Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/45576/?format=api
{ "id": 45576, "url": "http://patches.dpdk.org/api/patches/45576/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20180928122615.48390-2-roy.fan.zhang@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20180928122615.48390-2-roy.fan.zhang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20180928122615.48390-2-roy.fan.zhang@intel.com", "date": "2018-09-28T12:26:09", "name": "[v2,1/7] pipeline: add symmetric crypto to action", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "df10720468d00d56b37996f268d44ad381f7d8d0", "submitter": { "id": 304, "url": "http://patches.dpdk.org/api/people/304/?format=api", "name": "Fan Zhang", "email": "roy.fan.zhang@intel.com" }, "delegate": { "id": 10018, "url": "http://patches.dpdk.org/api/users/10018/?format=api", "username": "cristian_dumitrescu", "first_name": "Cristian", "last_name": "Dumitrescu", "email": "cristian.dumitrescu@intel.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20180928122615.48390-2-roy.fan.zhang@intel.com/mbox/", "series": [ { "id": 1572, "url": "http://patches.dpdk.org/api/series/1572/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=1572", "date": "2018-09-28T12:26:08", "name": "pipeline: add symmetric crypto to action", "version": 2, "mbox": "http://patches.dpdk.org/series/1572/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/45576/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/45576/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 95E8E1B44A;\n\tFri, 28 Sep 2018 14:41:39 +0200 (CEST)", "from mga12.intel.com (mga12.intel.com [192.55.52.136])\n\tby dpdk.org (Postfix) with ESMTP id 50FB91B43E\n\tfor <dev@dpdk.org>; Fri, 28 Sep 2018 14:41:34 +0200 (CEST)", "from orsmga007.jf.intel.com ([10.7.209.58])\n\tby fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t28 Sep 2018 05:41:32 -0700", "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.54])\n\tby orsmga007.jf.intel.com with ESMTP; 28 Sep 2018 05:41:18 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.54,314,1534834800\"; d=\"scan'208\";a=\"76853734\"", "From": "Fan Zhang <roy.fan.zhang@intel.com>", "To": "dev@dpdk.org", "Cc": "cristian.dumitrescu@intel.com,\n\t\"Zhang, Roy Fan\" <roy.fan.zhang@intel.com>, Zhang@dpdk.org", "Date": "Fri, 28 Sep 2018 13:26:09 +0100", "Message-Id": "<20180928122615.48390-2-roy.fan.zhang@intel.com>", "X-Mailer": "git-send-email 2.13.6", "In-Reply-To": "<20180928122615.48390-1-roy.fan.zhang@intel.com>", "References": "<20180828081929.34085-1-roy.fan.zhang@intel.com>\n\t<20180928122615.48390-1-roy.fan.zhang@intel.com>", "Subject": "[dpdk-dev] [PATCH v2 1/7] pipeline: add symmetric crypto to action", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "From: \"Zhang, Roy Fan\" <roy.fan.zhang@intel.com>\n\nThis patch adds the symmetric crypto action support to pipeline\nlibrary. The symmetric crypto action works as the shim layer\nbetween pipeline and DPDK cryptodev and is able to interact with\ncryptodev with the control path requests such as session\ncreation/deletion and data path work to assemble the crypto\noperations for received packets.\n\nSigned-off-by: Zhang, Roy Fan <roy.fan.zhang@intel.com>\nAcked-by: Dumitrescu, Cristian <cristian.dumitrescu@intel.com>\n---\n lib/librte_pipeline/Makefile | 2 +-\n lib/librte_pipeline/meson.build | 2 +-\n lib/librte_pipeline/rte_pipeline_version.map | 1 +\n lib/librte_pipeline/rte_table_action.c | 503 ++++++++++++++++++++++++++-\n lib/librte_pipeline/rte_table_action.h | 104 ++++++\n 5 files changed, 609 insertions(+), 3 deletions(-)", "diff": "diff --git a/lib/librte_pipeline/Makefile b/lib/librte_pipeline/Makefile\nindex 84afe98cb..cf265503f 100644\n--- a/lib/librte_pipeline/Makefile\n+++ b/lib/librte_pipeline/Makefile\n@@ -12,7 +12,7 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API\n CFLAGS += -O3\n CFLAGS += $(WERROR_FLAGS)\n LDLIBS += -lrte_eal -lrte_mempool -lrte_mbuf -lrte_table\n-LDLIBS += -lrte_port -lrte_meter -lrte_sched\n+LDLIBS += -lrte_port -lrte_meter -lrte_sched -lrte_cryptodev\n \n EXPORT_MAP := rte_pipeline_version.map\n \ndiff --git a/lib/librte_pipeline/meson.build b/lib/librte_pipeline/meson.build\nindex dc16ab42f..04e5f5179 100644\n--- a/lib/librte_pipeline/meson.build\n+++ b/lib/librte_pipeline/meson.build\n@@ -5,4 +5,4 @@ version = 3\n allow_experimental_apis = true\n sources = files('rte_pipeline.c', 'rte_port_in_action.c', 'rte_table_action.c')\n headers = files('rte_pipeline.h', 'rte_port_in_action.h', 'rte_table_action.h')\n-deps += ['port', 'table', 'meter', 'sched']\n+deps += ['port', 'table', 'meter', 'sched', 'cryptodev']\ndiff --git a/lib/librte_pipeline/rte_pipeline_version.map b/lib/librte_pipeline/rte_pipeline_version.map\nindex d820b22f6..420f065d6 100644\n--- a/lib/librte_pipeline/rte_pipeline_version.map\n+++ b/lib/librte_pipeline/rte_pipeline_version.map\n@@ -72,4 +72,5 @@ EXPERIMENTAL {\n \trte_table_action_stats_read;\n \trte_table_action_time_read;\n \trte_table_action_ttl_read;\n+\trte_table_action_crypto_sym_session_get;\n };\ndiff --git a/lib/librte_pipeline/rte_table_action.c b/lib/librte_pipeline/rte_table_action.c\nindex 338dcfeee..edb334021 100644\n--- a/lib/librte_pipeline/rte_table_action.c\n+++ b/lib/librte_pipeline/rte_table_action.c\n@@ -1,7 +1,6 @@\n /* SPDX-License-Identifier: BSD-3-Clause\n * Copyright(c) 2010-2018 Intel Corporation\n */\n-\n #include <stdlib.h>\n #include <string.h>\n \n@@ -15,6 +14,8 @@\n #include <rte_esp.h>\n #include <rte_tcp.h>\n #include <rte_udp.h>\n+#include <rte_cryptodev.h>\n+#include <rte_cryptodev_pmd.h>\n \n #include \"rte_table_action.h\"\n \n@@ -1575,6 +1576,441 @@ pkt_work_time(struct time_data *data,\n \tdata->time = time;\n }\n \n+\n+/**\n+ * RTE_TABLE_ACTION_CRYPTO\n+ */\n+\n+#define CRYPTO_OP_MASK_CIPHER\t0x1\n+#define CRYPTO_OP_MASK_AUTH\t0x2\n+#define CRYPTO_OP_MASK_AEAD\t0x4\n+\n+struct crypto_op_sym_iv_aad {\n+\tstruct rte_crypto_op op;\n+\tstruct rte_crypto_sym_op sym_op;\n+\tunion {\n+\t\tstruct {\n+\t\t\tuint8_t cipher_iv[\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX];\n+\t\t\tuint8_t auth_iv[\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX];\n+\t\t} cipher_auth;\n+\n+\t\tstruct {\n+\t\t\tuint8_t iv[RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX];\n+\t\t\tuint8_t aad[RTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX];\n+\t\t} aead_iv_aad;\n+\n+\t} iv_aad;\n+};\n+\n+struct sym_crypto_data {\n+\n+\tunion {\n+\t\tstruct {\n+\n+\t\t\t/** Length of cipher iv. */\n+\t\t\tuint16_t cipher_iv_len;\n+\n+\t\t\t/** Offset from start of IP header to the cipher iv. */\n+\t\t\tuint16_t cipher_iv_data_offset;\n+\n+\t\t\t/** Length of cipher iv to be updated in the mbuf. */\n+\t\t\tuint16_t cipher_iv_update_len;\n+\n+\t\t\t/** Offset from start of IP header to the auth iv. */\n+\t\t\tuint16_t auth_iv_data_offset;\n+\n+\t\t\t/** Length of auth iv in the mbuf. */\n+\t\t\tuint16_t auth_iv_len;\n+\n+\t\t\t/** Length of auth iv to be updated in the mbuf. */\n+\t\t\tuint16_t auth_iv_update_len;\n+\n+\t\t} cipher_auth;\n+\t\tstruct {\n+\n+\t\t\t/** Length of iv. */\n+\t\t\tuint16_t iv_len;\n+\n+\t\t\t/** Offset from start of IP header to the aead iv. */\n+\t\t\tuint16_t iv_data_offset;\n+\n+\t\t\t/** Length of iv to be updated in the mbuf. */\n+\t\t\tuint16_t iv_update_len;\n+\n+\t\t\t/** Length of aad */\n+\t\t\tuint16_t aad_len;\n+\n+\t\t\t/** Offset from start of IP header to the aad. */\n+\t\t\tuint16_t aad_data_offset;\n+\n+\t\t\t/** Length of aad to updated in the mbuf. */\n+\t\t\tuint16_t aad_update_len;\n+\n+\t\t} aead;\n+\t};\n+\n+\t/** Offset from start of IP header to the data. */\n+\tuint16_t data_offset;\n+\n+\t/** Digest length. */\n+\tuint16_t digest_len;\n+\n+\t/** block size */\n+\tuint16_t block_size;\n+\n+\t/** Mask of crypto operation */\n+\tuint16_t op_mask;\n+\n+\t/** Session pointer. */\n+\tstruct rte_cryptodev_sym_session *session;\n+\n+\t/** Direction of crypto, encrypt or decrypt */\n+\tuint16_t direction;\n+\n+\t/** Private data size to store cipher iv / aad. */\n+\tuint8_t iv_aad_data[32];\n+\n+} __attribute__((__packed__));\n+\n+static int\n+sym_crypto_cfg_check(struct rte_table_action_sym_crypto_config *cfg)\n+{\n+\tif (!rte_cryptodev_pmd_is_valid_dev(cfg->cryptodev_id))\n+\t\treturn -EINVAL;\n+\tif (cfg->mp_create == NULL || cfg->mp_init == NULL)\n+\t\treturn -EINVAL;\n+\n+\treturn 0;\n+}\n+\n+static int\n+get_block_size(const struct rte_crypto_sym_xform *xform, uint8_t cdev_id)\n+{\n+\tstruct rte_cryptodev_info dev_info;\n+\tconst struct rte_cryptodev_capabilities *cap;\n+\tuint32_t i;\n+\n+\trte_cryptodev_info_get(cdev_id, &dev_info);\n+\n+\tfor (i = 0;; i++) {\n+\t\tcap = &dev_info.capabilities[i];\n+\t\tif (!cap)\n+\t\t\tbreak;\n+\n+\t\tif (cap->sym.xform_type != xform->type)\n+\t\t\tcontinue;\n+\n+\t\tif ((xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&\n+\t\t\t\t(cap->sym.cipher.algo == xform->cipher.algo))\n+\t\t\treturn cap->sym.cipher.block_size;\n+\n+\t\tif ((xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&\n+\t\t\t\t(cap->sym.aead.algo == xform->aead.algo))\n+\t\t\treturn cap->sym.aead.block_size;\n+\n+\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED)\n+\t\t\tbreak;\n+\t}\n+\n+\treturn -1;\n+}\n+\n+static int\n+sym_crypto_apply(struct sym_crypto_data *data,\n+\tstruct rte_table_action_sym_crypto_config *cfg,\n+\tstruct rte_table_action_sym_crypto_params *p)\n+{\n+\tconst struct rte_crypto_cipher_xform *cipher_xform = NULL;\n+\tconst struct rte_crypto_auth_xform *auth_xform = NULL;\n+\tconst struct rte_crypto_aead_xform *aead_xform = NULL;\n+\tstruct rte_crypto_sym_xform *xform = p->xform;\n+\tstruct rte_cryptodev_sym_session *session;\n+\tint ret;\n+\n+\tmemset(data, 0, sizeof(*data));\n+\n+\twhile (xform) {\n+\t\tif (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {\n+\t\t\tcipher_xform = &xform->cipher;\n+\n+\t\t\tif (cipher_xform->iv.length >\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX)\n+\t\t\t\treturn -ENOMEM;\n+\t\t\tif (cipher_xform->iv.offset !=\n+\t\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET)\n+\t\t\t\treturn -EINVAL;\n+\n+\t\t\tret = get_block_size(xform, cfg->cryptodev_id);\n+\t\t\tif (ret < 0)\n+\t\t\t\treturn -1;\n+\t\t\tdata->block_size = (uint16_t)ret;\n+\t\t\tdata->op_mask |= CRYPTO_OP_MASK_CIPHER;\n+\n+\t\t\tdata->cipher_auth.cipher_iv_len =\n+\t\t\t\t\tcipher_xform->iv.length;\n+\t\t\tdata->cipher_auth.cipher_iv_data_offset = (uint16_t)\n+\t\t\t\t\tp->cipher_auth.cipher_iv_update.offset;\n+\t\t\tdata->cipher_auth.cipher_iv_update_len = (uint16_t)\n+\t\t\t\t\tp->cipher_auth.cipher_iv_update.length;\n+\n+\t\t\trte_memcpy(data->iv_aad_data,\n+\t\t\t\t\tp->cipher_auth.cipher_iv.val,\n+\t\t\t\t\tp->cipher_auth.cipher_iv.length);\n+\n+\t\t\tdata->direction = cipher_xform->op;\n+\n+\t\t} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n+\t\t\tauth_xform = &xform->auth;\n+\t\t\tif (auth_xform->iv.length >\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX)\n+\t\t\t\treturn -ENOMEM;\n+\t\t\tdata->op_mask |= CRYPTO_OP_MASK_AUTH;\n+\n+\t\t\tdata->cipher_auth.auth_iv_len = auth_xform->iv.length;\n+\t\t\tdata->cipher_auth.auth_iv_data_offset = (uint16_t)\n+\t\t\t\t\tp->cipher_auth.auth_iv_update.offset;\n+\t\t\tdata->cipher_auth.auth_iv_update_len = (uint16_t)\n+\t\t\t\t\tp->cipher_auth.auth_iv_update.length;\n+\t\t\tdata->digest_len = auth_xform->digest_length;\n+\n+\t\t\tdata->direction = (auth_xform->op ==\n+\t\t\t\t\tRTE_CRYPTO_AUTH_OP_GENERATE) ?\n+\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT :\n+\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT;\n+\n+\t\t} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n+\t\t\taead_xform = &xform->aead;\n+\n+\t\t\tif ((aead_xform->iv.length >\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX) || (\n+\t\t\t\taead_xform->aad_length >\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX))\n+\t\t\t\treturn -EINVAL;\n+\t\t\tif (aead_xform->iv.offset !=\n+\t\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET)\n+\t\t\t\treturn -EINVAL;\n+\n+\t\t\tret = get_block_size(xform, cfg->cryptodev_id);\n+\t\t\tif (ret < 0)\n+\t\t\t\treturn -1;\n+\t\t\tdata->block_size = (uint16_t)ret;\n+\t\t\tdata->op_mask |= CRYPTO_OP_MASK_AEAD;\n+\n+\t\t\tdata->digest_len = aead_xform->digest_length;\n+\t\t\tdata->aead.iv_len = aead_xform->iv.length;\n+\t\t\tdata->aead.aad_len = aead_xform->aad_length;\n+\n+\t\t\tdata->aead.iv_data_offset = (uint16_t)\n+\t\t\t\t\tp->aead.iv_update.offset;\n+\t\t\tdata->aead.iv_update_len = (uint16_t)\n+\t\t\t\t\tp->aead.iv_update.length;\n+\t\t\tdata->aead.aad_data_offset = (uint16_t)\n+\t\t\t\t\tp->aead.aad_update.offset;\n+\t\t\tdata->aead.aad_update_len = (uint16_t)\n+\t\t\t\t\tp->aead.aad_update.length;\n+\n+\t\t\trte_memcpy(data->iv_aad_data,\n+\t\t\t\t\tp->aead.iv.val,\n+\t\t\t\t\tp->aead.iv.length);\n+\n+\t\t\trte_memcpy(data->iv_aad_data + p->aead.iv.length,\n+\t\t\t\t\tp->aead.aad.val,\n+\t\t\t\t\tp->aead.aad.length);\n+\n+\t\t\tdata->direction = (aead_xform->op ==\n+\t\t\t\t\tRTE_CRYPTO_AEAD_OP_ENCRYPT) ?\n+\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_ENCRYPT :\n+\t\t\t\t\tRTE_CRYPTO_CIPHER_OP_DECRYPT;\n+\t\t} else\n+\t\t\treturn -EINVAL;\n+\n+\t\txform = xform->next;\n+\t}\n+\n+\tif (auth_xform && auth_xform->iv.length) {\n+\t\tif (cipher_xform) {\n+\t\t\tif (auth_xform->iv.offset !=\n+\t\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET +\n+\t\t\t\t\tcipher_xform->iv.length)\n+\t\t\t\treturn -EINVAL;\n+\n+\t\t\trte_memcpy(data->iv_aad_data + cipher_xform->iv.length,\n+\t\t\t\t\tp->cipher_auth.auth_iv.val,\n+\t\t\t\t\tp->cipher_auth.auth_iv.length);\n+\t\t} else {\n+\t\t\trte_memcpy(data->iv_aad_data,\n+\t\t\t\t\tp->cipher_auth.auth_iv.val,\n+\t\t\t\t\tp->cipher_auth.auth_iv.length);\n+\t\t}\n+\t}\n+\n+\tsession = rte_cryptodev_sym_session_create(cfg->mp_create);\n+\tif (!session)\n+\t\treturn -ENOMEM;\n+\n+\tret = rte_cryptodev_sym_session_init(cfg->cryptodev_id, session,\n+\t\t\tp->xform, cfg->mp_init);\n+\tif (ret < 0) {\n+\t\trte_cryptodev_sym_session_free(session);\n+\t\treturn ret;\n+\t}\n+\n+\tdata->data_offset = (uint16_t)p->data_offset;\n+\tdata->session = session;\n+\n+\treturn 0;\n+}\n+\n+static __rte_always_inline uint64_t\n+pkt_work_sym_crypto(struct rte_mbuf *mbuf, struct sym_crypto_data *data,\n+\t\tstruct rte_table_action_sym_crypto_config *cfg,\n+\t\tuint16_t ip_offset)\n+{\n+\tstruct crypto_op_sym_iv_aad *crypto_op = (struct crypto_op_sym_iv_aad *)\n+\t\t\tRTE_MBUF_METADATA_UINT8_PTR(mbuf, cfg->op_offset);\n+\tstruct rte_crypto_op *op = &crypto_op->op;\n+\tstruct rte_crypto_sym_op *sym = op->sym;\n+\tuint32_t pkt_offset = sizeof(*mbuf) + mbuf->data_off;\n+\tuint32_t payload_len = pkt_offset + mbuf->data_len - data->data_offset;\n+\n+\top->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;\n+\top->sess_type = RTE_CRYPTO_OP_WITH_SESSION;\n+\top->phys_addr = mbuf->buf_iova + cfg->op_offset - sizeof(*mbuf);\n+\top->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;\n+\tsym->m_src = mbuf;\n+\tsym->m_dst = NULL;\n+\tsym->session = data->session;\n+\n+\t/** pad the packet */\n+\tif (data->direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {\n+\t\tuint32_t append_len = RTE_ALIGN_CEIL(payload_len,\n+\t\t\t\tdata->block_size) - payload_len;\n+\n+\t\tif (unlikely(rte_pktmbuf_append(mbuf, append_len +\n+\t\t\t\tdata->digest_len) == NULL))\n+\t\t\treturn 1;\n+\n+\t\tpayload_len += append_len;\n+\t} else\n+\t\tpayload_len -= data->digest_len;\n+\n+\tif (data->op_mask & CRYPTO_OP_MASK_CIPHER) {\n+\t\t/** prepare cipher op */\n+\t\tuint8_t *iv = crypto_op->iv_aad.cipher_auth.cipher_iv;\n+\n+\t\tsym->cipher.data.length = payload_len;\n+\t\tsym->cipher.data.offset = data->data_offset - pkt_offset;\n+\n+\t\tif (data->cipher_auth.cipher_iv_update_len) {\n+\t\t\tuint8_t *pkt_iv = RTE_MBUF_METADATA_UINT8_PTR(mbuf,\n+\t\t\t\tdata->cipher_auth.cipher_iv_data_offset\n+\t\t\t\t+ ip_offset);\n+\n+\t\t\t/** For encryption, update the pkt iv field, otherwise\n+\t\t\t * update the iv_aad_field\n+\t\t\t **/\n+\t\t\tif (data->direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t\t\trte_memcpy(pkt_iv, data->iv_aad_data,\n+\t\t\t\t\tdata->cipher_auth.cipher_iv_update_len);\n+\t\t\telse\n+\t\t\t\trte_memcpy(data->iv_aad_data, pkt_iv,\n+\t\t\t\t\tdata->cipher_auth.cipher_iv_update_len);\n+\t\t}\n+\n+\t\t/** write iv */\n+\t\trte_memcpy(iv, data->iv_aad_data,\n+\t\t\t\tdata->cipher_auth.cipher_iv_len);\n+\t}\n+\n+\tif (data->op_mask & CRYPTO_OP_MASK_AUTH) {\n+\t\t/** authentication always start from IP header. */\n+\t\tsym->auth.data.offset = ip_offset - pkt_offset;\n+\t\tsym->auth.data.length = mbuf->data_len - sym->auth.data.offset -\n+\t\t\t\tdata->digest_len;\n+\t\tsym->auth.digest.data = rte_pktmbuf_mtod_offset(mbuf,\n+\t\t\t\tuint8_t *, rte_pktmbuf_pkt_len(mbuf) -\n+\t\t\t\tdata->digest_len);\n+\t\tsym->auth.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n+\t\t\t\trte_pktmbuf_pkt_len(mbuf) - data->digest_len);\n+\n+\t\tif (data->cipher_auth.auth_iv_update_len) {\n+\t\t\tuint8_t *pkt_iv = RTE_MBUF_METADATA_UINT8_PTR(mbuf,\n+\t\t\t\t\tdata->cipher_auth.auth_iv_data_offset\n+\t\t\t\t\t+ ip_offset);\n+\t\t\tuint8_t *data_iv = data->iv_aad_data +\n+\t\t\t\t\tdata->cipher_auth.cipher_iv_len;\n+\n+\t\t\tif (data->direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t\t\trte_memcpy(pkt_iv, data_iv,\n+\t\t\t\t\tdata->cipher_auth.auth_iv_update_len);\n+\t\t\telse\n+\t\t\t\trte_memcpy(data_iv, pkt_iv,\n+\t\t\t\t\tdata->cipher_auth.auth_iv_update_len);\n+\t\t}\n+\n+\t\tif (data->cipher_auth.auth_iv_len) {\n+\t\t\t/** prepare cipher op */\n+\t\t\tuint8_t *iv = crypto_op->iv_aad.cipher_auth.auth_iv;\n+\n+\t\t\trte_memcpy(iv, data->iv_aad_data +\n+\t\t\t\t\tdata->cipher_auth.cipher_iv_len,\n+\t\t\t\t\tdata->cipher_auth.auth_iv_len);\n+\t\t}\n+\t}\n+\n+\tif (data->op_mask & CRYPTO_OP_MASK_AEAD) {\n+\t\tuint8_t *iv = crypto_op->iv_aad.aead_iv_aad.iv;\n+\t\tuint8_t *aad = crypto_op->iv_aad.aead_iv_aad.aad;\n+\n+\t\tsym->aead.aad.data = aad;\n+\t\tsym->aead.aad.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n+\t\t\t\taad - rte_pktmbuf_mtod(mbuf, uint8_t *));\n+\t\tsym->aead.digest.data = rte_pktmbuf_mtod_offset(mbuf,\n+\t\t\t\tuint8_t *, rte_pktmbuf_pkt_len(mbuf) -\n+\t\t\t\tdata->digest_len);\n+\t\tsym->aead.digest.phys_addr = rte_pktmbuf_iova_offset(mbuf,\n+\t\t\t\trte_pktmbuf_pkt_len(mbuf) - data->digest_len);\n+\t\tsym->aead.data.offset = data->data_offset - pkt_offset;\n+\t\tsym->aead.data.length = payload_len;\n+\n+\t\tif (data->aead.iv_update_len) {\n+\t\t\tuint8_t *pkt_iv = RTE_MBUF_METADATA_UINT8_PTR(mbuf,\n+\t\t\t\t\tdata->aead.iv_data_offset + ip_offset);\n+\t\t\tuint8_t *data_iv = data->iv_aad_data;\n+\n+\t\t\tif (data->direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t\t\trte_memcpy(pkt_iv, data_iv,\n+\t\t\t\t\t\tdata->aead.iv_update_len);\n+\t\t\telse\n+\t\t\t\trte_memcpy(data_iv, pkt_iv,\n+\t\t\t\t\tdata->aead.iv_update_len);\n+\t\t}\n+\n+\t\trte_memcpy(iv, data->iv_aad_data, data->aead.iv_len);\n+\n+\t\tif (data->aead.aad_update_len) {\n+\t\t\tuint8_t *pkt_aad = RTE_MBUF_METADATA_UINT8_PTR(mbuf,\n+\t\t\t\t\tdata->aead.aad_data_offset + ip_offset);\n+\t\t\tuint8_t *data_aad = data->iv_aad_data +\n+\t\t\t\t\tdata->aead.iv_len;\n+\n+\t\t\tif (data->direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t\t\trte_memcpy(pkt_aad, data_aad,\n+\t\t\t\t\t\tdata->aead.iv_update_len);\n+\t\t\telse\n+\t\t\t\trte_memcpy(data_aad, pkt_aad,\n+\t\t\t\t\tdata->aead.iv_update_len);\n+\t\t}\n+\n+\t\trte_memcpy(aad, data->iv_aad_data + data->aead.iv_len,\n+\t\t\t\t\tdata->aead.aad_len);\n+\t}\n+\n+\treturn 0;\n+}\n+\n /**\n * Action profile\n */\n@@ -1591,6 +2027,7 @@ action_valid(enum rte_table_action_type action)\n \tcase RTE_TABLE_ACTION_TTL:\n \tcase RTE_TABLE_ACTION_STATS:\n \tcase RTE_TABLE_ACTION_TIME:\n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n \t\treturn 1;\n \tdefault:\n \t\treturn 0;\n@@ -1610,6 +2047,7 @@ struct ap_config {\n \tstruct rte_table_action_nat_config nat;\n \tstruct rte_table_action_ttl_config ttl;\n \tstruct rte_table_action_stats_config stats;\n+\tstruct rte_table_action_sym_crypto_config sym_crypto;\n };\n \n static size_t\n@@ -1630,6 +2068,8 @@ action_cfg_size(enum rte_table_action_type action)\n \t\treturn sizeof(struct rte_table_action_ttl_config);\n \tcase RTE_TABLE_ACTION_STATS:\n \t\treturn sizeof(struct rte_table_action_stats_config);\n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n+\t\treturn sizeof(struct rte_table_action_sym_crypto_config);\n \tdefault:\n \t\treturn 0;\n \t}\n@@ -1661,6 +2101,8 @@ action_cfg_get(struct ap_config *ap_config,\n \tcase RTE_TABLE_ACTION_STATS:\n \t\treturn &ap_config->stats;\n \n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n+\t\treturn &ap_config->sym_crypto;\n \tdefault:\n \t\treturn NULL;\n \t}\n@@ -1717,6 +2159,9 @@ action_data_size(enum rte_table_action_type action,\n \tcase RTE_TABLE_ACTION_TIME:\n \t\treturn sizeof(struct time_data);\n \n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n+\t\treturn (sizeof(struct sym_crypto_data));\n+\n \tdefault:\n \t\treturn 0;\n \t}\n@@ -1816,6 +2261,10 @@ rte_table_action_profile_action_register(struct rte_table_action_profile *profil\n \t\tstatus = stats_cfg_check(action_config);\n \t\tbreak;\n \n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n+\t\tstatus = sym_crypto_cfg_check(action_config);\n+\t\tbreak;\n+\n \tdefault:\n \t\tstatus = 0;\n \t\tbreak;\n@@ -1965,6 +2414,11 @@ rte_table_action_apply(struct rte_table_action *action,\n \t\treturn time_apply(action_data,\n \t\t\taction_params);\n \n+\tcase RTE_TABLE_ACTION_SYM_CRYPTO:\n+\t\treturn sym_crypto_apply(action_data,\n+\t\t\t\t&action->cfg.sym_crypto,\n+\t\t\t\taction_params);\n+\n \tdefault:\n \t\treturn -EINVAL;\n \t}\n@@ -2217,6 +2671,25 @@ rte_table_action_time_read(struct rte_table_action *action,\n \treturn 0;\n }\n \n+struct rte_cryptodev_sym_session *\n+rte_table_action_crypto_sym_session_get(struct rte_table_action *action,\n+\tvoid *data)\n+{\n+\tstruct sym_crypto_data *sym_crypto_data;\n+\n+\t/* Check input arguments */\n+\tif ((action == NULL) ||\n+\t\t((action->cfg.action_mask &\n+\t\t(1LLU << RTE_TABLE_ACTION_SYM_CRYPTO)) == 0) ||\n+\t\t(data == NULL))\n+\t\treturn NULL;\n+\n+\tsym_crypto_data = action_data_get(data, action,\n+\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n+\n+\treturn sym_crypto_data->session;\n+}\n+\n static __rte_always_inline uint64_t\n pkt_work(struct rte_mbuf *mbuf,\n \tstruct rte_pipeline_table_entry *table_entry,\n@@ -2322,6 +2795,14 @@ pkt_work(struct rte_mbuf *mbuf,\n \t\tpkt_work_time(data, time);\n \t}\n \n+\tif (cfg->action_mask & (1LLU << RTE_TABLE_ACTION_SYM_CRYPTO)) {\n+\t\tvoid *data = action_data_get(table_entry, action,\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n+\n+\t\tdrop_mask |= pkt_work_sym_crypto(mbuf, data, &cfg->sym_crypto,\n+\t\t\t\tip_offset);\n+\t}\n+\n \treturn drop_mask;\n }\n \n@@ -2610,6 +3091,26 @@ pkt4_work(struct rte_mbuf **mbufs,\n \t\tpkt_work_time(data3, time);\n \t}\n \n+\tif (cfg->action_mask & (1LLU << RTE_TABLE_ACTION_SYM_CRYPTO)) {\n+\t\tvoid *data0 = action_data_get(table_entry0, action,\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n+\t\tvoid *data1 = action_data_get(table_entry1, action,\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n+\t\tvoid *data2 = action_data_get(table_entry2, action,\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n+\t\tvoid *data3 = action_data_get(table_entry3, action,\n+\t\t\t\tRTE_TABLE_ACTION_SYM_CRYPTO);\n+\n+\t\tdrop_mask0 |= pkt_work_sym_crypto(mbuf0, data0, &cfg->sym_crypto,\n+\t\t\t\tip_offset);\n+\t\tdrop_mask1 |= pkt_work_sym_crypto(mbuf1, data1, &cfg->sym_crypto,\n+\t\t\t\tip_offset);\n+\t\tdrop_mask2 |= pkt_work_sym_crypto(mbuf2, data2, &cfg->sym_crypto,\n+\t\t\t\tip_offset);\n+\t\tdrop_mask3 |= pkt_work_sym_crypto(mbuf3, data3, &cfg->sym_crypto,\n+\t\t\t\tip_offset);\n+\t}\n+\n \treturn drop_mask0 |\n \t\t(drop_mask1 << 1) |\n \t\t(drop_mask2 << 2) |\ndiff --git a/lib/librte_pipeline/rte_table_action.h b/lib/librte_pipeline/rte_table_action.h\nindex 73b564c14..e8a7b66f8 100644\n--- a/lib/librte_pipeline/rte_table_action.h\n+++ b/lib/librte_pipeline/rte_table_action.h\n@@ -93,6 +93,9 @@ enum rte_table_action_type {\n \n \t/** Timestamp. */\n \tRTE_TABLE_ACTION_TIME,\n+\n+\t/** Crypto. */\n+\tRTE_TABLE_ACTION_SYM_CRYPTO,\n };\n \n /** Common action configuration (per table action profile). */\n@@ -681,6 +684,93 @@ struct rte_table_action_time_params {\n };\n \n /**\n+ * RTE_TABLE_ACTION_CRYPTO\n+ */\n+#ifndef RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX\n+#define RTE_TABLE_ACTION_SYM_CRYPTO_IV_SIZE_MAX\t\t(16)\n+#endif\n+\n+#ifndef RTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX\n+#define RTE_TABLE_ACTION_SYM_CRYPTO_AAD_SIZE_MAX\t(16)\n+#endif\n+\n+#ifndef RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET\n+#define RTE_TABLE_ACTION_SYM_CRYPTO_IV_OFFSET\t\t\t\t\\\n+\t(sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))\n+#endif\n+\n+/** Common action structure to store the data's value, length, and offset */\n+struct rte_table_action_vlo {\n+\tuint8_t *val;\n+\tuint32_t length;\n+\tuint32_t offset;\n+};\n+\n+/** Symmetric crypto action configuration (per table action profile). */\n+struct rte_table_action_sym_crypto_config {\n+\t/** Target Cryptodev ID. */\n+\tuint8_t cryptodev_id;\n+\n+\t/**\n+\t * Offset to rte_crypto_op structure within the input packet buffer.\n+\t * Offset 0 points to the first byte of the MBUF structure.\n+\t */\n+\tuint32_t op_offset;\n+\n+\t/** The mempool for creating cryptodev sessions. */\n+\tstruct rte_mempool *mp_create;\n+\n+\t/** The mempool for initializing cryptodev sessions. */\n+\tstruct rte_mempool *mp_init;\n+};\n+\n+/** Symmetric Crypto action parameters (per table rule). */\n+struct rte_table_action_sym_crypto_params {\n+\n+\t/** Xform pointer contains all relevant information */\n+\tstruct rte_crypto_sym_xform *xform;\n+\n+\t/**\n+\t * Offset within the input packet buffer to the first byte of data\n+\t * to be processed by the crypto unit. Offset 0 points to the first\n+\t * byte of the MBUF structure.\n+\t */\n+\tuint32_t data_offset;\n+\n+\tunion {\n+\t\tstruct {\n+\t\t\t/** Cipher iv data. */\n+\t\t\tstruct rte_table_action_vlo cipher_iv;\n+\n+\t\t\t/** Cipher iv data. */\n+\t\t\tstruct rte_table_action_vlo cipher_iv_update;\n+\n+\t\t\t/** Auth iv data. */\n+\t\t\tstruct rte_table_action_vlo auth_iv;\n+\n+\t\t\t/** Auth iv data. */\n+\t\t\tstruct rte_table_action_vlo auth_iv_update;\n+\n+\t\t} cipher_auth;\n+\n+\t\tstruct {\n+\t\t\t/** AEAD AAD data. */\n+\t\t\tstruct rte_table_action_vlo aad;\n+\n+\t\t\t/** AEAD iv data. */\n+\t\t\tstruct rte_table_action_vlo iv;\n+\n+\t\t\t/** AEAD AAD data. */\n+\t\t\tstruct rte_table_action_vlo aad_update;\n+\n+\t\t\t/** AEAD iv data. */\n+\t\t\tstruct rte_table_action_vlo iv_update;\n+\n+\t\t} aead;\n+\t};\n+};\n+\n+/**\n * Table action profile.\n */\n struct rte_table_action_profile;\n@@ -973,6 +1063,20 @@ rte_table_action_time_read(struct rte_table_action *action,\n \tvoid *data,\n \tuint64_t *timestamp);\n \n+/**\n+ * Table action cryptodev symmetric session get.\n+ *\n+ * @param[in] action\n+ * Handle to table action object (needs to be valid).\n+ * @param[in] data\n+ * Data byte array (typically table rule data) with sym crypto action.\n+ * @return\n+ * The pointer to the session on success, NULL otherwise.\n+ */\n+struct rte_cryptodev_sym_session *__rte_experimental\n+rte_table_action_crypto_sym_session_get(struct rte_table_action *action,\n+\tvoid *data);\n+\n #ifdef __cplusplus\n }\n #endif\n", "prefixes": [ "v2", "1/7" ] }