cryptodev: make xform key pointer constant
authorFan Zhang <roy.fan.zhang@intel.com>
Mon, 24 Jun 2019 13:35:22 +0000 (14:35 +0100)
committerAkhil Goyal <akhil.goyal@nxp.com>
Fri, 19 Jul 2019 12:15:21 +0000 (14:15 +0200)
This patch changes the key pointer data types in cipher, auth,
and aead xforms from "uint8_t *" to "const uint8_t *" for a
more intuitive and safe sessionn creation.

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Acked-by: Liron Himi <lironh@marvell.com>
23 files changed:
doc/guides/rel_notes/deprecation.rst
doc/guides/rel_notes/release_19_08.rst
drivers/common/cpt/cpt_ucode.h
drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
drivers/crypto/mvsam/rte_mrvl_pmd.c
drivers/crypto/mvsam/rte_mrvl_pmd_ops.c
drivers/crypto/openssl/rte_openssl_pmd.c
drivers/crypto/qat/qat_sym_session.c
drivers/crypto/qat/qat_sym_session.h
drivers/crypto/snow3g/rte_snow3g_pmd.c
drivers/crypto/snow3g/rte_snow3g_pmd_private.h
drivers/crypto/virtio/virtio_cryptodev.c
drivers/crypto/virtio/virtio_cryptodev.h
drivers/net/ixgbe/ixgbe_ipsec.c
drivers/net/ixgbe/ixgbe_ipsec.h
drivers/net/softnic/rte_eth_softnic_cli.c
drivers/net/softnic/rte_eth_softnic_internals.h
examples/ip_pipeline/cli.c
examples/ip_pipeline/cryptodev.c
examples/ip_pipeline/pipeline.h
examples/l2fwd-crypto/main.c
lib/librte_cryptodev/rte_crypto_sym.h

index a7796f4..37b8592 100644 (file)
@@ -59,10 +59,6 @@ Deprecation Notices
   Target release for removal of the legacy API will be defined once most
   PMDs have switched to rte_flow.
 
-* cryptodev: the ``uint8_t *data`` member of ``key`` structure in the xforms
-  structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
-  ``rte_crypto_aead_xform``) will be changed to ``const uint8_t *data``.
-
 * cryptodev: support for using IV with all sizes is added, J0 still can
   be used but only when IV length in following structs ``rte_crypto_auth_xform``,
   ``rte_crypto_aead_xform`` is set to zero. When IV length is greater or equal
index f8f63f7..0a3f840 100644 (file)
@@ -255,6 +255,10 @@ API Changes
 * malloc: The function ``rte_malloc_set_limit`` was never implemented
   is deprecated and will be removed in a future release.
 
+* cryptodev: the ``uint8_t *data`` member of ``key`` structure in the xforms
+  structure (``rte_crypto_cipher_xform``, ``rte_crypto_auth_xform``, and
+  ``rte_crypto_aead_xform``) have been changed to ``const uint8_t *data``.
+
 * eventdev: No longer marked as experimental.
 
   The eventdev functions are no longer marked as experimental, and have
index 0992576..7d9c31e 100644 (file)
@@ -55,7 +55,7 @@ cpt_is_algo_supported(struct rte_crypto_sym_xform *xform)
 }
 
 static __rte_always_inline void
-gen_key_snow3g(uint8_t *ck, uint32_t *keyx)
+gen_key_snow3g(const uint8_t *ck, uint32_t *keyx)
 {
        int i, base;
 
@@ -175,7 +175,7 @@ cpt_fc_ciph_set_key_set_aes_key_type(mc_fc_context_t *fctx, uint16_t key_len)
 }
 
 static __rte_always_inline void
-cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, const uint8_t *key,
                uint16_t key_len)
 {
        uint32_t keyx[4];
@@ -186,7 +186,7 @@ cpt_fc_ciph_set_key_snow3g_uea2(struct cpt_ctx *cpt_ctx, uint8_t *key,
 }
 
 static __rte_always_inline void
-cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, const uint8_t *key,
                uint16_t key_len)
 {
        cpt_ctx->snow3g = 0;
@@ -196,7 +196,7 @@ cpt_fc_ciph_set_key_zuc_eea3(struct cpt_ctx *cpt_ctx, uint8_t *key,
 }
 
 static __rte_always_inline void
-cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, const uint8_t *key,
                uint16_t key_len)
 {
        cpt_ctx->k_ecb = 1;
@@ -205,7 +205,7 @@ cpt_fc_ciph_set_key_kasumi_f8_ecb(struct cpt_ctx *cpt_ctx, uint8_t *key,
 }
 
 static __rte_always_inline void
-cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key,
+cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, const uint8_t *key,
                uint16_t key_len)
 {
        memcpy(cpt_ctx->k_ctx.ci_key, key, key_len);
@@ -213,7 +213,7 @@ cpt_fc_ciph_set_key_kasumi_f8_cbc(struct cpt_ctx *cpt_ctx, uint8_t *key,
 }
 
 static __rte_always_inline int
-cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, uint8_t *key,
+cpt_fc_ciph_set_key(void *ctx, cipher_type_t type, const uint8_t *key,
                    uint16_t key_len, uint8_t *salt)
 {
        struct cpt_ctx *cpt_ctx = ctx;
@@ -2486,7 +2486,7 @@ cpt_fc_enc_hmac_prep(uint32_t flags, uint64_t d_offs, uint64_t d_lens,
 }
 
 static __rte_always_inline int
-cpt_fc_auth_set_key(void *ctx, auth_type_t type, uint8_t *key,
+cpt_fc_auth_set_key(void *ctx, auth_type_t type, const uint8_t *key,
                    uint16_t key_len, uint16_t mac_len)
 {
        struct cpt_ctx *cpt_ctx = ctx;
index 49ee317..1006a5c 100644 (file)
@@ -24,7 +24,7 @@ aesni_gcm_set_session_parameters(const struct aesni_gcm_ops *gcm_ops,
        const struct rte_crypto_sym_xform *auth_xform;
        const struct rte_crypto_sym_xform *aead_xform;
        uint8_t key_length;
-       uint8_t *key;
+       const uint8_t *key;
 
        /* AES-GMAC */
        if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
index edb6608..b495a96 100644 (file)
@@ -35,7 +35,7 @@ typedef void (*aes_keyexp_t)(const void *key, void *enc_exp_keys, void *dec_exp_
 static void
 calculate_auth_precomputes(hash_one_block_t one_block_hash,
                uint8_t *ipad, uint8_t *opad,
-               uint8_t *hkey, uint16_t hkey_len,
+               const uint8_t *hkey, uint16_t hkey_len,
                uint16_t blocksize)
 {
        unsigned i, length;
index c2ae82a..ef2e5ed 100644 (file)
@@ -222,6 +222,8 @@ static int
 mrvl_crypto_set_cipher_session_parameters(struct mrvl_crypto_session *sess,
                const struct rte_crypto_sym_xform *cipher_xform)
 {
+       uint8_t *cipher_key;
+
        /* Make sure we've got proper struct */
        if (cipher_xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) {
                MRVL_LOG(ERR, "Wrong xform struct provided!");
@@ -256,8 +258,17 @@ mrvl_crypto_set_cipher_session_parameters(struct mrvl_crypto_session *sess,
                return -EINVAL;
        }
 
+       cipher_key = malloc(cipher_xform->cipher.key.length);
+       if (cipher_key == NULL) {
+               MRVL_LOG(ERR, "Insufficient memory!");
+               return -ENOMEM;
+       }
+
+       memcpy(cipher_key, cipher_xform->cipher.key.data,
+                       cipher_xform->cipher.key.length);
+
        sess->sam_sess_params.cipher_key_len = cipher_xform->cipher.key.length;
-       sess->sam_sess_params.cipher_key = cipher_xform->cipher.key.data;
+       sess->sam_sess_params.cipher_key = cipher_key;
 
        return 0;
 }
@@ -273,6 +284,8 @@ static int
 mrvl_crypto_set_auth_session_parameters(struct mrvl_crypto_session *sess,
                const struct rte_crypto_sym_xform *auth_xform)
 {
+       uint8_t *auth_key = NULL;
+
        /* Make sure we've got proper struct */
        if (auth_xform->type != RTE_CRYPTO_SYM_XFORM_AUTH) {
                MRVL_LOG(ERR, "Wrong xform struct provided!");
@@ -293,9 +306,20 @@ mrvl_crypto_set_auth_session_parameters(struct mrvl_crypto_session *sess,
                auth_map[auth_xform->auth.algo].auth_alg;
        sess->sam_sess_params.u.basic.auth_icv_len =
                auth_xform->auth.digest_length;
+
+       if (auth_xform->auth.key.length > 0) {
+               auth_key = malloc(auth_xform->auth.key.length);
+               if (auth_key == NULL) {
+                       MRVL_LOG(ERR, "Not enough memory!");
+                       return -EINVAL;
+               }
+
+               memcpy(auth_key, auth_xform->auth.key.data,
+                               auth_xform->auth.key.length);
+       }
+
        /* auth_key must be NULL if auth algorithm does not use HMAC */
-       sess->sam_sess_params.auth_key = auth_xform->auth.key.length ?
-                                        auth_xform->auth.key.data : NULL;
+       sess->sam_sess_params.auth_key = auth_key;
        sess->sam_sess_params.auth_key_len = auth_xform->auth.key.length;
 
        return 0;
@@ -312,6 +336,8 @@ static int
 mrvl_crypto_set_aead_session_parameters(struct mrvl_crypto_session *sess,
                const struct rte_crypto_sym_xform *aead_xform)
 {
+       uint8_t *aead_key;
+
        /* Make sure we've got proper struct */
        if (aead_xform->type != RTE_CRYPTO_SYM_XFORM_AEAD) {
                MRVL_LOG(ERR, "Wrong xform struct provided!");
@@ -344,7 +370,16 @@ mrvl_crypto_set_aead_session_parameters(struct mrvl_crypto_session *sess,
                return -EINVAL;
        }
 
-       sess->sam_sess_params.cipher_key = aead_xform->aead.key.data;
+       aead_key = malloc(aead_xform->aead.key.length);
+       if (aead_key == NULL) {
+               MRVL_LOG(ERR, "Insufficient memory!");
+               return -ENOMEM;
+       }
+
+       memcpy(aead_key, aead_xform->aead.key.data,
+                       aead_xform->aead.key.length);
+
+       sess->sam_sess_params.cipher_key = aead_key;
        sess->sam_sess_params.cipher_key_len = aead_xform->aead.key.length;
 
        if (sess->sam_sess_params.cipher_mode == SAM_CIPHER_GCM)
index f6bf2cd..56a5450 100644 (file)
@@ -751,6 +751,8 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
                return -ENOMEM;
        }
 
+       memset(sess_private_data, 0, sizeof(struct mrvl_crypto_session));
+
        ret = mrvl_crypto_set_session_parameters(sess_private_data, xform);
        if (ret != 0) {
                MRVL_LOG(ERR, "Failed to configure session parameters!");
@@ -769,6 +771,12 @@ mrvl_crypto_pmd_sym_session_configure(__rte_unused struct rte_cryptodev *dev,
                return -EIO;
        }
 
+       /* free the keys memory allocated for session creation */
+       if (mrvl_sess->sam_sess_params.cipher_key != NULL)
+               free(mrvl_sess->sam_sess_params.cipher_key);
+       if (mrvl_sess->sam_sess_params.auth_key != NULL)
+               free(mrvl_sess->sam_sess_params.auth_key);
+
        return 0;
 }
 
index 73ce383..7c8bf0d 100644 (file)
@@ -92,14 +92,14 @@ openssl_get_chain_order(const struct rte_crypto_sym_xform *xform)
 
 /** Get session cipher key from input cipher key */
 static void
-get_cipher_key(uint8_t *input_key, int keylen, uint8_t *session_key)
+get_cipher_key(const uint8_t *input_key, int keylen, uint8_t *session_key)
 {
        memcpy(session_key, input_key, keylen);
 }
 
 /** Get key ede 24 bytes standard from input key */
 static int
-get_cipher_key_ede(uint8_t *key, int keylen, uint8_t *key_ede)
+get_cipher_key_ede(const uint8_t *key, int keylen, uint8_t *key_ede)
 {
        int res = 0;
 
@@ -292,7 +292,7 @@ get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen,
 static int
 openssl_set_sess_aead_enc_param(struct openssl_session *sess,
                enum rte_crypto_aead_algorithm algo,
-               uint8_t tag_len, uint8_t *key)
+               uint8_t tag_len, const uint8_t *key)
 {
        int iv_type = 0;
        unsigned int do_ccm;
@@ -352,7 +352,7 @@ openssl_set_sess_aead_enc_param(struct openssl_session *sess,
 static int
 openssl_set_sess_aead_dec_param(struct openssl_session *sess,
                enum rte_crypto_aead_algorithm algo,
-               uint8_t tag_len, uint8_t *key)
+               uint8_t tag_len, const uint8_t *key)
 {
        int iv_type = 0;
        unsigned int do_ccm = 0;
index f66175d..e5167b3 100644 (file)
@@ -35,7 +35,7 @@ bpi_cipher_ctx_free(void *bpi_ctx)
 static int
 bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,
                enum rte_crypto_cipher_operation direction __rte_unused,
-               uint8_t *key, void **ctx)
+               const uint8_t *key, void **ctx)
 {
        const EVP_CIPHER *algo = NULL;
        int ret;
@@ -510,7 +510,7 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 {
        struct rte_crypto_auth_xform *auth_xform = qat_get_auth_xform(xform);
        struct qat_sym_dev_private *internals = dev->data->dev_private;
-       uint8_t *key_data = auth_xform->key.data;
+       const uint8_t *key_data = auth_xform->key.data;
        uint8_t key_length = auth_xform->key.length;
        session->aes_cmac = 0;
 
@@ -1272,7 +1272,7 @@ qat_get_crypto_proto_flag(uint16_t flags)
 }
 
 int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cdesc,
-                                               uint8_t *cipherkey,
+                                               const uint8_t *cipherkey,
                                                uint32_t cipherkeylen)
 {
        struct icp_qat_hw_cipher_algo_blk *cipher;
@@ -1427,7 +1427,7 @@ int qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cdesc,
 }
 
 int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
-                                               uint8_t *authkey,
+                                               const uint8_t *authkey,
                                                uint32_t authkeylen,
                                                uint32_t aad_length,
                                                uint32_t digestsize,
index 43e25ce..ce1ca5a 100644 (file)
@@ -106,12 +106,12 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 
 int
 qat_sym_session_aead_create_cd_cipher(struct qat_sym_session *cd,
-                                               uint8_t *enckey,
+                                               const uint8_t *enckey,
                                                uint32_t enckeylen);
 
 int
 qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
-                                               uint8_t *authkey,
+                                               const uint8_t *authkey,
                                                uint32_t authkeylen,
                                                uint32_t aad_length,
                                                uint32_t digestsize,
index 5fd94b6..68d7176 100644 (file)
@@ -84,6 +84,8 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
        }
 
        if (cipher_xform) {
+               uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
+
                /* Only SNOW 3G UEA2 supported */
                if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
                        return -ENOTSUP;
@@ -92,14 +94,22 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
                        SNOW3G_LOG(ERR, "Wrong IV length");
                        return -EINVAL;
                }
+               if (cipher_xform->cipher.key.length > SNOW3G_MAX_KEY_SIZE) {
+                       SNOW3G_LOG(ERR, "Not enough memory to store the key");
+                       return -ENOMEM;
+               }
+
                sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
                /* Initialize key */
-               sso_snow3g_init_key_sched(cipher_xform->cipher.key.data,
-                               &sess->pKeySched_cipher);
+               memcpy(cipher_key, cipher_xform->cipher.key.data,
+                               cipher_xform->cipher.key.length);
+               sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
        }
 
        if (auth_xform) {
+               uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
+
                /* Only SNOW 3G UIA2 supported */
                if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
                        return -ENOTSUP;
@@ -108,6 +118,10 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
                        SNOW3G_LOG(ERR, "Wrong digest length");
                        return -EINVAL;
                }
+               if (auth_xform->auth.key.length > SNOW3G_MAX_KEY_SIZE) {
+                       SNOW3G_LOG(ERR, "Not enough memory to store the key");
+                       return -ENOMEM;
+               }
 
                sess->auth_op = auth_xform->auth.op;
 
@@ -118,8 +132,9 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
                sess->auth_iv_offset = auth_xform->auth.iv.offset;
 
                /* Initialize key */
-               sso_snow3g_init_key_sched(auth_xform->auth.key.data,
-                               &sess->pKeySched_hash);
+               memcpy(auth_key, auth_xform->auth.key.data,
+                               auth_xform->auth.key.length);
+               sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
        }
 
 
index df5c609..95a3eba 100644 (file)
@@ -19,6 +19,7 @@ int snow3g_logtype_driver;
                                        ## __VA_ARGS__)
 
 #define SNOW3G_DIGEST_LENGTH 4
+#define SNOW3G_MAX_KEY_SIZE  128
 
 /** private data structure for each virtual SNOW 3G device */
 struct snow3g_private {
index 4bae3b8..f16bdfe 100644 (file)
@@ -1210,7 +1210,7 @@ static int
 virtio_crypto_sym_pad_op_ctrl_req(
                struct virtio_crypto_op_ctrl_req *ctrl,
                struct rte_crypto_sym_xform *xform, bool is_chainned,
-               uint8_t **cipher_key_data, uint8_t **auth_key_data,
+               uint8_t *cipher_key_data, uint8_t *auth_key_data,
                struct virtio_crypto_session *session)
 {
        int ret;
@@ -1220,6 +1220,12 @@ virtio_crypto_sym_pad_op_ctrl_req(
        /* Get cipher xform from crypto xform chain */
        cipher_xform = virtio_crypto_get_cipher_xform(xform);
        if (cipher_xform) {
+               if (cipher_xform->key.length > VIRTIO_CRYPTO_MAX_KEY_SIZE) {
+                       VIRTIO_CRYPTO_SESSION_LOG_ERR(
+                               "cipher key size cannot be longer than %u",
+                               VIRTIO_CRYPTO_MAX_KEY_SIZE);
+                       return -1;
+               }
                if (cipher_xform->iv.length > VIRTIO_CRYPTO_MAX_IV_SIZE) {
                        VIRTIO_CRYPTO_SESSION_LOG_ERR(
                                "cipher IV size cannot be longer than %u",
@@ -1241,7 +1247,8 @@ virtio_crypto_sym_pad_op_ctrl_req(
                        return -1;
                }
 
-               *cipher_key_data = cipher_xform->key.data;
+               memcpy(cipher_key_data, cipher_xform->key.data,
+                               cipher_xform->key.length);
 
                session->iv.offset = cipher_xform->iv.offset;
                session->iv.length = cipher_xform->iv.length;
@@ -1254,13 +1261,20 @@ virtio_crypto_sym_pad_op_ctrl_req(
                struct virtio_crypto_alg_chain_session_para *para =
                        &(ctrl->u.sym_create_session.u.chain.para);
                if (auth_xform->key.length) {
+                       if (auth_xform->key.length >
+                                       VIRTIO_CRYPTO_MAX_KEY_SIZE) {
+                               VIRTIO_CRYPTO_SESSION_LOG_ERR(
+                               "auth key size cannot be longer than %u",
+                                       VIRTIO_CRYPTO_MAX_KEY_SIZE);
+                               return -1;
+                       }
                        para->hash_mode = VIRTIO_CRYPTO_SYM_HASH_MODE_AUTH;
                        para->u.mac_param.auth_key_len =
                                (uint32_t)auth_xform->key.length;
                        para->u.mac_param.hash_result_len =
                                auth_xform->digest_length;
-
-                       *auth_key_data = auth_xform->key.data;
+                       memcpy(auth_key_data, auth_xform->key.data,
+                                       auth_xform->key.length);
                } else {
                        para->hash_mode = VIRTIO_CRYPTO_SYM_HASH_MODE_PLAIN;
                        para->u.hash_param.hash_result_len =
@@ -1310,8 +1324,8 @@ virtio_crypto_sym_configure_session(
        struct virtio_crypto_session *session;
        struct virtio_crypto_op_ctrl_req *ctrl_req;
        enum virtio_crypto_cmd_id cmd_id;
-       uint8_t *cipher_key_data = NULL;
-       uint8_t *auth_key_data = NULL;
+       uint8_t cipher_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] = {0};
+       uint8_t auth_key_data[VIRTIO_CRYPTO_MAX_KEY_SIZE] = {0};
        struct virtio_crypto_hw *hw;
        struct virtqueue *control_vq;
 
@@ -1355,7 +1369,7 @@ virtio_crypto_sym_configure_session(
                        = VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING;
 
                ret = virtio_crypto_sym_pad_op_ctrl_req(ctrl_req,
-                       xform, true, &cipher_key_data, &auth_key_data, session);
+                       xform, true, cipher_key_data, auth_key_data, session);
                if (ret < 0) {
                        VIRTIO_CRYPTO_SESSION_LOG_ERR(
                                "padding sym op ctrl req failed");
@@ -1373,7 +1387,7 @@ virtio_crypto_sym_configure_session(
                ctrl_req->u.sym_create_session.op_type
                        = VIRTIO_CRYPTO_SYM_OP_CIPHER;
                ret = virtio_crypto_sym_pad_op_ctrl_req(ctrl_req, xform,
-                       false, &cipher_key_data, &auth_key_data, session);
+                       false, cipher_key_data, auth_key_data, session);
                if (ret < 0) {
                        VIRTIO_CRYPTO_SESSION_LOG_ERR(
                                "padding sym op ctrl req failed");
index 0fd7b72..215bce7 100644 (file)
@@ -18,6 +18,8 @@
 
 #define VIRTIO_CRYPTO_MAX_IV_SIZE 16
 
+#define VIRTIO_CRYPTO_MAX_KEY_SIZE 256
+
 extern uint8_t cryptodev_virtio_driver_id;
 
 enum virtio_crypto_cmd_id {
index 1eea707..48f5082 100644 (file)
@@ -97,6 +97,7 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session)
 
        if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
                int i, ip_index = -1;
+               uint8_t *key;
 
                /* Find a match in the IP table*/
                for (i = 0; i < IPSEC_MAX_RX_IP_COUNT; i++) {
@@ -193,23 +194,32 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session)
                IXGBE_WAIT_RWRITE;
 
                /* write Key table entry*/
+               key = malloc(ic_session->key_len);
+               if (!key)
+                       return -ENOMEM;
+
+               memcpy(key, ic_session->key, ic_session->key_len);
+
                reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE |
                                IPSRXIDX_TABLE_KEY | (sa_index << 3);
                IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(0),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[12]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(1),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[8]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(2),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[4]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSRXKEY(3),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[0]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSRXSALT,
                                rte_cpu_to_be_32(ic_session->salt));
                IXGBE_WRITE_REG(hw, IXGBE_IPSRXMOD,
                                priv->rx_sa_tbl[sa_index].mode);
                IXGBE_WAIT_RWRITE;
 
+               free(key);
+
        } else { /* sess->dir == RTE_CRYPTO_OUTBOUND */
+               uint8_t *key;
                int i;
 
                /* Find a free entry in the SA table*/
@@ -231,19 +241,27 @@ ixgbe_crypto_add_sa(struct ixgbe_crypto_session *ic_session)
                priv->tx_sa_tbl[i].used = 1;
                ic_session->sa_index = sa_index;
 
+               key = malloc(ic_session->key_len);
+               if (!key)
+                       return -ENOMEM;
+
+               memcpy(key, ic_session->key, ic_session->key_len);
+
                /* write Key table entry*/
                reg_val = IPSRXIDX_RX_EN | IPSRXIDX_WRITE | (sa_index << 3);
                IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(0),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[12]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[12]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(1),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[8]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[8]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(2),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[4]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[4]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSTXKEY(3),
-                       rte_cpu_to_be_32(*(uint32_t *)&ic_session->key[0]));
+                       rte_cpu_to_be_32(*(uint32_t *)&key[0]));
                IXGBE_WRITE_REG(hw, IXGBE_IPSTXSALT,
                                rte_cpu_to_be_32(ic_session->salt));
                IXGBE_WAIT_TWRITE;
+
+               free(key);
        }
 
        return 0;
@@ -392,6 +410,7 @@ ixgbe_crypto_create_session(void *device,
        }
 
        ic_session->key = aead_xform->key.data;
+       ic_session->key_len = aead_xform->key.length;
        memcpy(&ic_session->salt,
               &aead_xform->key.data[aead_xform->key.length], 4);
        ic_session->spi = conf->ipsec.spi;
index c73e180..e218c0a 100644 (file)
@@ -62,7 +62,8 @@ struct ipaddr {
 /** inline crypto crypto private session structure */
 struct ixgbe_crypto_session {
        enum ixgbe_operation op;
-       uint8_t *key;
+       const uint8_t *key;
+       uint32_t key_len;
        uint32_t salt;
        uint32_t sa_index;
        uint32_t spi;
index 56fc92b..88e0a84 100644 (file)
@@ -4095,24 +4095,18 @@ parse_free_sym_crypto_param_data(struct rte_table_action_sym_crypto_params *p)
 
                switch (xform[i]->type) {
                case RTE_CRYPTO_SYM_XFORM_CIPHER:
-                       if (xform[i]->cipher.key.data)
-                               free(xform[i]->cipher.key.data);
                        if (p->cipher_auth.cipher_iv.val)
                                free(p->cipher_auth.cipher_iv.val);
                        if (p->cipher_auth.cipher_iv_update.val)
                                free(p->cipher_auth.cipher_iv_update.val);
                        break;
                case RTE_CRYPTO_SYM_XFORM_AUTH:
-                       if (xform[i]->auth.key.data)
-                               free(xform[i]->cipher.key.data);
                        if (p->cipher_auth.auth_iv.val)
                                free(p->cipher_auth.cipher_iv.val);
                        if (p->cipher_auth.auth_iv_update.val)
                                free(p->cipher_auth.cipher_iv_update.val);
                        break;
                case RTE_CRYPTO_SYM_XFORM_AEAD:
-                       if (xform[i]->aead.key.data)
-                               free(xform[i]->cipher.key.data);
                        if (p->aead.iv.val)
                                free(p->aead.iv.val);
                        if (p->aead.aad.val)
@@ -4127,8 +4121,8 @@ parse_free_sym_crypto_param_data(struct rte_table_action_sym_crypto_params *p)
 
 static struct rte_crypto_sym_xform *
 parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
-               char **tokens, uint32_t n_tokens, uint32_t encrypt,
-               uint32_t *used_n_tokens)
+               uint8_t *key, uint32_t max_key_len, char **tokens,
+               uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
 {
        struct rte_crypto_sym_xform *xform_cipher;
        int status;
@@ -4155,16 +4149,16 @@ parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
 
        /* cipher_key */
        len = strlen(tokens[4]);
-       xform_cipher->cipher.key.data = calloc(1, len / 2 + 1);
-       if (xform_cipher->cipher.key.data == NULL)
+       if (len / 2 > max_key_len) {
+               status = -ENOMEM;
                goto error_exit;
+       }
 
-       status = softnic_parse_hex_string(tokens[4],
-                       xform_cipher->cipher.key.data,
-                       (uint32_t *)&len);
+       status = softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len);
        if (status < 0)
                goto error_exit;
 
+       xform_cipher->cipher.key.data = key;
        xform_cipher->cipher.key.length = (uint16_t)len;
 
        /* cipher_iv */
@@ -4188,9 +4182,6 @@ parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
        return xform_cipher;
 
 error_exit:
-       if (xform_cipher->cipher.key.data)
-               free(xform_cipher->cipher.key.data);
-
        if (p->cipher_auth.cipher_iv.val) {
                free(p->cipher_auth.cipher_iv.val);
                p->cipher_auth.cipher_iv.val = NULL;
@@ -4203,8 +4194,8 @@ error_exit:
 
 static struct rte_crypto_sym_xform *
 parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
-               char **tokens, uint32_t n_tokens, uint32_t encrypt,
-               uint32_t *used_n_tokens)
+               uint8_t *key, uint32_t max_key_len, char **tokens,
+               uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
 {
        struct rte_crypto_sym_xform *xform_cipher;
        struct rte_crypto_sym_xform *xform_auth;
@@ -4233,17 +4224,21 @@ parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
 
        /* auth_key */
        len = strlen(tokens[10]);
-       xform_auth->auth.key.data = calloc(1, len / 2 + 1);
-       if (xform_auth->auth.key.data == NULL)
+       if (len / 2 > max_key_len) {
+               status = -ENOMEM;
                goto error_exit;
+       }
 
-       status = softnic_parse_hex_string(tokens[10],
-                       xform_auth->auth.key.data, (uint32_t *)&len);
+       status = softnic_parse_hex_string(tokens[10], key, (uint32_t *)&len);
        if (status < 0)
                goto error_exit;
 
+       xform_auth->auth.key.data = key;
        xform_auth->auth.key.length = (uint16_t)len;
 
+       key += xform_auth->auth.key.length;
+       max_key_len -= xform_auth->auth.key.length;
+
        if (strcmp(tokens[11], "digest_size"))
                goto error_exit;
 
@@ -4252,8 +4247,8 @@ parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
        if (status < 0)
                goto error_exit;
 
-       xform_cipher = parse_table_action_cipher(p, tokens, 7, encrypt,
-                       used_n_tokens);
+       xform_cipher = parse_table_action_cipher(p, key, max_key_len, tokens, 7,
+                       encrypt, used_n_tokens);
        if (xform_cipher == NULL)
                goto error_exit;
 
@@ -4268,8 +4263,6 @@ parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
        }
 
 error_exit:
-       if (xform_auth->auth.key.data)
-               free(xform_auth->auth.key.data);
        if (p->cipher_auth.auth_iv.val) {
                free(p->cipher_auth.auth_iv.val);
                p->cipher_auth.auth_iv.val = 0;
@@ -4282,8 +4275,8 @@ error_exit:
 
 static struct rte_crypto_sym_xform *
 parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
-               char **tokens, uint32_t n_tokens, uint32_t encrypt,
-               uint32_t *used_n_tokens)
+               uint8_t *key, uint32_t max_key_len, char **tokens,
+               uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
 {
        struct rte_crypto_sym_xform *xform_aead;
        int status;
@@ -4312,15 +4305,16 @@ parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
 
        /* aead_key */
        len = strlen(tokens[4]);
-       xform_aead->aead.key.data = calloc(1, len / 2 + 1);
-       if (xform_aead->aead.key.data == NULL)
+       if (len / 2 > max_key_len) {
+               status = -ENOMEM;
                goto error_exit;
+       }
 
-       status = softnic_parse_hex_string(tokens[4], xform_aead->aead.key.data,
-                       (uint32_t *)&len);
+       status = softnic_parse_hex_string(tokens[4], key, (uint32_t *)&len);
        if (status < 0)
                goto error_exit;
 
+       xform_aead->aead.key.data = key;
        xform_aead->aead.key.length = (uint16_t)len;
 
        /* aead_iv */
@@ -4362,8 +4356,6 @@ parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
        return xform_aead;
 
 error_exit:
-       if (xform_aead->aead.key.data)
-               free(xform_aead->aead.key.data);
        if (p->aead.iv.val) {
                free(p->aead.iv.val);
                p->aead.iv.val = NULL;
@@ -4386,6 +4378,8 @@ parse_table_action_sym_crypto(char **tokens,
 {
        struct rte_table_action_sym_crypto_params *p = &a->sym_crypto;
        struct rte_crypto_sym_xform *xform = NULL;
+       uint8_t *key = a->sym_crypto_key;
+       uint32_t max_key_len = SYM_CRYPTO_MAX_KEY_SIZE;
        uint32_t used_n_tokens;
        uint32_t encrypt;
        int status;
@@ -4410,20 +4404,20 @@ parse_table_action_sym_crypto(char **tokens,
                tokens += 3;
                n_tokens -= 3;
 
-               xform = parse_table_action_cipher(p, tokens, n_tokens, encrypt,
-                               &used_n_tokens);
+               xform = parse_table_action_cipher(p, key, max_key_len, tokens,
+                               n_tokens, encrypt, &used_n_tokens);
        } else if (strcmp(tokens[3], "cipher_auth") == 0) {
                tokens += 3;
                n_tokens -= 3;
 
-               xform = parse_table_action_cipher_auth(p, tokens, n_tokens,
-                               encrypt, &used_n_tokens);
+               xform = parse_table_action_cipher_auth(p, key, max_key_len,
+                               tokens, n_tokens, encrypt, &used_n_tokens);
        } else if (strcmp(tokens[3], "aead") == 0) {
                tokens += 3;
                n_tokens -= 3;
 
-               xform = parse_table_action_aead(p, tokens, n_tokens, encrypt,
-                               &used_n_tokens);
+               xform = parse_table_action_aead(p, key, max_key_len, tokens,
+                               n_tokens, encrypt, &used_n_tokens);
        }
 
        if (xform == NULL)
index 415434d..08bc660 100644 (file)
@@ -948,6 +948,9 @@ struct softnic_table_rule_match {
        } match;
 };
 
+#ifndef SYM_CRYPTO_MAX_KEY_SIZE
+#define SYM_CRYPTO_MAX_KEY_SIZE                (256)
+#endif
 struct softnic_table_rule_action {
        uint64_t action_mask;
        struct rte_table_action_fwd_params fwd;
@@ -962,6 +965,7 @@ struct softnic_table_rule_action {
        struct rte_table_action_tag_params tag;
        struct rte_table_action_decap_params decap;
        struct rte_table_action_sym_crypto_params sym_crypto;
+       uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE];
 };
 
 struct rte_flow {
index 309b293..770b3bc 100644 (file)
@@ -3772,24 +3772,18 @@ parse_free_sym_crypto_param_data(struct rte_table_action_sym_crypto_params *p)
 
                switch (xform[i]->type) {
                case RTE_CRYPTO_SYM_XFORM_CIPHER:
-                       if (xform[i]->cipher.key.data)
-                               free(xform[i]->cipher.key.data);
                        if (p->cipher_auth.cipher_iv.val)
                                free(p->cipher_auth.cipher_iv.val);
                        if (p->cipher_auth.cipher_iv_update.val)
                                free(p->cipher_auth.cipher_iv_update.val);
                        break;
                case RTE_CRYPTO_SYM_XFORM_AUTH:
-                       if (xform[i]->auth.key.data)
-                               free(xform[i]->cipher.key.data);
                        if (p->cipher_auth.auth_iv.val)
                                free(p->cipher_auth.cipher_iv.val);
                        if (p->cipher_auth.auth_iv_update.val)
                                free(p->cipher_auth.cipher_iv_update.val);
                        break;
                case RTE_CRYPTO_SYM_XFORM_AEAD:
-                       if (xform[i]->aead.key.data)
-                               free(xform[i]->cipher.key.data);
                        if (p->aead.iv.val)
                                free(p->aead.iv.val);
                        if (p->aead.aad.val)
@@ -3804,8 +3798,8 @@ parse_free_sym_crypto_param_data(struct rte_table_action_sym_crypto_params *p)
 
 static struct rte_crypto_sym_xform *
 parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
-               char **tokens, uint32_t n_tokens, uint32_t encrypt,
-               uint32_t *used_n_tokens)
+               uint8_t *key, uint32_t max_key_len, char **tokens,
+               uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
 {
        struct rte_crypto_sym_xform *xform_cipher;
        int status;
@@ -3832,16 +3826,16 @@ parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
 
        /* cipher_key */
        len = strlen(tokens[4]);
-       xform_cipher->cipher.key.data = calloc(1, len / 2 + 1);
-       if (xform_cipher->cipher.key.data == NULL)
+       if (len / 2 > max_key_len) {
+               status = -ENOMEM;
                goto error_exit;
+       }
 
-       status = parse_hex_string(tokens[4],
-                       xform_cipher->cipher.key.data,
-                       (uint32_t *)&len);
+       status = parse_hex_string(tokens[4], key, (uint32_t *)&len);
        if (status < 0)
                goto error_exit;
 
+       xform_cipher->cipher.key.data = key;
        xform_cipher->cipher.key.length = (uint16_t)len;
 
        /* cipher_iv */
@@ -3865,9 +3859,6 @@ parse_table_action_cipher(struct rte_table_action_sym_crypto_params *p,
        return xform_cipher;
 
 error_exit:
-       if (xform_cipher->cipher.key.data)
-               free(xform_cipher->cipher.key.data);
-
        if (p->cipher_auth.cipher_iv.val) {
                free(p->cipher_auth.cipher_iv.val);
                p->cipher_auth.cipher_iv.val = NULL;
@@ -3880,8 +3871,8 @@ error_exit:
 
 static struct rte_crypto_sym_xform *
 parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
-               char **tokens, uint32_t n_tokens, uint32_t encrypt,
-               uint32_t *used_n_tokens)
+               uint8_t *key, uint32_t max_key_len, char **tokens,
+               uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
 {
        struct rte_crypto_sym_xform *xform_cipher;
        struct rte_crypto_sym_xform *xform_auth;
@@ -3910,17 +3901,21 @@ parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
 
        /* auth_key */
        len = strlen(tokens[10]);
-       xform_auth->auth.key.data = calloc(1, len / 2 + 1);
-       if (xform_auth->auth.key.data == NULL)
+       if (len / 2 > max_key_len) {
+               status = -ENOMEM;
                goto error_exit;
+       }
 
-       status = parse_hex_string(tokens[10],
-                       xform_auth->auth.key.data, (uint32_t *)&len);
+       status = parse_hex_string(tokens[10], key, (uint32_t *)&len);
        if (status < 0)
                goto error_exit;
 
+       xform_auth->auth.key.data = key;
        xform_auth->auth.key.length = (uint16_t)len;
 
+       key += xform_auth->auth.key.length;
+       max_key_len -= xform_auth->auth.key.length;
+
        if (strcmp(tokens[11], "digest_size"))
                goto error_exit;
 
@@ -3929,8 +3924,8 @@ parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
        if (status < 0)
                goto error_exit;
 
-       xform_cipher = parse_table_action_cipher(p, tokens, 7, encrypt,
-                       used_n_tokens);
+       xform_cipher = parse_table_action_cipher(p, key, max_key_len, tokens,
+                       7, encrypt, used_n_tokens);
        if (xform_cipher == NULL)
                goto error_exit;
 
@@ -3945,8 +3940,6 @@ parse_table_action_cipher_auth(struct rte_table_action_sym_crypto_params *p,
        }
 
 error_exit:
-       if (xform_auth->auth.key.data)
-               free(xform_auth->auth.key.data);
        if (p->cipher_auth.auth_iv.val) {
                free(p->cipher_auth.auth_iv.val);
                p->cipher_auth.auth_iv.val = 0;
@@ -3959,8 +3952,8 @@ error_exit:
 
 static struct rte_crypto_sym_xform *
 parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
-               char **tokens, uint32_t n_tokens, uint32_t encrypt,
-               uint32_t *used_n_tokens)
+               uint8_t *key, uint32_t max_key_len, char **tokens,
+               uint32_t n_tokens, uint32_t encrypt, uint32_t *used_n_tokens)
 {
        struct rte_crypto_sym_xform *xform_aead;
        int status;
@@ -3989,15 +3982,16 @@ parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
 
        /* aead_key */
        len = strlen(tokens[4]);
-       xform_aead->aead.key.data = calloc(1, len / 2 + 1);
-       if (xform_aead->aead.key.data == NULL)
+       if (len / 2 > max_key_len) {
+               status = -ENOMEM;
                goto error_exit;
+       }
 
-       status = parse_hex_string(tokens[4], xform_aead->aead.key.data,
-                       (uint32_t *)&len);
+       status = parse_hex_string(tokens[4], key, (uint32_t *)&len);
        if (status < 0)
                goto error_exit;
 
+       xform_aead->aead.key.data = key;
        xform_aead->aead.key.length = (uint16_t)len;
 
        /* aead_iv */
@@ -4039,8 +4033,6 @@ parse_table_action_aead(struct rte_table_action_sym_crypto_params *p,
        return xform_aead;
 
 error_exit:
-       if (xform_aead->aead.key.data)
-               free(xform_aead->aead.key.data);
        if (p->aead.iv.val) {
                free(p->aead.iv.val);
                p->aead.iv.val = NULL;
@@ -4063,6 +4055,8 @@ parse_table_action_sym_crypto(char **tokens,
 {
        struct rte_table_action_sym_crypto_params *p = &a->sym_crypto;
        struct rte_crypto_sym_xform *xform = NULL;
+       uint8_t *key = a->sym_crypto_key;
+       uint32_t max_key_len = SYM_CRYPTO_MAX_KEY_SIZE;
        uint32_t used_n_tokens;
        uint32_t encrypt;
        int status;
@@ -4087,20 +4081,20 @@ parse_table_action_sym_crypto(char **tokens,
                tokens += 3;
                n_tokens -= 3;
 
-               xform = parse_table_action_cipher(p, tokens, n_tokens, encrypt,
-                               &used_n_tokens);
+               xform = parse_table_action_cipher(p, key, max_key_len, tokens,
+                               n_tokens, encrypt, &used_n_tokens);
        } else if (strcmp(tokens[3], "cipher_auth") == 0) {
                tokens += 3;
                n_tokens -= 3;
 
-               xform = parse_table_action_cipher_auth(p, tokens, n_tokens,
-                               encrypt, &used_n_tokens);
+               xform = parse_table_action_cipher_auth(p, key, max_key_len,
+                               tokens, n_tokens, encrypt, &used_n_tokens);
        } else if (strcmp(tokens[3], "aead") == 0) {
                tokens += 3;
                n_tokens -= 3;
 
-               xform = parse_table_action_aead(p, tokens, n_tokens, encrypt,
-                               &used_n_tokens);
+               xform = parse_table_action_aead(p, key, max_key_len, tokens,
+                               n_tokens, encrypt, &used_n_tokens);
        }
 
        if (xform == NULL)
index ab5e926..b0d9f3d 100644 (file)
@@ -90,8 +90,6 @@ cryptodev_create(const char *name, struct cryptodev_params *params)
 
        if (dev_info.max_nb_queue_pairs < params->n_queues)
                return NULL;
-       if (dev_info.feature_flags & RTE_CRYPTODEV_FF_HW_ACCELERATED)
-               return NULL;
 
        dev_conf.socket_id = socket_id;
        dev_conf.nb_queue_pairs = params->n_queues;
index 278775c..4d2ee29 100644 (file)
@@ -276,6 +276,10 @@ struct table_rule_match {
        } match;
 };
 
+#ifndef SYM_CRYPTO_MAX_KEY_SIZE
+#define SYM_CRYPTO_MAX_KEY_SIZE                (256)
+#endif
+
 struct table_rule_action {
        uint64_t action_mask;
        struct rte_table_action_fwd_params fwd;
@@ -288,8 +292,10 @@ struct table_rule_action {
        struct rte_table_action_stats_params stats;
        struct rte_table_action_time_params time;
        struct rte_table_action_sym_crypto_params sym_crypto;
+       uint8_t sym_crypto_key[SYM_CRYPTO_MAX_KEY_SIZE];
        struct rte_table_action_tag_params tag;
        struct rte_table_action_decap_params decap;
+
 };
 
 struct table_rule {
index b2f2011..3fe2ba7 100644 (file)
@@ -136,6 +136,7 @@ struct l2fwd_crypto_options {
        struct rte_crypto_sym_xform cipher_xform;
        unsigned ckey_param;
        int ckey_random_size;
+       uint8_t cipher_key[MAX_KEY_SIZE];
 
        struct l2fwd_iv cipher_iv;
        unsigned int cipher_iv_param;
@@ -144,6 +145,7 @@ struct l2fwd_crypto_options {
        struct rte_crypto_sym_xform auth_xform;
        uint8_t akey_param;
        int akey_random_size;
+       uint8_t auth_key[MAX_KEY_SIZE];
 
        struct l2fwd_iv auth_iv;
        unsigned int auth_iv_param;
@@ -152,6 +154,7 @@ struct l2fwd_crypto_options {
        struct rte_crypto_sym_xform aead_xform;
        unsigned int aead_key_param;
        int aead_key_random_size;
+       uint8_t aead_key[MAX_KEY_SIZE];
 
        struct l2fwd_iv aead_iv;
        unsigned int aead_iv_param;
@@ -1219,8 +1222,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "cipher_key") == 0) {
                options->ckey_param = 1;
                options->cipher_xform.cipher.key.length =
-                       parse_bytes(options->cipher_xform.cipher.key.data, optarg,
-                                       MAX_KEY_SIZE);
+                       parse_bytes(options->cipher_key, optarg, MAX_KEY_SIZE);
                if (options->cipher_xform.cipher.key.length > 0)
                        return 0;
                else
@@ -1256,8 +1258,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "auth_key") == 0) {
                options->akey_param = 1;
                options->auth_xform.auth.key.length =
-                       parse_bytes(options->auth_xform.auth.key.data, optarg,
-                                       MAX_KEY_SIZE);
+                       parse_bytes(options->auth_key, optarg, MAX_KEY_SIZE);
                if (options->auth_xform.auth.key.length > 0)
                        return 0;
                else
@@ -1294,8 +1295,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
        else if (strcmp(lgopts[option_index].name, "aead_key") == 0) {
                options->aead_key_param = 1;
                options->aead_xform.aead.key.length =
-                       parse_bytes(options->aead_xform.aead.key.data, optarg,
-                                       MAX_KEY_SIZE);
+                       parse_bytes(options->aead_key, optarg, MAX_KEY_SIZE);
                if (options->aead_xform.aead.key.length > 0)
                        return 0;
                else
@@ -2349,8 +2349,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                                        options->aead_xform.aead.key.length =
                                                cap->sym.aead.key_size.min;
 
-                               generate_random_key(
-                                       options->aead_xform.aead.key.data,
+                               generate_random_key(options->aead_key,
                                        options->aead_xform.aead.key.length);
                        }
 
@@ -2407,8 +2406,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                                        options->cipher_xform.cipher.key.length =
                                                cap->sym.cipher.key_size.min;
 
-                               generate_random_key(
-                                       options->cipher_xform.cipher.key.data,
+                               generate_random_key(options->cipher_key,
                                        options->cipher_xform.cipher.key.length);
                        }
                }
@@ -2441,8 +2439,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
                                        options->auth_xform.auth.key.length =
                                                cap->sym.auth.key_size.min;
 
-                               generate_random_key(
-                                       options->auth_xform.auth.key.data,
+                               generate_random_key(options->auth_key,
                                        options->auth_xform.auth.key.length);
                        }
 
@@ -2613,20 +2610,11 @@ initialize_ports(struct l2fwd_crypto_options *options)
 static void
 reserve_key_memory(struct l2fwd_crypto_options *options)
 {
-       options->cipher_xform.cipher.key.data = rte_malloc("crypto key",
-                                               MAX_KEY_SIZE, 0);
-       if (options->cipher_xform.cipher.key.data == NULL)
-               rte_exit(EXIT_FAILURE, "Failed to allocate memory for cipher key");
-
-       options->auth_xform.auth.key.data = rte_malloc("auth key",
-                                               MAX_KEY_SIZE, 0);
-       if (options->auth_xform.auth.key.data == NULL)
-               rte_exit(EXIT_FAILURE, "Failed to allocate memory for auth key");
-
-       options->aead_xform.aead.key.data = rte_malloc("aead key",
-                                               MAX_KEY_SIZE, 0);
-       if (options->aead_xform.aead.key.data == NULL)
-               rte_exit(EXIT_FAILURE, "Failed to allocate memory for AEAD key");
+       options->cipher_xform.cipher.key.data = options->cipher_key;
+
+       options->auth_xform.auth.key.data = options->auth_key;
+
+       options->aead_xform.aead.key.data = options->aead_key;
 
        options->cipher_iv.data = rte_malloc("cipher iv", MAX_KEY_SIZE, 0);
        if (options->cipher_iv.data == NULL)
index b7c55c2..bc8da24 100644 (file)
@@ -114,8 +114,8 @@ struct rte_crypto_cipher_xform {
        /**< Cipher algorithm */
 
        struct {
-               uint8_t *data;  /**< pointer to key data */
-               uint16_t length;/**< key length in bytes */
+               const uint8_t *data;    /**< pointer to key data */
+               uint16_t length;        /**< key length in bytes */
        } key;
        /**< Cipher key
         *
@@ -282,8 +282,8 @@ struct rte_crypto_auth_xform {
        /**< Authentication algorithm selection */
 
        struct {
-               uint8_t *data;  /**< pointer to key data */
-               uint16_t length;/**< key length in bytes */
+               const uint8_t *data;    /**< pointer to key data */
+               uint16_t length;        /**< key length in bytes */
        } key;
        /**< Authentication key data.
         * The authentication key length MUST be less than or equal to the
@@ -374,8 +374,8 @@ struct rte_crypto_aead_xform {
        /**< AEAD algorithm selection */
 
        struct {
-               uint8_t *data;  /**< pointer to key data */
-               uint16_t length;/**< key length in bytes */
+               const uint8_t *data;    /**< pointer to key data */
+               uint16_t length;        /**< key length in bytes */
        } key;
 
        struct {