint8_t *key, uint32_t max_key_len, char **tokens,
+ uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
{
struct rte_crypto_sym_xform *xform_cipher;
struct rte_crypto_sym_xform *xform_auth;
/* auth_key */
len = strlen(tokens[10]);
- xform_auth->auth.key.data = calloc(1, len / 2 + 1);
- if (xform_auth->auth.key.data == NULL)
+ if (len / 2 > max_key_len) {
+ status = -ENOMEM;
goto error_exit;
+ }
- status = parse_hex_string(tokens[10],
- xform_auth->auth.key.data, (uint32_t *)&len);
+ status = parse_hex_string(tokens[10], key, (uint32_t *)&len);
if (status < 0)
goto error_exit;
+ xform_auth->auth.key.data = key;
xform_auth->auth.key.length = (uint16_t)len;
+ key += xform_auth->auth.key.length;
+ max_key_len -= xform_auth->auth.key.length;
+
if (strcmp(tokens[11], "digest_size"))
goto error_exit;
if (status < 0)
goto error_exit;
- xform_cipher = parse_table_action_cipher(p, tokens, 7, encrypt,
- used_n_tokens);
+ xform_cipher = parse_table_action_cipher(p, key, max_key_len, tokens,
+ 7, encrypt, used_n_tokens);
if (xform_cipher == NULL)
goto error_exit;
}
error_exit:
- if (xform_auth->auth.key.data)
- free(xform_auth->auth.key.data);
if (p->cipher_auth.auth_iv.val) {
free(p->cipher_auth.auth_iv.val);
p->cipher_auth.auth_iv.val = 0;
static struct rte_crypto_sym_xform *
parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
- char **tokens, uint32_t n_tokens, uint32_t encrypt,
- uint32_t *used_n_tokens)
+ uint8_t *key, uint32_t max_key_len, char **tokens,
+ uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
{
struct rte_crypto_sym_xform *xform_aead;
int status;
/* aead_key */
len = strlen(tokens[4]);
- xform_aead->aead.key.data = calloc(1, len / 2 + 1);
- if (xform_aead->aead.key.data == NULL)
+ if (len / 2 > max_key_len) {
+ status = -ENOMEM;
goto error_exit;
+ }
- status = parse_hex_string(tokens[4], xform_aead->aead.key.data,
- (uint32_t *)&len);
+ status = parse_hex_string(tokens[4], key, (uint32_t *)&len);
if (status < 0)
goto error_exit;
+ xform_aead->aead.key.data = key;
xform_aead->aead.key.length = (uint16_t)len;
/* aead_iv */
return xform_aead;
error_exit:
- if (xform_aead->aead.key.data)
- free(xform_aead->aead.key.data);
if (p->aead.iv.val) {
free(p->aead.iv.val);
p->aead.iv.val = NULL;
{
struct rte_table_action_sym_crypto_params *p = &a->sym_crypto;
struct rte_crypto_sym_xform *xform = NULL;
+ uint8_t *key = a->sym_crypto_key;
+ uint32_t max_key_len = SYM_CRYPTO_MAX_KEY_SIZE;
uint32_t used_n_tokens;
uint32_t encrypt;
int status;
tokens += 3;
n_tokens -= 3;
- xform = parse_table_action_cipher(p, tokens, n_tokens, encrypt,
- &used_n_tokens);
+ xform = parse_table_action_cipher(p, key, max_key_len, tokens,
+ n_tokens, encrypt, &used_n_tokens);
} else if (strcmp(tokens[3], "cipher_auth") == 0) {
tokens += 3;
n_tokens -= 3;
- xform = parse_table_action_cipher_auth(p, tokens, n_tokens,
- encrypt, &used_n_tokens);
+ xform = parse_table_action_cipher_auth(p, key, max_key_len,
+ tokens, n_tokens, encrypt, &used_n_tokens);
} else if (strcmp(tokens[3], "aead") == 0) {
tokens += 3;
n_tokens -= 3;
- xform = parse_table_action_aead(p, tokens, n_tokens, encrypt,
- &used_n_tokens);
+ xform = parse_table_action_aead(p, key, max_key_len, tokens,
+ n_tokens, encrypt, &used_n_tokens);
}
if (xform == NULL)
if (dev_info.max_nb_queue_pairs < params->n_queues)
return NULL;
- if (dev_info.feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED)
- return NULL;
dev_conf.socket_id = socket_id;
dev_conf.nb_queue_pairs = params->n_queues;
} match;
};
+#ifndef SYM_CRYPTO_MAX_KEY_SIZE
+#define SYM_CRYPTO_MAX_KEY_SIZE (256)
+#endif
+
struct table_rule_action {
uint64_t action_mask;
struct rte_table_action_fwd_params fwd;
struct rte_table_action_stats_params stats;
struct rte_table_action_time_params time;
struct rte_table_action_sym_crypto_params sym_crypto;
+ uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE];
struct rte_table_action_tag_params tag;
struct rte_table_action_decap_params decap;
+
};
struct table_rule {
struct rte_crypto_sym_xform cipher_xform;
unsigned ckey_param;
int ckey_random_size;
+ uint8_t cipher_key[MAX_KEY_SIZE];
struct l2fwd_iv cipher_iv;
unsigned int cipher_iv_param;
struct rte_crypto_sym_xform auth_xform;
uint8_t akey_param;
int akey_random_size;
+ uint8_t auth_key[MAX_KEY_SIZE];
struct l2fwd_iv auth_iv;
unsigned int auth_iv_param;
struct rte_crypto_sym_xform aead_xform;
unsigned int aead_key_param;
int aead_key_random_size;
+ uint8_t aead_key[MAX_KEY_SIZE];
struct l2fwd_iv aead_iv;
unsigned int aead_iv_param;
else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
options->ckey_param = 1;
options->cipher_xform.cipher.key.length =
- parse_bytes(options->cipher_xform.cipher.key.data, optarg,
- MAX_KEY_SIZE);
+ parse_bytes(options->cipher_key, optarg, MAX_KEY_SIZE);
if (options->cipher_xform.cipher.key.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
options->akey_param = 1;
options->auth_xform.auth.key.length =
- parse_bytes(options->auth_xform.auth.key.data, optarg,
- MAX_KEY_SIZE);
+ parse_bytes(options->auth_key, optarg, MAX_KEY_SIZE);
if (options->auth_xform.auth.key.length > 0)
return 0;
else
else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
options->aead_key_param = 1;
options->aead_xform.aead.key.length =
- parse_bytes(options->aead_xform.aead.key.data, optarg,
- MAX_KEY_SIZE);
+ parse_bytes(options->aead_key, optarg, MAX_KEY_SIZE);
if (options->aead_xform.aead.key.length > 0)
return 0;
else
options->aead_xform.aead.key.length =
cap->sym.aead.key_size.min;
- generate_random_key(
- options->aead_xform.aead.key.data,
+ generate_random_key(options->aead_key,
options->aead_xform.aead.key.length);
}
options->cipher_xform.cipher.key.length =
cap->sym.cipher.key_size.min;
- generate_random_key(
- options->cipher_xform.cipher.key.data,
+ generate_random_key(options->cipher_key,
options->cipher_xform.cipher.key.length);
}
}
options->auth_xform.auth.key.length =
cap->sym.auth.key_size.min;
- generate_random_key(
- options->auth_xform.auth.key.data,
+ generate_random_key(options->auth_key,
options->auth_xform.auth.key.length);
}
static void
reserve_key_memory(struct l2fwd_crypto_options *options)
{
- options->cipher_xform.cipher.key.data = rte_malloc("crypto key",
- MAX_KEY_SIZE, 0);
- if (options->cipher_xform.cipher.key.data == NULL)
- rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
-
- options->auth_xform.auth.key.data = rte_malloc("auth key",
- MAX_KEY_SIZE, 0);
- if (options->auth_xform.auth.key.data == NULL)
- rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
-
- options->aead_xform.aead.key.data = rte_malloc("aead key",
- MAX_KEY_SIZE, 0);
- if (options->aead_xform.aead.key.data == NULL)
- rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD key");
+ options->cipher_xform.cipher.key.data = options->cipher_key;
+
+ options->auth_xform.auth.key.data = options->auth_key;
+
+ options->aead_xform.aead.key.data = options->aead_key;
options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
if (options->cipher_iv.data == NULL)
/**< Cipher algorithm */
struct {
- uint8_t *data; /**< pointer to key data */
- uint16_t length;/**< key length in bytes */
+ const uint8_t *data; /**< pointer to key data */
+ uint16_t length; /**< key length in bytes */
} key;
/**< Cipher key
*
/**< Authentication algorithm selection */
struct {
- uint8_t *data; /**< pointer to key data */
- uint16_t length;/**< key length in bytes */
+ const uint8_t *data; /**< pointer to key data */
+ uint16_t length; /**< key length in bytes */
} key;
/**< Authentication key data.
* The authentication key length MUST be less than or equal to the
/**< AEAD algorithm selection */
struct {
- uint8_t *data; /**< pointer to key data */
- uint16_t length;/**< key length in bytes */
+ const uint8_t *data; /**< pointer to key data */
+ uint16_t length; /**< key length in bytes */
} key;
struct {