28 #define EMPTY_STRUCT {0} 29 #define NUM_CRYPTO_MBUFS 16384 41 dcm->cipher_algs[IPSEC_CRYPTO_ALG_##f].name = str; \ 42 dcm->cipher_algs[IPSEC_CRYPTO_ALG_##f].disabled = n_mains; 49 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
50 a->alg = RTE_CRYPTO_CIPHER_NULL;
55 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_CBC_128];
56 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
57 a->alg = RTE_CRYPTO_CIPHER_AES_CBC;
62 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_CBC_192];
63 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
64 a->alg = RTE_CRYPTO_CIPHER_AES_CBC;
69 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_CBC_256];
70 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
71 a->alg = RTE_CRYPTO_CIPHER_AES_CBC;
76 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_CTR_128];
77 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
78 a->alg = RTE_CRYPTO_CIPHER_AES_CTR;
83 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_CTR_192];
84 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
85 a->alg = RTE_CRYPTO_CIPHER_AES_CTR;
90 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_CTR_256];
91 a->
type = RTE_CRYPTO_SYM_XFORM_CIPHER;
92 a->alg = RTE_CRYPTO_CIPHER_AES_CTR;
97 #define AES_GCM_TYPE RTE_CRYPTO_SYM_XFORM_AEAD 98 #define AES_GCM_ALG RTE_CRYPTO_AEAD_AES_GCM 100 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_GCM_128];
108 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_GCM_192];
116 a = &dcm->
cipher_algs[IPSEC_CRYPTO_ALG_AES_GCM_256];
128 dcm->auth_algs[IPSEC_INTEG_ALG_##f].name = str; \ 129 dcm->auth_algs[IPSEC_INTEG_ALG_##f].disabled = n_mains; 134 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_NONE];
135 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
136 a->alg = RTE_CRYPTO_AUTH_NULL;
140 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_MD5_96];
141 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
142 a->alg = RTE_CRYPTO_AUTH_MD5_HMAC;
146 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_SHA1_96];
147 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
148 a->alg = RTE_CRYPTO_AUTH_SHA1_HMAC;
152 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_SHA_256_96];
153 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
154 a->alg = RTE_CRYPTO_AUTH_SHA256_HMAC;
158 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_SHA_256_128];
159 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
160 a->alg = RTE_CRYPTO_AUTH_SHA256_HMAC;
164 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_SHA_384_192];
165 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
166 a->alg = RTE_CRYPTO_AUTH_SHA384_HMAC;
170 a = &dcm->
auth_algs[IPSEC_INTEG_ALG_SHA_512_256];
171 a->
type = RTE_CRYPTO_SYM_XFORM_AUTH;
172 a->alg = RTE_CRYPTO_AUTH_SHA512_HMAC;
199 if (cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
205 if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
206 (alg->
type == RTE_CRYPTO_SYM_XFORM_CIPHER) &&
207 (cap->sym.cipher.algo == alg->
alg) &&
210 if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
211 (alg->
type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
212 (cap->sym.aead.algo == alg->
alg) &&
227 if ((cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC) ||
228 (cap->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH))
234 if ((cap->sym.auth.algo == alg->
alg) &&
252 ASSERT (c->
type == RTE_CRYPTO_SYM_XFORM_AEAD);
254 xform->type = RTE_CRYPTO_SYM_XFORM_AEAD;
255 xform->aead.algo = c->
alg;
257 xform->aead.key.length = c->
key_len;
258 xform->aead.iv.offset =
260 xform->aead.iv.length = 12;
262 xform->aead.aad_length = ipsec_sa_is_set_USE_ESN (sa) ? 12 : 8;
266 xform->aead.op = RTE_CRYPTO_AEAD_OP_ENCRYPT;
268 xform->aead.op = RTE_CRYPTO_AEAD_OP_DECRYPT;
280 ASSERT (c->
type == RTE_CRYPTO_SYM_XFORM_CIPHER);
282 xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER;
283 xform->cipher.algo = c->
alg;
285 xform->cipher.key.length = c->
key_len;
286 xform->cipher.iv.offset =
288 xform->cipher.iv.length = c->
iv_len;
292 xform->cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
294 xform->cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
306 ASSERT (a->
type == RTE_CRYPTO_SYM_XFORM_AUTH);
308 xform->type = RTE_CRYPTO_SYM_XFORM_AUTH;
309 xform->auth.algo = a->
alg;
311 xform->auth.key.length = a->
key_len;
316 xform->auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
318 xform->auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
331 struct rte_crypto_sym_xform cipher_xform = { 0 };
332 struct rte_crypto_sym_xform auth_xform = { 0 };
333 struct rte_crypto_sym_xform *xfs;
334 struct rte_cryptodev_sym_session **s;
340 if ((sa->
crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) |
341 (sa->
crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) |
342 (sa->
crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_256))
354 cipher_xform.next = &auth_xform;
359 auth_xform.next = &cipher_xform;
376 session[0] = rte_cryptodev_sym_session_create (data->
session_h);
388 struct rte_mempool **mp;
393 rte_cryptodev_sym_session_init (res->
dev_id, session[0], xfs, mp[0]);
411 struct rte_mempool *mp = rte_mempool_from_obj (obj);
415 rte_mempool_put (mp, obj);
423 #if RTE_VERSION < RTE_VERSION_NUM(19, 2, 0, 0) 424 return sess->sess_private_data[driver_id];
426 if (unlikely (sess->nb_drivers <= driver_id))
429 return sess->sess_data[driver_id].data;
436 uint8_t driver_id,
void *private_data)
438 #if RTE_VERSION < RTE_VERSION_NUM(19, 2, 0, 0) 439 sess->sess_private_data[driver_id] = private_data;
441 if (unlikely (sess->nb_drivers <= driver_id))
443 sess->sess_data[driver_id].data = private_data;
479 if (rte_mempool_from_obj(s->
session))
481 ret = rte_cryptodev_sym_session_free (s->
session);
500 struct rte_cryptodev_sym_session *s;
514 s = (
struct rte_cryptodev_sym_session *) val[0];
545 if (sa->
integ_alg == IPSEC_INTEG_ALG_NONE)
548 case IPSEC_CRYPTO_ALG_NONE:
549 case IPSEC_CRYPTO_ALG_AES_GCM_128:
550 case IPSEC_CRYPTO_ALG_AES_GCM_192:
551 case IPSEC_CRYPTO_ALG_AES_GCM_256:
560 if (sa->
crypto_alg != IPSEC_CRYPTO_ALG_NONE &&
566 if (sa->
integ_alg != IPSEC_INTEG_ALG_NONE &&
575 const struct rte_cryptodev_capabilities *cap,
582 for (; cap->op != RTE_CRYPTO_OP_TYPE_UNDEFINED; cap++)
585 switch (cap->sym.xform_type)
587 case RTE_CRYPTO_SYM_XFORM_AEAD:
588 case RTE_CRYPTO_SYM_XFORM_CIPHER:
589 inc = cap->sym.cipher.key_size.increment;
591 for (len = cap->sym.cipher.key_size.min;
592 len <= cap->sym.cipher.key_size.max; len += inc)
603 case RTE_CRYPTO_SYM_XFORM_AUTH:
604 inc = cap->sym.auth.digest_size.increment;
606 for (len = cap->sym.auth.digest_size.min;
607 len <= cap->sym.auth.digest_size.max; len += inc)
627 struct rte_cryptodev_config dev_conf = { 0 };
628 struct rte_cryptodev_qp_conf qp_conf = { 0 };
633 dev_conf.socket_id = numa;
634 dev_conf.nb_queue_pairs = n_qp;
636 error_str =
"failed to configure crypto device %u";
637 ret = rte_cryptodev_configure (dev, &dev_conf);
641 error_str =
"failed to setup crypto device %u queue pair %u";
643 for (qp = 0; qp < n_qp; qp++)
645 #if RTE_VERSION < RTE_VERSION_NUM(19, 2, 0, 0) 646 ret = rte_cryptodev_queue_pair_setup (dev, qp, &qp_conf, numa, NULL);
648 ret = rte_cryptodev_queue_pair_setup (dev, qp, &qp_conf, numa);
654 error_str =
"failed to start crypto device %u";
655 if (rte_cryptodev_start (dev))
665 struct rte_cryptodev *cryptodev;
666 struct rte_cryptodev_info info = { 0 };
671 u16 max_res_idx, res_idx, j;
677 for (i = 0; i < rte_cryptodev_count (); i++)
681 cryptodev = &rte_cryptodevs[
i];
682 rte_cryptodev_info_get (i, &info);
685 dev->
name = cryptodev->data->name;
686 dev->
numa = rte_cryptodev_socket_id (i);
688 dev->
max_qp = info.max_nb_queue_pairs;
689 drv_id = info.driver_id;
697 if (!(info.feature_flags & RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING))
706 max_res_idx = dev->
max_qp - 1;
715 for (j = 0; j <= max_res_idx; j++)
752 if (thread_idx < skip_master)
806 void *_arg __attribute__ ((unused)),
807 void *_obj,
unsigned i __attribute__ ((unused)))
809 struct rte_crypto_op *op = _obj;
811 op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
812 op->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
813 op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
814 op->phys_addr = rte_mempool_virt2iova (_obj);
815 op->mempool = mempool;
825 u32 pool_priv_size =
sizeof (
struct rte_crypto_op_pool_private);
826 struct rte_crypto_op_pool_private *priv;
827 struct rte_mempool *mp;
835 pool_name =
format (0,
"crypto_pool_numa%u%c", numa, 0);
850 priv = rte_mempool_get_priv (mp);
851 priv->priv_size = pool_priv_size;
852 priv->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
865 struct rte_mempool *mp;
873 pool_name =
format (0,
"session_h_pool_numa%u%c", numa, 0);
876 elt_size = rte_cryptodev_sym_get_header_session_size ();
878 #if RTE_VERSION < RTE_VERSION_NUM(19, 2, 0, 0) 880 elt_size, 512, 0, NULL, NULL, NULL, NULL, numa, 0);
883 mp = rte_cryptodev_sym_session_pool_create ((
char *) pool_name,
885 elt_size, 512, 0, numa);
903 struct rte_mempool *mp;
917 pool_name =
format (0,
"session_drv%u_pool_numa%u%c", dev->
drv_id, numa, 0);
919 elt_size = rte_cryptodev_sym_get_private_session_size (dev->
id);
922 elt_size, 512, 0, NULL, NULL, NULL, NULL, numa, 0);
1006 for (i = skip_master; i < n_mains; i++)
1008 VLIB_NODE_STATE_POLLING : VLIB_NODE_STATE_DISABLED);
1021 u32 skip_master, n_mains;
1033 "not enough DPDK crypto resources");
1068 "dpdk-esp4-encrypt",
1069 "dpdk-esp4-encrypt-tun",
1070 "dpdk-esp4-decrypt",
1071 "dpdk-esp4-decrypt",
1072 "dpdk-esp6-encrypt",
1073 "dpdk-esp6-encrypt-tun",
1074 "dpdk-esp6-decrypt",
1075 "dpdk-esp6-decrypt",
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
#define vec_foreach_index(var, v)
Iterate over vector indices.
#define hash_set(h, key, value)
#define vlib_log_warn(...)
#define hash_unset(h, key)
#define VLIB_MAIN_LOOP_ENTER_FUNCTION(x)
static u8 cipher_alg_index(const crypto_alg_t *alg)
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
#define foreach_ipsec_crypto_alg
static_always_inline void clib_spinlock_unlock_if_init(clib_spinlock_t *p)
ipsec_integ_alg_t integ_alg
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
static clib_error_t * crypto_create_session_drv_pool(vlib_main_t *vm, crypto_dev_t *dev)
static_always_inline u32 crypto_op_get_priv_offset(void)
#define foreach_ipsec_integ_alg
#define DPDK_CRYPTO_NB_SESS_OBJS
struct rte_cryptodev_sym_session * session
#define vec_validate_aligned(V, I, A)
Make sure vector is long enough for given index (no header, specified alignment)
static void crypto_set_cipher_xform(struct rte_crypto_sym_xform *xform, ipsec_sa_t *sa, u8 is_outbound)
vlib_main_t ** vlib_mains
static clib_error_t * crypto_create_session_h_pool(vlib_main_t *vm, u8 numa)
#define vec_pop(V)
Returns last element of a vector and decrements its length.
static crypto_alg_t * cipher_cap_to_alg(const struct rte_cryptodev_capabilities *cap, u8 key_len)
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
static void clib_spinlock_free(clib_spinlock_t *p)
static clib_error_t * add_del_sa_session(u32 sa_index, u8 is_add)
#define DPDK_CRYPTO_N_QUEUE_DESC
u16 cipher_resource_idx[IPSEC_CRYPTO_N_ALG]
static void algos_init(u32 n_mains)
dpdk_crypto_main_t dpdk_crypto_main
dpdk_config_main_t dpdk_config_main
u32 ipsec_register_esp_backend(vlib_main_t *vm, ipsec_main_t *im, const char *name, const char *esp4_encrypt_node_name, const char *esp4_encrypt_node_tun_name, const char *esp4_decrypt_node_name, const char *esp4_decrypt_tun_node_name, const char *esp6_encrypt_node_name, const char *esp6_encrypt_node_tun_name, const char *esp6_decrypt_node_name, const char *esp6_decrypt_tun_node_name, check_support_cb_t esp_check_support_cb, add_del_sa_sess_cb_t esp_add_del_sa_sess_cb, enable_disable_cb_t enable_disable_cb)
description fragment has unexpected format
int ipsec_select_esp_backend(ipsec_main_t *im, u32 backend_idx)
static clib_error_t * dpdk_ipsec_enable_disable(int is_enable)
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
#define clib_error_return(e, args...)
static void crypto_parse_capabilities(crypto_dev_t *dev, const struct rte_cryptodev_capabilities *cap, u32 n_mains)
#define vec_end(v)
End (last data address) of vector.
static clib_error_t * crypto_dev_conf(u8 dev, u16 n_qp, u8 numa)
static_always_inline void add_session_by_drv_and_sa_idx(struct rte_cryptodev_sym_session *session, crypto_data_t *data, u32 drv_id, u32 sa_idx)
static void crypto_disable(void)
static void clib_spinlock_init(clib_spinlock_t *p)
static void * get_session_private_data(const struct rte_cryptodev_sym_session *sess, uint8_t driver_id)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
crypto_alg_t * cipher_algs
static_always_inline u32 crypto_op_len(void)
static clib_error_t * crypto_create_crypto_op_pool(vlib_main_t *vm, u8 numa)
static u8 auth_alg_index(const crypto_alg_t *alg)
struct rte_mempool ** session_drv
static clib_error_t * dpdk_ipsec_main_init(vlib_main_t *vm)
crypto_session_by_drv_t * session_by_drv_id_and_sa_index
sll srl srl sll sra u16x4 i
#define vec_free(V)
Free vector's memory (no header).
static u64 unix_time_now_nsec(void)
crypto_session_disposal_t * session_disposal
static void crypto_set_aead_xform(struct rte_crypto_sym_xform *xform, ipsec_sa_t *sa, u8 is_outbound)
static void set_session_private_data(struct rte_cryptodev_sym_session *sess, uint8_t driver_id, void *private_data)
vlib_main_t vlib_node_runtime_t * node
u8 data[IPSEC_KEY_MAX_LEN]
#define vec_delete(V, N, M)
Delete N elements starting at element M.
struct rte_mempool * crypto_op
vlib_log_class_t log_default
static clib_error_t * dpdk_crypto_session_disposal(crypto_session_disposal_t *v, u64 ts)
crypto_worker_main_t * workers_main
#define clib_error_report(e)
static void vlib_node_set_state(vlib_main_t *vm, u32 node_index, vlib_node_state_t new_state)
Set node dispatch state.
crypto_resource_t * resource
static vlib_main_t * vlib_get_main(void)
#define vec_elt(v, i)
Get vector value at index i.
static clib_error_t * crypto_create_pools(vlib_main_t *vm)
struct rte_mempool * session_h
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
void crypto_auto_placement(void)
uword * session_by_sa_index
static void crypto_scan_devs(u32 n_mains)
static void crypto_op_init(struct rte_mempool *mempool, void *_arg, void *_obj, unsigned i)
struct rte_crypto_op ** ops
clib_error_t * create_sym_session(struct rte_cryptodev_sym_session **session, u32 sa_idx, crypto_resource_t *res, crypto_worker_main_t *cwm, u8 is_outbound)
enum rte_crypto_sym_xform_type type
ipsec_crypto_alg_t crypto_alg
static vlib_thread_main_t * vlib_get_thread_main()
static u32 vlib_num_workers()
u16 auth_resource_idx[IPSEC_INTEG_N_ALG]
u8 auth_support[IPSEC_INTEG_N_ALG]
#define vec_validate_init_empty_aligned(V, I, INIT, A)
Make sure vector is long enough for given index and initialize empty space (no header, alignment alignment)
#define vec_foreach(var, vec)
Vector iterator.
static_always_inline struct rte_cryptodev_sym_session * get_session_by_drv_and_sa_idx(crypto_data_t *data, u32 drv_id, u32 sa_idx)
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
#define CLIB_CACHE_LINE_BYTES
static_always_inline void clib_spinlock_lock_if_init(clib_spinlock_t *p)
static void crypto_set_auth_xform(struct rte_crypto_sym_xform *xform, ipsec_sa_t *sa, u8 is_outbound)
static clib_error_t * dpdk_ipsec_check_support(ipsec_sa_t *sa)
u8 cipher_support[IPSEC_CRYPTO_N_ALG]
static void clear_and_free_obj(void *obj)
static crypto_alg_t * auth_cap_to_alg(const struct rte_cryptodev_capabilities *cap, u8 trunc_size)
1.8.13