Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/58867/?format=api
{ "id": 58867, "url": "http://patches.dpdk.org/api/patches/58867/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20190906131330.40185-6-roy.fan.zhang@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20190906131330.40185-6-roy.fan.zhang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20190906131330.40185-6-roy.fan.zhang@intel.com", "date": "2019-09-06T13:13:25", "name": "[05/10] crypto/aesni_mb: add rte_security handler", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "8305d828c5170aadd99048ac380e659e1a87dba9", "submitter": { "id": 304, "url": "http://patches.dpdk.org/api/people/304/?format=api", "name": "Fan Zhang", "email": "roy.fan.zhang@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20190906131330.40185-6-roy.fan.zhang@intel.com/mbox/", "series": [ { "id": 6303, "url": "http://patches.dpdk.org/api/series/6303/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=6303", "date": "2019-09-06T13:13:20", "name": "security: add software synchronous crypto process", "version": 1, "mbox": "http://patches.dpdk.org/series/6303/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/58867/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/58867/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id 4CD3C1F3A1;\n\tFri, 6 Sep 2019 15:13:50 +0200 (CEST)", "from mga18.intel.com (mga18.intel.com [134.134.136.126])\n\tby dpdk.org (Postfix) with ESMTP id 0C92E1F384\n\tfor <dev@dpdk.org>; Fri, 6 Sep 2019 15:13:42 +0200 (CEST)", "from fmsmga002.fm.intel.com ([10.253.24.26])\n\tby orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t06 Sep 2019 06:13:42 -0700", "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.136])\n\tby fmsmga002.fm.intel.com with ESMTP; 06 Sep 2019 06:13:40 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.64,473,1559545200\"; d=\"scan'208\";a=\"213140755\"", "From": "Fan Zhang <roy.fan.zhang@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com, declan.doherty@intel.com,\n\takhil.goyal@nxp.com, Fan Zhang <roy.fan.zhang@intel.com>", "Date": "Fri, 6 Sep 2019 14:13:25 +0100", "Message-Id": "<20190906131330.40185-6-roy.fan.zhang@intel.com>", "X-Mailer": "git-send-email 2.14.5", "In-Reply-To": "<20190906131330.40185-1-roy.fan.zhang@intel.com>", "References": "<20190903154046.55992-1-roy.fan.zhang@intel.com>\n\t<20190906131330.40185-1-roy.fan.zhang@intel.com>", "Subject": "[dpdk-dev] [PATCH 05/10] crypto/aesni_mb: add rte_security handler", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "This patch add rte_security support support to AESNI-MB PMD. The PMD now\ninitialize security context instance, create/delete PMD specific security\nsessions, and process crypto workloads in synchronous mode.\n\nSigned-off-by: Fan Zhang <roy.fan.zhang@intel.com>\n---\n drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 291 ++++++++++++++++++++-\n drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 91 ++++++-\n drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 21 +-\n 3 files changed, 398 insertions(+), 5 deletions(-)", "diff": "diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c\nindex b495a9679..68767c04e 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c\n@@ -8,6 +8,8 @@\n #include <rte_hexdump.h>\n #include <rte_cryptodev.h>\n #include <rte_cryptodev_pmd.h>\n+#include <rte_security.h>\n+#include <rte_security_driver.h>\n #include <rte_bus_vdev.h>\n #include <rte_malloc.h>\n #include <rte_cpuflags.h>\n@@ -789,6 +791,167 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,\n \t\t\t(UINT64_MAX - u_src + u_dst + 1);\n }\n \n+union sec_userdata_field {\n+\tint status;\n+\tstruct {\n+\t\tuint16_t is_gen_digest;\n+\t\tuint16_t digest_len;\n+\t};\n+};\n+\n+struct sec_udata_digest_field {\n+\tuint32_t is_digest_gen;\n+\tuint32_t digest_len;\n+};\n+\n+static inline int\n+set_mb_job_params_sec(JOB_AES_HMAC *job, struct aesni_mb_sec_session *sec_sess,\n+\t\tvoid *buf, uint32_t buf_len, void *iv, void *aad, void *digest,\n+\t\tint *status, uint8_t *digest_idx)\n+{\n+\tstruct aesni_mb_session *session = &sec_sess->sess;\n+\tuint32_t cipher_offset = sec_sess->cipher_offset;\n+\tvoid *user_digest = NULL;\n+\tunion sec_userdata_field udata;\n+\n+\tif (unlikely(cipher_offset > buf_len))\n+\t\treturn -EINVAL;\n+\n+\t/* Set crypto operation */\n+\tjob->chain_order = session->chain_order;\n+\n+\t/* Set cipher parameters */\n+\tjob->cipher_direction = session->cipher.direction;\n+\tjob->cipher_mode = session->cipher.mode;\n+\n+\tjob->aes_key_len_in_bytes = session->cipher.key_length_in_bytes;\n+\n+\t/* Set authentication parameters */\n+\tjob->hash_alg = session->auth.algo;\n+\tjob->iv = iv;\n+\n+\tswitch (job->hash_alg) {\n+\tcase AES_XCBC:\n+\t\tjob->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;\n+\t\tjob->u.XCBC._k2 = session->auth.xcbc.k2;\n+\t\tjob->u.XCBC._k3 = session->auth.xcbc.k3;\n+\n+\t\tjob->aes_enc_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.encode;\n+\t\tjob->aes_dec_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.decode;\n+\t\tbreak;\n+\n+\tcase AES_CCM:\n+\t\tjob->u.CCM.aad = (uint8_t *)aad + 18;\n+\t\tjob->u.CCM.aad_len_in_bytes = session->aead.aad_len;\n+\t\tjob->aes_enc_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.encode;\n+\t\tjob->aes_dec_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.decode;\n+\t\tjob->iv++;\n+\t\tbreak;\n+\n+\tcase AES_CMAC:\n+\t\tjob->u.CMAC._key_expanded = session->auth.cmac.expkey;\n+\t\tjob->u.CMAC._skey1 = session->auth.cmac.skey1;\n+\t\tjob->u.CMAC._skey2 = session->auth.cmac.skey2;\n+\t\tjob->aes_enc_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.encode;\n+\t\tjob->aes_dec_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.decode;\n+\t\tbreak;\n+\n+\tcase AES_GMAC:\n+\t\tif (session->cipher.mode == GCM) {\n+\t\t\tjob->u.GCM.aad = aad;\n+\t\t\tjob->u.GCM.aad_len_in_bytes = session->aead.aad_len;\n+\t\t} else {\n+\t\t\t/* For GMAC */\n+\t\t\tjob->u.GCM.aad = aad;\n+\t\t\tjob->u.GCM.aad_len_in_bytes = buf_len;\n+\t\t\tjob->cipher_mode = GCM;\n+\t\t}\n+\t\tjob->aes_enc_key_expanded = &session->cipher.gcm_key;\n+\t\tjob->aes_dec_key_expanded = &session->cipher.gcm_key;\n+\t\tbreak;\n+\n+\tdefault:\n+\t\tjob->u.HMAC._hashed_auth_key_xor_ipad =\n+\t\t\t\tsession->auth.pads.inner;\n+\t\tjob->u.HMAC._hashed_auth_key_xor_opad =\n+\t\t\t\tsession->auth.pads.outer;\n+\n+\t\tif (job->cipher_mode == DES3) {\n+\t\t\tjob->aes_enc_key_expanded =\n+\t\t\t\tsession->cipher.exp_3des_keys.ks_ptr;\n+\t\t\tjob->aes_dec_key_expanded =\n+\t\t\t\tsession->cipher.exp_3des_keys.ks_ptr;\n+\t\t} else {\n+\t\t\tjob->aes_enc_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.encode;\n+\t\t\tjob->aes_dec_key_expanded =\n+\t\t\t\tsession->cipher.expanded_aes_keys.decode;\n+\t\t}\n+\t}\n+\n+\t/* Set digest output location */\n+\tif (job->hash_alg != NULL_HASH &&\n+\t\t\tsession->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) {\n+\t\tjob->auth_tag_output = sec_sess->temp_digests[*digest_idx];\n+\t\t*digest_idx = (*digest_idx + 1) % MAX_JOBS;\n+\n+\t\tudata.is_gen_digest = 0;\n+\t\tudata.digest_len = session->auth.req_digest_len;\n+\t\tuser_digest = (void *)digest;\n+\t} else {\n+\t\tudata.is_gen_digest = 1;\n+\t\tudata.digest_len = session->auth.req_digest_len;\n+\n+\t\tif (session->auth.req_digest_len !=\n+\t\t\t\tsession->auth.gen_digest_len) {\n+\t\t\tjob->auth_tag_output =\n+\t\t\t\t\tsec_sess->temp_digests[*digest_idx];\n+\t\t\t*digest_idx = (*digest_idx + 1) % MAX_JOBS;\n+\n+\t\t\tuser_digest = (void *)digest;\n+\t\t} else\n+\t\t\tjob->auth_tag_output = digest;\n+\n+\t\t/* A bit of hack here, since job structure only supports\n+\t\t * 2 user data fields and we need 4 params to be passed\n+\t\t * (status, direction, digest for verify, and length of\n+\t\t * digest), we set the status value as digest length +\n+\t\t * direction here temporarily to avoid creating longer\n+\t\t * buffer to store all 4 params.\n+\t\t */\n+\t\t*status = udata.status;\n+\t}\n+\t/*\n+\t * Multi-buffer library current only support returning a truncated\n+\t * digest length as specified in the relevant IPsec RFCs\n+\t */\n+\n+\t/* Set digest length */\n+\tjob->auth_tag_output_len_in_bytes = session->auth.gen_digest_len;\n+\n+\t/* Set IV parameters */\n+\tjob->iv_len_in_bytes = session->iv.length;\n+\n+\t/* Data Parameters */\n+\tjob->src = buf;\n+\tjob->dst = buf;\n+\tjob->cipher_start_src_offset_in_bytes = cipher_offset;\n+\tjob->msg_len_to_cipher_in_bytes = buf_len - cipher_offset;\n+\tjob->hash_start_src_offset_in_bytes = 0;\n+\tjob->msg_len_to_hash_in_bytes = buf_len;\n+\n+\tjob->user_data = (void *)status;\n+\tjob->user_data2 = user_digest;\n+\n+\treturn 0;\n+}\n+\n /**\n * Process a crypto operation and complete a JOB_AES_HMAC job structure for\n * submission to the multi buffer library for processing.\n@@ -1081,6 +1244,37 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job)\n \treturn op;\n }\n \n+static inline void\n+post_process_mb_sec_job(JOB_AES_HMAC *job)\n+{\n+\tvoid *user_digest = job->user_data2;\n+\tint *status = job->user_data;\n+\tunion sec_userdata_field udata;\n+\n+\tswitch (job->status) {\n+\tcase STS_COMPLETED:\n+\t\tif (user_digest) {\n+\t\t\tudata.status = *status;\n+\n+\t\t\tif (udata.is_gen_digest) {\n+\t\t\t\t*status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n+\t\t\t\tmemcpy(user_digest, job->auth_tag_output,\n+\t\t\t\t\t\tudata.digest_len);\n+\t\t\t} else {\n+\t\t\t\tverify_digest(job, user_digest,\n+\t\t\t\t\tudata.digest_len, (uint8_t *)status);\n+\n+\t\t\t\tif (*status == RTE_CRYPTO_OP_STATUS_AUTH_FAILED)\n+\t\t\t\t\t*status = -1;\n+\t\t\t}\n+\t\t} else\n+\t\t\t*status = RTE_CRYPTO_OP_STATUS_SUCCESS;\n+\t\tbreak;\n+\tdefault:\n+\t\t*status = RTE_CRYPTO_OP_STATUS_ERROR;\n+\t}\n+}\n+\n /**\n * Process a completed JOB_AES_HMAC job and keep processing jobs until\n * get_completed_job return NULL\n@@ -1117,6 +1311,32 @@ handle_completed_jobs(struct aesni_mb_qp *qp, JOB_AES_HMAC *job,\n \treturn processed_jobs;\n }\n \n+static inline uint32_t\n+handle_completed_sec_jobs(JOB_AES_HMAC *job, MB_MGR *mb_mgr)\n+{\n+\tuint32_t processed = 0;\n+\n+\twhile (job != NULL) {\n+\t\tpost_process_mb_sec_job(job);\n+\t\tjob = IMB_GET_COMPLETED_JOB(mb_mgr);\n+\t\tprocessed++;\n+\t}\n+\n+\treturn processed;\n+}\n+\n+static inline uint32_t\n+flush_mb_sec_mgr(MB_MGR *mb_mgr)\n+{\n+\tJOB_AES_HMAC *job = IMB_FLUSH_JOB(mb_mgr);\n+\tuint32_t processed = 0;\n+\n+\tif (job)\n+\t\tprocessed = handle_completed_sec_jobs(job, mb_mgr);\n+\n+\treturn processed;\n+}\n+\n static inline uint16_t\n flush_mb_mgr(struct aesni_mb_qp *qp, struct rte_crypto_op **ops,\n \t\tuint16_t nb_ops)\n@@ -1220,6 +1440,55 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops,\n \treturn processed_jobs;\n }\n \n+void\n+aesni_mb_sec_crypto_process_bulk(struct rte_security_session *sess,\n+\t\tstruct rte_security_vec buf[], void *iv[], void *aad[],\n+\t\tvoid *digest[], int status[], uint32_t num)\n+{\n+\tstruct aesni_mb_sec_session *sec_sess = sess->sess_private_data;\n+\tJOB_AES_HMAC *job;\n+\tuint8_t digest_idx = sec_sess->digest_idx;\n+\tuint32_t i, processed = 0;\n+\tint ret;\n+\n+\tfor (i = 0; i < num; i++) {\n+\t\tvoid *seg_buf = buf[i].vec[0].iov_base;\n+\t\tuint32_t buf_len = buf[i].vec[0].iov_len;\n+\n+\t\tjob = IMB_GET_NEXT_JOB(sec_sess->mb_mgr);\n+\t\tif (unlikely(job == NULL)) {\n+\t\t\tprocessed += flush_mb_sec_mgr(sec_sess->mb_mgr);\n+\n+\t\t\tjob = IMB_GET_NEXT_JOB(sec_sess->mb_mgr);\n+\t\t\tif (!job)\n+\t\t\t\treturn;\n+\t\t}\n+\n+\t\tret = set_mb_job_params_sec(job, sec_sess, seg_buf, buf_len,\n+\t\t\t\tiv[i], aad[i], digest[i], &status[i],\n+\t\t\t\t&digest_idx);\n+\t\t\t\t/* Submit job to multi-buffer for processing */\n+\t\tif (ret) {\n+\t\t\tprocessed++;\n+\t\t\tstatus[i] = ret;\n+\t\t\tcontinue;\n+\t\t}\n+\n+#ifdef RTE_LIBRTE_PMD_AESNI_MB_DEBUG\n+\t\tjob = IMB_SUBMIT_JOB(sec_sess->mb_mgr);\n+#else\n+\t\tjob = IMB_SUBMIT_JOB_NOCHECK(sec_sess->mb_mgr);\n+#endif\n+\n+\t\tif (job)\n+\t\t\tprocessed += handle_completed_sec_jobs(job,\n+\t\t\t\t\tsec_sess->mb_mgr);\n+\t}\n+\n+\twhile (processed < num)\n+\t\tprocessed += flush_mb_sec_mgr(sec_sess->mb_mgr);\n+}\n+\n static int cryptodev_aesni_mb_remove(struct rte_vdev_device *vdev);\n \n static int\n@@ -1229,8 +1498,10 @@ cryptodev_aesni_mb_create(const char *name,\n {\n \tstruct rte_cryptodev *dev;\n \tstruct aesni_mb_private *internals;\n+\tstruct rte_security_ctx *sec_ctx;\n \tenum aesni_mb_vector_mode vector_mode;\n \tMB_MGR *mb_mgr;\n+\tchar sec_name[RTE_DEV_NAME_MAX_LEN];\n \n \t/* Check CPU for support for AES instruction set */\n \tif (!rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) {\n@@ -1264,7 +1535,8 @@ cryptodev_aesni_mb_create(const char *name,\n \tdev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |\n \t\t\tRTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |\n \t\t\tRTE_CRYPTODEV_FF_CPU_AESNI |\n-\t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;\n+\t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |\n+\t\t\tRTE_CRYPTODEV_FF_SECURITY;\n \n \n \tmb_mgr = alloc_mb_mgr(0);\n@@ -1303,11 +1575,28 @@ cryptodev_aesni_mb_create(const char *name,\n \tAESNI_MB_LOG(INFO, \"IPSec Multi-buffer library version used: %s\\n\",\n \t\t\timb_get_version_str());\n \n+\t/* setup security operations */\n+\tsnprintf(sec_name, sizeof(sec_name) - 1, \"aes_mb_sec_%u\",\n+\t\t\tdev->driver_id);\n+\tsec_ctx = rte_zmalloc_socket(sec_name,\n+\t\t\tsizeof(struct rte_security_ctx),\n+\t\t\tRTE_CACHE_LINE_SIZE, init_params->socket_id);\n+\tif (sec_ctx == NULL) {\n+\t\tAESNI_MB_LOG(ERR, \"memory allocation failed\\n\");\n+\t\tgoto error_exit;\n+\t}\n+\n+\tsec_ctx->device = (void *)dev;\n+\tsec_ctx->ops = rte_aesni_mb_pmd_security_ops;\n+\tdev->security_ctx = sec_ctx;\n+\n \treturn 0;\n \n error_exit:\n \tif (mb_mgr)\n \t\tfree_mb_mgr(mb_mgr);\n+\tif (sec_ctx)\n+\t\trte_free(sec_ctx);\n \n \trte_cryptodev_pmd_destroy(dev);\n \ndiff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c\nindex 8d15b99d4..ca6cea775 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c\n@@ -8,6 +8,7 @@\n #include <rte_common.h>\n #include <rte_malloc.h>\n #include <rte_cryptodev_pmd.h>\n+#include <rte_security_driver.h>\n \n #include \"rte_aesni_mb_pmd_private.h\"\n \n@@ -732,7 +733,8 @@ aesni_mb_pmd_qp_count(struct rte_cryptodev *dev)\n static unsigned\n aesni_mb_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)\n {\n-\treturn sizeof(struct aesni_mb_session);\n+\treturn RTE_ALIGN_CEIL(sizeof(struct aesni_mb_session),\n+\t\t\tRTE_CACHE_LINE_SIZE);\n }\n \n /** Configure a aesni multi-buffer session from a crypto xform chain */\n@@ -810,4 +812,91 @@ struct rte_cryptodev_ops aesni_mb_pmd_ops = {\n \t\t.sym_session_clear\t= aesni_mb_pmd_sym_session_clear\n };\n \n+/** Set session authentication parameters */\n+\n+static int\n+aesni_mb_security_session_create(void *dev,\n+\t\tstruct rte_security_session_conf *conf,\n+\t\tstruct rte_security_session *sess,\n+\t\tstruct rte_mempool *mempool)\n+{\n+\tstruct rte_cryptodev *cdev = dev;\n+\tstruct aesni_mb_private *internals = cdev->data->dev_private;\n+\tstruct aesni_mb_sec_session *sess_priv;\n+\tint ret;\n+\n+\tif (!conf->crypto_xform) {\n+\t\tAESNI_MB_LOG(ERR, \"Invalid security session conf\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (rte_mempool_get(mempool, (void **)(&sess_priv))) {\n+\t\tAESNI_MB_LOG(ERR,\n+\t\t\t\t\"Couldn't get object from session mempool\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tsess_priv->mb_mgr = internals->mb_mgr;\n+\tif (sess_priv->mb_mgr == NULL)\n+\t\treturn -ENOMEM;\n+\n+\tsess_priv->cipher_offset = conf->cpucrypto.cipher_offset;\n+\n+\tret = aesni_mb_set_session_parameters(sess_priv->mb_mgr,\n+\t\t\t&sess_priv->sess, conf->crypto_xform);\n+\tif (ret != 0) {\n+\t\tAESNI_MB_LOG(ERR, \"failed configure session parameters\");\n+\n+\t\trte_mempool_put(mempool, sess_priv);\n+\t}\n+\n+\tsess->sess_private_data = (void *)sess_priv;\n+\n+\treturn ret;\n+}\n+\n+static int\n+aesni_mb_security_session_destroy(void *dev __rte_unused,\n+\t\tstruct rte_security_session *sess)\n+{\n+\tstruct aesni_mb_sec_session *sess_priv =\n+\t\t\tget_sec_session_private_data(sess);\n+\n+\tif (sess_priv) {\n+\t\tstruct rte_mempool *sess_mp = rte_mempool_from_obj(\n+\t\t\t\t(void *)sess_priv);\n+\n+\t\tmemset(sess, 0, sizeof(struct aesni_mb_sec_session));\n+\t\tset_sec_session_private_data(sess, NULL);\n+\n+\t\tif (sess_mp == NULL) {\n+\t\t\tAESNI_MB_LOG(ERR, \"failed fetch session mempool\");\n+\t\t\treturn -EINVAL;\n+\t\t}\n+\n+\t\trte_mempool_put(sess_mp, sess_priv);\n+\t}\n+\n+\treturn 0;\n+}\n+\n+static unsigned int\n+aesni_mb_sec_session_get_size(__rte_unused void *device)\n+{\n+\treturn RTE_ALIGN_CEIL(sizeof(struct aesni_mb_sec_session),\n+\t\t\tRTE_CACHE_LINE_SIZE);\n+}\n+\n+static struct rte_security_ops aesni_mb_security_ops = {\n+\t\t.session_create = aesni_mb_security_session_create,\n+\t\t.session_get_size = aesni_mb_sec_session_get_size,\n+\t\t.session_update = NULL,\n+\t\t.session_stats_get = NULL,\n+\t\t.session_destroy = aesni_mb_security_session_destroy,\n+\t\t.set_pkt_metadata = NULL,\n+\t\t.capabilities_get = NULL,\n+\t\t.process_cpu_crypto_bulk = aesni_mb_sec_crypto_process_bulk,\n+};\n+\n struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops = &aesni_mb_pmd_ops;\n+struct rte_security_ops *rte_aesni_mb_pmd_security_ops = &aesni_mb_security_ops;\ndiff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h\nindex b794d4bc1..d1cf416ab 100644\n--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h\n+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h\n@@ -176,7 +176,6 @@ struct aesni_mb_qp {\n \t */\n } __rte_cache_aligned;\n \n-/** AES-NI multi-buffer private session structure */\n struct aesni_mb_session {\n \tJOB_CHAIN_ORDER chain_order;\n \tstruct {\n@@ -265,16 +264,32 @@ struct aesni_mb_session {\n \t\t/** AAD data length */\n \t\tuint16_t aad_len;\n \t} aead;\n-} __rte_cache_aligned;\n+};\n+\n+/** AES-NI multi-buffer private security session structure */\n+struct aesni_mb_sec_session {\n+\t/**< Unique Queue Pair Name */\n+\tstruct aesni_mb_session sess;\n+\tuint8_t temp_digests[MAX_JOBS][DIGEST_LENGTH_MAX];\n+\tuint16_t digest_idx;\n+\tuint32_t cipher_offset;\n+\tMB_MGR *mb_mgr;\n+};\n \n extern int\n aesni_mb_set_session_parameters(const MB_MGR *mb_mgr,\n \t\tstruct aesni_mb_session *sess,\n \t\tconst struct rte_crypto_sym_xform *xform);\n \n+extern void\n+aesni_mb_sec_crypto_process_bulk(struct rte_security_session *sess,\n+\t\tstruct rte_security_vec buf[], void *iv[], void *aad[],\n+\t\tvoid *digest[], int status[], uint32_t num);\n+\n /** device specific operations function pointer structure */\n extern struct rte_cryptodev_ops *rte_aesni_mb_pmd_ops;\n \n-\n+/** device specific operations function pointer structure for rte_security */\n+extern struct rte_security_ops *rte_aesni_mb_pmd_security_ops;\n \n #endif /* _RTE_AESNI_MB_PMD_PRIVATE_H_ */\n", "prefixes": [ "05/10" ] }